Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

tls_spec.rb 4.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. describe CryptCheck::Tls do
  2. describe '#analyze' do
  3. it 'return 1 grade with IPv4' do
  4. grades = server(host: '127.0.0.1') do
  5. CryptCheck::Tls.analyze '127.0.0.1', 5000
  6. end
  7. expect(grades.size).to be 1
  8. expect_grade grades, '127.0.0.1', '127.0.0.1', 5000, :ipv4
  9. end
  10. it 'return 1 grade with IPv6' do
  11. grades = server(host: '::1') do
  12. CryptCheck::Tls.analyze '::1', 5000
  13. end
  14. expect(grades.size).to be 1
  15. expect_grade grades, '::1', '::1', 5000, :ipv6
  16. end
  17. it 'return 2 grades with hostname (IPv4 & IPv6)' do
  18. addresses = %w(127.0.0.1 ::1)
  19. allow(Addrinfo).to receive(:getaddrinfo).with('localhost', nil, nil, :STREAM) do
  20. addresses.collect { |a| Addrinfo.new Socket.sockaddr_in(nil, a) }
  21. end
  22. grades = server(host: '::') do
  23. CryptCheck::Tls.analyze 'localhost', 5000
  24. end
  25. expect_grade grades, 'localhost', '127.0.0.1', 5000, :ipv4
  26. expect_grade grades, 'localhost', '::1', 5000, :ipv6
  27. end
  28. it 'return error if DNS resolution problem' do
  29. allow(Addrinfo).to receive(:getaddrinfo).with('localhost', nil, nil, :STREAM)
  30. .and_raise SocketError, 'getaddrinfo: Name or service not known'
  31. grades = server do
  32. CryptCheck::Tls.analyze 'localhost', 5000
  33. end
  34. expect(grades).to be_a CryptCheck::AnalysisFailure
  35. expect(grades.to_s).to eq 'Unable to resolve localhost'
  36. end
  37. it 'return error if analysis too long' do
  38. stub_const 'CryptCheck::MAX_ANALYSIS_DURATION', 1
  39. allow(CryptCheck::Tls::Server).to receive(:new) { sleep 2 }
  40. grades = server do
  41. CryptCheck::Tls.analyze 'localhost', 5000
  42. end
  43. expect_grade_error grades, 'localhost', '127.0.0.1', 5000,
  44. 'Too long analysis (max 1 second)'
  45. end
  46. it 'return error if unable to connect' do
  47. addresses = %w(127.0.0.1 ::1)
  48. allow(Addrinfo).to receive(:getaddrinfo).with('localhost', nil, nil, :STREAM) do
  49. addresses.collect { |a| Addrinfo.new Socket.sockaddr_in(nil, a) }
  50. end
  51. grades = server(host: '::1') do
  52. CryptCheck::Tls.analyze 'localhost', 5000
  53. end
  54. expect_grade_error grades, 'localhost', '127.0.0.1', 5000,
  55. 'Connection refused - connect(2) for 127.0.0.1:5000'
  56. expect_grade grades, 'localhost', '::1', 5000, :ipv6
  57. end
  58. it 'return error if TCP timeout' do
  59. stub_const 'CryptCheck::Tls::Server::TCP_TIMEOUT', 1
  60. addresses = %w(127.0.0.1 ::1)
  61. allow(Addrinfo).to receive(:getaddrinfo).with('localhost', nil, nil, :STREAM) do
  62. addresses.collect { |a| Addrinfo.new Socket.sockaddr_in(nil, a) }
  63. end
  64. original = IO.method :select
  65. allow(IO).to receive(:select) do |*args, &block|
  66. socket = [args[0]&.first, args[1]&.first].compact.first
  67. next nil if socket.is_a?(Socket) && (socket.local_address.afamily == Socket::AF_INET)
  68. original.call *args, &block
  69. end
  70. grades = server(host: '::') do
  71. CryptCheck::Tls.analyze 'localhost', 5000
  72. end
  73. expect_grade_error grades, 'localhost', '127.0.0.1', 5000,
  74. 'Timeout when connect to 127.0.0.1:5000 (max 1 second)'
  75. expect_grade grades, 'localhost', '::1', 5000, :ipv6
  76. end
  77. it 'return error if TLS timeout' do
  78. stub_const 'CryptCheck::Tls::Server::SSL_TIMEOUT', 1
  79. addresses = %w(127.0.0.1 ::1)
  80. allow(Addrinfo).to receive(:getaddrinfo).with('localhost', nil, nil, :STREAM) do
  81. addresses.collect { |a| Addrinfo.new Socket.sockaddr_in(nil, a) }
  82. end
  83. original = IO.method :select
  84. allow(IO).to receive(:select) do |*args, &block|
  85. socket = [args[0]&.first, args[1]&.first].compact.first
  86. next nil if socket.is_a?(OpenSSL::SSL::SSLSocket) && (socket.io.local_address.afamily == Socket::AF_INET)
  87. original.call *args, &block
  88. end
  89. grades = server(host: '::') do
  90. CryptCheck::Tls.analyze 'localhost', 5000
  91. end
  92. expect_grade_error grades, 'localhost', '127.0.0.1', 5000,
  93. 'Timeout when TLS connect to 127.0.0.1:5000 (max 1 second)'
  94. expect_grade grades, 'localhost', '::1', 5000, :ipv6
  95. end
  96. it 'return error if plain server' do
  97. stub_const 'CryptCheck::Tls::Server::SSL_TIMEOUT', 1
  98. addresses = %w(127.0.0.1 ::1)
  99. allow(Addrinfo).to receive(:getaddrinfo).with('localhost', nil, nil, :STREAM) do
  100. addresses.collect { |a| Addrinfo.new Socket.sockaddr_in(nil, a) }
  101. end
  102. grades = plain_server(host: '127.0.0.1') do
  103. server(host: '::1') do
  104. CryptCheck::Tls.analyze 'localhost', 5000
  105. end
  106. end
  107. expect_grade_error grades, 'localhost', '127.0.0.1', 5000,
  108. 'Timeout when TLS connect to 127.0.0.1:5000 (max 1 second)'
  109. expect_grade grades, 'localhost', '::1', 5000, :ipv6
  110. end
  111. end
  112. end