11cb0ef41Sopenharmony_ci// Copyright Joyent, Inc. and other Node contributors.
21cb0ef41Sopenharmony_ci//
31cb0ef41Sopenharmony_ci// Permission is hereby granted, free of charge, to any person obtaining a
41cb0ef41Sopenharmony_ci// copy of this software and associated documentation files (the
51cb0ef41Sopenharmony_ci// "Software"), to deal in the Software without restriction, including
61cb0ef41Sopenharmony_ci// without limitation the rights to use, copy, modify, merge, publish,
71cb0ef41Sopenharmony_ci// distribute, sublicense, and/or sell copies of the Software, and to permit
81cb0ef41Sopenharmony_ci// persons to whom the Software is furnished to do so, subject to the
91cb0ef41Sopenharmony_ci// following conditions:
101cb0ef41Sopenharmony_ci//
111cb0ef41Sopenharmony_ci// The above copyright notice and this permission notice shall be included
121cb0ef41Sopenharmony_ci// in all copies or substantial portions of the Software.
131cb0ef41Sopenharmony_ci//
141cb0ef41Sopenharmony_ci// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
151cb0ef41Sopenharmony_ci// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
161cb0ef41Sopenharmony_ci// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
171cb0ef41Sopenharmony_ci// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
181cb0ef41Sopenharmony_ci// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
191cb0ef41Sopenharmony_ci// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
201cb0ef41Sopenharmony_ci// USE OR OTHER DEALINGS IN THE SOFTWARE.
211cb0ef41Sopenharmony_ci
221cb0ef41Sopenharmony_ci'use strict';
231cb0ef41Sopenharmony_ciconst common = require('../common');
241cb0ef41Sopenharmony_ci
251cb0ef41Sopenharmony_ciif (!common.opensslCli)
261cb0ef41Sopenharmony_ci  common.skip('node compiled without OpenSSL CLI.');
271cb0ef41Sopenharmony_ci
281cb0ef41Sopenharmony_ciif (!common.hasCrypto)
291cb0ef41Sopenharmony_ci  common.skip('missing crypto');
301cb0ef41Sopenharmony_ci
311cb0ef41Sopenharmony_ciconst tmpdir = require('../common/tmpdir');
321cb0ef41Sopenharmony_citmpdir.refresh();
331cb0ef41Sopenharmony_ci
341cb0ef41Sopenharmony_cidoTest();
351cb0ef41Sopenharmony_ci
361cb0ef41Sopenharmony_ci// This test consists of three TLS requests --
371cb0ef41Sopenharmony_ci// * The first one should result in a new connection because we don't have
381cb0ef41Sopenharmony_ci//   a valid session ticket.
391cb0ef41Sopenharmony_ci// * The second one should result in connection resumption because we used
401cb0ef41Sopenharmony_ci//   the session ticket we saved from the first connection.
411cb0ef41Sopenharmony_ci// * The third one should result in a new connection because the ticket
421cb0ef41Sopenharmony_ci//   that we used has expired by now.
431cb0ef41Sopenharmony_ci
441cb0ef41Sopenharmony_cifunction doTest() {
451cb0ef41Sopenharmony_ci  const assert = require('assert');
461cb0ef41Sopenharmony_ci  const tls = require('tls');
471cb0ef41Sopenharmony_ci  const fs = require('fs');
481cb0ef41Sopenharmony_ci  const join = require('path').join;
491cb0ef41Sopenharmony_ci  const fixtures = require('../common/fixtures');
501cb0ef41Sopenharmony_ci  const spawn = require('child_process').spawn;
511cb0ef41Sopenharmony_ci
521cb0ef41Sopenharmony_ci  const SESSION_TIMEOUT = 1;
531cb0ef41Sopenharmony_ci
541cb0ef41Sopenharmony_ci  const key = fixtures.readKey('rsa_private.pem');
551cb0ef41Sopenharmony_ci  const cert = fixtures.readKey('rsa_cert.crt');
561cb0ef41Sopenharmony_ci  const options = {
571cb0ef41Sopenharmony_ci    key: key,
581cb0ef41Sopenharmony_ci    cert: cert,
591cb0ef41Sopenharmony_ci    ca: [cert],
601cb0ef41Sopenharmony_ci    sessionTimeout: SESSION_TIMEOUT,
611cb0ef41Sopenharmony_ci    maxVersion: 'TLSv1.2',
621cb0ef41Sopenharmony_ci  };
631cb0ef41Sopenharmony_ci
641cb0ef41Sopenharmony_ci  // We need to store a sample session ticket in the fixtures directory because
651cb0ef41Sopenharmony_ci  // `s_client` behaves incorrectly if we do not pass in both the `-sess_in`
661cb0ef41Sopenharmony_ci  // and the `-sess_out` flags, and the `-sess_in` argument must point to a
671cb0ef41Sopenharmony_ci  // file containing a proper serialization of a session ticket.
