diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 0c2e546e5..6498422c6 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -1,9 +1,9 @@ import fs from "node:fs"; import https from "node:https"; +import path from "path"; import { ZipArchive } from "archiver"; import _ from "lodash"; import moment from "moment"; -import path from "path"; import { ProxyAgent } from "proxy-agent"; import tempWrite from "temp-write"; import dnsPlugins from "../certbot/dns-plugins.json" with { type: "json" }; @@ -29,11 +29,7 @@ const omissions = () => { }; const internalCertificate = { - allowedSslFiles: [ - "certificate", - "certificate_key", - "intermediate_certificate", - ], + allowedSslFiles: ["certificate", "certificate_key", "intermediate_certificate"], intervalTimeout: 1000 * 60 * 60, // 1 hour interval: null, intervalProcessing: false, @@ -60,10 +56,7 @@ const internalCertificate = { ); const expirationThreshold = moment() - .add( - internalCertificate.renewBeforeExpirationBy[0], - internalCertificate.renewBeforeExpirationBy[1], - ) + .add(internalCertificate.renewBeforeExpirationBy[0], internalCertificate.renewBeforeExpirationBy[1]) .format("YYYY-MM-DD HH:mm:ss"); // Fetch all the letsencrypt certs from the db that will expire within the configured threshold @@ -144,18 +137,12 @@ const internalCertificate = { // 6. Re-instate previously disabled hosts // 1. Find out any hosts that are using any of the hostnames in this cert - const inUseResult = await internalHost.getHostsWithDomains( - certificate.domain_names, - ); + const inUseResult = await internalHost.getHostsWithDomains(certificate.domain_names); // 2. Disable them in nginx temporarily await internalCertificate.disableInUseHosts(inUseResult); - const user = await userModel - .query() - .where("is_deleted", 0) - .andWhere("id", data.owner_user_id) - .first(); + const user = await userModel.query().where("is_deleted", 0).andWhere("id", data.owner_user_id).first(); if (!user?.email) { throw new error.ValidationError( "A valid email address must be set on your user account to use Let's Encrypt", @@ -167,10 +154,7 @@ const internalCertificate = { try { await internalNginx.reload(); // 4. Request cert - await internalCertificate.requestLetsEncryptSslWithDnsChallenge( - certificate, - user.email, - ); + await internalCertificate.requestLetsEncryptSslWithDnsChallenge(certificate, user.email); await internalNginx.reload(); // 6. Re-instate previously disabled hosts await internalCertificate.enableInUseHosts(inUseResult); @@ -187,10 +171,7 @@ const internalCertificate = { await internalNginx.reload(); setTimeout(() => {}, 5000); // 4. Request cert - await internalCertificate.requestLetsEncryptSsl( - certificate, - user.email, - ); + await internalCertificate.requestLetsEncryptSsl(certificate, user.email); // 5. Remove LE config await internalNginx.deleteLetsEncryptRequestConfig(certificate); await internalNginx.reload(); @@ -214,9 +195,7 @@ const internalCertificate = { const savedRow = await certificateModel .query() .patchAndFetchById(certificate.id, { - expires_on: moment(certInfo.dates.to, "X").format( - "YYYY-MM-DD HH:mm:ss", - ), + expires_on: moment(certInfo.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"), }) .then(utils.omitRow(omissions())); @@ -225,11 +204,7 @@ const internalCertificate = { letsencrypt_certificate: certInfo, }); - await internalCertificate.addCreatedAuditLog( - access, - certificate.id, - savedRow, - ); + await internalCertificate.addCreatedAuditLog(access, certificate.id, savedRow); return savedRow; } catch (err) { @@ -247,11 +222,7 @@ const internalCertificate = { data.meta = _.assign({}, data.meta || {}, certificate.meta); // Add to audit log - await internalCertificate.addCreatedAuditLog( - access, - certificate.id, - utils.omitRow(omissions())(data), - ); + await internalCertificate.addCreatedAuditLog(access, certificate.id, utils.omitRow(omissions())(data)); return utils.omitRow(omissions())(certificate); }, @@ -350,9 +321,7 @@ const internalCertificate = { row.proxy_hosts = utils.omitRows(["is_deleted"])(row.proxy_hosts); } if (typeof row.redirection_hosts !== "undefined") { - row.redirection_hosts = utils.omitRows(["is_deleted"])( - row.redirection_hosts, - ); + row.redirection_hosts = utils.omitRows(["is_deleted"])(row.redirection_hosts); } if (typeof row.dead_hosts !== "undefined") { row.dead_hosts = utils.omitRows(["is_deleted"])(row.dead_hosts); @@ -375,9 +344,7 @@ const internalCertificate = { if (certificate.provider === "letsencrypt") { const zipDirectory = internalCertificate.getLiveCertPath(data.id); if (!fs.existsSync(zipDirectory)) { - throw new error.ItemNotFoundError( - `Certificate ${certificate.nice_name} does not exists`, - ); + throw new error.ItemNotFoundError(`Certificate ${certificate.nice_name} does not exists`); } const certFiles = fs @@ -394,9 +361,7 @@ const internalCertificate = { fileName: opName, }; } - throw new error.ValidationError( - "Only Let'sEncrypt certificates can be downloaded", - ); + throw new error.ValidationError("Only Let'sEncrypt certificates can be downloaded"); }, /** @@ -505,10 +470,7 @@ const internalCertificate = { * @returns {Promise} */ getCount: async (userId, visibility) => { - const query = certificateModel - .query() - .count("id as count") - .where("is_deleted", 0); + const query = certificateModel.query().count("id as count").where("is_deleted", 0); if (visibility !== "all") { query.andWhere("owner_user_id", userId); @@ -556,17 +518,13 @@ const internalCertificate = { }); }).then(() => { return new Promise((resolve, reject) => { - fs.writeFile( - `${dir}/privkey.pem`, - certificate.meta.certificate_key, - (err) => { - if (err) { - reject(err); - } else { - resolve(); - } - }, - ); + fs.writeFile(`${dir}/privkey.pem`, certificate.meta.certificate_key, (err) => { + if (err) { + reject(err); + } else { + resolve(); + } + }); }); }); }, @@ -639,9 +597,7 @@ const internalCertificate = { upload: async (access, data) => { const row = await internalCertificate.get(access, { id: data.id }); if (row.provider !== "other") { - throw new error.ValidationError( - "Cannot upload certificates for this type of provider", - ); + throw new error.ValidationError("Cannot upload certificates for this type of provider"); } const validations = await internalCertificate.validate(data); @@ -657,12 +613,8 @@ const internalCertificate = { const certificate = await internalCertificate.update(access, { id: data.id, - expires_on: moment(validations.certificate.dates.to, "X").format( - "YYYY-MM-DD HH:mm:ss", - ), - domain_names: validations.certificate.cn - ? [validations.certificate.cn] - : [], + expires_on: moment(validations.certificate.