serverspec 2.9.1 → 2.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8c4439d95b694703da877adf730c6245a939b938
-  data.tar.gz: f639c629ca25b75658440a7e459f54a35cd182ab
+  metadata.gz: 3de95fd810278624c77a09c3c37d29d3aed56e83
+  data.tar.gz: 45b0c8507debb6fdded5775328ad597c96805ce2
 SHA512:
-  metadata.gz: 7fa78db8973948f5cb5e4a70d8d7e86b5c71698d8297bf14d24eac7b1d37bf68ce78ee741144c2cc45b3d04773b6fd0db7766671ad4ae615f8bb5c9d46dd0ba2
-  data.tar.gz: bdc1604e7713f0684e29e085291fd1979d1d5bedbf8e3acf41b846140c34e3b90cc4735240f37f277822ee1642c34dbd678854b997264d978c001935e7bbbdc2
+  metadata.gz: 6052fbf35896911f54b900a7fcd0a82afd2d6d7517d3fa494da0a796ea1c19424efdb92170605a0b0ca5bbad00c5b02649fbb8de8098d1d1484ee4fef450da7f
+  data.tar.gz: 687347347cb1316e4a4901dfee5ab172d38a852218d4e9f1e0188b4bf112ef80ba6ded467394e6f9bd1211ddc4fc2f630db373b668debae2a051e800d2c4ee11

data/lib/serverspec/helper/type.rb

@@ -8,7 +8,7 @@ module Serverspec
         package php_config port ppa process routing_table selinux
         selinux_module service user yumrepo windows_feature
         windows_hot_fix windows_registry_key windows_scheduled_task zfs
-        docker_base docker_image docker_container
+        docker_base docker_image docker_container x509_certificate x509_private_key
       )
 
       types.each {|type| require "serverspec/type/#{type}" }

data/lib/serverspec/type/x509_certificate.rb

@@ -0,0 +1,71 @@
+require 'time'
+
+module Serverspec::Type
+  class X509Certificate < Base
+    def certificate?
+      (run_openssl_command_with("-noout").exit_status == 0)
+    end
+
+    def subject
+      run_openssl_command_with("-subject -noout").stdout.chomp.gsub(/^subject= /,'')
+    end
+
+    def issuer
+      run_openssl_command_with("-issuer -noout").stdout.chomp.gsub(/^issuer= /,'')
+    end
+
+    def email
+      run_openssl_command_with("-email -noout").stdout.chomp
+    end
+
+    def fingerprint
+      run_openssl_command_with("-fingerprint -noout").stdout.chomp
+    end
+
+    def alias
+      run_openssl_command_with("-alias -noout").stdout.chomp
+    end
+
+    def keylength
+      len_str = run_openssl_command_with("-text -noout | grep \"Public-Key\"").stdout.chomp
+      len_str.gsub(/^.*\(/,'').gsub(/ bit\)$/,'').to_i
+    end
+
+    def has_purpose?(p)
+      grep_str = "#{p} : Yes"
+      ( run_openssl_command_with("-purpose -noout | grep -wq \"#{grep_str}\"").
+          exit_status == 0 )
+    end
+
+    def valid?
+      runner_res = run_openssl_command_with("-startdate -enddate -noout")
+      return false if runner_res.exit_status != 0
+
+      date_map = parse_dates_str_to_map(runner_res.stdout)
+
+      now = Time.now
+      ( now >= date_map[:notBefore] && now <= date_map[:notAfter])
+    end
+
+    def validity_in_days
+      runner_res = run_openssl_command_with("-enddate -noout")
+      return 0 if runner_res.exit_status != 0
+
+      date_map = parse_dates_str_to_map(runner_res.stdout)
+      diff = date_map[:notAfter] - Time.now
+      ( diff/(60*60*24) )
+    end
+
+    private
+    def run_openssl_command_with(param_str)
+      @runner.run_command("openssl x509 -in #{name} #{param_str}")
+    end
+
+    def parse_dates_str_to_map(dates_str)
+      dates_str.split("\n").inject({}) do |res,line|
+        kv_arr = line.split '='
+        res.merge({ kv_arr[0].to_sym => Time.parse(kv_arr[1] || '') })
+      end
+    end
+  end
+end

data/lib/serverspec/type/x509_private_key.rb

@@ -0,0 +1,21 @@
+require 'time'
+
+module Serverspec::Type
+  class X509PrivateKey < Base
+    def valid?
+      runner_res = @runner.run_command("openssl rsa -in #{name} -check -noout")
+      ( runner_res.exit_status == 0 && runner_res.stdout.chomp == 'RSA key ok' )
+    end
+
+    def encrypted?
+      @runner.run_command("grep -wq \"^Proc-Type.*ENCRYPTED$\" #{name}").exit_status == 0
+    end
+
+    def has_matching_certificate?(cert_file)
+      mac_op = "openssl sha -sha512"
+      h1 = @runner.run_command("openssl x509 -noout -modulus -in #{cert_file} | #{mac_op}")
+      h2 = @runner.run_command("openssl rsa -noout -modulus -in #{name} | #{mac_op}")
+      (h1.stdout == h2.stdout) && (h1.exit_status == 0) && (h2.exit_status == 0)
+    end
+  end
+end

data/lib/serverspec/version.rb

@@ -1,3 +1,3 @@
 module Serverspec
-  VERSION = "2.9.1"
+  VERSION = "2.10.0"
 end

data/spec/type/linux/x509_certificate_spec.rb

@@ -0,0 +1,62 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe x509_certificate('test.pem') do
+  let(:exit_status) { 0 }
+  it { should be_certificate }
+end
+
+describe x509_certificate('test.pem') do
+  let(:exit_status) { 1 }
+  it { should_not be_certificate }
+end
+
+describe x509_certificate('test.pem') do
+  let(:stdout) { sample_subj }
+  its(:subject) { should eq '/O=some/OU=thing' }
+end
+
+describe x509_certificate('test.pem') do
+  let(:stdout) { sample_issuer }
+  its(:issuer) { should eq '/O=some/OU=issuer' }
+end
+
+describe x509_certificate('test.pem') do
+  let(:stdout) { sample_validity }
+  it { should be_valid }
+  its(:validity_in_days) { should be >= 1000 }
+end
+
+describe x509_certificate('test.pem') do
+  let(:stdout) { sample_validity2 }
+  it { should_not be_valid }
+end
+
+
+def sample_subj
+  <<'EOS'
+subject= /O=some/OU=thing
+EOS
+end
+
+def sample_issuer
+  <<'EOS'
+issuer= /O=some/OU=issuer
+EOS
+end
+
+def sample_validity
+  <<'EOS'
+notBefore=Jul  1 11:11:00 2000 GMT
+notAfter=Jul  1 11:11:00 2050 GMT
+EOS
+end
+
+def sample_validity2
+  <<'EOS'
+notBefore=Jul  1 11:11:00 2000 GMT
+notAfter=Jul  1 11:11:00 2010 GMT
+EOS
+end
+

data/spec/type/linux/x509_private_key_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+set :os, :family => 'linux'
+
+describe x509_private_key('key.pem') do
+  let(:exit_status) { 0 }
+  let(:stdout) { 'RSA key ok' }
+  it { should be_valid }
+end
+
+describe x509_private_key('key.pem') do
+  let(:exit_status) { 1 }
+  let(:stdout) { 'RSA key ok' }
+  it { should_not be_valid }
+end
+
+describe x509_private_key('key.pem') do
+  let(:exit_status) { 0 }
+  it { should be_encrypted }
+end
+
+describe x509_private_key('key.pem') do
+  let(:exit_status) { 1 }
+  it { should_not be_encrypted }
+end
+
+describe x509_private_key('key.pem') do
+  let(:exit_status) { 0 }
+  let(:stdout) { 'SHA1SUM' }
+  it { should have_matching_certificate('cert.pem') }
+end

