autosign 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +13 -5
- data/.gitignore +5 -0
- data/.rspec +4 -0
- data/.travis.yml +7 -1
- data/Gemfile.lock +72 -19
- data/README.md +1 -1
- data/Rakefile +15 -9
- data/autosign.gemspec +13 -12
- data/lib/autosign.rb +15 -0
- data/lib/autosign/config.rb +5 -0
- data/lib/autosign/decoder.rb +7 -0
- data/lib/autosign/journal.rb +1 -1
- data/lib/autosign/token.rb +12 -1
- data/lib/autosign/validators/jwt.rb +37 -3
- data/lib/autosign/validators/multiplexer.rb +77 -28
- data/lib/autosign/validators/passwordlist.rb +49 -0
- data/lib/autosign/version.rb +1 -1
- data/spec/spec_helper.rb +102 -0
- data/spec/specs/config_spec.rb +20 -0
- data/spec/specs/decoder_spec.rb +16 -0
- data/spec/specs/journal_spec.rb +41 -0
- data/spec/specs/token_spec.rb +102 -0
- data/spec/specs/validators/jwt_spec.rb +69 -0
- data/spec/specs/validators/passwordlist_spec.rb +51 -0
- metadata +92 -59
- data/README.rdoc +0 -6
- data/autosign.rdoc +0 -5
- data/lib/autosign/logger.rb +0 -7
@@ -1,12 +1,47 @@
|
|
1
1
|
module Autosign
|
2
2
|
module Validators
|
3
|
+
|
4
|
+
# The multiplexer validator sends the same request received by the autosign
|
5
|
+
# executable to one or more external executables. The purpose is to allow
|
6
|
+
# one or more existing autosign scripts to be used in conjunction with the
|
7
|
+
# native validators implemented in this tool.
|
8
|
+
#
|
9
|
+
# @example validate autosign requests with any one of three external autosign scripts
|
10
|
+
# # In the /etc/autosign.conf file, include a section reading:
|
11
|
+
# [multiplexer]
|
12
|
+
# strategy = any
|
13
|
+
# external_policy_executable = /usr/local/bin/custom-autosigner1.sh
|
14
|
+
# external_policy_executable = /usr/local/bin/another-autosign-script.rb
|
15
|
+
# external_policy_executable = /usr/local/bin/yet-another-autosign-script.pl
|
16
|
+
# # all three scripts will be called with the same interface puppet
|
17
|
+
# # uses when an autosign policy executable is specified in the `autosign`
|
18
|
+
# # setting in the [master] section of the puppet.conf config file.
|
19
|
+
#
|
20
|
+
# @example validate autosign requests with both of two external autosign scripts
|
21
|
+
# # In the /etc/autosign.conf file, include a section reading:
|
22
|
+
# [multiplexer]
|
23
|
+
# strategy = all
|
24
|
+
# external_policy_executable = /usr/local/bin/custom-autosigner1.sh
|
25
|
+
# external_policy_executable = /usr/local/bin/another-autosign-script.rb
|
26
|
+
# # requests will only be validated by the multiplexer validator if they
|
27
|
+
# # are validated by both external policy executables.
|
3
28
|
class Multiplexer < Autosign::Validator
|
29
|
+
|
30
|
+
# set the user-friendly name of the Multiplexer validator.
|
31
|
+
# This name is used to specify that configuration should come from the
|
32
|
+
# [multiplexer] section of the autosign.conf file.
|
33
|
+
# @return [String] name of the validator
|
4
34
|
def name
|
5
35
|
"multiplexer"
|
6
36
|
end
|
7
37
|
|
8
38
|
private
|
9
39
|
|
40
|
+
# validate a CSR by passing it to each external executable
|
41
|
+
# @param token [String] not used by this validator
|
42
|
+
# @param certname [String] certname requested in the CSR
|
43
|
+
# @param raw_csr [String] X509 certificate signing request as received by the policy executable
|
44
|
+
# @return [True, False] returns true to indicate successful validation, and false to indicate failure to validate
|
10
45
|
def perform_validation(token, certname, raw_csr)
|
11
46
|
results = []
|
12
47
|
@log.debug "validating using multiplexed external executables"
|
@@ -20,45 +55,59 @@ module Autosign
|
|
20
55
|
end
|
21
56
|
|
22
57
|
|
58
|
+
# set the default validation strategy to "any", succeeding if any one
|
59
|
+
# external autosign script succeeds.
|
60
|
+
# @return [Hash] config hash to be merged in with config file settings and overrides.
|
23
61
|
def default_settings
|
24
62
|
{
|
25
63
|
'strategy' => 'any',
|
26
64
|
}
|
27
65
|
end
|
28
66
|
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
67
|
+
# given an array of booleans, check whether any or all of them are true
|
68
|
+
# depending on the strategy set in settings.
|
69
|
+
# @param array [Array] array of booleans
|
70
|
+
# @return [True, False]
|
71
|
+
def validate_using_strategy(array)
|
72
|
+
case settings['strategy']
|
73
|
+
when 'any'
|
74
|
+
@log.debug "validating using 'any' strategy"
|
75
|
+
return array.any?
|
76
|
+
when 'all'
|
77
|
+
@log.debug "validating using 'all' strategy"
|
78
|
+
return array.all?
|
79
|
+
else
|
80
|
+
@log.error "unable to validate; unknown strategy"
|
81
|
+
return false
|
82
|
+
end
|
40
83
|
end
|
41
|
-
end
|
42
84
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
85
|
+
# return an array of external policy executables in settings,
|
86
|
+
# or an empty array if none are specified.
|
87
|
+
# @return [Array] of policy executables.
|
88
|
+
def policy_executables
|
89
|
+
return [] if settings['external_policy_executable'].nil?
|
90
|
+
exec_list = settings['external_policy_executable']
|
91
|
+
return [exec_list] if exec_list.is_a?(String)
|
92
|
+
return exec_list if exec_list.is_a?(Array)
|
93
|
+
return []
|
94
|
+
end
|
50
95
|
|
51
96
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
97
|
+
# validate that settins are reasonable. Validation strategy must be
|
98
|
+
# either any or all.
|
99
|
+
# @param settings [Hash] config settings hash
|
100
|
+
# @return [True, False] true if settings validate successfully, false otherwise
|
101
|
+
def validate_settings(settings)
|
102
|
+
@log.debug "validating settings: " + settings.to_s
|
103
|
+
unless ['any', 'all'].include? settings['strategy']
|
104
|
+
@log.error "strategy setting must be set to 'any' or 'all'"
|
105
|
+
return false
|
106
|
+
end
|
58
107
|
|
59
|
-
|
60
|
-
|
61
|
-
|
108
|
+
@log.debug "done validating settings"
|
109
|
+
true
|
110
|
+
end
|
62
111
|
|
63
112
|
end
|
64
113
|
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
module Autosign
|
2
|
+
module Validators
|
3
|
+
# Validate certificate signing requests using a simple password list.
|
4
|
+
# This is not a very secure or flexible validation scheme, but is provided
|
5
|
+
# because so many existing autosign policy scripts implement it.
|
6
|
+
#
|
7
|
+
# @example validate CSRs when the challengePassword OID is set to any of "hunter2", "opensesame", or "CPE1704TKS"
|
8
|
+
# # In /etc/autosign.conf, include the following configuration:
|
9
|
+
# [password_list]
|
10
|
+
# password = hunter2
|
11
|
+
# password = opensesame
|
12
|
+
# password = CPE1704TKS
|
13
|
+
#
|
14
|
+
class Passwordlist < Autosign::Validator
|
15
|
+
def name
|
16
|
+
"password_list"
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def perform_validation(password, certname, raw_csr)
|
22
|
+
@log.debug "validating against simple password list"
|
23
|
+
@log.debug "passwords: " + settings.to_s
|
24
|
+
result = validate_password(password.to_s)
|
25
|
+
@log.debug "validation result: " + result.to_s
|
26
|
+
return result
|
27
|
+
end
|
28
|
+
|
29
|
+
def validate_password(password)
|
30
|
+
@log.debug "Checking if password list includes password"
|
31
|
+
password_list.include?(password.to_s)
|
32
|
+
end
|
33
|
+
|
34
|
+
def password_list
|
35
|
+
return [] if settings['password'].nil?
