src/test/reverseproxy-test.js

/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */

'use strict';

var async = require('async'),
    database = require('../database.js'),
    expect = require('expect.js'),
    reverseProxy = require('../reverseproxy.js'),
    settings = require('../settings.js');

function setup(done) {
    async.series([
        database.initialize,
        settings.initialize,
        database._clear
    ], done);
}

function cleanup(done) {
    async.series([
        database._clear,
        database.uninitialize
    ], done);
}

describe('Certificates', function () {
    describe('validateCertificate', function () {
        /*
          Generate these with:
            openssl genrsa -out server.key 512
            openssl req -new -key server.key -out server.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=Nebulon/OU=CTO/CN=baz.foobar.com"
            openssl x509 -req -days 1460 -in server.csr -signkey server.key -out server.crt
        */

        // foobar.com
        var validCert0 = '-----BEGIN CERTIFICATE-----\nMIIBujCCAWQCCQDuY8krIDA+KzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzETMBEGA1UEAwwKZm9vYmFyLmNvbTAeFw0xNjEx\nMDgwODI2MTRaFw0yMDExMDcwODI2MTRaMGQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI\nDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEQMA4GA1UECgwHTmVidWxvbjEMMAoG\nA1UECwwDQ1RPMRMwEQYDVQQDDApmb29iYXIuY29tMFwwDQYJKoZIhvcNAQEBBQAD\nSwAwSAJBALmlwGXb1B9OzZIE9E6eKG1pZJ3P6Sy2tNAWiQ0658uyZhD1udGMNGM1\nRs9IRX+J5p+rAlPglNiG/ArOZtIES8MCAwEAATANBgkqhkiG9w0BAQsFAANBAER1\nxTRc7NQxYYhwld2/gIW5nBJMel7LxYzNlDCbRo1T8a7K6Y4kugORKFidyTjIbsAP\n84gnjmQl9NvBmv33yFk=\n-----END CERTIFICATE-----';
        var validKey0 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBALmlwGXb1B9OzZIE9E6eKG1pZJ3P6Sy2tNAWiQ0658uyZhD1udGM\nNGM1Rs9IRX+J5p+rAlPglNiG/ArOZtIES8MCAwEAAQJAZhXVVK2rWYP12uPKjCjA\nRln8MCOSLzpQ91RNDO9lY0bIpU+9YfKyyeEPWvFKsvBPTFaS0nyGIiZYIoYoZpCJ\nsQIhAODmkO+UsKTmGKMHqvvmN1Am9zisbiwLqw1F/5g/q6PfAiEA01GhntKZ6vqp\nhihca3tEZKDA3URI/axHTxLKCnp4tJ0CIDFu3Gqcrxr/rGihNdb6aiwG9I4TcH/j\n7KwVN7H6RLrXAiEAyDhtKP2kJncPznRJdPEbkTia5EtB2VC1U9+anSkDWyUCICLn\ngje2pXjZfRtcp49uM/WrQhBifrpuqFSIrLNU3Eb5\n-----END RSA PRIVATE KEY-----';

        // *.foobar.com
        var validCert1 = '-----BEGIN CERTIFICATE-----\nMIIBvjCCAWgCCQDLKYLGisj0djANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEVMBMGA1UEAwwMKi5mb29iYXIuY29tMB4XDTE2\nMTEwODA4MjcxNloXDTIwMTEwNzA4MjcxNlowZjELMAkGA1UEBhMCREUxDzANBgNV\nBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRAwDgYDVQQKDAdOZWJ1bG9uMQww\nCgYDVQQLDANDVE8xFTATBgNVBAMMDCouZm9vYmFyLmNvbTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQDXApN6RG4Q6VqJbPsfZNin29V57giGmA81icZFiU0ARv8V0SRF\nShRqPo7iem+0mfH3PgGmauOP+xEu6rFJbZQPAgMBAAEwDQYJKoZIhvcNAQELBQAD\nQQAZxeVrCNoXIs4jtCxgyTDoyFM5IGkq1dlM2CvZW+z3JV8ReCJOw1OEVgd0jIQs\nqZtqd7CQqyWiPMk/QhNInlEd\n-----END CERTIFICATE-----';
        var validKey1 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBPAIBAAJBANcCk3pEbhDpWols+x9k2Kfb1XnuCIaYDzWJxkWJTQBG/xXRJEVK\nFGo+juJ6b7SZ8fc+AaZq44/7ES7qsUltlA8CAwEAAQJBAMyD1MgeQxuu+8FwekXY\nZQT15E9AjbeI+B6S2JfYC/hP0AcGldmQ03KD8N497OOwuagEOZcGdS1eU45E224l\n6DECIQD+yLV6K7BUISdnIXvjkmjkwm1pQNWh4T5o3dArW4Hi+wIhANgJRaF5tbBF\ntYbFzdaDwkPlQurtUM5il/Trci9Q7Sb9AiEA+s2Wn2HcXKSaRhIXA2j/apjd3Ste\nYND6f35CSjv0+vsCIBrIg35ydWkGK2wrB8rpiOMcAEDZ7SO5K3es3PoqwUwNAiEA\n1CAqYa+GI9vDIwDJuInK3k/u4VlsiQiPdjoBySI+bDY=\n-----END RSA PRIVATE KEY-----';

