ruby-sslyze 0.2.1 → 1.0.0

data/spec/xml/certinfo/certificate_validation_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/certinfo/certificate_validation'
+
+describe SSLyze::XML::Certinfo::CertificateValidation do
+  include_examples "XML specs"
+
+  subject do
+    described_class.new(xml.at('/document/results/target/certinfo/certificateValidation'))
+  end
+
+  describe "#hostname_validation" do
+    it do
+      expect(subject.hostname_validation).to be_kind_of(described_class::HostnameValidation)
+    end
+  end
+
+  describe "#each_path_validation" do
+    it "should yield successive PathValidation objects" do
+      expect { |b|
+        subject.each_path_validation(&b)
+      }.to yield_successive_args(
+        described_class::PathValidation,
+        described_class::PathValidation,
+        described_class::PathValidation,
+        described_class::PathValidation,
+        described_class::PathValidation
+      )
+    end
+  end
+
+  describe "#path_validations" do
+    subject { super().path_validations }
+
+    it do
+      expect(subject).to_not be_empty
+      expect(subject).to all(be_kind_of(described_class::PathValidation))
+    end
+  end
+end

data/spec/xml/certinfo/ocsp_stapling/ocsp_response_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/certinfo/ocsp_stapling/ocsp_response'
+
+describe SSLyze::XML::Certinfo::OCSPStapling::OCSPResponse do
+  include_examples "XML specs"
+
+  let(:xpath) { '/document/results/target/certinfo/ocspStapling/ocspResponse' }
+
+  subject { described_class.new(xml.at(xpath)) }
+
+  describe "#is_trusted_by_mozilla_ca_store?" do
+    it "should query @isTrustedByMozillaCAStore" do
+      expect(subject.is_trusted_by_mozilla_ca_store?).to be true
+    end
+  end
+
+  describe "#responder_id" do
+    let(:expected_responder_id) { '5168FF90AF0207753CCCD9656462A212B859723B' }
+
+    let(:xpath) { "#{super()}[responderID/text()='#{expected_responder_id}']" }
+
+    it "should parse the 'responderID' XML element" do
+      expect(subject.responder_id).to be == expected_responder_id
+    end
+  end
+
+  describe "#status" do
+    let(:xpath) { "#{super()}[@status='SUCCESSFUL']" }
+
+    it "should parse the status attribute" do
+      expect(subject.status).to be == :successful
+    end
+  end
+
+  describe "#successful?" do
+    context "when responseStatus is 'successful'" do
+      let(:xpath) { "#{super()}[@status='SUCCESSFUL']" }
+
+      specify { expect(subject.successful?).to be true }
+    end
+
+    context "when status is not :successful" do
+      before do
+        expect(subject).to receive(:status).and_return(:failed)
+      end
+
+      specify { expect(subject.successful?).to be false }
+    end
+  end
+
+  describe "#produced_at" do
+    let(:expected_time) { 'Feb 28 19:34:58 2018 GMT' }
+
+    let(:xpath) { "#{super()}[producedAt/text()='#{expected_time}']" }
+
+    it "should query producedAt and return a Time object" do
+      expect(subject.produced_at).to be == Time.parse(expected_time)
+    end
+  end
+end

data/spec/xml/certinfo/ocsp_stapling_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/certinfo'
+
+describe SSLyze::XML::Certinfo::OCSPStapling do
+  include_examples "XML specs"
+
+  subject do
+    described_class.new(xml.at('/document/results/target/certinfo/ocspStapling'))
+  end
+
+  describe "#ocsp_response" do
+    context "when the 'ocspResponse' element is present" do
+      subject do
+        described_class.new(xml.at('/document/results/target/certinfo/ocspStapling[ocspResponse]'))
+      end
+
+      it do
+        expect(subject.ocsp_response).to be_kind_of(described_class::OCSPResponse)
+      end
+    end
+
+    context "when the 'ocspResponse' element is missing" do
+      subject do
+        described_class.new(xml.at('/document/results/target/certinfo/ocspStapling[not(ocspResponse)]'))
+      end
+
+      it { expect(subject.ocsp_response).to be nil }
+    end
+  end
+end

