Add basic SSL test against fake server

closes #730

Author: dougwilson

lib/protocol/packets/HandshakeInitializationPacket.js

@@ -1,3 +1,5 @@
+var Client = require('../constants/client');
+
 module.exports = HandshakeInitializationPacket;
 function HandshakeInitializationPacket(options) {
   options = options || {};
@@ -17,6 +19,11 @@ function HandshakeInitializationPacket(options) {
   this.filler3             = options.filler3;
   this.pluginData          = options.pluginData;
   this.protocol41          = options.protocol41;
+
+  if (this.protocol41) {
+    // force set the bit in serverCapabilities1
+    this.serverCapabilities1 |= Client.CLIENT_PROTOCOL_41;
+  }
 }
 
 HandshakeInitializationPacket.prototype.parse = function(parser) {

test/FakeServer.js

@@ -1,6 +1,7 @@
 // An experimental fake MySQL server for tricky integration tests. Expanded
 // as needed.
 
+var common       = require('./common');
 var _            = require('underscore');
 var Net          = require('net');
 var Packets      = require('../lib/protocol/packets');
@@ -42,6 +43,7 @@ function FakeConnection(socket) {
   EventEmitter.call(this);
 
   this._socket = socket;
+  this._stream = socket;
   this._parser = new Parser({onPacket: this._parsePacket.bind(this)});
 
   this._handshakeInitializationPacket = null;
@@ -92,7 +94,7 @@ FakeConnection.prototype._sendAuthResponse = function(packet, expected) {
 FakeConnection.prototype._sendPacket = function(packet) {
   var writer = new PacketWriter();
   packet.write(writer);
-  this._socket.write(writer.toBuffer(this._parser));
+  this._stream.write(writer.toBuffer(this._parser));
 };
 
 FakeConnection.prototype._handleData = function(buffer) {
@@ -102,13 +104,13 @@ FakeConnection.prototype._handleData = function(buffer) {
 FakeConnection.prototype._parsePacket = function(header) {
   var Packet   = this._determinePacket(header);
   var packet   = new Packet({protocol41: true});
+  var parser   = this._parser;
 
-  packet.parse(this._parser);
+  packet.parse(parser);
 
   switch (Packet) {
     case Packets.ClientAuthenticationPacket:
       this._clientAuthenticationPacket = packet;
-
       if (this._handshakeOptions.oldPassword) {
         this._sendPacket(new Packets.UseOldPasswordPacket());
       } else if (this._handshakeOptions.password === 'passwd') {
@@ -118,8 +120,29 @@ FakeConnection.prototype._parsePacket = function(header) {
         throw new Error('not implemented');
       } else {
         this._sendPacket(new Packets.OkPacket());
-        this._parser.resetPacketNumber();
+        parser.resetPacketNumber();
       }
+      break;
+    case Packets.SSLRequestPacket:
+      // halt parser
+      parser.pause();
+      this._socket.removeAllListeners('data');
+
+      // inject secure pair
+      var securePair = common.createSecurePair();
+      this._socket.pipe(securePair.encrypted);
+      this._stream = securePair.cleartext;
+      securePair.cleartext.on('data', this._handleData.bind(this));
+      securePair.encrypted.pipe(this._socket);
+
+      // resume
+      process.nextTick(function() {
+        var buffer = parser._buffer.slice(parser._offset);
+        parser._offset = parser._buffer.length;
+        parser.resume();
+        securePair.encrypted.write(buffer);
+      });
+
       break;
     case Packets.OldPasswordPacket:
       this._oldPasswordPacket = packet;
@@ -133,7 +156,7 @@ FakeConnection.prototype._parsePacket = function(header) {
       break;
     case Packets.ComPingPacket:
       this._sendPacket(new Packets.OkPacket());
-      this._parser.resetPacketNumber();
+      parser.resetPacketNumber();
       break;
     case Packets.ComChangeUserPacket:
       this._clientAuthenticationPacket = new Packets.ClientAuthenticationPacket({
@@ -147,7 +170,7 @@ FakeConnection.prototype._parsePacket = function(header) {
         user         : packet.user
       });
       this._sendPacket(new Packets.OkPacket());
-      this._parser.resetPacketNumber();
+      parser.resetPacketNumber();
       break;
     case Packets.ComQuitPacket:
       this.emit('quit', packet);
@@ -158,10 +181,18 @@ FakeConnection.prototype._parsePacket = function(header) {
   }
 };
 
-FakeConnection.prototype._determinePacket = function() {
+FakeConnection.prototype._determinePacket = function(header) {
   if (!this._clientAuthenticationPacket) {
+    // first packet phase
+
+    if (header.length === 32) {
+      return Packets.SSLRequestPacket;
+    }
+
     return Packets.ClientAuthenticationPacket;
-  } else if (this._handshakeOptions.oldPassword && !this._oldPasswordPacket) {
+  }
+
+  if (this._handshakeOptions.oldPassword && !this._oldPasswordPacket) {
     return Packets.OldPasswordPacket;
   }
 

test/common.js

@@ -1,5 +1,8 @@
 var common     = exports;
+var crypto     = require('crypto');
+var fs         = require('fs');
 var path       = require('path');
+var tls        = require('tls');
 var _          = require('underscore');
 var FakeServer = require('./FakeServer');
 
