mirror of
https://github.com/inspec/inspec
synced 2024-09-20 06:21:56 +00:00
CFINSPEC-84: Add unit test for x509_private_key
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
This commit is contained in:
parent
55eeef75bb
commit
f1e03bab3a
5 changed files with 95 additions and 0 deletions
1
test/fixtures/cmd/x509-certificate-modulus
vendored
Normal file
1
test/fixtures/cmd/x509-certificate-modulus
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
2c4097e9fb7a3df2851f110d6d69de66
|
18
test/fixtures/files/x509-encrypted-secret-key
vendored
Normal file
18
test/fixtures/files/x509-encrypted-secret-key
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-128-CBC,F4D341E5BD7D12654CD4F1E3F9E10AA3
|
||||
|
||||
wOispCvsWL+/exVJ1W97DoM9jFDUKadlp7nnmRXQqjYYNkrHdPcZkKnqdkwGlEoK
|
||||
j0DPgxYOvP97arIuLwpIjrsujBI7jBZdsir6yxOQIypTS+uZnX2sJ6rgcJpRLTbj
|
||||
7effshcVY3Q5v8nIxAADKfO/vJcMQZXMfDkwLCNEFFanI8hR3ZqAIwEPhaQDOLJr
|
||||
jPo5emLb7pP30pqbxhIyWcI1B8MrvCWcz9D58TGtwJG2SCVYtTPhYGI8BI38ONHT
|
||||
VRslMHzSS1I+XJcQ3Y7qkont4P9GFXQSGMaQfORMSYbT8Jik5URsXG6kMMTXWExm
|
||||
QbZT9TyvLWUJ+CrmrZ69T8YLpizOINLGtfVUP4CVBdxNw3E/WOa6uTWg0OCZhxXX
|
||||
JA1ifAmOCMDx5rdqsKcWpaUt/ESZh1VUZuxwzHpdr5FBz3eMgaTX9vyiU5LxW5r7
|
||||
CYgmwJ9RYh7zzzAto0pL3DFnjnDGQvkzvDCpBjY+ag1PiTf0BJ8yi5mzMWS5vpz6
|
||||
4mefKFHjEOYVLRNNbN12rOfmaaSzKBAGECoVQdDSQ91W5eGzX2rlhS8S1BWCGZNr
|
||||
f35QlSDwJm0jW2/3EJtiEBazyVMKi56nSZ8zItzHkxzA1Yr+2xz98JsccoZAlSWg
|
||||
+VRP3HJs46MvpLECpRAbPIJ9DtQhv1sZvrpw6U6EEXvAs0atJlfSdsHp2BJs4F2G
|
||||
jhT5XIuUBT/cK1IAnMZzpRgSeQ80ctvU1z+iybKvh/OBxtkTIezx1pz/g/KyU1//
|
||||
pX7nMe1Pi2blZofYCM+C4ATJxrBdnjrUiLGoxCJ0De/JweAcXiS35N1qcRf8Ldsz
|
||||
-----END RSA PRIVATE KEY-----
|
15
test/fixtures/files/x509-secret-key
vendored
Normal file
15
test/fixtures/files/x509-secret-key
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXwIBAAKBgQDwz32N81R2bcoPbqgaegDEAvqCN9itxllRTT1351jq/50q8nUi
|
||||
G7OH2k/bX6vNCDsirfVlCmVjkYaE+DGszWrR5OTGWVPsdfQERT0SISKfSkAUli87
|
||||
oq6eDnTJYvSOfDjM3VDVX/r5EaBhYyNljqT7U1liMh0oEN8lBoS4WR7kpQIDAQAB
|
||||
AoGBAMz3buCx6oRa8o+sGj1e9uPfvSW1LyLKHyAKZHV4XsC3DSmO8ZA0j9zkPvB0
|
||||
QCDmDp93/dUgwie7qAnpzy5MMcwLFKszry7k8Bdaku4p9213y5waUw/qM+NORi7m
|
||||
W1fPcnknYI0sZyBkww4KSIHKFx8WCMTWqEVQCiOpevWSyJIBAkEA/DPXQVCP2I6a
|
||||
W1UOo9+S93b5yw+dRI24xP69tViM9oSW1tygkk/m5mkHseGF2OMDjTbhJzxoWCDJ
|
||||
MNaFilqawQJBAPRvvLX+Q9ddFAbO8YqCLACTwllQFvM+p6bpIWt1TJATD0+ET+md
|
||||
nIu0PV7NtZYykL0vsumSqrOGA0NX592d9uUCQQCSHyshYZ7mNsFCF4by9W9+R4W0
|
||||
3CgfdwlNwdaCgnqxveJzPMMf4oGCj+nwax0Uq3r8T4amJ/7AyMYosLIQlixBAkEA
|
||||
rugRgayqgL2SqfiEr9bLg7I3XE9JzM6linLBPjJWEbYBu6VyxTjJntHfJCpQaGRQ
|
||||
W395J1eSnBkl1pddS6BP3QJBALXGPmw0os1meuuEngJSlFhcev93Inqn/5rKJUbP
|
||||
F6+pZq8RsW9bSKYwq2Uk6OwTizxCYLp1KxEzsnPUGE4AfeI=
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -184,6 +184,9 @@ class MockLoader
|
|||
"myjson.json" => mockfile.call("node.json"),
|
||||
"myyaml.yml" => mockfile.call("kitchen.yml"),
|
||||
"myinvalid.file" => mockfile.call("default.xml"),
|
||||
# x509_secret_key
|
||||
"/home/openssl_activity/bob_private.pem" => mockfile.call("x509-secret-key"),
|
||||
"/home/openssl_activity/alice_private.pem" => mockfile.call("x509-encrypted-secret-key"),
|
||||
}
|
||||
|
||||
mock.files = mock_files
|
||||
|
@ -408,6 +411,16 @@ class MockLoader
|
|||
"/usr/sbin/auditctl -s | grep pid" => cmd.call("auditctl-s-pid"),
|
||||
"/usr/sbin/auditctl -l" => cmd.call("auditctl-l"),
|
||||
%{sh -c 'type "/usr/sbin/auditctl"'} => empty.call,
|
||||
# x509_private_key
|
||||
%{sh -c 'type "openssl"'} => empty.call,
|
||||
%{type "openssl"} => empty.call,
|
||||
"openssl rsa -in /home/openssl_activity/bob_private.pem -check -noout" => empty.call,
|
||||
