rspec-ssltls 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/lib/rspec_ssltls/have_certificate.rb +9 -2
- data/lib/rspec_ssltls/util.rb +2 -2
- data/lib/rspec_ssltls/version.rb +1 -1
- data/spec/rspec_ssltls/have_certificate_spec.rb +39 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7635f72b8316eb0801a357f252c363202ea50a8a
|
|
4
|
+
data.tar.gz: 5609957cc3fc4cb58dee2b719bce7405075e9722
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1a1e4b32a265f40da8651b5868952f27c24513a8ba8a79d522d4ecc12871cc1b15a5ee35f651ae4c94e6c9b7aecbf13dd8113ae16ab75bbb850c97b09912d931
|
|
7
|
+
data.tar.gz: fbbcaf923ef47cad4f88fd3888df07090dc9e8f129d326e5a36f6cb01822ef9acd86ce05d5c802d8e4210c8fb7149b5670a55c5bfd42686d060f9564e1f2e704
|
data/README.md
CHANGED
|
@@ -20,6 +20,7 @@ require 'spec_helper'
|
|
|
20
20
|
describe 'www.example.com:443' do
|
|
21
21
|
it { is_expected.to have_certificate.subject(CN: '*.example.com') }
|
|
22
22
|
it { is_expected.to have_certificate.issuer(CN: 'ca.example.org') }
|
|
23
|
+
it { is_expected.to have_certificate.chain(0).subject(CN: '*.example.com') }
|
|
23
24
|
it { is_expected.to support_protocol('TLSv1_2') }
|
|
24
25
|
it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
|
|
25
26
|
it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
|
|
@@ -5,13 +5,14 @@ RSpec::Matchers.define :have_certificate do
|
|
|
5
5
|
match do |dest|
|
|
6
6
|
@chain_string ||= ''
|
|
7
7
|
@result_string ||= ''
|
|
8
|
+
@chain_number ||= 0
|
|
8
9
|
uri = URI.parse('https://' + dest)
|
|
9
10
|
socket = TCPSocket.open(uri.host, uri.port)
|
|
10
11
|
ssl_context = OpenSSL::SSL::SSLContext.new
|
|
11
12
|
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
|
|
12
13
|
ssl_socket.sync_close = true
|
|
13
14
|
ssl_socket.connect
|
|
14
|
-
@peer_cert = ssl_socket.
|
|
15
|
+
@peer_cert = ssl_socket.peer_cert_chain[@chain_number]
|
|
15
16
|
ssl_socket.close
|
|
16
17
|
@peer_cert ? valid_cert? : false
|
|
17
18
|
end
|
|
@@ -24,6 +25,12 @@ RSpec::Matchers.define :have_certificate do
|
|
|
24
25
|
id_chain(:issuer, id)
|
|
25
26
|
end
|
|
26
27
|
|
|
28
|
+
chain :chain do |n|
|
|
29
|
+
@chain_number = n
|
|
30
|
+
@chain_string =
|
|
31
|
+
RspecSsltls::Util.add_string(@chain_string, "chain[#{n}]")
|
|
32
|
+
end
|
|
33
|
+
|
|
27
34
|
def valid_cert?
|
|
28
35
|
@result_cert = {}
|
|
29
36
|
@result_cert.merge!(subject: valid_identifier?(:subject, @subject))
|
|
@@ -58,7 +65,7 @@ RSpec::Matchers.define :have_certificate do
|
|
|
58
65
|
instance_variable_set("@#{key}", id)
|
|
59
66
|
kv = id.each_pair.map { |k, v| "#{k}=\"#{v}\"" }.join(', ')
|
|
60
67
|
@chain_string =
|
|
61
|
-
RspecSsltls::Util.add_string(@chain_string, "#{key} #{kv}")
|
|
68
|
+
RspecSsltls::Util.add_string(@chain_string, "#{key} #{kv}", ' ')
|
|
62
69
|
end
|
|
63
70
|
|
|
64
71
|
description do
|
data/lib/rspec_ssltls/util.rb
CHANGED
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
module RspecSsltls
|
|
3
3
|
# Utility class
|
|
4
4
|
class Util
|
|
5
|
-
def self.add_string(target, addition)
|
|
5
|
+
def self.add_string(target, addition, separator = ', ')
|
|
6
6
|
if target.nil?
