Browse Source

Clean unit tests

aeris 2 years ago
parent
commit
5950312ef5

+ 1
- 1
bin/supported.rb View File

@@ -5,7 +5,7 @@ require 'bundler/setup'
5 5
 require 'cryptcheck'
6 6
 
7 7
 puts 'Supported methods'
8
-puts CryptCheck::Tls::Method::SUPPORTED.sort.collect(&:to_s).join ' '
8
+puts CryptCheck::Tls::Method::SUPPORTED.values.sort.collect(&:to_s).join ' '
9 9
 
10 10
 CryptCheck::Tls::Cipher.each do |method, ciphers|
11 11
 	puts

+ 24
- 13
lib/cryptcheck/tls/method.rb View File

@@ -1,34 +1,45 @@
1
+require 'delegate'
2
+
1 3
 module CryptCheck
2 4
 	module Tls
3
-		class Method
4
-			extend Enumerable
5
+		class Method < SimpleDelegator
6
+			EXISTING  = %i(TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2).freeze
7
+			SUPPORTED = (EXISTING & ::OpenSSL::SSL::SSLContext::METHODS)
8
+								.collect { |m| [m, self.new(m)] }.to_h.freeze
5 9
 
6
-			def self.each(&block)
7
-				SUPPORTED.each &block
10
+			def self.[](method)
11
+				SUPPORTED[method]
8 12
 			end
9 13
 
10
-			attr_reader :name
14
+			extend Enumerable
11 15
 
12
-			def initialize(name)
13
-				@name = name
16
+			def self.each(&block)
17
+				SUPPORTED.values.each &block
14 18
 			end
15 19
 
16
-			EXISTING  = %i(TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2).freeze
17
-			SUPPORTED = (EXISTING & ::OpenSSL::SSL::SSLContext::METHODS).collect { |m| self.new m }.freeze
18
-
19 20
 			def to_s
20
-				colors = case @name
21
+				colors = case self.to_sym
21 22
 							 when *%i(SSLv3 SSLv2)
22 23
 								 :critical
23 24
 							 when :TLSv1_2
24 25
 								 :good
25 26
 						 end
26
-				@name.to_s.colorize colors
27
+				super.colorize colors
27 28
 			end
28 29
 
30
+			alias :to_sym :__getobj__
31
+
29 32
 			def <=>(other)
30
-				EXISTING.find_index(@name) <=> EXISTING.find_index(other.name)
33
+				EXISTING.find_index(self) <=> EXISTING.find_index(other)
31 34
 			end
35
+
36
+			# def eql?(other)
37
+			# 	self.to_sym.eql? other.to_sym
38
+			# end
39
+			#
40
+			# def equal?(other)
41
+			# 	self.to_sym.equal? other.to_sym
42
+			# end
32 43
 		end
33 44
 	end
34 45
 end

+ 39
- 0
spec/cryptcheck/tls/cert_spec.rb View File

@@ -54,4 +54,43 @@ describe CryptCheck::Tls::Cert do
54 54
 			end
55 55
 		end
56 56
 	end
57
+
58
+	describe '#md5?' do
59
+		it 'must detect md5 certificate' do
60
+			cert = ::CryptCheck::Tls::Cert.new cert(:md5)
61
+			expect(cert.md5?).to be true
62
+
63
+			cert = ::CryptCheck::Tls::Cert.new cert(:sha1)
64
+			expect(cert.md5?).to be false
65
+
66
+			cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)
67
+			expect(cert.md5?).to be false
68
+		end
69
+	end
70
+
71
+	describe '#sha1?' do
72
+		it 'must detect sha1 certificate' do
73
+			cert = ::CryptCheck::Tls::Cert.new cert(:md5)
74
+			expect(cert.sha1?).to be false
75
+
76
+			cert = ::CryptCheck::Tls::Cert.new cert(:sha1)
77
+			expect(cert.sha1?).to be true
78
+
79
+			cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)
80
+			expect(cert.sha1?).to be false
81
+		end
82
+	end
83
+
84
+	describe '#sha2?' do
85
+		it 'must detect sha2 certificate' do
86
+			cert = ::CryptCheck::Tls::Cert.new cert(:md5)
87
+			expect(cert.sha2?).to be false
88
+
89
+			cert = ::CryptCheck::Tls::Cert.new cert(:sha1)
90
+			expect(cert.sha2?).to be false
91
+
92
+			cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)
93
+			expect(cert.sha2?).to be true
94
+		end
95
+	end
57 96
 end

