conjur-api 5.2.0 → 5.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.codeclimate.yml +10 -0
- data/.github/CODEOWNERS +10 -0
- data/.github/ISSUE_TEMPLATE/bug.md +42 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +27 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +21 -0
- data/.gitignore +1 -0
- data/.gitleaks.toml +219 -0
- data/.overcommit.yml +16 -0
- data/.rubocop.yml +3 -0
- data/.rubocop_settings.yml +86 -0
- data/.rubocop_todo.yml +709 -0
- data/CHANGELOG.md +348 -173
- data/CONTRIBUTING.md +141 -0
- data/Gemfile +1 -1
- data/Jenkinsfile +27 -29
- data/LICENSE +202 -0
- data/README.md +19 -126
- data/SECURITY.md +42 -0
- data/bin/parse-changelog.sh +12 -0
- data/ci/codeclimate.dockerfile +6 -0
- data/conjur-api.gemspec +4 -1
- data/docker-compose.yml +2 -0
- data/features/authenticators.feature +33 -0
- data/features/support/env.rb +2 -0
- data/features/update_password.feature +2 -2
- data/features_v4/support/env.rb +2 -0
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/acts_as_role.rb +15 -19
- data/lib/conjur/api.rb +2 -0
- data/lib/conjur/api/authenticators.rb +35 -0
- data/lib/conjur/api/host_factories.rb +20 -19
- data/lib/conjur/{cast.rb → api/ldap_sync.rb} +14 -17
- data/lib/conjur/api/resources.rb +15 -19
- data/lib/conjur/api/router/v5.rb +39 -7
- data/lib/conjur/base_object.rb +18 -20
- data/lib/conjur/build_object.rb +19 -21
- data/lib/conjur/cert_utils.rb +16 -0
- data/lib/conjur/configuration.rb +2 -8
- data/lib/conjur/has_attributes.rb +6 -3
- data/lib/conjur/id.rb +22 -19
- data/lib/conjur/role_grant.rb +13 -18
- data/spec/api/host_factories_spec.rb +34 -0
- data/spec/base_object_spec.rb +14 -0
- data/spec/cert_utils_spec.rb +92 -0
- data/spec/id_spec.rb +29 -0
- data/spec/ldap_sync_spec.rb +21 -0
- data/spec/spec_helper.rb +3 -0
- data/spec/uri_escape_spec.rb +14 -2
- data/test.sh +23 -1
- metadata +34 -12
- data/LICENSE.md +0 -195
- data/spec/cast_spec.rb +0 -21
data/lib/conjur/base_object.rb
CHANGED
@@ -1,28 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2013-2018 CyberArk Ltd.
|
1
4
|
#
|
2
|
-
#
|
3
|
-
#
|
4
|
-
#
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
13
8
|
#
|
14
|
-
#
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
20
10
|
#
|
21
|
-
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
22
16
|
|
23
17
|
module Conjur
|
24
18
|
class BaseObject
|
25
|
-
include Cast
|
26
19
|
include QueryString
|
27
20
|
include LogSource
|
28
21
|
include BuildObject
|
@@ -31,7 +24,7 @@ module Conjur
|
|
31
24
|
attr_reader :id, :credentials
|
32
25
|
|
33
26
|
def initialize id, credentials
|
34
|
-
@id =
|
27
|
+
@id = Id.new id
|
35
28
|
@credentials = credentials
|
36
29
|
end
|
37
30
|
|
@@ -48,5 +41,10 @@ module Conjur
|
|
48
41
|
def username
|
49
42
|
credentials[:username] or raise "No username found in credentials"
|
50
43
|
end
|
44
|
+
|
45
|
+
def inspect
|
46
|
+
"<#{self.class.name} id='#{id.to_s}'>"
|
47
|
+
end
|
48
|
+
|
51
49
|
end
|
52
50
|
end
|
data/lib/conjur/build_object.rb
CHANGED
@@ -1,44 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2013-2018 CyberArk Ltd.
