playwright/tests/library/client-certificates.spec.ts

285 lines
11 KiB
TypeScript
Raw Normal View History

2024-07-04 11:05:47 +02:00
/**
* Copyright (c) Microsoft Corporation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import fs from 'fs';
import { expect, playwrightTest as base } from '../config/browserTest';
import type net from 'net';
2024-07-05 17:15:09 +02:00
import type { BrowserContextOptions } from 'packages/playwright-test';
2024-07-09 17:38:19 +02:00
const { createHttpsServer } = require('../../packages/playwright-core/lib/utils');
2024-07-04 11:05:47 +02:00
const test = base.extend<{ serverURL: string, serverURLRewrittenToLocalhost: string }>({
2024-07-09 17:38:19 +02:00
serverURL: async ({ asset }, use) => {
const server = createHttpsServer({
key: fs.readFileSync(asset('client-certificates/server/server_key.pem')),
cert: fs.readFileSync(asset('client-certificates/server/server_cert.pem')),
2024-07-04 11:05:47 +02:00
ca: [
2024-07-09 17:38:19 +02:00
fs.readFileSync(asset('client-certificates/server/server_cert.pem')),
2024-07-04 11:05:47 +02:00
],
requestCert: true,
rejectUnauthorized: false,
}, (req, res) => {
const cert = (req.socket as import('tls').TLSSocket).getPeerCertificate();
if ((req as any).client.authorized) {
res.writeHead(200, { 'Content-Type': 'text/html' });
res.end(`Hello ${cert.subject.CN}, your certificate was issued by ${cert.issuer.CN}!`);
} else if (cert.subject) {
res.writeHead(403, { 'Content-Type': 'text/html' });
res.end(`Sorry ${cert.subject.CN}, certificates from ${cert.issuer.CN} are not welcome here.`);
} else {
res.writeHead(401, { 'Content-Type': 'text/html' });
res.end(`Sorry, but you need to provide a client certificate to continue.`);
}
});
await new Promise<void>(f => server.listen(0, 'localhost', () => f()));
await use(`https://localhost:${(server.address() as net.AddressInfo).port}/`);
await new Promise<void>(resolve => server.close(() => resolve()));
},
serverURLRewrittenToLocalhost: async ({ serverURL, browserName }, use) => {
const parsed = new URL(serverURL);
2024-07-10 09:46:23 +02:00
parsed.hostname = 'local.playwright';
2024-07-04 11:05:47 +02:00
const shouldRewriteToLocalhost = browserName === 'webkit' && process.platform === 'darwin';
await use(shouldRewriteToLocalhost ? parsed.toString() : serverURL);
}
});
test.skip(({ mode }) => mode !== 'default');
2024-07-09 17:27:17 +02:00
const kDummyFileName = __filename;
2024-07-09 17:38:19 +02:00
const kValidationSubTests: [BrowserContextOptions, string][] = [
2024-07-05 17:15:09 +02:00
[{ clientCertificates: [{ url: 'test', certs: [] }] }, 'No certs specified for url: test'],
[{ clientCertificates: [{ url: 'test', certs: [{}] }] }, 'None of cert, key, passphrase or pfx is specified'],
2024-07-09 17:38:19 +02:00
[{
clientCertificates: [{
url: 'test',
certs: [{
cert: kDummyFileName,
key: kDummyFileName,
passphrase: kDummyFileName,
pfx: kDummyFileName,
}]
2024-07-04 11:05:47 +02:00
}]
2024-07-09 17:38:19 +02:00
}, 'pfx is specified together with cert, key or passphrase'],
2024-07-05 17:15:09 +02:00
[{
proxy: { server: 'http://localhost:8080' },
clientCertificates: [{
url: 'test',
certs: [{
2024-07-09 17:27:17 +02:00
cert: kDummyFileName,
key: kDummyFileName,
passphrase: kDummyFileName,
pfx: kDummyFileName,
2024-07-05 17:15:09 +02:00
}]
2024-07-09 17:38:19 +02:00
}]
}, 'Cannot specify both proxy and clientCertificates'],
2024-07-04 11:05:47 +02:00
];
test.describe('fetch', () => {
test('validate input', async ({ playwright }) => {
2024-07-05 17:15:09 +02:00
for (const [contextOptions, expected] of kValidationSubTests)
await expect(playwright.request.newContext(contextOptions)).rejects.toThrow(expected);
2024-07-04 11:05:47 +02:00
});
test('should fail with no client certificates provided', async ({ playwright, serverURL }) => {
const request = await playwright.request.newContext({ ignoreHTTPSErrors: true });
const response = await request.get(serverURL);
expect(response.status()).toBe(401);
expect(await response.text()).toBe('Sorry, but you need to provide a client certificate to continue.');
await request.dispose();
});
2024-07-09 17:38:19 +02:00
test('should keep supporting http', async ({ playwright, server, asset }) => {
2024-07-04 11:05:47 +02:00
const request = await playwright.request.newContext({
clientCertificates: [{
url: server.PREFIX,
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
});
const response = await request.get(server.PREFIX + '/one-style.html');
expect(response.url()).toBe(server.PREFIX + '/one-style.html');
expect(response.status()).toBe(200);
expect(await response.text()).toContain('<div>hello, world!</div>');
await request.dispose();
});
2024-07-09 17:38:19 +02:00
test('should throw with a untrusted CA', async ({ playwright, serverURL, asset }) => {
2024-07-04 11:05:47 +02:00
const request = await playwright.request.newContext({
clientCertificates: [{
url: serverURL,
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
});
2024-07-09 17:38:19 +02:00
await expect(request.get(serverURL)).rejects.toThrow('self-signed certificate');
2024-07-04 11:05:47 +02:00
});
2024-07-09 17:38:19 +02:00
