Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-10 07:04:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

CFINSPEC-84: Add unit test for x509_private_key

Browse source 
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
This commit is contained in:
Sonu Saha 2022-04-27 15:59:40 +05:30
parent 55eeef75bb
commit f1e03bab3a
5 changed files with 95 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
test/fixtures/cmd/x509-certificate-modulus vendored Normal file
View file

@ -0,0 +1 @@
2c4097e9fb7a3df2851f110d6d69de66

18
test/fixtures/files/x509-encrypted-secret-key vendored Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F4D341E5BD7D12654CD4F1E3F9E10AA3
wOispCvsWL+/exVJ1W97DoM9jFDUKadlp7nnmRXQqjYYNkrHdPcZkKnqdkwGlEoK
j0DPgxYOvP97arIuLwpIjrsujBI7jBZdsir6yxOQIypTS+uZnX2sJ6rgcJpRLTbj
7effshcVY3Q5v8nIxAADKfO/vJcMQZXMfDkwLCNEFFanI8hR3ZqAIwEPhaQDOLJr
jPo5emLb7pP30pqbxhIyWcI1B8MrvCWcz9D58TGtwJG2SCVYtTPhYGI8BI38ONHT
VRslMHzSS1I+XJcQ3Y7qkont4P9GFXQSGMaQfORMSYbT8Jik5URsXG6kMMTXWExm
QbZT9TyvLWUJ+CrmrZ69T8YLpizOINLGtfVUP4CVBdxNw3E/WOa6uTWg0OCZhxXX
JA1ifAmOCMDx5rdqsKcWpaUt/ESZh1VUZuxwzHpdr5FBz3eMgaTX9vyiU5LxW5r7
CYgmwJ9RYh7zzzAto0pL3DFnjnDGQvkzvDCpBjY+ag1PiTf0BJ8yi5mzMWS5vpz6
4mefKFHjEOYVLRNNbN12rOfmaaSzKBAGECoVQdDSQ91W5eGzX2rlhS8S1BWCGZNr
f35QlSDwJm0jW2/3EJtiEBazyVMKi56nSZ8zItzHkxzA1Yr+2xz98JsccoZAlSWg
+VRP3HJs46MvpLECpRAbPIJ9DtQhv1sZvrpw6U6EEXvAs0atJlfSdsHp2BJs4F2G
jhT5XIuUBT/cK1IAnMZzpRgSeQ80ctvU1z+iybKvh/OBxtkTIezx1pz/g/KyU1//
pX7nMe1Pi2blZofYCM+C4ATJxrBdnjrUiLGoxCJ0De/JweAcXiS35N1qcRf8Ldsz
-----END RSA PRIVATE KEY-----

15
test/fixtures/files/x509-secret-key vendored Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQDwz32N81R2bcoPbqgaegDEAvqCN9itxllRTT1351jq/50q8nUi
G7OH2k/bX6vNCDsirfVlCmVjkYaE+DGszWrR5OTGWVPsdfQERT0SISKfSkAUli87
oq6eDnTJYvSOfDjM3VDVX/r5EaBhYyNljqT7U1liMh0oEN8lBoS4WR7kpQIDAQAB
AoGBAMz3buCx6oRa8o+sGj1e9uPfvSW1LyLKHyAKZHV4XsC3DSmO8ZA0j9zkPvB0
QCDmDp93/dUgwie7qAnpzy5MMcwLFKszry7k8Bdaku4p9213y5waUw/qM+NORi7m
W1fPcnknYI0sZyBkww4KSIHKFx8WCMTWqEVQCiOpevWSyJIBAkEA/DPXQVCP2I6a
W1UOo9+S93b5yw+dRI24xP69tViM9oSW1tygkk/m5mkHseGF2OMDjTbhJzxoWCDJ
MNaFilqawQJBAPRvvLX+Q9ddFAbO8YqCLACTwllQFvM+p6bpIWt1TJATD0+ET+md
nIu0PV7NtZYykL0vsumSqrOGA0NX592d9uUCQQCSHyshYZ7mNsFCF4by9W9+R4W0
3CgfdwlNwdaCgnqxveJzPMMf4oGCj+nwax0Uq3r8T4amJ/7AyMYosLIQlixBAkEA
rugRgayqgL2SqfiEr9bLg7I3XE9JzM6linLBPjJWEbYBu6VyxTjJntHfJCpQaGRQ
W395J1eSnBkl1pddS6BP3QJBALXGPmw0os1meuuEngJSlFhcev93Inqn/5rKJUbP
F6+pZq8RsW9bSKYwq2Uk6OwTizxCYLp1KxEzsnPUGE4AfeI=
-----END RSA PRIVATE KEY-----

