Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit aa98150

Browse filesBrowse files
shigekiMylesBorins
shigeki
authored and
MylesBorins
committed
test: add script to create 0-dns-cert.pem
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing. Fixes: #10228 PR-URL: #11579 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
1 parent 5a93eab commit aa98150
Copy full SHA for aa98150

File tree

Expand file treeCollapse file tree

9 files changed

+170
-51
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

9 files changed

+170
-51
lines changed
Open diff view settings
Collapse file

‎test/fixtures/0-dns/0-dns-cert.pem‎

Copy file name to clipboard
+19Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDGDCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5jYS5l
3+
eGFtcGxlLmNvbTAeFw0xNzAzMDIwMTMxMjJaFw0yNzAyMjgwMTMxMjJaMBsxGTAX
4+
BgNVBAMTEGV2aWwuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
5+
ggEKAoIBAQDFyJT0kv2P9L6iNY6TL7IZonAR8R9ev7iD1tR5ycMEpM/y6WTefIco
6+
civMcBGVZWtCgkoePHiveH9UIep7HFGB4gxCYDZFYB46yGS0YH2fB5GWXTLYObYa
7+
zxuEhgFRG0DLIwNDRLW0+0FG3disp7YdRHBtdbL58F/qNORqPEjIpoQxOJc2UqX2
8+
/gfomJRdFW/PSgN7uH2QwMzRQRIrKmyAFzeuEWVP+UAV4853Yg66PmYpAASyt069
9+
sE8QNTNE75KrerMmYzH7AmTEGvY8bukrDuVQZce2/lcK2rAE+G6at2eBNMZKOnzR
10+
y9kWIiJ3rR7+WK55EKelLz0doZFKteu1AgMBAAGjaTBnMGUGA1UdEQReMFyCImdv
11+
b2QuZXhhbXBsZS5vcmcALmV2aWwuZXhhbXBsZS5jb22CGGp1c3QtYW5vdGhlci5l
12+
eGFtcGxlLmNvbYcECAgICIcECAgEBIIQbGFzdC5leGFtcGxlLmNvbTANBgkqhkiG
13+
9w0BAQsFAAOCAQEAvreVoOZO2gpM4Dmzp70D30XZjsK9i0BCsRHBvPLPw3y8B2xg
14+
BRtOREOI69NU0WGpj5Lbqww5M8M1hjHshiGEu2aXfZ6qM3lENaIMCpKlF9jbm02/
15+
wmxNaAnS8bDSZyO5rbsGr2tJb4ds7DazmMEKWhOBEpJoOp9rG6SAey+a6MkZ7NEN
16+
0p3THCqNf3lL1KblPrMvdsyhHPEzv4uT7+YAnLKHwGzbihcWJRsRo5oipWL8ZDhn
17+
bd3SMWtfRTSWDmghJaHke2xIjDtTwSjHjjPTFsK+rl227W8r4/EQI/X6fTQV2j3T
18+
7zqrJLF9h9F/v3mo57k6sxsQNZ12XvhuTHC2dA==
19+
-----END CERTIFICATE-----
Collapse file

