move certs into toplevel

cleaned up all the engine stuff that was never really used.
Afterwards there is not that much left that makes it into the toplevel.

4 files changed, 99 insertions, 0 deletions

diff --git a/test/files/ca.crt b/test/files/ca.crt
new file mode 100644
index 0000000..8393eee
--- /dev/null
+++ b/test/files/ca.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICYDCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA7MREwDwYDVQQKDAh0ZXN0
+IG9yZzESMBAGA1UECwwJdGVzdCB1bml0MRIwEAYDVQQDDAl0ZXN0IG5hbWUwIBcN
+MTMwMjA1MDAwMDAwWhgPMjExMzAyMDUwMDAwMDBaMDsxETAPBgNVBAoMCHRlc3Qg
+b3JnMRIwEAYDVQQLDAl0ZXN0IHVuaXQxEjAQBgNVBAMMCXRlc3QgbmFtZTCBqDAN
+BgkqhkiG9w0BAQEFAAOBlgAwgZICgYoAx076Dz8zswvCLuz0HP3Y3PWOgFDo9+8o
+H4uXRcTpd+yw+5B79xjtQ7ojQy2465Jq00nkzHI6V1otM2uvVVIOcNk0t1HEjmK0
+T/r96dDHc59YvVQ+XPrzuQ4t3iREy8IAPNbc3r29PVZkMdGpeSYxyY1mUKza4DcY
+My4SVko9pcP8zJBD4bHgEa0CAwEAAaNgMF4wHQYDVR0OBBYEFOQ+d2EUwBpi93TJ
+9AX4Okew5/UIMA4GA1UdDwEB/wQEAwICBDAMBgNVHRMEBTADAQH/MB8GA1UdIwQY
+MBaAFOQ+d2EUwBpi93TJ9AX4Okew5/UIMA0GCSqGSIb3DQEBDQUAA4GKAJW9/39P
+VbVjH9C7F0XMOpd9nWBe9NUoiw36ZFZw95dqfUm6j5f3nejWG4lEtyMFu5i5rAw6
+GdDSXmq4sUqWTaJmQmZyY+WggQR4UGWJ0I18HRDiPxuA++OfkGzA20Gmvk+CIw/J
+QLHlVjLyyUwaA+EO88rEcdc9VnGL/Xgjh8C/PYH2DpWw/kJa
+-----END CERTIFICATE-----
diff --git a/test/files/ca.key b/test/files/ca.key
new file mode 100644
index 0000000..125997f
--- /dev/null
+++ b/test/files/ca.key
@@ -0,0 +1,16 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIChAIBAAKBigDHTvoPPzOzC8Iu7PQc/djc9Y6AUOj37ygfi5dFxOl37LD7kHv3
+GO1DuiNDLbjrkmrTSeTMcjpXWi0za69VUg5w2TS3UcSOYrRP+v3p0Mdzn1i9VD5c
++vO5Di3eJETLwgA81tzevb09VmQx0al5JjHJjWZQrNrgNxgzLhJWSj2lw/zMkEPh
+seARrQIDAQABAoGJIvn0HircOsaMfEmvCUtu/E/HgzMvvxrkMqz/jgnhYt9Rq8QO
+TS29rY4D1C0473ZRcuTb1xkQrfWwSv7R1SpCSIGFo8obtGb0NjNaYGyQ0IrYDjk8
+H5kYFEY4X4oqFhgy3owewaZZLxLD336ARRj2HhsLzA+4nD/wF7Q+bggpuMdkM2Uj
+tn12rIECRQ/XqIGF8jLw9IDMkr9kkfT+n03p8sOd4g7iSw0sknlzaZZpIDvibkyN
+SDKM7VX4VQa7u58+sCF4ylwi0UQu7/VT7Smp4QJFDJSoEOKplBvaT9fTfdVKjE4P
+QyCAWEsb6Up8KKswhtDqiWeFtktIvx1Mkxn25erLms3cUEBde//rwNB+6ItBR/N8
+4RlNAkUPLsc3Gn+7gmFQ7r3U3zViboON0B/wiWcUjJsQzR6zdoBCvg0+VwsOIniG
+ubjbI1uZUGHHg/SYn4KQOm4DwlgF7aDkxQECRQjVZMEedlXxzLOdZvoHBuZHdT38
+F0Jn0rxXOaDQuy0eimBamS+r4vOWngr4Az3jRH15KMYMu9dyllX3z/R2uyrLVBc2
+TQJFBEHIjoMVgP2h+N6VUDgPOhnxnnLvowOtX23J1y2foKwfZrHH38LNcWmuaGUi
+fz6EYeUO20D174GfhqB0j6yR50ejPjYD
+-----END RSA PRIVATE KEY-----
diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb
new file mode 100644
index 0000000..2c70e52
--- /dev/null
+++ b/test/functional/v1/certs_controller_test.rb
@@ -0,0 +1,44 @@
+require 'test_helper'
+
+class V1::CertsControllerTest < ActionController::TestCase
+
+  test "send limited cert without login" do
+    with_config allow_limited_certs: true, allow_anonymous_certs: true do
+      cert = stub :to_s => "limited cert"
+      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
+      get :show
+      assert_response :success
+      assert_equal cert.to_s, @response.body
+    end
+  end
+
+  test "send unlimited cert" do
+    with_config allow_unlimited_certs: true do
+      login
+      cert = stub :to_s => "unlimited cert"
+      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:unlimited_cert_prefix]).returns(cert)
+      get :show
+      assert_response :success
+      assert_equal cert.to_s, @response.body
+    end
+  end
+
+  test "login required if anonymous certs disabled" do
+    with_config allow_anonymous_certs: false do
+      get :show
+      assert_response :redirect
+    end
+  end
+
+  test "send limited cert" do
+    with_config allow_limited_certs: true, allow_unlimited_certs: false do
+      login
+      cert = stub :to_s => "real cert"
+      ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
+      get :show
+      assert_response :success
+      assert_equal cert.to_s, @response.body
+    end
+  end
+
+end
diff --git a/test/unit/client_certificate_test.rb b/test/unit/client_certificate_test.rb
new file mode 100644
index 0000000..036e724
--- /dev/null
+++ b/test/unit/client_certificate_test.rb
@@ -0,0 +1,24 @@
+require 'test_helper'
+
+class ClientCertificateTest < ActiveSupport::TestCase
+
+  test "new cert has all we need" do
+    sample = ClientCertificate.new
+    assert sample.key
+    assert sample.cert
+    assert sample.to_s
+  end
+
+  test "cert has configured prefix" do
+    prefix = "PREFIX"
+    sample = ClientCertificate.new(:prefix => prefix)
+    assert sample.cert.subject.common_name.starts_with?(prefix)
+  end
+
+  test "cert issuer matches ca subject" do
+    sample = ClientCertificate.new
+    cert = OpenSSL::X509::Certificate.new(sample.cert.to_pem)
+    assert_equal ClientCertificate.root_ca.openssl_body.subject, cert.issuer
+  end
+
+end