sslcheck 0.9.6 → 0.9.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -2
- data/acceptance/checking_certificates_spec.rb +6 -5
- data/acceptance/client_spec.rb +16 -16
- data/ca-bundle/ca-bundle.crt +386 -381
- data/lib/sslcheck/version.rb +1 -1
- data/spec/ca_bundle_validator_spec.rb +3 -3
- data/spec/cert_fixtures.rb +548 -554
- data/spec/certificate_spec.rb +24 -24
- data/spec/common_name_validator_spec.rb +2 -2
- data/spec/expiration_date_validator_spec.rb +2 -2
- data/spec/issue_date_validator_spec.rb +2 -2
- data/spec/validator_spec.rb +4 -4
- metadata +3 -3
data/spec/certificate_spec.rb
CHANGED
@@ -11,18 +11,18 @@ module SSLCheck
|
|
11
11
|
sut = Certificate.new(VALID_CERT, clock)
|
12
12
|
actual_hash = sut.to_h
|
13
13
|
expected_hash = {
|
14
|
-
:common_name => "
|
15
|
-
:organization_unit =>
|
16
|
-
:not_before => DateTime.parse("Tue,
|
17
|
-
:not_after => DateTime.parse("
|
14
|
+
:common_name => "letsencrypt.org/O=INTERNET SECURITY RESEARCH GROUP/L=Mountain View/ST=California/C=US",
|
15
|
+
:organization_unit => nil,
|
16
|
+
:not_before => DateTime.parse("Tue, 03 Feb 2015 21:24:51.000000000 +0000"),
|
17
|
+
:not_after => DateTime.parse("Fri, 02 Feb 2018 21:24:51.000000000 +0000"),
|
18
18
|
:issued => true,
|
19
19
|
:expired => false,
|
20
20
|
:issuer => {
|
21
|
-
:common_name => "
|
21
|
+
:common_name => "TrustID Server CA A52",
|
22
22
|
:country => "US",
|
23
|
-
:state =>
|
24
|
-
:locality =>
|
25
|
-
:organization => "
|
23
|
+
:state => nil,
|
24
|
+
:locality => nil,
|
25
|
+
:organization => "IdenTrust"
|
26
26
|
}
|
27
27
|
}
|
28
28
|
|
@@ -35,8 +35,8 @@ module SSLCheck
|
|
35
35
|
it 'should expose the altername names as alternate common names' do
|
36
36
|
sut = Certificate.new(VALID_CERT)
|
37
37
|
|
38
|
-
expect(sut.alternate_common_names).to include("www.
|
39
|
-
expect(sut.alternate_common_names).to include("
|
38
|
+
expect(sut.alternate_common_names).to include("www.letsencrypt.org")
|
39
|
+
expect(sut.alternate_common_names).to include("letsencrypt.org")
|
40
40
|
end
|
41
41
|
end
|
42
42
|
context "when it only has one alternate name in the extension" do
|
@@ -48,8 +48,8 @@ module SSLCheck
|
|
48
48
|
sut = Certificate.new(cert)
|
49
49
|
|
50
50
|
expect(sut.alternate_common_names).to include("example.com")
|
51
|
-
expect(sut.alternate_common_names).to_not include("
|
52
|
-
expect(sut.alternate_common_names).to_not include("www.
