From ace1202227abeeac78db0266a13b451c1792a6ce Mon Sep 17 00:00:00 2001 From: Asher Gomez Date: Wed, 11 Sep 2024 07:55:42 +1000 Subject: BREAKING(net): remove `Deno.ConnectTlsOptions.{certChain,certFile,privateKey}` and `Deno.ListenTlsOptions.certChain,certFile,keyFile}` (#25525) Towards #22079 --- tests/specs/future/runtime_api/main.js | 34 ----- tests/specs/future/runtime_api/main.out | 3 - tests/unit/tls_sni_test.ts | 5 +- tests/unit/tls_test.ts | 259 +------------------------------- tests/unit_node/tls_test.ts | 6 +- 5 files changed, 12 insertions(+), 295 deletions(-) (limited to 'tests') diff --git a/tests/specs/future/runtime_api/main.js b/tests/specs/future/runtime_api/main.js index a6415b3c1..1b6caac5f 100644 --- a/tests/specs/future/runtime_api/main.js +++ b/tests/specs/future/runtime_api/main.js @@ -31,40 +31,6 @@ try { } } -// Note: this could throw with a `Deno.errors.NotFound` error if `keyFile` and -// `certFile` were used. -const conn1 = await Deno.connectTls({ - port: tlsPort, - certFile: "foo", - keyFile: "foo", -}); -conn1.close(); -console.log("Deno.ConnectTlsOptions.(certFile|keyFile) do nothing"); - -// Note: this could throw with a `Deno.errors.InvalidData` error if `certChain` -// and `privateKey` were used. -const conn2 = await Deno.connectTls({ - port: tlsPort, - certChain: "foo", - privateKey: "foo", -}); -conn2.close(); -console.log("Deno.ConnectTlsOptions.(certChain|privateKey) do nothing"); - tlsListener.close(); -// Note: this could throw with a `Deno.errors.NotFound` error if `keyFile` and -// `certFile` were used. -try { - Deno.listenTls({ port: tlsPort, keyFile: "foo", certFile: "foo" }); -} catch (error) { - if ( - error instanceof Deno.errors.InvalidData && - error.message === - "Deno.listenTls requires a key: Error creating TLS certificate" - ) { - console.log("Deno.ListenTlsOptions.(keyFile|certFile) do nothing"); - } -} - self.close(); diff --git a/tests/specs/future/runtime_api/main.out b/tests/specs/future/runtime_api/main.out index f69bd1447..70c62c305 100644 --- a/tests/specs/future/runtime_api/main.out +++ b/tests/specs/future/runtime_api/main.out @@ -2,6 +2,3 @@ window is undefined Deno.Listener.prototype.rid is undefined Deno.TlsListener.prototype.rid is undefined Deno.FsFile constructor is illegal -Deno.ConnectTlsOptions.(certFile|keyFile) do nothing -Deno.ConnectTlsOptions.(certChain|privateKey) do nothing -Deno.ListenTlsOptions.(keyFile|certFile) do nothing diff --git a/tests/unit/tls_sni_test.ts b/tests/unit/tls_sni_test.ts index 404f8016e..a8d51108e 100644 --- a/tests/unit/tls_sni_test.ts +++ b/tests/unit/tls_sni_test.ts @@ -25,9 +25,8 @@ Deno.test( return keys[sni]!; }, }; - const listener = Deno.listenTls( - opts, - ); + // @ts-ignore Trust me + const listener = Deno.listenTls(opts); for ( const server of ["server-1", "server-2", "fail-server-3", "fail-server-4"] diff --git a/tests/unit/tls_test.ts b/tests/unit/tls_test.ts index 6e80c984a..0f6ffc15f 100644 --- a/tests/unit/tls_test.ts +++ b/tests/unit/tls_test.ts @@ -67,112 +67,6 @@ Deno.test( }, ); -Deno.test( - { permissions: { net: true, read: false }, ignore: DENO_FUTURE }, - async function connectTLSCertFileNoReadPerm() { - await assertRejects(async () => { - await Deno.connectTls({ - hostname: "deno.land", - port: 443, - certFile: "tests/testdata/tls/RootCA.crt", - }); - }, Deno.errors.NotCapable); - }, -); - -Deno.test( - { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, - function listenTLSNonExistentCertKeyFiles() { - const options = { - hostname: "localhost", - port: 0, - certFile: "tests/testdata/tls/localhost.crt", - keyFile: "tests/testdata/tls/localhost.key", - }; - - assertThrows(() => { - Deno.listenTls({ - ...options, - certFile: "./non/existent/file", - }); - }, Deno.errors.NotFound); - - assertThrows(() => { - Deno.listenTls({ - ...options, - keyFile: "./non/existent/file", - }); - }, Deno.errors.NotFound); - }, -); - -Deno.test( - { permissions: { net: true, read: false }, ignore: DENO_FUTURE }, - function