1
0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00

Adding tests

Signed-off-by: Hung-Han (Henry) Chen <chenhungh@gmail.com>
This commit is contained in:
Hung-Han (Henry) Chen 2021-10-29 15:59:50 +03:00
parent 19db4e3d71
commit 6e9e52e9c7
No known key found for this signature in database
GPG Key ID: 54B44603D251B788
2 changed files with 40 additions and 5 deletions

View File

@ -20,7 +20,7 @@
*/ */
import https from "https"; import https from "https";
import os from "os"; import os from "os";
import { getMacRootCA, getWinRootCA, injectCAs } from "../system-ca"; import { getMacRootCA, getWinRootCA, injectCAs, DSTRootCAX3 } from "../system-ca";
import { dependencies, devDependencies } from "../../../package.json"; import { dependencies, devDependencies } from "../../../package.json";
describe("inject CA for Mac", () => { describe("inject CA for Mac", () => {
@ -55,6 +55,15 @@ describe("inject CA for Mac", () => {
// @ts-ignore // @ts-ignore
expect(new Set(injected)).toEqual(new Set(injectedByMacCA)); expect(new Set(injected)).toEqual(new Set(injectedByMacCA));
}); });
(os.platform().includes("darwin") ? it: it.skip)("shouldn't included the expired DST Root CA X3 on Mac", async () => {
const osxCAs = await getMacRootCA();
injectCAs(osxCAs);
const injected = https.globalAgent.options.ca;
expect(injected.includes(DSTRootCAX3)).toBeFalsy();
});
}); });
describe("inject CA for Windows", () => { describe("inject CA for Windows", () => {
@ -94,6 +103,19 @@ describe("inject CA for Windows", () => {
// @ts-ignore // @ts-ignore
expect(new Set(injected)).toEqual(new Set(injectedByWinCA)); expect(new Set(injected)).toEqual(new Set(injectedByWinCA));
}); });
(deps["win-ca"] && os.platform().includes("win32") ? it: it.skip)("shouldn't included the expired DST Root CA X3 on Windows", async () => {
const winCAs = await getWinRootCA();
// @ts-ignore
const wincaAPI = await import("win-ca/api");
wincaAPI.inject("+", winCAs);
const injected = https.globalAgent.options.ca;
// @ts-ignore
expect(injected.includes(DSTRootCAX3)).toBeFalsy();
});
}); });

View File

@ -28,8 +28,20 @@ import { promisify } from "util";
const execAsync = promisify(exec); const execAsync = promisify(exec);
// DST Root CA X3, which was expired on 9.30.2021
export const DSTRootCAX3 = "-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\nPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\nEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O\nrz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\nOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\nxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw\n7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\naeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG\nSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\nikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\nAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\nR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5\nJDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\nOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n-----END CERTIFICATE-----\n";
export const expiredCA = (cert: string) => {
if (typeof cert === "string" && cert.includes(DSTRootCAX3)) {
return false;
}
return true;
};
/** /**
* Get root CA certificate from MacOSX system keychain * Get root CA certificate from MacOSX system keychain
* Only return non-expred certificates.
*/ */
export const getMacRootCA = async () => { export const getMacRootCA = async () => {
// inspired mac-ca https://github.com/jfromaniello/mac-ca // inspired mac-ca https://github.com/jfromaniello/mac-ca
@ -40,11 +52,12 @@ export const getMacRootCA = async () => {
const trusted = (await execAsync(`${bin} ${args}`)).stdout.toString().split(splitPattern); const trusted = (await execAsync(`${bin} ${args}`)).stdout.toString().split(splitPattern);
const rootCA = (await execAsync(`${bin} ${args} ${systemRootCertsPath}`)).stdout.toString().split(splitPattern); const rootCA = (await execAsync(`${bin} ${args} ${systemRootCertsPath}`)).stdout.toString().split(splitPattern);
return [...new Set([...trusted, ...rootCA])]; return [...new Set([...trusted, ...rootCA])].filter(expiredCA);
}; };
/** /**
* Get root CA certificate from Windows system certificate store * Get root CA certificate from Windows system certificate store.
* Only return non-expred certificates.
*/ */
export const getWinRootCA = (): Promise<string[]> => { export const getWinRootCA = (): Promise<string[]> => {
return new Promise((resolve) => { return new Promise((resolve) => {
@ -57,7 +70,7 @@ export const getWinRootCA = (): Promise<string[]> => {
CAs.push(ca); CAs.push(ca);
}, },
onend: () => { onend: () => {
resolve(CAs); resolve(CAs.filter(expiredCA));
} }
}); });
}); });
@ -66,7 +79,7 @@ export const getWinRootCA = (): Promise<string[]> => {
/** /**
* Add (or merge) CAs to https.globalAgent.options.ca * Add (or merge) CAs to https.globalAgent.options.ca
*/ */
export const injectCAs = async (CAs: Array<string>) => { export const injectCAs = (CAs: Array<string>) => {
for (const cert of CAs) { for (const cert of CAs) {
if (Array.isArray(https.globalAgent.options.ca)) { if (Array.isArray(https.globalAgent.options.ca)) {
!https.globalAgent.options.ca.includes(cert) && https.globalAgent.options.ca.push(cert); !https.globalAgent.options.ca.includes(cert) && https.globalAgent.options.ca.push(cert);