Read certs in a single place

Automattic · Sep 19, 2023 · bcbf511 · bcbf511
1 parent 2af617b
commit bcbf511
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 24 deletions.
diff --git a/integration-tests/index.ts b/integration-tests/index.ts
@@ -5,7 +5,6 @@ import {OpenIdClient} from "./src/OpenIdClient";
 import {Server} from "./src/Server";
 import http from "http";
 import {HttpTerminator} from "http-terminator";
-import * as https from "https";
 import {HttpsClient} from "./src/HttpsClient";
 
 dotenv.config({ path: ".env" });
@@ -20,36 +19,37 @@ async function run() {
         process.exit(1);
     }
 
+    const caCert = fs.readFileSync(path.resolve(env.TLS_CA_CERT));
+
     const client = new OpenIdClient({
         issuerUrl: env.ISSUER_URL,
         clientId: env.CLIENT_ID,
         clientSecret: env.CLIENT_SECRET,
         redirectUri: env.APP_BASE_URL,
-        caCertAbsolutePath: path.resolve(env.TLS_CA_CERT),
+        caCert,
     });
 
     // Generate authorization URL.
     const authorizationUrl = await client.authorizationUrl();
     console.debug(`Got authorization URL: ${authorizationUrl}`);
 
+    // Handle redirect after authorization is granted.
+    new Server({
+        baseUrl: env.APP_BASE_URL,
+        tlsCert: fs.readFileSync(path.resolve(env.TLS_CERT)),
+        tlsKey: fs.readFileSync(path.resolve(env.TLS_KEY)),
+        requestListener: afterAuthorization,
+    }).start();
+
     // Call authorization URL.
     const httpsClient = new HttpsClient({
-        caCertAbsolutePath: path.resolve(env.TLS_CA_CERT),
+        caCert,
     })
     const response = await httpsClient.get(new URL(authorizationUrl));
     console.debug(response.statusCode, response.statusMessage);
-
-    // Handle redirect after authorization is granted.
-    // const server = new Server({
-    //     baseUrl: env.APP_BASE_URL,
-    //     tlsCertAbsolutePath: path.resolve(env.TLS_CERT),
-    //     tlsKeyAbsolutePath: path.resolve(env.TLS_KEY),
-    //     requestListener: handleRequest,
-    // })
-    // server.start();
 }
 
-function handleRequest(request: http.IncomingMessage, response: http.ServerResponse, terminator: HttpTerminator) {
+function afterAuthorization(request: http.IncomingMessage, response: http.ServerResponse, terminator: HttpTerminator) {
     void terminator.terminate();
 }
 

diff --git a/integration-tests/src/HttpsClient.ts b/integration-tests/src/HttpsClient.ts
@@ -1,9 +1,8 @@
 import * as https from "https";
-import fs from "fs";
 import {IncomingMessage} from "node:http";
 
 type Options = {
-    caCertAbsolutePath: string,
+    caCert: Buffer,
 }
 
 export class HttpsClient {
@@ -14,7 +13,7 @@ export class HttpsClient {
         return new Promise ((resolve, reject) => {
             const request = https.get({
                 method: "GET",
-                ca: fs.readFileSync(this.options.caCertAbsolutePath),
+                ca: this.options.caCert,
                 hostname: url.hostname,
                 port: url.port,
                 path: url.pathname,

diff --git a/integration-tests/src/OpenIdClient.ts b/integration-tests/src/OpenIdClient.ts
@@ -1,12 +1,11 @@
 import {Client, custom as openidOptions, generators, Issuer} from "openid-client";
-import fs from "fs";
 
 type Options = {
     issuerUrl: string,
     clientId: string,
     clientSecret: string,
     redirectUri: string,
-    caCertAbsolutePath: string,
+    caCert: Buffer,
 };
 
 export class OpenIdClient {
@@ -17,7 +16,7 @@ export class OpenIdClient {
 
     constructor(private readonly options: Options) {
         openidOptions.setHttpOptionsDefaults({
-            ca: fs.readFileSync(options.caCertAbsolutePath),
+            ca: options.caCert,
         });
         this.codeVerifier = generators.codeVerifier();
         this.codeChallenge = generators.codeChallenge(this.codeVerifier);

diff --git a/integration-tests/src/Server.ts b/integration-tests/src/Server.ts
@@ -1,13 +1,12 @@
 import * as https from "https";
-import fs from "fs";
 import {Server as BaseServer} from "node:https";
 import * as http from "http";
 import {createHttpTerminator, HttpTerminator} from "http-terminator";
 
 type Options = {
     baseUrl: string,
-    tlsCertAbsolutePath: string,
-    tlsKeyAbsolutePath: string,
+    tlsCert: Buffer,
+    tlsKey: Buffer,
     requestListener: (request: http.IncomingMessage, response: http.ServerResponse, terminator: HttpTerminator) => void,
 };
 
@@ -17,8 +16,8 @@ export class Server {
 
     constructor(private readonly options: Options) {
         this.server = https.createServer({
-            key: fs.readFileSync(options.tlsKeyAbsolutePath, "utf8"),
-            cert: fs.readFileSync(options.tlsCertAbsolutePath, "utf8"),
+            key: options.tlsKey,
+            cert: options.tlsCert,
         }, (request, response) => {
             options.requestListener(request, response, this.terminator)
         });