diff options
| author | Rachel Adler <rmoshier@gmail.com> | 2016-11-01 08:41:39 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-11-01 08:41:39 -0700 |
| commit | ad14362fe3c7b1a67aeca43328705c97c9c9c3cb (patch) | |
| tree | 872df48dc3461216f28a0ee541f2d73aec8e443a /spec/unit | |
| parent | 0e72b98de2d3715e4d4573b6cb0ccb3ec1784988 (diff) | |
| parent | 393a0cf48faeb8f9056b6e743b20bec4bc2e5e0d (diff) | |
| download | chef-ad14362fe3c7b1a67aeca43328705c97c9c9c3cb.tar.gz | |
Merge pull request #5498 from chef/2919/ssl_fetch_no_cn
Updating knife ssl fetch to correctly store certificate when it does not have a CN
Diffstat (limited to 'spec/unit')
| -rw-r--r-- | spec/unit/knife/ssl_fetch_spec.rb | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/spec/unit/knife/ssl_fetch_spec.rb b/spec/unit/knife/ssl_fetch_spec.rb index 8bb4810b88..bc49c40241 100644 --- a/spec/unit/knife/ssl_fetch_spec.rb +++ b/spec/unit/knife/ssl_fetch_spec.rb @@ -108,6 +108,24 @@ E end + describe "#cn_of" do + let(:certificate) { double("Certificate", subject: subject) } + + describe "when the certificate has a common name" do + let(:subject) { [["CN", "common name"]] } + it "returns the common name" do + expect(ssl_fetch.cn_of(certificate)).to eq("common name") + end + end + + describe "when the certificate does not have a common name" do + let(:subject) { [] } + it "returns nil" do + expect(ssl_fetch.cn_of(certificate)).to eq(nil) + end + end + end + describe "fetching the remote cert chain" do let(:name_args) { %w{https://foo.example.com:8443} } @@ -180,5 +198,25 @@ ERROR_TEXT end + describe "when the certificate does not have a CN" do + let(:self_signed_crt_path) { File.join(CHEF_SPEC_DATA, "trusted_certs", "example_no_cn.crt") } + let(:self_signed_crt) { OpenSSL::X509::Certificate.new(File.read(self_signed_crt_path)) } + + before do + expect(ssl_fetch).to receive(:proxified_socket).with("foo.example.com", 8443).and_return(tcp_socket) + expect(OpenSSL::SSL::SSLSocket).to receive(:new).with(tcp_socket, ssl_fetch.noverify_peer_ssl_context).and_return(ssl_socket) + expect(ssl_socket).to receive(:connect) + expect(ssl_socket).to receive(:peer_cert_chain).and_return([self_signed_crt]) + expect(Time).to receive(:new).and_return(1) + end + + it "fetches the certificate and writes it to a file in the trusted_certs_dir" do + run + stored_cert_path = File.join(trusted_certs_dir, "foo.example.com_1.crt") + expect(File).to exist(stored_cert_path) + expect(File.read(stored_cert_path)).to eq(File.read(self_signed_crt_path)) + end + end + end end |