gitlab-org--gitlab-foss/spec/models/x509_certificate_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe X509Certificate do
  describe 'validation' do
    it { is_expected.to validate_presence_of(:subject_key_identifier) }
    it { is_expected.to validate_presence_of(:subject) }
    it { is_expected.to validate_presence_of(:email) }
    it { is_expected.to validate_presence_of(:serial_number) }
    it { is_expected.to validate_presence_of(:x509_issuer_id) }
  end

  describe 'associations' do
    it { is_expected.to belong_to(:x509_issuer).required }
  end

  describe '.safe_create!' do
    let(:subject_key_identifier) { 'CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD' }
    let(:subject) { 'CN=gitlab@example.com,OU=Example,O=World' }
    let(:email) { 'gitlab@example.com' }
    let(:serial_number) { '123456789' }
    let(:issuer) { create(:x509_issuer) }

    let(:attributes) do
      {
        subject_key_identifier: subject_key_identifier,
        subject: subject,
        email: email,
        serial_number: serial_number,
        x509_issuer_id: issuer.id
      }
    end

    it 'creates a new certificate if it was not found' do
      expect { described_class.safe_create!(attributes) }.to change { described_class.count }.by(1)
    end

    it 'assigns the correct attributes when creating' do
      certificate = described_class.safe_create!(attributes)

      expect(certificate.subject_key_identifier).to eq(subject_key_identifier)
      expect(certificate.subject).to eq(subject)
      expect(certificate.email).to eq(email)
    end

    it 'calls mark_commit_signatures_unverified' do
      expect_any_instance_of(described_class).to receive(:mark_commit_signatures_unverified)

      described_class.safe_create!(attributes)
    end

    context 'certificate revocation handling' do
      let(:x509_certificate) { create(:x509_certificate) }

      it 'starts a revoke worker if certificate is revoked' do
        expect(X509CertificateRevokeWorker).to receive(:perform_async).with(x509_certificate.id)

        x509_certificate.revoked!
      end

      it 'does not starts a revoke worker for good certificates' do
        expect(X509CertificateRevokeWorker).not_to receive(:perform_async).with(x509_certificate.id)

        x509_certificate
      end
    end
  end

  describe 'validators' do
    let_it_be(:issuer) { create(:x509_issuer) }

    it 'accepts correct subject_key_identifier' do
      subject_key_identifiers = [
        'AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB',
        'CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD'
      ]

      subject_key_identifiers.each do |identifier|
        expect(build(:x509_certificate, x509_issuer: issuer, subject_key_identifier: identifier)).to be_valid
      end
    end

    it 'rejects invalid subject_key_identifier' do
      subject_key_identifiers = [
        'AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB',
        'CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:GG',
        'random string',
        '12321342545356434523412341245452345623453542345234523453245'
      ]

      subject_key_identifiers.each do |identifier|
        expect(build(:x509_certificate, x509_issuer: issuer, subject_key_identifier: identifier)).to be_invalid
      end
    end

    it 'accepts correct email address' do
      emails = [
        'smime@example.org',
        'smime@example.com'
      ]

      emails.each do |email|
        expect(build(:x509_certificate, x509_issuer: issuer, email: email)).to be_valid
      end
    end

    it 'rejects invalid email' do
      emails = [
        'this is not an email',
        '@example.org'
      ]

      emails.each do |email|
        expect(build(:x509_certificate, x509_issuer: issuer, email: email)).to be_invalid
      end
    end

    it 'accepts valid serial_number' do
      expect(build(:x509_certificate, x509_issuer: issuer, serial_number: 123412341234)).to be_valid

      # rfc 5280 - 4.1.2.2  Serial number (20 octets is the maximum)
      expect(build(:x509_certificate, x509_issuer: issuer, serial_number: 1461501637330902918203684832716283019655932542975)).to be_valid
      expect(build(:x509_certificate, x509_issuer: issuer, serial_number: 'ffffffffffffffffffffffffffffffffffffffff'.to_i(16))).to be_valid
    end

    it 'rejects invalid serial_number' do
      expect(build(:x509_certificate, x509_issuer: issuer, serial_number: "sgsgfsdgdsfg")).to be_invalid
    end
  end
end
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`# frozen_string_literal: true`

			`require 'spec_helper'`

			`RSpec.describe X509Certificate do`
			`describe 'validation' do`
			`it { is_expected.to validate_presence_of(:subject_key_identifier) }`
			`it { is_expected.to validate_presence_of(:subject) }`
			`it { is_expected.to validate_presence_of(:email) }`
			`it { is_expected.to validate_presence_of(:serial_number) }`
			`it { is_expected.to validate_presence_of(:x509_issuer_id) }`
			`end`

			`describe 'associations' do`
			`it { is_expected.to belong_to(:x509_issuer).required }`
			`end`

			`describe '.safe_create!' do`
			`let(:subject_key_identifier) { 'CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD' }`
			`let(:subject) { 'CN=gitlab@example.com,OU=Example,O=World' }`
			`let(:email) { 'gitlab@example.com' }`
			`let(:serial_number) { '123456789' }`
			`let(:issuer) { create(:x509_issuer) }`

			`let(:attributes) do`
			`{`
			`subject_key_identifier: subject_key_identifier,`
			`subject: subject,`
			`email: email,`
			`serial_number: serial_number,`
			`x509_issuer_id: issuer.id`
			`}`
			`end`

			`it 'creates a new certificate if it was not found' do`
			`expect { described_class.safe_create!(attributes) }.to change { described_class.count }.by(1)`
			`end`

			`it 'assigns the correct attributes when creating' do`
			`certificate = described_class.safe_create!(attributes)`

			`expect(certificate.subject_key_identifier).to eq(subject_key_identifier)`
			`expect(certificate.subject).to eq(subject)`
			`expect(certificate.email).to eq(email)`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 20:09:34 -04:00
			`it 'calls mark_commit_signatures_unverified' do`
			`expect_any_instance_of(described_class).to receive(:mark_commit_signatures_unverified)`

			`described_class.safe_create!(attributes)`
			`end`

			`context 'certificate revocation handling' do`
			`let(:x509_certificate) { create(:x509_certificate) }`

			`it 'starts a revoke worker if certificate is revoked' do`
			`expect(X509CertificateRevokeWorker).to receive(:perform_async).with(x509_certificate.id)`

			`x509_certificate.revoked!`
			`end`

			`it 'does not starts a revoke worker for good certificates' do`
			`expect(X509CertificateRevokeWorker).not_to receive(:perform_async).with(x509_certificate.id)`

			`x509_certificate`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`end`

			`describe 'validators' do`
Add latest changes from gitlab-org/gitlab@master 2020-09-04 08:08:27 -04:00			`let_it_be(:issuer) { create(:x509_issuer) }`

Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`it 'accepts correct subject_key_identifier' do`
			`subject_key_identifiers = [`
			`'AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB',`
			`'CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD'`
			`]`

			`subject_key_identifiers.each do \|identifier\|`
Add latest changes from gitlab-org/gitlab@master 2020-09-04 08:08:27 -04:00			`expect(build(:x509_certificate, x509_issuer: issuer, subject_key_identifier: identifier)).to be_valid`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`end`
			`end`

			`it 'rejects invalid subject_key_identifier' do`
			`subject_key_identifiers = [`
			`'AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB',`
			`'CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:CD:GG',`
			`'random string',`
			`'12321342545356434523412341245452345623453542345234523453245'`
			`]`

			`subject_key_identifiers.each do \|identifier\|`
Add latest changes from gitlab-org/gitlab@master 2020-09-04 08:08:27 -04:00			`expect(build(:x509_certificate, x509_issuer: issuer, subject_key_identifier: identifier)).to be_invalid`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`end`
			`end`

			`it 'accepts correct email address' do`
			`emails = [`
			`'smime@example.org',`
			`'smime@example.com'`
			`]`

			`emails.each do \|email\|`
Add latest changes from gitlab-org/gitlab@master 2020-09-04 08:08:27 -04:00			`expect(build(:x509_certificate, x509_issuer: issuer, email: email)).to be_valid`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`end`
			`end`

			`it 'rejects invalid email' do`
			`emails = [`
			`'this is not an email',`
			`'@example.org'`
			`]`

			`emails.each do \|email\|`
Add latest changes from gitlab-org/gitlab@master 2020-09-04 08:08:27 -04:00			`expect(build(:x509_certificate, x509_issuer: issuer, email: email)).to be_invalid`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`end`
			`end`

			`it 'accepts valid serial_number' do`
Add latest changes from gitlab-org/gitlab@master 2020-09-04 08:08:27 -04:00			`expect(build(:x509_certificate, x509_issuer: issuer, serial_number: 123412341234)).to be_valid`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00
			`# rfc 5280 - 4.1.2.2 Serial number (20 octets is the maximum)`
Add latest changes from gitlab-org/gitlab@master 2020-09-04 08:08:27 -04:00			`expect(build(:x509_certificate, x509_issuer: issuer, serial_number: 1461501637330902918203684832716283019655932542975)).to be_valid`
			`expect(build(:x509_certificate, x509_issuer: issuer, serial_number: 'ffffffffffffffffffffffffffffffffffffffff'.to_i(16))).to be_valid`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`end`

			`it 'rejects invalid serial_number' do`
Add latest changes from gitlab-org/gitlab@master 2020-09-04 08:08:27 -04:00			`expect(build(:x509_certificate, x509_issuer: issuer, serial_number: "sgsgfsdgdsfg")).to be_invalid`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 19:09:12 -05:00			`end`
			`end`
			`end`