diff options
Diffstat (limited to 'spec/models/ssh_host_key_spec.rb')
-rw-r--r-- | spec/models/ssh_host_key_spec.rb | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/spec/models/ssh_host_key_spec.rb b/spec/models/ssh_host_key_spec.rb index 4b756846598..0348aab9f97 100644 --- a/spec/models/ssh_host_key_spec.rb +++ b/spec/models/ssh_host_key_spec.rb @@ -26,6 +26,9 @@ RSpec.describe SshHostKey do 'Ebi86VjJRi2sOuYoXQU1' end + let(:ssh_key1) { Gitlab::SSHPublicKey.new(key1) } + let(:ssh_key2) { Gitlab::SSHPublicKey.new(key2) } + # Purposefully ordered so that `sort` will make changes let(:known_hosts) do <<~EOF @@ -88,10 +91,17 @@ RSpec.describe SshHostKey do it 'returns an array of indexed fingerprints when the cache is filled' do stub_reactive_cache(ssh_host_key, known_hosts: known_hosts) - expected = [key1, key2] - .map { |data| Gitlab::SSHPublicKey.new(data) } + expected = [ssh_key1, ssh_key2] .each_with_index - .map { |key, i| { bits: key.bits, fingerprint: key.fingerprint, type: key.type, index: i } } + .map do |key, i| + { + bits: key.bits, + fingerprint: key.fingerprint, + fingerprint_sha256: key.fingerprint_sha256, + type: key.type, + index: i + } + end expect(ssh_host_key.fingerprints.as_json).to eq(expected) end @@ -107,8 +117,16 @@ RSpec.describe SshHostKey do expect(ssh_host_key.fingerprints.as_json).to eq( [ - { bits: 2048, fingerprint: Gitlab::SSHPublicKey.new(key1).fingerprint, type: :rsa, index: 0 }, - { bits: 2048, fingerprint: Gitlab::SSHPublicKey.new(key2).fingerprint, type: :rsa, index: 1 } + { bits: 2048, + fingerprint: ssh_key1.fingerprint, + fingerprint_sha256: ssh_key1.fingerprint_sha256, + type: :rsa, + index: 0 }, + { bits: 2048, + fingerprint: ssh_key2.fingerprint, + fingerprint_sha256: ssh_key2.fingerprint_sha256, + type: :rsa, + index: 1 } ] ) end @@ -116,6 +134,19 @@ RSpec.describe SshHostKey do it 'returns an empty array when the cache is empty' do expect(ssh_host_key.fingerprints).to eq([]) end + + context 'when FIPS is enabled', :fips_mode do + it 'only includes SHA256 fingerprint' do + stub_reactive_cache(ssh_host_key, known_hosts: known_hosts) + + expect(ssh_host_key.fingerprints.as_json).to eq( + [ + { bits: 2048, fingerprint_sha256: ssh_key1.fingerprint_sha256, type: :rsa, index: 0 }, + { bits: 2048, fingerprint_sha256: ssh_key2.fingerprint_sha256, type: :rsa, index: 1 } + ] + ) + end + end end describe '#host_keys_changed?' do |