|
|
7
7
|
' ' + addition
|
|
8
8
|
else
|
|
9
|
-
target +
|
|
9
|
+
target + separator + addition
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
data/lib/rspec_ssltls/version.rb
CHANGED
|
@@ -37,13 +37,13 @@ example_cert.issuer = example_ca_cert_name
|
|
|
37
37
|
describe 'rspec-ssltls matchers' do
|
|
38
38
|
describe '#have_certificate' do
|
|
39
39
|
it 'can evalutate having certificate' do
|
|
40
|
-
stub_ssl_socket(
|
|
40
|
+
stub_ssl_socket(peer_cert_chain: [nil])
|
|
41
41
|
expect('www.example.com:443').not_to have_certificate
|
|
42
|
-
stub_ssl_socket(
|
|
42
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
|
43
43
|
expect('www.example.com:443').to have_certificate
|
|
44
44
|
end
|
|
45
45
|
it 'can evalutate having certificate subject' do
|
|
46
|
-
stub_ssl_socket(
|
|
46
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
|
47
47
|
expect('www.example.com:443')
|
|
48
48
|
.to have_certificate.subject(CN: '*.example.com')
|
|
49
49
|
expect('www.example.com:443')
|
|
@@ -59,7 +59,7 @@ describe 'rspec-ssltls matchers' do
|
|
|
59
59
|
|
|
60
60
|
# show default description
|
|
61
61
|
it do
|
|
62
|
-
stub_ssl_socket(
|
|
62
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
|
63
63
|
expect('www.example.com:443')
|
|
64
64
|
.to have_certificate.subject(CN: '*.example.com',
|
|
65
65
|
C: 'JP',
|
|
@@ -70,7 +70,7 @@ describe 'rspec-ssltls matchers' do
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
it 'can evalutate having certificate issuer' do
|
|
73
|
-
stub_ssl_socket(
|
|
73
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
|
74
74
|
expect('www.example.com:443')
|
|
75
75
|
.to have_certificate.issuer(CN: 'ca.example.org')
|
|
76
76
|
expect('www.example.com:443')
|
|
@@ -86,7 +86,7 @@ describe 'rspec-ssltls matchers' do
|
|
|
86
86
|
|
|
87
87
|
# show default description
|
|
88
88
|
it do
|
|
89
|
-
stub_ssl_socket(
|
|
89
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
|
90
90
|
expect('www.example.com:443')
|
|
91
91
|
.to have_certificate.issuer(CN: 'ca.example.org',
|
|
92
92
|
C: 'US',
|
|
@@ -94,5 +94,38 @@ describe 'rspec-ssltls matchers' do
|
|
|
94
94
|
OU: 'Example Org. Div.'
|
|
95
95
|
)
|
|
96
96
|
end
|
|
97
|
+
|
|
98
|
+
it 'can evalutate having certificate in chain' do
|
|
99
|
+
stub_ssl_socket(peer_cert_chain: [nil])
|
|
100
|
+
expect('www.example.com:443').not_to have_certificate.chain(0)
|
|
101
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
|
102
|
+
expect('www.example.com:443').to have_certificate.chain(0)
|
|
103
|
+
end
|
|
104
|
+
it 'can evalutate having certificate subject in chain' do
|
|
105
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
|
106
|
+
expect('www.example.com:443')
|
|
107
|
+
.to have_certificate.chain(0).subject(CN: '*.example.com')
|
|
108
|
+
expect('www.example.com:443')
|
|
109
|
+
.to have_certificate.chain(0).subject(CN: '*.example.com',
|
|
110
|
+
C: 'JP',
|
|
111
|
+
ST: 'Tokyo',
|
|
112
|
+
O: 'Example Co., Ltd.',
|
|
113
|
+
OU: 'Example Div.'
|
|
114
|
+
)
|
|
115
|
+
expect('www.example.com:443')
|
|
116
|
+
.not_to have_certificate.chain(0).subject(CN: 'www.example.com')
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
# show default description
|
|
120
|
+
it do
|
|
121
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
|
122
|
+
expect('www.example.com:443')
|
|
123
|
+
.to have_certificate.chain(0).subject(CN: '*.example.com',
|
|
124
|
+
C: 'JP',
|
|
125
|
+
ST: 'Tokyo',
|
|
126
|
+
O: 'Example Co., Ltd.',
|
|
127
|
+
OU: 'Example Div.'
|
|
128
|
+
)
|
|
129
|
+
end
|
|
97
130
|
end
|
|
98
131
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rspec-ssltls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OTA Hiroshi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-10-
|
|
11
|
+
date: 2014-10-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|