sslcheck 0.9.6 → 0.9.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -2
- data/acceptance/checking_certificates_spec.rb +6 -5
- data/acceptance/client_spec.rb +16 -16
- data/ca-bundle/ca-bundle.crt +386 -381
- data/lib/sslcheck/version.rb +1 -1
- data/spec/ca_bundle_validator_spec.rb +3 -3
- data/spec/cert_fixtures.rb +548 -554
- data/spec/certificate_spec.rb +24 -24
- data/spec/common_name_validator_spec.rb +2 -2
- data/spec/expiration_date_validator_spec.rb +2 -2
- data/spec/issue_date_validator_spec.rb +2 -2
- data/spec/validator_spec.rb +4 -4
- metadata +3 -3
data/spec/certificate_spec.rb
CHANGED
@@ -11,18 +11,18 @@ module SSLCheck
|
|
11
11
|
sut = Certificate.new(VALID_CERT, clock)
|
12
12
|
actual_hash = sut.to_h
|
13
13
|
expected_hash = {
|
14
|
-
:common_name => "
|
15
|
-
:organization_unit =>
|
16
|
-
:not_before => DateTime.parse("Tue,
|
17
|
-
:not_after => DateTime.parse("
|
14
|
+
:common_name => "letsencrypt.org/O=INTERNET SECURITY RESEARCH GROUP/L=Mountain View/ST=California/C=US",
|
15
|
+
:organization_unit => nil,
|
16
|
+
:not_before => DateTime.parse("Tue, 03 Feb 2015 21:24:51.000000000 +0000"),
|
17
|
+
:not_after => DateTime.parse("Fri, 02 Feb 2018 21:24:51.000000000 +0000"),
|
18
18
|
:issued => true,
|
19
19
|
:expired => false,
|
20
20
|
:issuer => {
|
21
|
-
:common_name => "
|
21
|
+
:common_name => "TrustID Server CA A52",
|
22
22
|
:country => "US",
|
23
|
-
:state =>
|
24
|
-
:locality =>
|
25
|
-
:organization => "
|
23
|
+
:state => nil,
|
24
|
+
:locality => nil,
|
25
|
+
:organization => "IdenTrust"
|
26
26
|
}
|
27
27
|
}
|
28
28
|
|
@@ -35,8 +35,8 @@ module SSLCheck
|
|
35
35
|
it 'should expose the altername names as alternate common names' do
|
36
36
|
sut = Certificate.new(VALID_CERT)
|
37
37
|
|
38
|
-
expect(sut.alternate_common_names).to include("www.
|
39
|
-
expect(sut.alternate_common_names).to include("
|
38
|
+
expect(sut.alternate_common_names).to include("www.letsencrypt.org")
|
39
|
+
expect(sut.alternate_common_names).to include("letsencrypt.org")
|
40
40
|
end
|
41
41
|
end
|
42
42
|
context "when it only has one alternate name in the extension" do
|
@@ -48,8 +48,8 @@ module SSLCheck
|
|
48
48
|
sut = Certificate.new(cert)
|
49
49
|
|
50
50
|
expect(sut.alternate_common_names).to include("example.com")
|
51
|
-
expect(sut.alternate_common_names).to_not include("
|
52
|
-
expect(sut.alternate_common_names).to_not include("www.
