Fix parseCertificateInfo possibly in dead loop

2025-08-08 17:13:08 +08:00 · 2021-11-08 15:39:17 +08:00
parent c92153c97e
commit 41a6d1b701
3 changed files with 139 additions and 2 deletions
--- a/test/backend.spec.js
+++ b/test/backend.spec.js
@@ -1,4 +1,125 @@
 const { genSecret, sleep } = require("../src/util");
+const utilServerRewire = require("../server/util-server");
+
+describe("Test parseCertificateInfo", () => {
+    it("should handle undefined", async () => {
+        const parseCertificateInfo = utilServerRewire.__get__("parseCertificateInfo");
+        const info = parseCertificateInfo(undefined);
+        expect(info).toEqual(undefined);
+    }, 5000);
+
+    it("should handle normal cert chain", async () => {
+        const parseCertificateInfo = utilServerRewire.__get__("parseCertificateInfo");
+
+        const chain1 = {
+            fingerprint: "CF:2C:F3:6A:FE:6B:10:EC:44:77:C8:95:BB:96:2E:06:1F:0E:15:DA",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        const chain2 = {
+            fingerprint: "A0:31:C4:67:82:E6:E6:C6:62:C2:C8:7C:76:DA:9A:A6:2C:CA:BD:8E",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        const chain3 = {
+            fingerprint: "5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        chain1.issuerCertificate = chain2;
+        chain2.issuerCertificate = chain3;
+        chain3.issuerCertificate = chain3;
+
+        const info = parseCertificateInfo(chain1);
+        expect(chain1).toEqual(info);
+    }, 5000);
+
+    it("should handle cert chain with strange circle", async () => {
+        const parseCertificateInfo = utilServerRewire.__get__("parseCertificateInfo");
+
+        const chain1 = {
+            fingerprint: "CF:2C:F3:6A:FE:6B:10:EC:44:77:C8:95:BB:96:2E:06:1F:0E:15:DA",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        const chain2 = {
+            fingerprint: "A0:31:C4:67:82:E6:E6:C6:62:C2:C8:7C:76:DA:9A:A6:2C:CA:BD:8E",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        const chain3 = {
+            fingerprint: "5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        const chain4 = {
+            fingerprint: "haha",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        chain1.issuerCertificate = chain2;
+        chain2.issuerCertificate = chain3;
+        chain3.issuerCertificate = chain4;
+        chain4.issuerCertificate = chain2;
+
+        const info = parseCertificateInfo(chain1);
+        expect(chain1).toEqual(info);
+    }, 5000);
+
+    it("should handle cert chain with last undefined (should be happen in real, but just in case)", async () => {
+        const parseCertificateInfo = utilServerRewire.__get__("parseCertificateInfo");
+
+        const chain1 = {
+            fingerprint: "CF:2C:F3:6A:FE:6B:10:EC:44:77:C8:95:BB:96:2E:06:1F:0E:15:DA",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        const chain2 = {
+            fingerprint: "A0:31:C4:67:82:E6:E6:C6:62:C2:C8:7C:76:DA:9A:A6:2C:CA:BD:8E",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        const chain3 = {
+            fingerprint: "5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        const chain4 = {
+            fingerprint: "haha",
+            valid_from: "Oct 22 12:00:00 2013 GMT",
+            valid_to: "Oct 22 12:00:00 2028 GMT",
+            subjectaltname: "DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net",
+        };
+
+        chain1.issuerCertificate = chain2;
+        chain2.issuerCertificate = chain3;
+        chain3.issuerCertificate = chain4;
+        chain4.issuerCertificate = undefined;
+
+        const info = parseCertificateInfo(chain1);
+        expect(chain1).toEqual(info);
+    }, 5000);
+});

 describe("Test genSecret", () => {

@@ -42,3 +163,4 @@ describe("Test reset-password", () => {
        await require("../extra/reset-password").main();
    }, 120000);
 });
+