data/spec/xml/certinfo/received_certificate_chain_spec.rb

@@ -0,0 +1,165 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/certinfo/received_certificate_chain'
+
+describe SSLyze::XML::Certinfo::ReceivedCertificateChain do
+  include_examples "XML specs"
+
+  let(:xpath) { '/document/results/target/certinfo/receivedCertificateChain' }
+
+  subject do
+    described_class.new(xml.at(xpath))
+  end
+
+  describe "#each_certificate" do
+    context "when 'certificate' XML children are present" do
+      let(:xpath)       { "#{super()}[certificate]" }
+      let(:xpath_count) { xml.xpath(xpath).count    }
+
+      it "should yield successive Certificate objects" do
+        expect { |b|
+          subject.each_certificate(&b)
+        }.to yield_successive_args(
+          SSLyze::XML::Certinfo::Certificate,
+          SSLyze::XML::Certinfo::Certificate
+        )
+      end
+    end
+  end
+
+  describe "#certificates" do
+    context "when 'certificate' XML children are present" do
+      let(:xpath) { "#{super()}[certificate]" }
+
+      it do
+        expect(subject.certificates).to be_a(Array).and(
+          all(be_kind_of(SSLyze::XML::Certinfo::Certificate))
+        )
+      end
+    end
+  end
+
+  describe "#leaf" do
+    context "when at least one 'certificate' XML child exists" do
+      let(:xpath) { "#{super()}[certificate]" }
+
+      it do
+        expect(subject.leaf).to be_a(SSLyze::XML::Certinfo::Certificate)
+      end
+
+      it "should select the first 'certificate' XML child" do
+        expect(subject.leaf).to be == \
+          SSLyze::XML::Certinfo::Certificate.new(xml.at("#{xpath}/certificate[1]"))
+      end
+    end
+
+    context "when no 'certificate' XML children exist" do
+      let(:xpath) { "#{super()}[not(./certificate)]" }
+
+      it do
+        pending "need an example with no 'certificate' XML children"
+
+        expect(subject.leaf).to be nil
+      end
+    end
+  end
+
+  describe "#each_intermediate" do
+    context "when there are more than two 'certificate' XML children" do
+      let(:xpath) { "#{super()}[count(certificate) > 2]" }
+      let(:xpath_count) { xml.at(xpath).xpath('certificate').count - 2 }
+
+      it "should yield the intermediate certificates" do
+        pending "<receivedCertificateChain/> always has at most two <certificate/> children"
+
+        expect { |b|
+          subject.each_intermediate(&b)
+        }.to yield_successive_args(
+          *Array.new(xpath_count,SSLyze::XML::Certinfo::Certificate)
+        )
+      end
+    end
+
+    context "when there are two or fewer 'certificate' XML children" do
+      let(:xpath) { "#{super()}[count(certificate) <= 2]" }
+
+      it "should not yield anything" do
+        expect { |b|
+          subject.each_intermediate(&b)
+        }.to_not yield_control
+      end
+    end
+  end
+
+  describe "#intermediates" do
+    context "when there are more than two 'certificate' XML children" do
+      let(:xpath) { "#{super()}[count(certificate) > 2]" }
+      let(:xpath_count) { xml.at(xpath).xpath('certificate').count - 2 }
+
+      it "should yield the intermediate certificates" do
+        pending "<receivedCertificateChain/> always has at most two <certificate/> children"
+
+        expect(subject.intermediates).to be_a(Array).and(all(be_kind_of(SSLyze::XML::Certinfo::Certificate)))
+      end
+    end
+
+    context "when there are two or fewer 'certificate' XML children" do
+      let(:xpath) { "#{super()}[count(certificate) <= 2]" }
+
+      it "should not yield anything" do
+        expect(subject.intermediates).to be_empty
+      end
+    end
+  end
+
+  describe "#root" do
+    context "when at least one 'certificate' XML child exists" do
+      let(:xpath) { "#{super()}[certificate]" }
+
+      it do
+        expect(subject.root).to be_a(SSLyze::XML::Certinfo::Certificate)
+      end
+
+      it "should select the last 'certificate' XML child" do
+        expect(subject.root).to be == \
+          SSLyze::XML::Certinfo::Certificate.new(xml.at("#{xpath}/certificate[last()]"))
+      end
+    end
+
+    context "when no 'certificate' XML children exist" do
+      let(:xpath) { "#{super()}[not(./certificate)]" }
+
+      it do
+        pending "need an example with no 'certificate' XML children"
+
+        expect(subject.root).to be nil
+      end
+    end
+  end
+
+  describe "#is_chain_order_valid?" do
+    it "should return a Boolean value" do
+      expect(subject.is_chain_order_valid?).to be(true).or(be(false))
+    end
+  end
+
+  describe "#contains_anchor_certificate?" do
+    context "when the 'containsAnchorCertificate' XML attribute is present" do
+      let(:xpath) { "#{super()}[@containsAnchorCertificate]" }
+
+      it "should return a Boolean value" do
+        expect(subject.contains_anchor_certificate?).to be(true).or(be(false))
+      end
+    end
+
+    context "when the 'containsAnchorCertificate' XML attribute is omitted" do
+      let(:xpath) { "#{super()}[not(@containsAnchorCertificate)]" }
+
+      it do
+        pending "need an example where 'containsAnchorCertificate' is missing"
+
+        expect(subject.contains_anchor_certificate?).to be nil
+      end
+    end
+  end
+end

