aeris
/
cryptcheck
Слідкувати 1
В обрані 0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
125 Коміти
3 Гілки
875KB
Дерево: c75601dad4
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'c75601dad4'
${ noResults }
cryptcheck/spec/cryptcheck/tls/cert_spec.rb

91 рядки
2.8KB
Неформатований Звинувачення Історія 

  1. describe CryptCheck::Tls::Cert do

  2. 	describe '::trusted?' do

  3. 		it 'must accept valid certificate' do

  4. 			FakeTime.freeze Time.utc(2000, 1, 1) do

  5. 				cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))

  6. 				trust            = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca

  7. 				expect(trust).to eq :trusted

  8. 			end

  9. 		end

  10. 

  11. 		it 'must reject self signed certificate' do

  12. 			cert, ca = chain(%w(self-signed ca))

  13. 			trust    = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca

  14. 			expect(trust).to eq 'self signed certificate'

  15. 

  16. 			# Case for SSLv2

  17. 			cert, ca = chain(%w(self-signed ca))

  18. 			trust    = ::CryptCheck::Tls::Cert.trusted? cert, nil, roots: ca

  19. 			expect(trust).to eq 'self signed certificate'

  20. 		end

  21. 

  22. 		it 'must reject unknown CA' do

  23. 			cert, *chain = chain(%w(ecdsa-prime256v1 intermediate ca))

  24. 			trust        = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: []

  25. 			expect(trust).to eq 'unable to get issuer certificate'

  26. 		end

  27. 

  28. 		it 'must reject missing intermediate chain' do

  29. 			cert, ca = chain(%w(ecdsa-prime256v1 ca))

  30. 			chain    = []

  31. 			trust    = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca

  32. 			expect(trust).to eq 'unable to get local issuer certificate'

  33. 		end

  34. 

  35. 		it 'must reject expired certificate' do

  36. 			FakeTime.freeze Time.utc(2002, 1, 1) do

  37. 				cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))

  38. 				trust            = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca

  39. 				expect(trust).to eq 'certificate has expired'

  40. 			end

  41. 		end

  42. 

  43. 		it 'must reject not yet valid certificate' do

  44. 			FakeTime.freeze Time.utc(1999, 1, 1) do

  45. 				cert, *chain, ca = chain(%w(ecdsa-prime256v1 intermediate ca))

  46. 				trust            = ::CryptCheck::Tls::Cert.trusted? cert, chain, roots: ca

  47. 				expect(trust).to eq 'certificate is not yet valid'

  48. 			end

  49. 		end

  50. 	end

  51. 

  52. 	describe '#md5?' do

  53. 		it 'must detect md5 certificate' do

  54. 			cert = ::CryptCheck::Tls::Cert.new cert(:md5)

  55. 			expect(cert.md5?).to be true

  56. 

  57. 			cert = ::CryptCheck::Tls::Cert.new cert(:sha1)

  58. 			expect(cert.md5?).to be false

  59. 

  60. 			cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)

  61. 			expect(cert.md5?).to be false

  62. 		end

  63. 	end

  64. 

  65. 	describe '#sha1?' do

  66. 		it 'must detect sha1 certificate' do

  67. 			cert = ::CryptCheck::Tls::Cert.new cert(:md5)

  68. 			expect(cert.sha1?).to be false

  69. 

  70. 			cert = ::CryptCheck::Tls::Cert.new cert(:sha1)

  71. 			expect(cert.sha1?).to be true

  72. 

  73. 			cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)

  74. 			expect(cert.sha1?).to be false

  75. 		end

  76. 	end

  77. 

  78. 	describe '#sha2?' do

  79. 		it 'must detect sha2 certificate' do

  80. 			cert = ::CryptCheck::Tls::Cert.new cert(:md5)

  81. 			expect(cert.sha2?).to be false

  82. 

  83. 			cert = ::CryptCheck::Tls::Cert.new cert(:sha1)

  84. 			expect(cert.sha2?).to be false

  85. 

  86. 			cert = ::CryptCheck::Tls::Cert.new cert(:ecdsa, :prime256v1)

  87. 			expect(cert.sha2?).to be true

  88. 		end

  89. 	end

  90. end