rspec-ssltls 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -1
- data/lib/rspec_ssltls/have_certificate.rb +17 -2
- data/lib/rspec_ssltls/version.rb +1 -1
- data/spec/rspec_ssltls/have_certificate_spec.rb +38 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f53f243b2bc3862aad3ac2209d05e2c662b77210
|
4
|
+
data.tar.gz: 11cf15f123a76a3bf18bcd99222ac8e5ee0371a8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14e405703da16d307ad45a5a6c83973c834e14d100e063fc6588e395fab7b904511757ebd5f864155d571f26a14340d12f1956d09e9c1d7a70d11e8378adccaa
|
7
|
+
data.tar.gz: b28758a21a282f4aa6b668b3bf6704e8adf7c41bd180a3932faa178c5cb328b9ea312e4d4e01e17e73035bc5a790d8347efa240d1f21a0e0b4968decf4487b02
|
data/README.md
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
# rspec-ssltls [![Build Status](https://travis-ci.org/otahi/rspec-ssltls.png?branch=master)](https://travis-ci.org/otahi/rspec-ssltls)[![Coverage Status](https://coveralls.io/repos/otahi/rspec-ssltls/badge.png?branch=master)](https://coveralls.io/r/otahi/rspec-ssltls?branch=master)[![Code Climate](https://codeclimate.com/github/otahi/rspec-ssltls.png)](https://codeclimate.com/github/otahi/rspec-ssltls)[![Gem Version](https://badge.fury.io/rb/rspec-ssltls.png)](http://badge.fury.io/rb/rspec-ssltls)
|
2
2
|
|
3
3
|
|
4
|
-
Rspec-ssltls is an rspec plugin for easy SSL/TLS testing.
|
4
|
+
Rspec-ssltls is an rspec plugin for easy SSL/TLS testing with Ruby standard OpenSSL library.
|
5
5
|
|
6
6
|
## Usage
|
7
7
|
|
@@ -30,6 +30,10 @@ describe 'www.example.com:443' do
|
|
30
30
|
.subject(CN: '*.example.com')
|
31
31
|
.valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
|
32
32
|
end
|
33
|
+
it do
|
34
|
+
is_expected.to have_certificate
|
35
|
+
.subject(CN: '*.example.com').signature_algorithm('sha1WithRSAEncryption')
|
36
|
+
end
|
33
37
|
it { is_expected.to support_protocol('TLSv1_2') }
|
34
38
|
it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
|
35
39
|
it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
|
@@ -49,6 +53,7 @@ You can use followings for `support_protocol` and `support_cipher.protocol`:
|
|
49
53
|
|
50
54
|
You can use [ciphers](https://www.openssl.org/docs/apps/ciphers.html) for `support_cipher`.
|
51
55
|
|
56
|
+
You can use [signature algorithm](https://github.com/openssl/openssl/blob/master/crypto/objects/obj_xref.txt) for `signature_algorithm`.
|
52
57
|
|
53
58
|
## Installation
|
54
59
|
|
@@ -46,11 +46,18 @@ RSpec::Matchers.define :have_certificate do
|
|
46
46
|
@t2 = t2
|
47
47
|
end
|
48
48
|
|
49
|
+
chain :signature_algorithm do |s|
|
50
|
+
@chain_string =
|
51
|
+
RspecSsltls::Util.add_string(@chain_string, "signed with #{s}")
|
52
|
+
@signature_algorithm = s
|
53
|
+
end
|
54
|
+
|
49
55
|
def valid_cert?
|
50
56
|
@result_cert = {}
|
51
57
|
@result_cert.merge!(subject: valid_identifier?(:subject, @subject))
|
52
58
|
@result_cert.merge!(issuer: valid_identifier?(:issuer, @issuer))
|
53
59
|
@result_cert.merge!(valid_in: valid_in?)
|
60
|
+
@result_cert.merge!(signature_algorithm: valid_signature_algolithm?)
|
54
61
|
@result_cert.values.all? { |r| r == true }
|
55
62
|
end
|
56
63
|
|
@@ -94,13 +101,21 @@ RSpec::Matchers.define :have_certificate do
|
|
94
101
|
else
|
95
102
|
@result_string += " expected: valid at #{@t1}\n"
|
96
103
|
end
|
97
|
-
@result_string +=
|
98
|
-
|
104
|
+
@result_string += " actual: valid in #{@peer_cert.not_before}"
|
105
|
+
@result_string += ".. #{@peer_cert.not_after}\n"
|
99
106
|
|
100
107
|
(@peer_cert.not_before..@peer_cert.not_after).cover?(@t1) &&
|
101
108
|
(@peer_cert.not_before..@peer_cert.not_after).cover?(@t2)
|
102
109
|
end
|
103
110
|
|
111
|
+
def valid_signature_algolithm?
|
112
|
+
return true unless @signature_algorithm
|
113
|
+
@result_string += " expected: signed with #{@signature_algorithm}\n"
|
114
|
+
@result_string +=
|
115
|
+
" actual: signed with #{@peer_cert.signature_algorithm}\n"
|
116
|
+
@signature_algorithm == @peer_cert.signature_algorithm
|
117
|
+
end
|
118
|
+
|
104
119
|
def parse_time
|
105
120
|
@t1 = Time.parse(@t1) unless @t1.respond_to?(:getutc)
|
106
121
|
@t2 = Time.parse(@t2) unless @t2.respond_to?(:getutc)
|
data/lib/rspec_ssltls/version.rb
CHANGED
@@ -14,6 +14,8 @@ def stub_ssl_socket(params = nil)
|
|
14
14
|
end
|
15
15
|
|
16
16
|
# See http://www.ietf.org/rfc/rfc5280.txt 4.1.2.4
|
17
|
+
# See https://github.com/openssl/openssl/blob/master/crypto/objects/obj_xref.txt
|
18
|
+
|
17
19
|
example_ca_cert_name =
|
18
20
|
OpenSSL::X509::Name.new([%w(C US),
|
19
21
|
%w(O Example\ Org.),
|
@@ -40,12 +42,22 @@ example_cert.not_after = Time.utc(0, 0, 0, 1, 10, 2015, nil, nil, nil, nil)
|
|
40
42
|
|
41
43
|
describe 'rspec-ssltls matchers' do
|
42
44
|
describe '#have_certificate' do
|
45
|
+
before :each do
|
46
|
+
allow(example_ca_cert).to receive(:signature_algorithm)
|
47
|
+
.and_return('sha512WithRSAEncryption')
|
48
|
+
allow(example_cert).to receive(:signature_algorithm)
|
49
|
+
.and_return('sha1WithRSAEncryption')
|
50
|
+
end
|
51
|
+
|
52
|
+
## Having certificate
|
43
53
|
it 'can evalutate having certificate' do
|
44
54
|
stub_ssl_socket(peer_cert_chain: [nil])
|
45
55
|
expect('www.example.com:443').not_to have_certificate
|
46
56
|
stub_ssl_socket(peer_cert_chain: [example_cert])
|
47
57
|
expect('www.example.com:443').to have_certificate
|
48
58
|
end
|
59
|
+
|
60
|
+
## Subject
|
49
61
|
it 'can evalutate having certificate subject' do
|
50
62
|
stub_ssl_socket(peer_cert_chain: [example_cert])
|
51
63
|
expect('www.example.com:443')
|
@@ -73,6 +85,7 @@ describe 'rspec-ssltls matchers' do
|
|
73
85
|
)
|
74
86
|
end
|
75
87
|
|
88
|
+
## Issuer
|
76
89
|
it 'can evalutate having certificate issuer' do
|
77
90
|
stub_ssl_socket(peer_cert_chain: [example_cert])
|
78
91
|
expect('www.example.com:443')
|
@@ -99,6 +112,7 @@ describe 'rspec-ssltls matchers' do
|
|
99
112
|
)
|
100
113
|
end
|
101
114
|
|
115
|
+
## Chain
|
102
116
|
it 'can evalutate having certificate in chain' do
|
103
117
|
stub_ssl_socket(peer_cert_chain: [nil])
|
104
118
|
expect('www.example.com:443').not_to have_certificate.chain(0)
|
@@ -132,6 +146,7 @@ describe 'rspec-ssltls matchers' do
|
|
132
146
|
)
|
133
147
|
end
|
134
148
|
|
149
|
+
## Valid at
|
135
150
|
it 'can evalutate having certificate subject valid_at' do
|
136
151
|
stub_ssl_socket(peer_cert_chain: [example_cert])
|
137
152
|
expect('www.example.com:443').to have_certificate
|
@@ -159,6 +174,7 @@ describe 'rspec-ssltls matchers' do
|
|
159
174
|
.valid_at('2014/10/01 09:34 JST')
|
160
175
|
end
|
161
176
|
|
177
|
+
## Valid in
|
162
178
|
it 'can evalutate having certificate subject valid_in' do
|
163
179
|
stub_ssl_socket(peer_cert_chain: [example_cert])
|
164
180
|
expect('www.example.com:443').to have_certificate
|
@@ -189,5 +205,27 @@ describe 'rspec-ssltls matchers' do
|
|
189
205
|
.subject(CN: '*.example.com')
|
190
206
|
.valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
|
191
207
|
end
|
208
|
+
|
209
|
+
## Signature algolizm
|
210
|
+
it 'can evalutate certificate signature algorithm' do
|
211
|
+
stub_ssl_socket(peer_cert_chain: [example_cert, example_ca_cert])
|
212
|
+
expect('www.example.com:443').to have_certificate
|
213
|
+
.subject(CN: '*.example.com')
|
214
|
+
.signature_algorithm('sha1WithRSAEncryption')
|
215
|
+
expect('www.example.com:443').to have_certificate
|
216
|
+
.chain(1).subject(CN: 'ca.example.org')
|
217
|
+
.signature_algorithm('sha512WithRSAEncryption')
|
218
|
+
expect('www.example.com:443').not_to have_certificate
|
219
|
+
.subject(CN: '*.example.com')
|
220
|
+
.signature_algorithm('sha512WithRSAEncryption')
|
221
|
+
end
|
222
|
+
|
223
|
+
# show default description
|
224
|
+
it do
|
225
|
+
stub_ssl_socket(peer_cert_chain: [example_cert])
|
226
|
+
expect('www.example.com:443').to have_certificate
|
227
|
+
.subject(CN: '*.example.com')
|
228
|
+
.signature_algorithm('sha1WithRSAEncryption')
|
229
|
+
end
|
192
230
|
end
|
193
231
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rspec-ssltls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OTA Hiroshi
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-10-
|
11
|
+
date: 2014-10-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|