3rdparty/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb

   1 require 'spec_helper'
   2
   3 describe 'validate_x509_rsa_key_pair' do
   4   let(:valid_cert) do
   5     <<DOC
   6 -----BEGIN CERTIFICATE-----
   7 MIIC9jCCAeCgAwIBAgIRAK11n3X7aypJ7FPM8UFyAeowCwYJKoZIhvcNAQELMBIx
   8 EDAOBgNVBAoTB0FjbWUgQ28wHhcNMTUxMTIzMjIzOTU4WhcNMTYxMTIyMjIzOTU4
   9 WjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
  10 CgKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFgNQjvpUoZ
  11 nNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd75H/EJd+
  12 N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiRfSo75FK1
  13 RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF2NwL8QzY
  14 htvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51thOOwafm+a
  15 W/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABo0swSTAOBgNVHQ8BAf8EBAMCAKAw
  16 EwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALggls
  17 b2NhbGhvc3QwCwYJKoZIhvcNAQELA4IBAQAzRo0hpVTrFQZLIXpwvKwZVGvJdCkV
  18 P95DTsSk/VTGV+/YtxrRqks++hJZnctm2PbnTsCAoIP3AMx+vicCKiKrxvpsLU8/
  19 +6cowUbcuGMdSQktwDqbAgEhQlLsETll06w1D/KC+ejOc4+LRn3GQcEyGDtMk/EX
  20 IeAvBZHr4/kVXWnfo6kzCLcku1f8yE/yDEFClZe9XV1Lk/s+3YfXVtNnMJJ1giZI
  21 QVOe6CkmuQq+4AtIeW8aLkvlfp632jag1F77a1y+L268koKkj0hBMrtcErVQaxmq
  22 xym0+soR4Tk4pTIGckeFglrLxkP2JpM/yTwSEAVlmG9vgTliYKyR0uMl
  23 -----END CERTIFICATE-----
  24 DOC
  25   end
  26
  27   let(:valid_key) do
  28     <<DOC
  29 -----BEGIN RSA PRIVATE KEY-----
  30 MIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg
  31 NQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd
  32 75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR
  33 fSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF
  34 2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th
  35 OOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u
  36 O61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk
  37 zCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX
  38 eKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T
  39 gIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8
  40 72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3
  41 /b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah
  42 2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg
  43 R0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx
  44 Fia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU
  45 gHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo
  46 7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ
  47 OOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC
  48 d5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL
  49 2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h
  50 KZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd
  51 obQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS
  52 c7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb
  53 jbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ
  54 KAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=
  55 -----END RSA PRIVATE KEY-----
  56 DOC
  57   end
  58
  59   let(:another_valid_key) do
  60     <<DOC
  61 -----BEGIN RSA PRIVATE KEY-----
  62 MIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ
  63 0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ
  64 Xwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX
  65 sbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0
  66 2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c
  67 HR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx
  68 K06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB
  69 Ryicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz
  70 psldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF
  71 mVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH
  72 N6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A
  73 YiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh
  74 eGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1
  75 S+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB
  76 J2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz
  77 czmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo
  78 99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs
  79 3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc
  80 hWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf
  81 Ai4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc
  82 eoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo
  83 GiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN
  84 B2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY
  85 zJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78
  86 +4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==
  87 -----END RSA PRIVATE KEY-----
  88 DOC
  89   end
  90   # rubocop:enable Layout/IndentHeredoc
  91
  92   let(:valid_cert_but_indented) do
  93     valid_cert.gsub(%r{^}, '  ')
  94   end
  95
  96   let(:valid_key_but_indented) do
  97     valid_key.gsub(%r{^}, '  ')
  98   end
  99
 100   let(:malformed_cert) do
 101     truncate_middle(valid_cert)
 102   end
 103
 104   let(:malformed_key) do
 105     truncate_middle(valid_key)
 106   end
 107
 108   let(:bad_cert) do
 109     'foo'
 110   end
 111
 112   let(:bad_key) do
 113     'bar'
 114   end
 115
 116   context 'with function signature validation' do
 117     it { is_expected.not_to eq(nil) }
 118     it { is_expected.to run.with_params.and_raise_error(Puppet::ParseError, %r{wrong number of arguments}i) }
 119     it { is_expected.to run.with_params(0, 1, 2, 3).and_raise_error(Puppet::ParseError, %r{wrong number of arguments}i) }
 120   end
 121
 122   context 'with valid input' do
 123     describe 'valid certificate and key' do
 124       it { is_expected.to run.with_params(valid_cert, valid_key) }
 125     end
 126   end
 127
 128   context 'with bad input' do
 129     describe 'valid certificate, valid but indented key' do
 130       it { is_expected.to run.with_params(valid_cert, valid_key_but_indented).and_raise_error(Puppet::ParseError, %r{Not a valid RSA key}) }
 131     end
 132
 133     describe 'valid certificate, malformed key' do
 134       it { is_expected.to run.with_params(valid_cert, malformed_key).and_raise_error(Puppet::ParseError, %r{Not a valid RSA key}) }
 135     end
 136
 137     describe 'valid certificate, bad key' do
 138       it { is_expected.to run.with_params(valid_cert, bad_key).and_raise_error(Puppet::ParseError, %r{Not a valid RSA key}) }
 139     end
 140
 141     describe 'valid but indented certificate, valid key' do
 142       it { is_expected.to run.with_params(valid_cert_but_indented, valid_key).and_raise_error(Puppet::ParseError, %r{Not a valid x509 certificate}) }
 143     end
 144
 145     describe 'malformed certificate, valid key' do
 146       it { is_expected.to run.with_params(malformed_cert, valid_key).and_raise_error(Puppet::ParseError, %r{Not a valid x509 certificate}) }
 147     end
 148
 149     describe 'bad certificate, valid key' do
 150       it { is_expected.to run.with_params(bad_cert, valid_key).and_raise_error(Puppet::ParseError, %r{Not a valid x509 certificate}) }
 151     end
 152
 153     describe 'validate certificate and key; certficate not signed by key' do
 154       it { is_expected.to run.with_params(valid_cert, another_valid_key).and_raise_error(Puppet::ParseError, %r{Certificate signature does not match supplied key}) }
 155     end
 156
 157     describe 'valid cert and key but arguments in wrong order' do
 158       it { is_expected.to run.with_params(valid_key, valid_cert).and_raise_error(Puppet::ParseError, %r{Not a valid x509 certificate}) }
 159     end
 160
 161     describe 'non-string arguments' do
 162       it { is_expected.to run.with_params({}, {}).and_raise_error(Puppet::ParseError, %r{is not a string}) }
 163       it { is_expected.to run.with_params(1, 1).and_raise_error(Puppet::ParseError, %r{is not a string}) }
 164       it { is_expected.to run.with_params(true, true).and_raise_error(Puppet::ParseError, %r{is not a string}) }
 165       it { is_expected.to run.with_params('foo', {}).and_raise_error(Puppet::ParseError, %r{is not a string}) }
 166       it { is_expected.to run.with_params(1, 'bar').and_raise_error(Puppet::ParseError, %r{is not a string}) }
 167       it { is_expected.to run.with_params('baz', true).and_raise_error(Puppet::ParseError, %r{is not a string}) }
 168     end
 169   end
 170
 171   def truncate_middle(string)
 172     chars_to_truncate = 48
 173     middle = (string.length / 2).floor
 174     start_pos = middle - (chars_to_truncate / 2)
 175     end_pos = middle + (chars_to_truncate / 2)
 176
 177     string[start_pos...end_pos] = ''
 178     string
 179   end
 180 end