inspec/test/unit/resources/x509_certificate_test.rb

122 lines
5 KiB
Ruby
Raw Normal View History

require "helper"
require "inspec/resource"
require "inspec/resources/x509_certificate"
describe "Inspec::Resources::X509Certificate" do
let(:resource_cert) do
load_resource(
"x509_certificate",
"test_certificate.rsa.crt.pem"
)
end
let(:resource_cert_with_content) do
load_resource(
"x509_certificate",
content: File.read("test/fixtures/files/test_certificate.rsa.crt.pem")
)
end
let(:resource_cert_with_filepath) do
load_resource(
"x509_certificate",
filepath: "test_certificate.rsa.crt.pem"
)
end
# TODO: Regenerate certificate using `InSpec` not `Inspec`
it "verify subject distinguished name" do
_(resource_cert.send("subject_dn")).must_match "Inspec Test Certificate"
end
# TODO: Regenerate certificate using `InSpec` not `Inspec`
it "parses the certificate subject" do
_(resource_cert.send("subject").CN).must_equal "Inspec Test Certificate"
_(resource_cert.send("subject").emailAddress).must_equal "support@chef.io"
_(resource_cert_with_content.send("subject").CN).must_equal "Inspec Test Certificate"
_(resource_cert_with_content.send("subject").emailAddress).must_equal "support@chef.io"
_(resource_cert_with_filepath.send("subject").CN).must_equal "Inspec Test Certificate"
_(resource_cert_with_filepath.send("subject").emailAddress).must_equal "support@chef.io"
end
# TODO: Regenerate certificate using `InSpec` not `Inspec`
it "verify issue distinguished name" do
_(resource_cert.send("issuer_dn")).must_match "Inspec Test CA"
end
# TODO: Regenerate certificate using `InSpec` not `Inspec`
it "parses the issuer" do
_(resource_cert.send("issuer").CN).must_equal "Inspec Test CA"
end
it "parses the public key" do
_(resource_cert.send("public_key").to_s).must_match "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi1Tp4dPQ+GU+RipsguU\nWT50a6fsBCpe+QT0YdW/7GG6kynRzR+fzQ0q1LDxpgqAH+eDIWEAFYoTPc8haAjZ\nvAYn7JlXUQpeoK7fc2BPgYA0lr33Ee0H9nqeZlnytQ+/EVUqqDx61cgeW3ARAK1I\nODwhuziuTi7XNu+HTx3feH4ohq/FppB26PYfJo1jCmt7YxHxl6AGrYrEX5zubQR0\nAtPAJzg0/aqDH5GJHJETjloIxh/KLnGlbG3DJylFU+vPxvns1TKM0dezg8UefXer\nRtxDAwSix7sNctXwa0xToc6O+e/StNPR0eLvILS8iR89fuML57Z4AGFWMNdqTYoj\nqwIDAQAB\n-----END PUBLIC KEY-----\n"
end
it "can determine fingerprint" do
_(resource_cert.send("fingerprint")).must_equal "62bb500b0190ae47fd593c29a0b92ddbeb6c1eb6"
end
it "can determine the key length" do
_(resource_cert.send("key_length")).must_equal 2048
end
it "parses the serial number" do
_(resource_cert.send("serial")).must_equal 37
end
it "parses the signature algorithm" do
_(resource_cert.send("signature_algorithm")).must_equal "sha256WithRSAEncryption"
end
it "parses the x.509 certificate version" do
_(resource_cert.send("version")).must_equal 2
end
it "includes the standard extensions even if they are not in the certificate" do
_(resource_cert.send("extensions").length).must_equal 16
_(resource_cert.send("extensions")).must_include "keyUsage"
_(resource_cert.send("extensions")).must_include "extendedKeyUsage"
_(resource_cert.send("extensions")).must_include "subjectAltName"
end
it "parses the x.509 certificate extensions" do
_(resource_cert.send("extensions")["keyUsage"]).must_include "Digital Signature"
_(resource_cert.send("extensions")["keyUsage"]).must_include "Non Repudiation"
_(resource_cert.send("extensions")["keyUsage"]).must_include "Data Encipherment"
_(resource_cert.send("extensions")["extendedKeyUsage"]).must_include "TLS Web Server Authentication"
_(resource_cert.send("extensions")["extendedKeyUsage"]).must_include "Code Signing"
_(resource_cert.send("extensions")["subjectAltName"]).must_include "email:support@chef.io"
end
it "parses missing x.509 certificate extensions" do
_(resource_cert.send("extensions")["nameConstraints"]).wont_include "Fried Chicken"
end
it "calculates the remaining days of validity" do
# Still valid
Time.stub :now, Time.new(2018, 2, 1, 1, 28, 57, "+00:00") do
_(resource_cert.send("validity_in_days")).must_equal 28
end
# Expired
Time.stub :now, Time.new(2018, 4, 1, 1, 28, 57, "+00:00") do
_(resource_cert.send("validity_in_days")).must_equal(-31)
end
end
it "checks enhanced matchers & properties: email, keylength, subject_alt_names and has_purpose" do
resource = MockLoader.new("ubuntu".to_sym).load_resource("x509_certificate", "test_certificate.rsa.crt.pem")
_(resource.email).must_equal "support@chef.io"
_(resource.keylength).must_equal 2048
_(resource.subject_alt_names).must_include "email:support@chef.io"
_(resource.has_purpose?("SSL server CA : Yes")).must_equal true
_(resource.has_purpose?("SSL client CA : Yes")).must_equal true
end
it "checks for resource_id for current resource" do
_(resource_cert.resource_id).must_equal "test_certificate.rsa.crt.pem"
_(resource_cert_with_content.resource_id).must_equal "Inspec Test Certificate"
_(resource_cert_with_filepath.resource_id).must_equal "test_certificate.rsa.crt.pem"
end
end