‎test/fixtures/0-dns/0-dns-key.pem‎

Copy file name to clipboard
+27Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
-----BEGIN RSA PRIVATE KEY-----
2+
MIIEowIBAAKCAQEAxciU9JL9j/S+ojWOky+yGaJwEfEfXr+4g9bUecnDBKTP8ulk
3+
3nyHKHIrzHARlWVrQoJKHjx4r3h/VCHqexxRgeIMQmA2RWAeOshktGB9nweRll0y
4+
2Dm2Gs8bhIYBURtAyyMDQ0S1tPtBRt3YrKe2HURwbXWy+fBf6jTkajxIyKaEMTiX
5+
NlKl9v4H6JiUXRVvz0oDe7h9kMDM0UESKypsgBc3rhFlT/lAFePOd2IOuj5mKQAE
6+
srdOvbBPEDUzRO+Sq3qzJmMx+wJkxBr2PG7pKw7lUGXHtv5XCtqwBPhumrdngTTG
7+
Sjp80cvZFiIid60e/liueRCnpS89HaGRSrXrtQIDAQABAoIBABcGA3j5B3VTi0F8
8+
tI0jtzrOsvcTt5AjB0qpnnBS8VXADcj8LFbN7jniGIEi5pkahkLmwdQFPBNJFqFn
9+
lVEheceB1eWAJ7EpwDsdisOIm/cAPY1gagPLrAww4cYqh0q2vnMnL0EMZY6c1Pt3
10+
5borh8KebewAEIaR2ch8wb4wKFTbAM0DftYBFzHAF88OeCuIpdsk2Tz0sVQbA3/1
11+
XNLOVcJvDOVIRPEpo2l7RIN33KvDhzpMoV3qVzWxqdccPRZZFU5KmJ6DtouIPT3S
12+
3WauIL5oVpAyYNJETTyxjBQE4DgFeNX1Wyycgk27EoLcn6Trcs0kNVrmXXblNAtJ
13+
Nko6g10CgYEA+TjzNjyAXPrOpY88uiPVMAgepEQOnDYtMwasdDVaW3xK9KH1rrhU
14+
dx1IDTMmOUfyU2qsj5txmJtReQz//1bpd7e73VO8mHQDUubhs2TivgGs+fqzAdmT
15+
vJsjerfNsxf+4JENzzWmqT/Ybc976Tu55VH5mcRG9Q66fTxdAJ51+8MCgYEAyymF
16+
gntRMBd9e/KIiqlvcxelo0ahyKEzaJC7/FkZotuSB+kAwpdJ5Unb0FeVQZxNhDPg
17+
xgsrGOOOvHvfhv7DPU0TQ/vp6VDPdg+N6m/Ow2vr79A2v6s+7gZj3MLiLRFyEF6l
18+
bxQNGe3qavnm3owUQQCY2RLBKYCFfv/cykYlGycCgYB6etKMRQ+QonIMS2i80f9j
19+
q5njgM7tVnLAMPdv5QiTDXKI50+mnlBkea9/TTPr0r/03ugPa4VYSnyv0QO+qSfz
20+
/ggFrbFx+xHnHDCvyVTlrE0mTV7L+fHxLw0wskQVUCWil6cBvow5gXcMAHwVE5U4
21+
biEMwLlele5wvcm3FClHoQKBgACV/RGUQ3atCqqZ13T26iBd2Bdxc7P9awWJLVGb
22+
/CvxECm/rUXiY88qeFzQc9i9l6ei8qn/jD9FILtAbDOadnutxjly94i5t+9yOgmM
23+
Cv+bRxHo+s9wsfzDvfP8B+TzYO3VKAr69tK1UfC/CcBojQJm+wndOPtiqH/mQv++
24+
VgsPAoGBAJ0aNJe3zb+blvAQ3W4iPSjhyxdMC00x46pr6ds+Y8WygbN6lzCvNDw6
25+
FFTINBckOs5Z/UWUNbExWYjBHZhLlhhxTezCzvIrwNvgUB8Y4sPk3S4KDsnkyy6f
26+
/qMmEHlVyKjh2BCNs7PVnWDlfl3vECE7n8dBizFHgja76l1ia+0z
27+
-----END RSA PRIVATE KEY-----
Collapse file

‎test/fixtures/0-dns/0-dns-rsapub.der‎

Copy file name to clipboard
270 Bytes
Binary file not shown.
Collapse file

‎test/fixtures/0-dns/README.md‎

Copy file name to clipboard
+26Lines changed: 26 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
## Purpose
2+
The test cert file for use `test/parallel/test-tls-0-dns-altname.js`
3+
can be created by using `asn1.js` and `asn1.js-rfc5280`,
4+
5+
## How to create a test cert.
6+
7+
```sh
8+
$ openssl genrsa -out 0-dns-key.pem 2048
9+
Generating RSA private key, 2048 bit long modulus
10+
...................+++
11+
..............................................................................................+++
12+
e is 65537 (0x10001)
13+
$ openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der -out 0-dns-rsapub.der
14+
writing RSA key
15+
$ npm install
16+
0-dns@1.0.0 /home/github/node/test/fixtures/0-dns
17+
+-- asn1.js@4.9.1
18+
| +-- bn.js@4.11.6
19+
| +-- inherits@2.0.3
20+
| `-- minimalistic-assert@1.0.0
21+
`-- asn1.js-rfc5280@1.2.2
22+
23+
$ node ./createCert.js
24+
$ openssl x509 -text -in 0-dns-cert.pem
25+
(You can not see evil.example.com in subjectAltName field)
26+
```
Collapse file

