From 9dbaedcb10fff94d90358fcf481139ec7df916ac Mon Sep 17 00:00:00 2001 From: aeris Date: Tue, 31 Jan 2017 23:58:50 +0100 Subject: [PATCH] More tests --- spec/cryptcheck/tls/server_spec.rb | 74 +++++++++++++++++++++++++++--- 1 file changed, 68 insertions(+), 6 deletions(-) diff --git a/spec/cryptcheck/tls/server_spec.rb b/spec/cryptcheck/tls/server_spec.rb index 3562d0d..d6b435d 100644 --- a/spec/cryptcheck/tls/server_spec.rb +++ b/spec/cryptcheck/tls/server_spec.rb @@ -9,15 +9,81 @@ describe CryptCheck::Tls::Server do FakeTime.unfreeze end + def server + CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, '127.0.0.1', 5000 + end + + describe '#certs' do + it 'must detect RSA certificate' do + tls_serv material: [[:rsa, 1024]] do + certs = server.certs.collect &:fingerprint + expect(certs).to contain_exactly 'a11802a4407aaeb93ccd0bd8c8a61be17eaba6b378433af5ad45ecbb1d633f71' + end + end + + it 'must detect ECDSA certificate' do + tls_serv material: [[:ecdsa, :prime256v1]] do + certs = server.certs.collect &:fingerprint + expect(certs).to contain_exactly '531ab9545f052818ff0559f648a147b104223834cc8f780516b3aacf1fdc8c06' + end + end + + it 'must detect RSA and ECDSA certificates' do + tls_serv material: [[:ecdsa, :prime256v1], [:rsa, 1024]] do + certs = server.certs.collect &:fingerprint + expect(certs).to contain_exactly '531ab9545f052818ff0559f648a147b104223834cc8f780516b3aacf1fdc8c06', + 'a11802a4407aaeb93ccd0bd8c8a61be17eaba6b378433af5ad45ecbb1d633f71' + end + end + end + + describe '#supported_curves' do + it 'must detect supported curves for RSA' do + tls_serv material: [[:rsa, 1024]], curves: %i(prime256v1 sect571r1) do + curves = server.supported_curves.collect &:name + expect(curves).to contain_exactly :prime256v1, :sect571r1 + end + end + + it 'must detect supported curves from ECDSA' do + tls_serv material: [[:ecdsa, :prime256v1]], + curves: %i(prime256v1), server_preference: false do + curves = server.supported_curves.collect &:name + expect(curves).to contain_exactly :prime256v1 + end + end + + it 'must detect supported curves from ECDSA and ECDHE' do + tls_serv material: [[:ecdsa, :prime256v1]], + curves: %i(prime256v1 sect571r1), server_preference: false do + curves = server.supported_curves.collect &:name + expect(curves).to contain_exactly :prime256v1, :sect571r1 + end + end + + # No chance here :'( + it 'can\'t detect supported curves from ECDHE if server preference enforced' do + tls_serv material: [[:ecdsa, :prime256v1]], + curves: %i(prime256v1 sect571r1), server_preference: true do + curves = server.supported_curves.collect &:name + expect(curves).to contain_exactly :prime256v1 + end + + tls_serv material: [[:ecdsa, :prime256v1]], + curves: %i(sect571r1 prime256v1), server_preference: true do + curves = server.supported_curves.collect &:name + expect(curves).to contain_exactly :prime256v1, :sect571r1 + end + end + end + describe '#md5_sign?' do it 'must detect server using MD5 certificate' do tls_serv do - server = CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, '127.0.0.1', 5000 expect(server.md5_sign?).to be false end tls_serv material: [:md5, [:rsa, 1024]] do - server = CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, '127.0.0.1', 5000 expect(server.md5_sign?).to be true end end @@ -26,12 +92,10 @@ describe CryptCheck::Tls::Server do describe '#sha1_sign?' do it 'must detect server using SHA1 certificate' do tls_serv do - server = CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, '127.0.0.1', 5000 expect(server.sha1_sign?).to be false end tls_serv material: [:sha1, [:rsa, 1024]] do - server = CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, '127.0.0.1', 5000 expect(server.sha1_sign?).to be true end end @@ -40,12 +104,10 @@ describe CryptCheck::Tls::Server do describe '#sha2_sign?' do it 'must detect server using SHA2 certificate' do tls_serv do - server = CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, '127.0.0.1', 5000 expect(server.sha2_sign?).to be true end tls_serv material: [:md5, :sha1] do - server = CryptCheck::Tls::TcpServer.new 'localhost', ::Socket::PF_INET, '127.0.0.1', 5000 expect(server.sha2_sign?).to be false end end