test('should throw with matching CA but untrusted client certs', async ({ playwright, serverURL, asset }) => {
2024-07-04 11:05:47 +02:00
const request = await playwright.request.newContext({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: serverURL,
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/bob_cert.pem'),
key: asset('client-certificates/client/bob_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
});
const response = await request.get(serverURL);
expect(response.url()).toBe(serverURL);
expect(response.status()).toBe(403);
expect(await response.text()).toBe('Sorry Bob, certificates from Bob are not welcome here.');
await request.dispose();
});
2024-07-09 17:38:19 +02:00
test('should work without CA', async ({ playwright, serverURL, asset }) => {
2024-07-04 11:05:47 +02:00
const request = await playwright.request.newContext({
clientCertificates: [{
url: serverURL,
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
ignoreHTTPSErrors: true,
});
const response = await request.get(serverURL);
expect(response.url()).toBe(serverURL);
expect(response.status()).toBe(200);
expect(await response.text()).toBe('Hello Alice, your certificate was issued by localhost!');
await request.dispose();
});
2024-07-09 17:38:19 +02:00
test('should work in the browser with request interception', async ({ browser, playwright, serverURL, asset }) => {
2024-07-04 11:05:47 +02:00
const request = await playwright.request.newContext({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: serverURL,
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
});
const page = await browser.newPage({ ignoreHTTPSErrors: true });
await page.route('**/*', async route => {
const response = await request.fetch(route.request());
await route.fulfill({ response });
});
await page.goto(serverURL);
await expect(page.getByText('Hello Alice, your certificate was issued by localhost!')).toBeVisible();
await page.close();
await request.dispose();
});
});
test.describe('browser', () => {
test('validate input', async ({ browser }) => {
2024-07-05 17:15:09 +02:00
for (const [contextOptions, expected] of kValidationSubTests)
await expect(browser.newContext(contextOptions)).rejects.toThrow(expected);
2024-07-04 11:05:47 +02:00
});
2024-07-09 17:38:19 +02:00
test('should keep supporting http', async ({ browser, server, asset }) => {
2024-07-04 11:05:47 +02:00
const page = await browser.newPage({
clientCertificates: [{
url: server.PREFIX,
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
});
await page.goto(server.PREFIX + '/one-style.html');
await expect(page.getByText('hello, world!')).toBeVisible();
await expect(page.locator('body')).toHaveCSS('background-color', 'rgb(255, 192, 203)');
await page.close();
});
2024-07-09 17:38:19 +02:00
test('should fail with no client certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
2024-07-04 11:05:47 +02:00
const page = await browser.newPage({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: 'https://not-matching.com',
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
});
await page.goto(serverURLRewrittenToLocalhost);
await expect(page.getByText('Sorry, but you need to provide a client certificate to continue.')).toBeVisible();
await page.close();
});
2024-07-09 17:58:58 +02:00
test('should throw with a untrusted CA', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
2024-07-04 11:05:47 +02:00
const page = await browser.newPage({
clientCertificates: [{
url: serverURLRewrittenToLocalhost,
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/bob_cert.pem'),
key: asset('client-certificates/client/bob_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
});
await page.goto(serverURLRewrittenToLocalhost);
await expect(page.getByText('Sorry Bob, certificates from Bob are not welcome here')).toBeVisible();
await page.close();
});
2024-07-09 17:38:19 +02:00
test('should pass with matching certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
2024-07-04 11:05:47 +02:00
const page = await browser.newPage({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: serverURLRewrittenToLocalhost,
certs: [{
2024-07-09 17:38:19 +02:00
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
2024-07-04 11:05:47 +02:00
}],
}],
});
await page.goto(serverURLRewrittenToLocalhost);
await expect(page.getByText('Hello Alice, your certificate was issued by localhost!')).toBeVisible();
await page.close();
});
2024-07-10 22:00:20 +02:00
test.describe('persistentContext', () => {
test('validate input', async ({ launchPersistent }) => {
for (const [contextOptions, expected] of kValidationSubTests)
await expect(launchPersistent(contextOptions)).rejects.toThrow(expected);
});
test('should pass with matching certificates', async ({ launchPersistent, serverURLRewrittenToLocalhost, asset }) => {
const { page } = await launchPersistent({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: serverURLRewrittenToLocalhost,
certs: [{
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
}],
}],
});
await page.goto(serverURLRewrittenToLocalhost);
await expect(page.getByText('Hello Alice, your certificate was issued by localhost!')).toBeVisible();
});
});
2024-07-04 11:05:47 +02:00
});