Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 22f74e2b3b
Branches Tags
zammad
/
spec
/
lib
/
certificate
/
apply_ssl_certificates_spec.rb

apply_ssl_certificates_spec.rb 2.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. RSpec.describe Certificate::ApplySSLCertificates, :aggregate_failures, type: :model do
    6. 

  6. 

  7.   describe '.ensure_fresh_ssl_context' do
    8. 

  8.     def current_store
    9. 

  9.       OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
    10. 

  10.     end
    11. 

  11. 

  12.     context 'with a custom certificate present' do
    13. 

  13.       it 'changes the context' do
    14. 

  14.         create(:ssl_certificate, fixture: 'RootCA')
    15. 

  15.         expect { described_class.ensure_fresh_ssl_context }.to change { current_store }
    16. 

  16.         expect { described_class.ensure_fresh_ssl_context }.not_to change { current_store }
    17. 

  17.         create(:ssl_certificate, fixture: 'ChainCA')
    18. 

  18.         expect { described_class.ensure_fresh_ssl_context }.to change { current_store }
    19. 

  19.       end
    20. 

  20.     end
    21. 

  21. 

  22.     context 'without custom certificates present' do
    23. 

  23.       it 'changes the context' do
    24. 

  24.         expect { described_class.ensure_fresh_ssl_context }.to change { current_store }
    25. 

  25.       end
    26. 

  26.     end
    27. 

  27.   end
    28. 

  28. 

  29.   describe '.extract_metadata' do
    30. 

  30. 

  31.     it 'imports CA certificates correctly' do
    32. 

  32.       expect(create(:ssl_certificate, fixture: 'RootCA')).to have_attributes(
    33. 

  33.         fingerprint: 'de4abd259187d7b5f2713ff7a97eb54dd5fe9d86',
    34. 

  34.         subject:     '/emailAddress=RootCA@example.com/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com',
    35. 

  35.         not_before:  Time.zone.parse('2023-08-01 09:47:39 UTC'),
    36. 

  36.         not_after:   Time.zone.parse('2043-07-27 09:47:39 UTC'),
    37. 

  37.       )
    38. 

  38.       expect(create(:ssl_certificate, fixture: 'IntermediateCA')).to have_attributes(
    39. 

  39.         fingerprint: 'd1badcd237d6d2c6f0c62b5ccb21c2130b24855e',
    40. 

  40.         subject:     '/C=DE/ST=Berlin/O=Example Security/OU=IT Department/CN=example.com/emailAddress=IntermediateCA@example.com',
    41. 

  41.         not_before:  Time.zone.parse('2023-08-01 09:47:39 UTC'),
    42. 

  42.         not_after:   Time.zone.parse('2043-07-27 09:47:39 UTC'),
    43. 

  43.       )
    44. 

  44.     end
    45. 

  45. 

  46.     it 'imports connection certificates correctly' do
    47. 

  47.       certificate = File.read(Localhost::Authority.fetch('localhost').certificate_path)
    48. 

  48.       expect(create(:ssl_certificate, certificate: certificate)).to have_attributes(
    49. 

  49.         subject: 'DNS:localhost',
    50. 

  50.       )
    51. 

  51.     end
    52. 

  52. 

  53.     it 'rejects other certificates' do
    54. 

  54.       expect { create(:ssl_certificate, certificate: Rails.root.join('spec/fixtures/files/smime/smime1@example.com.crt').read) }.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: The certificate is not valid for SSL usage. Please check e.g. the validity period or the extensions.')
    55. 

  55.     end
    56. 

  56.   end
    57. 

  57. end
    58.