From cadb3fe514fbaa7c3123990009372c6b6ba21915 Mon Sep 17 00:00:00 2001 From: Max Schmitt Date: Fri, 16 Aug 2024 17:18:05 +0200 Subject: [PATCH] review feedback --- .../socksClientCertificatesInterceptor.ts | 1 - packages/playwright-core/src/utils/crypto.ts | 21 ++++++++++++------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts index 78dcec05cb..5510303882 100644 --- a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts +++ b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts @@ -30,7 +30,6 @@ let dummyServerTlsOptions: tls.TlsOptions | undefined = undefined; function loadDummyServerCertsIfNeeded() { if (dummyServerTlsOptions) return; - // TODO: do we want to have it unique per browser context, launch or global? const { cert, key } = generateSelfSignedCertificate(); dummyServerTlsOptions = { key, cert }; } diff --git a/packages/playwright-core/src/utils/crypto.ts b/packages/playwright-core/src/utils/crypto.ts index d6f22fac35..5da56d4e9b 100644 --- a/packages/playwright-core/src/utils/crypto.ts +++ b/packages/playwright-core/src/utils/crypto.ts @@ -14,8 +14,8 @@ * limitations under the License. */ -import assert from 'assert'; import crypto from 'crypto'; +import { assert } from './debug'; export function createGuid(): string { return crypto.randomBytes(16).toString('hex'); @@ -45,7 +45,7 @@ class DER { return this._encode(0x30, Buffer.concat(data)); } static encodeInteger(data: number): Buffer { - assert(data >= 0 && data <= 0xff); + assert(data >= -128 && data <= 127); return this._encode(0x02, Buffer.from([data])); } static encodeObjectIdentifier(oid: string): Buffer { @@ -63,10 +63,11 @@ class DER { return Buffer.from([0x05, 0x00]); } static encodeSet(data: Buffer[]): Buffer { + assert(data.length === 1, 'Only one item in the set is supported. We\'d need to sort the data to support more.'); // We expect the data to be already sorted. return this._encode(0x31, Buffer.concat(data)); } - static encodeImplicitContextDependent(tag: number, data: Buffer): Buffer { + static encodeExplicitContextDependent(tag: number, data: Buffer): Buffer { return this._encode(0xa0 + tag, data); } static encodePrintableString(data: string): Buffer { @@ -116,9 +117,13 @@ export function generateSelfSignedCertificate() { const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', { modulusLength: 2048 }); const publicKeyDer = publicKey.export({ type: 'pkcs1', format: 'der' }); + const oneYearInMilliseconds = 365 * 24 * 60 * 60 * 1_000; + const notBefore = new Date(new Date().getTime() - oneYearInMilliseconds); + const notAfter = new Date(new Date().getTime() + oneYearInMilliseconds); + // List of fields / structure: https://datatracker.ietf.org/doc/html/rfc2459#section-4.1 const tbsCertificate = DER.encodeSequence([ - DER.encodeImplicitContextDependent(0, DER.encodeInteger(1)), // version + DER.encodeExplicitContextDependent(0, DER.encodeInteger(1)), // version DER.encodeInteger(1), // serialNumber DER.encodeSequence([ DER.encodeObjectIdentifier('1.2.840.113549.1.1.11'), // sha256WithRSAEncryption PKCS #1 @@ -134,13 +139,13 @@ export function generateSelfSignedCertificate() { DER.encodeSet([ DER.encodeSequence([ DER.encodeObjectIdentifier('2.5.4.10'), // organizationName X.520 DN component - DER.encodePrintableString('Client Certificate Demo') + DER.encodePrintableString('Playwright Client Certificate Support') ]) ]) ]), // issuer DER.encodeSequence([ - DER.encodeDate(new Date()), // notBefore - DER.encodeDate(new Date()), // notAfter + DER.encodeDate(notBefore), // notBefore + DER.encodeDate(notAfter), // notAfter ]), // validity DER.encodeSequence([ DER.encodeSet([ @@ -152,7 +157,7 @@ export function generateSelfSignedCertificate() { DER.encodeSet([ DER.encodeSequence([ DER.encodeObjectIdentifier('2.5.4.10'), // organizationName X.520 DN component - DER.encodePrintableString('Client Certificate Demo') + DER.encodePrintableString('Playwright Client Certificate Support') ]) ]) ]), // subject