|
36
|
+
passwords = settings['password']
|
37
|
+
return [passwords] if passwords.is_a?(String)
|
38
|
+
return passwords if passwords.is_a?(Array)
|
39
|
+
return []
|
40
|
+
end
|
41
|
+
|
42
|
+
def validate_settings(settings)
|
43
|
+
@log.debug "validating settings: " + settings.to_s
|
44
|
+
true
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
data/lib/autosign/version.rb
CHANGED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'coveralls'
|
2
|
+
Coveralls.wear!
|
3
|
+
# This file was generated by the `rspec --init` command. Conventionally, all
|
4
|
+
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
5
|
+
# The generated `.rspec` file contains `--require spec_helper` which will cause
|
6
|
+
# this file to always be loaded, without a need to explicitly require it in any
|
7
|
+
# files.
|
8
|
+
#
|
9
|
+
# Given that it is always loaded, you are encouraged to keep this file as
|
10
|
+
# light-weight as possible. Requiring heavyweight dependencies from this file
|
11
|
+
# will add to the boot time of your test suite on EVERY test run, even for an
|
12
|
+
# individual file that may not need all of that loaded. Instead, consider making
|
13
|
+
# a separate helper file that requires the additional dependencies and performs
|
14
|
+
# the additional setup, and require it from the spec files that actually need
|
15
|
+
# it.
|
16
|
+
#
|
17
|
+
# The `.rspec` file also contains a few flags that are not defaults but that
|
18
|
+
# users commonly want.
|
19
|
+
#
|
20
|
+
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
21
|
+
#
|
22
|
+
require_relative "../lib/autosign"
|
23
|
+
@fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures'))