13
test/helpers/mock_loader.rb
View file

@ -184,6 +184,9 @@ class MockLoader
"myjson.json" => mockfile.call("node.json"), "myjson.json" => mockfile.call("node.json"),
"myyaml.yml" => mockfile.call("kitchen.yml"), "myyaml.yml" => mockfile.call("kitchen.yml"),
"myinvalid.file" => mockfile.call("default.xml"), "myinvalid.file" => mockfile.call("default.xml"),
# x509_secret_key
"/home/openssl_activity/bob_private.pem" => mockfile.call("x509-secret-key"),
"/home/openssl_activity/alice_private.pem" => mockfile.call("x509-encrypted-secret-key"),
} }
mock.files = mock_files mock.files = mock_files
@ -408,6 +411,16 @@ class MockLoader
"/usr/sbin/auditctl -s | grep pid" => cmd.call("auditctl-s-pid"), "/usr/sbin/auditctl -s | grep pid" => cmd.call("auditctl-s-pid"),
"/usr/sbin/auditctl -l" => cmd.call("auditctl-l"), "/usr/sbin/auditctl -l" => cmd.call("auditctl-l"),
%{sh -c 'type "/usr/sbin/auditctl"'} => empty.call, %{sh -c 'type "/usr/sbin/auditctl"'} => empty.call,
# x509_private_key
%{sh -c 'type "openssl"'} => empty.call,
%{type "openssl"} => empty.call,
"openssl rsa -in /home/openssl_activity/bob_private.pem -check -noout" => empty.call,
"openssl rsa -in /home/openssl_activity/alice_private.pem -check -noout -passin pass:password@123" => empty.call,
"openssl x509 -noout -modulus -in /home/openssl_activity/bob_certificate.crt | openssl md5" => cmd.call("x509-certificate-modulus"),
"openssl rsa -noout -modulus -in /home/openssl_activity/bob_private.pem | openssl md5" => cmd.call("x509-certificate-modulus"),
"openssl x509 -noout -modulus -in /home/openssl_activity/alice_certificate.crt | openssl md5" => cmd.call("x509-certificate-modulus"),
"openssl rsa -noout -modulus -in /home/openssl_activity/alice_private.pem -passin pass:password@123 | openssl md5" => cmd.call("x509-certificate-modulus"),
# apache_conf # apache_conf
"sh -c 'find /etc/apache2/ports.conf -type f -maxdepth 1'" => cmd.call("find-apache2-ports-conf"), "sh -c 'find /etc/apache2/ports.conf -type f -maxdepth 1'" => cmd.call("find-apache2-ports-conf"),
"sh -c 'find /etc/httpd/conf.d/*.conf -type f -maxdepth 1'" => cmd.call("find-httpd-ssl-conf"), "sh -c 'find /etc/httpd/conf.d/*.conf -type f -maxdepth 1'" => cmd.call("find-httpd-ssl-conf"),

48
test/unit/resources/x509_private_key_test.rb Normal file
View file

@ -0,0 +1,48 @@
require "inspec/globals"
require "#{Inspec.src_root}/test/helper"
require_relative "../../../lib/inspec/resources/x509_private_key"
describe Inspec::Resources::X509PrivateKey do
# linux
it "checks x509 secret key with no passphrase on linux" do
resource = MockLoader.new("ubuntu".to_sym).load_resource("x509_private_key", "/home/openssl_activity/bob_private.pem")
_(resource.valid?).must_equal true
_(resource.encrypted?).must_be_nil
_(resource.has_matching_certificate?("/home/openssl_activity/bob_certificate.crt")).must_equal true
end
# linux - with password
it "checks x509 secret key with passphrase on linux" do
resource = MockLoader.new("ubuntu".to_sym).load_resource("x509_private_key", "/home/openssl_activity/alice_private.pem", "password@123")
_(resource.valid?).must_equal true
_(resource.encrypted?).wont_be_nil
_(resource.has_matching_certificate?("/home/openssl_activity/alice_certificate.crt")).must_equal true
end
# darwin
it "checks x509 secret key with no passphrase on darwin" do
resource = MockLoader.new(:macos10_10).load_resource("x509_private_key", "/home/openssl_activity/bob_private.pem")
_(resource.valid?).must_equal true
_(resource.encrypted?).must_be_nil
_(resource.has_matching_certificate?("/home/openssl_activity/bob_certificate.crt")).must_equal true
end
# freebsd
it "checks x509 secret key with no passphrase on darwin" do
resource = MockLoader.new(:freebsd10).load_resource("x509_private_key", "/home/openssl_activity/bob_private.pem")
_(resource.valid?).must_equal true
_(resource.encrypted?).must_be_nil
_(resource.has_matching_certificate?("/home/openssl_activity/bob_certificate.crt")).must_equal true
end
# linux
it "checks unavailable x509 secret key with no passphrase on linux" do
secret_key_path = "/home/openssl_activity/ghost_private.pem"
resource = MockLoader.new("ubuntu".to_sym).load_resource("x509_private_key", secret_key_path)
_(resource.valid?).must_equal false
ex = _{ resource.encrypted? }.must_raise(Inspec::Exceptions::ResourceFailed)
_(ex.message).must_include "The given secret key #{secret_key_path} does not exist."
ex = _{ resource.has_matching_certificate?("/home/openssl_activity/ghost_cert.crt") }.must_raise(Inspec::Exceptions::ResourceFailed)
_(ex.message).must_include "Executing openssl x509 -noout -modulus -in /home/openssl_activity/ghost_cert.crt | openssl md5 failed:"
end
end