Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

support custom peer certificates on mock socket

See original GitHub issue

Context

My node app checks peer-certificates on the socket level like this:

req.on("socket", (socket: TLSSocket) => {
  socket.on("secureConnect", () => {
    // socket.getPeerCertificate()
  })
})

I tried to use nock like this:

nock(hostname)[method](path).reply(statusCode, body).on("socket", socket => {
  console.log("inside secureSocket")
  socket.getPeerCertificate = function() {
    return {}
  }

But it does not override the getPeerCertificate function. It still returns the random string from the mock socket.

If the feature request is accepted, would you be willing to submit a PR?

Yes, I think it could be similary implemented like the socket delay.

nock(...).peerCertificate(...).reply() or when creating the scope: nock(base, { peerCertificate })

Issue Analytics

State:
Created 2 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

mastermattcommented, Sep 13, 2021

Thanks for the request @pke

Some things to come to mind right off the bat:

The current implementation of getPeerCertificate on Nock’s mock Socket class is just flat out wrong. It returns a random base64 string, but per the docs this method has always returned a plain object with the cert info.
The mock Socket instance is created, attached to the router, and emitted on the request (req.emit('socket', socket)) before a single Scope or Interceptor is selected. This is going to be a big challenge with the feature request, unless we add some global cert registry.

@pke if the Nock Socket class simply added a setPeerCertificate method that you could call in a ‘socket’ event handler (like your example) would that work for you? It wouldn’t have the same API as some of the other Nock settings, but all those settings affect the reply which happen later in the flow. Your implementation would then look like the following:

nock(hostname)[method](path).reply(statusCode, body).on("socket", socket => {
  console.log("inside secureSocket")
  socket.setPeerCertificate({
    raw: <Buffer ... >
    subject: { ... }
   ....
})

Or if you’re using Node v15.6.0+, you could use the new, fancy X509Certificate class.

nock(hostname)[method](path).reply(statusCode, body).on("socket", socket => {
  console.log("inside secureSocket")
  const x509 = new X509Certificate('{... pem encoded cert ...}');
  socket.setPeerCertificate(x509.toLegacyObject())
})

0reactions

pkecommented, Nov 8, 2021

The back-compatible way would be fine with me, as I stated before 😉

Top Results From Across the Web

How to mock tls.PeerCertificate with Jest using Typescript?

Oops, don't need to do this ‍♂️ socket.getCertificate = spyOnGetCertificate.

ssl — TLS/SSL wrapper for socket objects — Python 3.11.1 ...

It supports additional methods such as getpeercert() , which retrieves the certificate of the other ... Client socket example with custom context and...

HTTPS & TLS - MockServer

MockServer has support for TLS (i.e. HTTPS) in three areas: ... MockServer achieves this by dynamically generating its X.509 Certificate using an in-memory ......

Retrofit 2 — How to Trust Unsafe SSL certificates (Self-signed ...

This includes revoked, expired or self-signed SSL certificates. ... Authentication; Caching; Testing & Mocking; Java Basics for Retrofit.

HTTPS in Java with a self-signed certificate - Brice Dutheil

In plain english, this server (wiremock) exposes a certificate, ... with a SSL socket factory that is itself configured with a custom trust ......