feedback 3

This commit is contained in:
Max Schmitt 2024-07-09 17:38:19 +02:00
parent 4a79602815
commit 3ba7fed980
12 changed files with 54 additions and 62 deletions

View file

@ -118,16 +118,13 @@ class SocksProxyConnection {
this.internalTLS.on('error', () => closeBothSockets());
targetTLS.on('error', error => {
if (['DEPTH_ZERO_SELF_SIGNED_CERT', 'ERR_SSL_TLSV13_ALERT_CERTIFICATE_REQUIRED'].includes(error.code)) {
this.internalTLS!.write('HTTP/1.1 503 Internal Server Error\r\n');
this.internalTLS!.write('Content-Type: text/html; charset=utf-8\r\n');
const responseBody = 'Self-signed certificate error: ' + error.message;
this.internalTLS!.write('Content-Length: ' + Buffer.byteLength(responseBody) + '\r\n');
this.internalTLS!.write('\r\n');
this.internalTLS!.write(responseBody);
this.internalTLS!.end();
return;
}
this.internalTLS!.write('HTTP/1.1 503 Internal Server Error\r\n');
this.internalTLS!.write('Content-Type: text/html; charset=utf-8\r\n');
const responseBody = 'Self-signed certificate error: ' + error.message;
this.internalTLS!.write('Content-Length: ' + Buffer.byteLength(responseBody) + '\r\n');
this.internalTLS!.write('\r\n');
this.internalTLS!.write(responseBody);
this.internalTLS!.end();
closeBothSockets();
});
}

