diff --git a/acceptance.sh b/acceptance.sh index 91eea18..8845429 100755 --- a/acceptance.sh +++ b/acceptance.sh @@ -7,5 +7,6 @@ acceptance/tests/testAuthProxy.sh && acceptance/tests/testEnvVars.sh && acceptance/tests/testStrictSSL.sh && acceptance/tests/testCAFile.sh && -acceptance/tests/testCAString.sh && +acceptance/tests/testCAMultiFile.sh && +acceptance/tests/testCAString.sh acceptance/tests/test32.sh diff --git a/acceptance/support/keys/multi-ca.crt b/acceptance/support/keys/multi-ca.crt new file mode 100644 index 0000000..f69e48e --- /dev/null +++ b/acceptance/support/keys/multi-ca.crt @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIEEjCCAvqgAwIBAgIJANSQQyljKhqiMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV +BAYTAlVLMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEeMBwGA1UE +ChMVbm9kZS1zYXVjZS1jb25uZWN0LWNhMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcN +MTcxMDIyMTMyMTUxWhcNNDIxMDIyMTMyMTUxWjBjMQswCQYDVQQGEwJVSzEPMA0G +A1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xHjAcBgNVBAoTFW5vZGUtc2F1 +Y2UtY29ubmVjdC1jYTESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA0nQey37BhKeyg2zhr5i9Wd0/O7FYcQROYjZgjTsx +koPm8WzREqn1YPnVPgS2Qsqg4IqWhEKhGCQeAN7bb9zE5LsWL2ynTfTUuWr1GEyl +3GHKOQsE7nafYVYPqjwZL9RbF0rl0/SJM+ACiXJHK/6nlp5qM17q9r9ukvMfcS5H +ZHc6hIleDhd4ddqinZTZLtVNaT/2fCUaCJooUy2v4UW51aWZK8K+04YiD1o8BBeG +lOjLTew70M9HtzM3tkEr7tTGqgSKfgQKmvSVPi5CoJ27F8CVbj/On/q8PftwrhyV +zvr2RJTz2ryTaH5hIY+qbpVWeMYz1E1abl1POk+brUYWdQIDAQABo4HIMIHFMB0G +A1UdDgQWBBR/5UKbMyYJBLtVLpTvAIFHtCHYcDCBlQYDVR0jBIGNMIGKgBR/5UKb +MyYJBLtVLpTvAIFHtCHYcKFnpGUwYzELMAkGA1UEBhMCVUsxDzANBgNVBAgTBkxv +bmRvbjEPMA0GA1UEBxMGTG9uZG9uMR4wHAYDVQQKExVub2RlLXNhdWNlLWNvbm5l +Y3QtY2ExEjAQBgNVBAMTCWxvY2FsaG9zdIIJANSQQyljKhqiMAwGA1UdEwQFMAMB +Af8wDQYJKoZIhvcNAQEFBQADggEBAMgEhFIvYGncyNUov/BUuIBfSyaNryTc2DH6 ++KHQelc00IobgvUQndb3z2It0cIHJ91+LzklwxJIwzYPm47pfBTzXOb0Xu44ngGn +K1P++mp50SjCK2JaVBU0K5evx92RMj5d2ldp54udSYg1PT/HJBvqBXz+XT/LElDC +Id1yWeaarI/7Z4Qn+rOYlhbamuY2RzQJcCHCBWDafKKQYGE0ZqHJkR+ovnp07JpB +H3qoRgYYAdwdfZ1ydqJvymG6kMZ1JCsdAiJXeRzzI8Q0U/QHAwrqoeFO+HTSHOsC +ulDfH78oUNqN3xOAOEZerX68Kc9unDyuVGDunldUPc62+OH+OuM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEEjCCAvqgAwIBAgIJANSQQyljKhqiMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV +BAYTAlVLMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEeMBwGA1UE +ChMVbm9kZS1zYXVjZS1jb25uZWN0LWNhMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcN +MTcxMDIyMTMyMTUxWhcNNDIxMDIyMTMyMTUxWjBjMQswCQYDVQQGEwJVSzEPMA0G +A1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xHjAcBgNVBAoTFW5vZGUtc2F1 +Y2UtY29ubmVjdC1jYTESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA0nQey37BhKeyg2zhr5i9Wd0/O7FYcQROYjZgjTsx +koPm8WzREqn1YPnVPgS2Qsqg4IqWhEKhGCQeAN7bb9zE5LsWL2ynTfTUuWr1GEyl +3GHKOQsE7nafYVYPqjwZL9RbF0rl0/SJM+ACiXJHK/6nlp5qM17q9r9ukvMfcS5H +ZHc6hIleDhd4ddqinZTZLtVNaT/2fCUaCJooUy2v4UW51aWZK8K+04YiD1o8BBeG +lOjLTew70M9HtzM3tkEr7tTGqgSKfgQKmvSVPi5CoJ27F8CVbj/On/q8PftwrhyV +zvr2RJTz2ryTaH5hIY+qbpVWeMYz1E1abl1POk+brUYWdQIDAQABo4HIMIHFMB0G +A1UdDgQWBBR/5UKbMyYJBLtVLpTvAIFHtCHYcDCBlQYDVR0jBIGNMIGKgBR/5UKb +MyYJBLtVLpTvAIFHtCHYcKFnpGUwYzELMAkGA1UEBhMCVUsxDzANBgNVBAgTBkxv +bmRvbjEPMA0GA1UEBxMGTG9uZG9uMR4wHAYDVQQKExVub2RlLXNhdWNlLWNvbm5l +Y3QtY2ExEjAQBgNVBAMTCWxvY2FsaG9zdIIJANSQQyljKhqiMAwGA1UdEwQFMAMB +Af8wDQYJKoZIhvcNAQEFBQADggEBAMgEhFIvYGncyNUov/BUuIBfSyaNryTc2DH6 ++KHQelc00IobgvUQndb3z2It0cIHJ91+LzklwxJIwzYPm47pfBTzXOb0Xu44ngGn +K1P++mp50SjCK2JaVBU0K5evx92RMj5d2ldp54udSYg1PT/HJBvqBXz+XT/LElDC +Id1yWeaarI/7Z4Qn+rOYlhbamuY2RzQJcCHCBWDafKKQYGE0ZqHJkR+ovnp07JpB +H3qoRgYYAdwdfZ1ydqJvymG6kMZ1JCsdAiJXeRzzI8Q0U/QHAwrqoeFO+HTSHOsC +ulDfH78oUNqN3xOAOEZerX68Kc9unDyuVGDunldUPc62+OH+OuM= +-----END CERTIFICATE----- diff --git a/acceptance/tests/testCAMultiFile.sh b/acceptance/tests/testCAMultiFile.sh new file mode 100755 index 0000000..c4b5cbb --- /dev/null +++ b/acceptance/tests/testCAMultiFile.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +# remove old sauce connect +rm ./lib/sc + +# start proxy in bg +node ./acceptance/support/self-signed-https-server.js & + +SSL_PROXY_PID=$! + +echo "SSL reverse proxy started on 8081 PID: ${SSL_PROXY_PID}" + +export SAUCECONNECT_CDNURL=https://localhost:8081/downloads +npm config set cafile=./acceptance/support/keys/multi-ca.crt + +# install sc +npm install + +unset SAUCECONNECT_CDNURL +npm config rm cafile + +# test +./acceptance/tests/test.sh + +# ps -p Checks if the process is still running. If it is it returns 0, +# otherwise it returns 1 +ps -p $SSL_PROXY_PID > /dev/null +SSL_PROXY_TASK_RUNNING=$? + +# check if the process is still running by examining the exit code of ps -p +CA_FILE_TEST_RESULT=1 + +if [ $SSL_PROXY_TASK_RUNNING -eq 1 ]; then + # not running, so has been hit. + echo "SSL proxy finished, test passed" + CA_FILE_TEST_RESULT=0 +else + echo "SSL proxy not finished, test failed" + kill $SSL_PROXY_PID +fi + +exit $CA_FILE_TEST_RESULT diff --git a/acceptance/tests/testCAString.sh b/acceptance/tests/testCAString.sh index 39ed5d1..19bddd4 100755 --- a/acceptance/tests/testCAString.sh +++ b/acceptance/tests/testCAString.sh @@ -14,7 +14,7 @@ export SAUCECONNECT_CDNURL=https://localhost:8081/downloads CA_STRING=$(awk '{printf "%s\\n", $0}' ./acceptance/support/keys/ca.crt) # write to .npmrc