autosign 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +13 -5
- data/.gitignore +5 -0
- data/.rspec +4 -0
- data/.travis.yml +7 -1
- data/Gemfile.lock +72 -19
- data/README.md +1 -1
- data/Rakefile +15 -9
- data/autosign.gemspec +13 -12
- data/lib/autosign.rb +15 -0
- data/lib/autosign/config.rb +5 -0
- data/lib/autosign/decoder.rb +7 -0
- data/lib/autosign/journal.rb +1 -1
- data/lib/autosign/token.rb +12 -1
- data/lib/autosign/validators/jwt.rb +37 -3
- data/lib/autosign/validators/multiplexer.rb +77 -28
- data/lib/autosign/validators/passwordlist.rb +49 -0
- data/lib/autosign/version.rb +1 -1
- data/spec/spec_helper.rb +102 -0
- data/spec/specs/config_spec.rb +20 -0
- data/spec/specs/decoder_spec.rb +16 -0
- data/spec/specs/journal_spec.rb +41 -0
- data/spec/specs/token_spec.rb +102 -0
- data/spec/specs/validators/jwt_spec.rb +69 -0
- data/spec/specs/validators/passwordlist_spec.rb +51 -0
- metadata +92 -59
- data/README.rdoc +0 -6
- data/autosign.rdoc +0 -5
- data/lib/autosign/logger.rb +0 -7
@@ -1,12 +1,47 @@
|
|
1
1
|
module Autosign
|
2
2
|
module Validators
|
3
|
+
|
4
|
+
# The multiplexer validator sends the same request received by the autosign
|
5
|
+
# executable to one or more external executables. The purpose is to allow
|
6
|
+
# one or more existing autosign scripts to be used in conjunction with the
|
7
|
+
# native validators implemented in this tool.
|
8
|
+
#
|
9
|
+
# @example validate autosign requests with any one of three external autosign scripts
|
10
|
+
# # In the /etc/autosign.conf file, include a section reading:
|
11
|
+
# [multiplexer]
|
12
|
+
# strategy = any
|
13
|
+
# external_policy_executable = /usr/local/bin/custom-autosigner1.sh
|
14
|
+
# external_policy_executable = /usr/local/bin/another-autosign-script.rb
|
15
|
+
# external_policy_executable = /usr/local/bin/yet-another-autosign-script.pl
|
16
|
+
# # all three scripts will be called with the same interface puppet
|
17
|
+
# # uses when an autosign policy executable is specified in the `autosign`
|
18
|
+
# # setting in the [master] section of the puppet.conf config file.
|
19
|
+
#
|
20
|
+
# @example validate autosign requests with both of two external autosign scripts
|
21
|
+
# # In the /etc/autosign.conf file, include a section reading:
|
22
|
+
# [multiplexer]
|
23
|
+
# strategy = all
|
24
|
+
# external_policy_executable = /usr/local/bin/custom-autosigner1.sh
|
25
|
+
# external_policy_executable = /usr/local/bin/another-autosign-script.rb
|
26
|
+
# # requests will only be validated by the multiplexer validator if they
|
27
|
+
# # are validated by both external policy executables.
|
3
28
|
class Multiplexer < Autosign::Validator
|
29
|
+
|
30
|
+
# set the user-friendly name of the Multiplexer validator.
|
31
|
+
# This name is used to specify that configuration should come from the
|
32
|
+
# [multiplexer] section of the autosign.conf file.
|
33
|
+
# @return [String] name of the validator
|
4
34
|
def name
|
5
35
|
"multiplexer"
|
6
36
|
end
|
7
37
|
|
8
38
|
private
|
9
39
|
|
40
|
+
# validate a CSR by passing it to each external executable
|
41
|
+
# @param token [String] not used by this validator
|
42
|
+
# @param certname [String] certname requested in the CSR
|
43
|
+
# @param raw_csr [String] X509 certificate signing request as received by the policy executable
|
44
|
+
# @return [True, False] returns true to indicate successful validation, and false to indicate failure to validate
|
10
45
|
def perform_validation(token, certname, raw_csr)
|
11
46
|
results = []
|
12
47
|
@log.debug "validating using multiplexed external executables"
|
@@ -20,45 +55,59 @@ module Autosign
|
|
20
55
|
end
|
21
56
