mirror of
https://github.com/microsoft/playwright.git
synced 2024-12-01 08:34:02 +03:00
chore: client certificates refactorings (#31822)
This commit is contained in:
parent
f23d02a211
commit
b9c4b6bff0
@ -35,7 +35,6 @@ class SocksProxyConnection {
|
||||
target!: net.Socket;
|
||||
// In case of http, we just pipe data to the target socket and they are |undefined|.
|
||||
internal: stream.Duplex | undefined;
|
||||
internalTLS: tls.TLSSocket | undefined;
|
||||
|
||||
constructor(socksProxy: ClientCertificatesProxy, uid: string, host: string, port: number) {
|
||||
this.socksProxy = socksProxy;
|
||||
@ -85,12 +84,12 @@ class SocksProxyConnection {
|
||||
callback();
|
||||
}
|
||||
});
|
||||
const internalTLS = new tls.TLSSocket(this.internal, {
|
||||
isServer: true,
|
||||
const dummyServer = tls.createServer({
|
||||
key: fs.readFileSync(path.join(__dirname, '../../bin/socks-certs/key.pem')),
|
||||
cert: fs.readFileSync(path.join(__dirname, '../../bin/socks-certs/cert.pem')),
|
||||
});
|
||||
this.internalTLS = internalTLS;
|
||||
dummyServer.emit('connection', this.internal);
|
||||
dummyServer.on('secureConnection', internalTLS => {
|
||||
internalTLS.on('close', () => this.socksProxy._socksProxy.sendSocketEnd({ uid: this.uid }));
|
||||
|
||||
const tlsOptions: tls.ConnectionOptions = {
|
||||
@ -130,6 +129,7 @@ class SocksProxyConnection {
|
||||
].join('\r\n'));
|
||||
closeBothSockets();
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -15,14 +15,26 @@
|
||||
*/
|
||||
|
||||
import fs from 'fs';
|
||||
import http2 from 'http2';
|
||||
import type http from 'http';
|
||||
import { expect, playwrightTest as base } from '../config/browserTest';
|
||||
import type net from 'net';
|
||||
import type { BrowserContextOptions } from 'packages/playwright-test';
|
||||
const { createHttpsServer } = require('../../packages/playwright-core/lib/utils');
|
||||
|
||||
const test = base.extend<{ serverURL: string, serverURLRewrittenToLocalhost: string }>({
|
||||
serverURL: async ({ asset }, use) => {
|
||||
const server = createHttpsServer({
|
||||
type TestOptions = {
|
||||
startCCServer(options?: {
|
||||
http2?: boolean;
|
||||
useFakeLocalhost?: boolean;
|
||||
}): Promise<string>,
|
||||
};
|
||||
|
||||
const test = base.extend<TestOptions>({
|
||||
startCCServer: async ({ asset, browserName }, use) => {
|
||||
process.env.PWTEST_UNSUPPORTED_CUSTOM_CA = asset('client-certificates/server/server_cert.pem');
|
||||
let server: http.Server | http2.Http2Server | undefined;
|
||||
await use(async options => {
|
||||
server = (options?.http2 ? http2.createSecureServer : createHttpsServer)({
|
||||
key: fs.readFileSync(asset('client-certificates/server/server_key.pem')),
|
||||
cert: fs.readFileSync(asset('client-certificates/server/server_cert.pem')),
|
||||
ca: [
|
||||
@ -30,12 +42,12 @@ const test = base.extend<{ serverURL: string, serverURLRewrittenToLocalhost: str
|
||||
],
|
||||
requestCert: true,
|
||||
rejectUnauthorized: false,
|
||||
}, (req, res) => {
|
||||
}, (req: (http2.Http2ServerRequest | http.IncomingMessage), res: http2.Http2ServerResponse | http.ServerResponse) => {
|
||||
const tlsSocket = req.socket as import('tls').TLSSocket;
|
||||
// @ts-expect-error
|
||||
// @ts-expect-error https://github.com/DefinitelyTyped/DefinitelyTyped/discussions/62336
|
||||
expect(['localhost', 'local.playwright'].includes((tlsSocket).servername)).toBe(true);
|
||||
const cert = tlsSocket.getPeerCertificate();
|
||||
if ((req as any).client.authorized) {
