11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ciconst common = require('../common'); 31cb0ef41Sopenharmony_ciif (!common.hasCrypto) 41cb0ef41Sopenharmony_ci common.skip('missing crypto'); 51cb0ef41Sopenharmony_ci 61cb0ef41Sopenharmony_ciconst assert = require('assert'); 71cb0ef41Sopenharmony_ciconst tls = require('tls'); 81cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 91cb0ef41Sopenharmony_ci 101cb0ef41Sopenharmony_cilet finished = 0; 111cb0ef41Sopenharmony_ci 121cb0ef41Sopenharmony_cifunction loadPEM(n) { 131cb0ef41Sopenharmony_ci return fixtures.readKey(`${n}.pem`); 141cb0ef41Sopenharmony_ci} 151cb0ef41Sopenharmony_ci 161cb0ef41Sopenharmony_ciconst testCases = [ 171cb0ef41Sopenharmony_ci { // agent8 is signed by fake-startcom-root with notBefore of 181cb0ef41Sopenharmony_ci // Oct 20 23:59:59 2016 GMT. It passes StartCom/WoSign check. 191cb0ef41Sopenharmony_ci serverOpts: { 201cb0ef41Sopenharmony_ci key: loadPEM('agent8-key'), 211cb0ef41Sopenharmony_ci cert: loadPEM('agent8-cert') 221cb0ef41Sopenharmony_ci }, 231cb0ef41Sopenharmony_ci clientOpts: { 241cb0ef41Sopenharmony_ci ca: loadPEM('fake-startcom-root-cert'), 251cb0ef41Sopenharmony_ci port: undefined, 261cb0ef41Sopenharmony_ci rejectUnauthorized: true 271cb0ef41Sopenharmony_ci }, 281cb0ef41Sopenharmony_ci errorCode: 'CERT_REVOKED' 291cb0ef41Sopenharmony_ci }, 301cb0ef41Sopenharmony_ci { // agent9 is signed by fake-startcom-root with notBefore of 311cb0ef41Sopenharmony_ci // Oct 21 00:00:01 2016 GMT. It fails StartCom/WoSign check. 321cb0ef41Sopenharmony_ci serverOpts: { 331cb0ef41Sopenharmony_ci key: loadPEM('agent9-key'), 341cb0ef41Sopenharmony_ci cert: loadPEM('agent9-cert') 351cb0ef41Sopenharmony_ci }, 361cb0ef41Sopenharmony_ci clientOpts: { 371cb0ef41Sopenharmony_ci ca: loadPEM('fake-startcom-root-cert'), 381cb0ef41Sopenharmony_ci port: undefined, 391cb0ef41Sopenharmony_ci rejectUnauthorized: true 401cb0ef41Sopenharmony_ci }, 411cb0ef41Sopenharmony_ci errorCode: 'CERT_REVOKED' 421cb0ef41Sopenharmony_ci }, 431cb0ef41Sopenharmony_ci]; 441cb0ef41Sopenharmony_ci 451cb0ef41Sopenharmony_ci 461cb0ef41Sopenharmony_cifunction runNextTest(server, tindex) { 471cb0ef41Sopenharmony_ci server.close(function() { 481cb0ef41Sopenharmony_ci finished++; 491cb0ef41Sopenharmony_ci runTest(tindex + 1); 501cb0ef41Sopenharmony_ci }); 511cb0ef41Sopenharmony_ci} 521cb0ef41Sopenharmony_ci 531cb0ef41Sopenharmony_ci 541cb0ef41Sopenharmony_cifunction runTest(tindex) { 551cb0ef41Sopenharmony_ci const tcase = testCases[tindex]; 561cb0ef41Sopenharmony_ci 571cb0ef41Sopenharmony_ci if (!tcase) return; 581cb0ef41Sopenharmony_ci 591cb0ef41Sopenharmony_ci const server = tls.createServer(tcase.serverOpts, function(s) { 601cb0ef41Sopenharmony_ci s.resume(); 611cb0ef41Sopenharmony_ci }).listen(0, function() { 621cb0ef41Sopenharmony_ci tcase.clientOpts.port = this.address().port; 631cb0ef41Sopenharmony_ci const client = tls.connect(tcase.clientOpts); 641cb0ef41Sopenharmony_ci client.on('error', function(e) { 651cb0ef41Sopenharmony_ci assert.strictEqual(e.code, tcase.errorCode); 661cb0ef41Sopenharmony_ci runNextTest(server, tindex); 671cb0ef41Sopenharmony_ci }); 681cb0ef41Sopenharmony_ci 691cb0ef41Sopenharmony_ci client.on('secureConnect', function() { 701cb0ef41Sopenharmony_ci // agent8 can pass StartCom/WoSign check so that the secureConnect 711cb0ef41Sopenharmony_ci // is established. 721cb0ef41Sopenharmony_ci assert.strictEqual(tcase.errorCode, 'CERT_REVOKED'); 731cb0ef41Sopenharmony_ci client.end(); 741cb0ef41Sopenharmony_ci runNextTest(server, tindex); 751cb0ef41Sopenharmony_ci }); 761cb0ef41Sopenharmony_ci }); 771cb0ef41Sopenharmony_ci} 781cb0ef41Sopenharmony_ci 791cb0ef41Sopenharmony_ci 801cb0ef41Sopenharmony_cirunTest(0); 811cb0ef41Sopenharmony_ci 821cb0ef41Sopenharmony_ciprocess.on('exit', function() { 831cb0ef41Sopenharmony_ci assert.strictEqual(finished, testCases.length); 841cb0ef41Sopenharmony_ci}); 85