--- /dev/null
+#!/usr/bin/env rspec
+
+require 'spec_helper'
+
+module MCollective
+ describe SSL do
+ before do
+ @rootdir = File.dirname(__FILE__)
+ @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem")
+ end
+
+ it "should be able to decode base64 text it encoded" do
+ @ssl.base64_decode(@ssl.base64_encode("foo")).should == "foo"
+ end
+
+ it "should decrypt what it encrypted with RSA" do
+ crypted = @ssl.aes_encrypt("foo")
+ decrypted = @ssl.aes_decrypt(crypted[:key], crypted[:data])
+
+ decrypted.should == "foo"
+ end
+
+ it "should be able to decrypt using RSA private key what it encrypted with RSA public key" do
+ crypted = @ssl.rsa_encrypt_with_public("foo")
+ decrypted = @ssl.rsa_decrypt_with_private(crypted)
+
+ decrypted.should == "foo"
+ end
+
+ it "should be able to decrypt using RSA public key what it encrypted with RSA private key" do
+ crypted = @ssl.rsa_encrypt_with_private("foo")
+ decrypted = @ssl.rsa_decrypt_with_public(crypted)
+
+ decrypted.should == "foo"
+ end
+
+ it "using a helper it should be able to decrypt with private key what it encrypted using the public key" do
+ @ssl.decrypt_with_private(@ssl.encrypt_with_public("foo")).should == "foo"
+ @ssl.decrypt_with_private(@ssl.encrypt_with_public("foo", false), false).should == "foo"
+ end
+
+ it "using a helper it should be able to decrypt with public key what it encrypted using the private key" do
+ @ssl.decrypt_with_public(@ssl.encrypt_with_private("foo")).should == "foo"
+ @ssl.decrypt_with_public(@ssl.encrypt_with_private("foo", false), false).should == "foo"
+ end
+
+ describe "#initialize" do
+ it "should default to aes-256-cbc" do
+ @ssl.ssl_cipher.should == "aes-256-cbc"
+ end
+
+ it "should take the configured value when present" do
+ Config.instance.stubs("ssl_cipher").returns("aes-128-cbc")
+ @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem")
+
+ @ssl.ssl_cipher.should == "aes-128-cbc"
+ end
+
+ it "should set the supplied ssl cipher" do
+ @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem", nil, "aes-128-cbc")
+ @ssl.ssl_cipher.should == "aes-128-cbc"
+ end
+
+ it "should prefer the supplied cipher over configured cipher" do
+ Config.instance.stubs("aes_key_size").returns("foo-foo-foo")
+ @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem", nil, "aes-128-cbc")
+
+ @ssl.ssl_cipher.should == "aes-128-cbc"
+ end
+
+ it "should fail on invalid ciphers" do
+ expect {
+ @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem", nil, "foo-foo-foo")
+ }.to raise_error("The supplied cipher 'foo-foo-foo' is not supported")
+ end
+ end
+
+ describe "#read_key" do
+ it "should fail on non exiting files" do
+ expect {
+ @ssl.read_key(:public, "/nonexisting")
+ }.to raise_error("Could not find key /nonexisting")
+ end
+
+ it "should fail on existing, empty files" do
+ File.expects(:exist?).with('key').returns(true)
+ File.expects(:zero?).with('key').returns(true)
+ expect{
+ @ssl.read_key(:public, 'key')
+ }.to raise_error("public key file 'key' is empty")
+ end
+
+ it "should fail on unknown key types" do
+ expect {
+ @ssl.read_key(:unknown, @ssl.public_key_file)
+ }.to raise_error("Can only load :public or :private keys")
+ end
+
+ it "should read a public key" do
+ @ssl.read_key(:public, "#{@rootdir}/../fixtures/test-public.pem")
+ end
+
+ it "should read the public key from a certificate" do
+ @ssl.read_key(:public, "#{@rootdir}/../fixtures/test-cert.pem").to_s.should match(/.+BEGIN.+PUBLIC KEY.+END.+PUBLIC KEY.+/m)
+ end
+
+ it "should return nil if no key was given" do
+ @ssl.read_key(:public).should == nil
+ end
+
+ it "should return nil if nil key was given" do
+ @ssl.read_key(:public, nil).should == nil
+ end
+
+ it "should clear the OpenSSL error queue on ruby 1.8" do
+ Util.expects(:ruby_version).returns("1.8.7")
+ OpenSSL.expects(:errors)
+ @ssl.read_key(:public, "#{@rootdir}/../fixtures/test-public.pem")
+ @ssl.read_key(:private, "#{@rootdir}/../fixtures/test-private.pem")
+ end
+
+ it "should not clear the OpenSSL error queue on ruby > 1.8" do
+ Util.expects(:ruby_version).returns("1.9.3")
+ OpenSSL.expects(:errors).never
+ @ssl.read_key(:public, "#{@rootdir}/../fixtures/test-public.pem")
+ @ssl.read_key(:private, "#{@rootdir}/../fixtures/test-private.pem")
+ end
+ end
+
+ describe "#base64_encode" do
+ it "should correctly encode" do
