fastly · guybedford · Jun 3, 2024 · May 31, 2024 · Jun 1, 2024 · Jun 1, 2024
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
@@ -11,5 +11,5 @@ jobs:
     steps:
     - uses: actions/[email protected]
       with:
-        allow-licenses: Apache-2.0, MIT, BSD-3-Clause, ISC, BSD-2-Clause, MIT OR (CC0-1.0 AND MIT), CC0-1.0 OR MIT OR (CC0-1.0 AND MIT), CC-BY-3.0, CC0-1.0, MIT OR Apache-2.0, MIT AND Apache-2.0, MIT OR WTFPL, BSD-2-Clause OR (MIT OR Apache-2.0), Python-2.0, ISC AND MIT, Apache-2.0 AND MIT, MIT/Apache-2.0, Apache-2.0 OR MIT, (Apache-2.0 OR MIT) AND BSD-3-Clause, Zlib OR Apache-2.0 OR MIT, MIT OR Apache-2.0 OR Zlib, MIT OR (Apache-2.0 OR Zlib)
+        allow-licenses: Apache-2.0, MIT, BSD-3-Clause, ISC, BSD-2-Clause, MIT OR (CC0-1.0 AND MIT), CC0-1.0 OR MIT OR (CC0-1.0 AND MIT), CC-BY-3.0, CC0-1.0, MIT OR Apache-2.0, MIT AND Apache-2.0, MIT OR WTFPL, BSD-2-Clause OR (MIT OR Apache-2.0), Python-2.0, ISC AND MIT, Apache-2.0 AND MIT, MIT/Apache-2.0, Apache-2.0 OR MIT, (Apache-2.0 OR MIT) AND BSD-3-Clause, Zlib OR Apache-2.0 OR MIT, MIT OR Apache-2.0 OR Zlib, MIT OR (Apache-2.0 OR Zlib), (Apache-2.0 WITH LLVM-exception)
         fail-on-scopes: runtime
diff --git a/integration-tests/js-compute/fixtures/app/src/dynamic-backend.js b/integration-tests/js-compute/fixtures/app/src/dynamic-backend.js
@@ -278,7 +278,6 @@ routes.set("/backend/timeout", async () => {
 
   // constructor
   {
-
     routes.set("/backend/constructor/called-as-regular-function", async () => {
       let error = assertThrows(() => {
         Backend()
@@ -1386,6 +1385,64 @@ routes.set("/backend/timeout", async () => {
         return pass('ok')
       });
     }
+
+    // clientCertificate property
+    {
+      routes.set("/backend/constructor/parameter-clientCertificate-property-invalid", async () => {
+        let error = assertThrows(() => {
+          new Backend({ name: 'clientCertificate-clientCertificate-property-invalid', target: 'a', clientCertificate: "" })
+        }, TypeError, `Backend constructor: clientCertificate must be an object containing 'certificate' and 'key' properties`)
+        if (error) { return error }
+        return pass('ok')
+      });
+      routes.set("/backend/constructor/parameter-clientCertificate-certificate-property-missing", async () => {
+        let error = assertThrows(() => {
+          new Backend({ name: 'clientCertificate-clientCertificate-certificate-property-missing', target: 'a', clientCertificate: {} })
+        }, TypeError, `Backend constructor: clientCertificate 'certificate' must be a certificate string`)
+        if (error) { return error }
+        return pass('ok')
+      });
+      routes.set("/backend/constructor/parameter-clientCertificate-certificate-property-invalid", async () => {
+        let error = assertThrows(() => {
+          new Backend({ name: 'clientCertificate-clientCertificate-certificate-property-invalid', target: 'a', clientCertificate: { certificate: "" } })
+        }, TypeError, `Backend constructor: clientCertificate 'certificate' can not be an empty string`)
+        if (error) { return error }
+        return pass('ok')
+      });
+      routes.set("/backend/constructor/parameter-clientCertificate-key-property-missing", async () => {
+        let error = assertThrows(() => {
+          new Backend({ name: 'clientCertificate-clientCertificate-key-property-missing', target: 'a', clientCertificate: { certificate: "a" } })
+        }, TypeError, `Backend constructor: clientCertificate 'key' must be a SecretStoreEntry instance`)
+        if (error) { return error }
+        return pass('ok')
+      });
+      routes.set("/backend/constructor/parameter-clientCertificate-key-property-invalid", async () => {
+        let error = assertThrows(() => {
+          new Backend({ name: 'clientCertificate-clientCertificate-key-property-invalid', target: 'a', clientCertificate: { certificate: "a", key: "" } })
+        }, TypeError, `Backend constructor: clientCertificate 'key' must be a SecretStoreEntry instance`)
+        if (error) { return error }
+        return pass('ok')
+      });
+      routes.set("/backend/constructor/parameter-clientCertificate-key-property-fake", async () => {
+        let error = assertThrows(() => {
+          new Backend({ name: 'clientCertificate-clientCertificate-key-property-fake', target: 'a', clientCertificate: { certificate: "a", key: Object.create(SecretStoreEntry.prototype) } })
+        }, TypeError, `Backend constructor: clientCertificate 'key' must be a SecretStoreEntry instance`)
+        if (error) { return error }
+        return pass('ok')
+      });
+      routes.set("/backend/constructor/parameter-clientCertificate-valid", async () => {
+        if (isRunningLocally()) {
+          return pass('ok')
+        }
+        let backend = new Backend({ name: 'clientCertificate-clientCertificate-valid', target: 'http-me.glitch.me', clientCertificate: { certificate: "a", key: SecretStore.fromBytes(new Uint8Array([1, 2, 3])) } })
+        let res = await fetch('https://http-me.glitch.me/headers', {
+          backend,
+          cacheOverride: new CacheOverride("pass"),
+        })
+        console.error(res);
+        return pass('ok')
+      });
+    }
   }
 
