archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
node/test/system-ca/test-native-intermediate-certs.mjs
Tim Jacomb b4c8440109
crypto: add support for intermediate certs in --use-system-ca 
PR-URL: https://github.com/nodejs/node/pull/57164
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
2025-03-05 15:27:26 +00:00

85 lines
2.3 KiB
JavaScript
Raw Permalink Blame History

// Flags: --use-system-ca
import * as common from '../common/index.mjs';
import assert from 'node:assert/strict';
import https from 'node:https';
import fixtures from '../common/fixtures.js';
import { it, beforeEach, afterEach, describe } from 'node:test';
import { once } from 'events';
if (!common.hasCrypto) {
common.skip('requires crypto');
}
// To run this test, the system needs to be configured to trust
// the CA certificate first (which needs an interactive GUI approval, e.g. TouchID):
// see the README.md in this folder for instructions on how to do this.
const handleRequest = (req, res) => {
const path = req.url;
switch (path) {
case '/hello-world':
res.writeHead(200);
res.end('hello world\n');
break;
default:
assert(false, `Unexpected path: ${path}`);
}
};
describe('use-system-ca', function() {
async function setupServer(key, cert) {
const theServer = https.createServer({
key: fixtures.readKey(key),
cert: fixtures.readKey(cert),
}, handleRequest);
theServer.listen(0);
await once(theServer, 'listening');
return theServer;
}
describe('signed with an intermediate CA certificate', () => {
let server;
beforeEach(async function() {
server = await setupServer('leaf-from-intermediate-key.pem', 'leaf-from-intermediate-cert.pem');
});
it('can connect successfully', async function() {
await fetch(`https://localhost:${server.address().port}/hello-world`);
});
afterEach(async function() {
server?.close();
});
});
describe('signed with a trusted intermediate but not trusted root CA certificate', () => {
let server;
beforeEach(async function() {
server = await setupServer(
'non-trusted-leaf-from-intermediate-key.pem',
'non-trusted-leaf-from-intermediate-cert.pem',
);
});
it('can connect successfully', async function() {
try {
await fetch(`https://localhost:${server.address().port}/hello-world`);
} catch (err) {
if (common.isWindows) {
assert.strictEqual(err.cause.code, 'UNABLE_TO_GET_ISSUER_CERT');
} else {
assert.strictEqual(err.cause.code, 'UNABLE_TO_VERIFY_LEAF_SIGNATURE');
}
}
});
afterEach(async function() {
server?.close();
});
});
});
Reference in a new issue View git blame Copy permalink