|
51
|
+
expect(sut.alternate_common_names).to_not include("letsencrypt.org")
|
52
|
+
expect(sut.alternate_common_names).to_not include("www.letsencrypt.org")
|
53
53
|
end
|
54
54
|
end
|
55
55
|
context "when it has no subject alternate name extension" do
|
@@ -65,36 +65,36 @@ module SSLCheck
|
|
65
65
|
end
|
66
66
|
describe "subject" do
|
67
67
|
it "should expose the certificate's subject" do
|
68
|
-
expect(@sut.subject).to eq "/
|
68
|
+
expect(@sut.subject).to eq "/CN=letsencrypt.org/O=INTERNET SECURITY RESEARCH GROUP/L=Mountain View/ST=California/C=US"
|
69
69
|
end
|
70
70
|
it "should expose the common name on the certificate" do
|
71
|
-
expect(@sut.common_name).to eq "
|
71
|
+
expect(@sut.common_name).to eq "letsencrypt.org/O=INTERNET SECURITY RESEARCH GROUP/L=Mountain View/ST=California/C=US"
|
72
72
|
end
|
73
73
|
it "should expose the organizational unit on the certificate" do
|
74
|
-
expect(@sut.organizational_unit).to eq
|
74
|
+
expect(@sut.organizational_unit).to eq nil
|
75
75
|
end
|
76
76
|
end
|
77
77
|
describe "issuer" do
|
78
78
|
it "should expose the certificate's issuer" do
|
79
|
-
expect(@sut.issuer).to eq "/C=US/
|
79
|
+
expect(@sut.issuer).to eq "/C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52"
|
80
80
|
end
|
81
81
|
it "should expose a friendly version of the issuer" do
|
82
|
-
expect(@sut.issued_by).to eq "
|
82
|
+
expect(@sut.issued_by).to eq "TrustID Server CA A52"
|
83
83
|
end
|
84
84
|
it "should expose the issuer's country" do
|
85
85
|
expect(@sut.issuer_country).to eq "US"
|
86
86
|
end
|
87
87
|
it "should expose the issuer's state" do
|
88
|
-
expect(@sut.issuer_state).to eq
|
88
|
+
expect(@sut.issuer_state).to eq nil
|
89
89
|
end
|
90
90
|
it "should expose the issuer's locality" do
|
91
|
-
expect(@sut.issuer_locality).to eq
|
91
|
+
expect(@sut.issuer_locality).to eq nil
|
92
92
|
end
|
93
93
|
it "should expose the issuer's organization" do
|
94
|
-
expect(@sut.issuer_organization).to eq "
|
94
|
+
expect(@sut.issuer_organization).to eq "IdenTrust"
|
95
95
|
end
|
96
96
|
it "should expose the issuer's common name" do
|
97
|
-
expect(@sut.issuer_common_name).to eq "
|
97
|
+
expect(@sut.issuer_common_name).to eq "TrustID Server CA A52"
|
98
98
|
end
|
99
99
|
end
|
100
100
|
describe "public key" do
|
@@ -104,16 +104,16 @@ module SSLCheck
|
|
104
104
|
end
|
105
105
|
describe "verify" do
|
106
106
|
it "should be able to verify a certificate with the public key of another" do
|
107
|
-
ca_bundle = Certificate.new(CA_BUNDLE)
|
107
|
+
ca_bundle = Certificate.new(CA_BUNDLE.join("\n"))
|
108
108
|
expect(@sut.verify(ca_bundle)).to be
|
109
109
|
end
|
110
110
|
end
|
111
111
|
describe "dates" do
|
112
112
|
it "should expose the certificate's issue date" do
|
113
|
-
expect(@sut.not_before).to eq DateTime.parse("Tue,
|
113
|
+
expect(@sut.not_before).to eq DateTime.parse("Tue, 03 Feb 2015 21:24:51.000000000 +0000")
|
114
114
|
end
|
115
115
|
it "should expose the certificate's expiry date" do
|
116
|
-
expect(@sut.not_after).to eq DateTime.parse("
|
116
|
+
expect(@sut.not_after).to eq DateTime.parse("Fri, 02 Feb 2018 21:24:51.000000000 +0000")
|
117
117
|
end
|
118
118
|
end
|
119
119
|
describe "expired?" do
|
@@ -8,7 +8,7 @@ module SSLCheck
|
|
8
8
|
end
|
9
9
|
context "when the common name is valid" do
|
10
10
|
it 'should return nothing' do
|
11
|
-
sut = Validators::CommonName.new("
|
11
|
+
sut = Validators::CommonName.new("letsencrypt.org", @cert, @ca_bundle)
|
12
12
|
result = sut.validate
|
13
13
|
expect(result).to_not be
|
14
14
|
end
|
@@ -22,7 +22,7 @@ module SSLCheck
|
|
22
