rspec-ssltls 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d4e6b41ab56f558b87703db57059c0f92818cf81
-  data.tar.gz: ff9624c700828c5840f2350ae571cffe33d7f2ca
+  metadata.gz: f53f243b2bc3862aad3ac2209d05e2c662b77210
+  data.tar.gz: 11cf15f123a76a3bf18bcd99222ac8e5ee0371a8
 SHA512:
-  metadata.gz: 74a720c9dc8eb7fd047a439b1e2b653fa6c4b11836ed97d16738861b9d10e7607414b0ff323fab67e06a776ab624afe0ea2b14fe9996415e333212eb82b59e8e
-  data.tar.gz: 7f277309217156481b16f343d3111750f96abd6009b42fc91c6e3fffb8ed6daf5414c7d6e95249fff8581842af1737499fcb829c7594c2460683c859c2da1a87
+  metadata.gz: 14e405703da16d307ad45a5a6c83973c834e14d100e063fc6588e395fab7b904511757ebd5f864155d571f26a14340d12f1956d09e9c1d7a70d11e8378adccaa
+  data.tar.gz: b28758a21a282f4aa6b668b3bf6704e8adf7c41bd180a3932faa178c5cb328b9ea312e4d4e01e17e73035bc5a790d8347efa240d1f21a0e0b4968decf4487b02

data/README.md

@@ -1,7 +1,7 @@
 # rspec-ssltls [![Build Status](https://travis-ci.org/otahi/rspec-ssltls.png?branch=master)](https://travis-ci.org/otahi/rspec-ssltls)[![Coverage Status](https://coveralls.io/repos/otahi/rspec-ssltls/badge.png?branch=master)](https://coveralls.io/r/otahi/rspec-ssltls?branch=master)[![Code Climate](https://codeclimate.com/github/otahi/rspec-ssltls.png)](https://codeclimate.com/github/otahi/rspec-ssltls)[![Gem Version](https://badge.fury.io/rb/rspec-ssltls.png)](http://badge.fury.io/rb/rspec-ssltls)
 
 
-Rspec-ssltls is an rspec plugin for easy SSL/TLS testing.
+Rspec-ssltls is an rspec plugin for easy SSL/TLS testing with Ruby standard OpenSSL library.
 
 ## Usage
 
@@ -30,6 +30,10 @@ describe 'www.example.com:443' do
       .subject(CN: '*.example.com')
       .valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
   end
+  it do
+    is_expected.to have_certificate
+      .subject(CN: '*.example.com').signature_algorithm('sha1WithRSAEncryption')
+  end
   it { is_expected.to support_protocol('TLSv1_2') }
   it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
   it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
@@ -49,6 +53,7 @@ You can use followings for `support_protocol` and `support_cipher.protocol`:
 
 You can use [ciphers](https://www.openssl.org/docs/apps/ciphers.html) for `support_cipher`.
 
+You can use [signature algorithm](https://github.com/openssl/openssl/blob/master/crypto/objects/obj_xref.txt) for `signature_algorithm`.
 
 ## Installation
 

data/lib/rspec_ssltls/have_certificate.rb

@@ -46,11 +46,18 @@ RSpec::Matchers.define :have_certificate do
     @t2 = t2
   end
 
+  chain :signature_algorithm do |s|
+    @chain_string =
+      RspecSsltls::Util.add_string(@chain_string, "signed with #{s}")
+    @signature_algorithm = s
+  end
+
   def valid_cert?
     @result_cert = {}
     @result_cert.merge!(subject: valid_identifier?(:subject, @subject))
     @result_cert.merge!(issuer:  valid_identifier?(:issuer, @issuer))
     @result_cert.merge!(valid_in: valid_in?)
+    @result_cert.merge!(signature_algorithm: valid_signature_algolithm?)
     @result_cert.values.all? { |r| r == true }
   end
 
@@ -94,13 +101,21 @@ RSpec::Matchers.define :have_certificate do
     else
       @result_string += "  expected: valid at #{@t1}\n"
     end
-    @result_string +=
-      "  actual: valid in #{@peer_cert.not_before} .. #{@peer_cert.not_after}\n"
+    @result_string += "  actual:   valid in #{@peer_cert.not_before}"
+    @result_string += ".. #{@peer_cert.not_after}\n"
 
     (@peer_cert.not_before..@peer_cert.not_after).cover?(@t1) &&
       (@peer_cert.not_before..@peer_cert.not_after).cover?(@t2)
   end
 
