From bcbf5116f3af4fc4806837efe3faaa268c310413 Mon Sep 17 00:00:00 2001 From: Paulo Pinto Date: Tue, 19 Sep 2023 18:18:43 +0100 Subject: [PATCH] Read certs in a single place --- integration-tests/index.ts | 26 +++++++++++++------------- integration-tests/src/HttpsClient.ts | 5 ++--- integration-tests/src/OpenIdClient.ts | 5 ++--- integration-tests/src/Server.ts | 9 ++++----- 4 files changed, 21 insertions(+), 24 deletions(-) diff --git a/integration-tests/index.ts b/integration-tests/index.ts index 7055b55..9614892 100644 --- a/integration-tests/index.ts +++ b/integration-tests/index.ts @@ -5,7 +5,6 @@ import {OpenIdClient} from "./src/OpenIdClient"; import {Server} from "./src/Server"; import http from "http"; import {HttpTerminator} from "http-terminator"; -import * as https from "https"; import {HttpsClient} from "./src/HttpsClient"; dotenv.config({ path: ".env" }); @@ -20,36 +19,37 @@ async function run() { process.exit(1); } + const caCert = fs.readFileSync(path.resolve(env.TLS_CA_CERT)); + const client = new OpenIdClient({ issuerUrl: env.ISSUER_URL, clientId: env.CLIENT_ID, clientSecret: env.CLIENT_SECRET, redirectUri: env.APP_BASE_URL, - caCertAbsolutePath: path.resolve(env.TLS_CA_CERT), + caCert, }); // Generate authorization URL. const authorizationUrl = await client.authorizationUrl(); console.debug(`Got authorization URL: ${authorizationUrl}`); + // Handle redirect after authorization is granted. + new Server({ + baseUrl: env.APP_BASE_URL, + tlsCert: fs.readFileSync(path.resolve(env.TLS_CERT)), + tlsKey: fs.readFileSync(path.resolve(env.TLS_KEY)), + requestListener: afterAuthorization, + }).start(); + // Call authorization URL. const httpsClient = new HttpsClient({ - caCertAbsolutePath: path.resolve(env.TLS_CA_CERT), + caCert, }) const response = await httpsClient.get(new URL(authorizationUrl)); console.debug(response.statusCode, response.statusMessage); - - // Handle redirect after authorization is granted. - // const server = new Server({ - // baseUrl: env.APP_BASE_URL, - // tlsCertAbsolutePath: path.resolve(env.TLS_CERT), - // tlsKeyAbsolutePath: path.resolve(env.TLS_KEY), - // requestListener: handleRequest, - // }) - // server.start(); } -function handleRequest(request: http.IncomingMessage, response: http.ServerResponse, terminator: HttpTerminator) { +function afterAuthorization(request: http.IncomingMessage, response: http.ServerResponse, terminator: HttpTerminator) { void terminator.terminate(); } diff --git a/integration-tests/src/HttpsClient.ts b/integration-tests/src/HttpsClient.ts index 88eaf9c..5414904 100644 --- a/integration-tests/src/HttpsClient.ts +++ b/integration-tests/src/HttpsClient.ts @@ -1,9 +1,8 @@ import * as https from "https"; -import fs from "fs"; import {IncomingMessage} from "node:http"; type Options = { - caCertAbsolutePath: string, + caCert: Buffer, } export class HttpsClient { @@ -14,7 +13,7 @@ export class HttpsClient { return new Promise ((resolve, reject) => { const request = https.get({ method: "GET", - ca: fs.readFileSync(this.options.caCertAbsolutePath), + ca: this.options.caCert, hostname: url.hostname, port: url.port, path: url.pathname, diff --git a/integration-tests/src/OpenIdClient.ts b/integration-tests/src/OpenIdClient.ts index 6d57015..b886ea0 100644 --- a/integration-tests/src/OpenIdClient.ts +++ b/integration-tests/src/OpenIdClient.ts @@ -1,12 +1,11 @@ import {Client, custom as openidOptions, generators, Issuer} from "openid-client"; -import fs from "fs"; type Options = { issuerUrl: string, clientId: string, clientSecret: string, redirectUri: string, - caCertAbsolutePath: string, + caCert: Buffer, }; export class OpenIdClient { @@ -17,7 +16,7 @@ export class OpenIdClient { constructor(private readonly options: Options) { openidOptions.setHttpOptionsDefaults({ - ca: fs.readFileSync(options.caCertAbsolutePath), + ca: options.caCert, }); this.codeVerifier = generators.codeVerifier(); this.codeChallenge = generators.codeChallenge(this.codeVerifier); diff --git a/integration-tests/src/Server.ts b/integration-tests/src/Server.ts index e3c37b4..372b32e 100644 --- a/integration-tests/src/Server.ts +++ b/integration-tests/src/Server.ts @@ -1,13 +1,12 @@ import * as https from "https"; -import fs from "fs"; import {Server as BaseServer} from "node:https"; import * as http from "http"; import {createHttpTerminator, HttpTerminator} from "http-terminator"; type Options = { baseUrl: string, - tlsCertAbsolutePath: string, - tlsKeyAbsolutePath: string, + tlsCert: Buffer, + tlsKey: Buffer, requestListener: (request: http.IncomingMessage, response: http.ServerResponse, terminator: HttpTerminator) => void, }; @@ -17,8 +16,8 @@ export class Server { constructor(private readonly options: Options) { this.server = https.createServer({ - key: fs.readFileSync(options.tlsKeyAbsolutePath, "utf8"), - cert: fs.readFileSync(options.tlsCertAbsolutePath, "utf8"), + key: options.tlsKey, + cert: options.tlsCert, }, (request, response) => { options.requestListener(request, response, this.terminator) });