diff options
-rw-r--r-- | certs/app/assets/images/leap_web_certs/.gitkeep | 0 | ||||
-rw-r--r-- | certs/app/assets/javascripts/leap_web_certs/.gitkeep | 0 | ||||
-rw-r--r-- | certs/app/assets/stylesheets/leap_web_certs/.gitkeep | 0 | ||||
-rw-r--r-- | certs/app/helpers/.gitkeep | 0 | ||||
-rw-r--r-- | certs/app/helpers/certs_helper.rb | 2 | ||||
-rw-r--r-- | certs/app/mailers/.gitkeep | 0 | ||||
-rw-r--r-- | certs/app/models/.gitkeep | 0 | ||||
-rw-r--r-- | certs/app/models/leap_ca/cert.rb | 56 | ||||
-rw-r--r-- | certs/app/views/.gitkeep | 0 | ||||
-rw-r--r-- | certs/leap_web_certs.gemspec | 1 | ||||
-rw-r--r-- | certs/lib/leap_web_certs/engine.rb | 10 | ||||
-rw-r--r-- | certs/test/unit/cert_pool_test.rb | 52 | ||||
-rw-r--r-- | certs/test/unit/cert_test.rb | 39 |
13 files changed, 149 insertions, 11 deletions
diff --git a/certs/app/assets/images/leap_web_certs/.gitkeep b/certs/app/assets/images/leap_web_certs/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/certs/app/assets/images/leap_web_certs/.gitkeep diff --git a/certs/app/assets/javascripts/leap_web_certs/.gitkeep b/certs/app/assets/javascripts/leap_web_certs/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/certs/app/assets/javascripts/leap_web_certs/.gitkeep diff --git a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep b/certs/app/assets/stylesheets/leap_web_certs/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/certs/app/assets/stylesheets/leap_web_certs/.gitkeep diff --git a/certs/app/helpers/.gitkeep b/certs/app/helpers/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/certs/app/helpers/.gitkeep diff --git a/certs/app/helpers/certs_helper.rb b/certs/app/helpers/certs_helper.rb new file mode 100644 index 0000000..94e76b8 --- /dev/null +++ b/certs/app/helpers/certs_helper.rb @@ -0,0 +1,2 @@ +module CertsHelper +end diff --git a/certs/app/mailers/.gitkeep b/certs/app/mailers/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/certs/app/mailers/.gitkeep diff --git a/certs/app/models/.gitkeep b/certs/app/models/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/certs/app/models/.gitkeep diff --git a/certs/app/models/leap_ca/cert.rb b/certs/app/models/leap_ca/cert.rb new file mode 100644 index 0000000..9d4f15e --- /dev/null +++ b/certs/app/models/leap_ca/cert.rb @@ -0,0 +1,56 @@ +# +# Model for certificates stored in CouchDB. +# +# This file must be loaded after Config has been loaded. +# + +module LeapCA + class Cert < CouchRest::Model::Base + +# No config yet. use_database LeapCA::Config.db_name + use_database 'client_certificates' + + timestamps! + + property :key, String # the client private RSA key + property :cert, String # the client x509 certificate, signed by the CA + property :valid_until, Time # expiration time of the client certificate + property :random, Float, :accessible => false # used to help pick a random cert by the webapp + + before_validation :set_random, :on => :create + + validates :key, :presence => true + validates :cert, :presence => true + validates :random, :presence => true + validates :random, :numericality => {:greater_than => 0, :less_than => 1} + + design do + view :by_random + end + + def set_random + self.random = rand + end + + class << self + def sample + self.by_random.startkey(rand).first || self.by_random.first + end + + def pick_from_pool + cert = self.sample + raise RECORD_NOT_FOUND unless cert + cert.destroy + return cert + rescue RESOURCE_NOT_FOUND + retry if self.by_random.count > 0 + raise RECORD_NOT_FOUND + end + + def valid_attributes_hash + {:key => "ABCD", :cert => "A123"} + end + end + + end +end diff --git a/certs/app/views/.gitkeep