diff --git a/lib/localhost/authority.rb b/lib/localhost/authority.rb index 41c09ac..ca67891 100644 --- a/lib/localhost/authority.rb +++ b/lib/localhost/authority.rb @@ -42,7 +42,7 @@ def self.path(env = ENV, old_root: nil) # List all certificate authorities in the given directory: def self.list(root = self.path) - return to_enum(:list) unless block_given? + return to_enum(:list, root) unless block_given? Dir.glob("*.crt", base: root) do |path| name = File.basename(path, ".crt") @@ -85,10 +85,6 @@ def initialize(hostname = "localhost", root: self.class.path) BITS = 1024*2 - def ecdh_key - @ecdh_key ||= OpenSSL::PKey::EC.new "prime256v1" - end - def dh_key @dh_key ||= OpenSSL::PKey::DH.new(BITS) end @@ -176,8 +172,6 @@ def server_context(*arguments) if context.respond_to? :ecdh_curves= context.ecdh_curves = 'P-256:P-384:P-521' - elsif context.respond_to? :tmp_ecdh_callback= - context.tmp_ecdh_callback = proc {self.ecdh_key} end context.set_params( diff --git a/test/localhost/authority.rb b/test/localhost/authority.rb index 55ed231..9997669 100644 --- a/test/localhost/authority.rb +++ b/test/localhost/authority.rb @@ -21,7 +21,7 @@ def around Dir.mktmpdir do |path| @root = path - yield + super ensure @root = nil end @@ -29,6 +29,17 @@ def around let(:authority) {subject.new("localhost", root: @root)} + it "have correct key and certificate path" do + authority.save + + expect(File).to be(:exist?, authority.certificate_path) + expect(File).to be(:exist?, authority.key_path) + + expect(File).to be(:exist?, File.expand_path("localhost.lock", @root)) + expect(File).to be(:exist?, File.expand_path("localhost.crt", @root)) + expect(File).to be(:exist?, File.expand_path("localhost.key", @root)) + end + with ".path" do it "uses XDG_STATE_HOME" do env = {'XDG_STATE_HOME' => @root} @@ -64,15 +75,36 @@ def around end end - it "have correct key and certificate path" do - authority.save + with "#dh_key" do + it "is a DH key" do + expect(authority.dh_key).to be_a OpenSSL::PKey::DH + end + end + + with '#name' do + it "can get name" do + expect(authority.name.to_s).to be == "/O=Development/CN=localhost" + end - expect(File).to be(:exist?, authority.certificate_path) - expect(File).to be(:exist?, authority.key_path) + it "can set name" do + authority.name = OpenSSL::X509::Name.parse("/CN=example.localhost") + expect(authority.name.to_s).to be == "/CN=example.localhost" + end + end + + with '#key' do + it "is an RSA key" do + expect(authority.key).to be_a OpenSSL::PKey::RSA + end - expect(File).to be(:exist?, File.expand_path("localhost.lock", @root)) - expect(File).to be(:exist?, File.expand_path("localhost.crt", @root)) - expect(File).to be(:exist?, File.expand_path("localhost.key", @root)) + it "can set key" do + # Avoid generating a key, it's slow... + # key = OpenSSL::PKey::RSA.new(1024) + key = authority.key + + authority.key = key + expect(authority.key).to be_equal(key) + end end with '#store' do @@ -86,4 +118,47 @@ def around expect(authority.server_context).to be_a OpenSSL::SSL::SSLContext end end + + with '.list' do + def before + super + + authority.save + end + + it "can list all authorities" do + authorities = Localhost::Authority.list(@root).to_a + + expect(authorities.size).to be == 1 + expect(authorities.first).to be_a Localhost::Authority + expect(authorities.first).to have_attributes( + hostname: be == "localhost", + ) + end + end + + with '.fetch' do + def before + super + + authority.save + end + + it "can fetch existing authority" do + fetched_authority = Localhost::Authority.fetch("localhost", root: @root) + expect(fetched_authority).to have_attributes( + hostname: be == "localhost", + ) + end + + it "can create new authority" do + fetched_authority = Localhost::Authority.fetch("example.com", root: @root) + expect(fetched_authority).to have_attributes( + hostname: be == "example.com", + ) + + expect(File).to be(:exist?, fetched_authority.certificate_path) + expect(File).to be(:exist?, fetched_authority.key_path) + end + end end diff --git a/test/localhost/protocol.rb b/test/localhost/protocol.rb index 8fd8b01..1454152 100644 --- a/test/localhost/protocol.rb +++ b/test/localhost/protocol.rb @@ -27,6 +27,7 @@ end describe Localhost::Authority do + # We test the actual authority: let(:authority) {subject.new} include Sus::Fixtures::Async::HTTP::ServerContext