UNPKG

selfsigned/test/tests.js

Version:

5.95 kBJavaScriptView Raw

1var { assert } = require('chai');
2var forge      = require('node-forge');
3var fs         = require('fs');
4var exec       = require('child_process').exec;
5
6describe('generate', function () {
7
var generate = require('../index').generate;
9
it('should work without attrs/options', function (done) {
  var pems = generate();
  assert.ok(!!pems.private, 'has a private key');
  assert.ok(!!pems.fingerprint, 'has fingerprint');
  assert.ok(!!pems.public, 'has a public key');
  assert.ok(!!pems.cert, 'has a certificate');
  assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');
  assert.ok(!pems.clientcert, 'should not include a client cert by default');
  assert.ok(!pems.clientprivate, 'should not include a client private key by default');
  assert.ok(!pems.clientpublic, 'should not include a client public key by default');
20
  var caStore = forge.pki.createCaStore();
  caStore.addCertificate(pems.cert);
  done();
});
25
it('should generate client cert', function (done) {
  var pems = generate(null, {clientCertificate: true});
28
  assert.ok(!!pems.clientcert, 'should include a client cert when requested');
  assert.ok(!!pems.clientprivate, 'should include a client private key when requested');
  assert.ok(!!pems.clientpublic, 'should include a client public key when requested');
  done();
});
34
it('should include pkcs7', function (done) {
  var pems = generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true});
37
  assert.ok(!!pems.pkcs7, 'has a pkcs7');
39
  try {
    fs.unlinkSync('/tmp/tmp.pkcs7');
  } catch (er) {}
43
  fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);
  exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {
    if (err) {
      return done(err);
    }
49
    const errorMessage = stderr.toString();
    if (errorMessage.length) {
      return done(new Error(errorMessage));
    }
54
    const expected = stdout.toString();
    let [ subjectLine,issuerLine, ...cert ] = expected.split(/\r?\n/).filter(c => c);
    cert = cert.filter(c => c);
    assert.match(subjectLine, /subject=\/?CN\s?=\s?contoso.com/i);
    assert.match(issuerLine, /issuer=\/?CN\s?=\s?contoso.com/i);
    assert.strictEqual(
      pems.cert,
      cert.join('\r\n') + '\r\n'
    );
64
    done();
  });
});
68
it('should support sha1 algorithm', function (done) {
  var pems_sha1 = generate(null, { algorithm: 'sha1' });
  assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');
  done();
});
74
it('should support sha256 algorithm', function (done) {
  var pems_sha256 = generate(null, { algorithm: 'sha256' });
  assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');
  done();
});
80
describe('with callback', function () {
  it('should work without attrs/options', function (done) {
    generate(function (err, pems) {
      if (err) done(err);
      assert.ok(!!pems.private, 'has a private key');
      assert.ok(!!pems.public, 'has a public key');
      assert.ok(!!pems.cert, 'has a certificate');
      assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');
      assert.ok(!pems.clientcert, 'should not include a client cert by default');
      assert.ok(!pems.clientprivate, 'should not include a client private key by default');
      assert.ok(!pems.clientpublic, 'should not include a client public key by default');
      done();
    });
  });
95
  it('should generate client cert', function (done) {
    generate(null, {clientCertificate: true}, function (err, pems) {
      if (err) done(err);
      assert.ok(!!pems.clientcert, 'should include a client cert when requested');
      assert.ok(!!pems.clientprivate, 'should include a client private key when requested');
      assert.ok(!!pems.clientpublic, 'should include a client public key when requested');
      done();
    });
  });
105
  it('should include pkcs7', function (done) {
    generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true}, function (err, pems) {
      if (err) done(err);
      assert.ok(!!pems.pkcs7, 'has a pkcs7');
110
      try {
        fs.unlinkSync('/tmp/tmp.pkcs7');
      } catch (er) {}
114
      fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);
      exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {
        if (err) {
          return done(err);
        }
120
        const errorMessage = stderr.toString();
        if (errorMessage.length) {
          return done(new Error(errorMessage));
        }
125
        const expected = stdout.toString();
        let [ subjectLine,issuerLine, ...cert ] = expected.split(/\r?\n/).filter(c => c);
        assert.match(subjectLine, /subject=\/?CN\s?=\s?contoso.com/i);
        assert.match(issuerLine, /issuer=\/?CN\s?=\s?contoso.com/i);
        assert.strictEqual(
          pems.cert,
          cert.join('\r\n') + '\r\n'
        );
134
        done();
      });
    });
  });
139
  it('should support sha1 algorithm', function (done) {
    generate(null, { algorithm: 'sha1' }, function (err, pems_sha1) {
      if (err) done(err);
      assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');
      done();
    });
  });
147
  it('should support sha256 algorithm', function (done) {
    generate(null, { algorithm: 'sha256' }, function (err, pems_sha256) {
      if (err) done(err);
      assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');
      done();
    });
  });
});
156});

