mirror of
https://github.com/inspec/inspec
synced 2025-01-11 20:59:19 +00:00
d2f000e435
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
86 lines
3.3 KiB
Ruby
86 lines
3.3 KiB
Ruby
# encoding: utf-8
|
|
# author: Richard Nixon
|
|
|
|
require 'helper'
|
|
require 'inspec/resource'
|
|
|
|
describe 'Inspec::Resources::X509Certificate' do
|
|
let (:resource_cert) {
|
|
load_resource(
|
|
'x509_certificate',
|
|
'test_certificate.rsa.crt.pem'
|
|
)
|
|
}
|
|
|
|
it 'verify subject distingushed name' do
|
|
_(resource_cert.send('subject_dn')).must_match 'Inspec Test Certificate'
|
|
end
|
|
|
|
it 'parses the certificate subject' do
|
|
_(resource_cert.send('subject').CN).must_equal 'Inspec Test Certificate'
|
|
_(resource_cert.send('subject').emailAddress).must_equal 'support@chef.io'
|
|
end
|
|
|
|
it 'verify issue distingushed name' do
|
|
_(resource_cert.send('issuer_dn')).must_match 'Inspec Test CA'
|
|
end
|
|
|
|
it 'parses the issuer' do
|
|
_(resource_cert.send('issuer').CN).must_equal 'Inspec Test CA'
|
|
end
|
|
|
|
it 'parses the public key' do
|
|
_(resource_cert.send('public_key').to_s).must_match "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi1Tp4dPQ+GU+RipsguU\nWT50a6fsBCpe+QT0YdW/7GG6kynRzR+fzQ0q1LDxpgqAH+eDIWEAFYoTPc8haAjZ\nvAYn7JlXUQpeoK7fc2BPgYA0lr33Ee0H9nqeZlnytQ+/EVUqqDx61cgeW3ARAK1I\nODwhuziuTi7XNu+HTx3feH4ohq/FppB26PYfJo1jCmt7YxHxl6AGrYrEX5zubQR0\nAtPAJzg0/aqDH5GJHJETjloIxh/KLnGlbG3DJylFU+vPxvns1TKM0dezg8UefXer\nRtxDAwSix7sNctXwa0xToc6O+e/StNPR0eLvILS8iR89fuML57Z4AGFWMNdqTYoj\nqwIDAQAB\n-----END PUBLIC KEY-----\n"
|
|
end
|
|
|
|
it 'can determine fingerprint' do
|
|
_(resource_cert.send('fingerprint')).must_equal '62bb500b0190ae47fd593c29a0b92ddbeb6c1eb6'
|
|
end
|
|
|
|
it 'can determine the key length' do
|
|
_(resource_cert.send('key_length')).must_equal 2048
|
|
end
|
|
|
|
it 'parses the serial number' do
|
|
_(resource_cert.send('serial')).must_equal 37
|
|
end
|
|
|
|
it 'parses the signature algorithm' do
|
|
_(resource_cert.send('signature_algorithm')).must_equal 'sha256WithRSAEncryption'
|
|
end
|
|
|
|
it 'parses the x.509 certificate version' do
|
|
_(resource_cert.send('version')).must_equal 2
|
|
end
|
|
|
|
it 'includes the standard extensions even if they are not in the certificate' do
|
|
_(resource_cert.send('extensions').length).must_equal 16
|
|
_(resource_cert.send('extensions')).must_include 'keyUsage'
|
|
_(resource_cert.send('extensions')).must_include 'extendedKeyUsage'
|
|
_(resource_cert.send('extensions')).must_include 'subjectAltName'
|
|
end
|
|
|
|
it 'parses the x.509 certificate extensions' do
|
|
_(resource_cert.send('extensions')['keyUsage']).must_include "Digital Signature"
|
|
_(resource_cert.send('extensions')['keyUsage']).must_include "Non Repudiation"
|
|
_(resource_cert.send('extensions')['keyUsage']).must_include "Data Encipherment"
|
|
_(resource_cert.send('extensions')['extendedKeyUsage']).must_include "TLS Web Server Authentication"
|
|
_(resource_cert.send('extensions')['extendedKeyUsage']).must_include "Code Signing"
|
|
_(resource_cert.send('extensions')['subjectAltName']).must_include "email:support@chef.io"
|
|
end
|
|
|
|
it 'parses missing x.509 certificate extensions' do
|
|
_(resource_cert.send('extensions')['nameConstraints']).wont_include "Fried Chicken"
|
|
end
|
|
|
|
it 'calculates the remaining days of validity' do
|
|
# Still valid
|
|
Time.stub :now, Time.new(2018, 2, 1, 1, 28, 57, '+00:00') do
|
|
_(resource_cert.send('validity_in_days')).must_equal 28
|
|
end
|
|
# Expired
|
|
Time.stub :now, Time.new(2018, 4, 1, 1, 28, 57, '+00:00') do
|
|
_(resource_cert.send('validity_in_days')).must_equal (-31)
|
|
end
|
|
end
|
|
end
|