8 @rootdir = File.dirname(__FILE__)
9 @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem")
12 it "should be able to decode base64 text it encoded" do
13 @ssl.base64_decode(@ssl.base64_encode("foo")).should == "foo"
16 it "should decrypt what it encrypted with RSA" do
17 crypted = @ssl.aes_encrypt("foo")
18 decrypted = @ssl.aes_decrypt(crypted[:key], crypted[:data])
20 decrypted.should == "foo"
23 it "should be able to decrypt using RSA private key what it encrypted with RSA public key" do
24 crypted = @ssl.rsa_encrypt_with_public("foo")
25 decrypted = @ssl.rsa_decrypt_with_private(crypted)
27 decrypted.should == "foo"
30 it "should be able to decrypt using RSA public key what it encrypted with RSA private key" do
31 crypted = @ssl.rsa_encrypt_with_private("foo")
32 decrypted = @ssl.rsa_decrypt_with_public(crypted)
34 decrypted.should == "foo"
37 it "using a helper it should be able to decrypt with private key what it encrypted using the public key" do
38 @ssl.decrypt_with_private(@ssl.encrypt_with_public("foo")).should == "foo"
39 @ssl.decrypt_with_private(@ssl.encrypt_with_public("foo", false), false).should == "foo"
42 it "using a helper it should be able to decrypt with public key what it encrypted using the private key" do
43 @ssl.decrypt_with_public(@ssl.encrypt_with_private("foo")).should == "foo"
44 @ssl.decrypt_with_public(@ssl.encrypt_with_private("foo", false), false).should == "foo"
47 describe "#initialize" do
48 it "should default to aes-256-cbc" do
49 @ssl.ssl_cipher.should == "aes-256-cbc"
52 it "should take the configured value when present" do
53 Config.instance.stubs("ssl_cipher").returns("aes-128-cbc")
54 @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem")
56 @ssl.ssl_cipher.should == "aes-128-cbc"
59 it "should set the supplied ssl cipher" do
60 @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem", nil, "aes-128-cbc")
61 @ssl.ssl_cipher.should == "aes-128-cbc"
64 it "should prefer the supplied cipher over configured cipher" do
65 Config.instance.stubs("aes_key_size").returns("foo-foo-foo")
66 @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem", nil, "aes-128-cbc")
68 @ssl.ssl_cipher.should == "aes-128-cbc"
71 it "should fail on invalid ciphers" do
73 @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem", nil, "foo-foo-foo")
74 }.to raise_error("The supplied cipher 'foo-foo-foo' is not supported")
78 describe "#read_key" do
79 it "should fail on non exiting files" do
81 @ssl.read_key(:public, "/nonexisting")
82 }.to raise_error("Could not find key /nonexisting")
85 it "should fail on existing, empty files" do
86 File.expects(:exist?).with('key').returns(true)
87 File.expects(:zero?).with('key').returns(true)
89 @ssl.read_key(:public, 'key')
90 }.to raise_error("public key file 'key' is empty")
93 it "should fail on unknown key types" do
95 @ssl.read_key(:unknown, @ssl.public_key_file)
96 }.to raise_error("Can only load :public or :private keys")
99 it "should read a public key" do
100 @ssl.read_key(:public, "#{@rootdir}/../fixtures/test-public.pem")
103 it "should read the public key from a certificate" do
104 @ssl.read_key(:public, "#{@rootdir}/../fixtures/test-cert.pem").to_s.should match(/.+BEGIN.+PUBLIC KEY.+END.+PUBLIC KEY.+/m)
107 it "should return nil if no key was given" do
108 @ssl.read_key(:public).should == nil
111 it "should return nil if nil key was given" do
112 @ssl.read_key(:public, nil).should == nil
115 it "should clear the OpenSSL error queue on ruby 1.8" do
116 Util.expects(:ruby_version).returns("1.8.7")
117 OpenSSL.expects(:errors)
118 @ssl.read_key(:public, "#{@rootdir}/../fixtures/test-public.pem")
119 @ssl.read_key(:private, "#{@rootdir}/../fixtures/test-private.pem")
122 it "should not clear the OpenSSL error queue on ruby > 1.8" do
123 Util.expects(:ruby_version).returns("1.9.3")
124 OpenSSL.expects(:errors).never
125 @ssl.read_key(:public, "#{@rootdir}/../fixtures/test-public.pem")
126 @ssl.read_key(:private, "#{@rootdir}/../fixtures/test-private.pem")
130 describe "#base64_encode" do