1	`var { assert } = require('chai');`
2	`var forge = require('node-forge');`
3	`var fs = require('fs');`
4	`var exec = require('child_process').exec;`
5
6	`describe('generate', function () {`
7
8	`var generate = require('../index').generate;`
9
10	`it('should work without attrs/options', function (done) {`
11	`var pems = generate();`
12	`assert.ok(!!pems.private, 'has a private key');`
13	`assert.ok(!!pems.fingerprint, 'has fingerprint');`
14	`assert.ok(!!pems.public, 'has a public key');`
15	`assert.ok(!!pems.cert, 'has a certificate');`
16	`assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');`
17	`assert.ok(!pems.clientcert, 'should not include a client cert by default');`
18	`assert.ok(!pems.clientprivate, 'should not include a client private key by default');`
19	`assert.ok(!pems.clientpublic, 'should not include a client public key by default');`
20
21	`var caStore = forge.pki.createCaStore();`
22	`caStore.addCertificate(pems.cert);`
23	`done();`
24	`});`
25
26	`it('should generate client cert', function (done) {`
27	`var pems = generate(null, {clientCertificate: true});`
28
29	`assert.ok(!!pems.clientcert, 'should include a client cert when requested');`
30	`assert.ok(!!pems.clientprivate, 'should include a client private key when requested');`
31	`assert.ok(!!pems.clientpublic, 'should include a client public key when requested');`
32	`done();`
33	`});`
34
35	`it('should include pkcs7', function (done) {`
36	`var pems = generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true});`
37
38	`assert.ok(!!pems.pkcs7, 'has a pkcs7');`
39
40	`try {`
41	`fs.unlinkSync('/tmp/tmp.pkcs7');`
42	`} catch (er) {}`
43
44	`fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);`
45	`exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {`
46	`if (err) {`
47	`return done(err);`
48	`}`
49
50	`const errorMessage = stderr.toString();`
51	`if (errorMessage.length) {`
52	`return done(new Error(errorMessage));`
53	`}`
54
55	`const expected = stdout.toString();`
56	`let [ subjectLine,issuerLine, ...cert ] = expected.split(/\r?\n/).filter(c => c);`
57	`cert = cert.filter(c => c);`
58	`assert.match(subjectLine, /subject=\/?CN\s?=\s?contoso.com/i);`
59	`assert.match(issuerLine, /issuer=\/?CN\s?=\s?contoso.com/i);`
60	`assert.strictEqual(`
61	`pems.cert,`
62	`cert.join('\r\n') + '\r\n'`
63	`);`
64
65	`done();`
66	`});`
67	`});`
68
69	`it('should support sha1 algorithm', function (done) {`
70	`var pems_sha1 = generate(null, { algorithm: 'sha1' });`
71	`assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');`
72	`done();`
73	`});`
74
75	`it('should support sha256 algorithm', function (done) {`
76	`var pems_sha256 = generate(null, { algorithm: 'sha256' });`
77	`assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');`
78	`done();`
79	`});`
80
81	`describe('with callback', function () {`
82	`it('should work without attrs/options', function (done) {`
83	`generate(function (err, pems) {`
84	`if (err) done(err);`
85	`assert.ok(!!pems.private, 'has a private key');`
86	`assert.ok(!!pems.public, 'has a public key');`
87	`assert.ok(!!pems.cert, 'has a certificate');`
88	`assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');`
89	`assert.ok(!pems.clientcert, 'should not include a client cert by default');`
90	`assert.ok(!pems.clientprivate, 'should not include a client private key by default');`
91	`assert.ok(!pems.clientpublic, 'should not include a client public key by default');`
92	`done();`
93	`});`
94	`});`
95
96	`it('should generate client cert', function (done) {`
97	`generate(null, {clientCertificate: true}, function (err, pems) {`
98	`if (err) done(err);`
99	`assert.ok(!!pems.clientcert, 'should include a client cert when requested');`
100	`assert.ok(!!pems.clientprivate, 'should include a client private key when requested');`
101	`assert.ok(!!pems.clientpublic, 'should include a client public key when requested');`
102	`done();`
103	`});`
104	`});`
105
106	`it('should include pkcs7', function (done) {`
107	`generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true}, function (err, pems) {`
108	`if (err) done(err);`
109	`assert.ok(!!pems.pkcs7, 'has a pkcs7');`
110
111	`try {`
112	`fs.unlinkSync('/tmp/tmp.pkcs7');`
113	`} catch (er) {}`
114
115	`fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);`
116	`exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {`
117	`if (err) {`
118	`return done(err);`
119	`}`
120
121	`const errorMessage = stderr.toString();`
122	`if (errorMessage.length) {`
123	`return done(new Error(errorMessage));`
124	`}`
125
126	`const expected = stdout.toString();`
127	`let [ subjectLine,issuerLine, ...cert ] = expected.split(/\r?\n/).filter(c => c);`
128	`assert.match(subjectLine, /subject=\/?CN\s?=\s?contoso.com/i);`
129	`assert.match(issuerLine, /issuer=\/?CN\s?=\s?contoso.com/i);`
130	`assert.strictEqual(`
131	`pems.cert,`
132	`cert.join('\r\n') + '\r\n'`
133	`);`
134
135	`done();`
136	`});`
137	`});`
138	`});`
139
140	`it('should support sha1 algorithm', function (done) {`
141	`generate(null, { algorithm: 'sha1' }, function (err, pems_sha1) {`
142	`if (err) done(err);`
143	`assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');`
144	`done();`
145	`});`
146	`});`
147
148	`it('should support sha256 algorithm', function (done) {`
149	`generate(null, { algorithm: 'sha256' }, function (err, pems_sha256) {`
150	`if (err) done(err);`
151	`assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');`
152	`done();`
153	`});`
154	`});`
155	`});`
156	`});`