Added a unit test for continueSession to check expected SASL session …

…data
brianc · Jan 28, 2025 · 9a91cb7 · 9a91cb7
1 parent d9fdccf
commit 9a91cb7
Showing 1 changed file with 65 additions and 1 deletion.
diff --git a/packages/pg/test/unit/client/sasl-scram-tests.js b/packages/pg/test/unit/client/sasl-scram-tests.js
@@ -176,7 +176,7 @@ suite.test('sasl/scram', function () {
       )
     })
 
-    suite.testAsync('sets expected session data', async function () {
+    suite.testAsync('sets expected session data (SCRAM-SHA-256)', async function () {
       const session = {
         message: 'SASLInitialResponse',
         clientNonce: 'a',
@@ -189,6 +189,70 @@ suite.test('sasl/scram', function () {
 
       assert.equal(session.response, 'c=biws,r=ab,p=mU8grLfTjDrJer9ITsdHk0igMRDejG10EJPFbIBL3D0=')
     })
+
+    suite.testAsync('sets expected session data (SCRAM-SHA-256, channel binding enabled)', async function () {
+      const session = {
+        message: 'SASLInitialResponse',
+        clientNonce: 'a',
+      }
+
+      await sasl.continueSession(session, 'password', 'r=ab,s=abcd,i=1', { getPeerCertificate() {} })
+
+      assert.equal(session.message, 'SASLResponse')
+      assert.equal(session.serverSignature, 'ETpURSc5OpddrPRSW3LaDPJzUzhh+rciM4uYwXSsohU=')
+
+      assert.equal(session.response, 'c=eSws,r=ab,p=YVTEOwOD7khu/NulscjFegHrZoTXJBFI/7L61AN9khc=')
+    })
+
+    suite.testAsync('sets expected session data (SCRAM-SHA-256-PLUS)', async function () {
+      const session = {
+        message: 'SASLInitialResponse',
+        mechanism: 'SCRAM-SHA-256-PLUS',
+        clientNonce: 'a',
+      }
+
+      await sasl.continueSession(session, 'password', 'r=ab,s=abcd,i=1', {
+        getPeerCertificate() {
+          return {
+            raw: Buffer.from([
+              // a minimal ASN.1 certificate structure which can be parsed for a hash type
+              0x30, // cert ASN.1 seq
+              0x16, // cert length (all bytes below)
+              0x30, // cert info ASN.1 seq
+              0x01, // cert info length
+              0x00, // cert info (skipped)
+              0x30, // signature algorithm ASN.1 seq
+              0x0d, // signature algorithm length
+              0x06, // ASN.1 OID
+              0x09, // OID length
+              0x2a, // OID: 1.2.840.113549.1.1.11 (RSASSA-PKCS1-v1_5 / SHA-256)
+              0x86,
+              0x48,
+              0x86,
+              0xf7,
+              0x0d,
+              0x01,
+              0x01,
+              0x0b,
+              0x05, // ASN.1 null (no algorithm parameters)
+              0x00, // null length
+              0x03, // ASN.1 bitstring (signature)
+              0x02, // bitstring length
+              0x00, // zero right-padding bits
+              0xff, // one-byte signature
+            ]),
+          }
+        },
+      })
+
+      assert.equal(session.message, 'SASLResponse')
+      assert.equal(session.serverSignature, 'pU1hc6JkjvjO8Wd+o0/jyGjc1DpITtsx1UF+ZPa5u5M=')
+
+      assert.equal(
+        session.response,
+        'c=cD10bHMtc2VydmVyLWVuZC1wb2ludCwsmwepqKDDRcOvo3BN0rplYMfLUTpbaf38btkM5aAXBhQ=,r=ab,p=j0v2LsthoNaIBrKV4YipskF/lV8zWEt6acNRtt99MA4='
+      )
+    })
   })
 
   suite.test('finalizeSession', function () {