RSpec.describe Rails::Auth::X509::Matcher do let(:example_cert) { OpenSSL::X509::Certificate.new(cert_path("valid.crt").read) } let(:example_certificate) { Rails::Auth::X509::Certificate.new(example_cert) } let(:example_ou) { "ponycopter" } let(:another_ou) { "somethingelse" } let(:example_env) do { Rails::Auth::CREDENTIALS_ENV_KEY => { "x509" => example_certificate } } end it "matches against a valid Rails::Auth::X509::Credential" do matcher = described_class.new(ou: example_ou) expect(matcher.match(example_env)).to eq true end it "doesn't match if the subject mismatches" do matcher = described_class.new(ou: another_ou) expect(matcher.match(example_env)).to eq false end end