|
24
|
+
|
25
|
+
RSpec.configure do |config|
|
26
|
+
# rspec-expectations config goes here. You can use an alternate
|
27
|
+
# assertion/expectation library such as wrong or the stdlib/minitest
|
28
|
+
# assertions if you prefer.
|
29
|
+
config.expect_with :rspec do |expectations|
|
30
|
+
# This option will default to `true` in RSpec 4. It makes the `description`
|
31
|
+
# and `failure_message` of custom matchers include text for helper methods
|
32
|
+
# defined using `chain`, e.g.:
|
33
|
+
# be_bigger_than(2).and_smaller_than(4).description
|
34
|
+
# # => "be bigger than 2 and smaller than 4"
|
35
|
+
# ...rather than:
|
36
|
+
# # => "be bigger than 2"
|
37
|
+
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
38
|
+
end
|
39
|
+
|
40
|
+
# rspec-mocks config goes here. You can use an alternate test double
|
41
|
+
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
42
|
+
config.mock_with :rspec do |mocks|
|
43
|
+
# Prevents you from mocking or stubbing a method that does not exist on
|
44
|
+
# a real object. This is generally recommended, and will default to
|
45
|
+
# `true` in RSpec 4.
|
46
|
+
mocks.verify_partial_doubles = true
|
47
|
+
end
|
48
|
+
|
49
|
+
# The settings below are suggested to provide a good initial experience
|
50
|
+
# with RSpec, but feel free to customize to your heart's content.
|
51
|
+
=begin
|
52
|
+
# These two settings work together to allow you to limit a spec run
|
53
|
+
# to individual examples or groups you care about by tagging them with
|
54
|
+
# `:focus` metadata. When nothing is tagged with `:focus`, all examples
|
55
|
+
# get run.
|
56
|
+
config.filter_run :focus
|
57
|
+
config.run_all_when_everything_filtered = true
|
58
|
+
|
59
|
+
# Allows RSpec to persist some state between runs in order to support
|
60
|
+
# the `--only-failures` and `--next-failure` CLI options. We recommend
|
61
|
+
# you configure your source control system to ignore this file.
|
62
|
+
config.example_status_persistence_file_path = "spec/examples.txt"
|
63
|
+
|
64
|
+
# Limits the available syntax to the non-monkey patched syntax that is
|
65
|
+
# recommended. For more details, see:
|
66
|
+
# - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
|
67
|
+
# - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
68
|
+
# - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
|
69
|
+
config.disable_monkey_patching!
|
70
|
+
|
71
|
+
# This setting enables warnings. It's recommended, but in some cases may
|
72
|
+
# be too noisy due to issues in dependencies.
|
73
|
+
config.warnings = true
|
74
|
+
|
75
|
+
# Many RSpec users commonly either run the entire suite or an individual
|
76
|
+
# file, and it's useful to allow more verbose output when running an
|
77
|
+
# individual spec file.
|
78
|
+
if config.files_to_run.one?
|
79
|
+
# Use the documentation formatter for detailed output,
|
80
|
+
# unless a formatter has already been configured
|
81
|
+
# (e.g. via a command-line flag).
|
82
|
+
config.default_formatter = 'doc'
|
83
|
+
end
|
84
|
+
|
85
|
+
# Print the 10 slowest examples and example groups at the
|
86
|
+
# end of the spec run, to help surface which specs are running
|
87
|
+
# particularly slow.
|
88
|
+
config.profile_examples = 10
|
89
|
+
|
90
|
+
# Run specs in random order to surface order dependencies. If you find an
|
91
|
+
# order dependency and want to debug it, you can fix the order by providing
|
92
|
+
# the seed, which is printed after each run.
|
93
|
+
# --seed 1234
|
94
|
+
config.order = :random
|
95
|
+
|
96
|
+
# Seed global randomization in this process using the `--seed` CLI option.
|
97
|
+
# Setting this allows you to use `--seed` to deterministically reproduce
|
98
|
+
# test failures related to randomization by passing the same `--seed` value
|
99
|
+
# as the one that triggered the failure.
|
100
|
+
Kernel.srand config.seed
|
101
|
+
=end
|
102
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
context Autosign::Config do
|
4
|
+
describe 'basic use case' do
|
5
|
+
let(:settings) { {} }
|
6
|
+
let(:config) { Autosign::Config.new }
|
7
|
+
it 'accepts a hash as the parameter' do
|
8
|
+
expect { Autosign::Config.new(settings) }.to_not raise_error
|
9
|
+
end
|
10
|
+
it 'Returns hash' do
|
11
|
+
expect(config.settings).to be_a(Hash)
|
12
|
+
end
|
13
|
+
it 'Settings contains general section' do
|
14
|
+
expect(config.settings).to include(
|
15
|
+
'general' => be_a(Hash)
|
16
|
+
)
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
context Autosign::Decoder do
|
4
|
+
describe '.decode_csr' do
|
5
|
+
let(:csr) { File.read(File.join('fixtures', 'i-7672fe81.pem')) }
|
6
|
+
it 'Accepts a CSR as the parameter' do
|
7
|
+
expect { Autosign::Decoder.decode_csr(csr) }.to_not raise_error
|
8
|
+
end
|
9
|
+
it 'Extracts the challenge_password and common_name from a CSR' do
|
10
|
+
expect(Autosign::Decoder.decode_csr(csr)).to eq({:challenge_password=>"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJkYXRhIjoie1wiY2VydG5hbWVcIjpcImktNzY3MmZlODFcIixcInJlcXVlc3RlclwiOlwiRGFuaWVscy1NYWNCb29rLVByby0yLmxvY2FsXCIsXCJyZXVzYWJsZVwiOmZhbHNlLFwidmFsaWRmb3JcIjo5OTk5OTksXCJ1dWlkXCI6XCI0YTM2ZjA0NS1jNmNlLTRiZjYtYmEzYy02ZjNlNzhlNmI3MWNcIn0iLCJleHAiOiIxNDM3NDcwMTk2In0.OZQdenVzIxy-Is271TK0qqhKmRfqkB2Lhscsz-kIK4HQaem3Awx7zVkiCpj0_eFckgaKYNBMAdhUfIMqS3IMmw", :common_name=>"i-7672fe81"})
|
11
|
+
end
|
12
|
+
it 'Returns nil given an invalid CSR' do
|
13
|
+
expect(Autosign::Decoder.decode_csr("not_a_csr")).to be_nil
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'securerandom'
|
3
|
+
|
4
|
+
context Autosign::Journal do
|
5
|
+
let(:settings) { {'journalfile' => '/tmp/test.journal'} }
|
6
|
+
let(:journal) { Autosign::Journal.new(settings) }
|
7
|
+
let(:uuid) { SecureRandom.uuid }
|
8
|
+
let(:validto) { Time.now.to_i + 900 }
|
9
|
+
let(:data) { {'arbitrary_hey' => 'value'} }
|
10
|
+
|
11
|
+
|
12
|
+
context 'class methods' do
|
13
|
+
describe '.new' do
|
14
|
+
it 'accepts a hash as the parameter' do
|
15
|
+
expect { Autosign::Journal.new(settings) }.to_not raise_error
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
context 'instance methods' do
|
21
|
+
describe '.add' do
|
22
|
+
it 'Returns hash' do
|
23
|
+
expect(journal.settings).to be_a(Hash)
|
24
|
+
end
|
25
|
+
it 'adds an entry to the journal with a data hash' do
|
26
|
+
expect(journal.add(uuid, validto, data)).to be true
|
27
|
+
end
|
28
|
+
it 'adds an entry to the journal without a data hash' do
|
29
|
+
expect(journal.add(uuid, validto)).to be true
|
30
|
+
end
|
31
|
+
it 'fail when adding two duplicate entries to the journal' do
|
32
|
+
expect(journal.add(uuid, validto, data)).to be true
|
33
|
+
expect(journal.add(uuid, validto, data)).to be false
|
34
|
+
end
|
35
|
+
it 'fail when adding an invalid UUID to the journal' do
|
36
|
+
expect(journal.add('invalid' + uuid, validto, data)).to be false
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'securerandom'
|
3
|
+
|
4
|
+
context Autosign::Token do
|
5
|
+
let(:certname) { 'host.example.com' }
|
6
|
+
let(:reusable) { false }
|
7
|
+
let(:validfor) { rand(60..604800) }
|
8
|
+
let(:requester) { 'Autosign::Token rspec_test' }
|
9
|
+
let(:secret) { 'very_secret' }
|
10
|
+
let(:token) { Autosign::Token.new(certname, reusable, validfor, requester, secret) }
|
11
|
+
let(:reusable_token) { Autosign::Token.new(certname, true, validfor, requester, secret) }
|
12
|
+
let(:signed_token) { token.sign }
|
13
|
+
