I am trying to use the #peculiar/x509 library to decode a CSR to use some of the information in my tests. The tests are using Cypress.
Here is an extract of my code:
import * as x509 from '#peculiar/x509';
const request = {
certificateSigningRequest: `-----BEGIN CERTIFICATE REQUEST-----
...
-----END CERTIFICATE REQUEST-----`,
};
describe('PKI', () => {
it('works', () => {
console.log(x509);
const stringPEM = request.certificateSigningRequest
.replace(/(-----(BEGIN|END) CERTIFICATE REQUEST-----|\n)/g, "");
const cert = new x509.X509Certificate(stringPEM);
console.log(cert.subject);
return;
// Stuff I want to test
});
});
When I try to log the x509 variable it returns an empty object.
And on the const cert = new x509.X509Certificate(stringPEM); line, I get an error:
x509.X509Certificate is not a constructor.
If I try to set up a simple project with a Typescript file to import the library and just log the x509 variable, it displays all the exports correctly.
I can't figure why it behaves like that with Cypress, so any help is appreciated.
EDIT: Diving a bit more into how Cypress works, I now understand that my assumption about the spec files running/controlled in a Node process was wrong. Spec files are running in the browser. So I would need to inject the browser version of the library in the spec file.
This can be done via the plugin API of Cypress, because it runs in the Cypress node process.
You can import a specific build, either x509.es.js or x509.cjs.js and your code works. The base #peculiar/x509 is for <script> inclusion.
One thing, the BEGIN and END tokens need to remain in the request for it to be recognized.
import * as x509 from '#peculiar/x509/build/x509.es.js'
// const x509 = require('#peculiar/x509/build/x509.cjs.js') // alternative
// hard left for multiline strings, otherwise request is not correctly formatted
const request = {
certificateSigningRequest: `-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----`,
};
// copied from #peculiar/x509 to verify format - not necessary for test
const isPem = (data) => {
return typeof data === "string"
&& /-{5}BEGIN [A-Z0-9 ]+-{5}([a-zA-Z0-9=+/\n\r]+)-{5}END [A-Z0-9 ]+-{5}/g.test(data);
}
console.log(isPem(request.certificateSigningRequest))
describe('PKI', () => {
it('works', () => {
console.log(x509);
const stringPEM = request.certificateSigningRequest // leave in BEGIN and END
const cert = new x509.X509Certificate(stringPEM);
console.log(cert.subject); // prints e.g. "CN=Test certificate, E=some#email.net"
return;
// Stuff I want to test
});
});
Possibly due to NodeJS version issue.
The X509Certificate was added recently in NodeJS version 15.6.0. Changelog here. So it requires that version. It might have worked on your simple project because of a newer NodeJS version.
And by default, Cypress is using its bundled NodeJS version, which since Cypress version 7.0.0 to 8.2.0, it's using bundled NodeJS version 14.16.0, as per the changelog here:
The bundled Node.js version was upgraded from 12.18.3 to 14.16.0.
So you can try changing/overriding the bundled NodeJS version in Cypress configuration to version 15.6.0, as per this configuration:
nodeVersion
Related
I am using TestCafe in combination with gherkinTestcafe (steps) / cucumber.
I am also using environment variables so that i can run my tests on 2 different environments.
My code is as follows, although through debugging, i don't believe this is something strictly code related, as much as it is related to:
chrome:headless
environment
version of chrome / MacOS
import Enviorments from "../../../../../../AEM_Engine/Enviorment/Enviorments";
import { Helper } from "../../../../../TestActions/Test_specific/Career_helper";
import {AddAuthCredentialsHook} from "../../../../../TestActions/BasicAuth";
const {Before, Given, Then} = require('cucumber');
let publisher = new Publish();
let aemEnv = new Enviorments();
let helper = new Helper;
let careersPage = '/career';
Before('#basicAuth', async testController => {
const addAuthCredentialsHook = new AddAuthCredentialsHook('$someUserName', '$somePassword');
await testController.addRequestHooks(addAuthCredentialsHook);
});
Before('#disableCookie', async testController => {
await testController.addRequestHooks(publisher.mockCookieResponse);
});
Given('I am at Careers page', async testController => {
await publisher.Navigate(testController, aemEnv.frontEndURL + careersPage);
await publisher.verifyURL(testController, aemEnv.frontEndURL + careersPage);
});
.
.
.
When i wait for the script to run i have
1) AssertionError: expected 'about:blank' to include $expectedPage
As i mentioned, i don't believe the problem is in the code. Even if i remove the step for verifying the current URL location, the test fails on the next step after.
Tests pass on
Chrome (with UI shell)
Other browsers (firefox, safari), headless or with UI shell
Second (staging) environment
When Tests are run and TestCafe starts, i get the following info
Running tests in:
- HeadlessChrome 99.0.4844 / Mac OS X 10.15.7
Feature: Careers Page Available
(node:87344) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
I tried re-installing some packages, re-writing some of the steps, adding some flags to clear cache, change chrome port or similar, but nothing worked.
