11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ciconst common = require('../common'); 31cb0ef41Sopenharmony_ciconst assert = require('assert'); 41cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 51cb0ef41Sopenharmony_ci 61cb0ef41Sopenharmony_ci// Tests that calling disableRenegotiation on a TLSSocket stops renegotiation. 71cb0ef41Sopenharmony_ci 81cb0ef41Sopenharmony_ciif (!common.hasCrypto) 91cb0ef41Sopenharmony_ci common.skip('missing crypto'); 101cb0ef41Sopenharmony_ci 111cb0ef41Sopenharmony_ciconst tls = require('tls'); 121cb0ef41Sopenharmony_ci 131cb0ef41Sopenharmony_ci// Renegotiation as a protocol feature was dropped after TLS1.2. 141cb0ef41Sopenharmony_citls.DEFAULT_MAX_VERSION = 'TLSv1.2'; 151cb0ef41Sopenharmony_ci 161cb0ef41Sopenharmony_ciconst options = { 171cb0ef41Sopenharmony_ci key: fixtures.readKey('agent1-key.pem'), 181cb0ef41Sopenharmony_ci cert: fixtures.readKey('agent1-cert.pem'), 191cb0ef41Sopenharmony_ci}; 201cb0ef41Sopenharmony_ci 211cb0ef41Sopenharmony_ciconst server = tls.Server(options, common.mustCall((socket) => { 221cb0ef41Sopenharmony_ci socket.on('error', common.mustCall((err) => { 231cb0ef41Sopenharmony_ci common.expectsError({ 241cb0ef41Sopenharmony_ci name: 'Error', 251cb0ef41Sopenharmony_ci code: 'ERR_TLS_RENEGOTIATION_DISABLED', 261cb0ef41Sopenharmony_ci message: 'TLS session renegotiation disabled for this socket' 271cb0ef41Sopenharmony_ci })(err); 281cb0ef41Sopenharmony_ci socket.destroy(); 291cb0ef41Sopenharmony_ci server.close(); 301cb0ef41Sopenharmony_ci })); 311cb0ef41Sopenharmony_ci // Disable renegotiation after the first chunk of data received. 321cb0ef41Sopenharmony_ci // Demonstrates that renegotiation works successfully up until 331cb0ef41Sopenharmony_ci // disableRenegotiation is called. 341cb0ef41Sopenharmony_ci socket.on('data', common.mustCall((chunk) => { 351cb0ef41Sopenharmony_ci socket.write(chunk); 361cb0ef41Sopenharmony_ci socket.disableRenegotiation(); 371cb0ef41Sopenharmony_ci })); 381cb0ef41Sopenharmony_ci socket.on('secure', common.mustCall(() => { 391cb0ef41Sopenharmony_ci assert(socket._handle.handshakes < 2, 401cb0ef41Sopenharmony_ci `Too many handshakes [${socket._handle.handshakes}]`); 411cb0ef41Sopenharmony_ci })); 421cb0ef41Sopenharmony_ci})); 431cb0ef41Sopenharmony_ci 441cb0ef41Sopenharmony_ci 451cb0ef41Sopenharmony_ciserver.listen(0, common.mustCall(() => { 461cb0ef41Sopenharmony_ci const port = server.address().port; 471cb0ef41Sopenharmony_ci const options = { 481cb0ef41Sopenharmony_ci rejectUnauthorized: false, 491cb0ef41Sopenharmony_ci port 501cb0ef41Sopenharmony_ci }; 511cb0ef41Sopenharmony_ci const client = tls.connect(options, common.mustCall(() => { 521cb0ef41Sopenharmony_ci 531cb0ef41Sopenharmony_ci assert.throws(() => client.renegotiate(), { 541cb0ef41Sopenharmony_ci code: 'ERR_INVALID_ARG_TYPE', 551cb0ef41Sopenharmony_ci name: 'TypeError', 561cb0ef41Sopenharmony_ci }); 571cb0ef41Sopenharmony_ci 581cb0ef41Sopenharmony_ci assert.throws(() => client.renegotiate(common.mustNotCall()), { 591cb0ef41Sopenharmony_ci code: 'ERR_INVALID_ARG_TYPE', 601cb0ef41Sopenharmony_ci name: 'TypeError', 611cb0ef41Sopenharmony_ci }); 621cb0ef41Sopenharmony_ci 631cb0ef41Sopenharmony_ci assert.throws(() => client.renegotiate({}, false), { 641cb0ef41Sopenharmony_ci code: 'ERR_INVALID_ARG_TYPE', 651cb0ef41Sopenharmony_ci name: 'TypeError', 661cb0ef41Sopenharmony_ci }); 671cb0ef41Sopenharmony_ci 681cb0ef41Sopenharmony_ci assert.throws(() => client.renegotiate({}, null), { 691cb0ef41Sopenharmony_ci code: 'ERR_INVALID_ARG_TYPE', 701cb0ef41Sopenharmony_ci name: 'TypeError', 711cb0ef41Sopenharmony_ci }); 721cb0ef41Sopenharmony_ci 731cb0ef41Sopenharmony_ci 741cb0ef41Sopenharmony_ci // Negotiation is still permitted for this first 751cb0ef41Sopenharmony_ci // attempt. This should succeed. 761cb0ef41Sopenharmony_ci let ok = client.renegotiate(options, common.mustSucceed(() => { 771cb0ef41Sopenharmony_ci // Once renegotiation completes, we write some 781cb0ef41Sopenharmony_ci // data to the socket, which triggers the on 791cb0ef41Sopenharmony_ci // data event on the server. After that data 801cb0ef41Sopenharmony_ci // is received, disableRenegotiation is called. 811cb0ef41Sopenharmony_ci client.write('data', common.mustCall(() => { 821cb0ef41Sopenharmony_ci // This second renegotiation attempt should fail 831cb0ef41Sopenharmony_ci // and the callback should never be invoked. The 841cb0ef41Sopenharmony_ci // server will simply drop the connection after 851cb0ef41Sopenharmony_ci // emitting the error. 861cb0ef41Sopenharmony_ci ok = client.renegotiate(options, common.mustNotCall()); 871cb0ef41Sopenharmony_ci assert.strictEqual(ok, true); 881cb0ef41Sopenharmony_ci })); 891cb0ef41Sopenharmony_ci })); 901cb0ef41Sopenharmony_ci assert.strictEqual(ok, true); 911cb0ef41Sopenharmony_ci client.on('secureConnect', common.mustCall()); 921cb0ef41Sopenharmony_ci client.on('secure', common.mustCall()); 931cb0ef41Sopenharmony_ci })); 941cb0ef41Sopenharmony_ci})); 95