        // baz.foobar.com
        var validCert2 = '-----BEGIN CERTIFICATE-----\nMIIBwjCCAWwCCQCZjm6jL50XfTANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEXMBUGA1UEAwwOYmF6LmZvb2Jhci5jb20wHhcN\nMTYxMTA4MDgyMDE1WhcNMjAxMTA3MDgyMDE1WjBoMQswCQYDVQQGEwJERTEPMA0G\nA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05lYnVsb24x\nDDAKBgNVBAsMA0NUTzEXMBUGA1UEAwwOYmF6LmZvb2Jhci5jb20wXDANBgkqhkiG\n9w0BAQEFAANLADBIAkEAtKoyTPrf2DjKbnW7Xr1HbRvV+quHTcGmUq5anDI7G4w/\nabqDXGYyakHHlPyZxYp7FWQxCm83rHUuDT1LiLIBZQIDAQABMA0GCSqGSIb3DQEB\nCwUAA0EAVaD2Q6bF9hcUUBev5NyjaMdDYURuWfjuwWUkb8W50O2ed3O+MATKrDdS\nyVaBy8W02KJ4Y1ym4je/MF8nilPurA==\n-----END CERTIFICATE-----';
        var validKey2 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBALSqMkz639g4ym51u169R20b1fqrh03BplKuWpwyOxuMP2m6g1xm\nMmpBx5T8mcWKexVkMQpvN6x1Lg09S4iyAWUCAwEAAQJBAJXu7YHPbjfuoalcUZzF\nbuKRCFtZQRf5z0Os6QvZ8A3iR0SzYJzx+c2ibp7WdifMXp3XaKm4tHSOfumrjUIq\nt10CIQDrs9Xo7bq0zuNjUV5IshNfaiYKZRfQciRVW2O8xBP9VwIhAMQ5CCEDZy+u\nsaF9RtmB0bjbe6XonBlAzoflfH/MAwWjAiEA50hL+ohr0MfCMM7DKaozgEj0kvan\n645VQLywnaX5x3kCIQDCwjinS9FnKmV0e/uOd6PJb0/S5IXLKt/TUpu33K5DMQIh\nAM9peu3B5t9pO59MmeUGZwI+bEJfEb+h03WTptBxS3pO\n-----END RSA PRIVATE KEY-----';

        it('does not allow empty string for cert', function () {
            expect(reverseProxy.validateCertificate('foobar.com', '', 'key')).to.be.an(Error);
        });

        it('does not allow empty string for key', function () {
            expect(reverseProxy.validateCertificate('foobar.com', 'cert', '')).to.be.an(Error);
        });

        it('does not allow invalid cert', function () {
            expect(reverseProxy.validateCertificate('foobar.com', 'someinvalidcert', validKey0)).to.be.an(Error);
        });

        it('does not allow invalid key', function () {
            expect(reverseProxy.validateCertificate('foobar.com', validCert0, 'invalidkey')).to.be.an(Error);
        });

        it('does not allow cert without matching domain', function () {
            expect(reverseProxy.validateCertificate('cloudron.io', validCert0, validKey0)).to.be.an(Error);
        });

        it('allows valid cert with matching domain', function () {
            expect(reverseProxy.validateCertificate('foobar.com', validCert0, validKey0)).to.be(null);
        });

        it('allows valid cert with matching domain (wildcard)', function () {
            expect(reverseProxy.validateCertificate('abc.foobar.com', validCert1, validKey1)).to.be(null);
        });

        it('does now allow cert without matching domain (wildcard)', function () {
            expect(reverseProxy.validateCertificate('foobar.com', validCert1, validKey1)).to.be.an(Error);
            expect(reverseProxy.validateCertificate('bar.abc.foobar.com', validCert1, validKey1)).to.be.an(Error);
        });

        it('allows valid cert with matching domain (subdomain)', function () {
            expect(reverseProxy.validateCertificate('baz.foobar.com', validCert2, validKey2)).to.be(null);
        });

        it('does not allow cert without matching domain (subdomain)', function () {
            expect(reverseProxy.validateCertificate('baz.foobar.com', validCert0, validKey0)).to.be.an(Error);
        });

        it('does not allow invalid cert/key tuple', function () {
            expect(reverseProxy.validateCertificate('foobar.com', validCert0, validKey1)).to.be.an(Error);
        });
    });

    describe('getApi - caas', function () {
        before(function (done) {
            async.series([
                setup,
                settings.setTlsConfig.bind(null, { provider: 'caas' })
            ], done);
        });

        after(cleanup);

        it('returns prod caas for prod cloudron', function (done) {
            reverseProxy._getApi({ }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('caas');
                expect(options.prod).to.be(true);
                done();
            });
        });

        it('returns prod caas for dev cloudron', function (done) {
            reverseProxy._getApi({ }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('caas');
                expect(options.prod).to.be(true);
                done();
            });
        });

        it('returns prod-acme with altDomain in prod cloudron', function (done) {
            reverseProxy._getApi({ altDomain: 'foo.something.com' }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('acme');
                expect(options.prod).to.be(true);
                done();
            });
        });

        it('returns prod acme with altDomain in dev cloudron', function (done) {
            reverseProxy._getApi({ altDomain: 'foo.something.com' }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('acme');
                expect(options.prod).to.be(true);
                done();
            });
        });
    });

    describe('getApi - le-prod', function () {
        before(function (done) {
            async.series([
                setup,
                settings.setTlsConfig.bind(null, { provider: 'le-prod' })
            ], done);
        });

        after(cleanup);

        it('returns prod acme in prod cloudron', function (done) {
            reverseProxy._getApi({ }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('acme');
                expect(options.prod).to.be(true);
                done();
            });
        });

        it('returns prod acme with altDomain in prod cloudron', function (done) {
            reverseProxy._getApi({ altDomain: 'foo.bar.com' }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('acme');
                expect(options.prod).to.be(true);
                done();
            });
        });

        it('returns prod acme in dev cloudron', function (done) {
            reverseProxy._getApi({ }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('acme');
                expect(options.prod).to.be(true);
                done();
            });
        });
    });

    describe('getApi - le-staging', function () {
        before(function (done) {
            async.series([
                setup,
                settings.setTlsConfig.bind(null, { provider: 'le-staging' })
            ], done);
        });

        after(cleanup);

        it('returns staging acme in prod cloudron', function (done) {
            reverseProxy._getApi({ }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('acme');
                expect(options.prod).to.be(false);
                done();
            });
        });

        it('returns staging acme in dev cloudron', function (done) {
            reverseProxy._getApi({ }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('acme');
                expect(options.prod).to.be(false);
                done();
            });
        });

        it('returns staging acme with altDomain in prod cloudron', function (done) {
            reverseProxy._getApi({ altDomain: 'foo.bar.com' }, function (error, api, options) {
                expect(error).to.be(null);
                expect(api._name).to.be('acme');
                expect(options.prod).to.be(false);
                done();
            });
        });
    });
});
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`/* global it:false */`
			`/* global describe:false */`
			`/* global before:false */`
			`/* global after:false */`

			`'use strict';`

fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`var async = require('async'),`
			`database = require('../database.js'),`
			`expect = require('expect.js'),`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy = require('../reverseproxy.js'),`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`settings = require('../settings.js');`