|
|
22
57
|
|
58
|
+
# set the default validation strategy to "any", succeeding if any one
|
59
|
+
# external autosign script succeeds.
|
60
|
+
# @return [Hash] config hash to be merged in with config file settings and overrides.
|
23
61
|
def default_settings
|
24
62
|
{
|
25
63
|
'strategy' => 'any',
|
26
64
|
}
|
27
65
|
end
|
28
66
|
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
67
|
+
# given an array of booleans, check whether any or all of them are true
|
68
|
+
# depending on the strategy set in settings.
|
69
|
+
# @param array [Array] array of booleans
|
70
|
+
# @return [True, False]
|
71
|
+
def validate_using_strategy(array)
|
72
|
+
case settings['strategy']
|
73
|
+
when 'any'
|
74
|
+
@log.debug "validating using 'any' strategy"
|
75
|
+
return array.any?
|
76
|
+
when 'all'
|
77
|
+
@log.debug "validating using 'all' strategy"
|
78
|
+
return array.all?
|
79
|
+
else
|
80
|
+
@log.error "unable to validate; unknown strategy"
|
81
|
+
return false
|
82
|
+
end
|
40
83
|
end
|
41
|
-
end
|
42
84
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
85
|
+
# return an array of external policy executables in settings,
|
86
|
+
# or an empty array if none are specified.
|
87
|
+
# @return [Array] of policy executables.
|
88
|
+
def policy_executables
|
89
|
+
return [] if settings['external_policy_executable'].nil?
|
90
|
+
exec_list = settings['external_policy_executable']
|
91
|
+
return [exec_list] if exec_list.is_a?(String)
|
92
|
+
return exec_list if exec_list.is_a?(Array)
|
93
|
+
return []
|
94
|
+
end
|
50
95
|
|
51
96
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
97
|
+
# validate that settins are reasonable. Validation strategy must be
|
98
|
+
# either any or all.
|
99
|
+
# @param settings [Hash] config settings hash
|
100
|
+
# @return [True, False] true if settings validate successfully, false otherwise
|
101
|
+
def validate_settings(settings)
|
102
|
+
@log.debug "validating settings: " + settings.to_s
|
103
|
+
unless ['any', 'all'].include? settings['strategy']
|
104
|
+
@log.error "strategy setting must be set to 'any' or 'all'"
|
105
|
+
return false
|
106
|
+
end
|
58
107
|
|
59
|
-
|
60
|
-
|
61
|
-
|
108
|
+
@log.debug "done validating settings"
|
109
|
+
true
|
110
|
+
end
|
62
111
|
|
63
112
|
end
|
64
113
|
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
module Autosign
|
2
|
+
module Validators
|
3
|
+
# Validate certificate signing requests using a simple password list.
|
4
|
+
# This is not a very secure or flexible validation scheme, but is provided
|
5
|
+
# because so many existing autosign policy scripts implement it.
|
6
|
+
#
|
7
|
+
# @example validate CSRs when the challengePassword OID is set to any of "hunter2", "opensesame", or "CPE1704TKS"
|
8
|
+
# # In /etc/autosign.conf, include the following configuration:
|
9
|
+
# [password_list]
|
10
|
+
# password = hunter2
|
11
|
+
# password = opensesame
|
12
|
+
# password = CPE1704TKS
|
13
|
+
#
|
14
|
+
class Passwordlist < Autosign::Validator
|
15
|
+
def name
|
16
|
+
"password_list"
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def perform_validation(password, certname, raw_csr)
|
22
|
+
@log.debug "validating against simple password list"
|
23
|
+
@log.debug "passwords: " + settings.to_s
|
24
|
+
result = validate_password(password.to_s)
|
25
|
+
@log.debug "validation result: " + result.to_s
|
26
|
+
return result
|
27
|
+
end
|
28
|
+
|
29
|
+
def validate_password(password)
|
30
|
+
@log.debug "Checking if password list includes password"
|
31
|
+
password_list.include?(password.to_s)
|
32
|
+
end
|
33
|
+
|
34
|
+
def password_list
|
35
|
+
return [] if settings['password'].nil?