+ 61
- 0
spec/cryptcheck/tls/method_spec.rb View File

@@ -0,0 +1,61 @@
1
+describe CryptCheck::Tls::Method do
2
+	describe '#==' do
3
+		it 'must be equals to corresponding symbol' do
4
+			method = ::CryptCheck::Tls::Method[:TLSv1_2]
5
+			expect(method == :SSLv2).to be false
6
+			expect(method == :SSLv3).to be false
7
+			expect(method == :TLSv1).to be false
8
+			expect(method == :TLSv1_1).to be false
9
+			expect(method == :TLSv1_2).to be true
10
+		end
11
+
12
+		it 'must be equals to corresponding method' do
13
+			method = ::CryptCheck::Tls::Method[:TLSv1_2]
14
+			expect(method == ::CryptCheck::Tls::Method[:SSLv2]).to be false
15
+			expect(method == ::CryptCheck::Tls::Method[:SSLv3]).to be false
16
+			expect(method == ::CryptCheck::Tls::Method[:TLSv1]).to be false
17
+			expect(method == ::CryptCheck::Tls::Method[:TLSv1_1]).to be false
18
+			expect(method == ::CryptCheck::Tls::Method[:TLSv1_2]).to be true
19
+		end
20
+	end
21
+
22
+	# describe '#eql?' do
23
+	# 	it 'must be equals to corresponding symbol' do
24
+	# 		method = ::CryptCheck::Tls::Method[:TLSv1_2]
25
+	# 		expect(method.eql? :SSLv2).to be false
26
+	# 		expect(method.eql? :SSLv3).to be false
27
+	# 		expect(method.eql? :TLSv1).to be false
28
+	# 		expect(method.eql? :TLSv1_1).to be false
29
+	# 		expect(method.eql? :TLSv1_2).to be true
30
+	# 	end
31
+	#
32
+	# 	it 'must be equals to corresponding method' do
33
+	# 		method = ::CryptCheck::Tls::Method[:TLSv1_2]
34
+	# 		expect(method.eql? ::CryptCheck::Tls::Method[:SSLv2]).to be false
35
+	# 		expect(method.eql? ::CryptCheck::Tls::Method[:SSLv3]).to be false
36
+	# 		expect(method.eql? ::CryptCheck::Tls::Method[:TLSv1]).to be false
37
+	# 		expect(method.eql? ::CryptCheck::Tls::Method[:TLSv1_1]).to be false
38
+	# 		expect(method.eql? ::CryptCheck::Tls::Method[:TLSv1_2]).to be true
39
+	# 	end
40
+	# end
41
+	#
42
+	# describe '#equal?' do
43
+	# 	it 'must be equals to corresponding symbol' do
44
+	# 		method = ::CryptCheck::Tls::Method[:TLSv1_2]
45
+	# 		expect(method.equal? :SSLv2).to be false
46
+	# 		expect(method.equal? :SSLv3).to be false
47
+	# 		expect(method.equal? :TLSv1).to be false
48
+	# 		expect(method.equal? :TLSv1_1).to be false
49
+	# 		expect(method.equal? :TLSv1_2).to be true
50
+	# 	end
51
+	#
52
+	# 	it 'must be equals to corresponding method' do
53
+	# 		method = ::CryptCheck::Tls::Method[:TLSv1_2]
54
+	# 		expect(method.equal? ::CryptCheck::Tls::Method[:SSLv2]).to be false
55
+	# 		expect(method.equal? ::CryptCheck::Tls::Method[:SSLv3]).to be false
56
+	# 		expect(method.equal? ::CryptCheck::Tls::Method[:TLSv1]).to be false
57
+	# 		expect(method.equal? ::CryptCheck::Tls::Method[:TLSv1_1]).to be false
58
+	# 		expect(method.equal? ::CryptCheck::Tls::Method[:TLSv1_2]).to be true
59
+	# 	end
60
+	# end
61
+end

+ 135
- 171
spec/cryptcheck/tls/server_spec.rb View File

@@ -9,268 +9,232 @@ describe CryptCheck::Tls::Server do
9 9
 		FakeTime.unfreeze
10 10
 	end
11 11
 
12
-	def server
13
-		CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, '127.0.0.1', 5000
12
+	default_parameters       = {
13
+			methods:           %i(TLSv1_2),
14
+			chain:             %w(intermediate ca),
15
+			curves:            %i(prime256v1),
16
+			server_preference: true
17
+	}.freeze
18
+	default_ecdsa_parameters = default_parameters.merge({
19
+																material: [[:ecdsa, :prime256v1]],
20
+																ciphers:  %i(ECDHE-ECDSA-AES128-SHA),
21
+																curves:   %i(prime256v1)
22
+														}).freeze
23
+	default_rsa_parameters   = default_parameters.merge({
24
+																material: [[:rsa, 1024]],
25
+																ciphers:  %i(ECDHE-RSA-AES128-SHA),
26
+																curves:   %i(prime256v1),
27
+																dh:       1024
28
+														}).freeze
29
+	default_mixed_parameters = default_parameters.merge({
30
+																material: [[:ecdsa, :prime256v1], [:rsa, 1024]],
31
+																ciphers:  %i(ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA),
32
+																curves:   %i(prime256v1),
33
+																dh:       1024
34
+														}).freeze
35
+	default_sslv2_parameters = default_parameters.merge({
36
+																methods:  :SSLv2,
37
+																material: [[:rsa, 1024]],
38
+																ciphers:  %i(RC4-MD5),
39
+																chain:    []
40
+														}).freeze
41
+	DEFAULT_PARAMETERS       = { ecdsa: default_ecdsa_parameters.freeze,
42
+								 rsa:   default_rsa_parameters.freeze,
43
+								 mixed: default_mixed_parameters.freeze,
44
+								 sslv2: default_sslv2_parameters.freeze }.freeze
45
+
46
+	def server(type=:ecdsa, **kargs)
47
+		params = DEFAULT_PARAMETERS[type].dup
48
+		params.merge!(kargs) if kargs
49
+		host, port = '127.0.0.1', 5000
50
+		params.merge!({ host: host, port: port })
51
+		tls_serv **params do
52
+			CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, host, port
53
+		end
14 54
 	end
15 55
 
16 56
 	describe '#certs' do
17 57
 		it 'must detect RSA certificate' do
18
-			tls_serv material: [[:rsa, 1024]] do
19
-				certs = server.certs.collect &:fingerprint
20
-				expect(certs).to match_array %w(a11802a4407aaeb93ccd0bd8c8a61be17eaba6b378433af5ad45ecbb1d633f71)
21
-			end
58
+			certs = server(:rsa).certs.collect &:fingerprint
59
+			expect(certs).to match_array %w(a11802a4407aaeb93ccd0bd8c8a61be17eaba6b378433af5ad45ecbb1d633f71)
22 60
 		end
23 61
 
24 62
 		it 'must detect ECDSA certificate' do
25
-			tls_serv material: [[:ecdsa, :prime256v1]] do
26
-				certs = server.certs.collect &:fingerprint
27
-				expect(certs).to match_array %w(531ab9545f052818ff0559f648a147b104223834cc8f780516b3aacf1fdc8c06)
28
-			end
63
+			certs = server.certs.collect &:fingerprint
64
+			expect(certs).to match_array %w(531ab9545f052818ff0559f648a147b104223834cc8f780516b3aacf1fdc8c06)
29 65
 		end
30 66
 
