summaryrefslogtreecommitdiff
path: root/spec/workers/x509_issuer_crl_check_worker_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/workers/x509_issuer_crl_check_worker_spec.rb')
-rw-r--r--spec/workers/x509_issuer_crl_check_worker_spec.rb90
1 files changed, 90 insertions, 0 deletions
diff --git a/spec/workers/x509_issuer_crl_check_worker_spec.rb b/spec/workers/x509_issuer_crl_check_worker_spec.rb
new file mode 100644
index 00000000000..f052812b86b
--- /dev/null
+++ b/spec/workers/x509_issuer_crl_check_worker_spec.rb
@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe X509IssuerCrlCheckWorker do
+ subject(:worker) { described_class.new }
+
+ let(:project) { create(:project, :public, :repository) }
+ let(:x509_signed_commit) { project.commit_by(oid: '189a6c924013fc3fe40d6f1ec1dc20214183bc97') }
+ let(:revoked_x509_signed_commit) { project.commit_by(oid: 'ed775cc81e5477df30c2abba7b6fdbb5d0baadae') }
+
+ describe '#perform' do
+ context 'valid crl' do
+ before do
+ stub_request(:get, "http://ch.siemens.com/pki?ZZZZZZA6.crl")
+ .to_return(status: 200, body: File.read('spec/fixtures/x509/ZZZZZZA6.crl'), headers: {})
+ end
+
+ it 'changes certificate status for revoked certificates' do
+ revoked_x509_commit = Gitlab::X509::Commit.new(revoked_x509_signed_commit)
+ x509_commit = Gitlab::X509::Commit.new(x509_signed_commit)
+ issuer = revoked_x509_commit.signature.x509_certificate.x509_issuer
+
+ expect(issuer).to eq(x509_commit.signature.x509_certificate.x509_issuer)
+ expect(revoked_x509_commit.signature.x509_certificate.good?).to be_truthy
+ expect(x509_commit.signature.x509_certificate.good?).to be_truthy
+
+ worker.perform
+ revoked_x509_commit.signature.reload
+
+ expect(revoked_x509_commit.signature.x509_certificate.revoked?).to be_truthy
+ expect(x509_commit.signature.x509_certificate.revoked?).to be_falsey
+ end
+ end
+
+ context 'invalid crl' do
+ before do
+ stub_request(:get, "http://ch.siemens.com/pki?ZZZZZZA6.crl")
+ .to_return(status: 200, body: "trash", headers: {})
+ end
+
+ it 'does not change certificate status' do
+ revoked_x509_commit = Gitlab::X509::Commit.new(revoked_x509_signed_commit)
+
+ expect(revoked_x509_commit.signature.x509_certificate.good?).to be_truthy
+
+ worker.perform
+ revoked_x509_commit.signature.reload
+
+ expect(revoked_x509_commit.signature.x509_certificate.revoked?).to be_falsey
+ end
+ end
+
+ context 'not found crl' do
+ before do
+ stub_request(:get, "http://ch.siemens.com/pki?ZZZZZZA6.crl")
+ .to_return(status: 404, body: "not found", headers: {})
+ end
+
+ it 'does not change certificate status' do
+ revoked_x509_commit = Gitlab::X509::Commit.new(revoked_x509_signed_commit)
+
+ expect(revoked_x509_commit.signature.x509_certificate.good?).to be_truthy
+
+ worker.perform
+ revoked_x509_commit.signature.reload
+
+ expect(revoked_x509_commit.signature.x509_certificate.revoked?).to be_falsey
+ end
+ end
+
+ context 'unreachable crl' do
+ before do
+ stub_request(:get, "http://ch.siemens.com/pki?ZZZZZZA6.crl")
+ .to_raise(SocketError.new('Some HTTP error'))
+ end
+
+ it 'does not change certificate status' do
+ revoked_x509_commit = Gitlab::X509::Commit.new(revoked_x509_signed_commit)
+
+ expect(revoked_x509_commit.signature.x509_certificate.good?).to be_truthy
+
+ worker.perform
+ revoked_x509_commit.signature.reload
+
+ expect(revoked_x509_commit.signature.x509_certificate.revoked?).to be_falsey
+ end
+ end
+ end
+end
View Lorry Controller Status