as bash parses newlines -echo ca=$CA_STRING >> .npmrc +echo ca=\"$CA_STRING\" > .npmrc # install sc npm install diff --git a/lib/httpsRequest.js b/lib/httpsRequest.js index 1e5ffae..ef7372d 100644 --- a/lib/httpsRequest.js +++ b/lib/httpsRequest.js @@ -16,23 +16,20 @@ function create(strictSSL, caFile, caString) { } ca = fs.readFileSync(caFile, { encoding: 'utf8' }); + ca = ca.match(/(-----BEGIN CERTIFICATE-----[\S\s]*?-----END CERTIFICATE-----)/g); } else if (ca) { - if (ca.match(/^"[\s\S]*"$/)) { - try { - ca = JSON.parse(ca.trim()); - } catch (e) { - throw new Error('Failed parsing ca string'); - } + try { + ca = JSON.parse(ca.trim()); + } catch (e) { + throw new Error('Failed parsing ca string'); } } if (ca) { - ca = ca.match(/(-----BEGIN CERTIFICATE-----[\S\s]*?-----END CERTIFICATE-----)/g); - options.agentOptions = { ca: ca }; diff --git a/tests/httpsRequest.test.js b/tests/httpsRequest.test.js index 3546331..a2c4bbd 100644 --- a/tests/httpsRequest.test.js +++ b/tests/httpsRequest.test.js @@ -22,7 +22,7 @@ describe('httpsRequest.js', function () { var cert2Newlines = cert2.replace(/\n/g, '\\n'); var cert1Env = '"' + cert1Newlines + '"'; var cert2Env = '"' + cert2Newlines + '"'; - var cert1Cert2Env = '"' + cert1Newlines + '\\n' + cert2Newlines + '"'; + var cert1Cert2Env = '["' + cert1Newlines + '","' + cert2Newlines + '"]'; var cert1Parsed = JSON.parse(cert1Env).trim(); var cert2Parsed = JSON.parse(cert2Env).trim(); @@ -70,10 +70,10 @@ describe('httpsRequest.js', function () { httpsRequest.create('true', '', cert1Env); expect(request.defaults).to.have.been.calledWith({ - ca: [cert1Parsed], + ca: cert1Parsed, strictSSL: true, agentOptions: { - ca: [cert1Parsed] + ca: cert1Parsed } }); @@ -84,10 +84,10 @@ describe('httpsRequest.js', function () { httpsRequest.create('true', '', cert1Env); expect(request.defaults).to.have.been.calledWith({ - ca: [cert1Parsed], + ca: cert1Parsed, strictSSL: true, agentOptions: { - ca: [cert1Parsed] + ca: cert1Parsed } }); @@ -112,10 +112,10 @@ describe('httpsRequest.js', function () { httpsRequest.create('', '', cert1Env); expect(request.defaults).to.have.been.calledWith({ - ca: [cert1Parsed], + ca: cert1Parsed, strictSSL: false, agentOptions: { - ca: [cert1Parsed] + ca: cert1Parsed } }); @@ -155,13 +155,13 @@ describe('httpsRequest.js', function () { it('should give ca param precedence over caFile param', function () { - httpsRequest.create('true', crtFile, cert2); + httpsRequest.create('true', crtFile, cert2Env); expect(request.defaults).to.have.been.calledWith({ - ca: [cert2], + ca: cert2, strictSSL: true, agentOptions: { - ca: [cert2] + ca: cert2 } });