31 67
 		it 'must detect RSA and ECDSA certificates' do
32
-			tls_serv material: [[:ecdsa, :prime256v1], [:rsa, 1024]] do
33
-				certs = server.certs.collect &:fingerprint
34
-				expect(certs).to match_array %w(531ab9545f052818ff0559f648a147b104223834cc8f780516b3aacf1fdc8c06
68
+			certs = server(:mixed).certs.collect &:fingerprint
69
+			expect(certs).to match_array %w(531ab9545f052818ff0559f648a147b104223834cc8f780516b3aacf1fdc8c06
35 70
 												a11802a4407aaeb93ccd0bd8c8a61be17eaba6b378433af5ad45ecbb1d633f71)
36
-			end
37 71
 		end
38 72
 	end
39 73
 
40 74
 	describe '#md5_sign?' do
41 75
 		it 'must detect server using MD5 certificate' do
42
-			tls_serv do
43
-				expect(server.md5_sign?).to be false
44
-			end
45
-
46
-			tls_serv material: [:md5, [:rsa, 1024]] do
47
-				expect(server.md5_sign?).to be true
48
-			end
76
+			expect(server.md5_sign?).to be false
77
+			expect(server(material: [:md5, [:rsa, 1024]]).md5_sign?).to be true
49 78
 		end
50 79
 	end
51 80
 
52 81
 	describe '#sha1_sign?' do
53 82
 		it 'must detect server using SHA1 certificate' do
54
-			tls_serv do
55
-				expect(server.sha1_sign?).to be false
56
-			end
57
-
58
-			tls_serv material: [:sha1, [:rsa, 1024]] do
59
-				expect(server.sha1_sign?).to be true
60
-			end
83
+			expect(server.sha1_sign?).to be false
84
+			expect(server(material: [:sha1, [:rsa, 1024]]).sha1_sign?).to be true
61 85
 		end
62 86
 	end
63 87
 
64 88
 	describe '#sha2_sign?' do
65 89
 		it 'must detect server using SHA2 certificate' do
66
-			tls_serv do
67
-				expect(server.sha2_sign?).to be true
68
-			end
69
-
70
-			tls_serv material: [:md5, :sha1] do
71
-				expect(server.sha2_sign?).to be false
72
-			end
90
+			expect(server.sha2_sign?).to be true
91
+			expect(server(material: [:md5]).sha2_sign?).to be false
92
+			expect(server(material: [:sha1]).sha2_sign?).to be false
73 93
 		end
74 94
 	end
75 95
 
76 96
 	describe '#supported_methods' do
77 97
 		it 'must detect SSLv2' do
78
-			tls_serv methods: :SSLv2, material: [[:rsa, 1024]], chain: [],
79
-					 ciphers: %w(RC4-MD5) do
80
-				methods = server.supported_methods.collect &:name
81
-				expect(methods).to match_array %i(SSLv2)
82
-			end
98
+			s       = server :sslv2
99
+			methods = s.supported_methods.collect &:to_sym
100
+			expect(methods).to match_array %i(SSLv2)
83 101
 		end
84 102
 
85 103
 		it 'must detect SSLv3' do
86
-			tls_serv methods: %i(SSLv3), material: [[:rsa, 1024]],
87
-					 ciphers: %w(ECDHE-RSA-AES128-SHA) do
88
-				methods = server.supported_methods.collect &:name
89
-				expect(methods).to match_array %i(SSLv3)
90
-			end
104
+			server  = server methods: %i(SSLv3)
105
+			methods = server.supported_methods.collect &:to_sym
106
+			expect(methods).to match_array %i(SSLv3)
91 107
 		end
92 108
 
93 109
 		it 'must detect TLSv1.0' do
94
-			tls_serv methods: %i(TLSv1), material: [[:rsa, 1024]],
95
-					 ciphers: %w(ECDHE-RSA-AES128-SHA) do
96
-				methods = server.supported_methods.collect &:name
97
-				expect(methods).to match_array %i(TLSv1)
98
-			end
110
+			server  = server methods: %i(TLSv1)
111
+			methods = server.supported_methods.collect &:to_sym
112
+			expect(methods).to match_array %i(TLSv1)
99 113
 		end
100 114
 
