2017-03-15 23:57:31 +00:00
# encoding: utf-8
# author: Richard Nixon
require 'helper'
require 'inspec/resource'
describe 'Inspec::Resources::X509Certificate' do
let ( :resource_cert ) {
load_resource (
'x509_certificate' ,
2017-03-20 23:26:57 +00:00
'test_certificate.rsa.crt.pem'
2017-03-15 23:57:31 +00:00
)
}
2018-10-15 16:09:46 +00:00
# TODO: Regenerate certificate using `InSpec` not `Inspec`
2017-03-20 23:26:57 +00:00
it 'verify subject distingushed name' do
_ ( resource_cert . send ( 'subject_dn' ) ) . must_match 'Inspec Test Certificate'
2017-03-15 23:57:31 +00:00
end
2018-10-15 16:09:46 +00:00
# TODO: Regenerate certificate using `InSpec` not `Inspec`
2017-03-15 23:57:31 +00:00
it 'parses the certificate subject' do
2017-03-20 23:26:57 +00:00
_ ( resource_cert . send ( 'subject' ) . CN ) . must_equal 'Inspec Test Certificate'
_ ( resource_cert . send ( 'subject' ) . emailAddress ) . must_equal 'support@chef.io'
2017-03-15 23:57:31 +00:00
end
2018-10-15 16:09:46 +00:00
# TODO: Regenerate certificate using `InSpec` not `Inspec`
2017-03-20 23:26:57 +00:00
it 'verify issue distingushed name' do
_ ( resource_cert . send ( 'issuer_dn' ) ) . must_match 'Inspec Test CA'
2017-03-15 23:57:31 +00:00
end
2018-10-15 16:09:46 +00:00
# TODO: Regenerate certificate using `InSpec` not `Inspec`
2017-03-15 23:57:31 +00:00
it 'parses the issuer' do
2017-03-20 23:26:57 +00:00
_ ( resource_cert . send ( 'issuer' ) . CN ) . must_equal 'Inspec Test CA'
2017-03-15 23:57:31 +00:00
end
it 'parses the public key' do
_ ( resource_cert . send ( 'public_key' ) . to_s ) . must_match " -----BEGIN PUBLIC KEY----- \n MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi1Tp4dPQ+GU+RipsguU \n WT50a6fsBCpe+QT0YdW/7GG6kynRzR+fzQ0q1LDxpgqAH+eDIWEAFYoTPc8haAjZ \n vAYn7JlXUQpeoK7fc2BPgYA0lr33Ee0H9nqeZlnytQ+/EVUqqDx61cgeW3ARAK1I \n ODwhuziuTi7XNu+HTx3feH4ohq/FppB26PYfJo1jCmt7YxHxl6AGrYrEX5zubQR0 \n AtPAJzg0/aqDH5GJHJETjloIxh/KLnGlbG3DJylFU+vPxvns1TKM0dezg8UefXer \n RtxDAwSix7sNctXwa0xToc6O+e/StNPR0eLvILS8iR89fuML57Z4AGFWMNdqTYoj \n qwIDAQAB \n -----END PUBLIC KEY----- \n "
end
2017-03-20 23:26:57 +00:00
it 'can determine fingerprint' do
_ ( resource_cert . send ( 'fingerprint' ) ) . must_equal '62bb500b0190ae47fd593c29a0b92ddbeb6c1eb6'
2017-03-15 23:57:31 +00:00
end
it 'can determine the key length' do
_ ( resource_cert . send ( 'key_length' ) ) . must_equal 2048
end
it 'parses the serial number' do
_ ( resource_cert . send ( 'serial' ) ) . must_equal 37
end
it 'parses the signature algorithm' do
_ ( resource_cert . send ( 'signature_algorithm' ) ) . must_equal 'sha256WithRSAEncryption'
end
it 'parses the x.509 certificate version' do
_ ( resource_cert . send ( 'version' ) ) . must_equal 2
end
it 'includes the standard extensions even if they are not in the certificate' do
_ ( resource_cert . send ( 'extensions' ) . length ) . must_equal 16
_ ( resource_cert . send ( 'extensions' ) ) . must_include 'keyUsage'
_ ( resource_cert . send ( 'extensions' ) ) . must_include 'extendedKeyUsage'
_ ( resource_cert . send ( 'extensions' ) ) . must_include 'subjectAltName'
end
it 'parses the x.509 certificate extensions' do
_ ( resource_cert . send ( 'extensions' ) [ 'keyUsage' ] ) . must_include " Digital Signature "
_ ( resource_cert . send ( 'extensions' ) [ 'keyUsage' ] ) . must_include " Non Repudiation "
_ ( resource_cert . send ( 'extensions' ) [ 'keyUsage' ] ) . must_include " Data Encipherment "
_ ( resource_cert . send ( 'extensions' ) [ 'extendedKeyUsage' ] ) . must_include " TLS Web Server Authentication "
_ ( resource_cert . send ( 'extensions' ) [ 'extendedKeyUsage' ] ) . must_include " Code Signing "
_ ( resource_cert . send ( 'extensions' ) [ 'subjectAltName' ] ) . must_include " email:support@chef.io "
end
it 'parses missing x.509 certificate extensions' do
_ ( resource_cert . send ( 'extensions' ) [ 'nameConstraints' ] ) . wont_include " Fried Chicken "
end
it 'calculates the remaining days of validity' do
# Still valid
Time . stub :now , Time . new ( 2018 , 2 , 1 , 1 , 28 , 57 , '+00:00' ) do
2017-03-20 23:26:57 +00:00
_ ( resource_cert . send ( 'validity_in_days' ) ) . must_equal 28
2017-03-15 23:57:31 +00:00
end
# Expired
Time . stub :now , Time . new ( 2018 , 4 , 1 , 1 , 28 , 57 , '+00:00' ) do
2017-03-20 23:26:57 +00:00
_ ( resource_cert . send ( 'validity_in_days' ) ) . must_equal ( - 31 )
2017-03-15 23:57:31 +00:00
end
end
end