mirror of
https://github.com/nodejs/node.git
synced 2025-05-01 17:03:34 +00:00
36fb79030e
PR-URL: https://github.com/nodejs/node/pull/42124 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
263 lines
8.9 KiB
JavaScript
263 lines
8.9 KiB
JavaScript
// Flags: --expose-internals
|
|
'use strict';
|
|
const common = require('../common');
|
|
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
const {
|
|
X509Certificate,
|
|
createPrivateKey,
|
|
} = require('crypto');
|
|
|
|
const {
|
|
isX509Certificate
|
|
} = require('internal/crypto/x509');
|
|
|
|
const assert = require('assert');
|
|
const fixtures = require('../common/fixtures');
|
|
const { readFileSync } = require('fs');
|
|
|
|
const cert = readFileSync(fixtures.path('keys', 'agent1-cert.pem'));
|
|
const key = readFileSync(fixtures.path('keys', 'agent1-key.pem'));
|
|
const ca = readFileSync(fixtures.path('keys', 'ca1-cert.pem'));
|
|
|
|
const privateKey = createPrivateKey(key);
|
|
|
|
[1, {}, false, null].forEach((i) => {
|
|
assert.throws(() => new X509Certificate(i), {
|
|
code: 'ERR_INVALID_ARG_TYPE'
|
|
});
|
|
});
|
|
|
|
const subjectCheck = `C=US
|
|
ST=CA
|
|
L=SF
|
|
O=Joyent
|
|
OU=Node.js
|
|
CN=agent1
|
|
emailAddress=ry@tinyclouds.org`;
|
|
|
|
const issuerCheck = `C=US
|
|
ST=CA
|
|
L=SF
|
|
O=Joyent
|
|
OU=Node.js
|
|
CN=ca1
|
|
emailAddress=ry@tinyclouds.org`;
|
|
|
|
let infoAccessCheck = `OCSP - URI:http://ocsp.nodejs.org/
|
|
CA Issuers - URI:http://ca.nodejs.org/ca.cert`;
|
|
if (!common.hasOpenSSL3)
|
|
infoAccessCheck += '\n';
|
|
|
|
const der = Buffer.from(
|
|
'308202d830820241a003020102020900ecc9b856270da9a830' +
|
|
'0d06092a864886f70d01010b0500307a310b30090603550406' +
|
|
'13025553310b300906035504080c024341310b300906035504' +
|
|
'070c025346310f300d060355040a0c064a6f79656e74311030' +
|
|
'0e060355040b0c074e6f64652e6a73310c300a06035504030c' +
|
|
'036361313120301e06092a864886f70d010901161172794074' +
|
|
'696e79636c6f7564732e6f72673020170d3138313131363138' +
|
|
'343232315a180f32323932303833303138343232315a307d31' +
|
|
'0b3009060355040613025553310b300906035504080c024341' +
|
|
'310b300906035504070c025346310f300d060355040a0c064a' +
|
|
'6f79656e743110300e060355040b0c074e6f64652e6a73310f' +
|
|
'300d06035504030c066167656e74313120301e06092a864886' +
|
|
'f70d010901161172794074696e79636c6f7564732e6f726730' +
|
|
'819f300d06092a864886f70d010101050003818d0030818902' +
|
|
'818100ef5440701637e28abb038e5641f828d834c342a9d25e' +
|
|
'dbb86a2bf6fbd809cb8e037a98b71708e001242e4deb54c616' +
|
|
'4885f599dd87a23215745955be20417e33c4d0d1b80c9da3de' +
|
|
'419a2607195d2fb75657b0bbfb5eb7d0bba5122d1b6964c7b5' +
|
|
'70d50b8ec001eeb68dfb584437508f3129928d673b30a3e0bf' +
|
|
'4f50609e63710203010001a361305f305d06082b0601050507' +
|
|
'01010451304f302306082b060105050730018617687474703a' +
|
|
'2f2f6f6373702e6e6f64656a732e6f72672f302806082b0601' +
|
|
'0505073002861c687474703a2f2f63612e6e6f64656a732e6f' +
|
|
'72672f63612e63657274300d06092a864886f70d01010b0500' +
|
|
'038181007acabf1d99e1fb05edbdd54608886dd6c509fc5820' +
|
|
'2be8274f8139b60f8ea219666f7eff9737e92a732b318ef423' +
|
|
'7da94123dcac4f9a28e76fe663b26d42482ac6d66d380bbdfe' +
|
|
'0230083e743e7966671752b82f692e1034e9bfc9d0cd829888' +
