feat: Changes for PKI support - #2694 (#15179)

Co-authored-by: GCHQDeveloper911 <[email protected]> Co-authored-by: Jennifer Shehane <[email protected]> Co-authored-by: Zach Bloomquist <[email protected]> Co-authored-by: Zach Bloomquist <[email protected]>
cypress-io · Jul 12, 2021 · 2975990 · 2975990 · cypress-bot · Jul 12, 2021
1 parent cf4ccb2
commit 2975990
Show file tree

Hide file tree

Showing 11 changed files with 1,723 additions and 8 deletions.
diff --git a/cli/schema/cypress.schema.json b/cli/schema/cypress.schema.json
@@ -278,6 +278,76 @@
           "type": "boolean",
           "default": false,
           "description": "Enables including elements within the shadow DOM when using querying commands (e.g. cy.get(), cy.find()). Can be set globally in cypress.json, per-suite or per-test in the test configuration object, or programmatically with Cypress.config()"
+        },
+        "clientCertificates": {
+          "description": "Defines client certificates to use when sending requests to the specified URLs",
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "url": {
+                "description": "Requests for URLs matching this minimatch pattern will use the supplied client certificate",
+                "type": "string"
+              },
+              "ca": {
+                "description": "Path(s) to CA file(s) to validate certs against, relative to project root",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "certs": {
+                "type": "array",
+                "items": {
+                  "anyOf": [
+                    {
+                      "description": "PEM file specific properties",
+                      "type": "object",
+                      "properties": {
+                        "cert": {
+                          "description": "Path to the certificate, relative to project root",
+                          "type": "string"
+                        },
+                        "key": {
+                          "description": "Path to the private key, relative to project root",
+                          "type": "string"
+                        },
+                        "passphrase": {
+                          "description": "(Optional) File path to a UTF-8 text file containing the passphrase for the key, relative to project root",
+                          "type": "string"
+                        }
+                      },
+                      "required": [
+                        "cert",
+                        "key"
+                      ]
+                    },
+                    {
+                      "description": "PFX file specific properties",
+                      "type": "object",
+                      "properties": {
+                        "pfx": {
+                          "description": "Path to the certificate container, relative to project root",
+                          "type": "string"
+                        },
+                        "passphrase": {
+                          "description": "(Optional) File path to a UTF-8 text file containing the passphrase for the container, relative to project root",
+                          "type": "string"
+                        }
+                      },
+                      "required": [
+                        "pfx"
+                      ]
+                    }
+                  ]
+                }
+              }
+            },
+            "required": [
+              "url",
+              "certs"
+            ]
+          }
         }
       }
     }
@@ -299,4 +369,4 @@
       }
     }
   ]
-}
+}
diff --git a/packages/network/lib/agent.ts b/packages/network/lib/agent.ts
@@ -7,11 +7,14 @@ import { getProxyForUrl } from 'proxy-from-env'
 import url from 'url'
 import { createRetryingSocket, getAddress } from './connect'
 import { lenientOptions } from './http-utils'
+import { ClientCertificateStore } from './client-certificates'
 
 const debug = debugModule('cypress:network:agent')
 const CRLF = '\r\n'
 const statusCodeRe = /^HTTP\/1.[01] (\d*)/
 
+export const clientCertificateStore = new ClientCertificateStore()
+
 type WithProxyOpts<RequestOptions> = RequestOptions & {
   proxy: string
   shouldRetry?: boolean
@@ -49,8 +52,8 @@ interface CreateProxySockOpts {
 type CreateProxySockCb = (
   (err: undefined, result: net.Socket, triggerRetry: (err: Error) => void) => void
 ) & (
-  (err: Error) => void
-)
+    (err: Error) => void
+  )
 
 export const createProxySock = (opts: CreateProxySockOpts, cb: CreateProxySockCb) => {
   if (opts.proxy.protocol !== 'https:' && opts.proxy.protocol !== 'http:') {
@@ -190,6 +193,8 @@ export class CombinedAgent {
       debug('got family %o', _.pick(options, 'family', 'href'))
 
       if (isHttps) {
+        _.assign(options, clientCertificateStore.getClientCertificateAgentOptionsForUrl(options.uri))
+
         return this.httpsAgent.addRequest(req, options)
       }