+  def valid_signature_algolithm?
+    return true unless @signature_algorithm
+    @result_string += "  expected: signed with #{@signature_algorithm}\n"
+    @result_string +=
+      "  actual:   signed with #{@peer_cert.signature_algorithm}\n"
+    @signature_algorithm == @peer_cert.signature_algorithm
+  end
+
   def parse_time
     @t1 = Time.parse(@t1) unless @t1.respond_to?(:getutc)
     @t2 = Time.parse(@t2) unless @t2.respond_to?(:getutc)

data/lib/rspec_ssltls/version.rb

@@ -1,4 +1,4 @@
 # Easily test your SSL/TLS with RSpec.
 module RspecSsltls
-  VERSION = '0.0.5'
+  VERSION = '0.0.6'
 end

data/spec/rspec_ssltls/have_certificate_spec.rb

@@ -14,6 +14,8 @@ def stub_ssl_socket(params = nil)
 end
 
 # See http://www.ietf.org/rfc/rfc5280.txt 4.1.2.4
+# See https://github.com/openssl/openssl/blob/master/crypto/objects/obj_xref.txt
+
 example_ca_cert_name =
   OpenSSL::X509::Name.new([%w(C US),
                            %w(O Example\ Org.),
@@ -40,12 +42,22 @@ example_cert.not_after  = Time.utc(0, 0, 0, 1, 10, 2015, nil, nil, nil, nil)
 
 describe 'rspec-ssltls matchers' do
   describe '#have_certificate' do
+    before :each do
+      allow(example_ca_cert).to receive(:signature_algorithm)
+        .and_return('sha512WithRSAEncryption')
+      allow(example_cert).to receive(:signature_algorithm)
+        .and_return('sha1WithRSAEncryption')
+    end
+
+    ## Having certificate
     it 'can evalutate having certificate' do
       stub_ssl_socket(peer_cert_chain: [nil])
       expect('www.example.com:443').not_to have_certificate
       stub_ssl_socket(peer_cert_chain: [example_cert])
       expect('www.example.com:443').to have_certificate
     end
+
+    ## Subject
     it 'can evalutate having certificate subject' do
       stub_ssl_socket(peer_cert_chain: [example_cert])
       expect('www.example.com:443')
@@ -73,6 +85,7 @@ describe 'rspec-ssltls matchers' do
                                      )
     end
 
+    ## Issuer
     it 'can evalutate having certificate issuer' do
       stub_ssl_socket(peer_cert_chain: [example_cert])
       expect('www.example.com:443')
@@ -99,6 +112,7 @@ describe 'rspec-ssltls matchers' do
                                     )
     end
 
+    ## Chain
     it 'can evalutate having certificate in chain' do
       stub_ssl_socket(peer_cert_chain: [nil])
       expect('www.example.com:443').not_to have_certificate.chain(0)
@@ -132,6 +146,7 @@ describe 'rspec-ssltls matchers' do
                                               )
     end
 
+    ## Valid at
     it 'can evalutate having certificate subject valid_at' do
       stub_ssl_socket(peer_cert_chain: [example_cert])
       expect('www.example.com:443').to have_certificate
@@ -159,6 +174,7 @@ describe 'rspec-ssltls matchers' do
         .valid_at('2014/10/01 09:34 JST')
     end
 
+    ## Valid in
     it 'can evalutate having certificate subject valid_in' do
       stub_ssl_socket(peer_cert_chain: [example_cert])
       expect('www.example.com:443').to have_certificate
@@ -189,5 +205,27 @@ describe 'rspec-ssltls matchers' do
         .subject(CN: '*.example.com')
         .valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
     end
+
+    ## Signature algolizm
+    it 'can evalutate certificate signature algorithm' do
+      stub_ssl_socket(peer_cert_chain: [example_cert, example_ca_cert])
+      expect('www.example.com:443').to have_certificate
+        .subject(CN: '*.example.com')
+        .signature_algorithm('sha1WithRSAEncryption')
+      expect('www.example.com:443').to have_certificate
+        .chain(1).subject(CN: 'ca.example.org')
+        .signature_algorithm('sha512WithRSAEncryption')
+      expect('www.example.com:443').not_to have_certificate
+        .subject(CN: '*.example.com')
+        .signature_algorithm('sha512WithRSAEncryption')
+    end
+
+    # show default description
+    it do
+      stub_ssl_socket(peer_cert_chain: [example_cert])
+      expect('www.example.com:443').to have_certificate
+        .subject(CN: '*.example.com')
+        .signature_algorithm('sha1WithRSAEncryption')
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rspec-ssltls
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - OTA Hiroshi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-25 00:00:00.000000000 Z
+date: 2014-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec