/spec/httparty/ssl_spec.rb

http://github.com/jnunemaker/httparty · Ruby · 82 lines · 68 code · 14 blank · 0 comment · 0 complexity · 2caeccb80cfcb018db21e0d2e2c39696 MD5 · raw file

  1. require 'spec_helper'
  2. RSpec.describe HTTParty::Request do
  3. context "SSL certificate verification" do
  4. before do
  5. WebMock.disable!
  6. end
  7. after do
  8. WebMock.enable!
  9. end
  10. it "should fail when no trusted CA list is specified, by default" do
  11. expect do
  12. ssl_verify_test(nil, nil, "selfsigned.crt")
  13. end.to raise_error OpenSSL::SSL::SSLError
  14. end
  15. it "should work when no trusted CA list is specified, when the verify option is set to false" do
  16. expect(ssl_verify_test(nil, nil, "selfsigned.crt", verify: false).parsed_response).to eq({'success' => true})
  17. end
  18. it "should fail when no trusted CA list is specified, with a bogus hostname, by default" do
  19. expect do
  20. ssl_verify_test(nil, nil, "bogushost.crt")
  21. end.to raise_error OpenSSL::SSL::SSLError
  22. end
  23. it "should work when no trusted CA list is specified, even with a bogus hostname, when the verify option is set to true" do
  24. expect(ssl_verify_test(nil, nil, "bogushost.crt", verify: false).parsed_response).to eq({'success' => true})
  25. end
  26. it "should work when using ssl_ca_file with a self-signed CA" do
  27. expect(ssl_verify_test(:ssl_ca_file, "selfsigned.crt", "selfsigned.crt").parsed_response).to eq({'success' => true})
  28. end
  29. it "should work when using ssl_ca_file with a certificate authority" do
  30. expect(ssl_verify_test(:ssl_ca_file, "ca.crt", "server.crt").parsed_response).to eq({'success' => true})
  31. end
  32. it "should work when using ssl_ca_path with a certificate authority" do
  33. http = Net::HTTP.new('www.google.com', 443)
  34. response = double(Net::HTTPResponse, :[] => '', body: '', to_hash: {})
  35. allow(http).to receive(:request).and_return(response)
  36. expect(Net::HTTP).to receive(:new).with('www.google.com', 443).and_return(http)
  37. expect(http).to receive(:ca_path=).with('/foo/bar')
  38. HTTParty.get('https://www.google.com', ssl_ca_path: '/foo/bar')
  39. end
  40. it "should fail when using ssl_ca_file and the server uses an unrecognized certificate authority" do
  41. expect do
  42. ssl_verify_test(:ssl_ca_file, "ca.crt", "selfsigned.crt")
  43. end.to raise_error(OpenSSL::SSL::SSLError)
  44. end
  45. it "should fail when using ssl_ca_path and the server uses an unrecognized certificate authority" do
  46. expect do
  47. ssl_verify_test(:ssl_ca_path, ".", "selfsigned.crt")
  48. end.to raise_error(OpenSSL::SSL::SSLError)
  49. end
  50. it "should fail when using ssl_ca_file and the server uses a bogus hostname" do
  51. expect do
  52. ssl_verify_test(:ssl_ca_file, "ca.crt", "bogushost.crt")
  53. end.to raise_error(OpenSSL::SSL::SSLError)
  54. end
  55. it "should fail when using ssl_ca_path and the server uses a bogus hostname" do
  56. expect do
  57. ssl_verify_test(:ssl_ca_path, ".", "bogushost.crt")
  58. end.to raise_error(OpenSSL::SSL::SSLError)
  59. end
  60. it "should provide the certificate used by the server via peer_cert" do
  61. peer_cert = nil
  62. ssl_verify_test(:ssl_ca_file, "ca.crt", "server.crt") do |response|
  63. peer_cert ||= response.connection.peer_cert
  64. end
  65. expect(peer_cert).to be_a OpenSSL::X509::Certificate
  66. end
  67. end
  68. end