let(:wildcard_signed_token) { Autosign::Token.new('/.*\.example\.com/', reusable, validfor, requester, secret).sign }
|
14
|
+
let(:expired_token) { Autosign::Token.new(certname, reusable, -1, requester, secret).sign }
|
15
|
+
let(:reconstituted_token) { Autosign::Token.from_token(signed_token, secret) }
|
16
|
+
|
17
|
+
|
18
|
+
context 'class methods' do
|
19
|
+
describe '.new' do
|
20
|
+
it 'accepts expected parameters' do
|
21
|
+
expect { Autosign::Token.new(certname, reusable, validfor, requester, secret) }.to_not raise_error
|
22
|
+
end
|
23
|
+
end
|
24
|
+
describe '.validate' do
|
25
|
+
it 'validates a previously-generated token' do
|
26
|
+
expect(Autosign::Token.validate(certname, signed_token, secret)).to be true
|
27
|
+
end
|
28
|
+
it 'validates a previously-generated wildcard token' do
|
29
|
+
expect(Autosign::Token.validate(certname, wildcard_signed_token, secret)).to be true
|
30
|
+
end
|
31
|
+
it 'does not validate a previously-generated wildcard token when it does not match the hostname' do
|
32
|
+
expect(Autosign::Token.validate('not_the_regex', wildcard_signed_token, secret)).to be false
|
33
|
+
end
|
34
|
+
it 'does not validate a token when the secret does not match' do
|
35
|
+
expect(Autosign::Token.validate(certname, signed_token, 'wrong_secret')).to be false
|
36
|
+
end
|
37
|
+
it 'does not validate a token when the certname does not match' do
|
38
|
+
expect(Autosign::Token.validate('wrong' + certname, signed_token, secret)).to be false
|
39
|
+
end
|
40
|
+
it 'does not validate an expired token' do
|
41
|
+
expect(Autosign::Token.validate(certname, expired_token, secret)).to be false
|
42
|
+
end
|
43
|
+
end
|
44
|
+
describe '.from_token' do
|
45
|
+
it 'returns an Autosign::Token instance' do
|
46
|
+
expect(Autosign::Token.from_token(signed_token, secret)).to be_a(Autosign::Token)
|
47
|
+
end
|
48
|
+
it 'has the same hash values as the original token' do
|
49
|
+
expect(reconstituted_token.to_hash).to eq(token.to_hash)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
describe '.token_validto' do
|
53
|
+
it 'returns an integer' do
|
54
|
+
expect(Autosign::Token.token_validto(signed_token, secret)).to be_an(Integer)
|
55
|
+
end
|
56
|
+
it 'returns valid POSIX time' do
|
57
|
+
expect(Time.at(Autosign::Token.token_validto(signed_token, secret))).to be_a(Time)
|
58
|
+
end
|
59
|
+
it 'returns time reasonable close to the current time' do
|
60
|
+
expect(Time.at(Autosign::Token.token_validto(signed_token, secret)).between?(Time.now, Time.now + 604801)).to be true
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
context 'instance methods' do
|
66
|
+
describe '.validto' do
|
67
|
+
it 'returns an integer' do
|
68
|
+
expect(token.validfor).to be_a(Integer)
|
69
|
+
end
|
70
|
+
it 'Returns validto time' do
|
71
|
+
expect(token.validfor).to eq(validfor)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
describe '.reusable' do
|
75
|
+
it 'returns the expected value' do
|
76
|
+
expect(token.reusable).to be(reusable)
|
77
|
+
expect(reusable_token.reusable).to be true
|
78
|
+
end
|
79
|
+
end
|
80
|
+
describe '.to_hash' do
|
81
|
+
it 'returns a hash' do
|
82
|
+
expect(token.to_hash).to be_a(Hash)
|
83
|
+
end
|
84
|
+
it 'includes the expected certname, requester, reusable, validfor, and a uuid' do
|
85
|
+
expect(token.to_hash).to include(
|
86
|
+
"certname" => eq(certname),
|
87
|
+
"requester" => eq(requester),
|
88
|
+
"reusable" => eq(reusable),
|
89
|
+
"validfor" => eq(validfor),
|
90
|
+
"uuid" => be_a(String)
|
91
|
+
)
|
92
|
+
end
|
93
|
+
end
|
94
|
+
describe '.sign' do
|
95
|
+
it 'returns a string' do
|
96
|
+
expect(token.sign).to be_a(String)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
|
101
|
+
end
|
102
|
+
end
|