cherry-pick(#31973): chore: run client-certificate tests in service mode

mxschmitt · mxschmitt · commit fca1fa0b95a3 · 2024-08-05T14:43:44.000+02:00
diff --git a/packages/playwright-core/src/server/fetch.ts b/packages/playwright-core/src/server/fetch.ts
@@ -17,7 +17,6 @@
 import type * as channels from '@protocol/channels';
 import type { LookupAddress } from 'dns';
 import http from 'http';
-import fs from 'fs';
 import https from 'https';
 import type { Readable, TransformCallback } from 'stream';
 import { pipeline, Transform } from 'stream';
@@ -26,7 +25,7 @@ import zlib from 'zlib';
 import type { HTTPCredentials } from '../../types/types';
 import { TimeoutSettings } from '../common/timeoutSettings';
 import { getUserAgent } from '../utils/userAgent';
-import { assert, createGuid, isUnderTest, monotonicTime } from '../utils';
+import { assert, createGuid, monotonicTime } from '../utils';
 import { HttpsProxyAgent, SocksProxyAgent } from '../utilsBundle';
 import { BrowserContext, verifyClientCertificates } from './browserContext';
 import { CookieStore, domainMatches } from './cookieStore';
@@ -199,8 +198,6 @@ export abstract class APIRequestContext extends SdkObject {
       ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, requestUrl.origin),
       __testHookLookup: (params as any).__testHookLookup,
     };
-    if (process.env.PWTEST_UNSUPPORTED_CUSTOM_CA && isUnderTest())
-      options.ca = [fs.readFileSync(process.env.PWTEST_UNSUPPORTED_CUSTOM_CA)];
     // rejectUnauthorized = undefined is treated as true in Node.js 12.
     if (params.ignoreHTTPSErrors || defaults.ignoreHTTPSErrors)
       options.rejectUnauthorized = false;
diff --git a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts
@@ -22,7 +22,7 @@ import fs from 'fs';
 import tls from 'tls';
 import stream from 'stream';
 import { createSocket, createTLSSocket } from '../utils/happy-eyeballs';
-import { isUnderTest, ManualPromise } from '../utils';
+import { ManualPromise } from '../utils';
 import type { SocksSocketClosedPayload, SocksSocketDataPayload, SocksSocketRequestedPayload } from '../common/socksProxy';
 import { SocksProxy } from '../common/socksProxy';
 import type * as channels from '@protocol/channels';
@@ -152,8 +152,6 @@ class SocksProxyConnection {
         };
         if (!net.isIP(this.host))
           tlsOptions.servername = this.host;
-        if (process.env.PWTEST_UNSUPPORTED_CUSTOM_CA && isUnderTest())
-          tlsOptions.ca = [fs.readFileSync(process.env.PWTEST_UNSUPPORTED_CUSTOM_CA)];
         const targetTLS = tls.connect(tlsOptions);
 
         targetTLS.on('secureConnect', () => {
diff --git a/tests/library/client-certificates.spec.ts b/tests/library/client-certificates.spec.ts
@@ -82,8 +82,6 @@ test.use({
   }
 });
 
-test.skip(({ mode }) => mode !== 'default');
-
 const kDummyFileName = __filename;
 const kValidationSubTests: [BrowserContextOptions, string][] = [
   [{ clientCertificates: [{ origin: 'test' }] }, 'None of cert, key, passphrase or pfx is specified'],
@@ -114,7 +112,7 @@ test.describe('fetch', () => {
 
   test('should fail with no client certificates provided', async ({ playwright, startCCServer }) => {
     const serverURL = await startCCServer();
-    const request = await playwright.request.newContext();
+    const request = await playwright.request.newContext({ ignoreHTTPSErrors: true });
     const response = await request.get(serverURL);
     expect(response.status()).toBe(401);
     expect(await response.text()).toContain('Sorry, but you need to provide a client certificate to continue.');
@@ -123,6 +121,7 @@ test.describe('fetch', () => {
 