|
||||
if (tlsSocket.authorized) {
|
||||
res.writeHead(200, { 'Content-Type': 'text/html' });
|
||||
res.end(`Hello ${cert.subject.CN}, your certificate was issued by ${cert.issuer.CN}!`);
|
||||
} else if (cert.subject) {
|
||||
@ -46,17 +58,12 @@ const test = base.extend<{ serverURL: string, serverURLRewrittenToLocalhost: str
|
||||
res.end(`Sorry, but you need to provide a client certificate to continue.`);
|
||||
}
|
||||
});
|
||||
process.env.PWTEST_UNSUPPORTED_CUSTOM_CA = asset('client-certificates/server/server_cert.pem');
|
||||
await new Promise<void>(f => server.listen(0, 'localhost', () => f()));
|
||||
await use(`https://localhost:${(server.address() as net.AddressInfo).port}/`);
|
||||
const host = options?.useFakeLocalhost ? 'local.playwright' : 'localhost';
|
||||
return `https://${host}:${(server.address() as net.AddressInfo).port}/`;
|
||||
});
|
||||
await new Promise<void>(resolve => server.close(() => resolve()));
|
||||
},
|
||||
serverURLRewrittenToLocalhost: async ({ serverURL, browserName }, use) => {
|
||||
const parsed = new URL(serverURL);
|
||||
parsed.hostname = 'local.playwright';
|
||||
const shouldRewriteToLocalhost = browserName === 'webkit' && process.platform === 'darwin';
|
||||
await use(shouldRewriteToLocalhost ? parsed.toString() : serverURL);
|
||||
}
|
||||
});
|
||||
|
||||
test.use({
|
||||
@ -103,7 +110,8 @@ test.describe('fetch', () => {
|
||||
await expect(playwright.request.newContext(contextOptions)).rejects.toThrow(expected);
|
||||
});
|
||||
|
||||
test('should fail with no client certificates provided', async ({ playwright, serverURL }) => {
|
||||
test('should fail with no client certificates provided', async ({ playwright, startCCServer }) => {
|
||||
const serverURL = await startCCServer();
|
||||
const request = await playwright.request.newContext();
|
||||
const response = await request.get(serverURL);
|
||||
expect(response.status()).toBe(401);
|
||||
@ -128,7 +136,8 @@ test.describe('fetch', () => {
|
||||
await request.dispose();
|
||||
});
|
||||
|
||||
test('should throw with untrusted client certs', async ({ playwright, serverURL, asset }) => {
|
||||
test('should throw with untrusted client certs', async ({ playwright, startCCServer, asset }) => {
|
||||
const serverURL = await startCCServer();
|
||||
const request = await playwright.request.newContext({
|
||||
clientCertificates: [{
|
||||
url: serverURL,
|
||||
@ -145,7 +154,8 @@ test.describe('fetch', () => {
|
||||
await request.dispose();
|
||||
});
|
||||
|
||||
test('pass with trusted client certificates', async ({ playwright, serverURL, asset }) => {
|
||||
test('pass with trusted client certificates', async ({ playwright, startCCServer, asset }) => {
|
||||
const serverURL = await startCCServer();
|
||||
const request = await playwright.request.newContext({
|
||||
clientCertificates: [{
|
||||
url: serverURL,
|
||||
@ -162,7 +172,8 @@ test.describe('fetch', () => {
|
||||
await request.dispose();
|
||||
});
|
||||
|
||||
test('should work in the browser with request interception', async ({ browser, playwright, serverURL, asset }) => {
|
||||
test('should work in the browser with request interception', async ({ browser, playwright, startCCServer, asset }) => {
|
||||
const serverURL = await startCCServer();
|
||||
const request = await playwright.request.newContext({
|
||||
clientCertificates: [{
|
||||
url: serverURL,
|
||||
@ -207,7 +218,8 @@ test.describe('browser', () => {
|
||||
await page.close();
|
||||
});
|
||||
|
||||
