2025-05-24 16:19:19 +00:00
|
|
|
|
import { tap, expect } from '@git.zone/tstest/tapbundle';
|
|
|
|
|
|
import { startTestServer, stopTestServer, type ITestServer } from '../../helpers/server.loader.js';
|
|
|
|
|
|
import { createSmtpClient } from '../../../ts/mail/delivery/smtpclient/index.js';
|
|
|
|
|
|
import type { SmtpClient } from '../../../ts/mail/delivery/smtpclient/smtp-client.js';
|
|
|
|
|
|
import { Email } from '../../../ts/mail/core/classes.email.js';
|
|
|
|
|
|
|
|
|
|
|
|
let testServer: ITestServer;
|
|
|
|
|
|
let smtpClient: SmtpClient;
|
|
|
|
|
|
|
|
|
|
|
|
tap.test('setup - start SMTP server with TLS', async () => {
|
|
|
|
|
|
testServer = await startTestServer({
|
|
|
|
|
|
port: 2526,
|
|
|
|
|
|
tlsEnabled: true,
|
|
|
|
|
|
authRequired: false
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
expect(testServer.port).toEqual(2526);
|
|
|
|
|
|
expect(testServer.config.tlsEnabled).toBeTrue();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
tap.test('CCM-02: TLS Connection - should establish secure connection via STARTTLS', async () => {
|
2025-05-24 16:19:19 +00:00
|
|
|
|
const startTime = Date.now();
|
|
|
|
|
|
|
|
|
|
|
|
try {
|
2025-05-25 19:02:18 +00:00
|
|
|
|
// Create SMTP client with STARTTLS (not direct TLS)
|
2025-05-24 16:19:19 +00:00
|
|
|
|
smtpClient = createSmtpClient({
|
|
|
|
|
|
host: testServer.hostname,
|
|
|
|
|
|
port: testServer.port,
|
2025-05-25 19:02:18 +00:00
|
|
|
|
secure: false, // Start with plain connection
|
2025-05-24 16:19:19 +00:00
|
|
|
|
connectionTimeout: 10000,
|
|
|
|
|
|
tls: {
|
|
|
|
|
|
rejectUnauthorized: false // For self-signed test certificates
|
|
|
|
|
|
},
|
|
|
|
|
|
debug: true
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
// Verify connection (will upgrade to TLS via STARTTLS)
|
2025-05-24 16:19:19 +00:00
|
|
|
|
const isConnected = await smtpClient.verify();
|
|
|
|
|
|
expect(isConnected).toBeTrue();
|
|
|
|
|
|
|
|
|
|
|
|
const duration = Date.now() - startTime;
|
2025-05-25 19:02:18 +00:00
|
|
|
|
console.log(`✅ STARTTLS connection established in ${duration}ms`);
|
2025-05-24 16:19:19 +00:00
|
|
|
|
|
|
|
|
|
|
} catch (error) {
|
|
|
|
|
|
const duration = Date.now() - startTime;
|
2025-05-25 19:02:18 +00:00
|
|
|
|
console.error(`❌ STARTTLS connection failed after ${duration}ms:`, error);
|
2025-05-24 16:19:19 +00:00
|
|
|
|
throw error;
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
tap.test('CCM-02: TLS Connection - should send email over secure connection', async () => {
|
|
|
|
|
|
const email = new Email({
|
|
|
|
|
|
from: 'test@example.com',
|
|
|
|
|
|
to: 'recipient@example.com',
|
|
|
|
|
|
subject: 'TLS Connection Test',
|
|
|
|
|
|
text: 'This email was sent over a secure TLS connection',
|
|
|
|
|
|
html: '<p>This email was sent over a <strong>secure TLS connection</strong></p>'
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
const result = await smtpClient.sendMail(email);
|
|
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
expect(result).toBeTruthy();
|
2025-05-24 16:19:19 +00:00
|
|
|
|
expect(result.success).toBeTrue();
|
2025-05-25 19:02:18 +00:00
|
|
|
|
expect(result.messageId).toBeTruthy();
|
2025-05-24 16:19:19 +00:00
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
console.log(`✅ Email sent over TLS with message ID: ${result.messageId}`);
|
2025-05-24 16:19:19 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