			`function setup(done) {`
			`async.series([`
			`database.initialize,`
make tests pass 2017-02-24 21:48:38 -08:00			`settings.initialize,`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`database._clear`
			`], done);`
			`}`

			`function cleanup(done) {`
make tests finish database.uninitialize must be called to drop the connection 2017-11-27 11:48:36 -08:00			`async.series([`
			`database._clear,`
			`database.uninitialize`
			`], done);`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`}`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00
rename certificatemanager 2015-12-11 12:24:52 -08:00			`describe('Certificates', function () {`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`describe('validateCertificate', function () {`
			`/*`
			`Generate these with:`
			`openssl genrsa -out server.key 512`
			`openssl req -new -key server.key -out server.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=Nebulon/OU=CTO/CN=baz.foobar.com"`
Renew expired certs in the cert tests 2016-11-08 09:28:48 +01:00			`openssl x509 -req -days 1460 -in server.csr -signkey server.key -out server.crt`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`*/`

			`// foobar.com`
Renew expired certs in the cert tests 2016-11-08 09:28:48 +01:00			var validCert0 = '-----BEGIN CERTIFICATE-----\nMIIBujCCAWQCCQDuY8krIDA+KzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzETMBEGA1UEAwwKZm9vYmFyLmNvbTAeFw0xNjEx\nMDgwODI2MTRaFw0yMDExMDcwODI2MTRaMGQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI\nDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEQMA4GA1UECgwHTmVidWxvbjEMMAoG\nA1UECwwDQ1RPMRMwEQYDVQQDDApmb29iYXIuY29tMFwwDQYJKoZIhvcNAQEBBQAD\nSwAwSAJBALmlwGXb1B9OzZIE9E6eKG1pZJ3P6Sy2tNAWiQ0658uyZhD1udGMNGM1\nRs9IRX+J5p+rAlPglNiG/ArOZtIES8MCAwEAATANBgkqhkiG9w0BAQsFAANBAER1\nxTRc7NQxYYhwld2/gIW5nBJMel7LxYzNlDCbRo1T8a7K6Y4kugORKFidyTjIbsAP\n84gnjmQl9NvBmv33yFk=\n-----END CERTIFICATE-----';
			var validKey0 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBALmlwGXb1B9OzZIE9E6eKG1pZJ3P6Sy2tNAWiQ0658uyZhD1udGM\nNGM1Rs9IRX+J5p+rAlPglNiG/ArOZtIES8MCAwEAAQJAZhXVVK2rWYP12uPKjCjA\nRln8MCOSLzpQ91RNDO9lY0bIpU+9YfKyyeEPWvFKsvBPTFaS0nyGIiZYIoYoZpCJ\nsQIhAODmkO+UsKTmGKMHqvvmN1Am9zisbiwLqw1F/5g/q6PfAiEA01GhntKZ6vqp\nhihca3tEZKDA3URI/axHTxLKCnp4tJ0CIDFu3Gqcrxr/rGihNdb6aiwG9I4TcH/j\n7KwVN7H6RLrXAiEAyDhtKP2kJncPznRJdPEbkTia5EtB2VC1U9+anSkDWyUCICLn\ngje2pXjZfRtcp49uM/WrQhBifrpuqFSIrLNU3Eb5\n-----END RSA PRIVATE KEY-----';
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00
			`// *.foobar.com`
Renew expired certs in the cert tests 2016-11-08 09:28:48 +01:00			var validCert1 = '-----BEGIN CERTIFICATE-----\nMIIBvjCCAWgCCQDLKYLGisj0djANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEVMBMGA1UEAwwMKi5mb29iYXIuY29tMB4XDTE2\nMTEwODA4MjcxNloXDTIwMTEwNzA4MjcxNlowZjELMAkGA1UEBhMCREUxDzANBgNV\nBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRAwDgYDVQQKDAdOZWJ1bG9uMQww\nCgYDVQQLDANDVE8xFTATBgNVBAMMDCouZm9vYmFyLmNvbTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQDXApN6RG4Q6VqJbPsfZNin29V57giGmA81icZFiU0ARv8V0SRF\nShRqPo7iem+0mfH3PgGmauOP+xEu6rFJbZQPAgMBAAEwDQYJKoZIhvcNAQELBQAD\nQQAZxeVrCNoXIs4jtCxgyTDoyFM5IGkq1dlM2CvZW+z3JV8ReCJOw1OEVgd0jIQs\nqZtqd7CQqyWiPMk/QhNInlEd\n-----END CERTIFICATE-----';
			var validKey1 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBPAIBAAJBANcCk3pEbhDpWols+x9k2Kfb1XnuCIaYDzWJxkWJTQBG/xXRJEVK\nFGo+juJ6b7SZ8fc+AaZq44/7ES7qsUltlA8CAwEAAQJBAMyD1MgeQxuu+8FwekXY\nZQT15E9AjbeI+B6S2JfYC/hP0AcGldmQ03KD8N497OOwuagEOZcGdS1eU45E224l\n6DECIQD+yLV6K7BUISdnIXvjkmjkwm1pQNWh4T5o3dArW4Hi+wIhANgJRaF5tbBF\ntYbFzdaDwkPlQurtUM5il/Trci9Q7Sb9AiEA+s2Wn2HcXKSaRhIXA2j/apjd3Ste\nYND6f35CSjv0+vsCIBrIg35ydWkGK2wrB8rpiOMcAEDZ7SO5K3es3PoqwUwNAiEA\n1CAqYa+GI9vDIwDJuInK3k/u4VlsiQiPdjoBySI+bDY=\n-----END RSA PRIVATE KEY-----';