test('should fail with no client certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
|
||||
test('should fail with no client certificates', async ({ browser, startCCServer, asset, browserName }) => {
|
||||
const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
|
||||
const page = await browser.newPage({
|
||||
clientCertificates: [{
|
||||
url: 'https://not-matching.com',
|
||||
@ -217,37 +229,39 @@ test.describe('browser', () => {
|
||||
}],
|
||||
}],
|
||||
});
|
||||
await page.goto(serverURLRewrittenToLocalhost);
|
||||
await page.goto(serverURL);
|
||||
await expect(page.getByText('Sorry, but you need to provide a client certificate to continue.')).toBeVisible();
|
||||
await page.close();
|
||||
});
|
||||
|
||||
test('should fail with self-signed client certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
|
||||
test('should fail with self-signed client certificates', async ({ browser, startCCServer, asset, browserName }) => {
|
||||
const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
|
||||
const page = await browser.newPage({
|
||||
clientCertificates: [{
|
||||
url: serverURLRewrittenToLocalhost,
|
||||
url: serverURL,
|
||||
certs: [{
|
||||
certPath: asset('client-certificates/client/self-signed/cert.pem'),
|
||||
keyPath: asset('client-certificates/client/self-signed/key.pem'),
|
||||
}],
|
||||
}],
|
||||
});
|
||||
await page.goto(serverURLRewrittenToLocalhost);
|
||||
await page.goto(serverURL);
|
||||
await expect(page.getByText('Sorry Bob, certificates from Bob are not welcome here')).toBeVisible();
|
||||
await page.close();
|
||||
});
|
||||
|
||||
test('should pass with matching certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
|
||||
test('should pass with matching certificates', async ({ browser, startCCServer, asset, browserName }) => {
|
||||
const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
|
||||
const page = await browser.newPage({
|
||||
clientCertificates: [{
|
||||
url: serverURLRewrittenToLocalhost,
|
||||
url: serverURL,
|
||||
certs: [{
|
||||
certPath: asset('client-certificates/client/trusted/cert.pem'),
|
||||
keyPath: asset('client-certificates/client/trusted/key.pem'),
|
||||
}],
|
||||
}],
|
||||
});
|
||||
await page.goto(serverURLRewrittenToLocalhost);
|
||||
await page.goto(serverURL);
|
||||
await expect(page.getByText('Hello Alice, your certificate was issued by localhost!')).toBeVisible();
|
||||
await page.close();
|
||||
});
|
||||
@ -274,17 +288,18 @@ test.describe('browser', () => {
|
||||
await expect(launchPersistent(contextOptions)).rejects.toThrow(expected);
|
||||
});
|
||||
|
||||
test('should pass with matching certificates', async ({ launchPersistent, serverURLRewrittenToLocalhost, asset }) => {
|
||||
test('should pass with matching certificates', async ({ launchPersistent, startCCServer, asset, browserName }) => {
|
||||
const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
|
||||
const { page } = await launchPersistent({
|
||||
clientCertificates: [{
|
||||
url: serverURLRewrittenToLocalhost,
|
||||
url: serverURL,
|
||||
certs: [{
|
||||
certPath: asset('client-certificates/client/trusted/cert.pem'),
|
||||
keyPath: asset('client-certificates/client/trusted/key.pem'),
|
||||
}],
|
||||
}],
|
||||
});
|
||||
await page.goto(serverURLRewrittenToLocalhost);
|
||||
await page.goto(serverURL);
|
||||
await expect(page.getByText('Hello Alice, your certificate was issued by localhost!')).toBeVisible();
|
||||
});
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user