| (function() { |
| |
| function Tests(ASSERT, forge) { |
| describe('tls', function() { |
| it('should test TLS 1.0 PRF', function() { |
| // Note: This test vector is originally from: |
| // http://www.imc.org/ietf-tls/mail-archive/msg01589.html |
| // But that link is now dead. |
| var secret = forge.util.createBuffer().fillWithByte(0xAB, 48).getBytes(); |
| var seed = forge.util.createBuffer().fillWithByte(0xCD, 64).getBytes(); |
| var bytes = forge.tls.prf_tls1(secret, 'PRF Testvector', seed, 104); |
| var expect = |
| 'd3d4d1e349b5d515044666d51de32bab258cb521' + |
| 'b6b053463e354832fd976754443bcf9a296519bc' + |
| '289abcbc1187e4ebd31e602353776c408aafb74c' + |
| 'bc85eff69255f9788faa184cbb957a9819d84a5d' + |
| '7eb006eb459d3ae8de9810454b8b2d8f1afbc655' + |
| 'a8c9a013'; |
| ASSERT.equal(bytes.toHex(), expect); |
| }); |
| |
| it('should establish a TLS connection and transfer data', function(done) { |
| var end = {}; |
| var data = {}; |
| |
| createCertificate('server', data); |
| createCertificate('client', data); |
| data.client.connection = {}; |
| data.server.connection = {}; |
| |
| end.client = forge.tls.createConnection({ |
| server: false, |
| caStore: [data.server.cert], |
| sessionCache: {}, |
| cipherSuites: [ |
| forge.tls.CipherSuites.TLS_RSA_WITH_AES_128_CBC_SHA, |
| forge.tls.CipherSuites.TLS_RSA_WITH_AES_256_CBC_SHA], |
| virtualHost: 'server', |
| verify: function(c, verified, depth, certs) { |
| data.client.connection.commonName = |
| certs[0].subject.getField('CN').value; |
| data.client.connection.certVerified = verified; |
| return true; |
| }, |
| connected: function(c) { |
| c.prepare('Hello Server'); |
| }, |
| getCertificate: function(c, hint) { |
| return data.client.cert; |
| }, |
| getPrivateKey: function(c, cert) { |
| return data.client.privateKey; |
| }, |
| tlsDataReady: function(c) { |
| end.server.process(c.tlsData.getBytes()); |
| }, |
| dataReady: function(c) { |
| data.client.connection.data = c.data.getBytes(); |
| c.close(); |
| }, |
| closed: function(c) { |
| ASSERT.equal(data.client.connection.commonName, 'server'); |
| ASSERT.equal(data.client.connection.certVerified, true); |
| ASSERT.equal(data.client.connection.data, 'Hello Client'); |
| done(); |
| }, |
| error: function(c, error) { |
| ASSERT.equal(error.message, undefined); |
| } |
| }); |
| |
| end.server = forge.tls.createConnection({ |
| server: true, |
| caStore: [data.client.cert], |
| sessionCache: {}, |
| cipherSuites: [ |
| forge.tls.CipherSuites.TLS_RSA_WITH_AES_128_CBC_SHA, |
| forge.tls.CipherSuites.TLS_RSA_WITH_AES_256_CBC_SHA], |
| connected: function(c) { |
| }, |
| verifyClient: true, |
| verify: function(c, verified, depth, certs) { |
| data.server.connection.commonName = |
| certs[0].subject.getField('CN').value; |
| data.server.connection.certVerified = verified; |
| return true; |
| }, |
| getCertificate: function(c, hint) { |
| data.server.connection.certHint = hint[0]; |
| return data.server.cert; |
| }, |
| getPrivateKey: function(c, cert) { |
| return data.server.privateKey; |
| }, |
| tlsDataReady: function(c) { |
| end.client.process(c.tlsData.getBytes()); |
| }, |
| dataReady: function(c) { |
| data.server.connection.data = c.data.getBytes(); |
| c.prepare('Hello Client'); |
| c.close(); |
| }, |
| closed: function(c) { |
| ASSERT.equal(data.server.connection.certHint, 'server'); |
| ASSERT.equal(data.server.connection.commonName, 'client'); |
| ASSERT.equal(data.server.connection.certVerified, true); |
| ASSERT.equal(data.server.connection.data, 'Hello Server'); |
| }, |
| error: function(c, error) { |
| ASSERT.equal(error.message, undefined); |
| } |
| }); |
| |
| end.client.handshake(); |
| |
| function createCertificate(cn, data) { |
| var keys = forge.pki.rsa.generateKeyPair(512); |
| var cert = forge.pki.createCertificate(); |
| cert.publicKey = keys.publicKey; |
| cert.serialNumber = '01'; |
| cert.validity.notBefore = new Date(); |
| cert.validity.notAfter = new Date(); |
| cert.validity.notAfter.setFullYear( |
| cert.validity.notBefore.getFullYear() + 1); |
| var attrs = [{ |
| name: 'commonName', |
| value: cn |
| }, { |
| name: 'countryName', |
| value: 'US' |
| }, { |
| shortName: 'ST', |
| value: 'Virginia' |
| }, { |
| name: 'localityName', |
| value: 'Blacksburg' |
| }, { |
| name: 'organizationName', |
| value: 'Test' |
| }, { |
| shortName: 'OU', |
| value: 'Test' |
| }]; |
| cert.setSubject(attrs); |
| cert.setIssuer(attrs); |
| cert.setExtensions([{ |
| name: 'basicConstraints', |
| cA: true |
| }, { |
| name: 'keyUsage', |
| keyCertSign: true, |
| digitalSignature: true, |
| nonRepudiation: true, |
| keyEncipherment: true, |
| dataEncipherment: true |
| }, { |
| name: 'subjectAltName', |
| altNames: [{ |
| type: 6, // URI |
| value: 'https://myuri.com/webid#me' |
| }] |
| }]); |
| cert.sign(keys.privateKey); |
| data[cn] = { |
| cert: forge.pki.certificateToPem(cert), |
| privateKey: forge.pki.privateKeyToPem(keys.privateKey) |
| }; |
| } |
| }); |
| }); |
| } |
| |
| // check for AMD |
| if(typeof define === 'function') { |
| define([ |
| 'forge/forge' |
| ], function(forge) { |
| Tests( |
| // Global provided by test harness |
| ASSERT, |
| forge |
| ); |
| }); |
| } else if(typeof module === 'object' && module.exports) { |
| // assume NodeJS |
| Tests( |
| require('assert'), |
| require('../../js/forge')); |
| } |
| |
| })(); |