SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
							# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe SMIMECertificate, type: :model do

  describe '.for_sender_email_address' do

    let(:lookup_address) { 'smime1@example.com' }

    context 'no certificate present' do
      it 'returns nil' do
        expect(described_class.for_sender_email_address(lookup_address)).to be_nil
      end
    end

    context 'certificate present' do

      context 'with private key' do

        let!(:certificate) { create(:smime_certificate, :with_private, fixture: lookup_address) }

        it 'returns certificate' do
          expect(described_class.for_sender_email_address(lookup_address)).to eq(certificate)
        end
      end

      context 'without private key' do

        before do
          create(:smime_certificate, fixture: lookup_address)
        end

        it 'returns nil' do
          expect(described_class.for_sender_email_address(lookup_address)).to be_nil
        end
      end

      context 'different letter case' do

        let(:fixture) { 'CaseInsenstive@eXample.COM' }
        let(:lookup_address) { 'CaseInsenStive@Example.coM' }

        context 'with private key' do

          let!(:certificate) { create(:smime_certificate, :with_private, fixture: fixture) }

          it 'returns certificate' do
            expect(described_class.for_sender_email_address(lookup_address)).to eq(certificate)
          end
        end
      end
    end
  end

  describe 'for_recipipent_email_addresses!' do

    context 'no certificate present' do

      let(:lookup_addresses) { ['smime1@example.com', 'smime2@example.com'] }

      it 'raises ActiveRecord::RecordNotFound' do
        expect { described_class.for_recipipent_email_addresses!(lookup_addresses) }.to raise_error(ActiveRecord::RecordNotFound)
      end
    end

    context 'not all certificates present' do

      let(:existing_address) { 'smime1@example.com' }
      let(:not_existing_address) { 'smime2@example.com' }
      let(:lookup_addresses) { [existing_address, not_existing_address] }

      before do
        create(:smime_certificate, fixture: existing_address)
      end

      it 'raises ActiveRecord::RecordNotFound' do
        expect { described_class.for_recipipent_email_addresses!(lookup_addresses) }.to raise_error(ActiveRecord::RecordNotFound)
      end

      context 'exception message' do

        let(:message) do
          described_class.for_recipipent_email_addresses!(lookup_addresses)
        rescue => e
          e.message
        end

        it 'does not contain found address' do
          expect(message).not_to include(existing_address)
        end

        it 'contains address not found' do
          expect(message).to include(not_existing_address)
        end
      end
    end

    context 'all certificates present' do

      let(:lookup_addresses) { ['smime1@example.com', 'smime2@example.com'] }

      let!(:certificates) do
        lookup_addresses.map do |existing_address|
          create(:smime_certificate, fixture: existing_address)
        end
      end

      it 'returns certificates' do
        expect(described_class.for_recipipent_email_addresses!(lookup_addresses)).to include(*certificates)
      end
    end

    context 'different letter case' do

      let(:fixture) { 'CaseInsenstive@eXample.COM' }
      let(:lookup_addresses) { ['CaseInsenStive@Example.coM'] }

      let!(:certificates) do
        [ create(:smime_certificate, fixture: fixture) ]
      end

      it 'returns certificates' do
        expect(described_class.for_recipipent_email_addresses!(lookup_addresses)).to eq(certificates)
      end
    end

  end

  describe '#email_addresses' do

    context 'certificate with single email address' do
      let(:email_address) { 'smime1@example.com' }
      let(:certificate) { create(:smime_certificate, fixture: email_address) }

      it 'returns the mail address' do
        expect(certificate.email_addresses).to eq([email_address])
      end
    end

    context 'certificate with multiple email addresses' do
      let(:email_addresses) { ['smimedouble@example.com', 'smimedouble@example.de'] }
      let(:certificate) { create(:smime_certificate, fixture: 'smimedouble@example.com') }

      it 'returns all mail addresses' do
        expect(certificate.email_addresses).to eq(email_addresses)
      end
    end

  end

  describe '#expired?' do

    let(:certificate) { create(:smime_certificate, fixture: fixture) }

    context 'expired' do
      let(:fixture) { 'expiredsmime1@example.com' }

      it 'returns true' do
        expect(certificate.expired?).to be true
      end
    end

    context 'valid' do
      let(:fixture) { 'smime1@example.com' }

      it 'returns false' do
        expect(certificate.expired?).to be false
      end
    end
  end

  context 'certificate parsing' do

    context 'expiration dates' do

      shared_examples 'correctly parsed' do |fixture|
        let(:certificate) { create(:smime_certificate, fixture: fixture) }

        it "handles '#{fixture}' fixture" do
          expect(certificate.not_before_at).to a_kind_of(ActiveSupport::TimeWithZone)
          expect(certificate.not_after_at).to a_kind_of(ActiveSupport::TimeWithZone)
        end
      end

      it_behaves_like 'correctly parsed', 'smime1@example.com'
      it_behaves_like 'correctly parsed', 'smime2@example.com'
      it_behaves_like 'correctly parsed', 'smime3@example.com'
      it_behaves_like 'correctly parsed', 'CaseInsenstive@eXample.COM'
      it_behaves_like 'correctly parsed', 'RootCA'
      it_behaves_like 'correctly parsed', 'IntermediateCA'
      it_behaves_like 'correctly parsed', 'ChainCA'
    end
  end

  it 'ensures uniqueness of records' do
    expect { create_list(:smime_certificate, 2, fixture: 'smime1@example.com') }.to raise_error(ActiveRecord::RecordInvalid, %r{Validation failed})
  end

  describe 'Cannot encrypt if multiple S/MIME certificates exist and one is expired #4029' do
    let(:lookup_address) { 'smime1@example.com' }

    before do
      create(:smime_certificate, :with_private, fixture: lookup_address, not_before_at: '2021-04-07', not_after_at: '2021-04-07', fingerprint: 'A')
      create(:smime_certificate, :with_private, fixture: lookup_address, not_before_at: '2022-04-07', not_after_at: '2042-04-07', fingerprint: 'B')
    end

    describe '.for_sender_email_address' do
      it 'does return the latest certificate when there is also an old expired certificate' do
        expect(described_class.for_sender_email_address('smime1@example.com').fingerprint).to eq('B')
      end
    end

    describe '.for_recipipent_email_addresses!' do
      it 'does return the latest certificate when there is also an old expired certificate' do
        expect(described_class.for_recipipent_email_addresses!(['smime1@example.com']).first.fingerprint).to eq('B')
      end
    end
  end
end