Any thoughts on what might be causing this and how to solve it?
I've been updating my development environment with the latest pbiviz stuff
I did a:
npm i -g powerbi-visuals-tools
and:
pbiviz --install-cert
in Windows terminal/powershell
Then I opened a project in Visual Code and using terminal did a:
pbiviz package
info Building visual...
info Installing API: ~3.8.0...
Certificate is invalid!
warn Local valid certificate not found.
info Checking global instance of pbiviz certificate...
warn Global instance of valid pbiviz certificate not found.
info Generating a new certificate...
info Certificate generated. Location is C:\Users\mike\AppData\Roaming\npm\node_modules\powerbi-visuals-tools\certs\PowerBICustomVisualTest_public.pfx. Passphrase is '4492518445773821'
info Start preparing plugin template
info Finish preparing plugin template
error error:0308010C:digital envelope routines::unsupported
C:\Users\mike\AppData\Roaming\npm\node_modules\powerbi-visuals-tools\node_modules\powerbi-visuals-webpack-plugin\index.js:185
throw new Error("Failed to generate visualPlugin.ts");
^
Error: Failed to generate visualPlugin.ts
at C:\Users\mike\AppData\Roaming\npm\node_modules\powerbi-visuals-tools\node_modules\powerbi-visuals-webpack-plugin\index.js:185:12
at async PowerBICustomVisualsWebpackPlugin._beforeCompile (C:\Users\mike\AppData\Roaming\npm\node_modules\powerbi-visuals-tools\node_modules\powerbi-visuals-webpack-plugin\index.js:177:4)
Node.js v17.0.0
I've tried uninstalling, reatarting and various incantations, but it doesn't want to go.
Is my certificate really invalid? How do I check it? Are there any diagnostics I can run?
Any and all advice gladly accepted
I just updated to pbiviz -V
3.4.1
same problem
After a debug session we found an error in powerbi-visuals-tools#3.4.1 where the check for certificate in certificatetoosl.js uses the text date of the certificate expiry date, whihc in my case is dd/mm/yyyy which fails because this expects and ISO 8601, but will work with mm/dd/yyyy
[![debug image][1]][1]
This is the code:
// For Windows OS:
if (os.platform() === "win32") {
if (!fs.existsSync(pfxPath) || !passphrase) {
return false;
}
let certStr = await exec(`certutil -p ${passphrase} -dump "${pfxPath}"`);
let certStrSplitted = certStr.split('\r\n');
let regex = /(?<=: ).*/;
endDateStr = regex.exec(certStrSplitted[6]);
}
// For Linux and Mac/darwin OS:
else if (os.platform() === "linux" || os.platform() === "darwin") {
if (!fs.existsSync(certPath)) {
return false;
}
endDateStr = await exec(`openssl x509 -enddate -noout -in ${certPath} | cut -d = -f 2`);
}
let endDate = new Date(Date.parse(endDateStr));
verifyCertDate = (endDate - new Date()) > certSafePeriod;
if (verifyCertDate) {
ConsoleWriter.info(`Certificate is valid.`);
} else {
ConsoleWriter.warn(`Certificate is invalid!`);
removeCertFiles(certPath, keyPath, pfxPath);
}
We don't have a full solution but there will be workarounds until the package is fixed. Deleting all the modules and reinstalling seemed to fix the visualPlugin.ts problem as well.
[1]: https://i.stack.imgur.com/XVrsQ.png
I am trying to build a new application.
It accesses one API to get some data over HTTPS.
Status2.getInitialProps = async () => {
console.info('ENTERRRRRRRR')
const res = await fetch('https://test.com/api/v1/messages', {
method: 'get',
headers: {
'Authorization': 'Bearer ffhdfksdfsfsflksfgjflkjW50aXNocjEiLCJpYXQiOjE2MDc1ODIzODQsImF1ZCI6InJlY3J1aXRpbmdhcHAtMTAwMC5kZXZlbG9wLnVtYW50aXMuY29tIiwiaXNzIjoicmVjcnVpdGluZ2FwcC0xMDAwLmRldmVsb3AudW1hbnRpcy5jb20ifQ.0jqPutPOM5UC_HNbTxRiKZd7xVc3T5Mn3SjD8NfpEGE',
'Accept': 'application/vnd.api+json'
}
}
)
}
When the browser tries to access this API then it gives me the following error:
Server Error
FetchError: request to https://test.com/api/v1/messages failed, reason: unable to verify the first certificate
This error happened while generating the page. Any console logs will be displayed in the terminal window.
C
To solve this issue I followed this but when tried it, it gave me another error:
'NODE_TLS_REJECT_UNAUTHORIZED' is not recognized as an internal or external command,
operable program or batch file.
