import { tap, expect } from '@git.zone/tstest/tapbundle';
import { startTestServer, stopTestServer, type ITestServer } from '../../helpers/server.loader.js';
import { createTestSmtpClient } from '../../helpers/smtp.client.js';
import { Email } from '../../../ts/mail/core/classes.email.js';
let testServer: ITestServer;
tap.test('setup test SMTP server', async () => {
testServer = await startTestServer({
port: 2567,
tlsEnabled: true,
authRequired: false
});
expect(testServer).toBeTruthy();
expect(testServer.port).toBeGreaterThan(0);
});
tap.test('CSEC-07: Strong cipher suite negotiation', async () => {
const smtpClient = createTestSmtpClient({
host: testServer.hostname,
port: testServer.port,
secure: true,
tls: {
rejectUnauthorized: false,
// Prefer strong ciphers
ciphers: 'HIGH:!aNULL:!MD5:!3DES',
minVersion: 'TLSv1.2'
}
});
const email = new Email({
from: 'sender@example.com',
to: ['recipient@example.com'],
subject: 'Strong cipher test',
text: 'Testing with strong cipher suites'
});
const result = await smtpClient.sendMail(email);
console.log('Successfully negotiated strong cipher');
expect(result.success).toBeTruthy();
await smtpClient.close();
});
tap.test('CSEC-07: Cipher suite configuration', async () => {
// Test with specific cipher configuration
const smtpClient = createTestSmtpClient({
host: testServer.hostname,
port: testServer.port,
secure: true,
tls: {
rejectUnauthorized: false,
// Specify allowed ciphers
ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256',
honorCipherOrder: true
}
});
const email = new Email({
from: 'sender@example.com',
to: ['recipient@example.com'],
subject: 'Cipher configuration test',
text: 'Testing specific cipher suite configuration'
});
const result = await smtpClient.sendMail(email);
console.log('Cipher configuration test completed');
expect(result.success).toBeTruthy();
await smtpClient.close();
});
tap.test('CSEC-07: Perfect Forward Secrecy ciphers', async () => {
const smtpClient = createTestSmtpClient({
host: testServer.hostname,
port: testServer.port,
secure: true,
tls: {
rejectUnauthorized: false,
// Prefer PFS ciphers
ciphers: 'ECDHE:DHE:!aNULL:!MD5',
ecdhCurve: 'auto'
}
});
const email = new Email({
from: 'sender@example.com',
to: ['recipient@example.com'],
subject: 'PFS cipher test',
text: 'Testing Perfect Forward Secrecy'
});
const result = await smtpClient.sendMail(email);
console.log('Successfully used PFS cipher');
expect(result.success).toBeTruthy();
await smtpClient.close();
});
tap.test('CSEC-07: Cipher compatibility testing', async () => {
const cipherConfigs = [
{
name: 'TLS 1.2 compatible',
ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256',
minVersion: 'TLSv1.2'
},
{
name: 'Broad compatibility',
ciphers: 'HIGH:MEDIUM:!aNULL:!MD5:!3DES',
minVersion: 'TLSv1.2'
}
];
for (const config of cipherConfigs) {
console.log(`\nTesting ${config.name}...`);
const smtpClient = createTestSmtpClient({
host: testServer.hostname,
port: testServer.port,
secure: true,
tls: {
rejectUnauthorized: false,
ciphers: config.ciphers,
minVersion: config.minVersion as any
}
});
const email = new Email({
from: 'sender@example.com',
to: ['recipient@example.com'],
subject: `${config.name} test`,
text: `Testing ${config.name} cipher configuration`
});
try {
const result = await smtpClient.sendMail(email);
console.log(` Success with ${config.name}`);
expect(result.success).toBeTruthy();
} catch (error) {
console.log(` ${config.name} not supported in this environment`);
}
await smtpClient.close();
}
});
tap.test('cleanup test SMTP server', async () => {
if (testServer) {
await stopTestServer(testServer);
}
});
tap.start();