listenTLSNoReadPerm() { - assertThrows(() => { - Deno.listenTls({ - hostname: "localhost", - port: 0, - certFile: "tests/testdata/tls/localhost.crt", - keyFile: "tests/testdata/tls/localhost.key", - }); - }, Deno.errors.NotCapable); - }, -); - -Deno.test( - { - permissions: { read: true, write: true, net: true }, - ignore: DENO_FUTURE, - }, - function listenTLSEmptyKeyFile() { - const options = { - hostname: "localhost", - port: 0, - certFile: "tests/testdata/tls/localhost.crt", - keyFile: "tests/testdata/tls/localhost.key", - }; - - const testDir = Deno.makeTempDirSync(); - const keyFilename = testDir + "/key.pem"; - Deno.writeFileSync(keyFilename, new Uint8Array([]), { - mode: 0o666, - }); - - assertThrows(() => { - Deno.listenTls({ - ...options, - keyFile: keyFilename, - }); - }, Error); - }, -); - -Deno.test( - { permissions: { read: true, write: true, net: true } }, - function listenTLSEmptyCertFile() { - const options = { - hostname: "localhost", - port: 0, - certFile: "tests/testdata/tls/localhost.crt", - keyFile: "tests/testdata/tls/localhost.key", - }; - - const testDir = Deno.makeTempDirSync(); - const certFilename = testDir + "/cert.crt"; - Deno.writeFileSync(certFilename, new Uint8Array([]), { - mode: 0o666, - }); - - assertThrows(() => { - Deno.listenTls({ - ...options, - certFile: certFilename, - }); - }, Error); - }, -); - Deno.test( { permissions: { net: true } }, async function startTlsWithoutExclusiveAccessToTcpConn() { @@ -1147,22 +1041,6 @@ Deno.test( }, ); -Deno.test( - { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, - async function connectTLSBadClientCertPrivateKey(): Promise { - await assertRejects(async () => { - await Deno.connectTls({ - hostname: "deno.land", - port: 443, - certChain: "bad data", - privateKey: Deno.readTextFileSync( - "tests/testdata/tls/localhost.key", - ), - }); - }, Deno.errors.InvalidData); - }, -); - Deno.test( { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, async function connectTLSBadCertKey(): Promise { @@ -1179,22 +1057,6 @@ Deno.test( }, ); -Deno.test( - { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, - async function connectTLSBadPrivateKey(): Promise { - await assertRejects(async () => { - await Deno.connectTls({ - hostname: "deno.land", - port: 443, - certChain: Deno.readTextFileSync( - "tests/testdata/tls/localhost.crt", - ), - privateKey: "bad data", - }); - }, Deno.errors.InvalidData); - }, -); - Deno.test( { permissions: { read: true, net: true } }, async function connectTLSBadKey(): Promise { @@ -1211,22 +1073,6 @@ Deno.test( }, ); -Deno.test( - { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, - async function connectTLSNotPrivateKey(): Promise { - await assertRejects(async () => { - await Deno.connectTls({ - hostname: "deno.land", - port: 443, - certChain: Deno.readTextFileSync( - "tests/testdata/tls/localhost.crt", - ), - privateKey: "", - }); - }, Deno.errors.InvalidData); - }, -); - Deno.test( { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, async function connectTLSNotKey(): Promise { @@ -1243,31 +1089,6 @@ Deno.test( }, ); -Deno.test( - { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, - async function connectWithClientCert() { - // The test_server running on port 4552 responds with 'PASS' if client - // authentication was successful. Try it by running test_server and - // curl --key tests/testdata/tls/localhost.key \ - // --cert tests/testdata/tls/localhost.crt \ - // --cacert tests/testdata/tls/RootCA.crt https://localhost:4552/ - const conn = await Deno.connectTls({ - hostname: "localhost", - port: 4552, - certChain: Deno.readTextFileSync( - "tests/testdata/tls/localhost.crt", - ), - privateKey: Deno.readTextFileSync( - "tests/testdata/tls/localhost.key", - ), - caCerts: [Deno.readTextFileSync("tests/testdata/tls/RootCA.pem")], - }); - const result = decoder.decode(await readAll(conn)); - assertEquals(result, "PASS"); - conn.close(); - }, -); - Deno.test( { permissions: { read: true, net: true } }, async function