The NODE_TLS_REJECT_UNAUTHORIZED solution is a no-go as it is against the main purpose of having a trusted connection between your front-end and API. We run into this error message recently with a NextJS as the front-end, ExpressJS as the back-end, and Nginx as the webserver.
If you or your team are on implementing the API, I would suggest looking into your webserver config and how you are handling the path of the certificates as the problem might be related to a misconfiguration of the intermediate certificate. Combining the certificate + intermediate certificate like so did the trick for us:
# make command
cat {certificate file} {intermediate certificate file} > {new file}
# config file /etc/nginx/conf.d/xxx.conf
ssl_certificate {new file};
create a next.config.js file if you not already have one in your project and add the following to your webpack config:
const webpack = require("webpack");
module.exports = {
webpack: (config) => {
config.node = {
fs: "empty",
};
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
const env = Object.keys(process.env).reduce((acc, curr) => {
acc[`process.env.${curr}`] = JSON.stringify(process.env[curr]);
return acc;
}, {});
config.plugins.push(new webpack.DefinePlugin(env));
return config;
},
};
Do not use it like this in production. It should only be used in a dev environment.
I am trying to write a simple electron app to interface with a REST server. The server doesn't have the appropriate certificates. When I try to make a 'GET' request (using fetch()), I get the following error message:
Failed to load resource: net::ERR_BAD_SSL_CLIENT_AUTH_CERT
Fixing the certs is not currently an option. I tried to use the 'ignore-certificates-error' flag (see below). It seems like it should allow me to skip over this error, but it doesn't.
var electron = require('electron');
var app = electron.app
app.commandLine.appendSwitch('ignore-certificate-errors');
...
The result is the same error.
Questions:
I am correct in assuming this options is supposed to help here?
If so, any ideas what I am doing wrong?
Electron version: 1.2.8
Thanks!
You can update your version of electron and use this callback:
app.on('certificate-error', (event, webContents, link, error, certificate, callback) => {
if ('yourURL/api/'.indexOf(link) !== -1) {
// Verification logic.
event.preventDefault();
callback(true);
} else {
callback(false);
}
});
That you going do the fetch to your api with https.
When using https.request with node.js v04.7, I get the following error:
Error: socket hang up
at CleartextStream.<anonymous> (http.js:1272:45)
at CleartextStream.emit (events.js:61:17)
at Array.<anonymous> (tls.js:617:22)
at EventEmitter._tickCallback (node.js:126:26)
Simplified code that will generate the error:
var https = require('https')
, fs = require('fs')
var options = {
host: 'localhost'
, port: 8000
, key: fs.readFileSync('../../test-key.pem')
, cert: fs.readFileSync('../../test-cert.pem')
}
// Set up server and start listening
https.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'})
res.end('success')
}).listen(options.port, options.host)
// Wait a second to let the server start up
setTimeout(function() {
var clientRequest = https.request(options, function(res) {
res.on('data', function (chunk) {
console.log('Called')
})
})
clientRequest.write('')
clientRequest.end()
}, 1000)
I get the error even with the server and client running on different node instances and have tested with port 8000, 3000, and 443 and with and without the SSL certificates. I do have libssl and libssl-dev on my Ubuntu machine.
Any ideas on what could be the cause?
In
https.createServer(function (req, res) {
you are missing options when you create the server, should be:
https.createServer(options, function (req, res) {
with your key and cert inside
I had a very similar problem where the response's end event never fired.
Adding this line fixed the problem:
// Hack to emit end on close because of a core bug that never fires end
response.on('close', function () {response.emit('end')});
I found an example of this in the request library mentioned in the previous answer.
Short answer: Use the the latest source code instead of the one you have. Store it where you will and then require it, you are good to go.
In the request 1.2.0 source code, main.js line 76, I see
http.createClient(options.uri.port, options.uri.hostname, options.uri.protocol === 'https:');
Looking at the http.js source code, I see
exports.createClient = function(port, host) {
var c = new Client();
c.port = port;
c.host = host;
return c;
};
It is requesting with 3 params but the actual function only has 2. The functionality is replaced with a separate module for https.
Looking at the latest main.js source code, I see dramatic changes. The most important is the addition of require('https').
It appears that request has been fixed but never re-released. Fortunately, the fix seems to work if you just copy manually from the raw view of the latest main.js source code and use it instead.
I had a similar problem and i think i got a fix. but then I have another socket problem.
See my solution here: http://groups.google.com/group/nodejs/browse_thread/thread/9189df2597aa199e/b83b16c08a051706?lnk=gst&q=hang+up#b83b16c08a051706
key point: use 0.4.8, http.request instead of http.createClient.
However, the new problem is, if I let the program running for long time, (I actually left the program running but no activity during weekend), then I will get socket hang up error when I send a request to http Server. (not even reach the http.request). I don't know if it is because of my code, or it is different problem with http Server