|
36
|
+
passwords = settings['password']
|
37
|
+
return [passwords] if passwords.is_a?(String)
|
38
|
+
return passwords if passwords.is_a?(Array)
|
39
|
+
return []
|
40
|
+
end
|
41
|
+
|
42
|
+
def validate_settings(settings)
|
43
|
+
@log.debug "validating settings: " + settings.to_s
|
44
|
+
true
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
data/lib/autosign/version.rb
CHANGED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'coveralls'
|
2
|
+
Coveralls.wear!
|
3
|
+
# This file was generated by the `rspec --init` command. Conventionally, all
|
4
|
+
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
5
|
+
# The generated `.rspec` file contains `--require spec_helper` which will cause
|
6
|
+
# this file to always be loaded, without a need to explicitly require it in any
|
7
|
+
# files.
|
8
|
+
#
|
9
|
+
# Given that it is always loaded, you are encouraged to keep this file as
|
10
|
+
# light-weight as possible. Requiring heavyweight dependencies from this file
|
11
|
+
# will add to the boot time of your test suite on EVERY test run, even for an
|
12
|
+
# individual file that may not need all of that loaded. Instead, consider making
|
13
|
+
# a separate helper file that requires the additional dependencies and performs
|
14
|
+
# the additional setup, and require it from the spec files that actually need
|
15
|
+
# it.
|
16
|
+
#
|
17
|
+
# The `.rspec` file also contains a few flags that are not defaults but that
|
18
|
+
# users commonly want.
|
19
|
+
#
|
20
|
+
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
21
|
+
#
|
22
|
+
require_relative "../lib/autosign"
|
23
|
+
@fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures'))
