rspec-ssltls 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +9 -0
- data/lib/rspec_ssltls/have_certificate.rb +38 -0
- data/lib/rspec_ssltls/version.rb +1 -1
- data/spec/rspec_ssltls/have_certificate_spec.rb +62 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d4e6b41ab56f558b87703db57059c0f92818cf81
|
4
|
+
data.tar.gz: ff9624c700828c5840f2350ae571cffe33d7f2ca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 74a720c9dc8eb7fd047a439b1e2b653fa6c4b11836ed97d16738861b9d10e7607414b0ff323fab67e06a776ab624afe0ea2b14fe9996415e333212eb82b59e8e
|
7
|
+
data.tar.gz: 7f277309217156481b16f343d3111750f96abd6009b42fc91c6e3fffb8ed6daf5414c7d6e95249fff8581842af1737499fcb829c7594c2460683c859c2da1a87
|
data/README.md
CHANGED
@@ -21,6 +21,15 @@ describe 'www.example.com:443' do
|
|
21
21
|
it { is_expected.to have_certificate.subject(CN: '*.example.com') }
|
22
22
|
it { is_expected.to have_certificate.issuer(CN: 'ca.example.org') }
|
23
23
|
it { is_expected.to have_certificate.chain(0).subject(CN: '*.example.com') }
|
24
|
+
it do
|
25
|
+
is_expected.to have_certificate
|
26
|
+
.subject(CN: '*.example.com').valid_at('2020/09/12 19:00:05 JST')
|
27
|
+
end
|
28
|
+
it do
|
29
|
+
is_expected.to have_certificate
|
30
|
+
.subject(CN: '*.example.com')
|
31
|
+
.valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
|
32
|
+
end
|
24
33
|
it { is_expected.to support_protocol('TLSv1_2') }
|
25
34
|
it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
|
26
35
|
it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
|
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'rspec_ssltls'
|
2
2
|
require 'uri'
|
3
|
+
require 'time'
|
3
4
|
|
4
5
|
RSpec::Matchers.define :have_certificate do
|
5
6
|
match do |dest|
|
@@ -31,10 +32,25 @@ RSpec::Matchers.define :have_certificate do
|
|
31
32
|
RspecSsltls::Util.add_string(@chain_string, "chain[#{n}]")
|
32
33
|
end
|
33
34
|
|
35
|
+
chain :valid_at do |t|
|
36
|
+
@chain_string =
|
37
|
+
RspecSsltls::Util.add_string(@chain_string, "valiid at #{t}")
|
38
|
+
@t1 = t
|
39
|
+
@t2 = t
|
40
|
+
end
|
41
|
+
|
42
|
+
chain :valid_in do |t1, t2|
|
43
|
+
@chain_string = RspecSsltls::Util
|
44
|
+
.add_string(@chain_string, "valiid in #{t1} - #{t2}")
|
45
|
+
@t1 = t1
|
46
|
+
@t2 = t2
|
47
|
+
end
|
48
|
+
|
34
49
|
def valid_cert?
|
35
50
|
@result_cert = {}
|
36
51
|
@result_cert.merge!(subject: valid_identifier?(:subject, @subject))
|
37
52
|
@result_cert.merge!(issuer: valid_identifier?(:issuer, @issuer))
|
53
|
+
@result_cert.merge!(valid_in: valid_in?)
|
38
54
|
@result_cert.values.all? { |r| r == true }
|
39
55
|
end
|
40
56
|
|
@@ -68,6 +84,28 @@ RSpec::Matchers.define :have_certificate do
|
|
68
84
|
RspecSsltls::Util.add_string(@chain_string, "#{key} #{kv}", ' ')
|
69
85
|
end
|
70
86
|
|
87
|
+
def valid_in?