View file

@ -15,19 +15,18 @@
*/
import fs from 'fs';
import path from 'path';
import { expect, playwrightTest as base } from '../config/browserTest';
import https from 'https';
import type net from 'net';
import type { BrowserContextOptions } from 'packages/playwright-test';
const { createHttpsServer } = require('../../packages/playwright-core/lib/utils');
const test = base.extend<{ serverURL: string, serverURLRewrittenToLocalhost: string }>({
serverURL: async ({ }, use) => {
const server = https.createServer({
key: fs.readFileSync(path.join(kClientCertificatesDir, 'server/server_key.pem')),
cert: fs.readFileSync(path.join(kClientCertificatesDir, 'server/server_cert.pem')),
serverURL: async ({ asset }, use) => {
const server = createHttpsServer({
key: fs.readFileSync(asset('client-certificates/server/server_key.pem')),
cert: fs.readFileSync(asset('client-certificates/server/server_cert.pem')),
ca: [
fs.readFileSync(path.join(kClientCertificatesDir, 'server/server_cert.pem')),
fs.readFileSync(asset('client-certificates/server/server_cert.pem')),
],
requestCert: true,
rejectUnauthorized: false,
@ -58,20 +57,21 @@ const test = base.extend<{ serverURL: string, serverURLRewrittenToLocalhost: str
test.skip(({ mode }) => mode !== 'default');
const kClientCertificatesDir = path.join(__dirname, '../config/testserver/client-certificates');
const kDummyFileName = __filename;
const kValidationSubTests: [BrowserContextOptions, string ][] = [
const kValidationSubTests: [BrowserContextOptions, string][] = [
[{ clientCertificates: [{ url: 'test', certs: [] }] }, 'No certs specified for url: test'],
[{ clientCertificates: [{ url: 'test', certs: [{}] }] }, 'None of cert, key, passphrase or pfx is specified'],
[{ clientCertificates: [{
url: 'test',
certs: [{
cert: kDummyFileName,
key: kDummyFileName,
passphrase: kDummyFileName,
pfx: kDummyFileName,
[{
clientCertificates: [{
url: 'test',
certs: [{
cert: kDummyFileName,
key: kDummyFileName,
passphrase: kDummyFileName,
pfx: kDummyFileName,
}]
}]
}] }, 'pfx is specified together with cert, key or passphrase'],
}, 'pfx is specified together with cert, key or passphrase'],
[{
proxy: { server: 'http://localhost:8080' },
clientCertificates: [{
@ -82,7 +82,8 @@ const kValidationSubTests: [BrowserContextOptions, string ][] = [
passphrase: kDummyFileName,
pfx: kDummyFileName,
}]
}] }, 'Cannot specify both proxy and clientCertificates'],
}]
}, 'Cannot specify both proxy and clientCertificates'],
];
test.describe('fetch', () => {
@ -99,13 +100,13 @@ test.describe('fetch', () => {
await request.dispose();
});
test('should keep supporting http', async ({ playwright, server }) => {
test('should keep supporting http', async ({ playwright, server, asset }) => {
const request = await playwright.request.newContext({
clientCertificates: [{
url: server.PREFIX,
certs: [{
cert: path.join(kClientCertificatesDir, 'client/alice_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/alice_key.pem'),
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
}],
}],
});
@ -116,33 +117,27 @@ test.describe('fetch', () => {
await request.dispose();
});
test('should throw with a untrusted CA', async ({ playwright, serverURL }) => {
test('should throw with a untrusted CA', async ({ playwright, serverURL, asset }) => {
const request = await playwright.request.newContext({
clientCertificates: [{
url: serverURL,
certs: [{
cert: path.join(kClientCertificatesDir, 'client/alice_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/alice_key.pem'),
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
}],
}],
});
try {
const response = await request.get(serverURL);
expect(response.status()).toBe(503);
expect(await response.text()).toBe('Self-signed certificate error: self-signed certificate');
} catch (error) {
expect(error.message).toContain('self-signed certificate');
}
await expect(request.get(serverURL)).rejects.toThrow('self-signed certificate');
});
test('should throw with matching CA but untrusted client certs', async ({ playwright, serverURL }) => {
test('should throw with matching CA but untrusted client certs', async ({ playwright, serverURL, asset }) => {
const request = await playwright.request.newContext({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: serverURL,
certs: [{
cert: path.join(kClientCertificatesDir, 'client/bob_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/bob_key.pem'),
cert: asset('client-certificates/client/bob_cert.pem'),
key: asset('client-certificates/client/bob_key.pem'),
}],
}],
});
@ -153,13 +148,13 @@ test.describe('fetch', () => {
await request.dispose();
});
test('should work without CA', async ({ playwright, serverURL }) => {
test('should work without CA', async ({ playwright, serverURL, asset }) => {
const request = await playwright.request.newContext({
clientCertificates: [{
url: serverURL,
certs: [{
cert: path.join(kClientCertificatesDir, 'client/alice_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/alice_key.pem'),
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
}],
}],
ignoreHTTPSErrors: true,
@ -171,14 +166,14 @@ test.describe('fetch', () => {
await request.dispose();
});
test('should work in the browser with request interception', async ({ browser, playwright, serverURL }) => {
test('should work in the browser with request interception', async ({ browser, playwright, serverURL, asset }) => {
const request = await playwright.request.newContext({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: serverURL,
certs: [{
cert: path.join(kClientCertificatesDir, 'client/alice_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/alice_key.pem'),
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
}],
}],
});
@ -201,13 +196,13 @@ test.describe('browser', () => {
await expect(browser.newContext(contextOptions)).rejects.toThrow(expected);
});
test('should keep supporting http', async ({ browser, server }) => {
test('should keep supporting http', async ({ browser, server, asset }) => {
const page = await browser.newPage({
clientCertificates: [{
url: server.PREFIX,
certs: [{
cert: path.join(kClientCertificatesDir, 'client/alice_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/alice_key.pem'),
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
}],
}],
});
@ -217,14 +212,14 @@ test.describe('browser', () => {
await page.close();
});
test('should fail with no client certificates', async ({ browser, serverURLRewrittenToLocalhost }) => {
test('should fail with no client certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
const page = await browser.newPage({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: 'https://not-matching.com',
certs: [{
cert: path.join(kClientCertificatesDir, 'client/alice_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/alice_key.pem'),
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
}],
}],
});
@ -233,13 +228,13 @@ test.describe('browser', () => {
await page.close();
});
test('should fail with untrusted client certs', async ({ browser, serverURLRewrittenToLocalhost }) => {
test('should fail with untrusted client certs', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
const page = await browser.newPage({
clientCertificates: [{
url: serverURLRewrittenToLocalhost,
certs: [{
cert: path.join(kClientCertificatesDir, 'client/bob_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/bob_key.pem'),
cert: asset('client-certificates/client/bob_cert.pem'),
key: asset('client-certificates/client/bob_key.pem'),
}],
}],
});
@ -248,14 +243,14 @@ test.describe('browser', () => {
await page.close();
});
test('should pass with matching certificates', async ({ browser, serverURLRewrittenToLocalhost }) => {
test('should pass with matching certificates', async ({ browser, serverURLRewrittenToLocalhost, asset }) => {
const page = await browser.newPage({
ignoreHTTPSErrors: true,
clientCertificates: [{
url: serverURLRewrittenToLocalhost,
certs: [{
cert: path.join(kClientCertificatesDir, 'client/alice_cert.pem'),
key: path.join(kClientCertificatesDir, 'client/alice_key.pem'),
cert: asset('client-certificates/client/alice_cert.pem'),
key: asset('client-certificates/client/alice_key.pem'),
}],
}],
});