-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: add script to create 0-dns-cert.pem #11579
Conversation
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing.
CI is running on https://ci.nodejs.org/job/node-test-pull-request/6602/ . |
To be the fix of #10228. |
The ci jobs was somehow removed. |
test/fixtures/0-dns/README.md
Outdated
|
||
$ node ./createCert.js | ||
$ openssl x509 -text -in 0-dns-cert.pem | ||
(You can not see evel.example.com in subjectAltName field) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"evil"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
test/fixtures/0-dns/createCert.js
Outdated
|
||
const private_key = fs.readFileSync('./0-dns-key.pem'); | ||
// public key file can be generated from the private key with | ||
// openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can wrap to 80 columns, and the backslash isn't necessary at end of line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
test/fixtures/0-dns/createCert.js
Outdated
const crypto = require('crypto'); | ||
const rfc5280 = require('asn1.js-rfc5280'); | ||
const asn1 = require('asn1.js'); | ||
const BN = asn1.bignum; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sort requires
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
test/fixtures/0-dns/createCert.js
Outdated
@@ -0,0 +1,75 @@ | |||
'use strict'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
js files would be named create-cert.js
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
test/fixtures/0-dns/createCert.js
Outdated
const asn1 = require('asn1.js'); | ||
const BN = asn1.bignum; | ||
|
||
const id_at_commonName = [ 2, 5, 4, 3 ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
inconsistent casing, sometimes snake_case
, sometimes camelCase
, it looks like test/fixtures doesn't get linted
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
id_at_commonName
is named after the ASN.1 notation in RFC5280 which would come from OID name.
test/fixtures/0-dns/createCert.js
Outdated
const subject = PrintStr.encode('evil.example.com', 'der'); | ||
|
||
const tbs = | ||
{ version: 'v3', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this isn't generally how node indents object literals
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
test/fixtures/0-dns/createCert.js
Outdated
|
||
const cert = { | ||
tbsCertificate: tbs, | ||
signatureAlgorithm: { algorithm: sha256WithRSAEncryption, parameters: null_}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lacking
before closing }
here and a couple lines onwards
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
@@ -2,6 +2,8 @@ | |||
const common = require('../common'); | |||
const assert = require('assert'); | |||
|
|||
// check getPeerCertificate can properly handle '\0' for fix CVE-2009-2408 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to have a test description, it should be a capitalized and period terminated sentence.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
Nice use of |
0920c23
to
fd05b71
Compare
I made eslint for $ ./node tools/eslint/bin/eslint.js --rulesdir=tools/eslint-rules test/fixtures/0-dns/create-cert.js --no-ignore
/home/sotsu/github/node/test/fixtures/0-dns/create-cert.js
1:1 error Mandatory module "common" must be loaded required-modules
✖ 1 problem (1 error, 0 warnings) I think it is not necessary for the script in fixtures. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Its still a mixture of snake_case
and camelCase
for vars, but basically LGTM
test/fixtures/0-dns/0-dns-cert.pem
Outdated
Z4CCF58oC4b7MrfFo1LXW8EdSjfK5ejFse6xZe6WNAahi7vDS7RJEyoq3EeZ4+A0 | ||
DvrSjCuretoVAC/U7gUxs467yM3ZCujqZ4OANVQF6knRziTJEF5c1aXOzM563FT3 | ||
ufeH36lO0ImzE+a2g6et3BZDL2PQLmBF3F6clQ== | ||
-----END CERTIFICATE----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing newline
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
camelCase vars are used to follow ASN.1 notation in |
@indutny Please take a look of this if you have time for you are the author of |
I will land this tomorrow if there are no any comments. |
Landed in dacaaa5. Thanks. |
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing. Fixes: #10228 PR-URL: #11579 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing. Fixes: nodejs#10228 PR-URL: nodejs#11579 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing. Fixes: nodejs#10228 PR-URL: nodejs#11579 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing. Fixes: #10228 PR-URL: #11579 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing. Fixes: #10228 PR-URL: #11579 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing. Fixes: nodejs/node#10228 PR-URL: nodejs/node#11579 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
0-dns-cert.pem and 0-dns-key.pem were stored in
test/fixtures/key
directory, but the cert file cannot be created with the openssl
command via Makefile.
make clean
removes them but we could not re-create them.This added a script to create it with using
asn1.js
andasn1.js-rfc5280
and moved them out of key directory and put intotest/fixtures/0-dns
.The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
test, tls
R: @indutny