|
24
|
+
|
25
|
+
RSpec.configure do |config|
|
26
|
+
# rspec-expectations config goes here. You can use an alternate
|
27
|
+
# assertion/expectation library such as wrong or the stdlib/minitest
|
28
|
+
# assertions if you prefer.
|
29
|
+
config.expect_with :rspec do |expectations|
|
30
|
+
# This option will default to `true` in RSpec 4. It makes the `description`
|
31
|
+
# and `failure_message` of custom matchers include text for helper methods
|
32
|
+
# defined using `chain`, e.g.:
|
33
|
+
# be_bigger_than(2).and_smaller_than(4).description
|
34
|
+
# # => "be bigger than 2 and smaller than 4"
|
35
|
+
# ...rather than:
|
36
|
+
# # => "be bigger than 2"
|
37
|
+
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
38
|
+
end
|
39
|
+
|
40
|
+
# rspec-mocks config goes here. You can use an alternate test double
|
41
|
+
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
42
|
+
config.mock_with :rspec do |mocks|
|
43
|
+
# Prevents you from mocking or stubbing a method that does not exist on
|
44
|
+
# a real object. This is generally recommended, and will default to
|
45
|
+
# `true` in RSpec 4.
|
46
|
+
mocks.verify_partial_doubles = true
|
47
|
+
end
|
48
|
+
|
49
|
+
# The settings below are suggested to provide a good initial experience
|
50
|
+
# with RSpec, but feel free to customize to your heart's content.
|
51
|
+
=begin
|
52
|
+
# These two settings work together to allow you to limit a spec run
|
53
|
+
# to individual examples or groups you care about by tagging them with
|
54
|
+
# `:focus` metadata. When nothing is tagged with `:focus`, all examples
|
55
|
+
# get run.
|
56
|
+
config.filter_run :focus
|
57
|
+
config.run_all_when_everything_filtered = true
|
58
|
+
|
59
|
+
# Allows RSpec to persist some state between runs in order to support
|
60
|
+
# the `--only-failures` and `--next-failure` CLI options. We recommend
|
61
|
+
# you configure your source control system to ignore this file.
|
62
|
+
config.example_status_persistence_file_path = "spec/examples.txt"
|
63
|
+
|
64
|
+
# Limits the available syntax to the non-monkey patched syntax that is
|
65
|
+
# recommended. For more details, see:
|
66
|
+
# - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
|
67
|
+
# - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
68
|
+
# - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
|
69
|
+
config.disable_monkey_patching!
|
70
|
+
|
71
|
+
# This setting enables warnings. It's recommended, but in some cases may
|
72
|
+
# be too noisy due to issues in dependencies.
|
73
|
+
config.warnings = true
|
74
|
+
|
75
|
+
# Many RSpec users commonly either run the entire suite or an individual
|
76
|
+
# file, and it's useful to allow more verbose output when running an
|
77
|
+
# individual spec file.
|
78
|
+
if config.files_to_run.one?
|
79
|
+
# Use the documentation formatter for detailed output,
|
80
|
+
# unless a formatter has already been configured
|
81
|
+
# (e.g. via a command-line flag).
|
82
|
+
config.default_formatter = 'doc'
|
83
|
+
end
|
84
|
+
|
85
|
+
# Print the 10 slowest examples and example groups at the
|
86
|
+
# end of the spec run, to help surface which specs are running
|
87
|
+
# particularly slow.
|
88
|
+
config.profile_examples = 10
|
89
|
+
|
90
|
+
# Run specs in random order to surface order dependencies. If you find an
|
91
|
+
# order dependency and want to debug it, you can fix the order by providing
|
92
|
+
# the seed, which is printed after each run.
|
93
|
+
# --seed 1234
|
94
|
+
config.order = :random
|
95
|
+
|
96
|
+
# Seed global randomization in this process using the `--seed` CLI option.
|
97
|
+
# Setting this allows you to use `--seed` to deterministically reproduce
|
98
|
+
# test failures related to randomization by passing the same `--seed` value
|
99
|
+
# as the one that triggered the failure.
|
100
|
+
Kernel.srand config.seed
|
101
|
+
=end
|
102
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
context Autosign::Config do
|
4
|
+
describe 'basic use case' do
|
5
|
+
let(:settings) { {} }
|
6
|
+
let(:config) { Autosign::Config.new }
|
7
|
+
it 'accepts a hash as the parameter' do
|
8
|
+
expect { Autosign::Config.new(settings) }.to_not raise_error
|
9
|
+
end
|
10
|
+
it 'Returns hash' do
|
11
|
+
expect(config.settings).to be_a(Hash)
|
12
|
+
end
|
13
|
+
it 'Settings contains general section' do
|
14
|
+
expect(config.settings).to include(
|
15
|
+
'general' => be_a(Hash)
|
16
|
+
)
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
context Autosign::Decoder do
|
4
|
+
describe '.decode_csr' do
|
5
|
+
let(:csr) { File.read(File.join('fixtures', 'i-7672fe81.pem')) }
|
6
|
+
it 'Accepts a CSR as the parameter' do
|
7
|
+
expect { Autosign::Decoder.decode_csr(csr) }.to_not raise_error
|
8
|
+
end
|
9
|
+
it 'Extracts the challenge_password and common_name from a CSR' do
|
10
|
+
expect(Autosign::Decoder.decode_csr(csr)).to eq({:challenge_password=>"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJkYXRhIjoie1wiY2VydG5hbWVcIjpcImktNzY3MmZlODFcIixcInJlcXVlc3RlclwiOlwiRGFuaWVscy1NYWNCb29rLVByby0yLmxvY2FsXCIsXCJyZXVzYWJsZVwiOmZhbHNlLFwidmFsaWRmb3JcIjo5OTk5OTksXCJ1dWlkXCI6XCI0YTM2ZjA0NS1jNmNlLTRiZjYtYmEzYy02ZjNlNzhlNmI3MWNcIn0iLCJleHAiOiIxNDM3NDcwMTk2In0.OZQdenVzIxy-Is271TK0qqhKmRfqkB2Lhscsz-kIK4HQaem3Awx7zVkiCpj0_eFckgaKYNBMAdhUfIMqS3IMmw", :common_name=>"i-7672fe81"})
|
11
|
+
end
|
12
|
+
it 'Returns nil given an invalid CSR' do
|
13
|
+
expect(Autosign::Decoder.decode_csr("not_a_csr")).to be_nil
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'securerandom'
|
3
|
+
|
4
|
+
context Autosign::Journal do
|
5
|
+
let(:settings) { {'journalfile' => '/tmp/test.journal'} }
|
6
|
+
let(:journal) { Autosign::Journal.new(settings) }
|
7
|
+
let(:uuid) { SecureRandom.uuid }
|
8
|
+
let(:validto) { Time.now.to_i + 900 }
|
9
|
+
let(:data) { {'arbitrary_hey' => 'value'} }
|
10
|
+
|
11
|
+
|
12
|
+
context 'class methods' do
|
13
|
+
describe '.new' do
|
14
|
+
it 'accepts a hash as the parameter' do
|
15
|
+
expect { Autosign::Journal.new(settings) }.to_not raise_error
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
context 'instance methods' do
|
21
|
+
describe '.add' do
|
22
|
+
it 'Returns hash' do
|
23
|
+
expect(journal.settings).to be_a(Hash)
|
24
|
+
end
|
25
|
+
it 'adds an entry to the journal with a data hash' do
|
26
|
+
expect(journal.add(uuid, validto, data)).to be true
|
27
|
+
end
|
28
|
+
it 'adds an entry to the journal without a data hash' do
|
29
|
+
expect(journal.add(uuid, validto)).to be true
|
30
|
+
end
|
31
|
+
it 'fail when adding two duplicate entries to the journal' do
|
32
|
+
expect(journal.add(uuid, validto, data)).to be true
|
33
|
+
expect(journal.add(uuid, validto, data)).to be false
|
34
|
+
end
|
35
|
+
it 'fail when adding an invalid UUID to the journal' do
|
36
|
+
expect(journal.add('invalid' + uuid, validto, data)).to be false
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'securerandom'
|
3
|
+
|
4
|
+
context Autosign::Token do
|
5
|
+
let(:certname) { 'host.example.com' }
|
6
|
+
let(:reusable) { false }
|
7
|
+
let(:validfor) { rand(60..604800) }
|
8
|
+
let(:requester) { 'Autosign::Token rspec_test' }
|
9
|
+
let(:secret) { 'very_secret' }
|
10
|
+
let(:token) { Autosign::Token.new(certname, reusable, validfor, requester, secret) }
|
11
|
+
let(:reusable_token) { Autosign::Token.new(certname, true, validfor, requester, secret) }
|
12
|
+
let(:signed_token) { token.sign }
|
13
|
+
