mirror of
https://github.com/inspec/inspec
synced 2024-11-23 05:03:07 +00:00
121 lines
5 KiB
Ruby
121 lines
5 KiB
Ruby
require "helper"
|
|
require "inspec/resource"
|
|
require "inspec/resources/x509_certificate"
|
|
|
|
describe "Inspec::Resources::X509Certificate" do
|
|
let(:resource_cert) do
|
|
load_resource(
|
|
"x509_certificate",
|
|
"test_certificate.rsa.crt.pem"
|
|
)
|
|
end
|
|
|
|
let(:resource_cert_with_content) do
|
|
load_resource(
|
|
"x509_certificate",
|
|
content: File.read("test/fixtures/files/test_certificate.rsa.crt.pem")
|
|
)
|
|
end
|
|
|
|
let(:resource_cert_with_filepath) do
|
|
load_resource(
|
|
"x509_certificate",
|
|
filepath: "test_certificate.rsa.crt.pem"
|
|
)
|
|
end
|
|
|
|
# TODO: Regenerate certificate using `InSpec` not `Inspec`
|
|
it "verify subject distinguished name" do
|
|
_(resource_cert.send("subject_dn")).must_match "Inspec Test Certificate"
|
|
end
|
|
|
|
# TODO: Regenerate certificate using `InSpec` not `Inspec`
|
|
it "parses the certificate subject" do
|
|
_(resource_cert.send("subject").CN).must_equal "Inspec Test Certificate"
|
|
_(resource_cert.send("subject").emailAddress).must_equal "support@chef.io"
|
|
_(resource_cert_with_content.send("subject").CN).must_equal "Inspec Test Certificate"
|
|
_(resource_cert_with_content.send("subject").emailAddress).must_equal "support@chef.io"
|
|
_(resource_cert_with_filepath.send("subject").CN).must_equal "Inspec Test Certificate"
|
|
_(resource_cert_with_filepath.send("subject").emailAddress).must_equal "support@chef.io"
|
|
end
|
|
|
|
# TODO: Regenerate certificate using `InSpec` not `Inspec`
|
|
it "verify issue distinguished name" do
|
|
_(resource_cert.send("issuer_dn")).must_match "Inspec Test CA"
|
|
end
|
|
|
|
# TODO: Regenerate certificate using `InSpec` not `Inspec`
|
|
it "parses the issuer" do
|
|
_(resource_cert.send("issuer").CN).must_equal "Inspec Test CA"
|
|
end
|
|
|
|
it "parses the public key" do
|
|
_(resource_cert.send("public_key").to_s).must_match "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi1Tp4dPQ+GU+RipsguU\nWT50a6fsBCpe+QT0YdW/7GG6kynRzR+fzQ0q1LDxpgqAH+eDIWEAFYoTPc8haAjZ\nvAYn7JlXUQpeoK7fc2BPgYA0lr33Ee0H9nqeZlnytQ+/EVUqqDx61cgeW3ARAK1I\nODwhuziuTi7XNu+HTx3feH4ohq/FppB26PYfJo1jCmt7YxHxl6AGrYrEX5zubQR0\nAtPAJzg0/aqDH5GJHJETjloIxh/KLnGlbG3DJylFU+vPxvns1TKM0dezg8UefXer\nRtxDAwSix7sNctXwa0xToc6O+e/StNPR0eLvILS8iR89fuML57Z4AGFWMNdqTYoj\nqwIDAQAB\n-----END PUBLIC KEY-----\n"
|
|
end
|
|
|
|
it "can determine fingerprint" do
|
|
_(resource_cert.send("fingerprint")).must_equal "62bb500b0190ae47fd593c29a0b92ddbeb6c1eb6"
|
|
end
|
|
|
|
it "can determine the key length" do
|
|
_(resource_cert.send("key_length")).must_equal 2048
|
|
end
|
|
|
|
it "parses the serial number" do
|
|
_(resource_cert.send("serial")).must_equal 37
|
|
end
|
|
|
|
it "parses the signature algorithm" do
|
|
_(resource_cert.send("signature_algorithm")).must_equal "sha256WithRSAEncryption"
|
|
end
|
|
|
|
it "parses the x.509 certificate version" do
|
|
_(resource_cert.send("version")).must_equal 2
|
|
end
|
|
|
|
it "includes the standard extensions even if they are not in the certificate" do
|
|
_(resource_cert.send("extensions").length).must_equal 16
|
|
_(resource_cert.send("extensions")).must_include "keyUsage"
|
|
_(resource_cert.send("extensions")).must_include "extendedKeyUsage"
|
|
_(resource_cert.send("extensions")).must_include "subjectAltName"
|
|
end
|
|
|
|
it "parses the x.509 certificate extensions" do
|
|
_(resource_cert.send("extensions")["keyUsage"]).must_include "Digital Signature"
|
|
_(resource_cert.send("extensions")["keyUsage"]).must_include "Non Repudiation"
|
|
_(resource_cert.send("extensions")["keyUsage"]).must_include "Data Encipherment"
|
|
_(resource_cert.send("extensions")["extendedKeyUsage"]).must_include "TLS Web Server Authentication"
|
|
_(resource_cert.send("extensions")["extendedKeyUsage"]).must_include "Code Signing"
|
|
_(resource_cert.send("extensions")["subjectAltName"]).must_include "email:support@chef.io"
|
|
end
|
|
|
|
it "parses missing x.509 certificate extensions" do
|
|
_(resource_cert.send("extensions")["nameConstraints"]).wont_include "Fried Chicken"
|
|
end
|
|
|
|
it "calculates the remaining days of validity" do
|
|
# Still valid
|
|
Time.stub :now, Time.new(2018, 2, 1, 1, 28, 57, "+00:00") do
|
|
_(resource_cert.send("validity_in_days")).must_equal 28
|
|
end
|
|
# Expired
|
|
Time.stub :now, Time.new(2018, 4, 1, 1, 28, 57, "+00:00") do
|
|
_(resource_cert.send("validity_in_days")).must_equal(-31)
|
|
end
|
|
end
|
|
|
|
it "checks enhanced matchers & properties: email, keylength, subject_alt_names and has_purpose" do
|
|
resource = MockLoader.new("ubuntu".to_sym).load_resource("x509_certificate", "test_certificate.rsa.crt.pem")
|
|
_(resource.email).must_equal "support@chef.io"
|
|
_(resource.keylength).must_equal 2048
|
|
_(resource.subject_alt_names).must_include "email:support@chef.io"
|
|
_(resource.has_purpose?("SSL server CA : Yes")).must_equal true
|
|
_(resource.has_purpose?("SSL client CA : Yes")).must_equal true
|
|
end
|
|
|
|
it "checks for resource_id for current resource" do
|
|
_(resource_cert.resource_id).must_equal "test_certificate.rsa.crt.pem"
|
|
_(resource_cert_with_content.resource_id).must_equal "Inspec Test Certificate"
|
|
_(resource_cert_with_filepath.resource_id).must_equal "test_certificate.rsa.crt.pem"
|
|
end
|
|
end
|