UNPKG

openhim-core

Version:

The OpenHIM core application that provides logging and routing of http requests

openhim.org

jembi/openhim-core-js

91 lines (77 loc) 3.23 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/* eslint-env mocha */ /* eslint no-unused-expressions:0 */ import fs from 'fs' import * as tlsAuthentication from '../../src/middleware/tlsAuthentication' import { ClientModel } from '../../src/model/clients' import * as testUtils from '../utils' import { KeystoreModel } from '../../src/model/keystore' import { config } from '../../src/config' import { promisify } from 'util' import should from 'should' describe('tlsAuthentication', () => { const originalTlsClientLookup = config.tlsClientLookup before(() => { config.tlsClientLookup = config.get('tlsClientLookup') }) after(() => { config.tlsClientLookup = originalTlsClientLookup }) beforeEach(async () => { await testUtils.setupTestKeystore() }) afterEach(async () => { await testUtils.cleanupTestKeystore() }) describe('.getServerOptions', () => { it('should add all trusted certificates and enable mutual auth from all clients to server options if mutual auth is enabled', async () => { const options = await promisify(tlsAuthentication.getServerOptions)(true) options.ca.should.be.ok options.ca.should.be.an.Array options.ca.should.containEql((fs.readFileSync('test/resources/trust-tls/cert1.pem')).toString()) options.ca.should.containEql((fs.readFileSync('test/resources/trust-tls/cert2.pem')).toString()) options.requestCert.should.be.true options.rejectUnauthorized.should.be.false }) it('should NOT have mutual auth options set if mutual auth is disabled', async () => { const options = await promisify(tlsAuthentication.getServerOptions)(false) options.should.not.have.property('ca') options.should.not.have.property('requestCert') options.should.not.have.property('rejectUnauthorized') options.cert.should.be.ok options.key.should.be.ok }) }) describe('.clientLookup', () => { afterEach(async () => { await ClientModel.deleteMany({}) }) it('should find a client in the keystore up the chain', async () => { const testClientDoc = { clientID: 'testApp', clientDomain: 'trust2.org', name: 'TEST Client', roles: [ 'OpenMRS_PoC', 'PoC' ], passwordHash: '', certFingerprint: '8F:AB:2A:51:84:F2:ED:1B:13:2B:41:21:8B:78:D4:11:47:84:73:E6' } const client = await new ClientModel(testClientDoc).save() config.tlsClientLookup.type = 'in-chain' const clientResult = await tlsAuthentication.clientLookup('wont_be_found', 'test', 'trust2.org') clientResult.should.have.property('clientID', client.clientID) }) it('should resolve even if no cert are found in the keystore', async () => { config.tlsClientLookup.type = 'in-chain' const clientResult = await tlsAuthentication.clientLookup('you.wont.find.me', 'me.either') should(clientResult).null() }) it('should resolve when the keystore.ca is empty', async () => { await KeystoreModel.findOneAndUpdate({}, { ca: [] }) config.tlsClientLookup.type = 'in-chain' const clientResult = await tlsAuthentication.clientLookup('you.wont.find.me', 'me.either') should(clientResult).null() }) }) })