   // exists

diff --git a/integration-tests/js-compute/fixtures/app/src/secret-store.js b/integration-tests/js-compute/fixtures/app/src/secret-store.js
@@ -117,7 +117,7 @@ import fc from './fast-check.js';
     routes.set("/secret-store/get/called-as-constructor", () => {
       let error = assertThrows(() => {
         new SecretStore.prototype.get('1')
-      }, TypeError, `SecretStore.prototype.get is not a constructor`)
+      }, TypeError)
       if (error) { return error }
       return pass()
     });
@@ -238,6 +238,37 @@ import fc from './fast-check.js';
       return pass()
     });
   }
+
+  // SecretStore.fromBytes static method
+  {
+    routes.set("/secret-store/from-bytes/invalid", async () => {
+      let error = assertThrows(() => {
+        SecretStore.fromBytes("blah")
+      }, TypeError, `SecretStore.fromBytes: bytes must be an ArrayBuffer or ArrayBufferView object`)
+      if (error) { return error }
+      return pass()
+    });
+    routes.set("/secret-store/from-bytes/valid", async () => {
+      let result, error;
+      result = SecretStore.fromBytes(new Uint8Array([1, 2, 3]));
+      error = assert(result instanceof SecretStoreEntry, true, `(SecretStore.fromBytes(Uint8Array) instanceof SecretStoreEntry)`)
+      if (error) { return error }
+      error = assert(result.rawBytes(), new Uint8Array([1, 2, 3]), `(SecretStore.fromBytes(Uint8Array).rawBytes() === Uint8Array)`)
+      if (error) { return error }
+      result = SecretStore.fromBytes(new Uint16Array([4, 5, 6]));
+      error = assert(result instanceof SecretStoreEntry, true, `(SecretStore.fromBytes(Uint16Array) instanceof SecretStoreEntry)`)
+      if (error) { return error }
+      // (can rely on Wasm being little endian)
+      error = assert(result.rawBytes(), new Uint8Array([4, 0, 5, 0, 6, 0]), `(SecretStore.fromBytes(Uint16Array).rawBytes() === Uint8Array)`)
+      if (error) { return error }
+      result = SecretStore.fromBytes(new Uint16Array([7, 8, 9]).buffer);
+      error = assert(result instanceof SecretStoreEntry, true, `(SecretStore.fromBytes(ArrayBuffer) instanceof SecretStoreEntry)`)
+      if (error) { return error }
+      error = assert(result.rawBytes(), new Uint8Array([7, 0, 8, 0, 9, 0]), `(SecretStore.fromBytes(ArrayBuffer).rawBytes() === Uint8Array)`)
+      if (error) { return error }
+      return pass()
+    });
+  }
 }
 // SecretStoreEntry
 {
@@ -290,7 +321,7 @@ function SecretStoreEntryInterfaceTests() {
   if (error) { return error }
 
   actual = Reflect.ownKeys(SecretStoreEntry.prototype)
-  expected = ["constructor", "plaintext"]
+  expected = ["constructor", "plaintext", "rawBytes"]
   error = assert(actual, expected, `Reflect.ownKeys(SecretStoreEntry.prototype)`)
   if (error) { return error }
 
@@ -354,7 +385,7 @@ function SecretStoreEntryInterfaceTests() {
 
 function SecretStoreInterfaceTests() {
   let actual = Reflect.ownKeys(SecretStore)
-  let expected = ["prototype", "length", "name"]
+  let expected = ["prototype", "fromBytes", "length", "name"]
   let error = assert(actual, expected, `Reflect.ownKeys(SecretStore)`)
   if (error) { return error }
 

diff --git a/integration-tests/js-compute/fixtures/app/tests-starlingmonkey.json b/integration-tests/js-compute/fixtures/app/tests-starlingmonkey.json
@@ -10,6 +10,28 @@
   "GET /cache-override/constructor/valid-mode",
   "GET /cache-override/fetch/mode-none",
   "GET /cache-override/fetch/mode-pass",
+  "GET /secret-store/exposed-as-global",
+  "GET /secret-store/interface",
+  "GET /secret-store/constructor/called-as-regular-function",
+  "GET /secret-store/constructor/parameter-calls-7.1.17-ToString",
+  "GET /secret-store/constructor/empty-parameter",
+  "GET /secret-store/constructor/found-store",
+  "GET /secret-store/constructor/missing-store",
+  "GET /secret-store/constructor/invalid-name",
+  "GET /secret-store/get/called-as-constructor",
+  "GET /secret-store/get/called-unbound",
+  "GET /secret-store/get/key-parameter-calls-7.1.17-ToString",
+  "GET /secret-store/get/key-parameter-not-supplied",
+  "GET /secret-store/get/key-parameter-empty-string",
+  "GET /secret-store/get/key-parameter-255-character-string",
+  "GET /secret-store/get/key-parameter-256-character-string",
+  "GET /secret-store/get/key-parameter-invalid-string",
+  "GET /secret-store/get/key-does-not-exist-returns-null",
+  "GET /secret-store/get/key-exists",
+  "GET /secret-store/from-bytes/invalid",
+  "GET /secret-store/from-bytes/valid",
+  "GET /secret-store-entry/interface",
+  "GET /secret-store-entry/plaintext",
   "GET /simple-cache/interface",
   "GET /simple-store/constructor/called-as-regular-function",
   "GET /simple-cache/constructor/throws",
@@ -258,6 +280,13 @@
   "GET /backend/constructor/parameter-sniHostname-property-empty-string",
   "GET /backend/constructor/parameter-sniHostname-property-calls-7.1.17-ToString",
   "GET /backend/constructor/parameter-sniHostname-property-valid-string",
+  "GET /backend/constructor/parameter-clientCertificate-property-invalid",
+  "GET /backend/constructor/parameter-clientCertificate-certificate-property-missing",
+  "GET /backend/constructor/parameter-clientCertificate-certificate-property-invalid",
+  "GET /backend/constructor/parameter-clientCertificate-key-property-missing",
+  "GET /backend/constructor/parameter-clientCertificate-key-property-invalid",
+  "GET /backend/constructor/parameter-clientCertificate-key-property-fake",
+  "GET /backend/constructor/parameter-clientCertificate-valid",  
   "GET /backend/health/called-as-constructor-function",
   "GET /backend/health/empty-parameter",
   "GET /backend/health/parameter-calls-7.1.17-ToString",