From 22cba2d64d8095eb616de2db764458daa54a6e40 Mon Sep 17 00:00:00 2001 From: Max Schmitt Date: Wed, 10 Jul 2024 22:35:45 +0200 Subject: [PATCH] more real world tests --- packages/playwright-core/src/server/fetch.ts | 6 ++-- .../socksClientCertificatesInterceptor.ts | 1 - packages/playwright/src/index.ts | 6 ++-- tests/library/client-certificates.spec.ts | 30 ++++--------------- 4 files changed, 13 insertions(+), 30 deletions(-) diff --git a/packages/playwright-core/src/server/fetch.ts b/packages/playwright-core/src/server/fetch.ts index 6ca56d7307..6dafff956a 100644 --- a/packages/playwright-core/src/server/fetch.ts +++ b/packages/playwright-core/src/server/fetch.ts @@ -16,8 +16,9 @@ import type * as channels from '@protocol/channels'; import type { LookupAddress } from 'dns'; -import * as http from 'http'; -import * as https from 'https'; +import http from 'http'; +import fs from 'fs'; +import https from 'https'; import type { Readable, TransformCallback } from 'stream'; import { pipeline, Transform } from 'stream'; import url from 'url'; @@ -192,6 +193,7 @@ export abstract class APIRequestContext extends SdkObject { maxRedirects: params.maxRedirects === 0 ? -1 : params.maxRedirects === undefined ? 20 : params.maxRedirects, timeout, deadline, + ...(process.env.PW_DO_NOT_USE_EXTRA_CA_CERTS ? { ca: [fs.readFileSync(process.env.PW_DO_NOT_USE_EXTRA_CA_CERTS)] } : {}), ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, requestUrl.toString()), __testHookLookup: (params as any).__testHookLookup, }; diff --git a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts index d4913ba02c..5c483e7c30 100644 --- a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts +++ b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts @@ -92,7 +92,6 @@ class SocksProxyConnection { this.internal = new SocksConnectionDuplex(data => this.socksProxy._socksProxy.sendSocketData({ uid: this.uid, data })); const internalTLS = new tls.TLSSocket(this.internal, { isServer: true, - // openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/CN=localhost" key: fs.readFileSync(path.join(__dirname, '../../bin/socks-certs/key.pem')), cert: fs.readFileSync(path.join(__dirname, '../../bin/socks-certs/cert.pem')), }); diff --git a/packages/playwright/src/index.ts b/packages/playwright/src/index.ts index d848d5fd5c..65185925be 100644 --- a/packages/playwright/src/index.ts +++ b/packages/playwright/src/index.ts @@ -424,9 +424,9 @@ function resolveFileToConfig(file: string | undefined) { const config = test.info().config.configFile; if (!config || !file) return file; - if (!path.isAbsolute(file)) - return path.resolve(path.dirname(config), file); - return file; + if (path.isAbsolute(file)) + return file; + return path.resolve(path.dirname(config), file); } type ClientCertificates = NonNullable; diff --git a/tests/library/client-certificates.spec.ts b/tests/library/client-certificates.spec.ts index 622871ae2e..75162757f9 100644 --- a/tests/library/client-certificates.spec.ts +++ b/tests/library/client-certificates.spec.ts @@ -43,6 +43,7 @@ const test = base.extend<{ serverURL: string, serverURLRewrittenToLocalhost: str res.end(`Sorry, but you need to provide a client certificate to continue.`); } }); + process.env.PW_DO_NOT_USE_EXTRA_CA_CERTS = asset('client-certificates/server/server_cert.pem'); await new Promise(f => server.listen(0, 'localhost', () => f())); await use(`https://localhost:${(server.address() as net.AddressInfo).port}/`); await new Promise(resolve => server.close(() => resolve())); @@ -93,7 +94,7 @@ test.describe('fetch', () => { }); test('should fail with no client certificates provided', async ({ playwright, serverURL }) => { - const request = await playwright.request.newContext({ ignoreHTTPSErrors: true }); + const request = await playwright.request.newContext(); const response = await request.get(serverURL); expect(response.status()).toBe(401); expect(await response.text()).toBe('Sorry, but you need to provide a client certificate to continue.'); @@ -117,22 +118,8 @@ test.describe('fetch', () => { await request.dispose(); }); - test('should throw with a untrusted CA', async ({ playwright, serverURL, asset }) => { + test('should throw with untrusted client certs', async ({ playwright, serverURL, asset }) => { const request = await playwright.request.newContext({ - clientCertificates: [{ - url: serverURL, - certs: [{ - certPath: asset('client-certificates/client/trusted/cert.pem'), - keyPath: asset('client-certificates/client/trusted/key.pem'), - }], - }], - }); - await expect(request.get(serverURL)).rejects.toThrow('self-signed certificate'); - }); - - test('should throw with matching CA but untrusted client certs', async ({ playwright, serverURL, asset }) => { - const request = await playwright.request.newContext({ - ignoreHTTPSErrors: true, clientCertificates: [{ url: serverURL, certs: [{ @@ -148,7 +135,7 @@ test.describe('fetch', () => { await request.dispose(); }); - test('should work without CA', async ({ playwright, serverURL, asset }) => { + test('pass with trusted client certificates', async ({ playwright, serverURL, asset }) => { const request = await playwright.request.newContext({ clientCertificates: [{ url: serverURL, @@ -157,7 +144,6 @@ test.describe('fetch', () => { keyPath: asset('client-certificates/client/trusted/key.pem'), }], }], - ignoreHTTPSErrors: true, }); const response = await request.get(serverURL); expect(response.url()).toBe(serverURL); @@ -168,7 +154,6 @@ test.describe('fetch', () => { test('should work in the browser with request interception', async ({ browser, playwright, serverURL, asset }) => { const request = await playwright.request.newContext({ - ignoreHTTPSErrors: true, clientCertificates: [{ url: serverURL, certs: [{ @@ -214,7 +199,6 @@ test.describe('browser', () => { test('should fail with no client certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => { const page = await browser.newPage({ - ignoreHTTPSErrors: true, clientCertificates: [{ url: 'https://not-matching.com', certs: [{ @@ -228,7 +212,7 @@ test.describe('browser', () => { await page.close(); }); - test('should throw with a untrusted CA', async ({ browser, serverURLRewrittenToLocalhost, asset }) => { + test('should fail with self-signed client certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => { const page = await browser.newPage({ clientCertificates: [{ url: serverURLRewrittenToLocalhost, @@ -245,7 +229,6 @@ test.describe('browser', () => { test('should pass with matching certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => { const page = await browser.newPage({ - ignoreHTTPSErrors: true, clientCertificates: [{ url: serverURLRewrittenToLocalhost, certs: [{ @@ -260,15 +243,14 @@ test.describe('browser', () => { }); test.describe('persistentContext', () => { - test('validate input', async ({ launchPersistent }) => { + test.slow(); for (const [contextOptions, expected] of kValidationSubTests) await expect(launchPersistent(contextOptions)).rejects.toThrow(expected); }); test('should pass with matching certificates', async ({ launchPersistent, serverURLRewrittenToLocalhost, asset }) => { const { page } = await launchPersistent({ - ignoreHTTPSErrors: true, clientCertificates: [{ url: serverURLRewrittenToLocalhost, certs: [{