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"), + domain_names: validations.certificate.cn ? [validations.certificate.cn] : [], meta: _.clone(row.meta), // Prevent the update method from changing this value that we'll use later }); @@ -686,9 +638,7 @@ const internalCertificate = { }, 10000); try { - const result = await utils.exec( - `openssl pkey -in ${filepath} -check -noout 2>&1 `, - ); + const result = await utils.exec(`openssl pkey -in ${filepath} -check -noout 2>&1 `); clearTimeout(failTimeout); if (!result.toLowerCase().includes("key is valid")) { throw new error.ValidationError(`Result Validation Error: ${result}`); @@ -698,10 +648,7 @@ const internalCertificate = { } catch (err) { clearTimeout(failTimeout); fs.unlinkSync(filepath); - throw new error.ValidationError( - `Certificate Key is not valid (${err.message})`, - err, - ); + throw new error.ValidationError(`Certificate Key is not valid (${err.message})`, err); } }, @@ -715,10 +662,7 @@ const internalCertificate = { getCertificateInfo: async (certificate, throwExpired) => { const filepath = await tempWrite(certificate); try { - const certData = await internalCertificate.getCertificateInfoFromFile( - filepath, - throwExpired, - ); + const certData = await internalCertificate.getCertificateInfoFromFile(filepath, throwExpired); fs.unlinkSync(filepath); return certData; } catch (err) { @@ -738,14 +682,8 @@ const internalCertificate = { const certData = {}; try { - const result = await utils.execFile("openssl", [ - "x509", - "-in", - certificateFile, - "-subject", - "-noout", - ]); - console.log("openssl result: ", result); + const result = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-subject", "-noout"]); + // Examples: // subject=CN = *.jc21.com // subject=CN = something.example.com @@ -756,13 +694,7 @@ const internalCertificate = { certData.cn = match[1].trim(); } - const result2 = await utils.execFile("openssl", [ - "x509", - "-in", - certificateFile, - "-issuer", - "-noout", - ]); + const result2 = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-issuer", "-noout"]); // Examples: // issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 // issuer=C = US, O = Let's Encrypt, CN = E5 @@ -773,13 +705,7 @@ const internalCertificate = { certData.issuer = match2[1]; } - const result3 = await utils.execFile("openssl", [ - "x509", - "-in", - certificateFile, - "-dates", - "-noout", - ]); + const result3 = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-dates", "-noout"]); // notBefore=Jul 14 04:04:29 2018 GMT // notAfter=Oct 12 04:04:29 2018 GMT let validFrom = null; @@ -791,10 +717,7 @@ const internalCertificate = { const match = regex.exec(str.trim()); if (match && typeof match[2] !== "undefined") { - const date = Number.parseInt( - moment(match[2], "MMM DD HH:mm:ss YYYY z").format("X"), - 10, - ); + const date = Number.parseInt(moment(match[2], "MMM DD HH:mm:ss YYYY z").format("X"), 10); if (match[1].toLowerCase() === "notbefore") { validFrom = date; @@ -806,15 +729,10 @@ const internalCertificate = { }); if (!validFrom || !validTo) { - throw new error.ValidationError( - `Could not determine dates from certificate: ${result}`, - ); + throw new error.ValidationError(`Could not determine dates from certificate: ${result}`); } - if ( - throw_expired && - validTo < Number.parseInt(moment().format("X"), 10) - ) { + if (throw_expired && validTo < Number.parseInt(moment().format("X"), 10)) { throw new error.ValidationError("Certificate has expired"); } @@ -825,10 +743,7 @@ const internalCertificate = { return certData; } catch (err) { - throw new error.ValidationError( - `Certificate is not valid (${err.message})`, - err, - ); + throw new error.ValidationError(`Certificate is not valid (${err.message})`, err); } }, @@ -915,11 +830,7 @@ const internalCertificate = { const credentialsLocation = `/etc/letsencrypt/credentials/credentials-${certificate.id}`; fs.mkdirSync("/etc/letsencrypt/credentials", { recursive: true }); - fs.writeFileSync( - credentialsLocation, - certificate.meta.dns_provider_credentials, - { mode: 0o600 }, - ); + fs.writeFileSync(credentialsLocation, certificate.meta.dns_provider_credentials, { mode: 0o600 }); // Whether the plugin has a ---credentials argument const hasConfigArg = certificate.meta.dns_provider !