‎test/fixtures/0-dns/create-cert.js‎

Copy file name to clipboard
+75Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
'use strict';
2+
const asn1 = require('asn1.js');
3+
const crypto = require('crypto');
4+
const fs = require('fs');
5+
const rfc5280 = require('asn1.js-rfc5280');
6+
const BN = asn1.bignum;
7+
8+
const id_at_commonName = [ 2, 5, 4, 3 ];
9+
const rsaEncryption = [1, 2, 840, 113549, 1, 1, 1];
10+
const sha256WithRSAEncryption = [1, 2, 840, 113549, 1, 1, 11];
11+
const sigalg = 'RSA-SHA256';
12+
13+
const private_key = fs.readFileSync('./0-dns-key.pem');
14+
// public key file can be generated from the private key with
15+
// openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der
16+
// -out 0-dns-rsapub.der
17+
const public_key = fs.readFileSync('./0-dns-rsapub.der');
18+
19+
const now = Date.now();
20+
const days = 3650;
21+
22+
const Null_ = asn1.define('Null_', function() {
23+
this.null_();
24+
});
25+
const null_ = Null_.encode('der');
26+
27+
const PrintStr = asn1.define('PrintStr', function() {
28+
this.printstr();
29+
});
30+
const issuer = PrintStr.encode('ca.example.com', 'der');
31+
const subject = PrintStr.encode('evil.example.com', 'der');
32+
33+
const tbs = {
34+
version: 'v3',
35+
serialNumber: new BN('01', 16),
36+
signature: { algorithm: sha256WithRSAEncryption, parameters: null_},
37+
issuer: { type: 'rdnSequence',
38+
value: [ [{type: id_at_commonName, value: issuer}] ] },
39+
validity:
40+
{ notBefore: { type: 'utcTime', value: now },
41+
notAfter: { type: 'utcTime', value: now + days * 86400000} },
42+
subject: { type: 'rdnSequence',
43+
value: [ [{type: id_at_commonName, value: subject}] ] },
44+
subjectPublicKeyInfo:
45+
{ algorithm: { algorithm: rsaEncryption, parameters: null_},
46+
subjectPublicKey: { unused: 0, data: public_key} },
47+
extensions:
48+
[ { extnID: 'subjectAlternativeName',
49+
critical: false,
50+
// subjectAltName which contains '\0' character to check CVE-2009-2408
51+
extnValue: [
52+
{ type: 'dNSName', value: 'good.example.org\u0000.evil.example.com' },
53+
{ type: 'dNSName', value: 'just-another.example.com' },
54+
{ type: 'iPAddress', value: Buffer.from('08080808', 'hex') },
55+
{ type: 'iPAddress', value: Buffer.from('08080404', 'hex') },
56+
{ type: 'dNSName', value: 'last.example.com' } ] }
57+
]
58+
};
59+
60+
const tbs_der = rfc5280.TBSCertificate.encode(tbs, 'der');
61+
62+
const sign = crypto.createSign(sigalg);
63+
sign.update(tbs_der);
64+
const signature = sign.sign(private_key);
65+
66+
const cert = {
67+
tbsCertificate: tbs,
68+
signatureAlgorithm: { algorithm: sha256WithRSAEncryption, parameters: null_ },
69+
signature:
70+
{ unused: 0,
71+
data: signature }
72+
};
73+
const pem = rfc5280.Certificate.encode(cert, 'pem', {label: 'CERTIFICATE'});
74+
75+
fs.writeFileSync('./0-dns-cert.pem', pem + '\n');
Collapse file

‎test/fixtures/0-dns/package.json‎

Copy file name to clipboard
+16Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
{
2+
"name": "0-dns",
3+
"version": "1.0.0",
4+
"description": "create certificate for 0-dns test",
5+
"main": "createCert.js",
6+
"scripts": {
7+
"test": "echo \"Error: no test specified\" && exit 1"
8+
},
9+
"author": "",
10+
"license": "SEE LICENSE IN ../../../LICENSE",
11+
"private": true,
12+
"dependencies": {
13+
"asn1.js": "^4.9.1",
14+
"asn1.js-rfc5280": "^1.2.2"
15+
}
16+
}
Collapse file

‎test/fixtures/keys/0-dns-cert.pem‎

Copy file name to clipboardExpand all lines: test/fixtures/keys/0-dns-cert.pem
-19Lines changed: 0 additions & 19 deletions
This file was deleted.
Collapse file

‎test/fixtures/keys/0-dns-key.pem‎

Copy file name to clipboardExpand all lines: test/fixtures/keys/0-dns-key.pem
-27Lines changed: 0 additions & 27 deletions
This file was deleted.
Collapse file

‎test/parallel/test-tls-0-dns-altname.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-tls-0-dns-altname.js
+7-5Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
const common = require('../common');
33
const assert = require('assert');
44

5+
// Check getPeerCertificate can properly handle '\0' for fix CVE-2009-2408.
6+
57
if (!common.hasCrypto) {
68
common.skip('missing crypto');
79
return;
@@ -11,8 +13,8 @@ const tls = require('tls');
1113
const fs = require('fs');
1214

1315
const server = tls.createServer({
14-
key: fs.readFileSync(common.fixturesDir + '/keys/0-dns-key.pem'),
15-
cert: fs.readFileSync(common.fixturesDir + '/keys/0-dns-cert.pem')
16+
key: fs.readFileSync(common.fixturesDir + '/0-dns/0-dns-key.pem'),
17+
cert: fs.readFileSync(common.fixturesDir + '/0-dns/0-dns-cert.pem')
1618
}, function(c) {
1719
c.once('data', function() {
1820
c.destroy();
@@ -24,11 +26,11 @@ const server = tls.createServer({
2426
}, common.mustCall(function() {
2527
const cert = c.getPeerCertificate();
2628
assert.strictEqual(cert.subjectaltname,
27-
'DNS:google.com\0.evil.com, ' +
28-
'DNS:just-another.com, ' +
29+
'DNS:good.example.org\0.evil.example.com, ' +
30+
'DNS:just-another.example.com, ' +
2931
'IP Address:8.8.8.8, ' +
3032
'IP Address:8.8.4.4, ' +
31-
'DNS:last.com');
33+
'DNS:last.example.com');
3234
c.write('ok');
3335
}));
3436
}));

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.