|
88
|
+
return true unless @t1 && @t2
|
89
|
+
fail 'Input time range is incorrect' if @t2 < @t1
|
90
|
+
parse_time
|
91
|
+
|
92
|
+
if @t1 == @t2
|
93
|
+
@result_string += " expected: valid in #{@t1} .. #{@t2}\n"
|
94
|
+
else
|
95
|
+
@result_string += " expected: valid at #{@t1}\n"
|
96
|
+
end
|
97
|
+
@result_string +=
|
98
|
+
" actual: valid in #{@peer_cert.not_before} .. #{@peer_cert.not_after}\n"
|
99
|
+
|
100
|
+
(@peer_cert.not_before..@peer_cert.not_after).cover?(@t1) &&
|
101
|
+
(@peer_cert.not_before..@peer_cert.not_after).cover?(@t2)
|
102
|
+
end
|
103
|
+
|
104
|
+
def parse_time
|
105
|
+
@t1 = Time.parse(@t1) unless @t1.respond_to?(:getutc)
|
106
|
+
@t2 = Time.parse(@t2) unless @t2.respond_to?(:getutc)
|
107
|
+
end
|
108
|
+
|
71
109
|
description do
|
72
110
|
"have a certificate#{@chain_string}"
|
73
111
|
end
|
data/lib/rspec_ssltls/version.rb
CHANGED
@@ -22,6 +22,8 @@ example_ca_cert_name =
|
|
22
22
|
])
|
23
23
|
example_ca_cert = OpenSSL::X509::Certificate.new
|
24
24
|
example_ca_cert.subject = example_ca_cert_name
|
25
|
+
example_ca_cert.not_before = Time.utc(0, 0, 0, 1, 10, 2014, nil, nil, nil, nil)
|
26
|
+
example_ca_cert.not_after = Time.utc(0, 0, 0, 1, 10, 2022, nil, nil, nil, nil)
|
25
27
|
|
26
28
|
example_cert_name =
|
27
29
|
OpenSSL::X509::Name.new([%w(C JP),
|
@@ -33,6 +35,8 @@ example_cert_name =
|
|
33
35
|
example_cert = OpenSSL::X509::Certificate.new
|
34
36
|
example_cert.subject = example_cert_name
|
35
37
|
example_cert.issuer = example_ca_cert_name
|
38
|
+
example_cert.not_before = Time.utc(5, 0, 19, 12, 9, 2014, nil, nil, nil, nil)
|
39
|
+
example_cert.not_after = Time.utc(0, 0, 0, 1, 10, 2015, nil, nil, nil, nil)
|
36
40
|
|
37
41
|
describe 'rspec-ssltls matchers' do
|
38
42
|
describe '#have_certificate' do
|
@@ -127,5 +131,63 @@ describe 'rspec-ssltls matchers' do
|
|
127
131
|
OU: 'Example Div.'
|
128
132
|
)
|
129
133
|
end
|
134
|
+
|
135
|
+
it 'can evalutate having certificate subject valid_at' do
|
136
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
137
|
+
expect('www.example.com:443').to have_certificate
|
138
|
+
.subject(CN: '*.example.com')
|
139
|
+
.valid_at('2014/10/01 09:34 JST')
|
140
|
+
|
141
|
+
expect('www.example.com:443').to have_certificate
|
142
|
+
.subject(CN: '*.example.com',
|
143
|
+
C: 'JP',
|
144
|
+
ST: 'Tokyo',
|
145
|
+
O: 'Example Co., Ltd.',
|
146
|
+
OU: 'Example Div.'
|
147
|
+
)
|
148
|
+
.valid_at('2014/10/01 09:34 JST')
|
149
|
+
expect('www.example.com:443').not_to have_certificate
|
150
|
+
.subject(CN: '*.example.com')
|
151
|
+
.valid_at('2014/09/01 12:34 JST')
|
152
|
+
end
|
153
|
+
|
154
|
+
# show default description
|
155
|
+
it do
|
156
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
157
|
+
expect('www.example.com:443').to have_certificate
|
158
|
+
.subject(CN: '*.example.com')
|
159
|
+
.valid_at('2014/10/01 09:34 JST')
|
160
|
+
end
|
161
|
+
|
162
|
+
it 'can evalutate having certificate subject valid_in' do
|
163
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
164
|
+
expect('www.example.com:443').to have_certificate
|
165
|
+
.subject(CN: '*.example.com')
|
166
|
+
.valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
|
167
|
+
|
168
|
+
expect('www.example.com:443').to have_certificate
|
169
|
+
.subject(CN: '*.example.com',
|
170
|
+
C: 'JP',
|
171
|
+
ST: 'Tokyo',
|
172
|
+
O: 'Example Co., Ltd.',
|
173
|
+
OU: 'Example Div.'
|
174
|
+
)
|
175
|
+
.valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
|
176
|
+
expect('www.example.com:443').not_to have_certificate
|
177
|
+
.subject(CN: '*.example.com')
|
178
|
+
.valid_in('2014/09/12 19:00:05 UTC', '2025/10/01 00:00:00 UTC')
|
179
|
+
expect('www.example.com:443').not_to have_certificate
|
180
|
+
.subject(CN: '*.example.com')
|
181
|
+
.valid_in(Time.parse('2014/09/12 19:00:05 UTC'),
|
182
|
+
Time.parse('2025/10/01 00:00:00 UTC'))
|
183
|
+
end
|
184
|
+
|
185
|
+
# show default description
|
186
|
+
it do
|
187
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
188
|
+
expect('www.example.com:443').to have_certificate
|
189
|
+
.subject(CN: '*.example.com')
|
190
|
+
.valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
|
191
|
+
end
|
130
192
|
end
|
131
193
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rspec-ssltls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OTA Hiroshi
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-10-
|
11
|
+
date: 2014-10-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|