wip: tls handshake testing

Author: tegefaulkes

src/config.ts

@@ -11,6 +11,7 @@ export type TlsConfig = {
 
 type QUICConfig = {
   tlsConfig: TlsConfig | undefined;
+  verifyFromPemFile: string | undefined;
   verifyPeer: boolean;
   logKeys: string | undefined;
   grease: boolean;
@@ -29,8 +30,9 @@ type QUICConfig = {
 
 const clientDefault: QUICConfig = {
   tlsConfig: undefined,
+  verifyFromPemFile: undefined,
   logKeys: undefined,
-  verifyPeer: false,
+  verifyPeer: true,
   grease: true,
   maxIdleTimeout: 5000,
   maxRecvUdpPayloadSize: quiche.MAX_DATAGRAM_SIZE,
@@ -53,6 +55,7 @@ const clientDefault: QUICConfig = {
 
 const serverDefault: QUICConfig = {
   tlsConfig: undefined,
+  verifyFromPemFile: undefined,
   logKeys: undefined,
   verifyPeer: false,
   grease: true,
@@ -91,6 +94,9 @@ function buildQuicheConfig(config: QUICConfig): QuicheConfig {
       quicheConfig.loadPrivKeyFromPemFile(config.tlsConfig.privKeyFromPemFile);
     }
   }
+  if (config.verifyFromPemFile != null) {
+    quicheConfig.loadVerifyLocationsFromFile(config.verifyFromPemFile);
+  }
   if (config.logKeys != null) {
     quicheConfig.logKeys();
   }

tests/QUICClient.test.ts

@@ -12,59 +12,7 @@ import * as errors from '@/errors';
 import { fc } from '@fast-check/jest';
 import * as tlsUtils from './tlsUtils';
 import * as certFixtures from './fixtures/certFixtures';
-
-
-const privKeyPem = `
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAovJl4noV+8myMOOhG+/1kpsAvmGaiz3o3+gnAINpFiUvANWU
-LUhoyyeQAzCom2yOl6WEH1574Hz6jsnwB3BFDj1wcBtbjMlwYpqfkJYsRQGIrOGD
-VGI3PSpcBWGOdfPnREAQrp5cL1TKRSuFtyjZR2lZY4DxUAr6JEmC2aOObv7gcr1W
-nhdO9PnY9aXhF2aVXsThkp8izP2ET9C7OmpMdajnVVbTW4PFU5YLnKFZFY5CmnaR
-08QWFByxGVKDkt5c3sPvBnI0Dfc1LvfCKFJZ4CtJs7+i+O2Y2ticLwur678wvXO9
-OGN6CIIC2A9c4H8I8qpE+N/frYfTg/E7/j0dbQIDAQABAoIBAB99SpU21LLA6q+p
-/cOBXurDC6S/Bfessik7GvZtbsx5yRiXLbiGisHf1mPXbm4Cz5ecw+iwAK6EWINp
-oPo/BwlWdDkmAE43y4Eysm1lqA552mjWd+PByz0Fx5y+mqJOzT2SR+cG8XewIhq1
-63RW745uXHjvPTMju+1xS1k101u9lL0VCo5cfPpS12fLYiVtR721CayWydfABuc9
-Xbj38G6lw5QGipjS+r7t588dKa9APMffKZPB3q0g65TZrOd0hjvZMQMvPe5aY3SP
-UpLD3GhmO/0Khsl31WkZSDPkogPBq6BqvJZa/qrSQHIh9pUX6FFOTCw3ANWQutMH
-681LRsECgYEAz5pLp5BrMfg/ToPMaLKcpYiY//UhI+ZjUJ8aL51D8Jl4DOAUN1ge
-tpBKDRm0ayLOdFeok9S8CQItrAvkFyHBiRK6R1CgyXqSCdBRPsqdN74+K0DsEloU
-nNdXejGGijSSezBcvNYVlJC+7yKLgpC2wK36oLFEPHdNJPIC3wZBtFECgYEAyO8L
-/6KfVOaUJCc02vUAU8Ap6bVA5xlXD4sxI5w6FCwcHCzlAoHGsjA2aWsnxi43z41p
-pRR9IySUEPZxmh76Tzs9+Dthshkjrrx8CuTIky37BIzFDioqH2Ncj5+DCAly3IU4
-NjCMQOp+Yx5u9UZfkdcJj31+JUCBn1BdW22Z3F0CgYB9ftdW/t1eAqQ6UUAC1l4N
-Tuq2Z7dV3VKSDOumdtn4Gr3QgrCV2CYQ1F5/VteSoCLPf6H/Y20bwP5c7389YIF+
-3BxROfNIeFjJp+1FGPQ7Gzy3pvJOEbg+K4rM6h1bdHZME6sr1/qJqYpSQr60+cgP
-59wGwcHvD2tJ9yY3LbAQUQKBgDefZPTpMa4w/kVbzRfnxqVohrG5iTPwIdedsoan
-ErTO2SE7lFGzVyuwiP95uFL2LGD6Rop6N4Ho+EwRzLTbanNQdQEofwzsRKJ0buod
-FyEXE2vZBBu9tFdoDBF+GKm6498DyeHGYqz9vOr3W8PuLTqUCoN8O9VYHAncF1vd
-5T/JAoGAeWb5iqhDhkrZDSi5GreFh2zVlDanZJqQn4UpUhotO4gtKDzMqM/rxV95
-RZ7zsFD22yY06cXePpMOfw4qAUDZuwoZgVH5MLW3IWJPkg++nG6GfTBaHmYmXK/M
-uPSJlPjTsCL+dUX+7VbrfntypnVALhtX3bZo3rsQQmUci/NjDhU=
------END RSA PRIVATE KEY-----
-`
-
-const certChainPem = `
------BEGIN CERTIFICATE-----
-MIIDJjCCAg6gAwIBAgIRAImdTwINUpu7qX/uYWmVT44wDQYJKoZIhvcNAQELBQAw
-FDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTIzMDQxMDA1MDk1OVoXDTI0MDQwOTA1
-MDk1OVowFDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAovJl4noV+8myMOOhG+/1kpsAvmGaiz3o3+gnAINpFiUvANWU
-LUhoyyeQAzCom2yOl6WEH1574Hz6jsnwB3BFDj1wcBtbjMlwYpqfkJYsRQGIrOGD
-VGI3PSpcBWGOdfPnREAQrp5cL1TKRSuFtyjZR2lZY4DxUAr6JEmC2aOObv7gcr1W
-nhdO9PnY9aXhF2aVXsThkp8izP2ET9C7OmpMdajnVVbTW4PFU5YLnKFZFY5CmnaR
-08QWFByxGVKDkt5c3sPvBnI0Dfc1LvfCKFJZ4CtJs7+i+O2Y2ticLwur678wvXO9
-OGN6CIIC2A9c4H8I8qpE+N/frYfTg/E7/j0dbQIDAQABo3MwcTAOBgNVHQ8BAf8E
-BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR0
-zbkYQmSgopJsbuNKOQV9qjYu7TAhBgNVHREEGjAYhwR/AAABhxAAAAAAAAAAAAAA
-AAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQAWLolrv0NuKqhZndYLPCT3C013Qo6y
-QeQPbyZbJgHhRZd2feP8sEQ1U4f48OKL5ejWEKOaUvH/sVI9Jume4ve2xOxqz+ST
-csZqUqinnUT/12jwGOys2IIEPBnlMxBFon54G336+LGgl9CX+rXKeJZgIbmZpcCa
-J948KRJwJ4E4UgnNIY/e4J5nCpScA0b5GlmcvpoV5yBoIf6vvnrWeyyl4rotPx9Q
-jm/r7v5BQrwMjbcrLCA9Nob5tSMEHDjlvt4cNzOnMWdsjB735QaMsA8qZX8m2NpX
-jti9iwz2QT6q1s+PjS/gbflIO3j4FP4XOEQGtWm9iqPbVhoUIB9PBED3
------END CERTIFICATE-----
-`
+import { promise } from "@/utils";
 
 const tlsArb = fc.constant(certFixtures.tlsConfigFileRSA1);
 // const tlsArb = tlsUtils.tlsConfigArb(tlsUtils.keyPairsArb(1));
@@ -301,6 +249,43 @@ describe(QUICClient.name, () => {
       await server.stop();
     });
   })
+  describe('graceful tls handshake', () => {
+    test('handshake succeeds', async () => {
+      const server = new QUICServer({
+        crypto,
+        logger: logger.getChild(QUICServer.name),
+        config: {
+          tlsConfig: certFixtures.tlsConfigFileRSA1,
+          verifyPeer: true,
+          verifyFromPemFile: certFixtures.tlsConfigFileRSA2.certChainFromPemFile
+        }
+      });
+      const handleConnectionEventProm = promise<any>()
+      server.addEventListener('connection', handleConnectionEventProm.resolveP);
+      await server.start({
+        host: '127.0.0.1' as Host,
+      });
+      // Connection should succeed
+      const client = await QUICClient.createQUICClient({
+        host: '::ffff:127.0.0.1' as Host,
+        port: server.port,
+        localHost: '::' as Host,
+        crypto,
+        logger: logger.getChild(QUICClient.name),
+        config: {
+          verifyPeer: false,
+          tlsConfig: certFixtures.tlsConfigFileRSA2,
+          verifyFromPemFile: certFixtures.tlsConfigFileRSA2.certChainFromPemFile
+        }
+      });
+      await handleConnectionEventProm.p
+      await client.destroy();
+      await server.stop();
+    })
+    test.todo('handshake fails validation for server')
+    test.todo('handshake fails validation for client')
+    test.todo('handshake fails validation for both')
+  })
 
   // test('dual stack to dual stack', async () => {