== "route53"; @@ -947,10 +858,7 @@ const internalCertificate = { ]; if (hasConfigArg) { - args.push( - `--${dnsPlugin.full_plugin_name}-credentials`, - credentialsLocation, - ); + args.push(`--${dnsPlugin.full_plugin_name}-credentials`, credentialsLocation); } if (certificate.meta.propagation_seconds !== undefined) { args.push( @@ -964,10 +872,7 @@ const internalCertificate = { args.push("--key-type", certificate.meta.key_type); } - const adds = internalCertificate.getAdditionalCertbotArgs( - certificate.id, - certificate.meta.dns_provider, - ); + const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); args.push(...adds.args); logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`); @@ -1003,13 +908,9 @@ const internalCertificate = { `${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`, ); - const updatedCertificate = await certificateModel - .query() - .patchAndFetchById(certificate.id, { - expires_on: moment(certInfo.dates.to, "X").format( - "YYYY-MM-DD HH:mm:ss", - ), - }); + const updatedCertificate = await certificateModel.query().patchAndFetchById(certificate.id, { + expires_on: moment(certInfo.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"), + }); // Add to audit log await internalAuditLog.add(access, { @@ -1022,9 +923,7 @@ const internalCertificate = { return updatedCertificate; } - throw new error.ValidationError( - "Only Let'sEncrypt certificates can be renewed", - ); + throw new error.ValidationError("Only Let'sEncrypt certificates can be renewed"); }, /** @@ -1058,10 +957,7 @@ const internalCertificate = { args.push("--key-type", certificate.meta.key_type); } - const adds = internalCertificate.getAdditionalCertbotArgs( - certificate.id, - certificate.meta.dns_provider, - ); + const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); args.push(...adds.args); logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`); @@ -1107,10 +1003,7 @@ const internalCertificate = { args.push("--key-type", certificate.meta.key_type); } - const adds = internalCertificate.getAdditionalCertbotArgs( - certificate.id, - certificate.meta.dns_provider, - ); + const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); args.push(...adds.args); logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`); @@ -1150,9 +1043,7 @@ const internalCertificate = { try { const result = await utils.execFile(certbotCommand, args, adds.opts); - await utils.exec( - `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`, - ); + await utils.exec(`rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`); logger.info(result); return result; } catch (err) { @@ -1169,10 +1060,7 @@ const internalCertificate = { */ hasLetsEncryptSslCerts: (certificate) => { const letsencryptPath = internalCertificate.getLiveCertPath(certificate.id); - return ( - fs.existsSync(`${letsencryptPath}/fullchain.pem`) && - fs.existsSync(`${letsencryptPath}/privkey.pem`) - ); + return fs.existsSync(`${letsencryptPath}/fullchain.pem`) && fs.existsSync(`${letsencryptPath}/privkey.pem`); }, /** @@ -1186,24 +1074,15 @@ const internalCertificate = { disableInUseHosts: async (inUseResult) => { if (inUseResult?.total_count) { if (inUseResult?.proxy_hosts.length) { - await internalNginx.bulkDeleteConfigs( - "proxy_host", - inUseResult.proxy_hosts, - ); + await internalNginx.bulkDeleteConfigs("proxy_host", inUseResult.proxy_hosts); } if (inUseResult?.redirection_hosts.length) { - await internalNginx.bulkDeleteConfigs( - "redirection_host", - inUseResult.redirection_hosts, - ); + await internalNginx.bulkDeleteConfigs("redirection_host", inUseResult.redirection_hosts); } if (inUseResult?.dead_hosts.length) { - await internalNginx.bulkDeleteConfigs( - "dead_host", - inUseResult.dead_hosts, - ); + await internalNginx.bulkDeleteConfigs("dead_host", inUseResult.dead_hosts); } } }, @@ -1219,24 +1098,15 @@ const internalCertificate = { enableInUseHosts: async (inUseResult) => { if (inUseResult.total_count) { if (inUseResult.proxy_hosts.length) { - await internalNginx.bulkGenerateConfigs( - "proxy_host", - inUseResult.proxy_hosts, - ); + await internalNginx.bulkGenerateConfigs("proxy_host", inUseResult.proxy_hosts); } if (inUseResult.redirection_hosts.length) { - await internalNginx.bulkGenerateConfigs( - "redirection_host", - inUseResult.redirection_hosts, - ); + await internalNginx.bulkGenerateConfigs("redirection_host", inUseResult.redirection_hosts); } if (inUseResult.dead_hosts.length) { - await internalNginx.bulkGenerateConfigs( - "dead_host", - inUseResult.dead_hosts, - ); + await internalNginx.bulkGenerateConfigs("dead_host", inUseResult.dead_hosts); } } }, @@ -1251,8 +1121,7 @@ const internalCertificate = { await access.can("certificates:list"); // Create a test challenge file - const testChallengeDir = - "/data/letsencrypt-acme-challenge/.well-known/acme-challenge"; + const testChallengeDir = "/data/letsencrypt-acme-challenge/.well-known/acme-challenge"; const testChallengeFile = `${testChallengeDir}/test-challenge`; fs.mkdirSync(testChallengeDir, { recursive: true }); fs.writeFileSync(testChallengeFile, "Success", { encoding: "utf8" }); @@ -1284,42 +1153,38 @@ const internalCertificate = { }; const result = await new Promise((resolve) => { - const req = https.request( - "https://www.site24x7.com/tools/restapi-tester", - options, - (res) => { - let responseBody = ""; + const req = https.request("https://www.site24x7.com/tools/restapi-tester", options, (res) => { + let responseBody = ""; - res.on("data", (chunk) => { - responseBody = responseBody + chunk; - }); + res.on("data", (chunk) => { + responseBody = responseBody + chunk; + }); - res.on("end", () => { - try { - const parsedBody = JSON.parse(`${responseBody}`); - if (res.statusCode !== 200) { - logger.warn( - `Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned: ${parsedBody.message}`, - ); - resolve(undefined); - } else { - resolve(parsedBody); - } - } catch (err) { - if (res.statusCode !== 200) { - logger.warn( - `Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned`, - ); - } else { - logger.warn( - `Failed to test HTTP challenge for domain ${domain} because response failed to be parsed: ${err.message}`, - ); - } + res.on("end", () => { + try { + const parsedBody = JSON.parse(`${responseBody}`); + if (res.statusCode !== 200) { + logger.warn( + `Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned: ${parsedBody.message}`, + ); resolve(undefined); + } else { + resolve(parsedBody); } - }); - }, - ); + } catch (err) { + if (res.statusCode !