"openssl rsa -in /home/openssl_activity/alice_private.pem -check -noout -passin pass:password@123" => empty.call,
|
||||
"openssl x509 -noout -modulus -in /home/openssl_activity/bob_certificate.crt | openssl md5" => cmd.call("x509-certificate-modulus"),
|
||||
"openssl rsa -noout -modulus -in /home/openssl_activity/bob_private.pem | openssl md5" => cmd.call("x509-certificate-modulus"),
|
||||
"openssl x509 -noout -modulus -in /home/openssl_activity/alice_certificate.crt | openssl md5" => cmd.call("x509-certificate-modulus"),
|
||||
"openssl rsa -noout -modulus -in /home/openssl_activity/alice_private.pem -passin pass:password@123 | openssl md5" => cmd.call("x509-certificate-modulus"),
|
||||
|
||||
# apache_conf
|
||||
"sh -c 'find /etc/apache2/ports.conf -type f -maxdepth 1'" => cmd.call("find-apache2-ports-conf"),
|
||||
"sh -c 'find /etc/httpd/conf.d/*.conf -type f -maxdepth 1'" => cmd.call("find-httpd-ssl-conf"),
|
||||
|
|
48
test/unit/resources/x509_private_key_test.rb
Normal file
48
test/unit/resources/x509_private_key_test.rb
Normal file
|
@ -0,0 +1,48 @@
|
|||
require "inspec/globals"
|
||||
require "#{Inspec.src_root}/test/helper"
|
||||
require_relative "../../../lib/inspec/resources/x509_private_key"
|
||||
|
||||
describe Inspec::Resources::X509PrivateKey do
|
||||
# linux
|
||||
it "checks x509 secret key with no passphrase on linux" do
|
||||
resource = MockLoader.new("ubuntu".to_sym).load_resource("x509_private_key", "/home/openssl_activity/bob_private.pem")
|
||||
_(resource.valid?).must_equal true
|
||||
_(resource.encrypted?).must_be_nil
|
||||
_(resource.has_matching_certificate?("/home/openssl_activity/bob_certificate.crt")).must_equal true
|
||||
end
|
||||
|
||||
# linux - with password
|
||||
it "checks x509 secret key with passphrase on linux" do
|
||||
resource = MockLoader.new("ubuntu".to_sym).load_resource("x509_private_key", "/home/openssl_activity/alice_private.pem", "password@123")
|
||||
_(resource.valid?).must_equal true
|
||||
_(resource.encrypted?).wont_be_nil
|
||||
_(resource.has_matching_certificate?("/home/openssl_activity/alice_certificate.crt")).must_equal true
|
||||
end
|
||||
|
||||
# darwin
|
||||
it "checks x509 secret key with no passphrase on darwin" do
|
||||
resource = MockLoader.new(:macos10_10).load_resource("x509_private_key", "/home/openssl_activity/bob_private.pem")
|
||||
_(resource.valid?).must_equal true
|
||||
_(resource.encrypted?).must_be_nil
|
||||
_(resource.has_matching_certificate?("/home/openssl_activity/bob_certificate.crt")).must_equal true
|
||||
end
|
||||
|
||||
# freebsd
|
||||
it "checks x509 secret key with no passphrase on darwin" do
|
||||
resource = MockLoader.new(:freebsd10).load_resource("x509_private_key", "/home/openssl_activity/bob_private.pem")
|
||||
_(resource.valid?).must_equal true
|
||||
_(resource.encrypted?).must_be_nil
|
||||
_(resource.has_matching_certificate?("/home/openssl_activity/bob_certificate.crt")).must_equal true
|
||||
end
|
||||
|
||||
# linux
|
||||
it "checks unavailable x509 secret key with no passphrase on linux" do
|
||||
secret_key_path = "/home/openssl_activity/ghost_private.pem"
|
||||
resource = MockLoader.new("ubuntu".to_sym).load_resource("x509_private_key", secret_key_path)
|
||||
_(resource.valid?).must_equal false
|
||||
ex = _{ resource.encrypted? }.must_raise(Inspec::Exceptions::ResourceFailed)
|
||||
_(ex.message).must_include "The given secret key #{secret_key_path} does not exist."
|
||||
ex = _{ resource.has_matching_certificate?("/home/openssl_activity/ghost_cert.crt") }.must_raise(Inspec::Exceptions::ResourceFailed)
|
||||
_(ex.message).must_include "Executing openssl x509 -noout -modulus -in /home/openssl_activity/ghost_cert.crt | openssl md5 failed:"
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue