1// Copyright Joyent, Inc. and other Node contributors.
2//
3// Permission is hereby granted, free of charge, to any person obtaining a
4// copy of this software and associated documentation files (the
5// "Software"), to deal in the Software without restriction, including
6// without limitation the rights to use, copy, modify, merge, publish,
7// distribute, sublicense, and/or sell copies of the Software, and to permit
8// persons to whom the Software is furnished to do so, subject to the
9// following conditions:
10//
11// The above copyright notice and this permission notice shall be included
12// in all copies or substantial portions of the Software.
13//
14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
20// USE OR OTHER DEALINGS IN THE SOFTWARE.
21
22'use strict';
23const common = require('../common');
24if (!common.hasCrypto)
25  common.skip('missing crypto');
26
27const assert = require('assert');
28const tls = require('tls');
29const fixtures = require('../common/fixtures');
30
31const options = {
32  key: fixtures.readKey('rsa_private.pem'),
33  cert: fixtures.readKey('rsa_cert.crt')
34};
35
36const server = tls.createServer(options, function(socket) {
37  socket.pipe(socket);
38  // Pipe already ends... but leaving this here tests .end() after .end().
39  socket.on('end', () => socket.end());
40}).listen(0, common.mustCall(function() {
41  unauthorized();
42}));
43
44function unauthorized() {
45  console.log('connect unauthorized');
46  const socket = tls.connect({
47    port: server.address().port,
48    servername: 'localhost',
49    rejectUnauthorized: false
50  }, common.mustCall(function() {
51    let _data;
52    assert(!socket.authorized);
53    socket.on('data', common.mustCall((data) => {
54      assert.strictEqual(data.toString(), 'ok');
55      _data = data;
56    }));
57    socket.on('end', common.mustCall(() => {
58      assert(_data, 'data failed to echo!');
59    }));
60    socket.on('end', () => rejectUnauthorized());
61  }));
62  socket.once('session', common.mustCall());
63  socket.on('error', common.mustNotCall());
64  socket.end('ok');
65}
66
67function rejectUnauthorized() {
68  console.log('reject unauthorized');
69  const socket = tls.connect(server.address().port, {
70    servername: 'localhost'
71  }, common.mustNotCall());
72  socket.on('data', common.mustNotCall());
73  socket.on('error', common.mustCall(function(err) {
74    rejectUnauthorizedUndefined();
75  }));
76  socket.end('ng');
77}
78
79function rejectUnauthorizedUndefined() {
80  console.log('reject unauthorized undefined');
81  const socket = tls.connect(server.address().port, {
82    servername: 'localhost',
83    rejectUnauthorized: undefined
84  }, common.mustNotCall());
85  socket.on('data', common.mustNotCall());
86  socket.on('error', common.mustCall(function(err) {
87    authorized();
88  }));
89  socket.end('ng');
90}
91
92function authorized() {
93  console.log('connect authorized');
94  const socket = tls.connect(server.address().port, {
95    ca: [fixtures.readKey('rsa_cert.crt')],
96    servername: 'localhost'
97  }, common.mustCall(function() {
98    console.log('... authorized');
99    assert(socket.authorized);
100    socket.on('data', common.mustCall((data) => {
101      assert.strictEqual(data.toString(), 'ok');
102    }));
103    socket.on('end', () => server.close());
104  }));
105  socket.on('error', common.mustNotCall());
106  socket.end('ok');
107}
108