Add support for 'ca' config file option (#1742)

Author: vvm-broadsoft

__tests__/util/request-manager.js

@@ -35,6 +35,49 @@ test('RequestManager.request with cafile', async () => {
   expect(body).toBe('ok');
 });
 
+test('RequestManager.request with ca (string)', async () => {
+  let body;
+  const options = {
+    key: await fs.readFile(path.join(__dirname, '..', 'fixtures', 'certificates', 'server-key.pem')),
+    cert: await fs.readFile(path.join(__dirname, '..', 'fixtures', 'certificates', 'server-cert.pem')),
+  };
+  const server = https.createServer(options, (req, res) => { res.end('ok'); });
+  try {
+    server.listen(0);
+    const bundle = await fs.readFile(path.join(__dirname, '..', 'fixtures', 'certificates', 'cacerts.pem'));
+    const hasPemPrefix = (block) => block.startsWith('-----BEGIN ');
+    const caCerts = bundle.split(/(-----BEGIN .*\r?\n[^-]+\r?\n--.*)/).filter(hasPemPrefix);
+    // the 2nd cert is valid one
+    const config = await createConfig({'ca': caCerts[1]});
+    const port = server.address().port;
+    body = await config.requestManager.request({url: `https://localhost:${port}/?nocache`, headers: {Connection: 'close'}});
+  } finally {
+    server.close();
+  }
+  expect(body).toBe('ok');
+});
+
+test('RequestManager.request with ca (array)', async () => {
+  let body;
+  const options = {
+    key: await fs.readFile(path.join(__dirname, '..', 'fixtures', 'certificates', 'server-key.pem')),
+    cert: await fs.readFile(path.join(__dirname, '..', 'fixtures', 'certificates', 'server-cert.pem')),
+  };
+  const server = https.createServer(options, (req, res) => { res.end('ok'); });
+  try {
+    server.listen(0);
+    const bundle = await fs.readFile(path.join(__dirname, '..', 'fixtures', 'certificates', 'cacerts.pem'));
+    const hasPemPrefix = (block) => block.startsWith('-----BEGIN ');
+    const caCerts = bundle.split(/(-----BEGIN .*\r?\n[^-]+\r?\n--.*)/).filter(hasPemPrefix);
+    const config = await createConfig({'ca': caCerts});
+    const port = server.address().port;
+    body = await config.requestManager.request({url: `https://localhost:${port}/?nocache`, headers: {Connection: 'close'}});
+  } finally {
+    server.close();
+  }
+  expect(body).toBe('ok');
+});
+
 test('RequestManager.request with mutual TLS', async () => {
   let body;
   const options = {

src/config.js

@@ -197,6 +197,7 @@ export default class Config {
       httpProxy: String(opts.httpProxy || this.getOption('proxy') || ''),
       httpsProxy: String(opts.httpsProxy || this.getOption('https-proxy') || ''),
       strictSSL: Boolean(this.getOption('strict-ssl')),
+      ca: Array.prototype.concat(opts.ca || this.getOption('ca') || []).map(String),
       cafile: String(opts.cafile || this.getOption('cafile') || ''),
       cert: String(opts.cert || this.getOption('cert') || ''),
       key: String(opts.key || this.getOption('key') || ''),

src/util/request-manager.js

@@ -111,6 +111,7 @@ export default class RequestManager {
     httpProxy?: string,
     httpsProxy?: string,
     strictSSL?: boolean,
+    ca?: Array<string>,
     cafile?: string,
     cert?: string,
     key?: string,
@@ -139,13 +140,18 @@ export default class RequestManager {
       this.strictSSL = opts.strictSSL;
     }
 
+    if (opts.ca != null && opts.ca.length > 0) {
+      this.ca = opts.ca;
+    }
+
     if (opts.cafile != null && opts.cafile != '') {
       // The CA bundle file can contain one or more certificates with comments/text between each PEM block.
       // tls.connect wants an array of certificates without any comments/text, so we need to split the string
       // and strip out any text in between the certificates
       try {
         const bundle = fs.readFileSync(opts.cafile).toString();
         const hasPemPrefix = (block) => block.startsWith('-----BEGIN ');
+        // opts.cafile overrides opts.ca, this matches with npm behavior
         this.ca = bundle.split(/(-----BEGIN .*\r?\n[^-]+\r?\n--.*)/).filter(hasPemPrefix);
       } catch (err) {
         this.reporter.error(`Could not open cafile: ${err.message}`);