101 115
 		it 'must detect TLSv1.1' do
102
-			tls_serv methods: %i(TLSv1_1), material: [[:rsa, 1024]],
103
-					 ciphers: %w(ECDHE-RSA-AES128-SHA) do
104
-				methods = server.supported_methods.collect &:name
105
-				expect(methods).to match_array %i(TLSv1_1)
106
-			end
116
+			server  = server methods: %i(TLSv1_1)
117
+			methods = server.supported_methods.collect &:to_sym
118
+			expect(methods).to match_array %i(TLSv1_1)
107 119
 		end
108 120
 
109 121
 		it 'must detect TLSv1.2' do
110
-			tls_serv methods: %i(TLSv1_2), material: [[:rsa, 1024]],
111
-					 ciphers: %w(ECDHE-RSA-AES128-SHA) do
112
-				methods = server.supported_methods.collect &:name
113
-				expect(methods).to match_array %i(TLSv1_2)
114
-			end
122
+			server  = server methods: %i(TLSv1_2)
123
+			methods = server.supported_methods.collect &:to_sym
124
+			expect(methods).to match_array %i(TLSv1_2)
115 125
 		end
116 126
 
117 127
 		it 'must detect mixed methods' do
118
-			tls_serv methods: %i(SSLv3 TLSv1 TLSv1_1 TLSv1_2), material: [[:rsa, 1024]],
119
-					 ciphers: %w(ECDHE-RSA-AES128-SHA) do
120
-				methods = server.supported_methods.collect &:name
121
-				expect(methods).to match_array %i(SSLv3 TLSv1 TLSv1_1 TLSv1_2)
122
-			end
128
+			server  = server methods: %i(SSLv3 TLSv1 TLSv1_1 TLSv1_2)
129
+			methods = server.supported_methods.collect &:to_sym
130
+			expect(methods).to match_array %i(SSLv3 TLSv1 TLSv1_1 TLSv1_2)
123 131
 		end
124 132
 	end
125 133
 
126 134
 	describe '#supported_curves' do
127 135
 		it 'must detect no supported curves' do
128
-			tls_serv material: [[:rsa, 1024]], ciphers: %w(AES128-GCM-SHA256) do
129
-				curves = server.supported_curves.collect &:name
130
-				expect(curves).to be_empty
131
-			end
136
+			s      = server :rsa, ciphers: %w(AES128-SHA)
137
+			curves = s.supported_curves.collect &:name
138
+			expect(curves).to be_empty
132 139
 		end
133 140
 
134 141
 		it 'must detect supported curves for RSA' do
135
-			tls_serv material: [[:rsa, 1024]], ciphers: %w(ECDHE-RSA-AES128-GCM-SHA256),
136
-					 curves:   %i(prime256v1 sect571r1) do
137
-				curves = server.supported_curves.collect &:name
138
-				expect(curves).to contain_exactly :prime256v1, :sect571r1
139
-			end
142
+			s      = server :rsa, curves: %i(prime256v1 sect571r1)
143
+			curves = s.supported_curves.collect &:name
144
+			expect(curves).to contain_exactly :prime256v1, :sect571r1
140 145
 		end
141 146
 
142 147
 		it 'must detect supported curves from ECDSA' do
143
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
144
-					 curves:   %i(prime256v1), server_preference: false do
145
-				curves = server.supported_curves.collect &:name
146
-				expect(curves).to contain_exactly :prime256v1
147
-			end
148
+			server = server server_preference: false
149
+			curves = server.supported_curves.collect &:name
150
+			expect(curves).to contain_exactly :prime256v1
148 151
 		end
149 152
 
150 153
 		it 'must detect supported curves from ECDSA and ECDHE' do
151
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
152
-					 curves:   %i(prime256v1 sect571r1), server_preference: false do
153
-				curves = server.supported_curves.collect &:name
154
-				expect(curves).to contain_exactly :prime256v1, :sect571r1
155
-			end
154
+			server = server curves: %i(prime256v1 sect571r1), server_preference: false
155
+			curves = server.supported_curves.collect &:name
156
+			expect(curves).to contain_exactly :prime256v1, :sect571r1
156 157
 		end
157 158
 
158 159
 		# No luck here :'(
159 160
 		it 'can\'t detect supported curves from ECDHE if server preference enforced' do
160
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
161
-					 curves:   %i(prime256v1 sect571r1), server_preference: true do
162
-				curves = server.supported_curves.collect &:name
163
-				expect(curves).to contain_exactly :prime256v1
164
-			end
165
-
166
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
167
-					 curves:   %i(sect571r1 prime256v1), server_preference: true do
168
-				curves = server.supported_curves.collect &:name
169
-				expect(curves).to contain_exactly :prime256v1, :sect571r1
170
-			end
161
+			server = server curves: %i(prime256v1 sect571r1)
162
+			curves = server.supported_curves.collect &:name
163
+			expect(curves).to contain_exactly :prime256v1
164
+
165
+			server = server curves: %i(sect571r1 prime256v1)
166
+			curves = server.supported_curves.collect &:name
167
+			expect(curves).to contain_exactly :prime256v1, :sect571r1
171 168
 		end
172 169
 	end
173 170
 
174 171
 	describe '#curves_preference' do
175 172
 		it 'must report N/A if no curve on RSA' do
176
-			tls_serv material:          [[:rsa, 1024]], ciphers: %w(AES128-GCM-SHA256),
177
-					 server_preference: true do
178
-				curves = server.curves_preference
179
-				expect(curves).to be_nil
180
-			end
181
-
182
-			tls_serv material:          [[:rsa, 1024]], ciphers: %w(AES128-GCM-SHA256),
183
-					 server_preference: false do
184
-				curves = server.curves_preference
185
-				expect(curves).to be_nil
186
-			end
173
+			s      = server :rsa, ciphers: %w(AES128-GCM-SHA256)
174
+			curves = s.curves_preference
175
+			expect(curves).to be_nil
176
+
177
+			s      = server :rsa, ciphers: %w(AES128-GCM-SHA256), server_preference: false
178
+			curves = s.curves_preference
179
+			expect(curves).to be_nil
187 180
 		end
188 181
 
189 182
 		it 'must report N/A if a single curve on RSA' do
190
-			tls_serv material: [[:rsa, 1024]], ciphers: %w(ECDHE-RSA-AES128-GCM-SHA256),
191
-					 curves:   %i(prime256v1), server_preference: true do
192
-				curves = server.curves_preference
193
-				expect(curves).to be_nil
194
-			end
195
-
196
-			tls_serv material: [[:rsa, 1024]], ciphers: %w(ECDHE-RSA-AES128-GCM-SHA256),
197
-					 curves:   %i(prime256v1), server_preference: false do
198
-				curves = server.curves_preference
199
-				expect(curves).to be_nil
200
-			end
183
+			curves = server(:rsa).curves_preference
184
+			expect(curves).to be_nil
185
+
186
+			curves = server(:rsa, server_preference: false).curves_preference
187
+			expect(curves).to be_nil
201 188
 		end
202 189
 
203 190
 		it 'must report server preference if server preference enforced on RSA' do
204
-			tls_serv material: [[:rsa, 1024]], ciphers: %w(ECDHE-RSA-AES128-GCM-SHA256),
205
-					 curves:   %i(prime256v1 sect571r1), server_preference: true do
206
-				curves = server.curves_preference.collect &:name
207
-				expect(curves).to eq %i(prime256v1 sect571r1)
208
-			end
209
-
210
-			tls_serv material: [[:rsa, 1024]], ciphers: %w(ECDHE-RSA-AES128-GCM-SHA256),
211
-					 curves:   %i(sect571r1 prime256v1), server_preference: true do
212
-				curves = server.curves_preference.collect &:name
213
-				expect(curves).to eq %i(sect571r1 prime256v1)
214
-			end
191
+			s      = server :rsa, curves: %i(prime256v1 sect571r1)
192
+			curves = s.curves_preference.collect &:name
193
+			expect(curves).to eq %i(prime256v1 sect571r1)
194
+
195
+			s      = server :rsa, curves: %i(sect571r1 prime256v1)
196
+			curves = s.curves_preference.collect &:name
197
+			expect(curves).to eq %i(sect571r1 prime256v1)
215 198
 		end
216 199
 