|
|
'6c6c996e7c3d231e02ad5399a170b525b74f11d7ed13a7a815' +
|
|
'f4b974253a8d66', 'hex');
|
|
|
|
{
|
|
const x509 = new X509Certificate(cert);
|
|
|
|
assert(isX509Certificate(x509));
|
|
|
|
assert(!x509.ca);
|
|
assert.strictEqual(x509.subject, subjectCheck);
|
|
assert.strictEqual(x509.subjectAltName, undefined);
|
|
assert.strictEqual(x509.issuer, issuerCheck);
|
|
assert.strictEqual(x509.infoAccess, infoAccessCheck);
|
|
assert.strictEqual(x509.validFrom, 'Nov 16 18:42:21 2018 GMT');
|
|
assert.strictEqual(x509.validTo, 'Aug 30 18:42:21 2292 GMT');
|
|
assert.strictEqual(
|
|
x509.fingerprint,
|
|
'D7:FD:F6:42:92:A8:83:51:8E:80:48:62:66:DA:85:C2:EE:A6:A1:CD');
|
|
assert.strictEqual(
|
|
x509.fingerprint256,
|
|
'B0:BE:46:49:B8:29:63:E0:6F:63:C8:8A:57:9C:3F:9B:72:C6:F5:89:E3:0D:' +
|
|
'84:AC:5B:08:9A:20:89:B6:8F:D6'
|
|
);
|
|
assert.strictEqual(
|
|
x509.fingerprint512,
|
|
'D0:05:01:82:2C:D8:09:BE:27:94:E7:83:F1:88:BC:7A:8B:D0:39:97:54:B6:' +
|
|
'D0:B4:46:5B:DE:13:5B:68:86:B6:F2:A8:95:22:D5:6E:8B:35:DA:89:29:CA:' +
|
|
'A3:06:C5:CE:43:C1:7F:2D:7E:5F:44:A5:EE:A3:CB:97:05:A3:E3:68'
|
|
);
|
|
assert.strictEqual(x509.keyUsage, undefined);
|
|
assert.strictEqual(x509.serialNumber, 'ECC9B856270DA9A8');
|
|
|
|
assert.deepStrictEqual(x509.raw, der);
|
|
|
|
assert(x509.publicKey);
|
|
assert.strictEqual(x509.publicKey.type, 'public');
|
|
|
|
assert.strictEqual(x509.toString().replaceAll('\r\n', '\n'),
|
|
cert.toString().replaceAll('\r\n', '\n'));
|
|
assert.strictEqual(x509.toJSON(), x509.toString());
|
|
|
|
assert(x509.checkPrivateKey(privateKey));
|
|
assert.throws(() => x509.checkPrivateKey(x509.publicKey), {
|
|
code: 'ERR_INVALID_ARG_VALUE'
|
|
});
|
|
|
|
assert.strictEqual(x509.checkIP('127.0.0.1'), undefined);
|
|
assert.strictEqual(x509.checkIP('::'), undefined);
|
|
assert.strictEqual(x509.checkHost('agent1'), 'agent1');
|
|
assert.strictEqual(x509.checkHost('agent2'), undefined);
|
|
assert.strictEqual(x509.checkEmail('ry@tinyclouds.org'), 'ry@tinyclouds.org');
|
|
assert.strictEqual(x509.checkEmail('sally@example.com'), undefined);
|
|
assert.throws(() => x509.checkHost('agent\x001'), {
|
|
code: 'ERR_INVALID_ARG_VALUE'
|
|
});
|
|
assert.throws(() => x509.checkIP('[::]'), {
|
|
code: 'ERR_INVALID_ARG_VALUE'
|
|
});
|
|
assert.throws(() => x509.checkEmail('not\x00hing'), {
|
|
code: 'ERR_INVALID_ARG_VALUE'
|
|
});
|
|
|
|
[1, false, null].forEach((i) => {
|
|
assert.throws(() => x509.checkHost('agent1', i), {
|
|
code: 'ERR_INVALID_ARG_TYPE'
|
|
});
|
|
assert.throws(() => x509.checkHost('agent1', { subject: i }), {
|
|
code: 'ERR_INVALID_ARG_TYPE'
|
|
});
|
|
});
|
|
|
|
[
|
|
'wildcards',
|
|
'partialWildcards',
|
|
'multiLabelWildcards',
|
|
'singleLabelSubdomains',
|
|
].forEach((key) => {
|
|
[1, '', null, {}].forEach((i) => {
|
|
assert.throws(() => x509.checkHost('agent1', { [key]: i }), {
|
|
code: 'ERR_INVALID_ARG_TYPE'
|
|
});
|
|
});
|
|
});
|
|
|
|
const ca_cert = new X509Certificate(ca);
|
|
|
|
assert(x509.checkIssued(ca_cert));
|
|
assert(!x509.checkIssued(x509));
|
|
assert(x509.verify(ca_cert.publicKey));
|
|
assert(!x509.verify(x509.publicKey));
|
|
|
|
assert.throws(() => x509.checkIssued({}), {
|
|
code: 'ERR_INVALID_ARG_TYPE'
