rspec-ssltls 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/lib/rspec_ssltls/have_certificate.rb +24 -15
- data/lib/rspec_ssltls/version.rb +1 -1
- data/spec/rspec_ssltls/have_certificate_spec.rb +42 -17
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3acd97c78951ebb6bc4520cc7a7ca3b77c19e6c4
|
4
|
+
data.tar.gz: 58fcda42f895dbf34f023e141b2fce5c95b46cbd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 921d826cb7ca2c5083b59a913c40fbc953b22bc453a277c81ae9df78c43fccd9c9ec0266a989ecadb731e26232b566c9e5f6f5ca024f8c535893d0a88f06625f
|
7
|
+
data.tar.gz: 4f0885ddbb312f60fbea0029e1a4c30e1e5c7b52b7b635c6fff8c08b12a40ce534d0d0849cfe48aa9b213cb922f2ffe2c4238d967351d5e11a95c9098e85a47b
|
data/README.md
CHANGED
@@ -19,6 +19,7 @@ require 'spec_helper'
|
|
19
19
|
|
20
20
|
describe 'www.example.com:443' do
|
21
21
|
it { is_expected.to have_certificate.subject(CN: '*.example.com') }
|
22
|
+
it { is_expected.to have_certificate.issuer(CN: 'ca.example.org') }
|
22
23
|
it { is_expected.to support_protocol('TLSv1_2') }
|
23
24
|
it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
|
24
25
|
it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
|
@@ -16,40 +16,49 @@ RSpec::Matchers.define :have_certificate do
|
|
16
16
|
@peer_cert ? valid_cert? : false
|
17
17
|
end
|
18
18
|
|
19
|
+
chain :subject do |id|
|
20
|
+
id_chain(:subject, id)
|
21
|
+
end
|
22
|
+
|
23
|
+
chain :issuer do |id|
|
24
|
+
id_chain(:issuer, id)
|
25
|
+
end
|
26
|
+
|
19
27
|
def valid_cert?
|
20
28
|
@result_cert = {}
|
21
|
-
@result_cert.merge!(subject:
|
29
|
+
@result_cert.merge!(subject: valid_identifier?(:subject, @subject))
|
30
|
+
@result_cert.merge!(issuer: valid_identifier?(:issuer, @issuer))
|
22
31
|
@result_cert.values.all? { |r| r == true }
|
23
32
|
end
|
24
33
|
|
25
|
-
def
|
26
|
-
return true unless
|
34
|
+
def valid_identifier?(kind, id)
|
35
|
+
return true unless id
|
27
36
|
invalid = false
|
28
|
-
|
29
|
-
value = cert_value(k)
|
37
|
+
id.each_pair do |k, v|
|
38
|
+
value = cert_value(kind, k)
|
30
39
|
next if value == v
|
31
|
-
@result_string += " expected: #{k}
|
40
|
+
@result_string += " expected: #{k}=\"#{v}\"\n"
|
41
|
+
@result_string += " actual: #{k}=\"#{value}\"\n"
|
32
42
|
invalid = true
|
33
43
|
end
|
34
44
|
invalid ? false : true
|
35
45
|
end
|
36
46
|
|
37
|
-
def cert_value(key)
|
38
|
-
values = @peer_cert.
