ASWI - Pokročilé softwarové inženýrství » ASWI 2020 » Webová aplikace simulující kontingenční tabulku (CIV) - VLDC

var assert  = require('assert');

var forge   = require('node-forge');

var fs      = require('fs');

var exec    = require('child_process').exec;

describe('generate', function () {

  var generate = require('../index').generate;

  it('should work without attrs/options', function (done) {

    var pems = generate();

    assert.ok(!!pems.private, 'has a private key');

    assert.ok(!!pems.fingerprint, 'has fingerprint');

    assert.ok(!!pems.public, 'has a public key');

    assert.ok(!!pems.cert, 'has a certificate');

    assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');

    assert.ok(!pems.clientcert, 'should not include a client cert by default');

    assert.ok(!pems.clientprivate, 'should not include a client private key by default');

    assert.ok(!pems.clientpublic, 'should not include a client public key by default');

    var caStore = forge.pki.createCaStore();

    caStore.addCertificate(pems.cert);

    done();

  });

  it('should generate client cert', function (done) {

    var pems = generate(null, {clientCertificate: true});

    assert.ok(!!pems.clientcert, 'should include a client cert when requested');

    assert.ok(!!pems.clientprivate, 'should include a client private key when requested');

    assert.ok(!!pems.clientpublic, 'should include a client public key when requested');

    done();

  });

  it('should include pkcs7', function (done) {

    var pems = generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true});

    assert.ok(!!pems.pkcs7, 'has a pkcs7');

    try {

      fs.unlinkSync('/tmp/tmp.pkcs7');

    } catch (er) {}

    fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);

    exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {

      if (err) {

        return done(err);

      }

      const errorMessage = stderr.toString();

      if (errorMessage.length) {

        return done(new Error(errorMessage));

      }

      const expected = stdout.toString().replace(/\n/g, '\r\n'); //node-forge uses \r\n

      assert.equal(

        `subject=/CN=contoso.com\r\nissuer=/CN=contoso.com\r\n` +

          pems.cert +

          '\r\n',

        expected

      );

      done();

    });

  });

  it('should support sha1 algorithm', function (done) {

    var pems_sha1 = generate(null, { algorithm: 'sha1' });

    assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');

    done();

  });

  it('should support sha256 algorithm', function (done) {

    var pems_sha256 = generate(null, { algorithm: 'sha256' });

    assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');

    done();

  });

  describe('with callback', function () {

    it('should work without attrs/options', function (done) {

      generate(function (err, pems) {

        if (err) done(err);

        assert.ok(!!pems.private, 'has a private key');

        assert.ok(!!pems.public, 'has a public key');

        assert.ok(!!pems.cert, 'has a certificate');

        assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');

        assert.ok(!pems.clientcert, 'should not include a client cert by default');

        assert.ok(!pems.clientprivate, 'should not include a client private key by default');

        assert.ok(!pems.clientpublic, 'should not include a client public key by default');

        done();

      });

    });

    it('should generate client cert', function (done) {

      generate(null, {clientCertificate: true}, function (err, pems) {

        if (err) done(err);

        assert.ok(!!pems.clientcert, 'should include a client cert when requested');

        assert.ok(!!pems.clientprivate, 'should include a client private key when requested');

        assert.ok(!!pems.clientpublic, 'should include a client public key when requested');

        done();

      });

    });

    it('should include pkcs7', function (done) {

      generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true}, function (err, pems) {

        if (err) done(err);

        assert.ok(!!pems.pkcs7, 'has a pkcs7');

        try {

          fs.unlinkSync('/tmp/tmp.pkcs7');

        } catch (er) {}

        fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);

        exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {

          if (err) {

            return done(err);

          }

          const errorMessage = stderr.toString();

          if (errorMessage.length) {

            return done(new Error(errorMessage));

          }

          const expected = stdout.toString().replace(/\n/g, '\r\n'); //node-forge uses \r\n

          assert.equal(

            `subject=/CN=contoso.com\r\nissuer=/CN=contoso.com\r\n` +

              pems.cert +

              '\r\n',

            expected

          );

          done();

        });

      });

    });

    it('should support sha1 algorithm', function (done) {

      generate(null, { algorithm: 'sha1' }, function (err, pems_sha1) {

        if (err) done(err);

        assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');

        done();

      });

    });

    it('should support sha256 algorithm', function (done) {

      generate(null, { algorithm: 'sha256' }, function (err, pems_sha256) {

        if (err) done(err);

        assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');

        done();

      });

    });

  });

});