diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 15:40:28 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 15:40:28 +0000 |
commit | b595cb0c1dec83de5bdee18284abe86614bed33b (patch) | |
tree | 8c3d4540f193c5ff98019352f554e921b3a41a72 /spec/lib/gitlab/x509 | |
parent | 2f9104a328fc8a4bddeaa4627b595166d24671d0 (diff) | |
download | gitlab-ce-b595cb0c1dec83de5bdee18284abe86614bed33b.tar.gz |
Add latest changes from gitlab-org/gitlab@15-2-stable-eev15.2.0-rc42
Diffstat (limited to 'spec/lib/gitlab/x509')
-rw-r--r-- | spec/lib/gitlab/x509/certificate_spec.rb | 62 | ||||
-rw-r--r-- | spec/lib/gitlab/x509/commit_spec.rb | 41 | ||||
-rw-r--r-- | spec/lib/gitlab/x509/signature_spec.rb | 2 |
3 files changed, 94 insertions, 11 deletions
diff --git a/spec/lib/gitlab/x509/certificate_spec.rb b/spec/lib/gitlab/x509/certificate_spec.rb index 2dc30cc871d..d919b99de2a 100644 --- a/spec/lib/gitlab/x509/certificate_spec.rb +++ b/spec/lib/gitlab/x509/certificate_spec.rb @@ -116,9 +116,69 @@ RSpec.describe Gitlab::X509::Certificate do end end + describe '.default_cert_dir' do + before do + described_class.reset_default_cert_paths + end + + after(:context) do + described_class.reset_default_cert_paths + end + + context 'when SSL_CERT_DIR env variable is not set' do + before do + stub_env('SSL_CERT_DIR', nil) + end + + it 'returns default directory from OpenSSL' do + expect(described_class.default_cert_dir).to eq(OpenSSL::X509::DEFAULT_CERT_DIR) + end + end + + context 'when SSL_CERT_DIR env variable is set' do + before do + stub_env('SSL_CERT_DIR', '/tmp/foo/certs') + end + + it 'returns specified directory' do + expect(described_class.default_cert_dir).to eq('/tmp/foo/certs') + end + end + end + + describe '.default_cert_file' do + before do + described_class.reset_default_cert_paths + end + + after(:context) do + described_class.reset_default_cert_paths + end + + context 'when SSL_CERT_FILE env variable is not set' do + before do + stub_env('SSL_CERT_FILE', nil) + end + + it 'returns default file from OpenSSL' do + expect(described_class.default_cert_file).to eq(OpenSSL::X509::DEFAULT_CERT_FILE) + end + end + + context 'when SSL_CERT_FILE env variable is set' do + before do + stub_env('SSL_CERT_FILE', '/tmp/foo/cert.pem') + end + + it 'returns specified file' do + expect(described_class.default_cert_file).to eq('/tmp/foo/cert.pem') + end + end + end + describe '.ca_certs_paths' do it 'returns all files specified by OpenSSL defaults' do - cert_paths = Dir["#{OpenSSL::X509::DEFAULT_CERT_DIR}/*"] + cert_paths = Dir["#{described_class.default_cert_dir}/*"] expect(described_class.ca_certs_paths).to match_array(cert_paths + [sample_cert]) end diff --git a/spec/lib/gitlab/x509/commit_spec.rb b/spec/lib/gitlab/x509/commit_spec.rb index a81955b995e..c7d56e49fab 100644 --- a/spec/lib/gitlab/x509/commit_spec.rb +++ b/spec/lib/gitlab/x509/commit_spec.rb @@ -2,14 +2,21 @@ require 'spec_helper' RSpec.describe Gitlab::X509::Commit do - describe '#signature' do - let(:signature) { described_class.new(commit).signature } + let(:commit_sha) { '189a6c924013fc3fe40d6f1ec1dc20214183bc97' } + let(:user) { create(:user, email: X509Helpers::User1.certificate_email) } + let(:project) { create(:project, :repository, path: X509Helpers::User1.path, creator: user) } + let(:commit) { project.commit_by(oid: commit_sha ) } + let(:signature) { Gitlab::X509::Commit.new(commit).signature } + let(:store) { OpenSSL::X509::Store.new } + let(:certificate) { OpenSSL::X509::Certificate.new(X509Helpers::User1.trust_cert) } - context 'returns the cached signature' do - let(:commit_sha) { '189a6c924013fc3fe40d6f1ec1dc20214183bc97' } - let(:project) { create(:project, :public, :repository) } - let(:commit) { create(:commit, project: project, sha: commit_sha) } + before do + store.add_cert(certificate) if certificate + allow(OpenSSL::X509::Store).to receive(:new).and_return(store) + end + describe '#signature' do + context 'returns the cached signature' do it 'on second call' do allow_any_instance_of(described_class).to receive(:new).and_call_original expect_any_instance_of(described_class).to receive(:create_cached_signature!).and_call_original @@ -23,13 +30,29 @@ RSpec.describe Gitlab::X509::Commit do end context 'unsigned commit' do - let!(:project) { create :project, :repository, path: X509Helpers::User1.path } - let!(:commit_sha) { X509Helpers::User1.commit } - let!(:commit) { create :commit, project: project, sha: commit_sha } + let(:project) { create :project, :repository, path: X509Helpers::User1.path } + let(:commit_sha) { X509Helpers::User1.commit } + let(:commit) { create :commit, project: project, sha: commit_sha } it 'returns nil' do expect(signature).to be_nil end end end + + describe '#update_signature!' do + let(:certificate) { nil } + + it 'updates verification status' do + signature + + cert = OpenSSL::X509::Certificate.new(X509Helpers::User1.trust_cert) + store.add_cert(cert) + + stored_signature = CommitSignatures::X509CommitSignature.find_by_commit_sha(commit_sha) + expect { described_class.new(commit).update_signature!(stored_signature) }.to( + change { signature.reload.verification_status }.from('unverified').to('verified') + ) + end + end end diff --git a/spec/lib/gitlab/x509/signature_spec.rb b/spec/lib/gitlab/x509/signature_spec.rb index 0e34d5393d6..5626e49bfe1 100644 --- a/spec/lib/gitlab/x509/signature_spec.rb +++ b/spec/lib/gitlab/x509/signature_spec.rb @@ -107,7 +107,7 @@ RSpec.describe Gitlab::X509::Signature do f.print certificate.to_pem end - stub_const("OpenSSL::X509::DEFAULT_CERT_FILE", file_path) + allow(Gitlab::X509::Certificate).to receive(:default_cert_file).and_return(file_path) allow(OpenSSL::X509::Store).to receive(:new).and_return(store) end |