import { tap, expect } from '@git.zone/tstest/tapbundle'; import { startTestServer, stopTestServer, type ITestServer } from '../../helpers/server.loader.js'; import { createTestSmtpClient } from '../../helpers/smtp.client.js'; import { Email } from '../../../ts/mail/core/classes.email.js'; let testServer: ITestServer; tap.test('setup test SMTP server', async () => { testServer = await startTestServer({ port: 2567, tlsEnabled: true, authRequired: false }); expect(testServer).toBeTruthy(); expect(testServer.port).toBeGreaterThan(0); }); tap.test('CSEC-07: Strong cipher suite negotiation', async () => { const smtpClient = createTestSmtpClient({ host: testServer.hostname, port: testServer.port, secure: true, tls: { rejectUnauthorized: false, // Prefer strong ciphers ciphers: 'HIGH:!aNULL:!MD5:!3DES', minVersion: 'TLSv1.2' } }); const email = new Email({ from: 'sender@example.com', to: ['recipient@example.com'], subject: 'Strong cipher test', text: 'Testing with strong cipher suites' }); const result = await smtpClient.sendMail(email); console.log('Successfully negotiated strong cipher'); expect(result.success).toBeTruthy(); await smtpClient.close(); }); tap.test('CSEC-07: Cipher suite configuration', async () => { // Test with specific cipher configuration const smtpClient = createTestSmtpClient({ host: testServer.hostname, port: testServer.port, secure: true, tls: { rejectUnauthorized: false, // Specify allowed ciphers ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256', honorCipherOrder: true } }); const email = new Email({ from: 'sender@example.com', to: ['recipient@example.com'], subject: 'Cipher configuration test', text: 'Testing specific cipher suite configuration' }); const result = await smtpClient.sendMail(email); console.log('Cipher configuration test completed'); expect(result.success).toBeTruthy(); await smtpClient.close(); }); tap.test('CSEC-07: Perfect Forward Secrecy ciphers', async () => { const smtpClient = createTestSmtpClient({ host: testServer.hostname, port: testServer.port, secure: true, tls: { rejectUnauthorized: false, // Prefer PFS ciphers ciphers: 'ECDHE:DHE:!aNULL:!MD5', ecdhCurve: 'auto' } }); const email = new Email({ from: 'sender@example.com', to: ['recipient@example.com'], subject: 'PFS cipher test', text: 'Testing Perfect Forward Secrecy' }); const result = await smtpClient.sendMail(email); console.log('Successfully used PFS cipher'); expect(result.success).toBeTruthy(); await smtpClient.close(); }); tap.test('CSEC-07: Cipher compatibility testing', async () => { const cipherConfigs = [ { name: 'TLS 1.2 compatible', ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256', minVersion: 'TLSv1.2' }, { name: 'Broad compatibility', ciphers: 'HIGH:MEDIUM:!aNULL:!MD5:!3DES', minVersion: 'TLSv1.2' } ]; for (const config of cipherConfigs) { console.log(`\nTesting ${config.name}...`); const smtpClient = createTestSmtpClient({ host: testServer.hostname, port: testServer.port, secure: true, tls: { rejectUnauthorized: false, ciphers: config.ciphers, minVersion: config.minVersion as any } }); const email = new Email({ from: 'sender@example.com', to: ['recipient@example.com'], subject: `${config.name} test`, text: `Testing ${config.name} cipher configuration` }); try { const result = await smtpClient.sendMail(email); console.log(` Success with ${config.name}`); expect(result.success).toBeTruthy(); } catch (error) { console.log(` ${config.name} not supported in this environment`); } await smtpClient.close(); } }); tap.test('cleanup test SMTP server', async () => { if (testServer) { await stopTestServer(testServer); } }); tap.start();