spec/spec_helper.rb in logstash-input-tcp-2.0.5 vs spec/spec_helper.rb in logstash-input-tcp-3.0.0

@@ -1,7 +1,9 @@
 # encoding: utf-8
 require "logstash/devutils/rspec/spec_helper"
+require "tempfile"
+require "stud/temporary"
 
 # this has been taken from the udp input, it should be DRYed
 
 class TcpHelpers
 
@@ -17,6 +19,73 @@
     end
     plugin.do_stop
     input_thread.join
     result
   end
+
+  def certificate
+    certificate, key = Flores::PKI.generate("CN=localhost", { :key_size => 2048 })
+    [new_temp_file('cert', certificate), new_temp_file('key', key)]
+  end
+
+  def chain_of_certificates
+    root_ca, root_key = build_root_ca
+    a_cert,   a_key = build_certificate(root_ca, root_key, "A_Cert")
+    aa_cert, aa_key = build_certificate(root_ca, root_key, "AA_Cert")
+    b_cert, b_key = build_certificate(a_cert, a_key, "B_Cert")
+    c_cert, c_key = build_certificate(b_cert, b_key, "C_Cert")
+    { :root_ca => new_temp_file('', root_ca), :root_key => new_temp_file('', root_key),
+      :a_cert  => new_temp_file('', a_cert),  :a_key    => new_temp_file('', a_key),
+      :aa_cert => new_temp_file('', aa_cert), :aa_key   => new_temp_file('', aa_key),
+      :b_cert  => new_temp_file('', b_cert),  :b_key    => new_temp_file('', b_key),
+      :c_cert  => new_temp_file('', c_cert),  :c_key    => new_temp_file('', c_key)}
+  end
+
+  private
+
+  def new_temp_file(name, data)
+    file = Stud::Temporary.file
+    file.write(data)
+    file.rewind
+    file
+  end
+
+  def build_certificate(root_ca, root_key=nil, name="")
+    key = ( root_key.nil? ? OpenSSL::PKey::RSA.new(2048) : root_key )
+    options = { :serial => 2, :subject => "/DC=org/DC=ruby-lang/CN=Ruby#{name}", :key => key, :issuer => root_ca.subject}
+    cert = new_certificate(options)
+    add_ca_extensions(cert, nil, root_ca)
+    [ cert.sign(key, OpenSSL::Digest::SHA256.new), key ]
+  end
+
+  def build_root_ca
+    key = OpenSSL::PKey::RSA.new(2048)
+    options = { :serial => 1, :subject => "/DC=org/DC=ruby-lang/CN=Ruby CA", :key => key}
+    ca = new_certificate(options)
+    add_ca_extensions(ca)
+    [ ca.sign(key, OpenSSL::Digest::SHA256.new), key ]
+  end
+
+  def new_certificate(options)
+    cert  = OpenSSL::X509::Certificate.new
+    cert.version = 2
+    cert.serial = options.fetch(:serial, 1)
+    cert.subject = OpenSSL::X509::Name.parse(options.fetch(:subject, "/DC=org/DC=ruby-lang/CN=Ruby CA"))
+    cert.issuer  = options.fetch(:issuer, cert.subject)
+    cert.public_key = options[:key].public_key
+    cert.not_before = Time.now
+    cert.not_after  = cert.not_before + 2 * 365 * 86400
+    cert
+  end
+
+  def add_ca_extensions(certificate, subject=nil, issuer=nil)
+    factory = OpenSSL::X509::ExtensionFactory.new
+    factory.subject_certificate = (subject.nil? ? certificate : subject)
+    factory.issuer_certificate  = (issuer.nil?  ? certificate : issuer)
+
+    certificate.add_extension(factory.create_extension("basicConstraints","CA:TRUE",true))
+    certificate.add_extension(factory.create_extension("keyUsage","keyCertSign, cRLSign, digitalSignature", true))
+    certificate.add_extension(factory.create_extension("subjectKeyIdentifier","hash",false))
+    certificate.add_extension(factory.create_extension("authorityKeyIdentifier","keyid:always",false))
+  end
+
 end