22
|
end
|
23
23
|
context "when the certificate has alternate subject names" do
|
24
24
|
it 'should allow matches against the supplied common name' do
|
25
|
-
sut = Validators::CommonName.new("
|
25
|
+
sut = Validators::CommonName.new("letsencrypt.org", @cert, @ca_bundle)
|
26
26
|
result = sut.validate
|
27
27
|
expect(result).to_not be
|
28
28
|
end
|
@@ -8,14 +8,14 @@ module SSLCheck
|
|
8
8
|
end
|
9
9
|
context "when the expiration date is in the future" do
|
10
10
|
it 'should return errors' do
|
11
|
-
sut = Validators::ExpirationDate.new("
|
11
|
+
sut = Validators::ExpirationDate.new("letsencrypt.org", @cert, @ca_bundle)
|
12
12
|
result = sut.validate(FutureClock.new)
|
13
13
|
expect(result).to be_a SSLCheck::Errors::Validation::CertificateExpired
|
14
14
|
end
|
15
15
|
end
|
16
16
|
context "when the expiration date is in the past" do
|
17
17
|
it 'should return nothing' do
|
18
|
-
sut = Validators::ExpirationDate.new("
|
18
|
+
sut = Validators::ExpirationDate.new("letsencrypt.org", @cert, @ca_bundle)
|
19
19
|
result = sut.validate(PastClock.new)
|
20
20
|
expect(result).to_not be
|
21
21
|
end
|
@@ -8,14 +8,14 @@ module SSLCheck
|
|
8
8
|
end
|
9
9
|
context "when the issue date is in the past" do
|
10
10
|
it 'should return nothing' do
|
11
|
-
sut = Validators::IssueDate.new("
|
11
|
+
sut = Validators::IssueDate.new("letsencrypt.org", @cert, @ca_bundle)
|
12
12
|
result = sut.validate(FutureClock.new)
|
13
13
|
expect(result).to_not be
|
14
14
|
end
|
15
15
|
end
|
16
16
|
context "when the issue date is in the future" do
|
17
17
|
it 'should return errors' do
|
18
|
-
sut = Validators::IssueDate.new("
|
18
|
+
sut = Validators::IssueDate.new("letsencrypt.org", @cert, @ca_bundle)
|
19
19
|
result = sut.validate(PastClock.new)
|
20
20
|
expect(result).to be_a SSLCheck::Errors::Validation::NotYetIssued
|
21
21
|
end
|
data/spec/validator_spec.rb
CHANGED
@@ -52,24 +52,24 @@ module SSLCheck
|
|
52
52
|
context 'when the certificate is valid' do
|
53
53
|
before do
|
54
54
|
@cert = Certificate.new(VALID_CERT)
|
55
|
-
@ca_bundle = [Certificate.new(CA_PARENT), Certificate.new(CA_GRAND_PARENT)
|
55
|
+
@ca_bundle = [Certificate.new(CA_PARENT), Certificate.new(CA_GRAND_PARENT)]
|
56
56
|
@sut = Validator.new
|
57
57
|
@validators = [PassThroughValidator]
|
58
58
|
end
|
59
59
|
|
60
60
|
it 'should be valid' do
|
61
|
-
@sut.validate("www.
|
61
|
+
@sut.validate("www.letsencrypt.org", @cert, @ca_bundle, @validators)
|
62
62
|
expect(@sut.valid?).to be
|
63
63
|
|
64
64
|
end
|
65
65
|
|
66
66
|
it 'should have no errors' do
|
67
|
-
@sut.validate("www.
|
67
|
+
@sut.validate("www.letsencrypt.org", @cert, @ca_bundle, @validators)
|
68
68
|
expect(@sut.errors).to be_empty
|
69
69
|
end
|
70
70
|
|
71
71
|
it 'should have no warnings' do
|
72
|
-
@sut.validate("www.
|
72
|
+
@sut.validate("www.letsencrypt.org", @cert, @ca_bundle, @validators)
|
73
73
|
expect(@sut.warnings).to be_empty
|
74
74
|
end
|
75
75
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sslcheck
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.
|
4
|
+
version: 0.9.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clayton Lengel-Zigich
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-06-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -162,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
162
162
|
version: '0'
|
163
163
|
requirements: []
|
164
164
|
rubyforge_project:
|
165
|
-
rubygems_version: 2.
|
165
|
+
rubygems_version: 2.5.1
|
166
166
|
signing_key:
|
167
167
|
specification_version: 4
|
168
168
|
summary: Discover errors with SSL certificates.
|