217 200
 		it 'must report client preference if server preference not enforced on RSA' do
218
-			tls_serv material: [[:rsa, 1024]], ciphers: %w(ECDHE-RSA-AES128-GCM-SHA256),
219
-					 curves:   %i(prime256v1 sect571r1), server_preference: false do
220
-				curves = server.curves_preference
221
-				expect(curves).to be :client
222
-			end
223
-
224
-			tls_serv material: [[:rsa, 1024]], ciphers: %w(ECDHE-RSA-AES128-GCM-SHA256),
225
-					 curves:   %i(sect571r1 prime256v1), server_preference: false do
226
-				curves = server.curves_preference
227
-				expect(curves).to be :client
228
-			end
201
+			s      = server :rsa, curves: %i(prime256v1 sect571r1), server_preference: false
202
+			curves = s.curves_preference
203
+			expect(curves).to be :client
204
+
205
+			s      = server :rsa, curves: %i(sect571r1 prime256v1), server_preference: false
206
+			curves = s.curves_preference
207
+			expect(curves).to be :client
229 208
 		end
230 209
 
231 210
 		it 'must report N/A if a single curve on ECDSA' do
232
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
233
-					 curves:   %i(prime256v1), server_preference: true do
234
-				curves = server.curves_preference
235
-				expect(curves).to be_nil
236
-			end
237
-
238
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
239
-					 curves:   %i(prime256v1), server_preference: false do
240
-				curves = server.curves_preference
241
-				expect(curves).to be_nil
242
-			end
211
+			curves = server.curves_preference
212
+			expect(curves).to be_nil
213
+
214
+			curves = server(server_preference: false).curves_preference
215
+			expect(curves).to be_nil
243 216
 		end
244 217
 
245 218
 		# No luck here :'(
246 219
 		it 'can\'t detect server preference if server preference enforced on ECDSA with preference on ECDSA curve' do
247
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
248
-					 curves:   %i(prime256v1 sect571r1), server_preference: true do
249
-				curves = server.curves_preference
250
-				expect(curves).to be_nil
251
-			end
220
+			curves = server(curves: %i(prime256v1 sect571r1)).curves_preference
221
+			expect(curves).to be_nil
252 222
 		end
253 223
 
254 224
 		it 'must report server preference if server preference enforced on ECDSA with preference not on ECDSA curve' do
255
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
256
-					 curves:   %i(sect571r1 prime256v1), server_preference: true do
257
-				curves = server.curves_preference.collect &:name
258
-				expect(curves).to eq %i(sect571r1 prime256v1)
259
-			end
225
+			s      = server curves: %i(sect571r1 prime256v1)
226
+			curves = s.curves_preference.collect &:name
227
+			expect(curves).to eq %i(sect571r1 prime256v1)
260 228
 		end
261 229
 
262 230
 		it 'must report client preference if server preference not enforced on ECDSA' do
263
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
264
-					 curves:   %i(prime256v1 sect571r1), server_preference: false do
265
-				curves = server.curves_preference
266
-				expect(curves).to be :client
267
-			end
268
-
269
-			tls_serv material: [[:ecdsa, :prime256v1]], ciphers: %w(ECDHE-ECDSA-AES128-GCM-SHA256),
270
-					 curves:   %i(sect571r1 prime256v1), server_preference: false do
271
-				curves = server.curves_preference
272
-				expect(curves).to be :client
273
-			end
231
+			s      = server curves: %i(prime256v1 sect571r1), server_preference: false
232
+			curves = s.curves_preference
233
+			expect(curves).to be :client
234
+
235
+			s      = server curves: %i(sect571r1 prime256v1), server_preference: false
236
+			curves = s.curves_preference
237
+			expect(curves).to be :client
274 238
 		end
275 239
 	end
276 240
 end

Loading…
Cancel
Save