🔱: [acme] sync upgrade with 5 commits [trident-sync]

Update IETF links Fix misc typos Forgot SAN extension for self-signed ALPN certs Replace jsrsasign dep with @peculiar/x509
2026-04-24 20:57:26 +08:00 · 2024-02-03 19:24:11 +00:00
parent a6bf198604
commit 80cd1bfc8e
13 changed files with 307 additions and 247 deletions
@@ -10,10 +10,10 @@ const { crypto } = require('./../');

 const emptyBodyChain1 = `
 -----BEGIN TEST-----
-a
+dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZw==
 -----END TEST-----
 -----BEGIN TEST-----
-b
+dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZw==
 -----END TEST-----

 -----BEGIN TEST-----
@@ -22,7 +22,7 @@ b


 -----BEGIN TEST-----
-c
+dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZw==
 -----END TEST-----
 `;

@@ -38,15 +38,15 @@ const emptyBodyChain2 = `
 -----END TEST-----

 -----BEGIN TEST-----
-a
+dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZw==
 -----END TEST-----


 -----BEGIN TEST-----
-b
+dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZw==
 -----END TEST-----
 -----BEGIN TEST-----
-c
+dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZw==
 -----END TEST-----
 `;

@@ -112,6 +112,11 @@ describe('crypto', () => {
                    assert.isTrue(Buffer.isBuffer(testPublicKeys[n]));
                });

+                it(`${n}/should get public key from string`, () => {
+                    testPublicKeys[n] = crypto.getPublicKey(testPrivateKeys[n].toString());
+                    assert.isTrue(Buffer.isBuffer(testPublicKeys[n]));
+                });
+
                it(`${n}/should get jwk from private key`, () => {
                    const jwk = crypto.getJwk(testPrivateKeys[n]);
                    jwkSpecFn(jwk);
@@ -122,6 +127,11 @@ describe('crypto', () => {
                    jwkSpecFn(jwk);
                });

+                it(`${n}/should get jwk from string`, () => {
+                    const jwk = crypto.getJwk(testPrivateKeys[n].toString());
+                    jwkSpecFn(jwk);
+                });
+

                /**
                 * Certificate Signing Request
@@ -174,6 +184,15 @@ describe('crypto', () => {
                    testNonAsciiCsr = csr;
                });

+                it(`${n}/should generate a csr with key as string`, async () => {
+                    const [key, csr] = await crypto.createCsr({
+                        commonName: testCsrDomain
+                    }, testPrivateKeys[n].toString());
+
+                    assert.isTrue(Buffer.isBuffer(key));
+                    assert.isTrue(Buffer.isBuffer(csr));
+                });
+
                it(`${n}/should throw with invalid key`, async () => {
                    await assert.isRejected(crypto.createCsr({
                        commonName: testCsrDomain
@@ -217,6 +236,13 @@ describe('crypto', () => {
                    assert.deepStrictEqual(result.altNames, [testCsrDomain]);
                });

+                it(`${n}/should resolve domains from csr string`, () => {
+                    [testCsr, testSanCsr, testNonCnCsr, testNonAsciiCsr].forEach((csr) => {
+                        const result = crypto.readCsrDomains(csr.toString());
+                        spec.crypto.csrDomains(result);
+                    });
+                });
+

                /**
                 * ALPN
@@ -232,6 +258,15 @@ describe('crypto', () => {
                    testAlpnCertificate = cert;
                });

+                it(`${n}/should generate alpn certificate with key as string`, async () => {
+                    const k = await createFn();
+                    const authz = { identifier: { value: 'test.example.com' } };
+                    const [key, cert] = await crypto.createAlpnCertificate(authz, 'super-secret.12345', k.toString());
+
+                    assert.isTrue(Buffer.isBuffer(key));
+                    assert.isTrue(Buffer.isBuffer(cert));
+                });
+
                it(`${n}/should not validate invalid alpn certificate key authorization`, () => {
                    assert.isFalse(crypto.isAlpnCertificateAuthorizationValid(testAlpnCertificate, 'aaaaaaa'));
                    assert.isFalse(crypto.isAlpnCertificateAuthorizationValid(testAlpnCertificate, 'bbbbbbb'));
@@ -241,6 +276,10 @@ describe('crypto', () => {
                it(`${n}/should validate valid alpn certificate key authorization`, () => {
                    assert.isTrue(crypto.isAlpnCertificateAuthorizationValid(testAlpnCertificate, 'super-secret.12345'));
                });
+
+                it(`${n}/should validate valid alpn certificate with cert as string`, () => {
+                    assert.isTrue(crypto.isAlpnCertificateAuthorizationValid(testAlpnCertificate.toString(), 'super-secret.12345'));
+                });
            });
        });
    });
@@ -306,6 +345,13 @@ describe('crypto', () => {
            assert.deepEqual(info.domains.altNames, testSanCsrDomains.slice(1, testSanCsrDomains.length));
        });

+        it('should read certificate info from string', () => {
+            [testCert, testSanCert].forEach((cert) => {
+                const info = crypto.readCertificateInfo(cert.toString());
+                spec.crypto.certificateInfo(info);
+            });
+        });
+

        /**
         * ALPN
@@ -335,6 +381,17 @@ describe('crypto', () => {
            });
        });

+        it('should get pem body as b64u from string', () => {
+            [testPemKey, testCert, testSanCert].forEach((pem) => {
+                const body = crypto.getPemBodyAsB64u(pem.toString());
+
+                assert.isString(body);
+                assert.notInclude(body, '\r');
+                assert.notInclude(body, '\n');
+                assert.notInclude(body, '\r\n');
+            });
+        });
+
        it('should split pem chain', () => {
            [testPemKey, testCert, testSanCert].forEach((pem) => {
                const chain = crypto.splitPemChain(pem);
@@ -345,6 +402,16 @@ describe('crypto', () => {
            });
        });

+        it('should split pem chain from string', () => {
+            [testPemKey, testCert, testSanCert].forEach((pem) => {
+                const chain = crypto.splitPemChain(pem.toString());
+
+                assert.isArray(chain);
+                assert.isNotEmpty(chain);
+                chain.forEach((c) => assert.isString(c));
+            });
+        });
+
        it('should split pem chain with empty bodies', () => {
            const c1 = crypto.splitPemChain(emptyBodyChain1);
            const c2 = crypto.splitPemChain(emptyBodyChain2);