require 'spec_helper' include R509::Cert::Extensions shared_examples_for "a correctly implemented wrap_openssl_extensions" do before :each do @r509_extensions = R509::Cert::Extensions.wrap_openssl_extensions(@openssl_extensions) @r509_classes = [ BasicConstraints, KeyUsage, ExtendedKeyUsage, SubjectKeyIdentifier, AuthorityKeyIdentifier, SubjectAlternativeName, AuthorityInfoAccess, CRLDistributionPoints, OCSPNoCheck ] end it "should not have returned values that aren't R509 extensions" do classes = @r509_extensions.values.map { |ext| ext.class } non_r509_classes = classes.reject { |ext_class| @r509_classes.include?(ext_class) } expect(non_r509_classes).to eq([]) end it "should have returned the right number of extensions" do expect(@r509_extensions.count).to eq(@wrappable_extensions.count) end it "should not have returned keys improperly mapped to values" do incorrect_mappings = @r509_extensions.select { |key_class, ext| ext.class != key_class } incorrect_mappings = {} if incorrect_mappings == [] # compatibility for old versions of Ruby expect(incorrect_mappings).to eq({}) end it "should not have failed to map an implemented extension" do missing_extensions = [] @wrappable_extensions.each do |openssl_ext| if (@r509_extensions.select { |_r509_class, r509_ext| r509_ext.oid == openssl_ext.oid }) == {} missing_extensions << openssl_ext.oid end end expect(missing_extensions).to eq([]) end end shared_examples_for "a correctly implemented get_unknown_extensions" do it "should not have returned values that are R509 extensions" do expect(R509::Cert::Extensions.get_unknown_extensions(@openssl_extensions)).to eq(@unknown_extensions) end end describe R509::Cert::Extensions do include R509::Cert::Extensions context "Class functions" do context "#wrap_openssl_extensions and #get_unknown_extensions" do context "with no extensions" do before :each do @wrappable_extensions = [] @unknown_extensions = [] @openssl_extensions = @wrappable_extensions + @unknown_extensions end it_should_behave_like "a correctly implemented wrap_openssl_extensions" it_should_behave_like "a correctly implemented get_unknown_extensions" end context "with one implemented extension" do before :each do @wrappable_extensions = [] ef = OpenSSL::X509::ExtensionFactory.new @wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0") @unknown_extensions = [] @openssl_extensions = @wrappable_extensions + @unknown_extensions end it_should_behave_like "a correctly implemented wrap_openssl_extensions" it_should_behave_like "a correctly implemented get_unknown_extensions" end context "with all implemented extensions" do before :each do @wrappable_extensions = [] ef = OpenSSL::X509::ExtensionFactory.new ef.issuer_certificate = OpenSSL::X509::Certificate.new TestFixtures::TEST_CA_CERT ef.subject_certificate = OpenSSL::X509::Certificate.new TestFixtures::TEST_CA_CERT @wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0", true) @wrappable_extensions << ef.create_extension("keyUsage", KeyUsage::AU_DIGITAL_SIGNATURE) @wrappable_extensions << ef.create_extension("extendedKeyUsage", ExtendedKeyUsage::AU_WEB_SERVER_AUTH) @wrappable_extensions << ef.create_extension("subjectKeyIdentifier", "hash") @wrappable_extensions << ef.create_extension("authorityKeyIdentifier", "keyid:always") @wrappable_extensions << ef.create_extension("subjectAltName", "DNS:www.test.local") @wrappable_extensions << ef.create_extension("authorityInfoAccess", "caIssuers;URI:http://www.test.local") @wrappable_extensions << ef.create_extension("crlDistributionPoints", "URI:http://www.test.local") @unknown_extensions = [] @openssl_extensions = @wrappable_extensions + @unknown_extensions end it_should_behave_like "a correctly implemented wrap_openssl_extensions" it_should_behave_like "a correctly implemented get_unknown_extensions" end context "with an unimplemented extension" do before :each do @wrappable_extensions = [] @unknown_extensions = [] @unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www.test.local") @openssl_extensions = @wrappable_extensions + @unknown_extensions end it_should_behave_like "a correctly implemented wrap_openssl_extensions" it_should_behave_like "a correctly implemented get_unknown_extensions" end context "with implemented and unimplemented extensions" do before :each do @wrappable_extensions = [] ef = OpenSSL::X509::ExtensionFactory.new @wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0") @unknown_extensions = [] @unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www.test.local") @openssl_extensions = @wrappable_extensions + @unknown_extensions end it_should_behave_like "a correctly implemented wrap_openssl_extensions" it_should_behave_like "a correctly implemented get_unknown_extensions" end context "with multiple extensions of an implemented type" do before :each do @wrappable_extensions = [] ef = OpenSSL::X509::ExtensionFactory.new @wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0") @wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:1") @unknown_extensions = [] @unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www.test.local") @openssl_extensions = @wrappable_extensions + @unknown_extensions end it "should raise an ArgumentError for #wrap_openssl_extensions" do expect do R509::Cert::Extensions.wrap_openssl_extensions(@openssl_extensions) end.to raise_error(ArgumentError) end it_should_behave_like "a correctly implemented get_unknown_extensions" end context "with multiple extensions of an unimplemented type" do before :each do @wrappable_extensions = [] ef = OpenSSL::X509::ExtensionFactory.new @wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0") @unknown_extensions = [] @unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www.test.local") @unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www2.test.local") @openssl_extensions = @wrappable_extensions + @unknown_extensions end it_should_behave_like "a correctly implemented wrap_openssl_extensions" it_should_behave_like "a correctly implemented get_unknown_extensions" end end end end