rspec-ssltls 0.0.9 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2ebcd4b75c0a3963f4f7b3caef05d5249485723b
-  data.tar.gz: 72c2033ba56047c24061bff3e8498fadb454e9ec
+  metadata.gz: dd74365f4b4faac275c22d991e25685d8864be71
+  data.tar.gz: 41487c61568d72e48c292513e20ff18bef6fef79
 SHA512:
-  metadata.gz: c5e147adb3f08044bc1d53e931f8fdd27711c065c273f7b3d54a8b1a24b3535d086d6a47921d257171fe824e67ff417116b02a8f012f7f4f9612cc96bbb794da
-  data.tar.gz: 3fc227ae337bcd54d0e22525ffc9186a7d5e61f889dd9a0f63112b9d6b74f01763d1ddbf8f185b063d3760f2732f8581256c6e128774b4766a86f57612a94c6e
+  metadata.gz: f00e6d65c837ace2f11ecfe5dbd7f1b2143b48ab826db9ad8e877a5bac12038921fccdb25df5a1be2037209abb00c75726d6902799158fbfcdd4ac34ad2b34a2
+  data.tar.gz: 774b28f3011cc7d58c469988a9da07b3227e4d8e76d5cb9ae853268582bf717b22e00e2a1c998748fdd07fcc4e5ace3353af3bd35f702304860a868b183c915a

data/README.md

@@ -42,6 +42,11 @@ describe 'www.example.com:443' do
   it { is_expected.to support_protocol('TLSv1_2') }
   it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
   it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
+  it do
+    is_expected.to choose_cipher('DES-CBC3-SHA')
+      .protocol('TLSv1')
+      .from(['AES256-SHA', 'AES128-SHA', 'DES-CBC3-SHA'])
+  end
 end
 ```
 
@@ -56,6 +61,17 @@ describe 'www.example.com:443' do
 end
 ```
 
+You can also specify https_proxy server with `RSpec.configuration.rspec_ssltls_https_proxy`
+as global configuration.
+```
+RSpec.configuration.rspec_ssltls_https_proxy = 'http://proxy.example.com:3128'
+
+```
+or
+```
+RSpec.configuration.rspec_ssltls_https_proxy = ENV['https_proxy']
+```
+
 You can use followings for `support_protocol` and `support_cipher.protocol`:
 ```
  OpenSSL::SSL::SSLContext::METHODS

data/RELEASE_NOTES.md

@@ -0,0 +1,6 @@
+# Release Notes
+
+## v0.1.0
+
+* Add `choose_cipher` matcher #6
+* Add RSpec.configuration.rspec_ssltls_https_proxy for global configuration #5

data/lib/rspec_ssltls.rb

@@ -3,7 +3,12 @@ require 'rspec/expectations'
 require 'socket'
 require 'openssl'
 
+RSpec.configure do |c|
+  c.add_setting :rspec_ssltls_https_proxy, default: nil
+end
+
 require 'rspec_ssltls/util'
 require 'rspec_ssltls/have_certificate'
 require 'rspec_ssltls/support_protocol'
 require 'rspec_ssltls/support_cipher'
+require 'rspec_ssltls/choose_cipher'

data/lib/rspec_ssltls/choose_cipher.rb

@@ -0,0 +1,67 @@
+require 'rspec_ssltls'
+require 'uri'
+
+# See Ciphers
+# https://www.openssl.org/docs/apps/ciphers.html
+
+RSpec::Matchers.define :choose_cipher do |cipher|
+  match do |dest|
+    fail 'No Argument Error.' unless cipher
+    @protocol ||= 'SSLv23'
+    @ciphers ||= ['ALL']
+    @expected_cipher = cipher
+
+    uri = URI.parse('https://' + dest)