@@ -45,6 +48,12 @@ common.createFakeServer = function(options) {
   return new FakeServer(_.extend({}, options));
 };
 
+common.createSecurePair = function() {
+  var credentials = crypto.createCredentials(common.getSSLConfig());
+
+  return tls.createSecurePair(credentials, true);
+};
+
 common.useTestDb = function(connection) {
   var query = connection.query('CREATE DATABASE ' + common.testDatabase, function(err) {
     if (err && err.code !== 'ER_DB_CREATE_EXISTS') throw err;
@@ -57,6 +66,13 @@ common.getTestConfig = function(config) {
   return mergeTestConfig(config);
 };
 
+common.getSSLConfig = function() {
+  return {
+    cert : fs.readFileSync(path.join(common.fixtures, 'server.crt'), 'ascii'),
+    key  : fs.readFileSync(path.join(common.fixtures, 'server.key'), 'ascii')
+  };
+};
+
 function mergeTestConfig(config) {
   if (common.isTravis()) {
     // see: http://about.travis-ci.org/docs/user/database-setup/

test/fixtures/server.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAUgCCQCZc7IfkXLWeDANBgkqhkiG9w0BAQUFADA0MQswCQYDVQQGEwJV
+UzEQMA4GA1UECBMHSW5kaWFuYTETMBEGA1UEChMKbm9kZS1teXNxbDAeFw0xNDA1
+MTQxODM2NTdaFw0yNDA1MTExODM2NTdaMDQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+EwdJbmRpYW5hMRMwEQYDVQQKEwpub2RlLW15c3FsMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDX4dUmhwwzqy8zCrNK5WybifZ4Z5vd12CnnrBpLgqw0VWiKa2b
+QQ5vmex4LhEPwr5p+tDntS1sbQf4HY69AgjHtcPAdoykWtUBDCrOjnhEBroLGzE2
+BbW0XnolsWUp8Zwnlq3nGOceCcvYX3AjUkK89B3L7YY+Rie/1QQ62FSS2wIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4GBABNcExz8o1QxcTBuFIcdny4s6H7diTKeweqAtbPo
+JefVNokYjTjFDRdZqDOLKKJPgfyPYHCX170SQ/wr/b0qzNYL1QvBsDM7tvckBK5a
+OfKg/4TfMfHORNGRECBJAAn2Zi/DWfcdwOb39wIOG3hDk09IGOJ5F3wsUZFC/qiv
+152/
+-----END CERTIFICATE-----

test/fixtures/server.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDX4dUmhwwzqy8zCrNK5WybifZ4Z5vd12CnnrBpLgqw0VWiKa2b
+QQ5vmex4LhEPwr5p+tDntS1sbQf4HY69AgjHtcPAdoykWtUBDCrOjnhEBroLGzE2
+BbW0XnolsWUp8Zwnlq3nGOceCcvYX3AjUkK89B3L7YY+Rie/1QQ62FSS2wIDAQAB
+AoGAUJvTsjIk/ToDQsTRE7s85YsLTAQr8BbW0V/wsSVu+nz/w7BaUalmEYfhAzL4
+TfFClmIAFTTShDTmD+BBhxO2YOQW0+aThwU2jyF6sq7VhHxgXnSVDps9ebmVXMjU
+jSZEV/Q3lOvxvQfcBYzV3jfEeyi7jNr5oCL7Y6OwxLLx1XkCQQD3Jv9CNBH0J8c1
+nIpkj3Mhd0ona7wFna7hKlIfjZjsK0B9aMvj5I5tTGIis16g4uzSISS4zymHv/yp
+njCwi54HAkEA35xDXEsfbvS8d/9MsdJEtuMWGQeHEu8Tdxt5U/WnUPo0r00blrD5
+G5+zElKYbJgN15QLOLTUpq8U2dvEjGrvjQJAeO84D+jysAmWzIDgpvwaVdHNEyUA
+R680lzDiJlZe8ZDoaXUR710y5ABwNJKYRxlC0D8vfM7Bf49NzqF9KaXnmQJAQyeI
+y1T8UbRKTbdsbxL48/vrDQVHuZX3QJQNsftajmU2IVeE65KmnXcurlgD0skvjwi0
+/gjAvHZkSrFHq+wJmQJBAK32f4/ssi/SQolzL3xVrEUayxOEVhDWslXtwdcr7ZCq
+bbOmEU5AoOVXSS+PsWrLmrDRs3gc9BRHxD7yYVBT9ts=
+-----END RSA PRIVATE KEY-----

test/unit/connection/test-connection-ssl.js

@@ -0,0 +1,28 @@
+var assert          = require('assert');
+var common          = require('../../common');
+var ClientConstants = require('../../../lib/protocol/constants/client');
+var connection      = common.createConnection({
+  port : common.fakeServerPort,
+  ssl  : {
+    ca : common.getSSLConfig().ca
+  }
+});
+
+var server = common.createFakeServer();
+
+var connectErr;
+server.listen(common.fakeServerPort, function(err) {
+  if (err) throw err;
+
+  connection.ping(function(err) {
+    assert.ifError(err);
+    connection.destroy();
+    server.destroy();
+  });
+});
+
+server.on('connection', function(incomingConnection) {
+  incomingConnection.handshake({
+    serverCapabilities1: ClientConstants.CLIENT_SSL
+  });
+});