+ @ssl.base64_encode("foo").should == "Zm9v\n"
+ SSL.base64_encode("foo").should == "Zm9v\n"
+ end
+ end
+
+ describe "#base64_decode" do
+ it "should correctly decode" do
+ @ssl.base64_decode("Zm9v").should == "foo"
+ SSL.base64_decode("Zm9v").should == "foo"
+ end
+ end
+
+ describe "#aes_encrypt" do
+ it "should create a key and data" do
+ crypted = @ssl.aes_encrypt("foo")
+
+ crypted.include?(:key).should == true
+ crypted.include?(:data).should == true
+ end
+ end
+
+ describe "#aes_decrypt" do
+ it "should decrypt correctly given key and data" do
+ key = @ssl.base64_decode("rAaCyW6qB0XqZNa9hji0qHwrI3P47t8diLNXoemW9ss=")
+ data = @ssl.base64_decode("mSthvO/wSl0ArNOcgysTVw==")
+
+ @ssl.aes_decrypt(key, data).should == "foo"
+ end
+
+ it "should decrypt correctly given key, data and cipher" do
+ key = @ssl.base64_decode("VEma3a/R7fjw2M4d0NIctA==")
+ data = @ssl.base64_decode("FkH6qLvKTn7a+uNPe8ciHA==")
+
+ # the default aes-256-cbc should fail here, the key above is 128 bit
+ # the exception classes changed mid-1.9.2 :(
+ if OpenSSL.constants.include?("CipherError")
+ expect { @ssl.aes_decrypt(key, data) }.to raise_error(OpenSSL::CipherError)
+ else
+ expect { @ssl.aes_decrypt(key, data) }.to raise_error(OpenSSL::Cipher::CipherError)
+ end
+
+ # new ssl instance configured for aes-128-cbc, should work
+ @ssl = SSL.new("#{@rootdir}/../fixtures/test-public.pem", "#{@rootdir}/../fixtures/test-private.pem", nil, "aes-128-cbc")
+ @ssl.aes_decrypt(key, data).should == "foo"
+ end
+ end
+
+ describe "#md5" do
+ it "should produce correct md5 sums" do
+ # echo -n 'hello world'|md5sum
+ @ssl.md5("hello world").should == "5eb63bbbe01eeed093cb22bb8f5acdc3"
+ end
+ end
+ describe "#sign" do
+ it "should sign the message without base64 by default" do
+ SSL.md5(@ssl.sign("hello world")).should == "8269b23f55945aaa82efbff857c845a6"
+ end
+
+ it "should support base64 encoding messages" do
+ SSL.md5(@ssl.sign("hello world", true)).should == "8a4eb3c3d44d22c46dc36a7e441d8db0"
+ end
+ end
+
+ describe "#verify_signature" do
+ it "should correctly verify a message signed using the same keypair" do
+ @ssl.verify_signature(@ssl.sign("hello world"), "hello world").should == true
+ @ssl.verify_signature(@ssl.sign("hello world", true), "hello world", true).should == true
+ end
+
+ it "should fail to verify messages not signed by the key" do
+ @ssl.verify_signature("evil fake signature", "hello world").should == false
+ end
+ end
+
+ describe "#decrypt_with_public" do
+ it "should decrypt correctly given key and data in base64 format" do
+ crypted = {:key=> "YaRcSDdcKgnRZ4Eu2eirl/+lzDgVkPZ41kXAQQNOi+6AfjdbbOW7Zblibx9r\n3TzZAi0ulA94gqNAXPvPC8LaO8W9TtJwlto/RHwDM7ZdfqEImSYoVACFNq28\n+0MLr3K3hIBsB1pyxgFTQul+MrCq+3Fik7Nj7ZKkJUT2veyqbg8=",
+ :data=>"TLVw1EYeOaGDmEC/R2I/cA=="}
+
+ @ssl.decrypt_with_public(crypted).should == "foo"
+ end
+ end
+
+ describe "#decrypt_with_private" do
+ it "should decrypt correctly given key and data in base64 format" do
+ crypted = {:key=> "kO1kUgJBiEBdoajN4OHp9BOie6dCznf1YKbBnp3LOyBxcDDQtjxEBlPmjQve\npXrQJ5xpLX6oNBxzU18Pf2SKYUZSbzIkDUb97GQY0WoBQsdM2OwPXH+HtF2A\no5N8iIx9srPAEAFa6hZAdqvcmRT/SzhP1kH+Gyy8fyvW8HGBjNY=",
+ :data=>"gDTaHCmes/Yua4jtjmgukQ=="}
+
+ @ssl.decrypt_with_private(crypted).should == "foo"
+ end
+ end
+
+ describe "#decrypt_with_private" do
+ it "should fail if not given a key" do
+ expect {
+ @ssl.decrypt_with_private({:iv => "x", :data => "x"})
+ }.to raise_error("Crypted data should include a key")
+ end
+
+ it "should fail if not given data" do
+ expect {
+ @ssl.decrypt_with_private({:iv => "x", :key => "x"})
+ }.to raise_error("Crypted data should include data")
+ end
+ end
+
+ describe "#decrypt_with_public" do
+ it "should fail if not given a key" do
+ expect {
+ @ssl.decrypt_with_public({:iv => "x", :data => "x"})
+ }.to raise_error("Crypted data should include a key")
+ end
+
+ it "should fail if not given data" do
+ expect {
+ @ssl.decrypt_with_public({:iv => "x", :key => "x"})
+ }.to raise_error("Crypted data should include data")
+ end
+ end
+
+ describe "#uuid" do
+ it "should produce repeatable uuids" do
+ SSL.uuid("hello world").should == SSL.uuid("hello world")
+ end
+
+ it "should not always produce the same uuid" do
+ SSL.uuid.should_not == SSL.uuid
+ end
+ end
+ end
+end
Code Review / packages / precise / mcollective.git / blobdiff