| 26 | } & express.Express; |
| 27 | |
| 28 | const createHttpsTestServer = async (options: HttpsServerOptions = {}): Promise<ExtendedHttpsTestServer> => { |
| 29 | const createCsr = pify(pem.createCSR as CreateCsr); |
| 30 | const createCertificate = pify(pem.createCertificate as CreateCertificate); |
| 31 | const commonName = options.commonName ?? 'localhost'; |
| 32 | const serverCertificateConfiguration = ` |
| 33 | [req] |
| 34 | req_extensions = v3_req |
| 35 | [dn] |
| 36 | CN = ${commonName} |
| 37 | [v3_req] |
| 38 | basicConstraints = critical,CA:FALSE |
| 39 | keyUsage = critical,digitalSignature,keyEncipherment |
| 40 | extendedKeyUsage = serverAuth |
| 41 | subjectAltName = @alt_names |
| 42 | [alt_names] |
| 43 | DNS.1 = ${commonName} |
| 44 | `; |
| 45 | const caCertificateConfiguration = ` |
| 46 | [req] |
| 47 | req_extensions = v3_req |
| 48 | [dn] |
| 49 | CN = authority |
| 50 | [v3_req] |
| 51 | basicConstraints = critical,CA:TRUE |
| 52 | keyUsage = critical,keyCertSign,cRLSign |
| 53 | `; |
| 54 | |
| 55 | const caCsrResult = await createCsr({commonName: 'authority'}); |
| 56 | const caResult = await createCertificate({ |
| 57 | csr: caCsrResult.csr, |
| 58 | clientKey: caCsrResult.clientKey, |
| 59 | selfSigned: true, |
| 60 | config: caCertificateConfiguration, |
| 61 | }); |
| 62 | const caKey = caResult.clientKey; |
| 63 | const caCert = caResult.certificate; |
| 64 | |
| 65 | const serverCsrResult = await createCsr({commonName}); |
| 66 | const serverResult = await createCertificate({ |
| 67 | csr: serverCsrResult.csr, |
| 68 | clientKey: serverCsrResult.clientKey, |
| 69 | serviceKey: caKey, |
| 70 | serviceCertificate: caCert, |
| 71 | config: serverCertificateConfiguration, |
| 72 | days: options.days ?? 365, |
| 73 | }); |
| 74 | const serverKey = serverResult.clientKey; |
| 75 | const serverCert = serverResult.certificate; |
| 76 | |
| 77 | const server = express() as ExtendedHttpsTestServer; |
| 78 | server.https = https.createServer( |
| 79 | { |
| 80 | key: serverKey, |
| 81 | cert: serverCert, |
| 82 | ca: caCert, |
| 83 | requestCert: true, |
| 84 | rejectUnauthorized: false, // This should be checked by the test |
| 85 | ciphers: options.ciphers, |