You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

cert_spec.rb 2.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. describe CryptCheck::Tls::Cert do
  2. describe '::trusted?' do
  3. it 'must accept valid certificate' do
  4. FakeTime.freeze Time.utc(2000, 1, 1) do
  5. cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))
  6. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
  7. expect(trust).to eq :trusted
  8. end
  9. end
  10. it 'must reject self signed certificate' do
  11. cert, ca = chain(%w(self-signed ca))
  12. trust = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca
  13. expect(trust).to eq 'self signed certificate'
  14. # Case for SSLv2
  15. cert, ca = chain(%w(self-signed ca))
  16. trust = ::CryptCheck::Tls::Cert.trusted? cert, nil, roots: ca
  17. expect(trust).to eq 'self signed certificate'
  18. end
  19. it 'must reject unknown CA' do
  20. cert, *chain = chain(%w(ecdsa-prime256v1 intermediate ca))
  21. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: []
  22. expect(trust).to eq 'unable to get issuer certificate'
  23. end
  24. it 'must reject missing intermediate chain' do
  25. cert, ca = chain(%w(ecdsa-prime256v1 ca))
  26. chain = []
  27. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
  28. expect(trust).to eq 'unable to get local issuer certificate'
  29. end
  30. it 'must reject expired certificate' do
  31. FakeTime.freeze Time.utc(2002, 1, 1) do
  32. cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))
  33. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
  34. expect(trust).to eq 'certificate has expired'
  35. end
  36. end
  37. it 'must reject not yet valid certificate' do
  38. FakeTime.freeze Time.utc(1999, 1, 1) do
  39. cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))
  40. trust = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca
  41. expect(trust).to eq 'certificate is not yet valid'
  42. end
  43. end
  44. end
  45. describe '#md5?' do
  46. it 'must detect md5 certificate' do
  47. cert = ::CryptCheck::Tls::Cert.new cert(:md5)
  48. expect(cert.md5?).to be true
  49. cert = ::CryptCheck::Tls::Cert.new cert(:sha1)
  50. expect(cert.md5?).to be false
  51. cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)
  52. expect(cert.md5?).to be false
  53. end
  54. end
  55. describe '#sha1?' do
  56. it 'must detect sha1 certificate' do
  57. cert = ::CryptCheck::Tls::Cert.new cert(:md5)
  58. expect(cert.sha1?).to be false
  59. cert = ::CryptCheck::Tls::Cert.new cert(:sha1)
  60. expect(cert.sha1?).to be true
  61. cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)
  62. expect(cert.sha1?).to be false
  63. end
  64. end
  65. describe '#sha2?' do
  66. it 'must detect sha2 certificate' do
  67. cert = ::CryptCheck::Tls::Cert.new cert(:md5)
  68. expect(cert.sha2?).to be false
  69. cert = ::CryptCheck::Tls::Cert.new cert(:sha1)
  70. expect(cert.sha2?).to be false
  71. cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)
  72. expect(cert.sha2?).to be true
  73. end
  74. end
  75. end