conjur-api 5.3.8.pre.194 → 5.3.8.pre.319

data/spec/api_spec.rb

@@ -1,254 +0,0 @@
-require 'spec_helper'
-require 'fakefs/spec_helpers'
-
-describe Conjur::API do
-
-  let(:account) { 'api-spec-acount' }
-  let(:remote_ip) { nil }
-  before { allow(Conjur.configuration).to receive_messages account: account }
-
-  shared_context "logged in", logged_in: true do
-    let(:login) { "bob" }
-    let(:token) { { 'data' => login, 'timestamp' => Time.now.to_s } }
-    subject(:api) { Conjur::API.new_from_token(token, remote_ip: remote_ip) }
-  end
-
-  shared_context "logged in with an API key", logged_in: :api_key do
-    include_context "logged in"
-    let(:api_key) { "theapikey" }
-    subject(:api) { Conjur::API.new_from_key(login, api_key, account: account ,remote_ip: remote_ip) }
-  end
-
-  shared_context "logged in with a token file", logged_in: :token_file do
-    include FakeFS::SpecHelpers
-    include_context "logged in"
-    let(:token_file) { "token_file" }
-    subject(:api) { Conjur::API.new_from_token_file(token_file, remote_ip: remote_ip) }
-  end
-
-  def time_travel delta
-    allow(api.authenticator).to receive(:gettime).and_wrap_original do |m|
-      m[] + delta
-    end
-    allow(api.authenticator).to receive(:monotonic_time).and_wrap_original do |m|
-      m[] + delta
-    end
-    allow(Time).to receive(:now).and_wrap_original do |m|
-      m[] + delta
-    end
-  end
-
-  describe '#token' do
-    context 'with token file available', logged_in: :token_file do
-      def write_token token
-        File.write token_file, JSON.generate(token)
-      end
-
-      before do
-        write_token token
-      end
-
-      it "reads the file to get a token" do
-        expect(api.instance_variable_get("@token")).to eq(nil)
-        expect(api.token).to eq(token)
-        expect(api.credentials).to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login })
-      end
-
-      context "after expiration" do
-        it 'it reads a new token' do
-          expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
-
-          time_travel 6.minutes
-          new_token = token.merge "timestamp" => Time.now.to_s
-          write_token new_token
-
-          expect(api.token).to eq(new_token)
-        end
-      end
-    end
-
-    context 'with API key available', logged_in: :api_key do
-      it "authenticates to get a token" do
-        expect(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return token
-
-        expect(api.instance_variable_get("@token")).to eq(nil)
-        expect(api.token).to eq(token)
-        expect(api.credentials).to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login })
-      end
-
-      context "after expiration" do
-
-        shared_examples "it gets a new token" do
-          it 'by refreshing' do
-            allow(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return token
-            expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
-
-            time_travel 6.minutes
-            new_token = token.merge "timestamp" => Time.now.to_s
-
-            expect(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return new_token
-            expect(api.token).to eq(new_token)
-          end
-        end
-
-        it_should_behave_like "it gets a new token"
-      end
-    end
-
-    context 'with no API key available', logged_in: true do
-      it "returns the token used to create it" do
-        expect(api.token).to eq token
-      end
-
-      it "doesn't try to refresh an old token" do
-        expect(Conjur::API).not_to receive :authenticate
-        api.token # vivify
-        time_travel 6.minutes
-        expect { api.token }.not_to raise_error
-      end
-    end
-  end
-
-  context "credential handling", logged_in: true do
-    context "from token" do
-      describe '#credentials' do
-        subject { super().credentials }
-        it { is_expected.to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }) }
-      end
-
-      context "with remote_ip" do
-        let(:remote_ip) { "66.0.0.1" }
-        describe '#credentials' do
-          subject { super().credentials }
-          it { is_expected.to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"", :x_forwarded_for=>"66.0.0.1" }, username: login }) }
-        end
-      end
-    end
-
-    context "from logged-in RestClient::Resource" do
-      let (:authz_header) { %Q{Token token="#{token_encoded}"} }
-      let (:priv_header) { nil }
-      let (:forwarded_for_header) { nil }
-      let (:audit_roles_header) { nil }
-      let (:audit_resources_header) { nil }
-      let (:username) { 'bob' }
-      subject { resource.conjur_api }
-
-      shared_examples "it can clone itself" do
-        it "has the authz header" do
-          expect(subject.credentials[:headers][:authorization]).to eq(authz_header)
-        end
-        it "has the username" do
-          expect(subject.credentials[:username]).to eq(username)
-        end
-      end
-
-      let(:token_encoded) { Base64.strict_encode64(token.to_json) }
-      let(:base_headers) { { authorization: authz_header } }
-      let(:headers) { base_headers }
-      let(:resource) { RestClient::Resource.new("http://example.com", { headers: headers })}
-      context 'basic functioning' do
-        it_behaves_like 'it can clone itself'
-      end
-
-      context "forwarded for" do
-        let(:forwarded_for_header) { "66.0.0.1" }
-        let(:headers) { base_headers.merge(x_forwarded_for: forwarded_for_header) }
-        it_behaves_like 'it can clone itself'
-      end
-    end
-  end
-
-  describe "#role_from_username", logged_in: true do
-    it "returns a user role when username is plain" do
-      expect(Conjur::API.role_from_username(api, "plain-username", account).id).to eq("#{account}:user:plain-username")
-    end
-
-    it "returns an appropriate role kind when username is qualified" do
-      expect(Conjur::API.role_from_username(api, "host/foo/bar", account).id).to eq("#{account}:host:foo/bar")
-    end
-  end
-
-  describe "#username" do
-    let(:jwt_payload) do
-      'eyJzdWIiOiJ1c2VyLTlhYjBiYmZiOWJlNjA5Yzk2ZjUyN2Y1YiIsImlhdCI6MTYwMzQ5MDA4MH0='
-    end
-
-    let(:jwt_header) do
-      'eyJhbGciOiJjb25qdXIub3JnL3Nsb3NpbG8vdjIiLCJraWQiOiI2MWZjOGRiZDM4MjA4NDll' \
-      'ZDI4YTZhYTAwMzFjNjM5MjkxZjJmMDQzNDVjYTU0MWI5NzUxMGQ5NjkyM2I3NDlmIn0='
-    end
-
-    let(:conjur_token) do
-      {
-        'data' => 'conjur-user-1234',
-        'timestamp' => Time.now.to_s
-      }
-    end
-
-    let(:jwt_token) do
-      {
-        'protected' => jwt_header,
-        'payload' => jwt_payload,
-      }
-    end
-
-    it "can correctly extract the username from old Conjur token" do
-      expect(Conjur::API.new_from_token(conjur_token).username).to(
-        eq('conjur-user-1234')
-      )
-    end
-
-    context 'when using JWT token' do
-      it "can correctly extract username" do
-        expect(Conjur::API.new_from_token(jwt_token).username).to(
-          eq('user-9ab0bbfb9be609c96f527f5b')
-        )
-      end
-
-      it "returns nil when JWT token has no payload field" do
-        no_payload_jwt_token = { 'protected' => jwt_header }
-        expect(Conjur::API.new_from_token(no_payload_jwt_token).username).to be_nil
-      end
-
-      it "returns nil when JWT token has no 'sub' field in payload" do
-        no_sub_token = { 'payload' => 'eyJpYXQiOjE2MDM0OTAwODB9' }
-        expect(Conjur::API.new_from_token(no_sub_token).username).to be_nil
-      end
-    end
-  end
-
-  describe "#current_role", logged_in: true do
-    context "when logged in as user" do
-      let(:login) { 'joerandom' }
-      it "returns a user role" do
-        expect(api.current_role(account).id).to eq("#{account}:user:joerandom")
-      end
-    end
-
-    context "when logged in as host" do
-      let(:host) { "somehost" }
-      let(:login) { "host/#{host}" }
-      it "returns a host role" do
-        expect(api.current_role(account).id).to eq("#{account}:host:somehost")
-      end
-    end
-  end
-
-  describe 'url escapes' do
-    let(:urls){[
-        'foo/bar@baz',
-        '/test/some group with spaces'
-    ]}
-
-    describe '#fully_escape' do
-      let(:expected){[
-        'foo%2Fbar%40baz',
-        '%2Ftest%2Fsome%20group%20with%20spaces'
-      ]}
-      it 'escapes the urls correctly' do
-        expect(urls.map{|u| Conjur::API.fully_escape u}).to eq(expected)
-      end
-    end
-  end
-end

