Skip to content

Commit 6ce8e1c

Browse files
shazronshazron
authored
fix: add proper self-signed cert tests (with proxy option rejectUnauthorized) (#70)
* chore(dev-deps): update @adobe/aio-lib-test-proxy to v2.1.0
1 parent 458fe01 commit 6ce8e1c

File tree

2 files changed

+107
-47
lines changed

2 files changed

+107
-47
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
"deprecated": false,
2323
"description": "Adobe I/O Lib Core Networking",
2424
"devDependencies": {
25-
"@adobe/aio-lib-test-proxy": "^1.0.0",
25+
"@adobe/aio-lib-test-proxy": "^2.1.0",
2626
"@adobe/eslint-config-aio-lib-config": "^2.0.1",
2727
"babel-runtime": "^6.26.0",
2828
"dotenv": "^16.3.1",

test/proxy.test.js

Lines changed: 106 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -189,14 +189,15 @@ describe('http proxy', () => {
189189
})
190190
})
191191

192-
describe('https proxy', () => {
192+
describe('https proxy (self-signed)', () => {
193193
const protocol = 'https'
194194
let proxyServer, apiServer
195195
const portNotInUse = 3009
196+
const selfSigned = true
196197

197198
describe('no auth', () => {
198199
beforeAll(async () => {
199-
proxyServer = await createHttpsProxy()
200+
proxyServer = await createHttpsProxy({ selfSigned })
200201
apiServer = await createApiServer({ port: 3001, useSsl: true })
201202
})
202203

@@ -212,29 +213,48 @@ describe('https proxy', () => {
212213
const testUrl = `${protocol}://localhost:${apiServerAddress.port}/mirror?${queryString.stringify(queryObject)}`
213214

214215
const proxyUrl = proxyServer.url
215-
const proxyFetch = new ProxyFetch({ proxyUrl, rejectUnauthorized: false })
216-
const response = await proxyFetch.fetch(testUrl)
216+
// IGNORE self-signed cert errors
217+
{
218+
const proxyFetch = new ProxyFetch({ proxyUrl, rejectUnauthorized: false })
219+
const response = await proxyFetch.fetch(testUrl)
217220

218-
const json = await response.json()
219-
expect(json).toStrictEqual(queryObject)
221+
const json = await response.json()
222+
expect(json).toStrictEqual(queryObject)
223+
}
224+
// DO NOT ignore self-signed cert errors
225+
{
226+
const proxyFetch = new ProxyFetch({ proxyUrl, rejectUnauthorized: true })
227+
await expect(async () => {
228+
await proxyFetch.fetch(testUrl)
229+
}).rejects.toThrow('self-signed certificate in certificate chain')
230+
}
220231
})
221232

222-
test('failure', async () => {
233+
test('failure (non-existent port)', async () => {
223234
// connect to non-existent server port
224235
const testUrl = `${protocol}://localhost:${portNotInUse}/mirror/?foo=bar`
225-
226236
const proxyUrl = proxyServer.url
227-
const proxyFetch = new ProxyFetch({ proxyUrl, rejectUnauthorized: false })
228237

229-
const response = await proxyFetch.fetch(testUrl)
230-
expect(response.ok).toEqual(false)
231-
expect(response.status).toEqual(502)
238+
// IGNORE self-signed cert errors
239+
{
240+
const proxyFetch = new ProxyFetch({ proxyUrl, rejectUnauthorized: false })
241+
const response = await proxyFetch.fetch(testUrl)
242+
expect(response.ok).toEqual(false)
243+
expect(response.status).toEqual(502)
244+
}
245+
// DO NOT ignore self-signed cert errors
246+
{
247+
const proxyFetch = new ProxyFetch({ proxyUrl, rejectUnauthorized: true })
248+
await expect(async () => {
249+
await proxyFetch.fetch(testUrl)
250+
}).rejects.toThrow('self-signed certificate in certificate chain')
251+
}
232252
})
233253
})
234254

235255
describe('basic auth', () => {
236256
beforeAll(async () => {
237-
proxyServer = await createHttpsProxy({ useBasicAuth: true })
257+
proxyServer = await createHttpsProxy({ useBasicAuth: true, selfSigned })
238258
apiServer = await createApiServer({ port: 3001, useSsl: true })
239259
})
240260

@@ -253,17 +273,28 @@ describe('https proxy', () => {
253273
'Proxy-Authorization': 'Basic ' + Buffer.from(`${username}:${password}`).toString('base64')
254274
}
255275
const proxyUrl = proxyServer.url
256-
const proxyFetch = new ProxyFetch({ proxyUrl, username, password, rejectUnauthorized: false })
257-
258276
const testUrl = `${protocol}://localhost:${apiServerPort}/mirror?${queryString.stringify(queryObject)}`
259-
const response = await proxyFetch.fetch(testUrl, { headers })
260-
const spy = jest.spyOn(proxyFetch, 'fetch').mockImplementation(() => testUrl)
261-
const pattern = /\b^https\b/
262-
expect(proxyFetch.fetch()).toMatch(new RegExp(pattern))
263-
spy.mockRestore()
264-
expect(response.ok).toEqual(true)
265-
const json = await response.json()
266-
expect(json).toStrictEqual(queryObject)
277+
// IGNORE self-signed cert errors
278+
{
279+
const proxyFetch = new ProxyFetch({ proxyUrl, username, password, rejectUnauthorized: false })
280+
const response = await proxyFetch.fetch(testUrl, { headers })
281+
282+
const spy = jest.spyOn(proxyFetch, 'fetch').mockImplementation(() => testUrl)
283+
const pattern = /\b^https\b/
284+
expect(proxyFetch.fetch()).toMatch(new RegExp(pattern))
285+
spy.mockRestore()
286+
287+
expect(response.ok).toEqual(true)
288+
const json = await response.json()
289+
expect(json).toStrictEqual(queryObject)
290+
}
291+
// DO NOT ignore self-signed cert errors
292+
{
293+
const proxyFetch = new ProxyFetch({ proxyUrl, rejectUnauthorized: true })
294+
await expect(async () => {
295+
await proxyFetch.fetch(testUrl)
296+
}).rejects.toThrow('self-signed certificate in certificate chain')
297+
}
267298
})
268299

