From b3bf314db9cd898a1f03e647257bda0713bc5d32 Mon Sep 17 00:00:00 2001 From: Michael Irwin Date: Mon, 30 Jul 2018 22:47:26 -0400 Subject: [PATCH 1/5] Updated express version to resolve test failures With previous version, tests would fail when comparing query string values, as (for some reason), req.query would also contain {__proto__: ""}, which would then then encoded into the URL. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d9cfcd8..abba686 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "mocha": "~1.9.0", "should": "~1.2.2", "connect": "~2.7.6", - "express": "~3.2.0", + "express": "^4.16.0", "connect-redis": "~1.4.5" }, "bugs": { From 3d2fba729b06c228354e039e0ee91e87f51b647d Mon Sep 17 00:00:00 2001 From: Michael Irwin Date: Mon, 30 Jul 2018 23:14:55 -0400 Subject: [PATCH 2/5] Created new key/cert that doesn't contain port in CN This allows the same cert to be used for both cas and app server in the tests. But, it causes problems when the port is included, but doesn't match what the server is using. Create rootCA that can sign the request, allowing future work to specify the CA to trust when communicating with the CAS server for validations --- test/certs/localhost.crt | 19 +++++++++++++++++++ test/certs/localhost.csr | 17 +++++++++++++++++ test/certs/localhost.key | 27 +++++++++++++++++++++++++++ test/certs/localhost3000.crt | 24 ------------------------ test/certs/localhost3000.key | 27 --------------------------- test/certs/rootCA.key | 27 +++++++++++++++++++++++++++ test/certs/rootCA.pem | 19 +++++++++++++++++++ test/certs/rootCA.srl | 1 + test/proxy-ticket.spec.js | 4 ++-- test/service-validate.spec.js | 5 +++-- 10 files changed, 115 insertions(+), 55 deletions(-) create mode 100644 test/certs/localhost.crt create mode 100644 test/certs/localhost.csr create mode 100644 test/certs/localhost.key delete mode 100644 test/certs/localhost3000.crt delete mode 100644 test/certs/localhost3000.key create mode 100644 test/certs/rootCA.key create mode 100644 test/certs/rootCA.pem create mode 100644 test/certs/rootCA.srl diff --git a/test/certs/localhost.crt b/test/certs/localhost.crt new file mode 100644 index 0000000..4245fe3 --- /dev/null +++ b/test/certs/localhost.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDLDCCAhQCCQCn4Orv4Cb7tjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJB +VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMRAwDgYDVQQDDAdSb290IENBMB4XDTE4MDczMTAzMzkwNloXDTM4 +MDcyNjAzMzkwNlowWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKg72NImqq+9 +gXjfhRcjbI9YOLgt0ctpGilleu0A65A+m3gkNThdpqzbuQw2ur/LpS77d5Bb7ve+ +skDhXmKjpSpmqM9+HHT4TF3GsDSCsqK7u0i44kxmHiAxH3xlOhwC5StMsrGI84CL +ZtVCIVe9InRLVKwbXtMdBkROEgjBd4q7sh0qDxOPqlt4+544wBax1vpuI/J6Apiq ++yb6hKKrJpDYW+9LQXBkyNKi3upvuWYOL8iMdV6QuxD/9zM7UnMYMQhM4WWV0cQu +X9sctj6fsOClboYPmu0L2SXY7G9VJ9i4QgplbZ6CPd8bx4NshNtxoivldLQL6kGz +TUjc/Wl+lwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDQJQdz09uFzU8E2Qo7gAyO +P10ZvlV0hI/pIYFqYO58kQMv5uiAadeSrFXdecpmaGhC0R2UQ5mtrCrOq5dv1y3S +ImiCZuVzstm3BNRB8MteYeumP6IQ+GFEfIdHkfoiWxRFG/YJu8m/4OiJtTzBR19a +9kLiuHsM10xl1INOWb9FNXLiNTRndECeyX8wXzwGMia/QgaN76SRbYYvqMDqiMmP +RadmyI4HA0xTykZ3Oq1ZzAhGw2hU19yyZsqU/FhpdsqnGS/zNGuHRJ3i7RXx3wN6 +zQLHk2OJoG6CNj6d6O4gr3cWjtLToEqF40MGE196miEZnB6C8Oh0drCV/XSMGJ7K +-----END CERTIFICATE----- diff --git a/test/certs/localhost.csr b/test/certs/localhost.csr new file mode 100644 index 0000000..ad6455f --- /dev/null +++ b/test/certs/localhost.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICnjCCAYYCAQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKg72NImqq+9 +gXjfhRcjbI9YOLgt0ctpGilleu0A65A+m3gkNThdpqzbuQw2ur/LpS77d5Bb7ve+ +skDhXmKjpSpmqM9+HHT4TF3GsDSCsqK7u0i44kxmHiAxH3xlOhwC5StMsrGI84CL +ZtVCIVe9InRLVKwbXtMdBkROEgjBd4q7sh0qDxOPqlt4+544wBax1vpuI/J6Apiq ++yb6hKKrJpDYW+9LQXBkyNKi3upvuWYOL8iMdV6QuxD/9zM7UnMYMQhM4WWV0cQu +X9sctj6fsOClboYPmu0L2SXY7G9VJ9i4QgplbZ6CPd8bx4NshNtxoivldLQL6kGz +TUjc/Wl+lwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBACjehq4B6n7kPXO6LqOH +wGcOm1rY9SL3O07SEgZINYovAV744OuoTYz5TyL1rnPgTT59hFBBPUJngYUImaVG ++tIoy+E0IFfDNTpXRfaxJBBijYfPailLSSrGrILbXRCNbHJw1Lq7TXdZ49KLgHY8 +iFKbuauhfalkjHIKbBGSp5GMXASzxhgzn407xY9jOJUpbAtxE1AvmhxFoPFE9Mdn +LBAH8viNNcc5Xul9dSVoH69Axu6haKeHCFvybRqbmDEoA8tE6fGQahe5M4fFVCPl +Sxoc3U+Q2N1i/wEkphuo7WCdsWKFgr0wAeZxkur8NXfMKAhbk/Mr7o+AoS6L5sQt +Fps= +-----END CERTIFICATE REQUEST----- diff --git a/test/certs/localhost.key b/test/certs/localhost.key new file mode 100644 index 0000000..44deca7 --- /dev/null +++ b/test/certs/localhost.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvKg72NImqq+9gXjfhRcjbI9YOLgt0ctpGilleu0A65A+m3gk +NThdpqzbuQw2ur/LpS77d5Bb7ve+skDhXmKjpSpmqM9+HHT4TF3GsDSCsqK7u0i4 +4kxmHiAxH3xlOhwC5StMsrGI84CLZtVCIVe9InRLVKwbXtMdBkROEgjBd4q7sh0q +DxOPqlt4+544wBax1vpuI/J6Apiq+yb6hKKrJpDYW+9LQXBkyNKi3upvuWYOL8iM +dV6QuxD/9zM7UnMYMQhM4WWV0cQuX9sctj6fsOClboYPmu0L2SXY7G9VJ9i4Qgpl +bZ6CPd8bx4NshNtxoivldLQL6kGzTUjc/Wl+lwIDAQABAoIBAG1Uobo5r6bjSdOq +lP6wNhtHxzy3n/YhB7vdma3vg8UARwgaTAF7tOpO6tcGuQDo/b+wxpK32k9Wy/DJ +oNHuICArvmq+NLuRHgRDpE2hYMzdeiZDMsISvGthBJbWpGNUsGjW+w/jyxYyvJbP +qA9ipX0+IBnl08bUWdGz6/qPkG8RvBBs1T1nB86ZTuGcz3gqiBOjMsvUvLY8eiO8 +KTZDqrdNzWjKyRBElI15F+S5VhGcqWLlEMtwUwwmpzvk+8GHpW4ZTsV9L8vTVKwN +YdvHzGP+BqgObVTYWALZk38Z7FgQYMhBi4l68wLiqTRChIVcOCIILqMire/4L5Yu +1Mco2gECgYEA6jU5JFyN3qsRFgCEPJqDQ4uRuVc4xazUn1KWoosD79R6v1eQfYTw +ZvcAIilNZ1FyI5x1K7X6M48hbWcqrWHhkbNRBH+iyJTRN/KA2VeoHBQ1x9dVjPGq +G5GvnV0rm6OZ6HE98Jqn1mSdrVgh4vj7zMtfqwSIJshaSeQtajaajNcCgYEAzjYA +sri4uLJ/HQzDbllvu2q+RA2SM7w9GbQ5Aj94tZWz0WqpQkwqwq3YLrUDEEJLynC3 +rVCnRApNpUG8Tzy2QQa+O6MdtRnFJszj+Ez4i5EqYDt1fuQ3EdoKiEmj5nmeHXzT +HgOxfA92yac/SnUIPOn+BZI3DMZouO5jjPFepEECgYEAr6vOOZTmoN8FSNCIX4Cx +9ocIfdGLdtIFBaAH9tF42Xoxu7WtXkjJnSGlyvnZ4iY4C7f+NxQfIG86bnoUi8pA +TG4I1ev6qKLfLyzJMrzKDo2mLUg6FibqJhWneMx6uhoDhlLyV7dZLrl3f578g+en +ztu43Wjfyt86wfPRkLp2QC8CgYAUZtti00vTWjWhViXvwQGA9WqlqQISBEm3RVFu +m4EB1jHYQklEuexxHmoJFPecoDKHcOd7SkOCQ9KyyvIqlMMjY9tmYxkJVedfk13q +rxLYHCCpLLjPOR0JsxzfpwmEP/wYxsTMb2kb8Ru7j8R/RVzvSedL/c9cgDTUNyG6 +TBclAQKBgQCLSesmfnICP5H4ivBr0R9OXFP9FdoPvb8rgmvi7cexZslHxLLSfa5G +Sz7JjEk0avIuICN1kRN5qRhSmmKYJVd7dsgSX+7npyjLNOheR5ac4hbd19tCa0Gu +lvWHlHadePGuhGKRjTJyn3hPdiDEqZ7RuizWC9jKLN7h9084Q+N6rw== +-----END RSA PRIVATE KEY----- diff --git a/test/certs/localhost3000.crt b/test/certs/localhost3000.crt deleted file mode 100644 index 6d1b39d..0000000 --- a/test/certs/localhost3000.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEAzCCAuugAwIBAgIJAP6TCQY15f4EMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMTDmxvY2FsaG9zdDozMDAwMB4XDTE0MDEw -OTIyNDI0N1oXDTQxMDUyNzIyNDI0N1owXjELMAkGA1UEBhMCQVUxEzARBgNVBAgT -ClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEX -MBUGA1UEAxMObG9jYWxob3N0OjMwMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQC6k2+4qroPfcRSOeDxX1ielff3IfWWhM0sHocVMoVLO6feIugdHESA -zhQH3Bcs/Ocv8Xg8VFAZxBxgk91ovaKlryoxRtdemyegq7Bm0Yv6vps81WCNEMU/ -fqdQuPNFJtNQGJHIEYM9Ap0yex9qQEgJ/TFkVjlXTidBaKOo+8V/ZXiJ4sssxcKD -+vRvdINA3rquw4LtsUeO2vnDRqz5GlTgzWYXFLmnfLUoxj49gGBYo+IyCLfpPgVn -QmtFYRlFmfW+u2GZBfspfvlhvlt0uiJVOZpArVlF+tNoWIvDYNMzkDI5eCHQZafy -N10ndPkAZCdLt018bted1mIK3/h3/BQhAgMBAAGjgcMwgcAwHQYDVR0OBBYEFIaC -eCjMEfpwJDZBDqcF2u8AqFm1MIGQBgNVHSMEgYgwgYWAFIaCeCjMEfpwJDZBDqcF -2u8AqFm1oWKkYDBeMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEh -MB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRcwFQYDVQQDEw5sb2Nh -bGhvc3Q6MzAwMIIJAP6TCQY15f4EMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADggEBAJYWnApYR7tgQue/VZ1f5psX7DSGrMOZiZOYL/oo2o3pRNMi+c1PKnir -w9FDdDTmeBha8YsyzFLYDHpmAMNvu41USGBUTWghe2KDsbn9DUhQNmEdnZxclew5 -vMYTur+OuR0fugVR4bc5ZFvtR29/hgxhv6pXMYZR/NKZ3GIuDEmBhyRw8wNFdg3U -krjeOsymcd+CyoVL+NYYR2nwdexDm+8xR96w128VHLpYu4UGXTMYYaGuw0redJFI -f0ESJDhK1B52/9YDldzTFcMH97x9ky0WtRgFBbKhO2iComAeYV/BwtnnadAHzgGd -0r52v47HtmlBotbqUInHH9OllpBqKPs= ------END CERTIFICATE----- diff --git a/test/certs/localhost3000.key b/test/certs/localhost3000.key deleted file mode 100644 index 259f52c..0000000 --- a/test/certs/localhost3000.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAupNvuKq6D33EUjng8V9YnpX39yH1loTNLB6HFTKFSzun3iLo -HRxEgM4UB9wXLPznL/F4PFRQGcQcYJPdaL2ipa8qMUbXXpsnoKuwZtGL+r6bPNVg -jRDFP36nULjzRSbTUBiRyBGDPQKdMnsfakBICf0xZFY5V04nQWijqPvFf2V4ieLL -LMXCg/r0b3SDQN66rsOC7bFHjtr5w0as+RpU4M1mFxS5p3y1KMY+PYBgWKPiMgi3 -6T4FZ0JrRWEZRZn1vrthmQX7KX75Yb5bdLoiVTmaQK1ZRfrTaFiLw2DTM5AyOXgh -0GWn8jddJ3T5AGQnS7dNfG7XndZiCt/4d/wUIQIDAQABAoIBAHiRdF4Cve/q1yZH -zsxMUClTQoWKhXj6YtgC9kpFdovShj1vk03UiZQvGBSoLrXczM1XntplpcmwyKHE -jAz2lxe4pWxomh7B5w7WRE19Vpb3+7uJLDacwsqwXxE0I8jpOR8GcZa3cnbHrKwF -kpyH48XIv9VWPwHjOEz1gOVfphYXcmjS1ivmF6TKdEI5wFB9pbMP2CWAuRHKc01R -MBNB9aq5VNwqOI8AiTyGt2piJJ7EhWYPUs+naSng60ONnOER7zQtJoOAdgB/8QFw -EAYyE5NTdjJytkAhow8nkmJXHeVFJhWgKReQWiZazKGqxAg9qi+NOJuxoj6bJATt -WpbhBK0CgYEA6sQ6ZdSYCe8mq1aaqjcDbd5EckNv7G2kuo5rAOpHaEjFXM9DqPwz -nky+f5YZjdFbPfL+MzWsD9/uIU8Jcn69+ds1/DqKBlj6J1Bj+t3oTh7PXN1isfyk -J914TKcsCotXnUjJCjc44PIpRWYkWbXOiPAz1FS8zmfx7KAi4W9iIgMCgYEAy3Nn -4W6dcTx5E5EkD8ctc+UzyGqceHxgEFAcXD8rXW6+9tEj4STmEC+M6pYatQyDvWUT -ftzFBqhZ35WcBUzOMC/gOEP1ymk6GtHb3t4rwfYLZqfdDWm6EwqdgOU59nSkIiVv -TEL5eLLbtD5+H2cztauwNAc0H/MF/CW3vkoligsCgYASkB2F+79h2bUXCywDlYIB -5/dFiauJ6EmELsqrMdsfldF1OzZAYGC8fZj6gaXXntw2E8ahyfam8q/jllpK4Vao -MPsdzIspYVO2VBbzuSQrOShwUVkCddWNCWf/t6A13Tq6Rw0Ob7thngRBZogtR8Di -9wtCGMktEO8CJM9dP+9kfQKBgAz4VH0Iojzf0BAxRo1C82DaEc0LDuKXe0BO+x/e -XxNbxgzSFGl8AraxcVhbLWSxYYynbvC9fkoIXYJldUbZOKPVyYOMwZSf1LZ0/oFc -xIle+CcZOHxsaxJfsN7Qvjs6AGS04j2IX4MUU/FPspap65//TAJlGyuWQKFsfiRB -cdc1AoGBAJRiZJa4oQvHTaOytiHVgavtXLuXUkIkgHC1ieBOQrgPRBXE2Lsj7k/I -4dD574LjoUHuEb47+rfHGuZ2+uoIPOrf97vJtJ28mTstE+HqlfclbDcNQu+9VTbz -p8rj3zNGn4AiNpGz8aJXTNQV71aSplT2GMrWIQjCylORGuTkFAxr ------END RSA PRIVATE KEY----- diff --git a/test/certs/rootCA.key b/test/certs/rootCA.key new file mode 100644 index 0000000..46fa032 --- /dev/null +++ b/test/certs/rootCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA16YCcR0guWgb8t7WFXF8JBPjmwBhKpL8dD+MSrbKXvFTEzH+ +lHT/Dl+p9Dc4sKjc5cXA6c92xjJPj8Iqw8ky1f5IOR50B2bPcIbmTF4nc2sBkbAx +9nejowWdKM9IQlxf4oEFCstVt55fNdYajJDxQQA2fXikN8O9CKS14kLz0RsQBQBp +Xt87OA1Xd60Fhl1ROYAeB5DDNA26qGM4IaUd7iZJ7VsLb8ySPYSG2ou1QcCVOZLT +2S2K6JGajcc4o1Qtqim9eIe2qXsWJbQO8CI6MB6Jq6D4jZGyNBijOm+3yjD150SL +QCU+DLHQn8u2oHvJpREhSGIb/93b/mhVKzlkJQIDAQABAoIBACT0lxCJXFVJqRh6 +5ZcxJoQMQIIMk5o3LDpDtagMISwaERGGDMmmLxtoe3iVigqENa7Or9uhqQoYDxhk +vu1kamjPtdLMDDhEfyIajBbkP8CAwvkTh8xj/k/uo1seApUUvX3UfGe4Js1bv5c7 +RLt4D1ADWFMyPHot+hQkHeNTc/MObn277Brtq8H57h6Jnu6gk1ol6RNJS7EfgFa/ +GeeYUyUCJGn4cjVUWxTML6l/xzLKonHpeKWMObOj4ey2f1d2QVGDPDrsu5hXY07K +Fx1vpXNX9fDOHVgYfnnW0u61Iwd5KeWQEBpvNm6FB5JNYAES9yyc13CFIwrKe6LV +c255hPUCgYEA+4Gw4dDh/XpM+6KsAG8ur5ORtTUVjYGx847EAG5wgex1CjnONwl0 +DGiwWxC+KFir5vFnL4S0AW84VNaQdJJGbMmmC1NaCCyFQciDq8CzqTAUz7dOCkhR +ofGkGGPuEYRD04Cb15RzF1yRGodqF4zPzWhZV0Dq8LYq2YoEtWsjfAsCgYEA24BQ +shd88Mvp4yZQ+ICpVREDApvzD7ZX0ubZfLRc3qBDmY2OPSTBI1uJGYmVAVowTUIK +cOf6XQGBz2DQmgkKFq3aeowA1XbaEwsqvJgnOT5HeA/nSzhIvCosONXphysMN49k +k/nCIf+fd4pxqVLtDoE8imFCzGAGhGtK10Frjo8CgYA8ggQjH9Tu3bidpZJJ/HW3 +6gHZHa9Uvwon9YX0MJ3CtDeoQSX6mbygq6MaFZoaLNMWmadgiEWiPrbHumNAmFx3 +GcBn4yK66rMYk3wSGydeIeIv4wLUeHejRXZcI9aHwlFrFfroT5+s1ClYv5Fnnwnz +ehJcapLbXIhMk+b0GpWL5wKBgQDG78uzLRCCmP1YbtCx+MH/pBRrV/X6BpQgRDNX +D4ygBPZfg+knR1l4dyyRpZ0Tha8DRlh6LfU+N/BziFZnVMv89AJwUNUsorRQ0C0i +km/yNJzHlvpUtSVOzJYZyN4HMJ+490/7wUAOWkQoLqSHBu5s1/qLnEzTODCP8UH6 +R4N4xwKBgQCcGpRDy4k4o78PXksfPOU0CBTwR9d9P3NBSxMmCBV8Cu73SRldQFt2 +mdGzmQROz/9TiKSCXj4iu0oA4nciWjF9cBdKXCXDDSomJ8s78Jbev0DIu9g5S5TW +iTh2Kew30F9PC0kgVlsXCQL+Mq/Xn/zshaUoSbbQ5HPjeOR2CDj3Og== +-----END RSA PRIVATE KEY----- diff --git a/test/certs/rootCA.pem b/test/certs/rootCA.pem new file mode 100644 index 0000000..a0c52e8 --- /dev/null +++ b/test/certs/rootCA.