|
|
});
|
|
assert.throws(() => x509.checkIssued(''), {
|
|
code: 'ERR_INVALID_ARG_TYPE'
|
|
});
|
|
assert.throws(() => x509.verify({}), {
|
|
code: 'ERR_INVALID_ARG_TYPE'
|
|
});
|
|
assert.throws(() => x509.verify(''), {
|
|
code: 'ERR_INVALID_ARG_TYPE'
|
|
});
|
|
assert.throws(() => x509.verify(privateKey), {
|
|
code: 'ERR_INVALID_ARG_VALUE'
|
|
});
|
|
|
|
// X509Certificate can be cloned via MessageChannel/MessagePort
|
|
const mc = new MessageChannel();
|
|
mc.port1.onmessage = common.mustCall(({ data }) => {
|
|
assert(isX509Certificate(data));
|
|
assert.deepStrictEqual(data.raw, x509.raw);
|
|
mc.port1.close();
|
|
});
|
|
mc.port2.postMessage(x509);
|
|
|
|
// Verify that legacy encoding works
|
|
const legacyObjectCheck = {
|
|
subject: Object.assign(Object.create(null), {
|
|
C: 'US',
|
|
ST: 'CA',
|
|
L: 'SF',
|
|
O: 'Joyent',
|
|
OU: 'Node.js',
|
|
CN: 'agent1',
|
|
emailAddress: 'ry@tinyclouds.org',
|
|
}),
|
|
issuer: Object.assign(Object.create(null), {
|
|
C: 'US',
|
|
ST: 'CA',
|
|
L: 'SF',
|
|
O: 'Joyent',
|
|
OU: 'Node.js',
|
|
CN: 'ca1',
|
|
emailAddress: 'ry@tinyclouds.org',
|
|
}),
|
|
infoAccess: Object.assign(Object.create(null), {
|
|
'OCSP - URI': ['http://ocsp.nodejs.org/'],
|
|
'CA Issuers - URI': ['http://ca.nodejs.org/ca.cert']
|
|
}),
|
|
modulus: 'EF5440701637E28ABB038E5641F828D834C342A9D25EDBB86A2BF' +
|
|
'6FBD809CB8E037A98B71708E001242E4DEB54C6164885F599DD87' +
|
|
'A23215745955BE20417E33C4D0D1B80C9DA3DE419A2607195D2FB' +
|
|
'75657B0BBFB5EB7D0BBA5122D1B6964C7B570D50B8EC001EEB68D' +
|
|
'FB584437508F3129928D673B30A3E0BF4F50609E6371',
|
|
bits: 1024,
|
|
exponent: '0x10001',
|
|
valid_from: 'Nov 16 18:42:21 2018 GMT',
|
|
valid_to: 'Aug 30 18:42:21 2292 GMT',
|
|
fingerprint: 'D7:FD:F6:42:92:A8:83:51:8E:80:48:62:66:DA:85:C2:EE:A6:A1:CD',
|
|
fingerprint256:
|
|
'B0:BE:46:49:B8:29:63:E0:6F:63:C8:8A:57:9C:3F:9B:72:' +
|
|
'C6:F5:89:E3:0D:84:AC:5B:08:9A:20:89:B6:8F:D6',
|
|
fingerprint512:
|
|
'D0:05:01:82:2C:D8:09:BE:27:94:E7:83:F1:88:BC:7A:8B:' +
|
|
'D0:39:97:54:B6:D0:B4:46:5B:DE:13:5B:68:86:B6:F2:A8:' +
|
|
'95:22:D5:6E:8B:35:DA:89:29:CA:A3:06:C5:CE:43:C1:7F:' +
|
|
'2D:7E:5F:44:A5:EE:A3:CB:97:05:A3:E3:68',
|
|
serialNumber: 'ECC9B856270DA9A8'
|
|
};
|
|
|
|
const legacyObject = x509.toLegacyObject();
|
|
|
|
assert.deepStrictEqual(legacyObject.raw, x509.raw);
|
|
assert.deepStrictEqual(legacyObject.subject, legacyObjectCheck.subject);
|
|
assert.deepStrictEqual(legacyObject.issuer, legacyObjectCheck.issuer);
|
|
assert.deepStrictEqual(legacyObject.infoAccess, legacyObjectCheck.infoAccess);
|
|
assert.strictEqual(legacyObject.modulus, legacyObjectCheck.modulus);
|
|
assert.strictEqual(legacyObject.bits, legacyObjectCheck.bits);
|
|
assert.strictEqual(legacyObject.exponent, legacyObjectCheck.exponent);
|
|
assert.strictEqual(legacyObject.valid_from, legacyObjectCheck.valid_from);
|
|
assert.strictEqual(legacyObject.valid_to, legacyObjectCheck.valid_to);
|
|
assert.strictEqual(legacyObject.fingerprint, legacyObjectCheck.fingerprint);
|
|
assert.strictEqual(
|
|
legacyObject.fingerprint256,
|
|
legacyObjectCheck.fingerprint256);
|
|
assert.strictEqual(
|
|
legacyObject.serialNumber,
|
|
legacyObjectCheck.serialNumber);
|
|
}
|