您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

cert_spec.rb 1.8KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152
  1. require 'faketime'
  2. describe CryptCheck::Tls::Cert do
  3. def load_chain(chain)
  4. chain.collect { |f| ::OpenSSL::X509::Certificate.new File.read "spec/resources/#{f}.crt" }
  5. end
  6. describe '::trusted?' do
  7. it 'must accept valid certificate' do
  8. FakeTime.freeze Time.utc(2000, 1, 1) do
  9. cert, *chain, ca = load_chain %w(ecdsa-prime256v1 intermediate ca)
  10. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
  11. expect(trust).to eq :trusted
  12. end
  13. end
  14. it 'must reject self signed certificate' do
  15. cert, ca = load_chain %w(self-signed ca)
  16. trust = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca
  17. expect(trust).to eq 'self signed certificate'
  18. end
  19. it 'must reject unknown CA' do
  20. cert, *chain = load_chain %w(ecdsa-prime256v1 intermediate ca)
  21. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: []
  22. expect(trust).to eq 'unable to get issuer certificate'
  23. end
  24. it 'must reject missing intermediate chain' do
  25. cert, ca = load_chain %w(ecdsa-prime256v1 ca)
  26. chain = []
  27. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
  28. expect(trust).to eq 'unable to get local issuer certificate'
  29. end
  30. it 'must reject expired certificate' do
  31. FakeTime.freeze Time.utc(2002, 1, 1) do
  32. cert, *chain, ca = load_chain %w(ecdsa-prime256v1 intermediate ca)
  33. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
  34. expect(trust).to eq 'certificate has expired'
  35. end
  36. end
  37. it 'must reject not yet valid certificate' do
  38. FakeTime.freeze Time.utc(1999, 1, 1) do
  39. cert, *chain, ca = load_chain %w(ecdsa-prime256v1 intermediate ca)
  40. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
  41. expect(trust).to eq 'certificate is not yet valid'
  42. end
  43. end
  44. end
  45. end