269300
test('failure', async () => {
@@ -276,22 +307,33 @@ describe('https proxy', () => {
276307
'Proxy-Authorization': 'Basic ' + Buffer.from(`${username}:${password}`).toString('base64')
277308
}
278309
const proxyUrl = proxyServer.url
279-
const proxyFetch = new ProxyFetch({ proxyUrl, username, password, rejectUnauthorized: false })
280-
281310
const testUrl = `${protocol}://localhost:${apiServerPort}/mirror?${queryString.stringify(queryObject)}`
282-
const response = await proxyFetch.fetch(testUrl, { headers })
283-
const spy = jest.spyOn(proxyFetch, 'fetch').mockImplementation(() => testUrl)
284-
const pattern = /\b^http\b/
285-
expect(proxyFetch.fetch()).not.toMatch(new RegExp(pattern))
286-
spy.mockRestore()
287-
expect(response.ok).toEqual(false)
288-
expect(response.status).toEqual(403)
311+
// IGNORE self-signed cert errors
312+
{
313+
const proxyFetch = new ProxyFetch({ proxyUrl, username, password, rejectUnauthorized: false })
314+
const response = await proxyFetch.fetch(testUrl, { headers })
315+
316+
const spy = jest.spyOn(proxyFetch, 'fetch').mockImplementation(() => testUrl)
317+
const pattern = /\b^http\b/
318+
expect(proxyFetch.fetch()).not.toMatch(new RegExp(pattern))
319+
spy.mockRestore()
320+
321+
expect(response.ok).toEqual(false)
322+
expect(response.status).toEqual(403)
323+
}
324+
// DO NOT ignore self-signed cert errors
325+
{
326+
const proxyFetch = new ProxyFetch({ proxyUrl, rejectUnauthorized: true })
327+
await expect(async () => {
328+
await proxyFetch.fetch(testUrl)
329+
}).rejects.toThrow('self-signed certificate in certificate chain')
330+
}
289331
})
290332
})
291333

292334
describe('HttpExponentialBackoff', () => {
293335
beforeAll(async () => {
294-
proxyServer = await createHttpsProxy()
336+
proxyServer = await createHttpsProxy({ selfSigned })
295337
apiServer = await createApiServer({ port: 3001, useSsl: true })
296338
})
297339

@@ -306,27 +348,45 @@ describe('https proxy', () => {
306348

307349
const testUrl = `${protocol}://localhost:${apiServerPort}/mirror?${queryString.stringify(queryObject)}`
308350
const proxyUrl = proxyServer.url
309-
310351
const fetchRetry = new HttpExponentialBackoff()
311-
const response = await fetchRetry.exponentialBackoff(testUrl, { method: 'GET' }, {
312-
proxy: { proxyUrl, rejectUnauthorized: false }
313-
})
314-
const json = await response.json()
315-
expect(json).toStrictEqual(queryObject)
352+
353+
// IGNORE self-signed cert errors
354+
{
355+
const response = await fetchRetry.exponentialBackoff(testUrl, { method: 'GET' }, {
356+
proxy: { proxyUrl, rejectUnauthorized: false }
357+
})
358+
const json = await response.json()
359+
expect(json).toStrictEqual(queryObject)
360+
}
361+
// DO NOT ignore self-signed cert errors
362+
await expect(async () => {
363+
return fetchRetry.exponentialBackoff(testUrl, { method: 'GET' }, {
364+
proxy: { proxyUrl, rejectUnauthorized: true }
365+
})
366+
}).rejects.toThrow('self-signed certificate in certificate chain')
316367
})
317368

318369
test('failure', async () => {
319370
// connect to non-existent server port
320371
const testUrl = `${protocol}://localhost:3009/mirror/?foo=bar`
321372
const proxyUrl = proxyServer.url
322-
323373
const fetchRetry = new HttpExponentialBackoff()
324-
const response = await fetchRetry.exponentialBackoff(testUrl, { method: 'GET' }, {
325-
proxy: { proxyUrl, rejectUnauthorized: false },
326-
maxRetries: 2
327-
}, [], 0) // retryDelay must be zero for test timings
328-
expect(response.ok).toEqual(false)
329-
expect(response.status).toEqual(502)
374+
375+
// IGNORE self-signed cert errors
376+
{
377+
const response = await fetchRetry.exponentialBackoff(testUrl, { method: 'GET' }, {
378+
proxy: { proxyUrl, rejectUnauthorized: false },
379+
maxRetries: 2
380+
}, [], 0) // retryDelay must be zero for test timings
381+
expect(response.ok).toEqual(false)
382+
expect(response.status).toEqual(502)
383+
}
384+
// DO NOT ignore self-signed cert errors
385+
await expect(async () => {
386+
return fetchRetry.exponentialBackoff(testUrl, { method: 'GET' }, {
387+
proxy: { proxyUrl, rejectUnauthorized: true }
388+
})
389+
}).rejects.toThrow('self-signed certificate in certificate chain')
330390
})
331391
})
332392
})

0 commit comments

Comments
 (0)