From 9a43a2b4959be288034ef0c43f638542de2028b8 Mon Sep 17 00:00:00 2001 From: Asher Gomez Date: Mon, 19 Feb 2024 01:30:58 +1100 Subject: feat: `Deno.ConnectTlsOptions.{cert,key}` (#22274) Towards #22197 --- tests/unit/tls_test.ts | 123 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) (limited to 'tests/unit') diff --git a/tests/unit/tls_test.ts b/tests/unit/tls_test.ts index 0ad69d3e4..1ac5e8d98 100644 --- a/tests/unit/tls_test.ts +++ b/tests/unit/tls_test.ts @@ -1174,6 +1174,22 @@ Deno.test( }, ); +Deno.test( + { permissions: { read: true, net: true } }, + async function connectTLSBadCertKey(): Promise { + await assertRejects(async () => { + await Deno.connectTls({ + hostname: "deno.land", + port: 443, + cert: "bad data", + key: await Deno.readTextFile( + "tests/testdata/tls/localhost.key", + ), + }); + }, Deno.errors.InvalidData); + }, +); + Deno.test( { permissions: { read: true, net: true } }, async function connectTLSBadPrivateKey(): Promise { @@ -1190,6 +1206,22 @@ Deno.test( }, ); +Deno.test( + { permissions: { read: true, net: true } }, + async function connectTLSBadKey(): Promise { + await assertRejects(async () => { + await Deno.connectTls({ + hostname: "deno.land", + port: 443, + cert: await Deno.readTextFile( + "tests/testdata/tls/localhost.crt", + ), + key: "bad data", + }); + }, Deno.errors.InvalidData); + }, +); + Deno.test( { permissions: { read: true, net: true } }, async function connectTLSNotPrivateKey(): Promise { @@ -1206,6 +1238,22 @@ Deno.test( }, ); +Deno.test( + { permissions: { read: true, net: true } }, + async function connectTLSNotKey(): Promise { + await assertRejects(async () => { + await Deno.connectTls({ + hostname: "deno.land", + port: 443, + cert: await Deno.readTextFile( + "tests/testdata/tls/localhost.crt", + ), + key: "", + }); + }, Deno.errors.InvalidData); + }, +); + Deno.test( { permissions: { read: true, net: true } }, async function connectWithClientCert() { @@ -1231,6 +1279,81 @@ Deno.test( }, ); +Deno.test( + { permissions: { read: true, net: true } }, + async function connectWithCert() { + // The test_server running on port 4552 responds with 'PASS' if client + // authentication was successful. Try it by running test_server and + // curl --key cli/tests/testdata/tls/localhost.key \ + // --cert cli/tests/testdata/tls/localhost.crt \ + // --cacert cli/tests/testdata/tls/RootCA.crt https://localhost:4552/ + const conn = await Deno.connectTls({ + hostname: "localhost", + port: 4552, + cert: await Deno.readTextFile( + "tests/testdata/tls/localhost.crt", + ), + key: await Deno.readTextFile( + "tests/testdata/tls/localhost.key", + ), + caCerts: [Deno.readTextFileSync("tests/testdata/tls/RootCA.pem")], + }); + const result = decoder.decode(await readAll(conn)); + assertEquals(result, "PASS"); + conn.close(); + }, +); + +Deno.test( + { permissions: { read: true, net: true } }, + async function connectTlsConflictingCertOptions(): Promise { + await assertRejects( + async () => { + await Deno.connectTls({ + hostname: "deno.land", + port: 443, + cert: await Deno.readTextFile( + "tests/testdata/tls/localhost.crt", + ), + certChain: await Deno.readTextFile( + "tests/testdata/tls/localhost.crt", + ), + key: await Deno.readTextFile( + "tests/testdata/tls/localhost.key", + ), + }); + }, + TypeError, + "Cannot specify both `certChain` and `cert`", + ); + }, +); + +Deno.test( + { permissions: { read: true, net: true } }, + async function connectTlsConflictingKeyOptions(): Promise { + await assertRejects( + async () => { + await Deno.connectTls({ + hostname: "deno.land", + port: 443, + cert: await Deno.readTextFile( + "tests/testdata/tls/localhost.crt", + ), + privateKey: await Deno.readTextFile( + "tests/testdata/tls/localhost.crt", + ), + key: await Deno.readTextFile( + "tests/testdata/tls/localhost.key", + ), + }); + }, + TypeError, + "Cannot specify both `privateKey` and `key`", + ); + }, +); + Deno.test( { permissions: { read: true, net: true } }, async function connectTLSCaCerts() { -- cgit v1.2.3