From 555e815402d9e2d92cca24c6b897dda0d59fa286 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Tue, 27 Jul 2021 22:19:35 +0100 Subject: [PATCH 1/2] Copy tls.cert to tls.certificate for GOT --- .../@node-red/nodes/core/network/21-httprequest.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js b/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js index bf193b6af..508299cf4 100644 --- a/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js +++ b/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js @@ -453,6 +453,10 @@ in your Node-RED user directory (${RED.settings.userDir}). opts.https.certificateAuthority = opts.https.ca; delete opts.https.ca; } + if (opts.https.cert) { + opts.https.certificate = opts.https.cert; + delete opt.https.cert; + } } else { if (msg.hasOwnProperty('rejectUnauthorized')) { opts.https = { rejectUnauthorized: msg.rejectUnauthorized }; From a76c6f86c684d0e0b272790f7b0e041f8c5246b4 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Wed, 28 Jul 2021 08:52:35 +0100 Subject: [PATCH 2/2] Add Testcase & Fix typo --- .../nodes/core/network/21-httprequest.js | 2 +- .../nodes/core/network/21-httprequest_spec.js | 68 ++++++++++++++++++- 2 files changed, 66 insertions(+), 4 deletions(-) diff --git a/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js b/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js index 508299cf4..1018c16fe 100644 --- a/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js +++ b/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js @@ -455,7 +455,7 @@ in your Node-RED user directory (${RED.settings.userDir}). } if (opts.https.cert) { opts.https.certificate = opts.https.cert; - delete opt.https.cert; + delete opts.https.cert; } } else { if (msg.hasOwnProperty('rejectUnauthorized')) { diff --git a/test/nodes/core/network/21-httprequest_spec.js b/test/nodes/core/network/21-httprequest_spec.js index c3ec942f7..3926666a9 100644 --- a/test/nodes/core/network/21-httprequest_spec.js +++ b/test/nodes/core/network/21-httprequest_spec.js @@ -42,6 +42,8 @@ describe('HTTP Request Node', function() { var testProxyPort = 10444; var testProxyServerAuth; var testProxyAuthPort = 10554; + var testSslClientServer; + var testSslClientPort = 10664; //save environment variables var preEnvHttpProxyLowerCase; @@ -57,6 +59,7 @@ describe('HTTP Request Node', function() { testServer = stoppable(http.createServer(testApp)); testServer.listen(testPort,function(err) { testSslPort += 1; + console.log("ssl port", testSslPort); var sslOptions = { key: fs.readFileSync('test/resources/ssl/server.key'), cert: fs.readFileSync('test/resources/ssl/server.crt') @@ -75,7 +78,25 @@ describe('HTTP Request Node', function() { */ }; testSslServer = stoppable(https.createServer(sslOptions,testApp)); - testSslServer.listen(testSslPort); + testSslServer.listen(testSslPort, function(err){ + if (err) { + console.log(err); + } else { + console.log("started testSslServer"); + } + }); + + testSslClientPort += 1; + var sslClientOptions = { + key: fs.readFileSync('test/resources/ssl/server.key'), + cert: fs.readFileSync('test/resources/ssl/server.crt'), + ca: fs.readFileSync('test/resources/ssl/server.crt'), + requestCert: true + }; + testSslClientServer = stoppable(https.createServer(sslClientOptions, testApp)); + testSslClientServer.listen(testSslClientPort, function(err){ + console.log("ssl-client", err) + }); testProxyPort += 1; testProxyServer = stoppable(httpProxy(http.createServer())) @@ -121,6 +142,10 @@ describe('HTTP Request Node', function() { return "https://localhost:"+testSslPort+url; } + function getSslClientTestURL(url) { + return "https://localhost:"+testSslClientPort+url; + } + function getDifferentTestURL(url) { return "http://127.0.0.1:"+testPort+url; } @@ -280,6 +305,14 @@ describe('HTTP Request Node', function() { headers:result }); }) + + testApp.get('/getClientCert', function(req,res) { + if (req.client.authorized) { + res.send('hello'); + } else { + res.status(401).send(); + } + }) startServer(function(err) { if (err) { done(err); @@ -293,7 +326,9 @@ describe('HTTP Request Node', function() { testProxyServer.stop(() => { testProxyServerAuth.stop(() => { testSslServer.stop(() => { - helper.stopServer(done); + testSslClientServer.stop(() => { + helper.stopServer(done); + }) }); }); }); @@ -1520,7 +1555,7 @@ describe('HTTP Request Node', function() { it('should use tls-config and verify serverCert', function(done) { var flow = [ - {id:"n1",type:"http request",wires:[["n2"]],method:"GET",ret:"txt",url:getSslTestURLWithoutProtocol('/text'),tls:"n3"}, + {id:"n1",type:"http request",wires:[["n2"]],method:"GET",ret:"txt",url:getSslTestURL('/text'),tls:"n3"}, {id:"n2", type:"helper"}, {id:"n3", type:"tls-config", cert:"test/resources/ssl/server.crt", key:"test/resources/ssl/server.key", ca:"test/resources/ssl/server.crt", verifyservercert:true}]; var testNodes = [httpRequestNode, tlsNode]; @@ -1545,6 +1580,33 @@ describe('HTTP Request Node', function() { }); }); + it('should use tls-config and send client cert', function(done) { + var flow = [ + {id:"n1",type:"http request",wires:[["n2"]],method:"GET",ret:"txt",url:getSslClientTestURL('/getClientCert'),tls:"n3"}, + {id:"n2", type:"helper"}, + {id:"n3", type:"tls-config", cert:"test/resources/ssl/server.crt", key:"test/resources/ssl/server.key", ca:"test/resources/ssl/server.crt", verifyservercert:false}]; + var testNodes = [httpRequestNode,tlsNode]; + helper.load(testNodes, flow, function() { + var n3 = helper.getNode("n3"); + var n2 = helper.getNode("n2"); + var n1 = helper.getNode("n1"); + n2.on("input", function(msg) { + try { + msg.should.have.property('payload','hello'); + msg.should.have.property('statusCode',200); + msg.should.have.property('headers'); + msg.headers.should.have.property('content-length',''+('hello'.length)); + msg.headers.should.have.property('content-type').which.startWith('text/html'); + msg.should.have.property('responseUrl').which.startWith('https://'); + done(); + } catch(err) { + done(err); + } + }); + n1.receive({payload:"foo"}); + }) + }); + //Removing HTTP Proxy testcases as GOT + Proxy_Agent doesn't work with mock'd proxy /* */ it('should use http_proxy', function(done) {