Refactor unit tests chain load
parent
c64c154b50
commit
0a980f17ec
|
@ -1,38 +1,32 @@
|
|||
require 'faketime'
|
||||
|
||||
describe CryptCheck::Tls::Cert do
|
||||
def load_chain(chain)
|
||||
chain.collect { |f| ::OpenSSL::X509::Certificate.new File.read "spec/resources/#{f}.crt" }
|
||||
end
|
||||
|
||||
describe '::trusted?' do
|
||||
it 'must accept valid certificate' do
|
||||
FakeTime.freeze Time.utc(2000, 1, 1) do
|
||||
cert, *chain, ca = load_chain %w(ecdsa-prime256v1 intermediate ca)
|
||||
cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))
|
||||
trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
|
||||
expect(trust).to eq :trusted
|
||||
end
|
||||
end
|
||||
|
||||
it 'must reject self signed certificate' do
|
||||
cert, ca = load_chain %w(self-signed ca)
|
||||
cert, ca = chain(%w(self-signed ca))
|
||||
trust = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca
|
||||
expect(trust).to eq 'self signed certificate'
|
||||
|
||||
# Case for SSLv2
|
||||
cert, ca = load_chain %w(self-signed ca)
|
||||
cert, ca = chain(%w(self-signed ca))
|
||||
trust = ::CryptCheck::Tls::Cert.trusted? cert, nil, roots: ca
|
||||
expect(trust).to eq 'self signed certificate'
|
||||
end
|
||||
|
||||
it 'must reject unknown CA' do
|
||||
cert, *chain = load_chain %w(ecdsa-prime256v1 intermediate ca)
|
||||
cert, *chain = chain(%w(ecdsa-prime256v1 intermediate ca))
|
||||
trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: []
|
||||
expect(trust).to eq 'unable to get issuer certificate'
|
||||
end
|
||||
|
||||
it 'must reject missing intermediate chain' do
|
||||
cert, ca = load_chain %w(ecdsa-prime256v1 ca)
|
||||
cert, ca = chain(%w(ecdsa-prime256v1 ca))
|
||||
chain = []
|
||||
trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
|
||||
expect(trust).to eq 'unable to get local issuer certificate'
|
||||
|
@ -40,7 +34,7 @@ describe CryptCheck::Tls::Cert do
|
|||
|
||||
it 'must reject expired certificate' do
|
||||
FakeTime.freeze Time.utc(2002, 1, 1) do
|
||||
cert, *chain, ca = load_chain %w(ecdsa-prime256v1 intermediate ca)
|
||||
cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))
|
||||
trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
|
||||
expect(trust).to eq 'certificate has expired'
|
||||
end
|
||||
|
@ -48,7 +42,7 @@ describe CryptCheck::Tls::Cert do
|
|||
|
||||
it 'must reject not yet valid certificate' do
|
||||
FakeTime.freeze Time.utc(1999, 1, 1) do
|
||||
cert, *chain, ca = load_chain %w(ecdsa-prime256v1 intermediate ca)
|
||||
cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))
|
||||
trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
|
||||
expect(trust).to eq 'certificate is not yet valid'
|
||||
end
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
require 'faketime'
|
||||
|
||||
describe CryptCheck::Tls::Server do
|
||||
before :all do
|
||||
FakeTime.freeze Time.utc(2000, 1, 1)
|
||||
|
|
|
@ -3,6 +3,7 @@ require 'rubygems'
|
|||
require 'bundler/setup'
|
||||
Bundler.require :default, :development
|
||||
require 'cryptcheck'
|
||||
require 'faketime'
|
||||
Dir['./spec/**/support/**/*.rb'].sort.each { |f| require f }
|
||||
|
||||
require 'simplecov'
|
||||
|
@ -40,6 +41,10 @@ module Helpers
|
|||
OpenSSL::X509::Certificate.new File.read "spec/resources/#{name}.crt"
|
||||
end
|
||||
|
||||
def chain(chain)
|
||||
chain.collect { |f| self.cert f }
|
||||
end
|
||||
|
||||
def dh(name)
|
||||
OpenSSL::PKey::DH.new File.read "spec/resources/dh-#{name}.pem"
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue