From 1241cb8f13e6d0752b67521e8385b62d7fbcc882 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 15 May 2014 10:40:21 +0200
Subject: basic integration test for cert API

---
 test/integration/api/cert_test.rb | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 test/integration/api/cert_test.rb

(limited to 'test/integration/api')

diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb
new file mode 100644
index 0000000..74d439a
--- /dev/null
+++ b/test/integration/api/cert_test.rb
@@ -0,0 +1,30 @@
+require 'test_helper'
+
+class CertTest < ApiIntegrationTest
+
+  test "retrieve eip cert" do
+    login
+    get '/1/cert', {}, RACK_ENV
+    assert_text_response
+    assert_response_includes "BEGIN RSA PRIVATE KEY"
+    assert_response_includes "END RSA PRIVATE KEY"
+    assert_response_includes "BEGIN CERTIFICATE"
+    assert_response_includes "END CERTIFICATE"
+  end
+
+  test "fetching certs requires login by default" do
+    get '/1/cert', {}, RACK_ENV
+    assert_json_response error: I18n.t(:not_authorized)
+  end
+
+  test "retrieve anonymous eip cert" do
+    with_config allow_anonymous_certs: true do
+      get '/1/cert', {}, RACK_ENV
+      assert_text_response
+      assert_response_includes "BEGIN RSA PRIVATE KEY"
+      assert_response_includes "END RSA PRIVATE KEY"
+      assert_response_includes "BEGIN CERTIFICATE"
+      assert_response_includes "END CERTIFICATE"
+    end
+  end
+end
-- 
cgit v1.2.3


From 71dcf3f4e5d423b78b47f675297fc98b28ef3442 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 15 May 2014 11:17:47 +0200
Subject: SmtpCertsController, routes and tests

---
 test/integration/api/smtp_cert_test.rb | 51 ++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 test/integration/api/smtp_cert_test.rb

(limited to 'test/integration/api')

diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
new file mode 100644
index 0000000..a579d93
--- /dev/null
+++ b/test/integration/api/smtp_cert_test.rb
@@ -0,0 +1,51 @@
+require 'test_helper'
+require 'openssl'
+
+class SmtpCertTest < ApiIntegrationTest
+
+  test "retrieve smtp cert" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    get '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    assert_response_includes "BEGIN RSA PRIVATE KEY"
+    assert_response_includes "END RSA PRIVATE KEY"
+    assert_response_includes "BEGIN CERTIFICATE"
+    assert_response_includes "END CERTIFICATE"
+  end
+
+  test "key matches the cert" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    get '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    cert = OpenSSL::X509::Certificate.new(get_response.body)
+    key = OpenSSL::PKey::RSA.new(get_response.body)
+    assert cert.check_private_key(key)
+  end
+
+  # we'll store the fingerprint later.
+  test "fingerprint matches" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    get '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    cert = OpenSSL::X509::Certificate.new(get_response.body)
+    fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
+    skip "we're not storing the fingerprints yet"
+    assert_equal fingerprint, @user.identity.cert_fingerprints.last
+  end
+
+  test "fetching smtp certs requires email account" do
+    login
+    get '/1/smtp_cert', {}, RACK_ENV
+    assert_json_response error: I18n.t(:not_authorized)
+  end
+
+  test "no anonymous smtp certs" do
+    with_config allow_anonymous_certs: true do
+      get '/1/smtp_cert', {}, RACK_ENV
+      assert_json_response error: I18n.t(:not_authorized)
+    end
+  end
+end
-- 
cgit v1.2.3


From 17b67aeda81dee2273ce1161ac7292a328c3efaa Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 15 May 2014 16:29:49 +0200
Subject: store cert fingerprint with main user identity

---
 test/integration/api/smtp_cert_test.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'test/integration/api')

diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index a579d93..4f0f4a6 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -14,7 +14,7 @@ class SmtpCertTest < ApiIntegrationTest
     assert_response_includes "END CERTIFICATE"
   end
 
-  test "key matches the cert" do
+  test "cert and key" do
     @user = FactoryGirl.create :user, effective_service_level_code: 2
     login
     get '/1/smtp_cert', {}, RACK_ENV
@@ -22,17 +22,17 @@ class SmtpCertTest < ApiIntegrationTest
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     key = OpenSSL::PKey::RSA.new(get_response.body)
     assert cert.check_private_key(key)
+    prefix = "/CN=#{@user.email_address}"
+    assert_equal prefix, cert.subject.to_s.slice(0,prefix.size)
   end
 
-  # we'll store the fingerprint later.
-  test "fingerprint matches" do
+  test "fingerprint is stored with identity" do
     @user = FactoryGirl.create :user, effective_service_level_code: 2
     login
     get '/1/smtp_cert', {}, RACK_ENV
     assert_text_response
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
-    skip "we're not storing the fingerprints yet"
     assert_equal fingerprint, @user.identity.cert_fingerprints.last
   end
 
-- 
cgit v1.2.3


From 3a84578cf33685800c9216cfb4da12ea1fb0032f Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 19 May 2014 15:07:02 +0200
Subject: store fingerprints with timestamp

Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
---
 test/integration/api/smtp_cert_test.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'test/integration/api')

diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index 4f0f4a6..992249b 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest
     assert_text_response
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
-    assert_equal fingerprint, @user.identity.cert_fingerprints.last
+    today = DateTime.now.to_date.to_s
+    assert_equal({fingerprint => today}, @user.identity.cert_fingerprints)
   end
 
   test "fetching smtp certs requires email account" do
-- 
cgit v1.2.3


From 00d5adc90ccadc7f4a2a0d54a5a31a1ad02f05be Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 26 May 2014 09:31:36 +0200
Subject: change from GET to POST for certs

We create them. let's reflect that in the verb.
---
 test/integration/api/smtp_cert_test.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'test/integration/api')

diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index 992249b..04e6f31 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -6,7 +6,7 @@ class SmtpCertTest < ApiIntegrationTest
   test "retrieve smtp cert" do
     @user = FactoryGirl.create :user, effective_service_level_code: 2
     login
-    get '/1/smtp_cert', {}, RACK_ENV
+    post '/1/smtp_cert', {}, RACK_ENV
     assert_text_response
     assert_response_includes "BEGIN RSA PRIVATE KEY"
     assert_response_includes "END RSA PRIVATE KEY"
@@ -17,7 +17,7 @@ class SmtpCertTest < ApiIntegrationTest
   test "cert and key" do
     @user = FactoryGirl.create :user, effective_service_level_code: 2
     login
-    get '/1/smtp_cert', {}, RACK_ENV
+    post '/1/smtp_cert', {}, RACK_ENV
     assert_text_response
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     key = OpenSSL::PKey::RSA.new(get_response.body)
@@ -29,7 +29,7 @@ class SmtpCertTest < ApiIntegrationTest
   test "fingerprint is stored with identity" do
     @user = FactoryGirl.create :user, effective_service_level_code: 2
     login
-    get '/1/smtp_cert', {}, RACK_ENV
+    post '/1/smtp_cert', {}, RACK_ENV
     assert_text_response
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
@@ -39,13 +39,13 @@ class SmtpCertTest < ApiIntegrationTest
 
   test "fetching smtp certs requires email account" do
     login
-    get '/1/smtp_cert', {}, RACK_ENV
+    post '/1/smtp_cert', {}, RACK_ENV
     assert_json_response error: I18n.t(:not_authorized)
   end
 
   test "no anonymous smtp certs" do
     with_config allow_anonymous_certs: true do
-      get '/1/smtp_cert', {}, RACK_ENV
+      post '/1/smtp_cert', {}, RACK_ENV
       assert_json_response error: I18n.t(:not_authorized)
     end
   end
-- 
cgit v1.2.3