131 it "should correctly encode" do
132 @ssl.base64_encode("foo").should == "Zm9v\n"
133 SSL.base64_encode("foo").should == "Zm9v\n"
137 describe "#base64_decode" do
138 it "should correctly decode" do
139 @ssl.base64_decode("Zm9v").should == "foo"
140 SSL.base64_decode("Zm9v").should == "foo"
144 describe "#aes_encrypt" do
145 it "should create a key and data" do
146 crypted = @ssl.aes_encrypt("foo")
148 crypted.include?(:key).should == true
149 crypted.include?(:data).should == true
153 describe "#aes_decrypt" do
154 it "should decrypt correctly given key and data" do
155 key = @ssl.base64_decode("rAaCyW6qB0XqZNa9hji0qHwrI3P47t8diLNXoemW9ss=")
156 data = @ssl.base64_decode("mSthvO/wSl0ArNOcgysTVw==")
158 @ssl.aes_decrypt(key, data).should == "foo"
161 it "should decrypt correctly given key, data and cipher" do
162 key = @ssl.base64_decode("VEma3a/R7fjw2M4d0NIctA==")
163 data = @ssl.base64_decode("FkH6qLvKTn7a+uNPe8ciHA==")
165 # the default aes-256-cbc should fail here, the key above is 128 bit
166 # the exception classes changed mid-1.9.2 :(
167 if OpenSSL.constants.include?("CipherError")
168 expect { @ssl.aes_decrypt(key, data) }.to raise_error(OpenSSL::CipherError)
170 expect { @ssl.aes_decrypt(key, data) }.to raise_error(OpenSSL::Cipher::CipherError)
173 # new ssl instance configured for aes-128-cbc, should work
174 @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem", nil, "aes-128-cbc")
175 @ssl.aes_decrypt(key, data).should == "foo"
180 it "should produce correct md5 sums" do
181 # echo -n 'hello world'|md5sum
182 @ssl.md5("hello world").should == "5eb63bbbe01eeed093cb22bb8f5acdc3"
186 it "should sign the message without base64 by default" do
187 SSL.md5(@ssl.sign("hello world")).should == "8269b23f55945aaa82efbff857c845a6"
190 it "should support base64 encoding messages" do
191 SSL.md5(@ssl.sign("hello world", true)).should == "8a4eb3c3d44d22c46dc36a7e441d8db0"
195 describe "#verify_signature" do
196 it "should correctly verify a message signed using the same keypair" do
197 @ssl.verify_signature(@ssl.sign("hello world"), "hello world").should == true
198 @ssl.verify_signature(@ssl.sign("hello world", true), "hello world", true).should == true
201 it "should fail to verify messages not signed by the key" do
202 @ssl.verify_signature("evil fake signature", "hello world").should == false
206 describe "#decrypt_with_public" do
207 it "should decrypt correctly given key and data in base64 format" do
208 crypted = {:key=> "YaRcSDdcKgnRZ4Eu2eirl/+lzDgVkPZ41kXAQQNOi+6AfjdbbOW7Zblibx9r\n3TzZAi0ulA94gqNAXPvPC8LaO8W9TtJwlto/RHwDM7ZdfqEImSYoVACFNq28\n+0MLr3K3hIBsB1pyxgFTQul+MrCq+3Fik7Nj7ZKkJUT2veyqbg8=",
209 :data=>"TLVw1EYeOaGDmEC/R2I/cA=="}
211 @ssl.decrypt_with_public(crypted).should == "foo"
215 describe "#decrypt_with_private" do
216 it "should decrypt correctly given key and data in base64 format" do
217 crypted = {:key=> "kO1kUgJBiEBdoajN4OHp9BOie6dCznf1YKbBnp3LOyBxcDDQtjxEBlPmjQve\npXrQJ5xpLX6oNBxzU18Pf2SKYUZSbzIkDUb97GQY0WoBQsdM2OwPXH+HtF2A\no5N8iIx9srPAEAFa6hZAdqvcmRT/SzhP1kH+Gyy8fyvW8HGBjNY=",
218 :data=>"gDTaHCmes/Yua4jtjmgukQ=="}
220 @ssl.decrypt_with_private(crypted).should == "foo"
224 describe "#decrypt_with_private" do
225 it "should fail if not given a key" do
227 @ssl.decrypt_with_private({:iv => "x", :data => "x"})
228 }.to raise_error("Crypted data should include a key")
231 it "should fail if not given data" do
233 @ssl.decrypt_with_private({:iv => "x", :key => "x"})
234 }.to raise_error("Crypted data should include data")
238 describe "#decrypt_with_public" do
239 it "should fail if not given a key" do
241 @ssl.decrypt_with_public({:iv => "x", :data => "x"})
242 }.to raise_error("Crypted data should include a key")
245 it "should fail if not given data" do
247 @ssl.decrypt_with_public({:iv => "x", :key => "x"})
248 }.to raise_error("Crypted data should include data")
253 it "should produce repeatable uuids" do
254 SSL.uuid("hello world").should == SSL.uuid("hello world")
257 it "should not always produce the same uuid" do
258 SSL.uuid.should_not == SSL.uuid