Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: add script to create 0-dns-cert.pem #11579

Closed
wants to merge 3 commits into from

Conversation

shigeki
Copy link
Contributor

@shigeki shigeki commented Feb 27, 2017

0-dns-cert.pem and 0-dns-key.pem were stored in test/fixtures/key
directory, but the cert file cannot be created with the openssl
command via Makefile. make clean removes them but we could not re-create them.

This added a script to create it with using asn1.js and
asn1.js-rfc5280 and moved them out of key directory and put into
test/fixtures/0-dns.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
Affected core subsystem(s)

test, tls

R: @indutny

0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.
@nodejs-github-bot nodejs-github-bot added the test Issues and PRs related to the tests. label Feb 27, 2017
@shigeki shigeki added the tls Issues and PRs related to the tls subsystem. label Feb 27, 2017
@shigeki
Copy link
Contributor Author

shigeki commented Feb 27, 2017

@shigeki
Copy link
Contributor Author

shigeki commented Feb 27, 2017

To be the fix of #10228.

@shigeki
Copy link
Contributor Author

shigeki commented Feb 28, 2017

The ci jobs was somehow removed.
A new job is https://ci.nodejs.org/job/node-test-pull-request/6623/ and all is green.


$ node ./createCert.js
$ openssl x509 -text -in 0-dns-cert.pem
(You can not see evel.example.com in subjectAltName field)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"evil"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed


const private_key = fs.readFileSync('./0-dns-key.pem');
// public key file can be generated from the private key with
// openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can wrap to 80 columns, and the backslash isn't necessary at end of line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

const crypto = require('crypto');
const rfc5280 = require('asn1.js-rfc5280');
const asn1 = require('asn1.js');
const BN = asn1.bignum;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sort requires

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@@ -0,0 +1,75 @@
'use strict';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

js files would be named create-cert.js

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

const asn1 = require('asn1.js');
const BN = asn1.bignum;

const id_at_commonName = [ 2, 5, 4, 3 ];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

inconsistent casing, sometimes snake_case, sometimes camelCase, it looks like test/fixtures doesn't get linted

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

id_at_commonName is named after the ASN.1 notation in RFC5280 which would come from OID name.

const subject = PrintStr.encode('evil.example.com', 'der');

const tbs =
{ version: 'v3',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this isn't generally how node indents object literals

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed


const cert = {
tbsCertificate: tbs,
signatureAlgorithm: { algorithm: sha256WithRSAEncryption, parameters: null_},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lacking before closing } here and a couple lines onwards

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@@ -2,6 +2,8 @@
const common = require('../common');
const assert = require('assert');

// check getPeerCertificate can properly handle '\0' for fix CVE-2009-2408
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to have a test description, it should be a capitalized and period terminated sentence.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@sam-github
Copy link
Contributor

Nice use of asn1 to craft the cert. I think the js code should follow the same coding conventions we use elswhere, even though test/fixtures seems to be exempted from linting at the moment.

@shigeki shigeki force-pushed the create_0-dns_cert branch from 0920c23 to fd05b71 Compare March 1, 2017 05:22
@shigeki
Copy link
Contributor Author

shigeki commented Mar 1, 2017

I made eslint for test/fixtures/0-dns/create-cert.js and only one error of missing common module appeared.

$ ./node tools/eslint/bin/eslint.js --rulesdir=tools/eslint-rules test/fixtures/0-dns/create-cert.js --no-ignore

/home/sotsu/github/node/test/fixtures/0-dns/create-cert.js
  1:1  error  Mandatory module "common" must be loaded  required-modules

✖ 1 problem (1 error, 0 warnings)

I think it is not necessary for the script in fixtures.

Copy link
Contributor

@sam-github sam-github left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its still a mixture of snake_case and camelCase for vars, but basically LGTM

Z4CCF58oC4b7MrfFo1LXW8EdSjfK5ejFse6xZe6WNAahi7vDS7RJEyoq3EeZ4+A0
DvrSjCuretoVAC/U7gUxs467yM3ZCujqZ4OANVQF6knRziTJEF5c1aXOzM563FT3
ufeH36lO0ImzE+a2g6et3BZDL2PQLmBF3F6clQ==
-----END CERTIFICATE-----
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing newline

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@shigeki
Copy link
Contributor Author

shigeki commented Mar 2, 2017

camelCase vars are used to follow ASN.1 notation in RFC5289 RFC5280.

@shigeki
Copy link
Contributor Author

shigeki commented Mar 2, 2017

@indutny Please take a look of this if you have time for you are the author of asn.1 and asn1.js-rfc5280.

@shigeki
Copy link
Contributor Author

shigeki commented Mar 7, 2017

I will land this tomorrow if there are no any comments.

@shigeki
Copy link
Contributor Author

shigeki commented Mar 10, 2017

Landed in dacaaa5. Thanks.

@shigeki shigeki closed this Mar 10, 2017
shigeki added a commit that referenced this pull request Mar 10, 2017
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: #10228
PR-URL: #11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
italoacasas pushed a commit to italoacasas/node that referenced this pull request Mar 13, 2017
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: nodejs#10228
PR-URL: nodejs#11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
jungx098 pushed a commit to jungx098/node that referenced this pull request Mar 21, 2017
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: nodejs#10228
PR-URL: nodejs#11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
MylesBorins pushed a commit that referenced this pull request Apr 17, 2017
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: #10228
PR-URL: #11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
MylesBorins pushed a commit that referenced this pull request Apr 19, 2017
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: #10228
PR-URL: #11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
@MylesBorins MylesBorins mentioned this pull request Apr 19, 2017
andrew749 pushed a commit to michielbaird/node that referenced this pull request Jul 19, 2017
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: nodejs/node#10228
PR-URL: nodejs/node#11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
test Issues and PRs related to the tests. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants