PageRenderTime 406ms CodeModel.GetById 151ms app.highlight 23ms RepoModel.GetById 178ms app.codeStats 1ms

/spec/httparty/ssl_spec.rb

http://github.com/jnunemaker/httparty
Ruby | 82 lines | 68 code | 14 blank | 0 comment | 0 complexity | 2caeccb80cfcb018db21e0d2e2c39696 MD5 | raw file
 1require 'spec_helper'
 2
 3RSpec.describe HTTParty::Request do
 4  context "SSL certificate verification" do
 5    before do
 6      WebMock.disable!
 7    end
 8
 9    after do
10      WebMock.enable!
11    end
12
13    it "should fail when no trusted CA list is specified, by default" do
14      expect do
15        ssl_verify_test(nil, nil, "selfsigned.crt")
16      end.to raise_error OpenSSL::SSL::SSLError
17    end
18
19    it "should work when no trusted CA list is specified, when the verify option is set to false" do
20      expect(ssl_verify_test(nil, nil, "selfsigned.crt", verify: false).parsed_response).to eq({'success' => true})
21    end
22
23    it "should fail when no trusted CA list is specified, with a bogus hostname, by default" do
24      expect do
25        ssl_verify_test(nil, nil, "bogushost.crt")
26      end.to raise_error OpenSSL::SSL::SSLError
27    end
28
29    it "should work when no trusted CA list is specified, even with a bogus hostname, when the verify option is set to true" do
30      expect(ssl_verify_test(nil, nil, "bogushost.crt", verify: false).parsed_response).to eq({'success' => true})
31    end
32
33    it "should work when using ssl_ca_file with a self-signed CA" do
34      expect(ssl_verify_test(:ssl_ca_file, "selfsigned.crt", "selfsigned.crt").parsed_response).to eq({'success' => true})
35    end
36
37    it "should work when using ssl_ca_file with a certificate authority" do
38      expect(ssl_verify_test(:ssl_ca_file, "ca.crt", "server.crt").parsed_response).to eq({'success' => true})
39    end
40
41    it "should work when using ssl_ca_path with a certificate authority" do
42      http = Net::HTTP.new('www.google.com', 443)
43      response = double(Net::HTTPResponse, :[] => '', body: '', to_hash: {})
44      allow(http).to receive(:request).and_return(response)
45      expect(Net::HTTP).to receive(:new).with('www.google.com', 443).and_return(http)
46      expect(http).to receive(:ca_path=).with('/foo/bar')
47      HTTParty.get('https://www.google.com', ssl_ca_path: '/foo/bar')
48    end
49
50    it "should fail when using ssl_ca_file and the server uses an unrecognized certificate authority" do
51      expect do
52        ssl_verify_test(:ssl_ca_file, "ca.crt", "selfsigned.crt")
53      end.to raise_error(OpenSSL::SSL::SSLError)
54    end
55
56    it "should fail when using ssl_ca_path and the server uses an unrecognized certificate authority" do
57      expect do
58        ssl_verify_test(:ssl_ca_path, ".", "selfsigned.crt")
59      end.to raise_error(OpenSSL::SSL::SSLError)
60    end
61
62    it "should fail when using ssl_ca_file and the server uses a bogus hostname" do
63      expect do
64        ssl_verify_test(:ssl_ca_file, "ca.crt", "bogushost.crt")
65      end.to raise_error(OpenSSL::SSL::SSLError)
66    end
67
68    it "should fail when using ssl_ca_path and the server uses a bogus hostname" do
69      expect do
70        ssl_verify_test(:ssl_ca_path, ".", "bogushost.crt")
71      end.to raise_error(OpenSSL::SSL::SSLError)
72    end
73
74    it "should provide the certificate used by the server via peer_cert" do
75      peer_cert = nil
76      ssl_verify_test(:ssl_ca_file, "ca.crt", "server.crt") do |response|
77        peer_cert ||= response.connection.peer_cert
78      end
79      expect(peer_cert).to be_a OpenSSL::X509::Certificate
80    end
81  end
82end