b/certs/app/views/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/certs/app/views/.gitkeep diff --git a/certs/leap_web_certs.gemspec b/certs/leap_web_certs.gemspec index 81bc042..15a45be 100644 --- a/certs/leap_web_certs.gemspec +++ b/certs/leap_web_certs.gemspec @@ -16,6 +16,5 @@ Gem::Specification.new do |s| s.test_files = Dir["test/**/*"] s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "leap_ca", '~> 0.2.0' end diff --git a/certs/lib/leap_web_certs/engine.rb b/certs/lib/leap_web_certs/engine.rb index bc0801d..3c8948a 100644 --- a/certs/lib/leap_web_certs/engine.rb +++ b/certs/lib/leap_web_certs/engine.rb @@ -1,14 +1,4 @@ require "leap_web_core" -require "leap_ca/config" -LeapCA::Config.db_name = "client_certificates" - -# couchrest model has an initializer for this - but apparently that does not work -CouchRest::Model::Base.configure do |conf| - conf.environment = Rails.env - conf.connection_config_file = File.join(Rails.root, 'config', 'couchdb.yml') -end - -require "leap_ca/cert" module LeapWebCerts class Engine < ::Rails::Engine diff --git a/certs/test/unit/cert_pool_test.rb b/certs/test/unit/cert_pool_test.rb new file mode 100644 index 0000000..06f7ce0 --- /dev/null +++ b/certs/test/unit/cert_pool_test.rb @@ -0,0 +1,52 @@ +require 'test_helper' + +class CertPoolTest < ActiveSupport::TestCase + + setup do + 2.times { LeapCA::Cert.create(LeapCA::Cert.valid_attributes_hash) } + end + + teardown do + LeapCA::Cert.all.each {|c| c.destroy} + end + + test "picks random sample" do + # with 3 certs chances are pretty low we pick the same one 40 times. + LeapCA::Cert.create! LeapCA::Cert.valid_attributes_hash + picked = [] + first = LeapCA::Cert.sample.id + current = LeapCA::Cert.sample.id + 40.times do + break if current != first + current = LeapCA::Cert.sample.id + end + assert_not_equal current, first + end + + test "picks cert from the pool" do + assert_difference "LeapCA::Cert.count", -1 do + cert = LeapCA::Cert.pick_from_pool + end + end + + test "err's out if all certs have been destroyed" do + sample = LeapCA::Cert.first.tap{|c| c.destroy} + LeapCA::Cert.all.each {|c| c.destroy} + assert_raises RECORD_NOT_FOUND do + LeapCA::Cert.expects(:sample).returns(sample) + cert = LeapCA::Cert.pick_from_pool + end + end + + test "picks other cert if first pick has been destroyed" do + first = LeapCA::Cert.first.tap{|c| c.destroy} + second = LeapCA::Cert.first + LeapCA::Cert.expects(:sample).at_least_once. + returns(first). + then.returns(second) + cert = LeapCA::Cert.pick_from_pool + assert_equal second, cert + assert_nil LeapCA::Cert.first + end + +end diff --git a/certs/test/unit/cert_test.rb b/certs/test/unit/cert_test.rb new file mode 100644 index 0000000..0b21d0b --- /dev/null +++ b/certs/test/unit/cert_test.rb @@ -0,0 +1,39 @@ +require 'test_helper' + +class CertTest < ActiveSupport::TestCase + + setup do + @sample = LeapCA::Cert.new LeapCA::Cert.valid_attributes_hash + end + + test "stub cert for testing is valid" do + assert @sample.valid? + end + + test "setting random on create validation" do + @sample.random = "asdf" + assert @sample.valid? + assert @sample.random.is_a? Float + assert @sample.random >= 0 + assert @sample.random < 1 + end + + test "validates random" do + @sample.save # make sure we are past the on_create + assert @sample.valid? + ["asdf", 1, 2, -0.1, nil, "asdf"].each do |invalid| + @sample.random = invalid + assert !@sample.valid?, "#{invalid} should not be a valid value for random" + end + end + + test "validates key" do + @sample.key = nil + assert !@sample.valid?, "Cert should require key" + end + + test "validates cert" do + @sample.cert = nil + assert !@sample.valid?, "Cert should require cert" + end +end |