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00
			`// baz.foobar.com`
Renew expired certs in the cert tests 2016-11-08 09:28:48 +01:00			var validCert2 = '-----BEGIN CERTIFICATE-----\nMIIBwjCCAWwCCQCZjm6jL50XfTANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEXMBUGA1UEAwwOYmF6LmZvb2Jhci5jb20wHhcN\nMTYxMTA4MDgyMDE1WhcNMjAxMTA3MDgyMDE1WjBoMQswCQYDVQQGEwJERTEPMA0G\nA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05lYnVsb24x\nDDAKBgNVBAsMA0NUTzEXMBUGA1UEAwwOYmF6LmZvb2Jhci5jb20wXDANBgkqhkiG\n9w0BAQEFAANLADBIAkEAtKoyTPrf2DjKbnW7Xr1HbRvV+quHTcGmUq5anDI7G4w/\nabqDXGYyakHHlPyZxYp7FWQxCm83rHUuDT1LiLIBZQIDAQABMA0GCSqGSIb3DQEB\nCwUAA0EAVaD2Q6bF9hcUUBev5NyjaMdDYURuWfjuwWUkb8W50O2ed3O+MATKrDdS\nyVaBy8W02KJ4Y1ym4je/MF8nilPurA==\n-----END CERTIFICATE-----';
			var validKey2 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBALSqMkz639g4ym51u169R20b1fqrh03BplKuWpwyOxuMP2m6g1xm\nMmpBx5T8mcWKexVkMQpvN6x1Lg09S4iyAWUCAwEAAQJBAJXu7YHPbjfuoalcUZzF\nbuKRCFtZQRf5z0Os6QvZ8A3iR0SzYJzx+c2ibp7WdifMXp3XaKm4tHSOfumrjUIq\nt10CIQDrs9Xo7bq0zuNjUV5IshNfaiYKZRfQciRVW2O8xBP9VwIhAMQ5CCEDZy+u\nsaF9RtmB0bjbe6XonBlAzoflfH/MAwWjAiEA50hL+ohr0MfCMM7DKaozgEj0kvan\n645VQLywnaX5x3kCIQDCwjinS9FnKmV0e/uOd6PJb0/S5IXLKt/TUpu33K5DMQIh\nAM9peu3B5t9pO59MmeUGZwI+bEJfEb+h03WTptBxS3pO\n-----END RSA PRIVATE KEY-----';
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00
			`it('does not allow empty string for cert', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('foobar.com', '', 'key')).to.be.an(Error);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('does not allow empty string for key', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('foobar.com', 'cert', '')).to.be.an(Error);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('does not allow invalid cert', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('foobar.com', 'someinvalidcert', validKey0)).to.be.an(Error);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('does not allow invalid key', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('foobar.com', validCert0, 'invalidkey')).to.be.an(Error);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('does not allow cert without matching domain', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('cloudron.io', validCert0, validKey0)).to.be.an(Error);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('allows valid cert with matching domain', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('foobar.com', validCert0, validKey0)).to.be(null);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('allows valid cert with matching domain (wildcard)', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('abc.foobar.com', validCert1, validKey1)).to.be(null);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('does now allow cert without matching domain (wildcard)', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('foobar.com', validCert1, validKey1)).to.be.an(Error);`
			`expect(reverseProxy.validateCertificate('bar.abc.foobar.com', validCert1, validKey1)).to.be.an(Error);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('allows valid cert with matching domain (subdomain)', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('baz.foobar.com', validCert2, validKey2)).to.be(null);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('does not allow cert without matching domain (subdomain)', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('baz.foobar.com', validCert0, validKey0)).to.be.an(Error);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`