let(:wildcard_signed_token) { Autosign::Token.new('/.*\.example\.com/', reusable, validfor, requester, secret).sign }
|
14
|
+
let(:expired_token) { Autosign::Token.new(certname, reusable, -1, requester, secret).sign }
|
15
|
+
let(:reconstituted_token) { Autosign::Token.from_token(signed_token, secret) }
|
16
|
+
|
17
|
+
|
18
|
+
context 'class methods' do
|
19
|
+
describe '.new' do
|
20
|
+
it 'accepts expected parameters' do
|
21
|
+
expect { Autosign::Token.new(certname, reusable, validfor, requester, secret) }.to_not raise_error
|
22
|
+
end
|
23
|
+
end
|
24
|
+
describe '.validate' do
|
25
|
+
it 'validates a previously-generated token' do
|
26
|
+
expect(Autosign::Token.validate(certname, signed_token, secret)).to be true
|
27
|
+
end
|
28
|
+
it 'validates a previously-generated wildcard token' do
|
29
|
+
expect(Autosign::Token.validate(certname, wildcard_signed_token, secret)).to be true
|
30
|
+
end
|
31
|
+
it 'does not validate a previously-generated wildcard token when it does not match the hostname' do
|
32
|
+
expect(Autosign::Token.validate('not_the_regex', wildcard_signed_token, secret)).to be false
|
33
|
+
end
|
34
|
+
it 'does not validate a token when the secret does not match' do
|
35
|
+
expect(Autosign::Token.validate(certname, signed_token, 'wrong_secret')).to be false
|
36
|
+
end
|
37
|
+
it 'does not validate a token when the certname does not match' do
|
38
|
+
expect(Autosign::Token.validate('wrong' + certname, signed_token, secret)).to be false
|
39
|
+
end
|
40
|
+
it 'does not validate an expired token' do
|
41
|
+
expect(Autosign::Token.validate(certname, expired_token, secret)).to be false
|
42
|
+
end
|
43
|
+
end
|
44
|
+
describe '.from_token' do
|
45
|
+
it 'returns an Autosign::Token instance' do
|
46
|
+
expect(Autosign::Token.from_token(signed_token, secret)).to be_a(Autosign::Token)
|
47
|
+
end
|
48
|
+
it 'has the same hash values as the original token' do
|
49
|
+
expect(reconstituted_token.to_hash).to eq(token.to_hash)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
describe '.token_validto' do
|
53
|
+
it 'returns an integer' do
|
54
|
+
expect(Autosign::Token.token_validto(signed_token, secret)).to be_an(Integer)
|
55
|
+
end
|
56
|
+
it 'returns valid POSIX time' do
|
57
|
+
expect(Time.at(Autosign::Token.token_validto(signed_token, secret))).to be_a(Time)
|
58
|
+
end
|
59
|
+
it 'returns time reasonable close to the current time' do
|
60
|
+
expect(Time.at(Autosign::Token.token_validto(signed_token, secret)).between?(Time.now, Time.now + 604801)).to be true
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
context 'instance methods' do
|
66
|
+
describe '.validto' do
|
67
|
+
it 'returns an integer' do
|
68
|
+
expect(token.validfor).to be_a(Integer)
|
69
|
+
end
|
70
|
+
it 'Returns validto time' do
|
71
|
+
expect(token.validfor).to eq(validfor)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
describe '.reusable' do
|
75
|
+
it 'returns the expected value' do
|
76
|
+
expect(token.reusable).to be(reusable)
|
77
|
+
expect(reusable_token.reusable).to be true
|
78
|
+
end
|
79
|
+
end
|
80
|
+
describe '.to_hash' do
|
81
|
+
it 'returns a hash' do
|
82
|
+
expect(token.to_hash).to be_a(Hash)
|
83
|
+
end
|
84
|
+
it 'includes the expected certname, requester, reusable, validfor, and a uuid' do
|
85
|
+
expect(token.to_hash).to include(
|
86
|
+
"certname" => eq(certname),
|
87
|
+
"requester" => eq(requester),
|
88
|
+
"reusable" => eq(reusable),
|
89
|
+
"validfor" => eq(validfor),
|
90
|
+
"uuid" => be_a(String)
|
91
|
+
)
|
92
|
+
end
|
93
|
+
end
|
94
|
+
describe '.sign' do
|
95
|
+
it 'returns a string' do
|
96
|
+
expect(token.sign).to be_a(String)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
|
101
|
+
end
|
102
|
+
end
|