rspec-ssltls 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ebcb1bdd6abc0edc91220ce31eadbd055d67e81d
-  data.tar.gz: bf3b5de3dcb886625cfc72ff7d79afa3cdbeaf79
+  metadata.gz: 3acd97c78951ebb6bc4520cc7a7ca3b77c19e6c4
+  data.tar.gz: 58fcda42f895dbf34f023e141b2fce5c95b46cbd
 SHA512:
-  metadata.gz: ae375ce794d0dd417f7e8608aa15cab8f4e6b44d287ed3e4cc494f8ef9bfbf4192755a1e769e4404bd0fb1d03de199b418be46d854ae827cb14068a9d627c61d
-  data.tar.gz: 4365194fedb0e6b0a77c1ee888e2419c5524dfea68c3f32c39eaadcac85ebdf1e34154e28b6027b6810eae9a334b24b5a815f43c6fac02ad898a765c7391faa3
+  metadata.gz: 921d826cb7ca2c5083b59a913c40fbc953b22bc453a277c81ae9df78c43fccd9c9ec0266a989ecadb731e26232b566c9e5f6f5ca024f8c535893d0a88f06625f
+  data.tar.gz: 4f0885ddbb312f60fbea0029e1a4c30e1e5c7b52b7b635c6fff8c08b12a40ce534d0d0849cfe48aa9b213cb922f2ffe2c4238d967351d5e11a95c9098e85a47b

data/README.md

@@ -19,6 +19,7 @@ require 'spec_helper'
 
 describe 'www.example.com:443' do
   it { is_expected.to have_certificate.subject(CN: '*.example.com') }
+  it { is_expected.to have_certificate.issuer(CN: 'ca.example.org') }
   it { is_expected.to support_protocol('TLSv1_2') }
   it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
   it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }

data/lib/rspec_ssltls/have_certificate.rb

@@ -16,40 +16,49 @@ RSpec::Matchers.define :have_certificate do
     @peer_cert ? valid_cert? : false
   end
 
+  chain :subject do |id|
+    id_chain(:subject, id)
+  end
+
+  chain :issuer do |id|
+    id_chain(:issuer, id)
+  end
+
   def valid_cert?
     @result_cert = {}
-    @result_cert.merge!(subject: valid_subject?)
+    @result_cert.merge!(subject: valid_identifier?(:subject, @subject))
+    @result_cert.merge!(issuer:  valid_identifier?(:issuer, @issuer))
     @result_cert.values.all? { |r| r == true }
   end
 
-  def valid_subject?
-    return true unless @subject
+  def valid_identifier?(kind, id)
+    return true unless id
     invalid = false
-    @subject.each_pair do |k, v|
-      value = cert_value(k)
+    id.each_pair do |k, v|
+      value = cert_value(kind, k)
       next if value == v
-      @result_string += "  expected: #{k}=#{v}\n  actual:   #{k}=#{value}\n"
+      @result_string += "  expected: #{k}=\"#{v}\"\n"
+      @result_string += "  actual:   #{k}=\"#{value}\"\n"
       invalid = true
     end
     invalid ? false : true
   end
 
-  def cert_value(key)
-    values = @peer_cert.subject.to_a.select do |k, _, _|
+  def cert_value(kind, key)
+    values = @peer_cert.send(kind).to_a.select do |k, _, _|
       k.to_s == key.to_s
     end
     values.first ? values.first[1] : ''
   end
 
-  chain :subject do |subject|
+  def id_chain(key, id)
     fail 'Argument Error. Needs hash arguments' unless
-      subject.respond_to?(:each_pair)
+      id.respond_to?(:each_pair)
 
-    @subject = subject
-    @subject.each_pair do |k, v|
-      @chain_string =
-        RspecSsltls::Util.add_string(@chain_string, "#{k}=\"#{v}\"")
-    end
+    instance_variable_set("@#{key}", id)
+    kv = id.each_pair.map { |k, v| "#{k}=\"#{v}\"" }.join(', ')
+    @chain_string =
+      RspecSsltls::Util.add_string(@chain_string, "#{key} #{kv}")
   end
 
   description do

data/lib/rspec_ssltls/version.rb

@@ -1,4 +1,4 @@
 # Easily test your SSL/TLS with RSpec.
 module RspecSsltls
-  VERSION = '0.0.2'
+  VERSION = '0.0.3'
 end

data/spec/rspec_ssltls/have_certificate_spec.rb

@@ -14,6 +14,15 @@ def stub_ssl_socket(params = nil)
 end
 
 # See http://www.ietf.org/rfc/rfc5280.txt 4.1.2.4
+example_ca_cert_name =
+  OpenSSL::X509::Name.new([%w(C US),
+                           %w(O Example\ Org.),
+                           %w(OU Example\ Org.\ Div.),
+                           %w(CN ca.example.org)
+                          ])
+example_ca_cert = OpenSSL::X509::Certificate.new
+example_ca_cert.subject = example_ca_cert_name
+
 example_cert_name =
   OpenSSL::X509::Name.new([%w(C JP),
                            %w(ST Tokyo),
@@ -23,15 +32,7 @@ example_cert_name =
                           ])
 example_cert = OpenSSL::X509::Certificate.new
 example_cert.subject = example_cert_name
-
-example_ca_cert_name =
-  OpenSSL::X509::Name.new([%w(C US),
-                           %w(O Example\ Org.),
-                           %w(OU Example\ Org.\ Div.),
-                           %w(CN *.example.org)
-                          ])
-example_ca_cert = OpenSSL::X509::Certificate.new
-example_ca_cert.subject = example_ca_cert_name
+example_cert.issuer = example_ca_cert_name
 
 describe 'rspec-ssltls matchers' do
   describe '#have_certificate' do
@@ -47,11 +48,10 @@ describe 'rspec-ssltls matchers' do
         .to have_certificate.subject(CN: '*.example.com')
       expect('www.example.com:443')
         .to have_certificate.subject(CN: '*.example.com',
-                                     C: 'JP',
+                                     C:  'JP',
                                      ST: 'Tokyo',
-                                     O: 'Example Co., Ltd.',
-                                     OU: 'Example Div.',
-                                     CN: '*.example.com'
+                                     O:  'Example Co., Ltd.',
+                                     OU: 'Example Div.'
                                      )
       expect('www.example.com:443')
         .not_to have_certificate.subject(CN: 'www.example.com')
@@ -62,12 +62,37 @@ describe 'rspec-ssltls matchers' do
       stub_ssl_socket(peer_cert: example_cert)
       expect('www.example.com:443')
         .to have_certificate.subject(CN: '*.example.com',
-                                     C: 'JP',
+                                     C:  'JP',
                                      ST: 'Tokyo',
-                                     O: 'Example Co., Ltd.',
-                                     OU: 'Example Div.',
-                                     CN: '*.example.com'
+                                     O:  'Example Co., Ltd.',
+                                     OU: 'Example Div.'
                                      )
     end
+
+    it 'can evalutate having certificate issuer' do
+      stub_ssl_socket(peer_cert: example_cert)
+      expect('www.example.com:443')
+        .to have_certificate.issuer(CN: 'ca.example.org')
+      expect('www.example.com:443')
+        .to have_certificate.issuer(CN: 'ca.example.org',
+                                    C:  'US',
+                                    O:  'Example Org.',
+                                    OU: 'Example Org. Div.'
+                                    )
+
+      expect('www.example.com:443')
+        .not_to have_certificate.issuer(CN: 'www.example.org')
+    end
+
+    # show default description
+    it do
+      stub_ssl_socket(peer_cert: example_cert)
+      expect('www.example.com:443')
+        .to have_certificate.issuer(CN: 'ca.example.org',
+                                    C:  'US',
+                                    O:  'Example Org.',
+                                    OU: 'Example Org. Div.'
+                                    )
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rspec-ssltls
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - OTA Hiroshi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-20 00:00:00.000000000 Z
+date: 2014-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec