[MM-48407] Include entry for websocket too when trusting a certificate for https (#2526)
* Inlcude entry for websocket too when trusting a certificate for https * Improve condition for protocol
This commit is contained in:
parent
6ee8b97f7d
commit
bbb29a0d1b
|
@ -32,13 +32,13 @@ jest.mock('fs', () => ({
|
||||||
|
|
||||||
const certificateData = {
|
const certificateData = {
|
||||||
'https://server-1.com': {
|
'https://server-1.com': {
|
||||||
data: 'somerandomdata',
|
data: 'someRandomData',
|
||||||
issuerName: 'someissuer',
|
issuerName: 'someIssuer',
|
||||||
dontTrust: false,
|
dontTrust: false,
|
||||||
},
|
},
|
||||||
'https://server-2.com': {
|
'https://server-2.com': {
|
||||||
data: 'somerandomdata',
|
data: 'someRandomData',
|
||||||
issuerName: 'someissuer',
|
issuerName: 'someIssuer',
|
||||||
dontTrust: true,
|
dontTrust: true,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
@ -49,7 +49,7 @@ describe('main/certificateStore', () => {
|
||||||
|
|
||||||
let certificateStore;
|
let certificateStore;
|
||||||
expect(() => {
|
expect(() => {
|
||||||
certificateStore = new CertificateStore('somefilename');
|
certificateStore = new CertificateStore('someFilename');
|
||||||
}).not.toThrow(Error);
|
}).not.toThrow(Error);
|
||||||
expect(certificateStore.data).toStrictEqual({});
|
expect(certificateStore.data).toStrictEqual({});
|
||||||
});
|
});
|
||||||
|
@ -59,36 +59,49 @@ describe('main/certificateStore', () => {
|
||||||
beforeAll(() => {
|
beforeAll(() => {
|
||||||
validateCertificateStore.mockImplementation((data) => JSON.parse(data));
|
validateCertificateStore.mockImplementation((data) => JSON.parse(data));
|
||||||
fs.readFileSync.mockImplementation(() => JSON.stringify(certificateData));
|
fs.readFileSync.mockImplementation(() => JSON.stringify(certificateData));
|
||||||
certificateStore = new CertificateStore('somefilename');
|
certificateStore = new CertificateStore('someFilename');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should return true for stored matching certificate', () => {
|
it('should return true for stored matching certificate', () => {
|
||||||
certificateStore = new CertificateStore('somefilename');
|
certificateStore = new CertificateStore('someFilename');
|
||||||
|
|
||||||
expect(certificateStore.isTrusted('https://server-1.com', {
|
expect(certificateStore.isTrusted('https://server-1.com', {
|
||||||
data: 'somerandomdata',
|
data: 'someRandomData',
|
||||||
issuerName: 'someissuer',
|
issuerName: 'someIssuer',
|
||||||
})).toBe(true);
|
})).toBe(true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should return false for missing url', () => {
|
it('should return false for missing url', () => {
|
||||||
expect(certificateStore.isTrusted('https://server-3.com', {
|
expect(certificateStore.isTrusted('https://server-3.com', {
|
||||||
data: 'somerandomdata',
|
data: 'someRandomData',
|
||||||
issuerName: 'someissuer',
|
issuerName: 'someIssuer',
|
||||||
})).toBe(false);
|
})).toBe(false);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should return false for unmatching cert', () => {
|
it('should return false for unmatched cert', () => {
|
||||||
expect(certificateStore.isTrusted('https://server-1.com', {
|
expect(certificateStore.isTrusted('https://server-1.com', {
|
||||||
data: 'someotherrandomdata',
|
data: 'someOtherRandomData',
|
||||||
issuerName: 'someissuer',
|
issuerName: 'someIssuer',
|
||||||
})).toBe(false);
|
})).toBe(false);
|
||||||
|
|
||||||
expect(certificateStore.isTrusted('https://server-1.com', {
|
expect(certificateStore.isTrusted('https://server-1.com', {
|
||||||
data: 'somerandomdata',
|
data: 'someRandomData',
|
||||||
issuerName: 'someotherissuer',
|
issuerName: 'someOtherIssuer',
|
||||||
})).toBe(false);
|
})).toBe(false);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should add certificate for websocket too', () => {
|
||||||
|
const certOrigin = 'https://server-websocket.com';
|
||||||
|
const wssCertOrigin = certOrigin.replace('https', 'wss');
|
||||||
|
const certData = {
|
||||||
|
data: 'someRandomData',
|
||||||
|
issuerName: 'someIssuer',
|
||||||
|
};
|
||||||
|
|
||||||
|
certificateStore = new CertificateStore('someFilename');
|
||||||
|
certificateStore.add(certOrigin, certData);
|
||||||
|
expect(certificateStore.isTrusted(wssCertOrigin, certData)).toBe(true);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('isExplicitlyUntrusted', () => {
|
describe('isExplicitlyUntrusted', () => {
|
||||||
|
@ -96,20 +109,20 @@ describe('main/certificateStore', () => {
|
||||||
beforeAll(() => {
|
beforeAll(() => {
|
||||||
validateCertificateStore.mockImplementation((data) => JSON.parse(data));
|
validateCertificateStore.mockImplementation((data) => JSON.parse(data));
|
||||||
fs.readFileSync.mockImplementation(() => JSON.stringify(certificateData));
|
fs.readFileSync.mockImplementation(() => JSON.stringify(certificateData));
|
||||||
certificateStore = new CertificateStore('somefilename');
|
certificateStore = new CertificateStore('someFilename');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should return true for explicitly untrusted cert', () => {
|
it('should return true for explicitly untrusted cert', () => {
|
||||||
expect(certificateStore.isExplicitlyUntrusted('https://server-2.com', {
|
expect(certificateStore.isExplicitlyUntrusted('https://server-2.com', {
|
||||||
data: 'somerandomdata',
|
data: 'someRandomData',
|
||||||
issuerName: 'someissuer',
|
issuerName: 'someIssuer',
|
||||||
})).toBe(true);
|
})).toBe(true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should return false for trusted cert', () => {
|
it('should return false for trusted cert', () => {
|
||||||
expect(certificateStore.isExplicitlyUntrusted('https://server-1.com', {
|
expect(certificateStore.isExplicitlyUntrusted('https://server-1.com', {
|
||||||
data: 'somerandomdata',
|
data: 'someRandomData',
|
||||||
issuerName: 'someissuer',
|
issuerName: 'someIssuer',
|
||||||
})).toBe(false);
|
})).toBe(false);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -58,7 +58,15 @@ export class CertificateStore {
|
||||||
};
|
};
|
||||||
|
|
||||||
add = (targetURL: string, certificate: Certificate, dontTrust = false) => {
|
add = (targetURL: string, certificate: Certificate, dontTrust = false) => {
|
||||||
this.data[urlUtils.getHost(targetURL)] = comparableCertificate(certificate, dontTrust);
|
const host = urlUtils.getHost(targetURL);
|
||||||
|
const comparableCert = comparableCertificate(certificate, dontTrust);
|
||||||
|
this.data[host] = comparableCert;
|
||||||
|
|
||||||
|
// Trust certificate for websocket connections on the same origin.
|
||||||
|
if (host.startsWith('https://')) {
|
||||||
|
const wssHost = host.replace('https', 'wss');
|
||||||
|
this.data[wssHost] = comparableCert;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
isExisting = (targetURL: string) => {
|
isExisting = (targetURL: string) => {
|
||||||
|
|
Loading…
Reference in a new issue