summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/x509/certificate_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/x509/certificate_spec.rb')
-rw-r--r--spec/lib/gitlab/x509/certificate_spec.rb50
1 files changed, 50 insertions, 0 deletions
diff --git a/spec/lib/gitlab/x509/certificate_spec.rb b/spec/lib/gitlab/x509/certificate_spec.rb
index a5b192dd051..2dc30cc871d 100644
--- a/spec/lib/gitlab/x509/certificate_spec.rb
+++ b/spec/lib/gitlab/x509/certificate_spec.rb
@@ -5,6 +5,9 @@ require 'spec_helper'
RSpec.describe Gitlab::X509::Certificate do
include SmimeHelper
+ let(:sample_ca_certs_path) { Rails.root.join('spec/fixtures/clusters').to_s }
+ let(:sample_cert) { Rails.root.join('spec/fixtures/x509_certificate.crt').to_s }
+
# cert generation is an expensive operation and they are used read-only,
# so we share them as instance variables in all tests
before :context do
@@ -13,6 +16,16 @@ RSpec.describe Gitlab::X509::Certificate do
@cert = generate_cert(signer_ca: @intermediate_ca)
end
+ before do
+ stub_const("OpenSSL::X509::DEFAULT_CERT_DIR", sample_ca_certs_path)
+ stub_const("OpenSSL::X509::DEFAULT_CERT_FILE", sample_cert)
+ described_class.reset_ca_certs_bundle
+ end
+
+ after(:context) do
+ described_class.reset_ca_certs_bundle
+ end
+
describe 'testing environment setup' do
describe 'generate_root' do
subject { @root_ca }
@@ -103,6 +116,43 @@ RSpec.describe Gitlab::X509::Certificate do
end
end
+ describe '.ca_certs_paths' do
+ it 'returns all files specified by OpenSSL defaults' do
+ cert_paths = Dir["#{OpenSSL::X509::DEFAULT_CERT_DIR}/*"]
+
+ expect(described_class.ca_certs_paths).to match_array(cert_paths + [sample_cert])
+ end
+ end
+
+ describe '.ca_certs_bundle' do
+ it 'skips certificates if OpenSSLError is raised and report it' do
+ expect(Gitlab::ErrorTracking)
+ .to receive(:track_and_raise_for_dev_exception)
+ .with(
+ a_kind_of(OpenSSL::X509::CertificateError),
+ cert_file: a_kind_of(String)).at_least(:once)
+
+ expect(OpenSSL::X509::Certificate)
+ .to receive(:new)
+ .and_raise(OpenSSL::X509::CertificateError).at_least(:once)
+
+ expect(described_class.ca_certs_bundle).to be_a(String)
+ end
+
+ it 'returns a list certificates as strings' do
+ expect(described_class.ca_certs_bundle).to be_a(String)
+ end
+ end
+
+ describe '.load_ca_certs_bundle' do
+ it 'loads a PEM-encoded certificate bundle into an OpenSSL::X509::Certificate array' do
+ ca_certs_string = described_class.ca_certs_bundle
+ ca_certs = described_class.load_ca_certs_bundle(ca_certs_string)
+
+ expect(ca_certs).to all(be_an(OpenSSL::X509::Certificate))
+ end
+ end
+
def common_cert_tests(parsed_cert, cert, signer_ca, with_ca_certs: nil)
expect(parsed_cert.cert).to be_a(OpenSSL::X509::Certificate)
expect(parsed_cert.cert.subject).to eq(cert[:cert].subject)
View Lorry Controller Status