data/wercker.yml

@@ -1,74 +1,12 @@
 box: mizzy/serverspec-base@0.0.6
 build:
   steps:
-    - script:
-        name: Make $HOME/.ssh directory
-        code: mkdir -p $HOME/.ssh
-    - create-file:
-        name: Put SSH public key
-        filename: $HOME/.ssh/id_rsa.pub
-        overwrite: true
-        hide-from-log: true
-        content: $DIGITALOCEAN_SSH_KEY_PUBLIC
-    - create-file:
-        name: Put SSH private key
-        filename: $HOME/.ssh/id_rsa
-        overwrite: true
-        hide-from-log: true
-        content: $DIGITALOCEAN_SSH_KEY_PRIVATE
-    - script:
-        name: Run chmod 0400 $HOME/.ssh/id_rsa
-        code: chmod 0400 $HOME/.ssh/id_rsa
     - script:
         name: Run setup.sh
         code: $WORKING_DIR/setup.sh
     - script:
-        name: Run vagrant up centos65
-        code: vagrant up centos65 --provider=digital_ocean
-        cwd: $WORKING_DIR
-    - script:
-        name: Run itamae
-        code: bundle exec itamae ssh --host centos65 --vagrant recipe.rb
-        cwd: $WORKING_DIR
-    - script:
-        name: Run vagrant reload centos65
-        code: vagrant reload centos65
-        cwd: $WORKING_DIR
-    - script:
-        name: Run rake spec:centos65
-        code: DIGITALOCEAN=true rake spec:centos65
-        cwd: $WORKING_DIR
-    - script:
-        name: Run vagrant up centos70
-        code: vagrant up centos70 --provider=digital_ocean
-        cwd: $WORKING_DIR
-    - script:
-        name: Run itamae
-        code: bundle exec itamae ssh --host centos70 --vagrant recipe.rb
-        cwd: $WORKING_DIR
-    - script:
-        name: Run vagrant reload centos70
-        code: vagrant reload centos70
-        cwd: $WORKING_DIR
-    - script:
-        name: Run rake spec:centos70
-        code: DIGITALOCEAN=true rake spec:centos70
-        cwd: $WORKING_DIR
-    - script:
-        name: Run vagrant up ubuntu1404
-        code: vagrant up ubuntu1404 --provider=digital_ocean
-        cwd: $WORKING_DIR
-    - script:
-        name: Run itamae
-        code: bundle exec itamae ssh --host ubuntu1404 --vagrant recipe.rb
-        cwd: $WORKING_DIR
-    - script:
-        name: Run vagrant reload ubuntu1404
-        code: vagrant reload ubuntu1404
-        cwd: $WORKING_DIR
-    - script:
-        name: Run rake spec:ubuntu1404
-        code: DIGITALOCEAN=true rake spec:ubuntu1404
+        name: Run walter
+        code: ./walter
         cwd: $WORKING_DIR
 
   after-steps:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: serverspec
 version: !ruby/object:Gem::Version
-  version: 2.9.1
+  version: 2.10.0
 platform: ruby
 authors:
 - Gosuke Miyashita
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-26 00:00:00.000000000 Z
+date: 2015-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -178,6 +178,8 @@ files:
 - lib/serverspec/type/windows_hot_fix.rb
 - lib/serverspec/type/windows_registry_key.rb
 - lib/serverspec/type/windows_scheduled_task.rb
+- lib/serverspec/type/x509_certificate.rb
+- lib/serverspec/type/x509_private_key.rb
 - lib/serverspec/type/yumrepo.rb
 - lib/serverspec/type/zfs.rb
 - lib/serverspec/version.rb
@@ -238,6 +240,8 @@ files:
 - spec/type/linux/lxc_container_spec.rb
 - spec/type/linux/selinux_module_spec.rb
 - spec/type/linux/selinux_spec.rb
+- spec/type/linux/x509_certificate_spec.rb
+- spec/type/linux/x509_private_key_spec.rb
 - spec/type/linux/zfs_spec.rb
 - spec/type/nixos/package_spec.rb
 - spec/type/nixos/service_spec.rb
@@ -376,6 +380,8 @@ test_files:
 - spec/type/linux/lxc_container_spec.rb
 - spec/type/linux/selinux_module_spec.rb
 - spec/type/linux/selinux_spec.rb
+- spec/type/linux/x509_certificate_spec.rb
+- spec/type/linux/x509_private_key_spec.rb
 - spec/type/linux/zfs_spec.rb
 - spec/type/nixos/package_spec.rb
 - spec/type/nixos/service_spec.rb