tap.test('CCM-02: TLS Connection - should reject invalid certificates when required', async () => {
|
|
|
|
|
|
// Create new client with strict certificate validation
|
|
|
|
|
|
const strictClient = createSmtpClient({
|
|
|
|
|
|
host: testServer.hostname,
|
|
|
|
|
|
port: testServer.port,
|
|
|
|
|
|
secure: false,
|
|
|
|
|
|
tls: {
|
|
|
|
|
|
rejectUnauthorized: true // Strict validation
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
2025-05-24 16:19:19 +00:00
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
// Should fail with self-signed certificate
|
|
|
|
|
|
const result = await strictClient.verify();
|
|
|
|
|
|
expect(result).toBeFalse();
|
|
|
|
|
|
|
|
|
|
|
|
console.log('✅ Correctly rejected self-signed certificate with strict validation');
|
2025-05-24 16:19:19 +00:00
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
await strictClient.close();
|
2025-05-24 16:19:19 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
tap.test('CCM-02: TLS Connection - should work with direct TLS if supported', async () => {
|
|
|
|
|
|
// Try direct TLS connection (might fail if server doesn't support it)
|
|
|
|
|
|
const directTlsClient = createSmtpClient({
|
2025-05-24 16:19:19 +00:00
|
|
|
|
host: testServer.hostname,
|
|
|
|
|
|
port: testServer.port,
|
2025-05-25 19:02:18 +00:00
|
|
|
|
secure: true, // Direct TLS from start
|
|
|
|
|
|
connectionTimeout: 5000,
|
2025-05-24 16:19:19 +00:00
|
|
|
|
tls: {
|
2025-05-25 19:02:18 +00:00
|
|
|
|
rejectUnauthorized: false
|
2025-05-24 16:19:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
const result = await directTlsClient.verify();
|
2025-05-24 16:19:19 +00:00
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
if (result) {
|
|
|
|
|
|
console.log('✅ Direct TLS connection supported and working');
|
|
|
|
|
|
} else {
|
|
|
|
|
|
console.log('ℹ️ Direct TLS not supported, STARTTLS is the way');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await directTlsClient.close();
|
2025-05-24 16:19:19 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
tap.test('CCM-02: TLS Connection - should verify TLS cipher suite', async () => {
|
|
|
|
|
|
// Send email and check connection details
|
|
|
|
|
|
const email = new Email({
|
|
|
|
|
|
from: 'cipher-test@example.com',
|
|
|
|
|
|
to: 'recipient@example.com',
|
|
|
|
|
|
subject: 'TLS Cipher Test',
|
|
|
|
|
|
text: 'Testing TLS cipher suite'
|
2025-05-24 16:19:19 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
// The actual cipher info would be in debug logs
|
|
|
|
|
|
console.log('ℹ️ TLS cipher information available in debug logs');
|
2025-05-24 16:19:19 +00:00
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
const result = await smtpClient.sendMail(email);
|
|
|
|
|
|
expect(result.success).toBeTrue();
|
2025-05-24 16:19:19 +00:00
|
|
|
|
|
2025-05-25 19:02:18 +00:00
|
|
|
|
console.log('✅ Email sent successfully over encrypted connection');
|
2025-05-24 16:19:19 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
tap.test('cleanup - close SMTP client', async () => {
|
2025-05-25 19:02:18 +00:00
|
|
|
|
if (smtpClient) {
|
2025-05-24 16:19:19 +00:00
|
|
|
|
await smtpClient.close();
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
tap.test('cleanup - stop SMTP server', async () => {
|
|
|
|
|
|
await stopTestServer(testServer);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2025-05-25 19:05:43 +00:00
|
|
|
|
export default tap.start();
|