   test('should keep supporting http', async ({ playwright, server, asset }) => {
     const request = await playwright.request.newContext({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: new URL(server.PREFIX).origin,
         certPath: asset('client-certificates/client/trusted/cert.pem'),
@@ -139,6 +138,7 @@ test.describe('fetch', () => {
   test('should throw with untrusted client certs', async ({ playwright, startCCServer, asset }) => {
     const serverURL = await startCCServer();
     const request = await playwright.request.newContext({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: new URL(serverURL).origin,
         certPath: asset('client-certificates/client/self-signed/cert.pem'),
@@ -155,6 +155,7 @@ test.describe('fetch', () => {
   test('pass with trusted client certificates', async ({ playwright, startCCServer, asset }) => {
     const serverURL = await startCCServer();
     const request = await playwright.request.newContext({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: new URL(serverURL).origin,
         certPath: asset('client-certificates/client/trusted/cert.pem'),
@@ -171,6 +172,7 @@ test.describe('fetch', () => {
   test('should work in the browser with request interception', async ({ browser, playwright, startCCServer, asset }) => {
     const serverURL = await startCCServer();
     const request = await playwright.request.newContext({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: new URL(serverURL).origin,
         certPath: asset('client-certificates/client/trusted/cert.pem'),
@@ -213,6 +215,7 @@ test.describe('browser', () => {
   test('should fail with no client certificates', async ({ browser, startCCServer, asset, browserName }) => {
     const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
     const page = await browser.newPage({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: 'https://not-matching.com',
         certPath: asset('client-certificates/client/trusted/cert.pem'),
@@ -227,6 +230,7 @@ test.describe('browser', () => {
   test('should fail with self-signed client certificates', async ({ browser, startCCServer, asset, browserName }) => {
     const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
     const page = await browser.newPage({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: new URL(serverURL).origin,
         certPath: asset('client-certificates/client/self-signed/cert.pem'),
@@ -241,6 +245,7 @@ test.describe('browser', () => {
   test('should pass with matching certificates', async ({ browser, startCCServer, asset, browserName }) => {
     const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
     const page = await browser.newPage({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: new URL(serverURL).origin,
         certPath: asset('client-certificates/client/trusted/cert.pem'),
@@ -278,6 +283,7 @@ test.describe('browser', () => {
   test('should pass with matching certificates and trailing slash', async ({ browser, startCCServer, asset, browserName }) => {
     const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
     const page = await browser.newPage({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: serverURL,
         certPath: asset('client-certificates/client/trusted/cert.pem'),
@@ -307,6 +313,7 @@ test.describe('browser', () => {
     const enableHTTP1FallbackWhenUsingHttp2 = browserName === 'webkit' && process.platform === 'linux';
     const serverURL = await startCCServer({ http2: true, enableHTTP1FallbackWhenUsingHttp2 });
     const page = await browser.newPage({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: new URL(serverURL).origin,
         certPath: asset('client-certificates/client/trusted/cert.pem'),
@@ -335,6 +342,7 @@ test.describe('browser', () => {
     const serverURL = await startCCServer({ http2: true, enableHTTP1FallbackWhenUsingHttp2: true });
     const browser = await browserType.launch({ args: ['--disable-http2'] });
     const page = await browser.newPage({
+      ignoreHTTPSErrors: true,
       clientCertificates: [{
         origin: new URL(serverURL).origin,
         certPath: asset('client-certificates/client/trusted/cert.pem'),
@@ -359,7 +367,6 @@ test.describe('browser', () => {
     test.fixme(browserName === 'webkit' && process.platform === 'linux', 'WebKit on Linux does not support http2 https://bugs.webkit.org/show_bug.cgi?id=276990');
     test.skip(+process.versions.node.split('.')[0] < 20, 'http2.performServerHandshake is not supported in older Node.js versions');
 
-    process.env.PWTEST_UNSUPPORTED_CUSTOM_CA = asset('empty.html');
     const serverURL = await startCCServer({ http2: true });
     const page = await browser.newPage({
       clientCertificates: [{
@@ -383,6 +390,7 @@ test.describe('browser', () => {
     test('should pass with matching certificates', async ({ launchPersistent, startCCServer, asset, browserName }) => {
       const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
       const { page } = await launchPersistent({
+        ignoreHTTPSErrors: true,
         clientCertificates: [{
           origin: new URL(serverURL).origin,
           certPath: asset('client-certificates/client/trusted/cert.pem'),
