UNPKG

openhim-core

Version:

The OpenHIM core application that provides logging and routing of http requests

openhim.org

jembi/openhim-core-js

79 lines (65 loc) 3.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
fs = require "fs" should = require "should" sinon = require "sinon" tlsAuthentication = require "../../lib/middleware/tlsAuthentication" Client = require("../../lib/model/clients").Client testUtils = require "../testUtils" config = require "../../lib/config/config" config.tlsClientLookup = config.get('tlsClientLookup') Keystore = require('../../lib/model/keystore').Keystore describe "tlsAuthentication.coffee", -> beforeEach (done) -> testUtils.setupTestKeystore -> done() afterEach (done) -> testUtils.cleanupTestKeystore -> done() describe ".getServerOptions", -> it "should add all trusted certificates and enable mutual auth from all clients to server options if mutual auth is enabled", (done) -> tlsAuthentication.getServerOptions true, (err, options) -> options.ca.should.be.ok options.ca.should.be.an.Array options.ca.should.containEql (fs.readFileSync 'test/resources/trust-tls/cert1.pem').toString() options.ca.should.containEql (fs.readFileSync 'test/resources/trust-tls/cert2.pem').toString() options.requestCert.should.be.true options.rejectUnauthorized.should.be.false done() it "should NOT have mutual auth options set if mutual auth is disabled", (done) -> tlsAuthentication.getServerOptions false, (err, options) -> options.should.not.have.property "ca" options.should.not.have.property "requestCert" options.should.not.have.property "rejectUnauthorized" done() it "should add the servers key and certificate to the server options", (done) -> tlsAuthentication.getServerOptions false, (err, options) -> options.cert.should.be.ok options.key.should.be.ok done() describe ".clientLookup", -> it "should find a client in the keystore up the chain", (done) -> testClientDoc = clientID: "testApp" clientDomain: "trust2.org" name: "TEST Client" roles: [ "OpenMRS_PoC" "PoC" ] passwordHash: "" certFingerprint: "8F:AB:2A:51:84:F2:ED:1B:13:2B:41:21:8B:78:D4:11:47:84:73:E6" client = new Client testClientDoc client.save -> config.tlsClientLookup.type = 'in-chain' promise = tlsAuthentication.clientLookup 'wont_be_found', 'test', 'trust2.org' promise.then (result) -> result.should.have.property 'clientID', client.clientID Client.remove {}, -> done() it "should resolve even if no cert are found in the keystore", (done) -> config.tlsClientLookup.type = 'in-chain' promise = tlsAuthentication.clientLookup 'you.wont.find.me', 'me.either' promise.then -> done() it "should resolve when the keystore.ca is empty", (done) -> Keystore.findOneAndUpdate {}, { ca: [] }, -> config.tlsClientLookup.type = 'in-chain' promise = tlsAuthentication.clientLookup 'you.wont.find.me', 'me.either' promise.then -> done()