debian-mirror-gitlab/spec/lib/gitlab/email/smime/certificate_spec.rb

117 lines
4.2 KiB
Ruby
Raw Normal View History

2019-12-04 20:38:33 +05:30
# frozen_string_literal: true
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe Gitlab::Email::Smime::Certificate do
2019-12-04 20:38:33 +05:30
include SmimeHelper
# cert generation is an expensive operation and they are used read-only,
# so we share them as instance variables in all tests
before :context do
@root_ca = generate_root
2020-05-24 23:13:21 +05:30
@intermediate_ca = generate_intermediate(signer_ca: @root_ca)
@cert = generate_cert(signer_ca: @intermediate_ca)
2019-12-04 20:38:33 +05:30
end
describe 'testing environment setup' do
describe 'generate_root' do
subject { @root_ca }
it 'generates a root CA that expires a long way in the future' do
expect(subject[:cert].not_after).to be > 999.years.from_now
end
end
2020-05-24 23:13:21 +05:30
describe 'generate_intermediate' do
subject { @intermediate_ca }
it 'generates an intermediate CA that expires a long way in the future' do
expect(subject[:cert].not_after).to be > 999.years.from_now
end
it 'generates an intermediate CA properly signed by the root CA' do
expect(subject[:cert].issuer).to eq(@root_ca[:cert].subject)
end
end
2019-12-04 20:38:33 +05:30
describe 'generate_cert' do
subject { @cert }
2020-05-24 23:13:21 +05:30
it 'generates a cert properly signed by the intermediate CA' do
expect(subject[:cert].issuer).to eq(@intermediate_ca[:cert].subject)
2019-12-04 20:38:33 +05:30
end
it 'generates a cert that expires soon' do
expect(subject[:cert].not_after).to be < 60.minutes.from_now
end
it 'generates a cert intended for email signing' do
expect(subject[:cert].extensions).to include(an_object_having_attributes(oid: 'extendedKeyUsage', value: match('E-mail Protection')))
end
context 'passing in INFINITE_EXPIRY' do
2020-05-24 23:13:21 +05:30
subject { generate_cert(signer_ca: @intermediate_ca, expires_in: SmimeHelper::INFINITE_EXPIRY) }
2019-12-04 20:38:33 +05:30
it 'generates a cert that expires a long way in the future' do
expect(subject[:cert].not_after).to be > 999.years.from_now
end
end
end
end
describe '.from_strings' do
it 'parses correctly a certificate and key' do
parsed_cert = described_class.from_strings(@cert[:key].to_s, @cert[:cert].to_pem)
2020-05-24 23:13:21 +05:30
common_cert_tests(parsed_cert, @cert, @intermediate_ca)
2019-12-04 20:38:33 +05:30
end
end
describe '.from_files' do
it 'parses correctly a certificate and key' do
allow(File).to receive(:read).with('a_key').and_return(@cert[:key].to_s)
allow(File).to receive(:read).with('a_cert').and_return(@cert[:cert].to_pem)
parsed_cert = described_class.from_files('a_key', 'a_cert')
2020-05-24 23:13:21 +05:30
common_cert_tests(parsed_cert, @cert, @intermediate_ca)
end
context 'with optional ca_certs' do
it 'parses correctly certificate, key and ca_certs' do
allow(File).to receive(:read).with('a_key').and_return(@cert[:key].to_s)
allow(File).to receive(:read).with('a_cert').and_return(@cert[:cert].to_pem)
allow(File).to receive(:read).with('a_ca_cert').and_return(@intermediate_ca[:cert].to_pem)
parsed_cert = described_class.from_files('a_key', 'a_cert', 'a_ca_cert')
common_cert_tests(parsed_cert, @cert, @intermediate_ca, with_ca_certs: [@intermediate_ca[:cert]])
end
end
end
context 'with no intermediate CA' do
it 'parses correctly a certificate and key' do
cert = generate_cert(signer_ca: @root_ca)
allow(File).to receive(:read).with('a_key').and_return(cert[:key].to_s)
allow(File).to receive(:read).with('a_cert').and_return(cert[:cert].to_pem)
parsed_cert = described_class.from_files('a_key', 'a_cert')
common_cert_tests(parsed_cert, cert, @root_ca)
2019-12-04 20:38:33 +05:30
end
end
2020-05-24 23:13:21 +05:30
def common_cert_tests(parsed_cert, cert, signer_ca, with_ca_certs: nil)
2019-12-04 20:38:33 +05:30
expect(parsed_cert.cert).to be_a(OpenSSL::X509::Certificate)
expect(parsed_cert.cert.subject).to eq(cert[:cert].subject)
2020-05-24 23:13:21 +05:30
expect(parsed_cert.cert.issuer).to eq(signer_ca[:cert].subject)
2019-12-04 20:38:33 +05:30
expect(parsed_cert.cert.not_before).to eq(cert[:cert].not_before)
expect(parsed_cert.cert.not_after).to eq(cert[:cert].not_after)
expect(parsed_cert.cert.extensions).to include(an_object_having_attributes(oid: 'extendedKeyUsage', value: match('E-mail Protection')))
expect(parsed_cert.key).to be_a(OpenSSL::PKey::RSA)
2020-05-24 23:13:21 +05:30
expect(parsed_cert.ca_certs).to match_array(Array.wrap(with_ca_certs)) if with_ca_certs
2019-12-04 20:38:33 +05:30
end
end