+
+    socket = RspecSsltls::Util.open_socket(uri, proxy: @proxy)
+    ssl_context = OpenSSL::SSL::SSLContext.new(@protocol)
+    ssl_context.ciphers = @ciphers
+    ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
+    ssl_socket.sync_close = true
+    result = false
+    begin
+      ssl_socket.connect
+      @actual_cipher = ssl_socket.cipher ? ssl_socket.cipher.first : nil
+      result = (cipher == @actual_cipher)
+      ssl_socket.close
+    ensure
+      ssl_socket && ssl_socket.close
+    end
+    result
+  end
+
+  chain :from do |ciphers|
+    @ciphers = [ciphers].flatten
+    @chain_string =
+      RspecSsltls::Util.add_string(@chain_string, "from #{@ciphers}")
+  end
+  chain :protocol do |protocol|
+    invalid_protocol = RspecSsltls::Util.invalid_ssl_tls_protocol(protocol)
+    fail "Invalid protocol.#{invalid_protocol.to_a}" if invalid_protocol
+    @protocol = [protocol].flatten.first
+    @chain_string =
+      RspecSsltls::Util.add_string(@chain_string, "on #{@protocol}")
+  end
+
+  chain :via_proxy do |proxy|
+    @proxy = proxy
+  end
+
+  description do
+    "choose cipher #{@expected_cipher}#{@chain_string}"
+  end
+
+  failure_message do
+    s  = "expected to choose cipher #{@expected_cipher}"
+    s += "#{@chain_string}, but did not."
+    s += "\n  expected: #{@expected_cipher}."
+    s +  "\n  actual:   #{@actual_cipher ? @actual_cipher : 'nil'}."
+  end
+
+  failure_message_when_negated do
+    s =  "expected not to choose cipher #{@expected_cipher}"
+    s += "#{@chain_string}, but did."
+    s += "\n  expected not: #{@expected_cipher}."
+    s +  "\n  actual:       #{@actual_cipher ? @actual_cipher : 'nil'}."
+  end
+end

data/lib/rspec_ssltls/util.rb

@@ -21,8 +21,9 @@ module RspecSsltls
     end
 
     def self.open_socket(uri, options = {})
-      if options[:proxy]
-        proxy_uri = build_uri(options[:proxy])
+      proxy = proxy_config(options)
+      if proxy
+        proxy_uri = build_uri(proxy)
         proxy_server = Net::SSH::Proxy::HTTP.new(proxy_uri.host,
                                                  proxy_uri.port,
                                                  user: proxy_uri.user,
@@ -33,6 +34,11 @@ module RspecSsltls
       end
     end
 
+    def self.proxy_config(options = {})
+      options[:proxy] ? options[:proxy] :
+        RSpec.configuration.rspec_ssltls_https_proxy
+    end
+
     def self.build_uri(source)
       if source.is_a?(String)
         source = 'http://' + source unless source.start_with?('http://')
@@ -42,6 +48,7 @@ module RspecSsltls
       end
     end
 
+    private_class_method :proxy_config
     private_class_method :build_uri
   end
 end

data/lib/rspec_ssltls/version.rb