data/spec/base_object_spec.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Conjur::BaseObject do
-
-  it "returns custom string for #inspect" do
-    id_str = 'foo:bar:baz'
-    base_obj = Conjur::BaseObject.new(Conjur::Id.new(id_str), { username: 'foo' })
-    expect(base_obj.inspect).to include("id='#{id_str}'")
-    expect(base_obj.inspect).to include(Conjur::BaseObject.name)
-  end
-end

data/spec/cert_utils_spec.rb

@@ -1,173 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::CertUtils do
-  describe '.parse_certs' do
-    let(:cert1_raw) do
-      """-----BEGIN CERTIFICATE-----
-MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
-CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
-BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
-NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
-uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
-FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
-PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
-CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
-wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
-AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
-Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
-AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
-3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
-dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
-RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
-+SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
-bGenr4vsPuSFsycM03/EcQDT
------END CERTIFICATE-----
-"""
-    end
-    let(:cert2_raw) do
-      """-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIJAJnsrJ1+j9MhMA0GCSqGSIb3DQEBCwUAMD0xETAPBgNV
-BAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDASBgNVBAMTC2N1a2Ut
-bWFzdGVyMB4XDTE1MTAwNzE2MzAwM1oXDTI1MTAwNDE2MzAwM1owPTERMA8GA1UE
-ChMIY3VjdW1iZXIxEjAQBgNVBAsTCUNvbmp1ciBDQTEUMBIGA1UEAxMLY3VrZS1t
-YXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsuZ06Ld4JDhxZ
-FcxKVxu7MTjXVv6W8pI7qFKmgr39aNqmDpKYJ1H9aM+r9zaTAeithpM4wJpVswkJ
-d0RSuKdm1LOx11yHLyZ1OvlPHFhsVWdZIQZ6R9srhPYBUCMem4sHR5IAcBBX+HkR
-35gaPYUl1uFV/9zCniekt92Kdta+it1WL7XinXTBURlhDawiD/kv1C9x6dICEJVe
-IT/jRohmqHAoM/JSOQTthaDli3Qvu5K8XAx8UXvWVmv3eStZFVDbC4ZEueRd9KAe
-4IZ5FxdpFYkPBgt2lBYeydYKRShyYrDKye1uJBDkeplNaYW4cS4mOhYuRkdKn7MH
-uY/xb1lFAgMBAAGjgYkwgYYwKQYDVR0RBCIwIIILY3VrZS1tYXN0ZXKCCWxvY2Fs
-aG9zdIIGY29uanVyMB0GA1UdDgQWBBRHpGF7aQbHdORYgQKDC2hV6NzEKzAfBgNV
-HSMEGDAWgBRHpGF7aQbHdORYgQKDC2hV6NzEKzAMBgNVHRMEBTADAQH/MAsGA1Ud
-DwQEAwIB5jANBgkqhkiG9w0BAQsFAAOCAQEAGZT9Wek1hYluIVaxu03wSKCKIJ4p
-KxTHw+mLDapg1y9t3Fa/5IQQK0Bx0xGU2qWiQKjda3vdFPJWO6l6XJvsUY5Nwtm5
-Gcsk8l3L/zWCrjrFTH3TdVad5E+DTwVhThelmEjw68AyM+WuOL61j0MItd9mLW74
-Lv2zouj9nQBdnUBHWQ0EL/9d5cfaCVu/bFlDfYt7Yj0IzXCuaWZfJeHodU1hmqVX
-BvYRjnTB2LSxfmSnkrCeFPmhE11bWVtsLIdrGIgtEMX0/s9xg58QuNnva1U3pJsW
-RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
------END CERTIFICATE-----
-"""
-    end
-
-    let(:cert1) { OpenSSL::X509::Certificate.new cert1_raw }
-    let(:cert2) { OpenSSL::X509::Certificate.new cert2_raw }
-
-    it 'parses a certificate' do
-      expect(Conjur::CertUtils.parse_certs(cert1_raw).map(&:to_der))\
-          .to eq [cert1.to_der]
-    end
-
-    it 'parses two certificates' do
-      expect(Conjur::CertUtils.parse_certs(cert1_raw + cert2_raw).map(&:to_der))\
-          .to eq [cert1.to_der, cert2.to_der]
-    end
-
-    it 'parses the certificate correctly even if the whitespace is wrong' do
-      bad_whitespace = cert1_raw.gsub "\n", " "
-      expect(Conjur::CertUtils.parse_certs(bad_whitespace).map(&:to_der))\
-          .to eq [cert1.to_der]
-    end
-
-    it 'shows a bad cert in error message' do
-      bad_cert = "-----BEGIN CERTIFICATE-----\nfoo\n-----END CERTIFICATE-----\n"
-      expect do
-        Conjur::CertUtils.parse_certs(bad_cert)
-      end.to raise_error(OpenSSL::X509::CertificateError) do |exn|
-        expect(exn.message).to include bad_cert
-      end
-    end
-  end
-
-  describe '.add_chained_cert' do
-    let(:one_certificate_chain) do
-        """-----BEGIN CERTIFICATE-----
-MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
-CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
-BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
-NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
-uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
-FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
-PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
-CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
-wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
-AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
-Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
-AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
-3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
-dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
-RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
-+SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
-bGenr4vsPuSFsycM03/EcQDT
------END CERTIFICATE-----
-"""
-    end
-
-    let(:two_certificates_chain) do
-      """-----BEGIN CERTIFICATE-----
-MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
-CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
-BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
-NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
-uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
-FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
-PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
-CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
-wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
-AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
-Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
-AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
-3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
-dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
-RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
-+SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
-bGenr4vsPuSFsycM03/EcQDT
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIJAJnsrJ1+j9MhMA0GCSqGSIb3DQEBCwUAMD0xETAPBgNV
-BAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDASBgNVBAMTC2N1a2Ut
-bWFzdGVyMB4XDTE1MTAwNzE2MzAwM1oXDTI1MTAwNDE2MzAwM1owPTERMA8GA1UE
-ChMIY3VjdW1iZXIxEjAQBgNVBAsTCUNvbmp1ciBDQTEUMBIGA1UEAxMLY3VrZS1t
-YXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsuZ06Ld4JDhxZ
-FcxKVxu7MTjXVv6W8pI7qFKmgr39aNqmDpKYJ1H9aM+r9zaTAeithpM4wJpVswkJ
-d0RSuKdm1LOx11yHLyZ1OvlPHFhsVWdZIQZ6R9srhPYBUCMem4sHR5IAcBBX+HkR
-35gaPYUl1uFV/9zCniekt92Kdta+it1WL7XinXTBURlhDawiD/kv1C9x6dICEJVe
-IT/jRohmqHAoM/JSOQTthaDli3Qvu5K8XAx8UXvWVmv3eStZFVDbC4ZEueRd9KAe
-4IZ5FxdpFYkPBgt2lBYeydYKRShyYrDKye1uJBDkeplNaYW4cS4mOhYuRkdKn7MH
-uY/xb1lFAgMBAAGjgYkwgYYwKQYDVR0RBCIwIIILY3VrZS1tYXN0ZXKCCWxvY2Fs
-aG9zdIIGY29uanVyMB0GA1UdDgQWBBRHpGF7aQbHdORYgQKDC2hV6NzEKzAfBgNV
-HSMEGDAWgBRHpGF7aQbHdORYgQKDC2hV6NzEKzAMBgNVHRMEBTADAQH/MAsGA1Ud
-DwQEAwIB5jANBgkqhkiG9w0BAQsFAAOCAQEAGZT9Wek1hYluIVaxu03wSKCKIJ4p
-KxTHw+mLDapg1y9t3Fa/5IQQK0Bx0xGU2qWiQKjda3vdFPJWO6l6XJvsUY5Nwtm5
-Gcsk8l3L/zWCrjrFTH3TdVad5E+DTwVhThelmEjw68AyM+WuOL61j0MItd9mLW74
-Lv2zouj9nQBdnUBHWQ0EL/9d5cfaCVu/bFlDfYt7Yj0IzXCuaWZfJeHodU1hmqVX
-BvYRjnTB2LSxfmSnkrCeFPmhE11bWVtsLIdrGIgtEMX0/s9xg58QuNnva1U3pJsW
-RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
------END CERTIFICATE-----
-"""
-    end
-
-    let(:store){ double('default store') }
-
-    context 'with one certificate in the chain' do
-      subject{ Conjur::CertUtils.add_chained_cert(store, one_certificate_chain) }
-
-      it 'adds one certificate to the store' do
-        expect(store).to receive(:add_cert).once
-        expect(subject).to be_truthy
-      end
-    end
-
-    context 'with two certificate in the chain' do
-      subject{ Conjur::CertUtils.add_chained_cert(store, two_certificates_chain) }
-
-      it 'adds both certificate to the store' do
-        expect(store).to receive(:add_cert).twice
-        expect(subject).to be_truthy
-      end
-    end
-
-  end
-end