|
1
4
|
#
|
2
|
-
#
|
3
|
-
#
|
4
|
-
#
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
13
8
|
#
|
14
|
-
#
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
20
10
|
#
|
21
|
-
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
22
16
|
|
23
17
|
module Conjur
|
24
18
|
module BuildObject
|
25
19
|
def self.included base
|
26
20
|
base.module_eval do
|
27
|
-
extend Cast
|
28
21
|
extend ClassMethods
|
29
22
|
end
|
30
23
|
end
|
31
24
|
|
32
25
|
module ClassMethods
|
33
26
|
def build_object id, credentials, default_class:
|
34
|
-
id =
|
27
|
+
id = Id.new id
|
35
28
|
class_name = id.kind.classify.to_sym
|
29
|
+
find_class(class_name, default_class)
|
30
|
+
.new(id, credentials)
|
31
|
+
end
|
32
|
+
|
33
|
+
def find_class class_name, default_class
|
36
34
|
cls = if Conjur.constants.member?(class_name)
|
37
35
|
Conjur.const_get(class_name)
|
38
36
|
else
|
39
37
|
default_class
|
40
38
|
end
|
41
|
-
cls
|
39
|
+
cls < BaseObject ? cls : default_class
|
42
40
|
end
|
43
41
|
end
|
44
42
|
|
data/lib/conjur/cert_utils.rb
CHANGED
@@ -19,6 +19,8 @@
|
|
19
19
|
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
20
|
#
|
21
21
|
|
22
|
+
require 'openssl'
|
23
|
+
|
22
24
|
module Conjur
|
23
25
|
module CertUtils
|
24
26
|
CERT_RE = /-----BEGIN CERTIFICATE-----\n.*?\n-----END CERTIFICATE-----\n/m
|
@@ -42,6 +44,20 @@ module Conjur
|
|
42
44
|
end
|
43
45
|
end
|
44
46
|
end
|
47
|
+
|
48
|
+
# Add a certificate to a given store. If the certificate has more than
|
49
|
+
# one certificate in its chain, it will be parsed and added to the store
|
50
|
+
# one by one. This is done because `OpenSSL::X509::Store.new.add_cert`
|
51
|
+
# adds only the intermediate certificate to the store.
|
52
|
+
def add_chained_cert store, chained_cert
|
53
|
+
parse_certs(chained_cert).each do |cert|
|
54
|
+
begin
|
55
|
+
store.add_cert cert
|
56
|
+
rescue OpenSSL::X509::StoreError => ex
|
57
|
+
raise unless ex.message == 'cert already in hash table'
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
45
61
|
end
|
46
62
|
end
|
47
63
|
end
|
data/lib/conjur/configuration.rb
CHANGED
@@ -19,8 +19,8 @@
|
|
19
19
|
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
20
|
#
|
21
21
|
|
22
|
+
require 'openssl'
|
22
23
|
require 'set'
|
23
|
-
|
24
24
|
require 'conjur/cert_utils'
|
25
25
|
|
26
26
|
module Conjur
|
@@ -402,13 +402,7 @@ module Conjur
|
|
402
402
|
# @return [Boolean] whether a certificate was added to the store.
|
403
403
|
def apply_cert_config! store=OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
|
404
404
|
if ssl_certificate
|
405
|
-
CertUtils.
|
406
|
-
begin
|
407
|
-
store.add_cert cert
|
408
|
-
rescue OpenSSL::X509::StoreError => ex
|
409
|
-
raise unless ex.message == 'cert already in hash table'
|
410
|
-
end
|
411
|
-
end
|
405
|
+
CertUtils.add_chained_cert(store, ssl_certificate)
|
412
406
|
elsif cert_file
|
413
407
|
ensure_cert_readable!(cert_file)
|
414
408
|
store.add_file cert_file
|
@@ -71,11 +71,14 @@ module Conjur
|
|
71
71
|
@attributes = nil
|
72
72
|
end
|
73
73
|
|
74
|
-
|
74
|
+
def annotations
|
75
|
+
Hash[(attributes['annotations']||{}).collect {|e| [e['name'],e['value']]}]
|
76
|
+
end
|
77
|
+
|
75
78
|
protected
|
76
79
|
|
77
80
|
def annotation_value name
|
78
|
-
|
81
|
+
annotations[name]
|
79
82
|
end
|
80
83
|
|
81
84
|
# @api private
|
@@ -92,4 +95,4 @@ module Conjur
|
|
92
95
|
end
|
93
96
|
end
|
94
97
|
end
|
95
|
-
end
|
98
|
+
end
|
data/lib/conjur/id.rb
CHANGED
@@ -1,23 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2013-2018 CyberArk Ltd.
|
1
4
|
#
|
2
|
-
#
|
3
|
-
#
|
4
|
-
#
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
13
8
|
#
|
14
|
-
#
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
20
10
|
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
21
17
|
require 'conjur/escape'
|
22
18
|
|
23
19
|
module Conjur
|
@@ -28,7 +24,7 @@ module Conjur
|
|
28
24
|
attr_reader :id
|
29
25
|
|
30
26
|
def initialize id
|
31
|
-
@id = id
|
27
|
+
@id = Id.normalize id
|
32
28
|
end
|
33
29
|
|
34
30
|
# The organization account, obtained from the first component of the id.
|
@@ -56,7 +52,7 @@ module Conjur
|
|
56
52
|
# Splits the id into 3 components, and then joins them with a forward-slash `/`.
|
57
53
|
def to_url_path
|
58
54
|
id.split(':', 3)
|
59
|
-
.map(&method(:
|
55
|
+
.map(&method(:fully_escape))
|
60
56
|
.join('/')
|
61
57
|
end
|
62
58
|
|
@@ -64,5 +60,12 @@ module Conjur
|
|
64
60
|
def to_s
|
65
61
|
id
|
66
62
|
end
|
63
|
+
|
64
|
+
def self.normalize id
|
65
|
+
Array(id).join(':').tap do |id|
|
66
|
+
raise ArgumentError, "id must be fully qualified: #{id}" \
|
67
|
+
unless id =~ /.*:.*:.*/
|
68
|
+
end
|
69
|
+
end
|
67
70
|
end
|
68
71
|
end
|
data/lib/conjur/role_grant.rb
CHANGED
@@ -1,23 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2013-2018 CyberArk Ltd.