@@ -1,4 +1,4 @@
 # Easily test your SSL/TLS with RSpec.
 module RspecSsltls
-  VERSION = '0.0.9'
+  VERSION = '0.1.0'
 end

data/spec/rspec_ssltls/choose_cipher_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+require 'rspec_ssltls'
+
+describe 'rspec-ssltls matchers' do
+  describe '#choose_cipher' do
+    it 'can evalutate choose cipher' do
+      stub_ssl_socket(cipher: ['DES-CBC3-SHA', 'TLSv1/SSLv3', 168, 168])
+      expect('www.example.com:443')
+        .to choose_cipher('DES-CBC3-SHA')
+
+      stub_ssl_socket(cipher: ['AES256-SHA', 'TLSv1/SSLv3', 168, 168])
+      expect('www.example.com:443')
+        .to choose_cipher('AES256-SHA')
+
+      stub_ssl_socket(cipher: ['AES256-SHA', 'TLSv1/SSLv3', 168, 168])
+      expect('www.example.com:443')
+        .not_to choose_cipher('DES-CBC3-SHA')
+    end
+
+    it 'can evalutate choose cipher from list' do
+      stub_ssl_socket(cipher: ['DES-CBC3-SHA', 'TLSv1/SSLv3', 168, 168])
+      expect('www.example.com:443')
+        .to choose_cipher('DES-CBC3-SHA').from(['ALL', '!EXP'])
+
+      stub_ssl_socket(cipher: ['AES256-SHA', 'TLSv1/SSLv3', 168, 168])
+      expect('www.example.com:443')
+        .not_to choose_cipher('DES-CBC3-SHA').from('ALL')
+    end
+
+    it 'can evalutate choose cipher via proxy' do
+      https_proxy = 'http://user:pass@proxy.example.com/'
+      stub_ssl_socket(cipher: ['DES-CBC3-SHA', 'TLSv1/SSLv3', 168, 168])
+      expect('www.example.com:443')
+        .to choose_cipher('DES-CBC3-SHA').via_proxy(https_proxy)
+
+      stub_ssl_socket(cipher: nil)
+      expect('www.example.com:443')
+        .not_to choose_cipher('AES256-SHA').via_proxy(https_proxy)
+    end
+
+    it 'can evalutate choose cipher specified with protocol' do
+      stub_ssl_socket(cipher: ['AES256-SHA', 'TLSv1/SSLv3', 168, 168])
+      expect('www.example.com:443')
+        .to choose_cipher('AES256-SHA').protocol('TLSv1')
+    end
+
+    # show default description
+    it do
+      stub_ssl_socket(cipher: ['DES-CBC3-SHA', 'TLSv1/SSLv3', 168, 168])
+      expect('www.example.com:443')
+        .to(choose_cipher('DES-CBC3-SHA')
+              .protocol('TLSv1')
+              .from(['AES256-SHA', 'AES128-SHA', 'DES-CBC3-SHA']))
+    end
+  end
+end

data/spec/rspec_ssltls/util_spec.rb

@@ -28,6 +28,19 @@ describe RspecSsltls::Util do
         socket = described_class.open_socket(uri, proxy: proxy_url)
         expect(socket).to eq(:direct)
       end
+      context 'when RSpec.configuration.rspec_ssltls_https_proxy is given' do
+        before :each do
+          RSpec.configuration.rspec_ssltls_https_proxy =
+            'http://proxy.example.com'
+        end
+        after :each do
+          RSpec.configuration.rspec_ssltls_https_proxy = nil
+        end
+        it 'should connect target via specified proxy server' do
+          socket = described_class.open_socket(uri, proxy: proxy_url)
+          expect(socket).to eq(:proxy)
+        end
+      end
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rspec-ssltls
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.1.0
 platform: ruby
 authors:
 - OTA Hiroshi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-26 00:00:00.000000000 Z
+date: 2015-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -122,14 +122,17 @@ files:
 - Gemfile
 - LICENSE.txt
 - README.md
+- RELEASE_NOTES.md
 - Rakefile
 - lib/rspec_ssltls.rb
+- lib/rspec_ssltls/choose_cipher.rb
 - lib/rspec_ssltls/have_certificate.rb
 - lib/rspec_ssltls/support_cipher.rb
 - lib/rspec_ssltls/support_protocol.rb
 - lib/rspec_ssltls/util.rb
 - lib/rspec_ssltls/version.rb
 - rspec-ssltls.gemspec
+- spec/rspec_ssltls/choose_cipher_spec.rb
 - spec/rspec_ssltls/have_certificate_spec.rb
 - spec/rspec_ssltls/rspec_ssltls_spec.rb
 - spec/rspec_ssltls/support_cipher_spec.rb
@@ -156,11 +159,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Easily test your SSL/TLS with RSpec.
 test_files:
+- spec/rspec_ssltls/choose_cipher_spec.rb
 - spec/rspec_ssltls/have_certificate_spec.rb
 - spec/rspec_ssltls/rspec_ssltls_spec.rb
 - spec/rspec_ssltls/support_cipher_spec.rb