Add nodejs fips test

Add test that verifies that if:
	Container is in fips mode, node is also using fips mode.

	Container isnt in fips mode, node also isnt using fips mode.

Author: tjuhaszrh

test/run

@@ -61,6 +61,9 @@ test_node_cmd_development_init_wrapper_true
 test_init_wrapper_false_development
 "
 
+TEST_LIST_FIPS="\
+test_nodejs_fips_mode
+"
 source "${THISDIR}/test-lib.sh"
 source "${THISDIR}/test-lib-nodejs.sh"
 
@@ -160,3 +163,12 @@ evaluate_build_result $? "proxy"
 TEST_SET=${TESTS:-$TEST_LIST_HW} ct_run_tests_from_testset "hw"
 
 cleanup
+
+echo "Testing fips mode"
+prepare app
+check_prep_result $? app || exit
+echo "Testing the production image build"
+run_s2i_build
+evaluate_build_result $? "default"
+
+TEST_SET=${TESTS:-$TEST_LIST_FIPS} ct_run_tests_from_testset "fips"

test/test-lib-nodejs.sh

@@ -478,6 +478,29 @@ function test_nodemon_present() {
   ct_check_testcase_result "$?"
 }
 
+function test_nodejs_fips_mode() {
+  # Test that nodejs behaves as expected in fips mode
+  local is_fips_enabled
+
+  # Read fips mode from host in case exists
+  if [[ -f /proc/sys/crypto/fips_enabled ]]; then
+    is_fips_enabled=$(cat /proc/sys/crypto/fips_enabled)
+  else
+    is_fips_enabled="0"
+  fi
+  if [[ "$is_fips_enabled" == "0" ]]; then
+    # FIPS disabled -- crypto.getFips() should return 0
+    echo "Fips should be disabled"
+    docker run --rm ${IMAGE_NAME}-testapp /bin/bash -c "node -e 'const crypto = require(\"crypto\"); process.exit(crypto.getFips());'"
+    ct_check_testcase_result "$?"
+  else
+    # FIPS enabled -- crypto.getFips() should return 1
+    echo "Fips should be enabled"
+    docker run --rm ${IMAGE_NAME}-testapp /bin/bash -c "! node -e 'const crypto = require(\"crypto\"); process.exit(crypto.getFips());'"
+    ct_check_testcase_result "$?"
+  fi
+}
+
 function test_npm_cache_cleared() {
   # Test that the npm cache has been cleared
   cache_loc=$(docker run --rm ${IMAGE_NAME}-testapp /bin/bash -c "npm config get cache")