681cb0ef41Sopenharmony_ci  // To avoid a source control diff, we copy the ticket to a temporary file.
691cb0ef41Sopenharmony_ci
701cb0ef41Sopenharmony_ci  const sessionFileName = (function() {
711cb0ef41Sopenharmony_ci    const ticketFileName = 'tls-session-ticket.txt';
721cb0ef41Sopenharmony_ci    const tmpPath = join(tmpdir.path, ticketFileName);
731cb0ef41Sopenharmony_ci    fs.writeFileSync(tmpPath, fixtures.readSync(ticketFileName));
741cb0ef41Sopenharmony_ci    return tmpPath;
751cb0ef41Sopenharmony_ci  }());
761cb0ef41Sopenharmony_ci
771cb0ef41Sopenharmony_ci  // Expects a callback -- cb(connectionType : enum ['New'|'Reused'])
781cb0ef41Sopenharmony_ci
791cb0ef41Sopenharmony_ci  function Client(cb) {
801cb0ef41Sopenharmony_ci    const flags = [
811cb0ef41Sopenharmony_ci      's_client',
821cb0ef41Sopenharmony_ci      '-connect', `localhost:${common.PORT}`,
831cb0ef41Sopenharmony_ci      '-sess_in', sessionFileName,
841cb0ef41Sopenharmony_ci      '-sess_out', sessionFileName,
851cb0ef41Sopenharmony_ci    ];
861cb0ef41Sopenharmony_ci    const client = spawn(common.opensslCli, flags, {
871cb0ef41Sopenharmony_ci      stdio: ['ignore', 'pipe', 'ignore']
881cb0ef41Sopenharmony_ci    });
891cb0ef41Sopenharmony_ci
901cb0ef41Sopenharmony_ci    let clientOutput = '';
911cb0ef41Sopenharmony_ci    client.stdout.on('data', (data) => {
921cb0ef41Sopenharmony_ci      clientOutput += data.toString();
931cb0ef41Sopenharmony_ci    });
941cb0ef41Sopenharmony_ci    client.on('exit', (code) => {
951cb0ef41Sopenharmony_ci      let connectionType;
961cb0ef41Sopenharmony_ci      const grepConnectionType = (line) => {
971cb0ef41Sopenharmony_ci        const matches = line.match(/(New|Reused), /);
981cb0ef41Sopenharmony_ci        if (matches) {
991cb0ef41Sopenharmony_ci          connectionType = matches[1];
1001cb0ef41Sopenharmony_ci          return true;
1011cb0ef41Sopenharmony_ci        }
1021cb0ef41Sopenharmony_ci      };
1031cb0ef41Sopenharmony_ci      const lines = clientOutput.split('\n');
1041cb0ef41Sopenharmony_ci      if (!lines.some(grepConnectionType)) {
1051cb0ef41Sopenharmony_ci        throw new Error('unexpected output from openssl client');
1061cb0ef41Sopenharmony_ci      }
1071cb0ef41Sopenharmony_ci      assert.strictEqual(code, 0);
1081cb0ef41Sopenharmony_ci      cb(connectionType);
1091cb0ef41Sopenharmony_ci    });
1101cb0ef41Sopenharmony_ci  }
1111cb0ef41Sopenharmony_ci
1121cb0ef41Sopenharmony_ci  const server = tls.createServer(options, (cleartext) => {
1131cb0ef41Sopenharmony_ci    cleartext.on('error', (er) => {
1141cb0ef41Sopenharmony_ci      if (er.code !== 'ECONNRESET')
1151cb0ef41Sopenharmony_ci        throw er;
1161cb0ef41Sopenharmony_ci    });
1171cb0ef41Sopenharmony_ci    cleartext.end();
1181cb0ef41Sopenharmony_ci  });
1191cb0ef41Sopenharmony_ci
1201cb0ef41Sopenharmony_ci  server.listen(common.PORT, () => {
1211cb0ef41Sopenharmony_ci    Client((connectionType) => {
1221cb0ef41Sopenharmony_ci      assert.strictEqual(connectionType, 'New');
1231cb0ef41Sopenharmony_ci      Client((connectionType) => {
1241cb0ef41Sopenharmony_ci        assert.strictEqual(connectionType, 'Reused');
1251cb0ef41Sopenharmony_ci        setTimeout(() => {
1261cb0ef41Sopenharmony_ci          Client((connectionType) => {
1271cb0ef41Sopenharmony_ci            assert.strictEqual(connectionType, 'New');
1281cb0ef41Sopenharmony_ci            server.close();
1291cb0ef41Sopenharmony_ci          });
1301cb0ef41Sopenharmony_ci        }, (SESSION_TIMEOUT + 1) * 1000);
1311cb0ef41Sopenharmony_ci      });
1321cb0ef41Sopenharmony_ci    });
1331cb0ef41Sopenharmony_ci  });
1341cb0ef41Sopenharmony_ci}
135