Add support for TestKit's new SSL tests

 * Enable feature flags `Feature:API:SSLConfig` and `Feature:API:SSLSchemes`
 * Map TestKit's ssl config options to driver's native options
 * Adjust TestKit image Docker file to copy customCA certificates

Author: robsdedude

.gitignore

@@ -16,4 +16,5 @@ docs/build
 coverage
 .vscode
 *.code-workspace
-/testkit/CAs
+/testkit/CAs
+/testkit/CustomCAs

testkit-backend/src/request-handlers.js

@@ -3,7 +3,7 @@ import ResultObserver from './result-observer.js'
 import { cypherToNative, nativeToCypher } from './cypher-native-binders.js'
 import { shouldRunTest } from './skipped-tests'
 
-export function NewDriver (context, data, { writeResponse }) {
+export function NewDriver (context, data, wire) {
   const {
     uri,
     authorizationToken: { data: authToken },
@@ -14,17 +14,39 @@ export function NewDriver (context, data, { writeResponse }) {
     ? address =>
       new Promise((resolve, reject) => {
         const id = context.addResolverRequest(resolve, reject)
-        writeResponse('ResolverResolutionRequired', { id, address })
+        wire.writeResponse('ResolverResolutionRequired', { id, address })
       })
     : undefined
-  const driver = neo4j.driver(uri, authToken, {
+  const config = {
     userAgent,
     resolver,
     useBigInt: true,
     logging: neo4j.logging.console(process.env.LOG_LEVEL)
-  })
+  }
+  if ('encrypted' in data) {
+    config.encrypted = data.encrypted ? 'ENCRYPTION_ON' : 'ENCRYPTION_OFF'
+  }
+  if ('trustedCertificates' in data) {
+    if (data.trustedCertificates === null) {
+      config.trust = 'TRUST_SYSTEM_CA_SIGNED_CERTIFICATES'
+    } else if (data.trustedCertificates.length === 0) {
+      config.trust = 'TRUST_ALL_CERTIFICATES'
+    } else {
+      config.trust = 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES'
+      config.trustedCertificates = data.trustedCertificates.map(
+        e => '/usr/local/share/custom-ca-certificates/' + e
+      )
+    }
+  }
+  let driver
+  try {
+    driver = neo4j.driver(uri, authToken, config)
+  } catch (err) {
+    wire.writeError(err)
+    return
+  }
   const id = context.addDriver(driver)
-  writeResponse('Driver', { id })
+  wire.writeResponse('Driver', { id })
 }
 
 export function DriverClose (context, data, wire) {
@@ -238,6 +260,8 @@ export function StartTest (_, { testName }, wire) {
 export function GetFeatures (_context, _params, wire) {
   wire.writeResponse('FeatureList', {
     features: [
+      'Feature:API:SSLConfig',
+      'Feature:API:SSLSchemes',
       'AuthorizationExpiredTreatment',
       'ConfHint:connection.recv_timeout_seconds'
     ]

testkit/CAs/trustedRoot.crt

@@ -10,7 +10,7 @@ RUN apt-get update && \
         curl \
         python3 \
         nodejs \
-        npm \ 
+        npm \
         firefox \
     && rm -rf /var/lib/apt/lists/*
 
@@ -19,16 +19,19 @@ RUN npm install -g npm \
 RUN npm install -g gulp
 
 # Enable tls v1.0
-RUN echo "openssl_conf = openssl_configuration\n"|cat - /etc/ssl/openssl.cnf > /tmp/openssl_conf.cnf \  
-    && mv /tmp/openssl_conf.cnf /etc/ssl/openssl.cnf  
+RUN echo "openssl_conf = openssl_configuration\n"|cat - /etc/ssl/openssl.cnf > /tmp/openssl_conf.cnf \
+    && mv /tmp/openssl_conf.cnf /etc/ssl/openssl.cnf
 RUN echo "[openssl_configuration]\n\
 ssl_conf = ssl_configuration\n\
 [ssl_configuration]\n\
 system_default = tls_system_default\n\
 [tls_system_default]\n\
-CipherString = DEFAULT:@SECLEVEL=1" >> /etc/ssl/openssl.cnf 
+CipherString = DEFAULT:@SECLEVEL=1" >> /etc/ssl/openssl.cnf
 
 # Install our own CAs on the image.
 # Assumes Linux Debian based image.
 COPY CAs/* /usr/local/share/ca-certificates/
 RUN update-ca-certificates
+
+# Store custom CAs somewhere where the backend can find them later.
+COPY CustomCAs/* /usr/local/share/custom-ca-certificates/

testkit/Dockerfile

@@ -44,7 +44,7 @@ def build_testkit_backend(isLite):
     run(['rm', '-fr', 'testkit-backend/node_modules'])
     run([*npm, "install"])
     neo4jdriverPath = "neo4j@./"
-    if isLite: 
+    if isLite:
         neo4jdriverPath = "neo4j@./neo4j-driver-lite"
     run([*npm, "install", neo4jdriverPath])