private_key_spec.rb 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe SecureMailing::SMIME::PrivateKey do
  4. def fixture(name, type = :key)
  5. Rails.root.join('spec/fixtures/files/smime', "#{name}.#{type}").read.strip
  6. end
  7. describe '#read' do
  8. context 'when private key is valid' do
  9. let(:key) { fixture('alice@acme.corp+sign+encrypt', :key) }
  10. let(:secret) { fixture('alice@acme.corp+sign+encrypt', :secret) }
  11. it 'returns a private key' do
  12. expect(described_class.read(key, secret)).to be_a(described_class)
  13. end
  14. end
  15. context 'when private key is invalid' do
  16. let(:key) { 'invalid' }
  17. let(:secret) { fixture('alice@acme.corp+sign+encrypt', :secret) }
  18. it 'raises an error' do
  19. message = 'The private key is not valid for S/MIME usage. Please check the key format and the secret.'
  20. expect { described_class.read(key, secret) }.to raise_error(Exceptions::UnprocessableEntity, message)
  21. end
  22. end
  23. context 'when private key secret is invalid' do
  24. let(:key) { fixture('alice@acme.corp+sign+encrypt', :key) }
  25. let(:secret) { 'alicelovesbob' }
  26. it 'raises an error' do
  27. message = 'The private key is not valid for S/MIME usage. Please check the key format and the secret.'
  28. expect { described_class.read(key, secret) }.to raise_error(Exceptions::UnprocessableEntity, message)
  29. end
  30. end
  31. end
  32. describe '#new' do
  33. context 'when private key is valid' do
  34. let(:key) { fixture('alice@acme.corp+sign+encrypt', :key) }
  35. let(:secret) { fixture('alice@acme.corp+sign+encrypt', :secret) }
  36. it 'returns a private key' do
  37. expect(described_class.new(key, secret)).to be_a(described_class)
  38. .and have_attributes(
  39. 'secret' => String,
  40. 'pem' => String,
  41. 'uid' => String
  42. )
  43. end
  44. end
  45. context 'when private key is invalid' do
  46. let(:key) { 'invalid' }
  47. let(:secret) { fixture('alice@acme.corp+sign+encrypt', :secret) }
  48. it 'raises an error' do
  49. expect { described_class.new(key, secret) }.to raise_error(OpenSSL::PKey::PKeyError)
  50. end
  51. end
  52. context 'when private key secret is invalid' do
  53. let(:key) { fixture('alice@acme.corp+sign+encrypt', :key) }
  54. let(:secret) { 'alicelovesbob' }
  55. it 'raises an error' do
  56. expect { described_class.new(key, secret) }.to raise_error(OpenSSL::PKey::PKeyError)
  57. end
  58. end
  59. end
  60. describe '.rsa?' do
  61. context 'when private key is RSA' do
  62. let(:key) { fixture('alice@acme.corp+sign+encrypt', :key) }
  63. let(:secret) { fixture('alice@acme.corp+sign+encrypt', :secret) }
  64. it 'returns true' do
  65. expect(described_class.new(key, secret)).to be_rsa
  66. end
  67. end
  68. context 'when private key is not RSA' do
  69. let(:key) { fixture('alice@acme.corp+sign+encrypt+ec', :key) }
  70. let(:secret) { fixture('alice@acme.corp+sign+encrypt+ec', :secret) }
  71. it 'returns false' do
  72. expect(described_class.new(key, secret)).not_to be_rsa
  73. end
  74. end
  75. end
  76. describe '.ec?' do
  77. context 'when private key is EC' do
  78. let(:key) { fixture('alice@acme.corp+sign+encrypt+ec', :key) }
  79. let(:secret) { fixture('alice@acme.corp+sign+encrypt+ec', :secret) }
  80. it 'returns true' do
  81. expect(described_class.new(key, secret)).to be_ec
  82. end
  83. end
  84. context 'when private key is not EC' do
  85. let(:key) { fixture('alice@acme.corp+sign+encrypt', :key) }
  86. let(:secret) { fixture('alice@acme.corp+sign+encrypt', :secret) }
  87. it 'returns false' do
  88. expect(described_class.new(key, secret)).not_to be_ec
  89. end
  90. end
  91. end
  92. describe '.valid_smime_private_key?' do
  93. context 'when private key is valid (EC)' do
  94. let(:key) { fixture('alice@acme.corp+sign+encrypt+ec', :key) }
  95. let(:secret) { fixture('alice@acme.corp+sign+encrypt+ec', :secret) }
  96. it 'returns true' do
  97. expect(described_class.new(key, secret)).to be_valid_smime_private_key
  98. end
  99. end
  100. context 'when private key is valid (RSA)' do
  101. let(:key) { fixture('alice@acme.corp+sign+encrypt', :key) }
  102. let(:secret) { fixture('alice@acme.corp+sign+encrypt', :secret) }
  103. it 'returns true' do
  104. expect(described_class.new(key, secret)).to be_valid_smime_private_key
  105. end
  106. end
  107. context 'when private key is invalid (DSA)' do
  108. let(:key) { fixture('DSA', :key) }
  109. let(:secret) { fixture('DSA', :secret) }
  110. it 'returns true' do
  111. expect(described_class.new(key, secret)).not_to be_valid_smime_private_key
  112. end
  113. end
  114. end
  115. describe '.valid_smime_private_key!' do
  116. context 'when private key is valid (EC)' do
  117. let(:key) { fixture('alice@acme.corp+sign+encrypt+ec', :key) }
  118. let(:secret) { fixture('alice@acme.corp+sign+encrypt+ec', :secret) }
  119. it 'returns true' do
  120. expect { described_class.new(key, secret).valid_smime_private_key! }.not_to raise_error
  121. end
  122. end
  123. context 'when private key is valid (RSA)' do
  124. let(:key) { fixture('alice@acme.corp+sign+encrypt', :key) }
  125. let(:secret) { fixture('alice@acme.corp+sign+encrypt', :secret) }
  126. it 'returns true' do
  127. expect { described_class.new(key, secret).valid_smime_private_key! }.not_to raise_error
  128. end
  129. end
  130. context 'when private key is invalid (DSA)' do
  131. let(:key) { fixture('DSA', :key) }
  132. let(:secret) { fixture('DSA', :secret) }
  133. it 'returns true' do
  134. message = 'The private key is not valid for S/MIME usage. Please check the key cryptographic algorithm.'
  135. expect { described_class.new(key, secret).valid_smime_private_key! }.to raise_error(Exceptions::UnprocessableEntity, message)
  136. end
  137. end
  138. end
  139. end