data/spec/cidr_spec.rb

@@ -1,34 +0,0 @@
-require 'conjur/cidr'
-
-describe Conjur::CIDR do
-  def cidr addr
-    Conjur::CIDR.validate addr
-  end
-
-  describe '.validate' do
-    it 'rejects malformed addresses' do
-      expect { Conjur::CIDR.validate '192.0.2.2/255.255.0.255' }.to raise_error ArgumentError
-      expect { Conjur::CIDR.validate '192.0.2.2/0.255.0.0' }.to raise_error ArgumentError
-      expect { Conjur::CIDR.validate '192.0.256.2' }.to raise_error ArgumentError
-      expect { Conjur::CIDR.validate '::/:ffff:' }.to raise_error ArgumentError
-    end
-  end
-
-  describe '#prefixlen' do
-    it 'calculates prefix mask length' do
-      expected = {
-        '0.0.0.0/0' => 0,
-        '192.0.2.0/24' => 24,
-        '192.0.2.1' => 32,
-        '192.0.2.0/255.255.255.0' => 24,
-        '10.0.0.0/255.0.0.0' => 8,
-        '1234::/42' => 42,
-        '1234::/ffff::' => 16,
-        '::/::' => 0,
-      }
-      expected.each do |addr, len|
-        expect(Conjur::CIDR.validate(addr).prefixlen).to eq len
-      end
-    end
-  end
-end