spec/http_spec.rb in r509-ca-http-0.2.2 vs spec/http_spec.rb in r509-ca-http-0.3.0
- old
+ new
@@ -9,32 +9,36 @@
end
before :each do
@crls = { "test_ca" => double("crl") }
@certificate_authorities = { "test_ca" => double("test_ca") }
+ @options_builders = { "test_ca" => double("options_builder") }
@subject_parser = double("subject parser")
- @validity_period_converter = double("validity period converter")
+ #@validity_period_converter = double("validity period converter")
@csr_factory = double("csr factory")
@spki_factory = double("spki factory")
end
def app
@app ||= R509::CertificateAuthority::HTTP::Server
@app.send(:set, :crls, @crls)
@app.send(:set, :certificate_authorities, @certificate_authorities)
+ @app.send(:set, :options_builders, @options_builders)
@app.send(:set, :subject_parser, @subject_parser)
- @app.send(:set, :validity_period_converter, @validity_period_converter)
+ #@app.send(:set, :validity_period_converter, @validity_period_converter)
@app.send(:set, :csr_factory, @csr_factory)
@app.send(:set, :spki_factory, @spki_factory)
end
context "get CRL" do
it "gets the CRL" do
- @crls["test_ca"].should_receive(:to_pem).and_return("generated crl")
+ crl = double('crl')
+ crl.should_receive(:to_pem).and_return("generated crl")
+ @crls["test_ca"].should_receive(:generate_crl).and_return(crl)
get "/1/crl/test_ca/get"
last_response.should be_ok
- last_response.content_type.should match /text\/plain/
+ last_response.content_type.should match(/text\/plain/)
last_response.body.should == "generated crl"
end
it "when CA is not found" do
get "/1/crl/bogus/get/"
last_response.status.should == 500
@@ -42,11 +46,13 @@
end
end
context "generate CRL" do
it "generates the CRL" do
- @crls["test_ca"].should_receive(:generate_crl).and_return("generated crl")
+ crl = double('crl')
+ crl.should_receive(:to_pem).and_return("generated crl")
+ @crls["test_ca"].should_receive(:generate_crl).and_return(crl)
get "/1/crl/test_ca/generate"
last_response.should be_ok
last_response.body.should == "generated crl"
end
it "when CA is not found" do
@@ -94,115 +100,118 @@
last_response.body.should == "#<ArgumentError: CA not found>"
end
it "fails to issue" do
csr = double("csr")
@csr_factory.should_receive(:build).with({:csr => "csr"}).and_return(csr)
- @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+ #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
subject = R509::Subject.new [["CN", "domain.com"]]
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
- @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_raise(R509::R509Error.new("failed to issue because of: good reason"))
+ @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_raise(R509::R509Error.new("failed to issue because of: good reason"))
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
last_response.should_not be_ok
last_response.body.should == "#<R509::R509Error: failed to issue because of: good reason>"
end
it "issues a CSR with no SAN extensions" do
csr = double("csr")
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
- @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+ #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
subject = R509::Subject.new [["CN", "domain.com"]]
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
cert = double("cert")
- @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_return(cert)
+ @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1", :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+ @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
cert.should_receive(:to_pem).and_return("signed cert")
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
last_response.should be_ok
last_response.body.should == "signed cert"
end
it "issues a CSR with SAN extensions" do
csr = double("csr")
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
- @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+ #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
subject = R509::Subject.new [["CN", "domain.com"]]
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
cert = double("cert")
- @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
+ @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => kind_of(Array), :subject => subject, :extensions => kind_of(Array), :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1", :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+ @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
cert.should_receive(:to_pem).and_return("signed cert")
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
last_response.should be_ok
last_response.body.should == "signed cert"
end
it "issues a CSR with dNSNames" do
csr = double("csr")
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
- @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+ #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
subject = R509::Subject.new [["CN", "domain.com"]]
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
- general_names = double("general names")
- R509::ASN1::GeneralNames.should_receive(:new).and_return(general_names)
- general_names.should_receive(:create_item).with(:tag => 2, :value => "domain1.com")
- general_names.should_receive(:create_item).with(:tag => 2, :value => "domain2.com")
cert = double("cert")
- @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => general_names, :not_before => 1, :not_after => 2).and_return(cert)
+ @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1")
+ @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
cert.should_receive(:to_pem).and_return("signed cert")
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[dNSNames][]" => ["domain1.com","domain2.com"]
last_response.should be_ok
last_response.body.should == "signed cert"
end
it "issues a CSR with both SAN names and dNSNames provided (and ignore the dNSNames)" do
csr = double("csr")
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
- @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+ #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
subject = R509::Subject.new [["CN", "domain.com"]]
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
cert = double("cert")
- @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
+ @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr)
+ @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
cert.should_receive(:to_pem).and_return("signed cert")
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"], "extensions[dNSNames][]" => ["domain3.com", "domain4.com"]
last_response.should be_ok
last_response.body.should == "signed cert"
end
it "issues an SPKI without SAN extensions" do
- @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+ #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
subject = R509::Subject.new [["CN", "domain.com"]]
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
spki = double("spki")
@spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
cert = double("cert")
- @certificate_authorities["test_ca"].should_receive(:sign).with(:spki => spki, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_return(cert)
+ @options_builders["test_ca"].should_receive(:build_and_enforce).with(:spki => spki, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:spki => spki, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+ @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
cert.should_receive(:to_pem).and_return("signed cert")
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki"
last_response.should be_ok
last_response.body.should == "signed cert"
end
it "issues an SPKI with SAN extensions" do
- @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+ #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
subject = R509::Subject.new [["CN", "domain.com"]]
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
spki = double("spki")
@spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
cert = double("cert")
- @certificate_authorities["test_ca"].should_receive(:sign).with(:spki => spki, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
+ @options_builders["test_ca"].should_receive(:build_and_enforce).with(:spki => spki, :profile_name => "profile", :extensions => kind_of(Array), :subject => subject, :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:spki => spki, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+ @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
cert.should_receive(:to_pem).and_return("signed cert")
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
last_response.should be_ok
last_response.body.should == "signed cert"
end
it "when there are empty SAN names" do
csr = double("csr")
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
- @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+ #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
subject = R509::Subject.new [["CN", "domain.com"]]
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
cert = double("cert")
- @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
+ @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+ @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
cert.should_receive(:to_pem).and_return("signed cert")
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com","",""]
last_response.should be_ok
last_response.body.should == "signed cert"
@@ -225,22 +234,22 @@
last_response.should_not be_ok
last_response.body.should == "#<ArgumentError: Serial must be provided>"
end
it "when serial is given but not reason" do
@crls["test_ca"].should_receive(:revoke_cert).with("12345", nil).and_return(nil)
- crl_list = double("crl-list")
- @crls["test_ca"].should_receive(:crl).and_return(crl_list)
- crl_list.should_receive(:to_pem).and_return("generated crl")
+ crl_obj = double("crl-obj")
+ @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+ crl_obj.should_receive(:to_pem).and_return("generated crl")
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345"
last_response.should be_ok
last_response.body.should == "generated crl"
end
it "when serial and reason are given" do
@crls["test_ca"].should_receive(:revoke_cert).with("12345", "1").and_return(nil)
- crl_list = double("crl-list")
- @crls["test_ca"].should_receive(:crl).and_return(crl_list)
- crl_list.should_receive(:to_pem).and_return("generated crl")
+ crl_obj = double("crl-obj")
+ @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+ crl_obj.should_receive(:to_pem).and_return("generated crl")
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "1"
last_response.should be_ok
last_response.body.should == "generated crl"
end
it "when serial is not an integer" do
@@ -249,22 +258,22 @@
last_response.should_not be_ok
last_response.body.should == "#<R509::R509Error: some r509 error>"
end
it "when reason is not an integer" do
@crls["test_ca"].should_receive(:revoke_cert).with("12345", "foo").and_return(nil)
- crl_list = double("crl-list")
- @crls["test_ca"].should_receive(:crl).and_return(crl_list)
- crl_list.should_receive(:to_pem).and_return("generated crl")
+ crl_obj = double("crl-obj")
+ @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+ crl_obj.should_receive(:to_pem).and_return("generated crl")
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "foo"
last_response.should be_ok
last_response.body.should == "generated crl"
end
it "when reason is an empty string" do
@crls["test_ca"].should_receive(:revoke_cert).with("12345", nil).and_return(nil)
- crl_list = double("crl-list")
- @crls["test_ca"].should_receive(:crl).and_return(crl_list)
- crl_list.should_receive(:to_pem).and_return("generated crl")
+ crl_obj = double("crl-obj")
+ @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+ crl_obj.should_receive(:to_pem).and_return("generated crl")
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => ""
last_response.should be_ok
last_response.body.should == "generated crl"
end
end
@@ -285,12 +294,12 @@
last_response.should_not be_ok
last_response.body.should == "#<ArgumentError: Serial must be provided>"
end
it "when serial is given" do
@crls["test_ca"].should_receive(:unrevoke_cert).with(12345).and_return(nil)
- crl_list = double("crl-list")
- @crls["test_ca"].should_receive(:crl).and_return(crl_list)
- crl_list.should_receive(:to_pem).and_return("generated crl")
+ crl_obj = double("crl-obj")
+ @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+ crl_obj.should_receive(:to_pem).and_return("generated crl")
post "/1/certificate/unrevoke", "ca" => "test_ca", "serial" => "12345"
last_response.should be_ok
last_response.body.should == "generated crl"
end
end