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDKjCCAhICCQCOPWEqfXiMczANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJB +VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMRAwDgYDVQQDDAdSb290IENBMB4XDTE4MDczMTAzMzc1NFoXDTM4 +MDcyNjAzMzc1NFowVzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEQMA4GA1UEAwwHUm9v +dCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANemAnEdILloG/Le +1hVxfCQT45sAYSqS/HQ/jEq2yl7xUxMx/pR0/w5fqfQ3OLCo3OXFwOnPdsYyT4/C +KsPJMtX+SDkedAdmz3CG5kxeJ3NrAZGwMfZ3o6MFnSjPSEJcX+KBBQrLVbeeXzXW +GoyQ8UEANn14pDfDvQikteJC89EbEAUAaV7fOzgNV3etBYZdUTmAHgeQwzQNuqhj +OCGlHe4mSe1bC2/Mkj2EhtqLtUHAlTmS09ktiuiRmo3HOKNULaopvXiHtql7FiW0 +DvAiOjAeiaug+I2RsjQYozpvt8ow9edEi0AlPgyx0J/LtqB7yaURIUhiG//d2/5o +VSs5ZCUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAHXvl2ehFGqJ2TEuSj2AtVjs2 +WOGB5bLKK/qx4Mn7Q75uO7ICEcFQ9atPxBpiIaofO1v+GMcJkRoPLTyPDGaeBDD6 +47YczoTcx4GkHTnllpM+4hTeMhV7lGnEgH10k9LXoquMDM5kUOSP8wYYZxfLHb+E +ODPQSrm9HvEN92M0p/G3ASqJVcWi6QK37IiqijpIJl1nOCEw0P0r3+wFG4I4TO9D +L2TJ6C5aZQNCIF7UxeKLexX0Maa3vz76DUPEPkezHlE7zdI0ZUdWjThY9RiGyxPT +3CeB12NR8QjgA/vHMHFbuTO0rlu2WLcqUlJFQoWA6phvhkSaMm9Pq+e0Y4sSNA== +-----END CERTIFICATE----- diff --git a/test/certs/rootCA.srl b/test/certs/rootCA.srl new file mode 100644 index 0000000..1b30012 --- /dev/null +++ b/test/certs/rootCA.srl @@ -0,0 +1 @@ +A7E0EAEFE026FBB6 diff --git a/test/proxy-ticket.spec.js b/test/proxy-ticket.spec.js index 0474e50..5f2e60c 100644 --- a/test/proxy-ticket.spec.js +++ b/test/proxy-ticket.spec.js @@ -119,8 +119,8 @@ var serverSetup = function(options, done){ res.send('hello world'); }); var server = https.createServer({ - key: fs.readFileSync(__dirname + '/certs/localhost3000.key'), - cert: fs.readFileSync(__dirname + '/certs/localhost3000.crt') + key: fs.readFileSync(__dirname + '/certs/localhost.key'), + cert: fs.readFileSync(__dirname + '/certs/localhost.crt') }, app).listen(3000, done); return server; }; diff --git a/test/service-validate.spec.js b/test/service-validate.spec.js index 2c40488..03319af 100644 --- a/test/service-validate.spec.js +++ b/test/service-validate.spec.js @@ -231,6 +231,7 @@ var casServerSetup = function(done){ server.setTimeout(50); return server; }; + var serverSetup = function(options, done){ var app = express() .use(connect.cookieParser()) @@ -250,8 +251,8 @@ var serverSetup = function(options, done){ res.end('hello world'); }); var server = https.createServer({ - key: fs.readFileSync(__dirname + '/certs/localhost3000.key'), - cert: fs.readFileSync(__dirname + '/certs/localhost3000.crt') + key: fs.readFileSync(__dirname + '/certs/localhost.key'), + cert: fs.readFileSync(__dirname + '/certs/localhost.crt') }, app).listen(3000, done); //server.setTimeout(20); return server; From b832a719dcdd61032ae16fb8793f1267d2032ecf Mon Sep 17 00:00:00 2001 From: Michael Irwin Date: Mon, 30 Jul 2018 23:54:52 -0400 Subject: [PATCH 3/5] Added ability to set agentOptions on requests to CAS server All tests were updated to make the CAS