Skip to content

Commit

Permalink
feat: allow options.https.pfx for mTSL
Browse files Browse the repository at this point in the history
Closes #326
  • Loading branch information
cplussharp authored Jan 29, 2021
1 parent b495d20 commit 075cad7
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 1 deletion.
4 changes: 4 additions & 0 deletions docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -647,6 +647,10 @@ client[custom.http_options] = function (options) {
// custom CA
// options.https.ca = ca; // <string> | <string[]> | <Buffer> | <Buffer[]>

// use with .p12/.pfx files
// options.https.pfx = pfx; // <string> | <string[]> | <Buffer> | <Buffer[]> | <Object[]>
// options.https.passphrase = passphrase; // <string>

// use HTTP(S)_PROXY
// https://github.com/sindresorhus/got/tree/v11.8.0#agent
// options.agent = agent;
Expand Down
2 changes: 1 addition & 1 deletion lib/helpers/request.js
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ module.exports = async function request(options, { mTLS = false, DPoP } = {}) {
mTLS
&& (
(!opts.key || !opts.cert)
&& (!opts.https || !opts.https.key || !opts.https.certificate)
&& (!opts.https || !((opts.https.key && opts.https.certificate) || opts.https.pfx))
)
) {
throw new TypeError('mutual-TLS certificate and key not set');
Expand Down
23 changes: 23 additions & 0 deletions test/client/mtls.test.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
const fs = require('fs');
const path = require('path');

const { expect } = require('chai');
const nock = require('nock');

Expand Down Expand Up @@ -78,6 +81,8 @@ Ym+FYK6KtEjrawUvE9CwzkoXiQbisQsGkp1sJxYDkDzW1jf50T3DOOCbGmW6bi7H
2LZBr34osdcugbFGO07Y8gAiRrh+lbv1JBzALHt93QSVeN9mPNY=
-----END RSA PRIVATE KEY-----`;

const pfx = fs.readFileSync(path.join(__dirname, 'testcert.p12'));

describe('mutual-TLS', () => {
beforeEach(function () {
this.client = new issuer.Client({
Expand Down Expand Up @@ -137,4 +142,22 @@ describe('mutual-TLS', () => {
expect(err.message).to.eql('mutual-TLS certificate and key not set');
}
});

it('works with a PKCS#12 file and a passphrase', async function () {
this.client[custom.http_options] = (opts) => ({ ...opts, https: { pfx } });

nock('https://mtls.op.example.com')
.get('/me').reply(200, { sub: 'foo' });

await this.client.userinfo('foo');

delete this.client[custom.http_options];

try {
await this.client.userinfo('foo');
fail();
} catch (err) {
expect(err.message).to.eql('mutual-TLS certificate and key not set');
}
});
});
Binary file added test/client/testcert.p12
Binary file not shown.

0 comments on commit 075cad7

Please sign in to comment.