|
47
|
+
def cert_value(kind, key)
|
48
|
+
values = @peer_cert.send(kind).to_a.select do |k, _, _|
|
39
49
|
k.to_s == key.to_s
|
40
50
|
end
|
41
51
|
values.first ? values.first[1] : ''
|
42
52
|
end
|
43
53
|
|
44
|
-
|
54
|
+
def id_chain(key, id)
|
45
55
|
fail 'Argument Error. Needs hash arguments' unless
|
46
|
-
|
56
|
+
id.respond_to?(:each_pair)
|
47
57
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
end
|
58
|
+
instance_variable_set("@#{key}", id)
|
59
|
+
kv = id.each_pair.map { |k, v| "#{k}=\"#{v}\"" }.join(', ')
|
60
|
+
@chain_string =
|
61
|
+
RspecSsltls::Util.add_string(@chain_string, "#{key} #{kv}")
|
53
62
|
end
|
54
63
|
|
55
64
|
description do
|
data/lib/rspec_ssltls/version.rb
CHANGED
@@ -14,6 +14,15 @@ def stub_ssl_socket(params = nil)
|
|
14
14
|
end
|
15
15
|
|
16
16
|
# See http://www.ietf.org/rfc/rfc5280.txt 4.1.2.4
|
17
|
+
example_ca_cert_name =
|
18
|
+
OpenSSL::X509::Name.new([%w(C US),
|
19
|
+
%w(O Example\ Org.),
|
20
|
+
%w(OU Example\ Org.\ Div.),
|
21
|
+
%w(CN ca.example.org)
|
22
|
+
])
|
23
|
+
example_ca_cert = OpenSSL::X509::Certificate.new
|
24
|
+
example_ca_cert.subject = example_ca_cert_name
|
25
|
+
|
17
26
|
example_cert_name =
|
18
27
|
OpenSSL::X509::Name.new([%w(C JP),
|
19
28
|
%w(ST Tokyo),
|
@@ -23,15 +32,7 @@ example_cert_name =
|
|
23
32
|
])
|
24
33
|
example_cert = OpenSSL::X509::Certificate.new
|
25
34
|
example_cert.subject = example_cert_name
|
26
|
-
|
27
|
-
example_ca_cert_name =
|
28
|
-
OpenSSL::X509::Name.new([%w(C US),
|
29
|
-
%w(O Example\ Org.),
|
30
|
-
%w(OU Example\ Org.\ Div.),
|
31
|
-
%w(CN *.example.org)
|
32
|
-
])
|
33
|
-
example_ca_cert = OpenSSL::X509::Certificate.new
|
34
|
-
example_ca_cert.subject = example_ca_cert_name
|
35
|
+
example_cert.issuer = example_ca_cert_name
|
35
36
|
|
36
37
|
describe 'rspec-ssltls matchers' do
|
37
38
|
describe '#have_certificate' do
|
@@ -47,11 +48,10 @@ describe 'rspec-ssltls matchers' do
|
|
47
48
|
.to have_certificate.subject(CN: '*.example.com')
|
48
49
|
expect('www.example.com:443')
|
49
50
|
.to have_certificate.subject(CN: '*.example.com',
|
50
|
-
C:
|
51
|
+
C: 'JP',
|
51
52
|
ST: 'Tokyo',
|
52
|
-
O:
|
53
|
-
OU: 'Example Div.'
|
54
|
-
CN: '*.example.com'
|
53
|
+
O: 'Example Co., Ltd.',
|
54
|
+
OU: 'Example Div.'
|
55
55
|
)
|
56
56
|
expect('www.example.com:443')
|
57
57
|
.not_to have_certificate.subject(CN: 'www.example.com')
|
@@ -62,12 +62,37 @@ describe 'rspec-ssltls matchers' do
|
|
62
62
|
stub_ssl_socket(peer_cert: example_cert)
|
63
63
|
expect('www.example.com:443')
|
64
64
|
.to have_certificate.subject(CN: '*.example.com',
|
65
|
-
C:
|
65
|
+
C: 'JP',
|
66
66
|
ST: 'Tokyo',
|
67
|
-
O:
|
68
|
-
OU: 'Example Div.'
|
69
|
-
CN: '*.example.com'
|
67
|
+
O: 'Example Co., Ltd.',
|
68
|
+
OU: 'Example Div.'
|
70
69
|
)
|
71
70
|
end
|
71
|
+
|
72
|
+
it 'can evalutate having certificate issuer' do
|
73
|
+
stub_ssl_socket(peer_cert: example_cert)
|
74
|
+
expect('www.example.com:443')
|
75
|
+
.to have_certificate.issuer(CN: 'ca.example.org')
|
76
|
+
expect('www.example.com:443')
|
77
|
+
.to have_certificate.issuer(CN: 'ca.example.org',
|
78
|
+
C: 'US',
|
79
|
+
O: 'Example Org.',
|
80
|
+
OU: 'Example Org. Div.'
|
81
|
+
)
|
82
|
+
|
83
|
+
expect('www.example.com:443')
|
84
|
+
.not_to have_certificate.issuer(CN: 'www.example.org')
|
85
|
+
end
|
86
|
+
|
87
|
+
# show default description
|
88
|
+
it do
|
89
|
+
stub_ssl_socket(peer_cert: example_cert)
|
90
|
+
expect('www.example.com:443')
|
91
|
+
.to have_certificate.issuer(CN: 'ca.example.org',
|
92
|
+
C: 'US',
|
93
|
+
O: 'Example Org.',
|
94
|
+
OU: 'Example Org. Div.'
|
95
|
+
)
|
96
|
+
end
|
72
97
|
end
|
73
98
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rspec-ssltls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OTA Hiroshi
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-10-
|
11
|
+
date: 2014-10-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|