Merge pull request #165 from azul/feature/cert-fingerprints

Feature/cert fingerprints
author: azul <azul@leap.se> 2014-05-26 10:08:07 +0200
committer: azul <azul@leap.se> 2014-05-26 10:08:07 +0200
commit: df298887221cffc8cacc8965d73a0d7850118849 (patch)
tree: e13fc7c05956b10ca051377b89487d97e659528d /test/integration/api
parent: 0f686b1256b4190522bcb101ba06cd2c7406eb36 (diff)
parent: f221e5313fe54a2efa127b547916c7c812110449 (diff)
2 files changed, 82 insertions, 0 deletions
diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb
new file mode 100644
index 0000000..74d439a
--- /dev/null
+++ b/test/integration/api/cert_test.rb
@@ -0,0 +1,30 @@
+require 'test_helper'
+
+class CertTest < ApiIntegrationTest
+
+  test "retrieve eip cert" do
+    login
+    get '/1/cert', {}, RACK_ENV
+    assert_text_response
+    assert_response_includes "BEGIN RSA PRIVATE KEY"
+    assert_response_includes "END RSA PRIVATE KEY"
+    assert_response_includes "BEGIN CERTIFICATE"
+    assert_response_includes "END CERTIFICATE"
+  end
+
+  test "fetching certs requires login by default" do
+    get '/1/cert', {}, RACK_ENV
+    assert_json_response error: I18n.t(:not_authorized)
+  end
+
+  test "retrieve anonymous eip cert" do
+    with_config allow_anonymous_certs: true do
+      get '/1/cert', {}, RACK_ENV
+      assert_text_response
+      assert_response_includes "BEGIN RSA PRIVATE KEY"
+      assert_response_includes "END RSA PRIVATE KEY"
+      assert_response_includes "BEGIN CERTIFICATE"
+      assert_response_includes "END CERTIFICATE"
+    end
+  end
+end
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
new file mode 100644
index 0000000..04e6f31
--- /dev/null
+++ b/test/integration/api/smtp_cert_test.rb
@@ -0,0 +1,52 @@
+require 'test_helper'
+require 'openssl'
+
+class SmtpCertTest < ApiIntegrationTest
+
+  test "retrieve smtp cert" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    post '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    assert_response_includes "BEGIN RSA PRIVATE KEY"
+    assert_response_includes "END RSA PRIVATE KEY"
+    assert_response_includes "BEGIN CERTIFICATE"
+    assert_response_includes "END CERTIFICATE"
+  end
+
+  test "cert and key" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    post '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    cert = OpenSSL::X509::Certificate.new(get_response.body)
+    key = OpenSSL::PKey::RSA.new(get_response.body)
+    assert cert.check_private_key(key)
+    prefix = "/CN=#{@user.email_address}"
+    assert_equal prefix, cert.subject.to_s.slice(0,prefix.size)
+  end
+
+  test "fingerprint is stored with identity" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    post '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    cert = OpenSSL::X509::Certificate.new(get_response.body)
+    fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
+    today = DateTime.now.to_date.to_s
+    assert_equal({fingerprint => today}, @user.identity.cert_fingerprints)
+  end
+
+  test "fetching smtp certs requires email account" do
+    login
+    post '/1/smtp_cert', {}, RACK_ENV
+    assert_json_response error: I18n.t(:not_authorized)
+  end
+
+  test "no anonymous smtp certs" do
+    with_config allow_anonymous_certs: true do
+      post '/1/smtp_cert', {}, RACK_ENV
+      assert_json_response error: I18n.t(:not_authorized)
+    end
+  end
+end
author	azul <azul@leap.se>	2014-05-26 10:08:07 +0200
committer	azul <azul@leap.se>	2014-05-26 10:08:07 +0200
commit	df298887221cffc8cacc8965d73a0d7850118849 (patch)
tree	e13fc7c05956b10ca051377b89487d97e659528d /test/integration/api
parent	0f686b1256b4190522bcb101ba06cd2c7406eb36 (diff)
parent	f221e5313fe54a2efa127b547916c7c812110449 (diff)