|
51
|
+
expect(sut.alternate_common_names).to_not include("letsencrypt.org")
|
52
|
+
expect(sut.alternate_common_names).to_not include("www.letsencrypt.org")
|
53
53
|
end
|
54
54
|
end
|
55
55
|
context "when it has no subject alternate name extension" do
|
@@ -65,36 +65,36 @@ module SSLCheck
|
|
65
65
|
end
|
66
66
|
describe "subject" do
|
67
67
|
it "should expose the certificate's subject" do
|
68
|
-
expect(@sut.subject).to eq "/
|
68
|
+
expect(@sut.subject).to eq "/CN=letsencrypt.org/O=INTERNET SECURITY RESEARCH GROUP/L=Mountain View/ST=California/C=US"
|
69
69
|
end
|
70
70
|
it "should expose the common name on the certificate" do
|
71
|
-
expect(@sut.common_name).to eq "
|
71
|
+
expect(@sut.common_name).to eq "letsencrypt.org/O=INTERNET SECURITY RESEARCH GROUP/L=Mountain View/ST=California/C=US"
|
72
72
|
end
|
73
73
|
it "should expose the organizational unit on the certificate" do
|
74
|
-
expect(@sut.organizational_unit).to eq
|
74
|
+
expect(@sut.organizational_unit).to eq nil
|
75
75
|
end
|
76
76
|
end
|
77
77
|
describe "issuer" do
|
78
78
|
it "should expose the certificate's issuer" do
|
79
|
-
expect(@sut.issuer).to eq "/C=US/
|
79
|
+
expect(@sut.issuer).to eq "/C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52"
|
80
80
|
end
|
81
81
|
it "should expose a friendly version of the issuer" do
|
82
|
-
expect(@sut.issued_by).to eq "
|
82
|
+
expect(@sut.issued_by).to eq "TrustID Server CA A52"
|
83
83
|
end
|
84
84
|
it "should expose the issuer's country" do
|
85
85
|
expect(@sut.issuer_country).to eq "US"
|
86
86
|
end
|
87
87
|
it "should expose the issuer's state" do
|
88
|
-
expect(@sut.issuer_state).to eq
|
88
|
+
expect(@sut.issuer_state).to eq nil
|
89
89
|
end
|
90
90
|
it "should expose the issuer's locality" do
|
91
|
-
expect(@sut.issuer_locality).to eq
|
91
|
+
expect(@sut.issuer_locality).to eq nil
|
92
92
|
end
|
93
93
|
it "should expose the issuer's organization" do
|
94
|
-
expect(@sut.issuer_organization).to eq "
|
94
|
+
expect(@sut.issuer_organization).to eq "IdenTrust"
|
95
95
|
end
|
96
96
|
it "should expose the issuer's common name" do
|
97
|
-
expect(@sut.issuer_common_name).to eq "
|
97
|
+
expect(@sut.issuer_common_name).to eq "TrustID Server CA A52"
|
98
98
|
end
|
99
99
|
end
|
100
100
|
describe "public key" do
|
@@ -104,16 +104,16 @@ module SSLCheck
|
|
104
104
|
end
|
105
105
|
describe "verify" do
|
106
106
|
it "should be able to verify a certificate with the public key of another" do
|
107
|
-
ca_bundle = Certificate.new(CA_BUNDLE)
|
107
|
+
ca_bundle = Certificate.new(CA_BUNDLE.join("\n"))
|
108
108
|
expect(@sut.verify(ca_bundle)).to be
|
109
109
|
end
|
110
110
|
end
|
111
111
|
describe "dates" do
|
112
112
|
it "should expose the certificate's issue date" do
|
113
|
-
expect(@sut.not_before).to eq DateTime.parse("Tue,
|
113
|
+
expect(@sut.not_before).to eq DateTime.parse("Tue, 03 Feb 2015 21:24:51.000000000 +0000")
|
114
114
|
end
|
115
115
|
it "should expose the certificate's expiry date" do
|
116
|
-
expect(@sut.not_after).to eq DateTime.parse("
|
116
|
+
expect(@sut.not_after).to eq DateTime.parse("Fri, 02 Feb 2018 21:24:51.000000000 +0000")
|
117
117
|
end
|
118
118
|
end
|
119
119
|
describe "expired?" do
|
@@ -8,7 +8,7 @@ module SSLCheck
|
|
8
8
|
end
|
9
9
|
context "when the common name is valid" do
|
10
10
|
it 'should return nothing' do
|
11
|
-
sut = Validators::CommonName.new("
|
11
|
+
sut = Validators::CommonName.new("letsencrypt.org", @cert, @ca_bundle)
|
12
12
|
result = sut.validate
|
13
13
|
expect(result).to_not be
|
14
14
|
end
|
@@ -22,7 +22,7 @@ module SSLCheck
|
|
22
22
|
end
|
23
23
|
context "when the certificate has alternate subject names" do
|
24
24
|
it 'should allow matches against the supplied common name' do
|
25
|
-
sut = Validators::CommonName.new("
|
25
|
+
sut = Validators::CommonName.new("letsencrypt.org", @cert, @ca_bundle)
|
26
26
|
result = sut.validate
|
27
27
|
expect(result).to_not be
|
28
28
|
end
|
@@ -8,14 +8,14 @@ module SSLCheck
|
|
8
8
|
end
|
9
9
|
context "when the expiration date is in the future" do
|
10
10
|
it 'should return errors' do
|
11
|
-
sut = Validators::ExpirationDate.new("
|
11
|
+
sut = Validators::ExpirationDate.new("letsencrypt.org", @cert, @ca_bundle)
|
12
12
|
result = sut.validate(FutureClock.new)
|
13
13
|
expect(result).to be_a SSLCheck::Errors::Validation::CertificateExpired
|
14
14
|
end
|
15
15
|
end
|
16
16
|
context "when the expiration date is in the past" do
|
17
17
|
it 'should return nothing' do
|
18
|
-
sut = Validators::ExpirationDate.new("
|
18
|
+
sut = Validators::ExpirationDate.new("letsencrypt.org", @cert, @ca_bundle)
|
19
19
|
result = sut.validate(PastClock.new)
|
20
20
|
expect(result).to_not be
|
21
21
|
end
|
@@ -8,14 +8,14 @@ module SSLCheck
|
|
8
8
|
end
|
9
9
|
context "when the issue date is in the past" do
|
10
10
|
it 'should return nothing' do
|
11
|
-
sut = Validators::IssueDate.new("
|
11
|
+
sut = Validators::IssueDate.new("letsencrypt.org", @cert, @ca_bundle)
|
12
12
|
result = sut.validate(FutureClock.new)
|
13
13
|
expect(result).to_not be
|
14
14
|
end
|
15
15
|
end
|
16
16
|
context "when the issue date is in the future" do
|
17
17
|
it 'should return errors' do
|
18
|
-
sut = Validators::IssueDate.new("
|
18
|
+
sut = Validators::IssueDate.new("letsencrypt.org", @cert, @ca_bundle)
|
19
19
|
result = sut.validate(PastClock.new)
|
20
20
|
expect(result).to be_a SSLCheck::Errors::Validation::NotYetIssued
|
21
21
|
end
|
data/spec/validator_spec.rb
CHANGED
@@ -52,24 +52,24 @@ module SSLCheck
|
|
52
52
|
context 'when the certificate is valid' do
|
53
53
|
before do
|
54
54
|
@cert = Certificate.new(VALID_CERT)
|
55
|
-
@ca_bundle = [Certificate.new(CA_PARENT), Certificate.new(CA_GRAND_PARENT)
|
55
|
+
@ca_bundle = [Certificate.new(CA_PARENT), Certificate.new(CA_GRAND_PARENT)]
|
56
56
|
@sut = Validator.new
|
57
57
|
@validators = [PassThroughValidator]
|
58
58
|
end
|
59
59
|
|
60
60
|
it 'should be valid' do
|
61
|
-
@sut.validate("www.
|
61
|
+
@sut.validate("www.letsencrypt.org", @cert, @ca_bundle, @validators)
|
62
62
|
expect(@sut.valid?).to be
|
63
63
|
|
64
64
|
end
|
65
65
|
|
66
66
|
it 'should have no errors' do
|
67
|
-
@sut.validate("www.
|
67
|
+
@sut.validate("www.letsencrypt.org", @cert, @ca_bundle, @validators)
|
68
68
|
expect(@sut.errors).to be_empty
|
69
69
|
end
|
70
70
|
|
71
71
|
it 'should have no warnings' do
|
72
|
-
@sut.validate("www.
|
72
|
+
@sut.validate("www.letsencrypt.org", @cert, @ca_bundle, @validators)
|
73
73
|
expect(@sut.warnings).to be_empty
|
74
74
|
end
|
75
75
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sslcheck
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.
|
4
|
+
version: 0.9.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clayton Lengel-Zigich
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-06-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -162,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
162
162
|
version: '0'
|
163
163
|
requirements: []
|
164
164
|
rubyforge_project:
|
165
|
-
rubygems_version: 2.
|
165
|
+
rubygems_version: 2.5.1
|
166
166
|
signing_key:
|
167
167
|
specification_version: 4
|
168
168
|
summary: Discover errors with SSL certificates.
|