|
1
4
|
#
|
2
|
-
#
|
3
|
-
#
|
4
|
-
#
|
5
|
-
# this software and associated documentation files (the "Software"), to deal in
|
6
|
-
# the Software without restriction, including without limitation the rights to
|
7
|
-
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
-
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
-
# subject to the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be included in all
|
12
|
-
# copies or substantial portions of the Software.
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
13
8
|
#
|
14
|
-
#
|
15
|
-
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
-
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
-
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
-
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
-
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
20
10
|
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
21
17
|
module Conjur
|
22
18
|
# Represents the membership of a role. `RoleGrant`s are returned
|
23
19
|
# by {ActsAsRole#members} and represent members of the role on which the method was invoked.
|
@@ -28,7 +24,6 @@ module Conjur
|
|
28
24
|
#
|
29
25
|
class RoleGrant
|
30
26
|
extend BuildObject::ClassMethods
|
31
|
-
extend Cast
|
32
27
|
|
33
28
|
# The role which was granted.
|
34
29
|
# @return [Conjur::Role]
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
require 'conjur/api/host_factories'
|
5
|
+
|
6
|
+
describe "Conjur::API.host_factory_create_host", api: :dummy do
|
7
|
+
it "returns a Host instance correctly on v4" do
|
8
|
+
token = "host factory token"
|
9
|
+
id = "test-host"
|
10
|
+
|
11
|
+
allow(Conjur::API).to receive(:url_for)
|
12
|
+
.with(:host_factory_create_host, token).and_return(
|
13
|
+
resource = instance_double(RestClient::Resource, "hosts")
|
14
|
+
)
|
15
|
+
|
16
|
+
allow(resource).to receive(:post).with(id: id).and_return(
|
17
|
+
instance_double(RestClient::Response, "host response", body: '
|
18
|
+
{
|
19
|
+
"id": "test-host",
|
20
|
+
"userid": "hosts",
|
21
|
+
"created_at": "2015-11-13T22:57:14Z",
|
22
|
+
"ownerid": "cucumber:group:ops",
|
23
|
+
"roleid": "cucumber:host:test-host",
|
24
|
+
"resource_identifier": "cucumber:host:test-host",
|
25
|
+
"api_key": "14x82x72syhnnd1h8jj24zj1kqd2j09sjy3tddwxc35cmy5nx33ph7"
|
26
|
+
}
|
27
|
+
')
|
28
|
+
)
|
29
|
+
|
30
|
+
host = Conjur::API.host_factory_create_host token, id
|
31
|
+
|
32
|
+
expect(host).to be_a Conjur::Host
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe Conjur::BaseObject do
|
6
|
+
|
7
|
+
it "returns custom string for #inspect" do
|
8
|
+
id_str = 'foo:bar:baz'
|
9
|
+
base_obj = Conjur::BaseObject.new(Conjur::Id.new(id_str), { username: 'foo' })
|
10
|
+
expect(base_obj.inspect).to include("id='#{id_str}'")
|
11
|
+
expect(base_obj.inspect).to include(Conjur::BaseObject.name)
|
12
|
+
end
|
13
|
+
|
14
|
+
end
|
data/spec/cert_utils_spec.rb
CHANGED
@@ -78,4 +78,96 @@ RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
|
|
78
78
|
end
|
79
79
|
end
|
80
80
|
end
|
81
|
+
|
82
|
+
describe '.add_chained_cert' do
|
83
|
+
let(:one_certificate_chain) do
|
84
|
+
"""-----BEGIN CERTIFICATE-----
|
85
|
+
MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
|
86
|
+
CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
|
87
|
+
BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
|
88
|
+
NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
89
|
+
DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
|
90
|
+
uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
|
91
|
+
FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
|
92
|
+
PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
|
93
|
+
CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
|
94
|
+
wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
|
95
|
+
AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
|
96
|
+
Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
|
97
|
+
AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
|
98
|
+
3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
|
99
|
+
dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
|
100
|
+
RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
|
101
|
+
+SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
|
102
|
+
bGenr4vsPuSFsycM03/EcQDT
|
103
|
+
-----END CERTIFICATE-----
|
104
|
+
"""
|
105
|
+
end
|
106
|
+
|
107
|
+
let(:two_certificates_chain) do
|
108
|
+
"""-----BEGIN CERTIFICATE-----
|
109
|
+
MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
|
110
|
+
CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
|
111
|
+
BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
|
112
|
+
NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
113
|
+
DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
|
114
|
+
uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
|
115
|
+
FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
|
116
|
+
PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
|
117
|
+
CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
|
118
|
+
wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
|
119
|
+
AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
|
120
|
+
Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
|
121
|
+
AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
|
122
|
+
3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
|
123
|
+
dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
|
124
|
+
RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
|
125
|
+
+SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
|
126
|
+
bGenr4vsPuSFsycM03/EcQDT
|
127
|
+
-----END CERTIFICATE-----
|
128
|
+
-----BEGIN CERTIFICATE-----
|
129
|
+
MIIDhzCCAm+gAwIBAgIJAJnsrJ1+j9MhMA0GCSqGSIb3DQEBCwUAMD0xETAPBgNV
|
130
|
+
BAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDASBgNVBAMTC2N1a2Ut
|
131
|
+
bWFzdGVyMB4XDTE1MTAwNzE2MzAwM1oXDTI1MTAwNDE2MzAwM1owPTERMA8GA1UE
|
132
|
+
ChMIY3VjdW1iZXIxEjAQBgNVBAsTCUNvbmp1ciBDQTEUMBIGA1UEAxMLY3VrZS1t
|
133
|
+
YXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsuZ06Ld4JDhxZ
|
134
|
+
FcxKVxu7MTjXVv6W8pI7qFKmgr39aNqmDpKYJ1H9aM+r9zaTAeithpM4wJpVswkJ
|
135
|
+
d0RSuKdm1LOx11yHLyZ1OvlPHFhsVWdZIQZ6R9srhPYBUCMem4sHR5IAcBBX+HkR
|
136
|
+
35gaPYUl1uFV/9zCniekt92Kdta+it1WL7XinXTBURlhDawiD/kv1C9x6dICEJVe
|
137
|
+
IT/jRohmqHAoM/JSOQTthaDli3Qvu5K8XAx8UXvWVmv3eStZFVDbC4ZEueRd9KAe
|
138
|
+
4IZ5FxdpFYkPBgt2lBYeydYKRShyYrDKye1uJBDkeplNaYW4cS4mOhYuRkdKn7MH
|
139
|
+
uY/xb1lFAgMBAAGjgYkwgYYwKQYDVR0RBCIwIIILY3VrZS1tYXN0ZXKCCWxvY2Fs
|
140
|
+
aG9zdIIGY29uanVyMB0GA1UdDgQWBBRHpGF7aQbHdORYgQKDC2hV6NzEKzAfBgNV
|
141
|
+
HSMEGDAWgBRHpGF7aQbHdORYgQKDC2hV6NzEKzAMBgNVHRMEBTADAQH/MAsGA1Ud
|
142
|
+
DwQEAwIB5jANBgkqhkiG9w0BAQsFAAOCAQEAGZT9Wek1hYluIVaxu03wSKCKIJ4p
|
143
|
+
KxTHw+mLDapg1y9t3Fa/5IQQK0Bx0xGU2qWiQKjda3vdFPJWO6l6XJvsUY5Nwtm5
|
144
|
+
Gcsk8l3L/zWCrjrFTH3TdVad5E+DTwVhThelmEjw68AyM+WuOL61j0MItd9mLW74
|
145
|
+
Lv2zouj9nQBdnUBHWQ0EL/9d5cfaCVu/bFlDfYt7Yj0IzXCuaWZfJeHodU1hmqVX
|
146
|
+
BvYRjnTB2LSxfmSnkrCeFPmhE11bWVtsLIdrGIgtEMX0/s9xg58QuNnva1U3pJsW
|
147
|
+
RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
|
148
|
+
-----END CERTIFICATE-----
|
149
|
+
"""
|
150
|
+
end
|
151
|
+
|
152
|
+
let(:store){ double('default store') }
|
153
|
+
|
154
|
+
context 'with one certificate in the chain' do
|
155
|
+
subject{ Conjur::CertUtils.add_chained_cert(store, one_certificate_chain) }
|
156
|
+
|
157
|
+
it 'adds one certificate to the store' do
|
158
|
+
expect(store).to receive(:add_cert).once
|
159
|
+
expect(subject).to be_truthy
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
context 'with two certificate in the chain' do
|
164
|
+
subject{ Conjur::CertUtils.add_chained_cert(store, two_certificates_chain) }
|
165
|
+
|
166
|
+
it 'adds both certificate to the store' do
|
167
|
+
expect(store).to receive(:add_cert).twice
|
168
|
+
expect(subject).to be_truthy
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
end
|
81
173
|
end
|