You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

server_spec.rb 6.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187
  1. describe CryptCheck::Tls::Server do
  2. before :all do
  3. FakeTime.freeze Time.utc(2000, 1, 1)
  4. end
  5. after :all do
  6. FakeTime.unfreeze
  7. end
  8. def server(*args, **kargs)
  9. do_in_serv *args, **kargs do |host, port|
  10. CryptCheck::Tls::TcpServer.new 'localhost', host, ::Socket::PF_INET, port
  11. end
  12. end
  13. describe '#certs' do
  14. it 'must detect RSA certificate' do
  15. certs = server(:rsa).certs.collect &:fingerprint
  16. expect(certs).to match_array %w(a11802a4407aaeb93ccd0bd8c8a61be17eaba6b378433af5ad45ecbb1d633f71)
  17. end
  18. it 'must detect ECDSA certificate' do
  19. certs = server.certs.collect &:fingerprint
  20. expect(certs).to match_array %w(531ab9545f052818ff0559f648a147b104223834cc8f780516b3aacf1fdc8c06)
  21. end
  22. it 'must detect RSA and ECDSA certificates' do
  23. certs = server(:mixed).certs.collect &:fingerprint
  24. expect(certs).to match_array %w(531ab9545f052818ff0559f648a147b104223834cc8f780516b3aacf1fdc8c06
  25. a11802a4407aaeb93ccd0bd8c8a61be17eaba6b378433af5ad45ecbb1d633f71)
  26. end
  27. end
  28. describe '#supported_methods' do
  29. it 'must detect SSLv2' do
  30. s = server :sslv2
  31. methods = s.supported_methods.collect &:to_sym
  32. expect(methods).to match_array %i(SSLv2)
  33. end
  34. it 'must detect SSLv3' do
  35. server = server methods: %i(SSLv3)
  36. methods = server.supported_methods.collect &:to_sym
  37. expect(methods).to match_array %i(SSLv3)
  38. end
  39. it 'must detect TLSv1.0' do
  40. server = server methods: %i(TLSv1)
  41. methods = server.supported_methods.collect &:to_sym
  42. expect(methods).to match_array %i(TLSv1)
  43. end
  44. it 'must detect TLSv1.1' do
  45. server = server methods: %i(TLSv1_1)
  46. methods = server.supported_methods.collect &:to_sym
  47. expect(methods).to match_array %i(TLSv1_1)
  48. end
  49. it 'must detect TLSv1.2' do
  50. server = server methods: %i(TLSv1_2)
  51. methods = server.supported_methods.collect &:to_sym
  52. expect(methods).to match_array %i(TLSv1_2)
  53. end
  54. it 'must detect mixed methods' do
  55. server = server methods: %i(SSLv3 TLSv1 TLSv1_1 TLSv1_2)
  56. methods = server.supported_methods.collect &:to_sym
  57. expect(methods).to match_array %i(SSLv3 TLSv1 TLSv1_1 TLSv1_2)
  58. end
  59. end
  60. describe '#supported_ciphers' do
  61. it 'must detect supported cipher' do
  62. ciphers = server.supported_ciphers
  63. .map { |k, v| [k.to_sym, v.keys.collect(&:name)] }
  64. .to_h[:TLSv1_2]
  65. expect(ciphers).to match_array %w(ECDHE-ECDSA-AES128-SHA)
  66. end
  67. end
  68. describe '#supported_curves' do
  69. it 'must detect no supported curves' do
  70. s = server :rsa, ciphers: %w(AES128-SHA)
  71. curves = s.supported_curves.collect &:name
  72. expect(curves).to be_empty
  73. end
  74. it 'must detect supported curves for RSA' do
  75. s = server :rsa, curves: %i(prime256v1 sect571r1)
  76. curves = s.supported_curves.collect &:name
  77. expect(curves).to contain_exactly :prime256v1, :sect571r1
  78. end
  79. it 'must detect supported curves from ECDSA' do
  80. server = server server_preference: false
  81. curves = server.supported_curves.collect &:name
  82. expect(curves).to contain_exactly :prime256v1
  83. end
  84. it 'must detect supported curves from ECDSA and ECDHE' do
  85. server = server curves: %i(prime256v1 sect571r1), server_preference: false
  86. curves = server.supported_curves.collect &:name
  87. expect(curves).to contain_exactly :prime256v1, :sect571r1
  88. end
  89. # No luck here :'(
  90. it 'can\'t detect supported curves from ECDHE if server preference enforced' do
  91. server = server curves: %i(prime256v1 sect571r1)
  92. curves = server.supported_curves.collect &:name
  93. expect(curves).to contain_exactly :prime256v1
  94. server = server curves: %i(sect571r1 prime256v1)
  95. curves = server.supported_curves.collect &:name
  96. expect(curves).to contain_exactly :prime256v1, :sect571r1
  97. end
  98. end
  99. describe '#curves_preference' do
  100. it 'must report N/A if no curve on RSA' do
  101. s = server :rsa, ciphers: %w(AES128-GCM-SHA256)
  102. curves = s.curves_preference
  103. expect(curves).to be_nil
  104. s = server :rsa, ciphers: %w(AES128-GCM-SHA256), server_preference: false
  105. curves = s.curves_preference
  106. expect(curves).to be_nil
  107. end
  108. it 'must report N/A if a single curve on RSA' do
  109. curves = server(:rsa).curves_preference
  110. expect(curves).to be_nil
  111. curves = server(:rsa, server_preference: false).curves_preference
  112. expect(curves).to be_nil
  113. end
  114. it 'must report server preference if server preference enforced on RSA' do
  115. s = server :rsa, curves: %i(prime256v1 sect571r1)
  116. curves = s.curves_preference.collect &:name
  117. expect(curves).to eq %i(prime256v1 sect571r1)
  118. s = server :rsa, curves: %i(sect571r1 prime256v1)
  119. curves = s.curves_preference.collect &:name
  120. expect(curves).to eq %i(sect571r1 prime256v1)
  121. end
  122. it 'must report client preference if server preference not enforced on RSA' do
  123. s = server :rsa, curves: %i(prime256v1 sect571r1), server_preference: false
  124. curves = s.curves_preference
  125. expect(curves).to be :client
  126. s = server :rsa, curves: %i(sect571r1 prime256v1), server_preference: false
  127. curves = s.curves_preference
  128. expect(curves).to be :client
  129. end
  130. it 'must report N/A if a single curve on ECDSA' do
  131. curves = server.curves_preference
  132. expect(curves).to be_nil
  133. curves = server(server_preference: false).curves_preference
  134. expect(curves).to be_nil
  135. end
  136. # No luck here :'(
  137. it 'can\'t detect server preference if server preference enforced on ECDSA with preference on ECDSA curve' do
  138. curves = server(curves: %i(prime256v1 sect571r1)).curves_preference
  139. expect(curves).to be_nil
  140. end
  141. it 'must report server preference if server preference enforced on ECDSA with preference not on ECDSA curve' do
  142. s = server curves: %i(sect571r1 prime256v1)
  143. curves = s.curves_preference.collect &:name
  144. expect(curves).to eq %i(sect571r1 prime256v1)
  145. end
  146. it 'must report client preference if server preference not enforced on ECDSA' do
  147. s = server curves: %i(prime256v1 sect571r1), server_preference: false
  148. curves = s.curves_preference
  149. expect(curves).to be :client
  150. s = server curves: %i(sect571r1 prime256v1), server_preference: false
  151. curves = s.curves_preference
  152. expect(curves).to be :client
  153. end
  154. end
  155. end