			`it('does not allow invalid cert/key tuple', function () {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`expect(reverseProxy.validateCertificate('foobar.com', validCert0, validKey1)).to.be.an(Error);`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`
			`});`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00
			`describe('getApi - caas', function () {`
			`before(function (done) {`
			`async.series([`
			`setup,`
			`settings.setTlsConfig.bind(null, { provider: 'caas' })`
			`], done);`
			`});`

			`after(cleanup);`

			`it('returns prod caas for prod cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('caas');`
			`expect(options.prod).to.be(true);`
			`done();`
			`});`
			`});`

Remove isDev flag We can pretty much test everything here on self-hosted cloudrons now 2017-04-13 11:24:57 -07:00			`it('returns prod caas for dev cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('caas');`
Remove isDev flag We can pretty much test everything here on self-hosted cloudrons now 2017-04-13 11:24:57 -07:00			`expect(options.prod).to.be(true);`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`done();`
			`});`
			`});`

			`it('returns prod-acme with altDomain in prod cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ altDomain: 'foo.something.com' }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('acme');`
			`expect(options.prod).to.be(true);`
			`done();`
			`});`
			`});`

Remove isDev flag We can pretty much test everything here on self-hosted cloudrons now 2017-04-13 11:24:57 -07:00			`it('returns prod acme with altDomain in dev cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ altDomain: 'foo.something.com' }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('acme');`
Remove isDev flag We can pretty much test everything here on self-hosted cloudrons now 2017-04-13 11:24:57 -07:00			`expect(options.prod).to.be(true);`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`done();`
			`});`
			`});`
			`});`

			`describe('getApi - le-prod', function () {`
			`before(function (done) {`
			`async.series([`
			`setup,`
			`settings.setTlsConfig.bind(null, { provider: 'le-prod' })`
			`], done);`
			`});`

			`after(cleanup);`

			`it('returns prod acme in prod cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('acme');`
			`expect(options.prod).to.be(true);`
			`done();`
			`});`
			`});`

			`it('returns prod acme with altDomain in prod cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ altDomain: 'foo.bar.com' }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('acme');`
			`expect(options.prod).to.be(true);`
			`done();`
			`});`
			`});`

			`it('returns prod acme in dev cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('acme');`
			`expect(options.prod).to.be(true);`
			`done();`
			`});`
			`});`
			`});`

			`describe('getApi - le-staging', function () {`
			`before(function (done) {`
			`async.series([`
			`setup,`
			`settings.setTlsConfig.bind(null, { provider: 'le-staging' })`
			`], done);`
			`});`

			`after(cleanup);`

			`it('returns staging acme in prod cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('acme');`
			`expect(options.prod).to.be(false);`
			`done();`
			`});`
			`});`

			`it('returns staging acme in dev cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('acme');`
			`expect(options.prod).to.be(false);`
			`done();`
			`});`
			`});`

			`it('returns staging acme with altDomain in prod cloudron', function (done) {`
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already. 2018-01-30 12:23:27 -08:00			`reverseProxy._getApi({ altDomain: 'foo.bar.com' }, function (error, api, options) {`
fix acme prod setting detection 2016-06-22 13:48:07 -05:00			`expect(error).to.be(null);`
			`expect(api._name).to.be('acme');`
			`expect(options.prod).to.be(false);`
			`done();`
			`});`
			`});`
			`});`
move validateCertificate to certificateManager 2015-12-10 20:31:38 -08:00			`});`