server run using HTTPS and the cas configuration was updated to use the CA cert to verify it all works. --- README.md | 1 + lib/configure.js | 3 ++- lib/proxy-ticket.js | 2 +- lib/service-validate.js | 11 ++++++----- test/proxy-ticket.spec.js | 14 ++++++++++---- test/service-validate.spec.js | 36 +++++++++++++++++++++++++++-------- 6 files changed, 48 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index f6b0e10..3c16b88 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ Many of these options are borrowed from node's [url documentation](http://nodejs - `proxyValidate` Path to validate PGT (not implemented) - `proxy` Path to obtain a proxy ticket - `login` Path to the CAS login + - `agentOptions` - Options used when making requests to the CAS server ([see request's docs here](https://www.npmjs.com/package/request#using-optionsagentoptions)) ## Usage diff --git a/lib/configure.js b/lib/configure.js index 2933d5f..7967458 100644 --- a/lib/configure.js +++ b/lib/configure.js @@ -12,7 +12,8 @@ var defaults = { proxy: '/cas/proxy', login: '/cas/login', logout: '/cas/logout' - } + }, + agentOptions : {}, }; module.exports = function(options){ diff --git a/lib/proxy-ticket.js b/lib/proxy-ticket.js index 8db6e3f..44e279a 100644 --- a/lib/proxy-ticket.js +++ b/lib/proxy-ticket.js @@ -21,7 +21,7 @@ module.exports = function(options){ options.query.pgt = req.session.pgt; options.pathname = options.paths.proxy; - request.get(url.format(options), function(err, res, body){ + request.get(url.format(options), { agentOptions : options.agentOptions }, function(err, res, body){ if (err || res.statusCode !== HttpStatus.OK) return redirectToLogin(options, req, res); if (/(.*)<\/cas:proxyTicket>/.exec(body)){ diff --git a/lib/service-validate.js b/lib/service-validate.js index a4e7010..f731b5a 100644 --- a/lib/service-validate.js +++ b/lib/service-validate.js @@ -50,7 +50,7 @@ module.exports = function (overrides) { if (storedSession && storedSession.st && (storedSession.st === ticket)) { return next(); } else { - validateService(res, formatUrl(options), function (casBody) { + validateService(res, formatUrl(options), options.agentOptions, function (casBody) { validateCasResponse(req, res, ticket, casBody, options, next); }); } @@ -58,7 +58,7 @@ module.exports = function (overrides) { }); // cookie session } else { - validateService(res, formatUrl(options), function (casBody) { + validateService(res, formatUrl(options), options.agentOptions, function (casBody) { validateCasResponse(req, res, ticket, casBody, options, next); }); } @@ -66,10 +66,11 @@ module.exports = function (overrides) { }; }; -function validateService(res, url, callback) { - - request.get(url, function(casErr, casRes, casBody){ +function validateService(res, url, agentOptions, callback) { + request.get(url, { agentOptions : agentOptions }, function(casErr, casRes, casBody){ if (casErr || casRes.statusCode !