fix tls-keyengine-invalid-arg-type test (#19505)

alii · nektro · web-flow · commit a8cc395a2020 · 2025-05-08T18:52:00.000-07:00
Co-authored-by: Meghan Denny &lt;meghan@bun.sh&gt;
diff --git a/src/js/node/tls.ts b/src/js/node/tls.ts
@@ -241,8 +241,25 @@ var InternalSecureContext = class SecureContext {
       if (secureOptions && typeof secureOptions !== "number") {
         throw new TypeError("secureOptions argument must be an number");
       }
+
       this.secureOptions = secureOptions;
+
+      if (!$isUndefinedOrNull(options.privateKeyIdentifier)) {
+        if ($isUndefinedOrNull(options.privateKeyEngine)) {
+          // prettier-ignore
+          throw $ERR_INVALID_ARG_VALUE("options.privateKeyEngine", options.privateKeyEngine);
+        } else if (typeof options.privateKeyEngine !== "string") {
+          // prettier-ignore
+          throw $ERR_INVALID_ARG_TYPE("options.privateKeyEngine", ["string", "null", "undefined"], options.privateKeyEngine);
+        }
+
+        if (typeof options.privateKeyIdentifier !== "string") {
+          // prettier-ignore
+          throw $ERR_INVALID_ARG_TYPE("options.privateKeyIdentifier", ["string", "null", "undefined"], options.privateKeyIdentifier);
+        }
+      }
     }
+
     this.context = context;
   }
 };
diff --git a/test/js/node/test/parallel/test-tls-keyengine-invalid-arg-type.js b/test/js/node/test/parallel/test-tls-keyengine-invalid-arg-type.js
@@ -0,0 +1,24 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+
+assert.throws(
+  () => {
+    tls.createSecureContext({ privateKeyEngine: 0,
+                              privateKeyIdentifier: 'key' });
+  },
+  { code: 'ERR_INVALID_ARG_TYPE',
+    message: / Received type number \(0\)$/ });
+
+assert.throws(
+  () => {
+    tls.createSecureContext({ privateKeyEngine: 'engine',
+                              privateKeyIdentifier: 0 });
+  },
+  { code: 'ERR_INVALID_ARG_TYPE',
+    message: / Received type number \(0\)$/ });
diff --git a/test/js/node/tls/node-tls-create-secure-context-args.test.ts b/test/js/node/tls/node-tls-create-secure-context-args.test.ts
@@ -0,0 +1,70 @@
+import { describe, expect, it } from "bun:test";
+import * as tls from "node:tls";
+
+describe("tls.createSecureContext extra arguments test", () => {
+  it("should throw an error if the privateKeyEngine is not a string", () => {
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: "valid", privateKeyEngine: 0 })).toThrow(
+      "string, null, or undefined",
+    );
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: "valid", privateKeyEngine: true })).toThrow(
+      "string, null, or undefined",
+    );
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: "valid", privateKeyEngine: {} })).toThrow(
+      "string, null, or undefined",
+    );
+  });
+
+  it("should throw an error if the privateKeyIdentifier is not a string", () => {
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: 0, privateKeyEngine: "valid" })).toThrow(
+      "string, null, or undefined",
+    );
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: true, privateKeyEngine: "valid" })).toThrow(
+      "string, null, or undefined",
+    );
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: {}, privateKeyEngine: "valid" })).toThrow(
+      "string, null, or undefined",
+    );
+  });
+
+  it("should throw with a valid privateKeyIdentifier but missing privateKeyEngine", () => {
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: "valid" })).toThrow(
+      "The property 'options.privateKeyEngine' is invalid. Received undefined",
+    );
+  });
+
+  it("should not throw for invalid privateKeyEngine when privateKeyIdentifier is not provided", () => {
+    // Node.js does not throw an error in the case where only privateKeyEngine is provided, even if
+    // the key is invalid. The checks for both keys are only done when privateKeyIdentifier is passed.
+    // Verifiable with: `node -p 'tls.createSecureContext({ privateKeyEngine: 0 })'`
+
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyEngine: 0 })).not.toThrow();
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyEngine: true })).not.toThrow();
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyEngine: {} })).not.toThrow();
+  });
+
+  it("should throw for invalid privateKeyIdentifier", () => {
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: 0 })).toThrow(
+      "The property 'options.privateKeyEngine' is invalid. Received undefined",
+    );
+
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: true })).toThrow(
+      "The property 'options.privateKeyEngine' is invalid. Received undefined",
+    );
+
+    // @ts-expect-error
+    expect(() => tls.createSecureContext({ privateKeyIdentifier: {} })).toThrow(
+      "The property 'options.privateKeyEngine' is invalid. Received undefined",
+    );
+  });
+});
