123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe SMIMECertificate, type: :model do
- describe '.find_for_multiple_email_addresses' do
- let(:filter) { { key: key_filter, usage: usage_filter, ignore_usable: ignore_usable_filter } }
- context 'send encrypted mail to recipient' do
- let(:ignore_usable_filter) { false }
- let(:key_filter) { 'public' }
- let(:usage_filter) { :encryption }
- context 'when recipient certificate is missing' do
- it 'returns no certificate' do
- expect { described_class.find_for_multiple_email_addresses!(['smime1@example.com'], filter: filter, blame: true) }.to raise_error(ActiveRecord::RecordNotFound)
- end
- end
- context 'when recipient certificate is available and usable for encryption' do
- let!(:certificate) { create(:smime_certificate, fixture: 'alice@acme.corp+sign+encrypt') }
- it 'returns the certificate' do
- expect(described_class.find_for_multiple_email_addresses!(['alice@acme.corp'], filter: filter, blame: true)).to eq([certificate])
- end
- end
- context 'when recipient certificate is available, but not usable for encryption' do
- before do
- create(:smime_certificate, fixture: 'alice@acme.corp+sign')
- end
- it 'returns no certificate' do
- expect { described_class.find_for_multiple_email_addresses!(['alice@acme.corp'], filter: filter, blame: true) }.to raise_error(ActiveRecord::RecordNotFound)
- end
- end
- context 'when multiple recipient certificates are available' do
- let!(:certificate) do
- create(:smime_certificate, fixture: 'alice@acme.corp+sign')
- create(:smime_certificate, fixture: 'alice@acme.corp+encrypt')
- end
- it 'only returns certificates usable for encryption' do
- expect(described_class.find_for_multiple_email_addresses!(['alice@acme.corp'], filter: filter, blame: true)).to eq([certificate])
- end
- end
- end
- context 'receive signed e-mail' do
- let(:ignore_usable_filter) { false }
- let(:key_filter) { 'public' }
- let(:usage_filter) { :signature }
- context 'when sender certificate is not usable for signature verification' do # rubocop:disable RSpec/RepeatedExampleGroupBody
- before do
- create(:smime_certificate, fixture: 'alice@acme.corp+encrypt')
- end
- it 'returns no certificate' do
- expect { described_class.find_for_multiple_email_addresses!(['alice@acme.corp'], filter: filter, blame: true) }.to raise_error(ActiveRecord::RecordNotFound)
- end
- end
- context 'when sender certificate is usable for signature verification' do
- let!(:certificate) { create(:smime_certificate, fixture: 'alice@acme.corp+sign+encrypt') }
- it 'returns the certificate' do
- expect(described_class.find_for_multiple_email_addresses!(['alice@acme.corp'], filter: filter, blame: true)).to eq([certificate])
- end
- end
- context 'when sender certificate is only usable for encryption' do # rubocop:disable RSpec/RepeatedExampleGroupBody
- before do
- create(:smime_certificate, fixture: 'alice@acme.corp+encrypt')
- end
- it 'returns no certificate' do
- expect { described_class.find_for_multiple_email_addresses!(['alice@acme.corp'], filter: filter, blame: true) }.to raise_error(ActiveRecord::RecordNotFound)
- end
- end
- context 'when sender certificate is missing' do
- it 'returns no certificate' do
- expect { described_class.find_for_multiple_email_addresses!(['smime1@example.com'], filter: filter, blame: true) }.to raise_error(ActiveRecord::RecordNotFound)
- end
- end
- end
- context 'send signed e-mail' do
- let(:ignore_usable_filter) { false }
- let(:key_filter) { 'private' }
- let(:usage_filter) { :signature }
- context 'when no sender private key is available' do
- before { create(:smime_certificate, fixture: 'alice@acme.corp+sign') }
- it 'returns no certificate' do
- expect(described_class.find_by_email_address('alice@acme.corp', filter: filter)).to eq([])
- end
- end
- context 'when the sender certificate has expired' do
- before do
- create(:smime_certificate, :with_private, fixture: 'alice@acme.corp+sign+encrypt+expired')
- end
- it 'returns no certificate' do
- expect(described_class.find_by_email_address('alice@acme.corp', filter: filter)).to eq([])
- end
- end
- context 'when a sender certificate with a private key is present' do
- let!(:certificate) { create(:smime_certificate, :with_private, fixture: 'alice@acme.corp+sign') }
- it 'returns the certificate' do
- expect(described_class.find_by_email_address('alice@acme.corp', filter: filter)).to eq([certificate])
- end
- end
- context 'when an expired sender certificate and an usable sender certificate is available' do
- let!(:usable_certificate) { create(:smime_certificate, :with_private, fixture: 'alice@acme.corp+sign+encrypt') }
- before do
- create(:smime_certificate, :with_private, fixture: 'alice@acme.corp+sign+encrypt+expired')
- end
- it 'returns the usable certificate' do
- expect(described_class.find_by_email_address('alice@acme.corp', filter: filter)).to eq([usable_certificate])
- end
- end
- end
- end
- describe '#email_addresses' do
- context 'certificate with single email address' do
- let(:email_address) { 'smime1@example.com' }
- let(:certificate) { create(:smime_certificate, fixture: email_address) }
- it 'returns the mail address' do
- expect(certificate.email_addresses).to eq([email_address])
- end
- end
- context 'certificate with multiple email addresses' do
- let(:email_addresses) { ['smimedouble@example.com', 'smimedouble@example.de'] }
- let(:certificate) { create(:smime_certificate, fixture: 'smimedouble@example.com') }
- it 'returns all mail addresses' do
- expect(certificate.email_addresses).to eq(email_addresses)
- end
- end
- end
- describe '#expired?' do
- let(:certificate) { create(:smime_certificate, fixture: fixture) }
- context 'expired' do
- let(:fixture) { 'expiredsmime1@example.com' }
- it 'returns true' do
- expect(certificate.parsed.expired?).to be true
- end
- end
- context 'valid' do
- let(:fixture) { 'smime1@example.com' }
- it 'returns false' do
- expect(certificate.parsed.expired?).to be false
- end
- end
- end
- context 'certificate parsing' do
- context 'expiration dates' do
- shared_examples 'correctly parsed' do |fixture|
- let(:certificate) { create(:smime_certificate, fixture: fixture) }
- it "handles '#{fixture}' fixture" do
- expect(certificate.parsed.not_before).to a_kind_of(Time)
- expect(certificate.parsed.not_after).to a_kind_of(Time)
- end
- end
- it_behaves_like 'correctly parsed', 'smime1@example.com'
- it_behaves_like 'correctly parsed', 'smime2@example.com'
- it_behaves_like 'correctly parsed', 'smime3@example.com'
- it_behaves_like 'correctly parsed', 'CaseInsenstive@eXample.COM'
- it_behaves_like 'correctly parsed', 'RootCA'
- it_behaves_like 'correctly parsed', 'IntermediateCA'
- it_behaves_like 'correctly parsed', 'ChainCA'
- end
- end
- it 'ensures uniqueness of records' do
- expect { create_list(:smime_certificate, 2, fixture: 'smime1@example.com') }.to raise_error(ActiveRecord::RecordInvalid, %r{Validation failed})
- end
- end
|