diff --git a/.gitignore b/.gitignore index aae341235..dab77719f 100644 --- a/.gitignore +++ b/.gitignore @@ -17,4 +17,5 @@ docs/build coverage .vscode *.code-workspace -/testkit/CAs \ No newline at end of file +/testkit/CAs +/testkit/CustomCAs diff --git a/packages/testkit-backend/src/request-handlers.js b/packages/testkit-backend/src/request-handlers.js index 857bf4a5e..5587eb5b5 100644 --- a/packages/testkit-backend/src/request-handlers.js +++ b/packages/testkit-backend/src/request-handlers.js @@ -17,7 +17,7 @@ const SUPPORTED_TLS = (() => { return []; })(); -export function NewDriver (context, data, { writeResponse }) { +export function NewDriver (context, data, wire) { const { uri, authorizationToken: { data: authToken }, @@ -51,17 +51,39 @@ export function NewDriver (context, data, { writeResponse }) { ? address => new Promise((resolve, reject) => { const id = context.addResolverRequest(resolve, reject) - writeResponse('ResolverResolutionRequired', { id, address }) + wire.writeResponse('ResolverResolutionRequired', { id, address }) }) : undefined - const driver = neo4j.driver(uri, parsedAuthToken, { + const config = { userAgent, resolver, useBigInt: true, logging: neo4j.logging.console(process.env.LOG_LEVEL) - }) + } + if ('encrypted' in data) { + config.encrypted = data.encrypted ? 'ENCRYPTION_ON' : 'ENCRYPTION_OFF' + } + if ('trustedCertificates' in data) { + if (data.trustedCertificates === null) { + config.trust = 'TRUST_SYSTEM_CA_SIGNED_CERTIFICATES' + } else if (data.trustedCertificates.length === 0) { + config.trust = 'TRUST_ALL_CERTIFICATES' + } else { + config.trust = 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES' + config.trustedCertificates = data.trustedCertificates.map( + e => '/usr/local/share/custom-ca-certificates/' + e + ) + } + } + let driver + try { + driver = neo4j.driver(uri, parsedAuthToken, config) + } catch (err) { + wire.writeError(err) + return + } const id = context.addDriver(driver) - writeResponse('Driver', { id }) + wire.writeResponse('Driver', { id }) } export function DriverClose (context, data, wire) { @@ -293,6 +315,8 @@ export function GetFeatures (_context, _params, wire) { 'Feature:Auth:Custom', 'Feature:Auth:Kerberos', 'Feature:Auth:Bearer', + 'Feature:API:SSLConfig', + 'Feature:API:SSLSchemes', 'AuthorizationExpiredTreatment', 'ConfHint:connection.recv_timeout_seconds', 'Feature:Impersonation', diff --git a/testkit/CAs/trustedRoot.crt b/testkit/CAs/trustedRoot.crt deleted file mode 100644 index 42a69e994..000000000 --- a/testkit/CAs/trustedRoot.crt +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBYjCCAQigAwIBAgIQa3X6W6m8ncU/z6IapvH47jAKBggqhkjOPQQDAjAWMRQw -EgYDVQQDEwt0cnVzdGVkUm9vdDAeFw0yMDA4MjYwNDMxNTlaFw00MDA4MjEwNTMx -NTlaMBYxFDASBgNVBAMTC3RydXN0ZWRSb290MFkwEwYHKoZIzj0CAQYIKoZIzj0D -AQcDQgAEhoOTHBV0ZcpKAF+i8DpishgandrMMOnOb9xWi7bvwZ6ISUMcOHyi+NHU -FDl4/TC1pY9VV8C8aAVDbR68KD3iF6M4MDYwDgYDVR0PAQH/BAQDAgIEMBMGA1Ud -JQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw -RQIgbMCAMhPgjnM928h0cVnvwhTdCWp5KK5gfh048tjdrhICIQD1FLjrJ4I3m3HJ -1idY5YFj9TwoDxKAtpugoDcyxaOgIQ== ------END CERTIFICATE----- diff --git a/testkit/Dockerfile b/testkit/Dockerfile index 497dfc0ee..cbab60713 100644 --- a/testkit/Dockerfile +++ b/testkit/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && \ curl \ python3 \ nodejs \ - npm \ + npm \ firefox \ && rm -rf /var/lib/apt/lists/* @@ -17,18 +17,20 @@ RUN npm install -g npm@7 \ && /bin/bash -c "hash -d npm" # Enable tls v1.0 -RUN echo "openssl_conf = openssl_configuration\n"|cat - /etc/ssl/openssl.cnf > /tmp/openssl_conf.cnf \ - && mv /tmp/openssl_conf.cnf /etc/ssl/openssl.cnf +RUN echo "openssl_conf = openssl_configuration\n"|cat - /etc/ssl/openssl.cnf > /tmp/openssl_conf.cnf \ + && mv /tmp/openssl_conf.cnf /etc/ssl/openssl.cnf RUN echo "[openssl_configuration]\n\ ssl_conf = ssl_configuration\n\ [ssl_configuration]\n\ system_default = tls_system_default\n\ [tls_system_default]\n\ -CipherString = DEFAULT:@SECLEVEL=1" >> /etc/ssl/openssl.cnf +CipherString = DEFAULT:@SECLEVEL=1" >> /etc/ssl/openssl.cnf # Install our own CAs on the image. # Assumes Linux Debian based image. COPY CAs/* /usr/local/share/ca-certificates/ +# Store custom CAs somewhere where the backend can find them later. +COPY CustomCAs/* /usr/local/share/custom-ca-certificates/ RUN update-ca-certificates # Creating an user for building the driver and running the tests