== HttpStatus.OK){ + if (casErr) + console.error(casErr); res.send(HttpStatus.UNAUTHORIZED); return; } diff --git a/test/proxy-ticket.spec.js b/test/proxy-ticket.spec.js index 5f2e60c..4007926 100644 --- a/test/proxy-ticket.spec.js +++ b/test/proxy-ticket.spec.js @@ -5,15 +5,17 @@ var should = require('should'); var parseUrl = require('url').parse; var request = require('request').defaults({strictSSL: false, followRedirect: false}); var https = require('https'); -var http = require('http'); var q = require('q'); var fs = require('fs'); var lastRequest; cas.configure({ - protocol: 'http', + protocol: 'https', hostname: 'localhost', - port: 1337 + port: 1337, + agentOptions : { + ca : fs.readFileSync(__dirname + "/certs/rootCA.pem"), + }, }); describe('#proxyTicket', function(){ @@ -100,10 +102,14 @@ var casServerSetup = function(done){ res.send(''); } }); - var server = http.createServer(app).listen(1337, done); + var server = https.createServer({ + key: fs.readFileSync(__dirname + '/certs/localhost.key'), + cert: fs.readFileSync(__dirname + '/certs/localhost.crt') + }, app).listen(1337, done); server.setTimeout(20); return server; }; + var serverSetup = function(options, done){ var app = express() .use(connect.cookieParser()) diff --git a/test/service-validate.spec.js b/test/service-validate.spec.js index 03319af..b956d30 100644 --- a/test/service-validate.spec.js +++ b/test/service-validate.spec.js @@ -3,15 +3,22 @@ var connect = require('connect'); var cas = require('../'); var should = require('should'); var parseUrl = require('url').parse; -var request = require('request').defaults({followRedirect: false, strictSSL: false}); -var https = require('https'); var fs = require('fs'); -var http = require('http'); +var request = require('request').defaults({ + followRedirect: false, + agentOptions : { + ca : fs.readFileSync(__dirname + '/certs/rootCA.pem'), + } +}); +var https = require('https'); cas.configure({ - protocol: 'http', + protocol: 'https', hostname: 'localhost', - port: 1337 + port: 1337, + agentOptions : { + ca : fs.readFileSync(__dirname + '/certs/rootCA.pem') + } }); var lastRequest; @@ -30,6 +37,16 @@ describe('#serviceValidate', function(){ }); describe('when ticket presented', function(){ + + it("can talk to cas server directly", function(done) { + request.get("https://localhost:1337/cas/serviceValidate?ticket=validTicket", + { strictSSL : true, agentOptions : { ca : fs.readFileSync(__dirname + "/certs/rootCA.pem") } }, + function(err, response) { + response.statusCode.should.equal(200); + done(); + }); + }); + it('success if ticket valid', function(done){ request.get('https://localhost:3000/somePath?ticket=validTicket', function(err, response){ response.statusCode.should.equal(200); @@ -49,7 +66,7 @@ describe('#serviceValidate', function(){ it('redirect to login when no session and ticket invalid', function(done){ request.get({uri: 'https://localhost:3000/?ticket=invalidTicket', followRedirect: false}, function(err, response){ response.statusCode.should.equal(307); - response.headers.location.should.equal('http://localhost:1337/cas/login?service=https%3A%2F%2Flocalhost%3A3000%2F'); + response.headers.location.should.equal('https://localhost:1337/cas/login?service=https%3A%2F%2Flocalhost%3A3000%2F'); done(); }); }); @@ -96,7 +113,7 @@ describe('#serviceValidate', function(){ it('keeps the querystring parameters during the redirect', function(done){ request.get({uri: 'https://localhost:3000/?randomquerystring=true', followRedirect: false}, function(err, response){ response.statusCode.should.equal(307); - response.headers.location.should.equal('http://localhost:1337/cas/login?service=https%3A%2F%2Flocalhost%3A3000%2F%3Frandomquerystring%3Dtrue'); + response.headers.location.should.equal('https://localhost:1337/cas/login?service=https%3A%2F%2Flocalhost%3A3000%2F%3Frandomquerystring%3Dtrue'); done(); }); }); @@ -227,7 +244,10 @@ var casServerSetup = function(done){ } res.end(response); }); - var server = http.createServer(app).listen(1337, done); + var server = https.createServer({ + key: fs.readFileSync(__dirname + '/certs/localhost.key'), + cert: fs.readFileSync(__dirname + '/certs/localhost.crt') + }, app).listen(1337, done); server.setTimeout(50); return server; }; From b8fbc06d6373efe7db186f16b591abacff27ec6b Mon Sep 17 00:00:00 2001 From: Michael Irwin Date: Tue, 31 Jul 2018 00:11:18 -0400 Subject: [PATCH 4/5] Comment out setTimeout, as not found in node version (Might it be time to consider updating the node_js version used in the travis builds??) --- test/proxy-ticket.spec.js | 2 +- test/service-validate.spec.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/proxy-ticket.spec.js b/test/proxy-ticket.spec.js index 4007926..f9491f6 100644 --- a/test/proxy-ticket.spec.js +++ b/test/proxy-ticket.spec.js @@ -106,7 +106,7 @@ var casServerSetup = function(done){ key: fs.readFileSync(__dirname + '/certs/localhost.key'), cert: fs.readFileSync(__dirname + '/certs/localhost.crt') }, app).listen(1337, done); - server.setTimeout(20); + // server.setTimeout(20); return server; }; diff --git a/test/service-validate.spec.js b/test/service-validate.spec.js index b956d30..2f79079 100644 --- a/test/service-validate.spec.js +++ b/test/service-validate.spec.js @@ -248,7 +248,7 @@ var casServerSetup = function(done){ key: fs.readFileSync(__dirname + '/certs/localhost.key'), cert: fs.readFileSync(__dirname + '/certs/localhost.crt') }, app).listen(1337, done); - server.setTimeout(50); + // server.setTimeout(50); return server; }; From 6a091f09172b7a21900ee9f7de04e858dd184516 Mon Sep 17 00:00:00 2001 From: Michael Irwin Date: Tue, 31 Jul 2018 00:14:25 -0400 Subject: [PATCH 5/5] Bumped travis to use Node 8, current LTS --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6e5919d..efb0983 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,3 @@ language: node_js node_js: - - "0.10" + - "8"