Create a remote client proxy test with CAs to check serialization

pimterry · pimterry · commit e143578e0ed0 · 2024-07-12T19:28:36.000+02:00
diff --git a/src/serialization/serialization.ts b/src/serialization/serialization.ts
@@ -346,7 +346,7 @@ export function serializeProxyConfig(
                     ? { cert: caDefinition.cert.toString('utf8') } // Stringify in case of buffers
                     : caDefinition
             )
-        }
+        };
     }
 }
 
diff --git a/test/integration/proxying/upstream-proxying.spec.ts b/test/integration/proxying/upstream-proxying.spec.ts
@@ -2,7 +2,7 @@ import _ = require("lodash");
 import * as fs from 'fs/promises';
 import request = require("request-promise-native");
 
-import { getLocal, Mockttp, MockedEndpoint } from "../../..";
+import { getLocal, Mockttp, MockedEndpoint, getAdminServer, getRemote } from "../../..";
 import {
     expect,
     nodeOnly
@@ -352,8 +352,107 @@ nodeOnly(() => {
                 // And it went via the intermediate proxy
                 expect((await proxyEndpoint.getSeenRequests()).length).to.equal(1);
             });
+        });
+
+        describe("with a remote client", () => {
+
+            const adminServer = getAdminServer();
+
+            before(() => adminServer.start());
+            after(() => adminServer.stop());
+
+            beforeEach(async () => {
+                server = getRemote();
+                await server.start();
+
+                // Configure Request to use the *first* server as a proxy
+                process.env = _.merge({}, process.env, server.proxyEnv);
+            });
+
+            describe("to an HTTPS proxy", () => {
+
+                const intermediateProxy = getLocal({
+                    https: {
+                        keyPath: './test/fixtures/untrusted-ca.key',
+                        certPath: './test/fixtures/untrusted-ca.pem'
+                    }
+                });
+                // HTTPS proxy - note that the remote server is plain HTTP.
+
+                let proxyEndpoint: MockedEndpoint;
+
+                beforeEach(async () => {
+                    await intermediateProxy.start();
+                    proxyEndpoint = await intermediateProxy.forAnyRequest().thenPassThrough(); // Totally neutral proxy
+                });
+
+                afterEach(() => intermediateProxy.stop());
+
+                it("should not trust unknown proxy CAs by default", async () => {
+                    // Remote server sends fixed response on this one URL:
+                    await remoteServer.forGet('/test-url').thenReply(200, "Remote server says hi!");
+
+                    // Mockttp forwards requests via our intermediate proxy
+                    await server.forAnyRequest().thenPassThrough({
+                        proxyConfig: {
+                            proxyUrl: intermediateProxy.url
+                        }
+                    });
+
+                    const result = await request.get(remoteServer.urlFor("/test-url")).catch(e => e);
+
+                    expect(result).to.be.instanceOf(Error);
+                    expect(result.message).to.match(/self(-| )signed certificate/); // Dash varies by Node version
+                });
+
+                it("should trust the remote proxy's CA if explicitly specified", async () => {
+                    // Remote server sends fixed response on this one URL:
+                    await remoteServer.forGet('/test-url').thenReply(200, "Remote server says hi!");
+
+                    // Mockttp forwards requests via our intermediate proxy
+                    await server.forAnyRequest().thenPassThrough({
+                        proxyConfig: {
+                            proxyUrl: intermediateProxy.url,
+                            trustedCAs: [
+                                { cert: await fs.readFile('./test/fixtures/untrusted-ca.pem') }
+                            ]
+                        }
+                    });
+
+                    const response = await request.get(remoteServer.urlFor("/test-url"));
+
+                    // We get a successful response
+                    expect(response).to.equal("Remote server says hi!");
+                    // And it went via the intermediate proxy
+                    expect((await proxyEndpoint.getSeenRequests()).length).to.equal(1);
+                });
+
+                it("should trust the remote proxy's CA if explicitly specified as additional", async () => {
+                    // Remote server sends fixed response on this one URL:
+                    await remoteServer.forGet('/test-url').thenReply(200, "Remote server says hi!");
+
+                    // Mockttp forwards requests via our intermediate proxy
+                    await server.forAnyRequest().thenPassThrough({
+                        proxyConfig: {
+                            proxyUrl: intermediateProxy.url,
+                            additionalTrustedCAs: [
+                                { cert: (await fs.readFile('./test/fixtures/untrusted-ca.pem')).toString() }
+                            ]
+                        }
+                    });
+
+                    const response = await request.get(remoteServer.urlFor("/test-url"));
+
+                    // We get a successful response
+                    expect(response).to.equal("Remote server says hi!");
+                    // And it went via the intermediate proxy
+                    expect((await proxyEndpoint.getSeenRequests()).length).to.equal(1);
+                });
+
+            });
 
         });
 
     });
+
 });

Original file line number	Diff line number	Diff line change
`@@ -346,7 +346,7 @@ export function serializeProxyConfig(`
`346`	`346`	`? { cert: caDefinition.cert.toString('utf8') } // Stringify in case of buffers`
`347`	`347`	`: caDefinition`
`348`	`348`	`)`
`349`		`- }`
	`349`	`+ };`
`350`	`350`	`}`
`351`	`351`	`}`
`352`	`352`