data/spec/xml/certinfo_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/certinfo'
+
+describe SSLyze::XML::Certinfo do
+  include_examples "XML specs"
+
+  let(:xpath) { '/document/results/target/certinfo' }
+
+  subject do
+    described_class.new(xml.at(xpath))
+  end
+
+  describe "#received_certificate_chain" do
+    it "should return a ReceivedCertificateChain object" do
+      expect(subject.received_certificate_chain).to be_a(described_class::ReceivedCertificateChain)
+    end
+  end
+
+  describe "#certificate_validation" do
+    subject do
+      described_class.new(xml.at("#{xpath}[receivedCertificateChain]"))
+    end
+
+    it "should return a CertificateValidation element" do
+      expect(subject.certificate_validation).to be_kind_of(described_class::CertificateValidation)
+    end
+  end
+
+  describe "#verified_certificate_chain" do
+    it "should return the #verified_certificate_chain from within one of the #certificate_validation.path_validations" do
+      expect(subject.verified_certificate_chain).to be_kind_of(described_class::CertificateValidation::VerifiedCertificateChain)
+    end
+  end
+
+  describe "#ocsp_stapling" do
+    subject do
+      described_class.new(xml.at("#{xpath}[ocspStapling]"))
+    end
+
+    it "should return a OCSPStapling object" do
+      expect(subject.ocsp_stapling).to be_kind_of(described_class::OCSPStapling)
+    end
+  end
+end

data/spec/xml/compression/compression_method_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/compression/compression_method'
+
+describe SSLyze::XML::Compression::CompressionMethod do
+  include_examples "XML specs"
+
+  subject do
+    described_class.new(xml.at('/document/results/target/compression/compressionMethod'))
+  end
+
+  describe "#is_supported??" do
+    it "should prase the 'isSupported' attribute" do
+      expect(subject.is_supported?).to be(true).or(be(false))
+    end
+  end
+
+  describe "#type" do
+    it "should parse the 'type' attribute" do
+      expect(subject.type).to be :DEFLATE
+    end
+  end
+end

data/spec/xml/compression_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'xml/plugin_examples'
+require 'sslyze/xml/compression'
+
+describe SSLyze::XML::Compression do
+  include_examples "XML specs"
+  include_examples "Plugin element"
+
+  let(:xpath) { '/document/results/target/compression' }
+
+  subject { described_class.new(xml.at(xpath)) }
+
+  describe "#deflate" do
+    it do
+      expect(subject.deflate).to be_kind_of(described_class::CompressionMethod)
+    end
+
+    it "should parse the DEFLATE compressionMethod" do
+      expect(subject.deflate.type).to be :DEFLATE
+    end
+  end
+end

data/spec/xml/heartbleed/openssl_heartbleed_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/heartbleed/openssl_heartbleed'
+
+describe SSLyze::XML::Heartbleed::OpenSSLHeartbleed do
+  include_examples "XML specs"
+
+  subject do
+    described_class.new(xml.at('/document/results/target/heartbleed/openSslHeartbleed'))
+  end
+
+  describe "#is_vulnerable?" do
+    it "should prase the 'isVulnerable' attribute" do
+      expect(subject.is_vulnerable?).to be(true).or(be(false))
+    end
+  end
+end

data/spec/xml/heartbleed_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'xml/plugin_examples'
+require 'sslyze/xml/heartbleed'
+
+describe SSLyze::XML::Heartbleed do
+  include_examples "XML specs"
+  include_examples "Plugin element"
+
+  let(:xpath) { '/document/results/target/heartbleed' }
+
+  subject { described_class.new(xml.at(xpath)) }
+
+  describe "#openssl_heartbleed" do
+    context "when the '<openSslHeartbleed/>' XML element is present" do
+      subject do
+        described_class.new(xml.at("#{xpath}[openSslHeartbleed]"))
+      end
+
+      it do
+        expect(subject.openssl_heartbleed).to be_kind_of(described_class::OpenSSLHeartbleed)
+      end
+    end
+
+    context "when the '<openSslHeartbleed/>' XML element is missing" do
+      subject do
+        described_class.new(xml.at("#{xpath}[not(./openSslHeartbleed)]"))
+      end
+
+      it do
+        pending "need to find a host where <openSslHeartbleed/> is omitted"
+
+        expect(subject.openssl_heartbleed).to be nil
+      end
+    end
+  end
+end