x509 integration tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

test/cookbooks/os_prepare/metadata.rb

@@ -12,3 +12,4 @@ depends 'postgresql'
 depends 'httpd', '~> 0.2'
 depends 'windows'
 depends 'ssh-hardening'
+depends 'openssl'

test/cookbooks/os_prepare/recipes/default.rb

@@ -18,6 +18,7 @@ include_recipe('os_prepare::package')
 include_recipe('os_prepare::registry_key')
 include_recipe('os_prepare::iis_site')
 include_recipe('os_prepare::iptables') unless node['osprepare']['docker']
+include_recipe('os_prepare::x509')
 
 # config file parsing
 include_recipe('os_prepare::json_yaml_csv_ini')

test/cookbooks/os_prepare/recipes/x509.rb

@@ -0,0 +1,15 @@
+if node['platform_family'] != 'windows'
+
+  openssl_x509 '/tmp/mycert.pem' do
+    common_name 'www.f00bar.com'
+    org 'Foo Bar'
+    org_unit 'Lab'
+    country 'US'
+    expire 360
+  end
+
+  openssl_rsa_key '/tmp/server.key' do
+    key_length 2048
+  end
+
+end

test/integration/default/x509_spec.rb

@@ -0,0 +1,24 @@
+# encoding: utf-8
+
+if os.windows?
+  STDERR.puts "\033[1;33mTODO: Not running #{__FILE__} because we are not on Linux.\033[0m"
+  return
+end
+
+describe x509_certificate('/tmp/mycert.pem') do
+  it { should be_certificate }
+  it { should be_valid }
+  its('signature_algorithm') { should eq 'sha256WithRSAEncryption' }
+  its('validity_in_days') { should_not be < 100 }
+  its('validity_in_days') { should be >= 100 }
+  its('subject_dn') { should eq '/C=US/O=Foo Bar/OU=Lab/CN=www.f00bar.com' }
+  its('subject.C') { should eq 'US' }
+  its('issuer_dn') { should eq '/C=US/O=Foo Bar/OU=Lab/CN=www.f00bar.com' }
+  its('key_length') { should be >= 2048 }
+end
+
+describe key_rsa('/tmp/server.key') do
+  it { should be_private }
+  it { should be_public }
+  its('key_length') { should eq 2048 }
+end