connectWithCert() { @@ -1293,56 +1114,6 @@ Deno.test( }, ); -Deno.test( - { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, - async function connectTlsConflictingCertOptions(): Promise { - await assertRejects( - async () => { - await Deno.connectTls({ - hostname: "deno.land", - port: 443, - cert: Deno.readTextFileSync( - "tests/testdata/tls/localhost.crt", - ), - certChain: Deno.readTextFileSync( - "tests/testdata/tls/localhost.crt", - ), - key: Deno.readTextFileSync( - "tests/testdata/tls/localhost.key", - ), - }); - }, - TypeError, - "Cannot specify both `certChain` and `cert`", - ); - }, -); - -Deno.test( - { permissions: { read: true, net: true }, ignore: DENO_FUTURE }, - async function connectTlsConflictingKeyOptions(): Promise { - await assertRejects( - async () => { - await Deno.connectTls({ - hostname: "deno.land", - port: 443, - cert: Deno.readTextFileSync( - "tests/testdata/tls/localhost.crt", - ), - privateKey: Deno.readTextFileSync( - "tests/testdata/tls/localhost.crt", - ), - key: Deno.readTextFileSync( - "tests/testdata/tls/localhost.key", - ), - }); - }, - TypeError, - "Cannot specify both `key` and `privateKey` for `Deno.connectTls`.", - ); - }, -); - Deno.test( { permissions: { read: true, net: true } }, async function connectTLSCaCerts() { @@ -1357,20 +1128,6 @@ Deno.test( }, ); -Deno.test( - { permissions: { read: true, net: true } }, - async function connectTLSCertFile() { - const conn = await Deno.connectTls({ - hostname: "localhost", - port: 4557, - certFile: "tests/testdata/tls/RootCA.pem", - }); - const result = decoder.decode(await readAll(conn)); - assertEquals(result, "PASS"); - conn.close(); - }, -); - Deno.test( { permissions: { read: true, net: true } }, async function startTLSCaCerts() { @@ -1397,7 +1154,7 @@ Deno.test( const connectPromise = Deno.connectTls({ hostname, port, - certFile: "tests/testdata/tls/RootCA.crt", + caCerts: [await Deno.readTextFile("tests/testdata/tls/RootCA.crt")], }); const [conn1, conn2] = await Promise.all([acceptPromise, connectPromise]); listener.close(); @@ -1615,8 +1372,8 @@ Deno.test( Deno.listenTls({ hostname: "localhost", port: 0, - certFile: "tests/testdata/tls/invalid.crt", - keyFile: "tests/testdata/tls/localhost.key", + cert: Deno.readTextFileSync("tests/testdata/tls/invalid.crt"), + key: Deno.readTextFileSync("tests/testdata/tls/localhost.key"), }); }, Deno.errors.InvalidData); }, @@ -1629,21 +1386,21 @@ Deno.test( Deno.listenTls({ hostname: "localhost", port: 0, - certFile: "tests/testdata/tls/localhost.crt", - keyFile: "tests/testdata/tls/invalid.key", + cert: Deno.readTextFileSync("tests/testdata/tls/localhost.crt"), + key: Deno.readTextFileSync("tests/testdata/tls/invalid.key"), }); }, Deno.errors.InvalidData); }, ); Deno.test( - { ignore: DENO_FUTURE, permissions: { net: true, read: true } }, + { permissions: { net: true, read: true } }, function listenTLSEcKey() { const listener = Deno.listenTls({ hostname: "localhost", port: 0, - certFile: "tests/testdata/tls/localhost_ecc.crt", - keyFile: "tests/testdata/tls/localhost_ecc.key", + cert: Deno.readTextFileSync("tests/testdata/tls/localhost_ecc.crt"), + key: Deno.readTextFileSync("tests/testdata/tls/localhost_ecc.key"), }); listener.close(); }, diff --git a/tests/unit_node/tls_test.ts b/tests/unit_node/tls_test.ts index 6033efa31..4ee622a67 100644 --- a/tests/unit_node/tls_test.ts +++ b/tests/unit_node/tls_test.ts @@ -10,10 +10,8 @@ import * as stream from "node:stream"; const tlsTestdataDir = fromFileUrl( new URL("../testdata/tls", import.meta.url), ); -const keyFile = join(tlsTestdataDir, "localhost.key"); -const certFile = join(tlsTestdataDir, "localhost.crt"); -const key = Deno.readTextFileSync(keyFile); -const cert = Deno.readTextFileSync(certFile); +const key = Deno.readTextFileSync(join(tlsTestdataDir, "localhost.key")); +const cert = Deno.readTextFileSync(join(tlsTestdataDir, "localhost.crt")); const rootCaCert = Deno.readTextFileSync(join(tlsTestdataDir, "RootCA.pem")); for ( -- cgit v1.2.3