== 200) { + logger.warn( + `Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned`, + ); + } else { + logger.warn( + `Failed to test HTTP challenge for domain ${domain} because response failed to be parsed: ${err.message}`, + ); + } + resolve(undefined); + } + }); + }); // Make sure to write the request body. req.write(formBody); @@ -1340,10 +1205,7 @@ const internalCertificate = { ); return `other:${result.error.msg}`; } - if ( - `${result.responsecode}` === "200" && - result.htmlresponse === "Success" - ) { + if (`${result.responsecode}` === "200" && result.htmlresponse === "Success") { // Server exists and has responded with the correct data return "ok"; } @@ -1357,26 +1219,19 @@ const internalCertificate = { } if (`${result.responsecode}` === "404") { // Server exists but responded with a 404 - logger.info( - `HTTP challenge test failed for domain ${domain} because code 404 was returned`, - ); + logger.info(`HTTP challenge test failed for domain ${domain} because code 404 was returned`); return "404"; } if ( `${result.responsecode}` === "0" || - (typeof result.reason === "string" && - result.reason.toLowerCase() === "host unavailable") + (typeof result.reason === "string" && result.reason.toLowerCase() === "host unavailable") ) { // Server does not exist at domain - logger.info( - `HTTP challenge test failed for domain ${domain} the host was not found`, - ); + logger.info(`HTTP challenge test failed for domain ${domain} the host was not found`); return "no-host"; } // Other errors - logger.info( - `HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`, - ); + logger.info(`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`); return `other:${result.responsecode}`; }, diff --git a/test/cypress/Dockerfile b/test/cypress/Dockerfile index bd821085a..cf071bafd 100644 --- a/test/cypress/Dockerfile +++ b/test/cypress/Dockerfile @@ -1,4 +1,4 @@ -FROM cypress/included:15.11.0 +FROM cypress/included:15.15.0 # Disable Cypress CLI colors ENV FORCE_COLOR=0 diff --git a/test/cypress/e2e/api/Certificates.cy.js b/test/cypress/e2e/api/Certificates.cy.js index 00da38b22..ce4200fba 100644 --- a/test/cypress/e2e/api/Certificates.cy.js +++ b/test/cypress/e2e/api/Certificates.cy.js @@ -5,6 +5,7 @@ describe('Certificates endpoints', () => { let certID; before(() => { + cy.createCustomCerts(); cy.resetUsers(); cy.getToken().then((tok) => { token = tok; diff --git a/test/cypress/e2e/api/Ldap.cy.js b/test/cypress/e2e/api/Ldap.cy.js index 64e177303..e1a999760 100644 --- a/test/cypress/e2e/api/Ldap.cy.js +++ b/test/cypress/e2e/api/Ldap.cy.js @@ -2,7 +2,7 @@ describe('LDAP with Authentik', () => { let _token; - if (Cypress.env('skipStackCheck') === 'true' || Cypress.env('stack') === 'postgres') { + if (cy.env('skipStackCheck') === 'true' || cy.env('stack') === 'postgres') { before(() => { cy.resetUsers(); diff --git a/test/cypress/e2e/api/OAuth.cy.js b/test/cypress/e2e/api/OAuth.cy.js index c5c819f9b..55e78f52d 100644 --- a/test/cypress/e2e/api/OAuth.cy.js +++ b/test/cypress/e2e/api/OAuth.cy.js @@ -2,7 +2,7 @@ describe('OAuth with Authentik', () => { let _token; - if (Cypress.env('skipStackCheck') === 'true' || Cypress.env('stack') === 'postgres') { + if (cy.env('skipStackCheck') === 'true' || cy.env('stack') === 'postgres') { before(() => { cy.getToken().then((tok) => { diff --git a/test/cypress/fixtures/test.example.com-key.pem b/test/cypress/fixtures/test.example.com-key.pem deleted file mode 100644 index 307cdc307..000000000 --- a/test/cypress/fixtures/test.example.com-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1n9j9C5Bes1nd -qACDckERauxXVNKCnUlUM1buGBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2w -rbmvZvLuPmXePOKbIKS+XXh+2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHge -Yz6Cv/Si2/LJPCh/CoBfM4hUQJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQ -oxRAHiOR9081Xn1WeoKr7kVBIa5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7Z -Eo+nS8Wr/4QWicatIWZXpVaEOPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79X -zGONeH1PAgMBAAECggEAANb3Wtwl07pCjRrMvc7WbC0xYIn82yu8/g2qtjkYUJcU -ia5lQbYN7RGCS85Oc/tkq48xQEG5JQWNH8b918jDEMTrFab0aUEyYcru1q9L8PL6 -YHaNgZSrMrDcHcS8h0QOXNRJT5jeGkiHJaTR0irvB526tqF3knbK9yW22KTfycUe -a0Z9voKn5xRk1DCbHi/nk2EpT7xnjeQeLFaTIRXbS68omkr4YGhwWm5OizoyEGZu -W0Zum5BkQyMr6kor3wdxOTG97ske2rcyvvHi+ErnwL0xBv0qY0Dhe8DpuXpDezqw -o72yY8h31Fu84i7sAj24YuE5Df8DozItFXQpkgbQ6QKBgQDPrufhvIFm2S/MzBdW -H8JxY7CJlJPyxOvc1NIl9RczQGAQR90kx52cgIcuIGEG6/wJ/xnGfMmW40F0DnQ+ -N+oLgB9SFxeLkRb7s9Z/8N3uIN8JJFYcerEOiRQeN2BXEEWJ7bUThNtsVrAcKoUh -ELsDmnHW/3V+GKwhd0vpk842+wKBgQDf4PGLG9PTE5tlAoyHFodJRd2RhTJQkwsU -MDNjLJ+KecLv+Nl+QiJhoflG1ccqtSFlBSCG067CDQ5LV0xm3mLJ7pfJoMgjcq31 -qjEmX4Ls91GuVOPtbwst3yFKjsHaSoKB5fBvWRcKFpBUezM7Qcw2JP3+dQT+bQIq -cMTkRWDSvQKBgQDOdCQFDjxg/lR7NQOZ1PaZe61aBz5P3pxNqa7ClvMaOsuEQ7w9 -vMYcdtRq8TsjA2JImbSI0TIg8gb2FQxPcYwTJKl+FICOeIwtaSg5hTtJZpnxX5LO -utTaC0DZjNkTk5RdOdWA8tihyUdGqKoxJY2TVmwGe2rUEDjFB++J4inkEwKBgB6V -g0nmtkxanFrzOzFlMXwgEEHF+Xaqb9QFNa/xs6XeNnREAapO7JV75Cr6H2hFMFe1 -mJjyqCgYUoCWX3iaHtLJRnEkBtNY4kzyQB6m46LtsnnnXO/dwKA2oDyoPfFNRoDq -YatEd3JIXNU9s2T/+x7WdOBjKhh72dTkbPFmTPDdAoGAU6rlPBevqOFdObYxdPq8 -EQWu44xqky3Mf5sBpOwtu6rqCYuziLiN7K4sjN5GD5mb1cEU+oS92ZiNcUQ7MFXk -8yTYZ7U0VcXyAcpYreWwE8thmb0BohJBr+Mp3wLTx32x0HKdO6vpUa0d35LUTUmM -RrKmPK/msHKK/sVHiL+NFqo= ------END PRIVATE KEY----- diff --git a/test/cypress/fixtures/test.example.com.pem b/test/cypress/fixtures/test.example.com.pem deleted file mode 100644 index 16340cdfd..000000000 --- a/test/cypress/fixtures/test.example.com.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEYDCCAsigAwIBAgIRAPoSC0hvitb26ODMlsH6YbowDQYJKoZIhvcNAQELBQAw -gZExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEzMDEGA1UECwwqamN1 -cm5vd0BKYW1pZXMtTGFwdG9wLmxvY2FsIChKYW1pZSBDdXJub3cpMTowOAYDVQQD -DDFta2NlcnQgamN1cm5vd0BKYW1pZXMtTGFwdG9wLmxvY2FsIChKYW1pZSBDdXJu -b3cpMB4XDTI0MTAwOTA3MjIxN1oXDTI3MDEwOTA3MjIxN1owXjEnMCUGA1UEChMe -bWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTMwMQYDVQQLDCpqY3Vybm93 -QEphbWllcy1MYXB0b3AubG9jYWwgKEphbWllIEN1cm5vdykwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC1n9j9C5Bes1ndqACDckERauxXVNKCnUlUM1bu -GBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2wrbmvZvLuPmXePOKbIKS+XXh+ -2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHgeYz6Cv/Si2/LJPCh/CoBfM4hU -QJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQoxRAHiOR9081Xn1WeoKr7kVB -Ia5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7ZEo+nS8Wr/4QWicatIWZXpVaE -OPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79XzGONeH1PAgMBAAGjZTBjMA4G -A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSB -/vfmBUd4W7CvyEMl7YpMVQs8vTAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29t -MA0GCSqGSIb3DQEBCwUAA4IBgQASwON/jPAHzcARSenY0ZGY1m5OVTYoQ/JWH0oy -l8SyFCQFEXt7UHDD/eTtLT0vMyc190nP57P8lTnZGf7hSinZz1B1d6V4cmzxpk0s -VXZT+irL6bJVJoMBHRpllKAhGULIo33baTrWFKA0oBuWx4AevSWKcLW5j87kEawn -ATCuMQ1I3ifR1mSlB7X8fb+vF+571q0NGuB3a42j6rdtXJ6SmH4+9B4qO0sfHDNt -IImpLCH/tycDpcYrGSCn1QrekFG1bSEh+Bb9i8rqMDSDsYrTFPZTuOQ3EtjGni9u -m+rEP3OyJg+md8c+0LVP7/UU4QWWnw3/Wolo5kSCxE8vNTFqi4GhVbdLnUtcIdTV -XxuR6cKyW87Snj1a0nG76ZLclt/akxDhtzqeV60BO0p8pmiev8frp+E94wFNYCmp -1cr3CnMEGRaficLSDFC6EBENzlZW2BQT6OMIV+g0NBgSyQe39s2zcdEl5+SzDVuw -hp8bJUp/QN7pnOVCDbjTQ+HVMXw= ------END CERTIFICATE----- diff --git a/test/cypress/support/commands.mjs b/test/cypress/support/commands.mjs index 7d9224d09..3f12d0ef7 100644 --- a/test/cypress/support/commands.mjs +++ b/test/cypress/support/commands.mjs @@ -10,6 +10,7 @@ // import 'cypress-wait-until'; +import { createCA, createCert } from 'mkcert'; Cypress.Commands.add('randomString', (length) => { let result = ''; @@ -49,7 +50,7 @@ Cypress.Commands.add("validateSwaggerFile", (url, savePath) => { */ Cypress.Commands.add('validateSwaggerSchema', (method, code, path, data) => { cy.task('validateSwaggerSchema', { - file: Cypress.env('swaggerBase'), + file: cy.env('swaggerBase'), endpoint: path, method: method, statusCode: code, @@ -151,3 +152,25 @@ Cypress.Commands.add('waitForCertificateStatus', (token, certID, expected, timeo interval: 5000 }); }); + +// Creates CA files for testing, if they already exist they will be deleted +// and recreated with the same content. This is to ensure that the files exist +// for testing and are in a known state. +Cypress.Commands.add('createCustomCerts', async () => { + const ca = await createCA({ + organization: "NPM CA", + countryCode: "AU", + state: "QLD", + locality: "Brisbane", + validity: 365 + }); + + const cert = await createCert({ + ca: { key: ca.key, cert: ca.cert }, + domains: ["test.example.com"], + validity: 365 + }); + + cy.writeFile(`${config.fixturesFolder}/test.example.com.pem`, cert.cert); + cy.writeFile(`${config.fixturesFolder}/test.example.com-key.pem`, cert.key); +}); diff --git a/test/package.json b/test/package.json index 555bb6c29..b243cc410 100644 --- a/test/package.json +++ b/test/package.json @@ -17,6 +17,7 @@ "eslint-plugin-cypress": "^6.4.1", "form-data": "^4.0.5", "lodash": "^4.18.1", + "mkcert": "^3.2.0", "mocha": "^11.7.5", "mocha-junit-reporter": "^2.2.1" }, diff --git a/test/yarn.lock b/test/yarn.lock index 57e4b4732..0d3f07143 100644 --- a/test/yarn.lock +++ b/test/yarn.lock @@ -567,6 +567,11 @@ combined-stream@^1.0.8, combined-stream@~1.0.6: dependencies: delayed-stream "~1.0.0" +commander@^11.0.0: + version "11.1.0" + resolved "https://registry.yarnpkg.com/commander/-/commander-11.1.0.tgz#62fdce76006a68e5c1ab3314dc92e800eb83d906" + integrity sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ== + commander@^6.2.1: version "6.2.1" resolved "https://registry.yarnpkg.com/commander/-/commander-6.2.1.tgz#0792eb682dfbc325999bb2b84fddddba110ac73c" @@ -1561,6 +1566,14 @@ minizlib@^3.1.0: dependencies: minipass "^7.1.2" +mkcert@^3.2.0: + version "3.2.0" + resolved "https://registry.yarnpkg.com/mkcert/-/mkcert-3.2.0.tgz#6c4d58bbb31dbf76efd24f197d454702b14020f4" + integrity sha512-026Eivq9RoOjOuLJGzbhGwXUAjBxRX11Z7Jbm4/7lqT/Av+XNy9SPrJte6+UpEt7i+W3e/HZYxQqlQcqXZWSzg== + dependencies: + commander "^11.0.0" + node-forge "^1.3.1" + mkdirp@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-3.0.1.tgz#e44e4c5607fb279c168241713cc6e0fea9adcb50" @@ -1628,6 +1641,11 @@ node-fetch@^3.3.2: fetch-blob "^3.1.4" formdata-polyfill "^4.0.10" +node-forge@^1.3.1: + version "1.4.0" + resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.4.0.tgz#1c7b7d8bdc2d078739f58287d589d903a11b2fc2" + integrity sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ== + npm-run-path@^4.0.0: version "4.0.1" resolved "https://registry.yarnpkg.com/npm-run-path/-/npm-run-path-4.0.1.tgz#b7ecd1e5ed53da8e37a55e1c2269e0b97ed748ea"