Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-10 09:08:07 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-10 09:08:07 +0300
commit: 232655bf32cd474d54de357b65ef43d77271117c (patch)
tree: d176e36660e41bb2b629237639015d4dde7d4414 /spec
parent: f5ae9d0960aa422a65a2a22e230100257dddb9ed (diff)
5 files changed, 102 insertions, 5 deletions
diff --git a/spec/helpers/x509_helper_spec.rb b/spec/helpers/x509_helper_spec.rb
new file mode 100644
index 00000000000..dcdf57ce035
--- /dev/null
+++ b/spec/helpers/x509_helper_spec.rb
@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe X509Helper do
+  describe '#x509_subject' do
+    let(:search_uppercase) { %w[CN OU O] }
+    let(:search_lowercase) { %w[cn ou o] }
+    let(:certificate_attributes) do
+      {
+        'CN' => 'CA Issuing',
+        'OU' => 'Trust Center',
+        'O' => 'Example'
+      }
+    end
+
+    context 'with uppercase DN' do
+      let(:upper_dn) { 'CN=CA Issuing,OU=Trust Center,O=Example,L=World,C=Galaxy' }
+
+      it 'returns the attributes on any case search' do
+        expect(x509_subject(upper_dn, search_lowercase)).to eq(certificate_attributes)
+        expect(x509_subject(upper_dn, search_uppercase)).to eq(certificate_attributes)
+      end
+    end
+
+    context 'with lowercase DN' do
+      let(:lower_dn) { 'cn=CA Issuing,ou=Trust Center,o=Example,l=World,c=Galaxy' }
+
+      it 'returns the attributes on any case search' do
+        expect(x509_subject(lower_dn, search_lowercase)).to eq(certificate_attributes)
+        expect(x509_subject(lower_dn, search_uppercase)).to eq(certificate_attributes)
+      end
+    end
+
+    context 'with comma within DN' do
+      let(:comma_dn) { 'cn=CA\, Issuing,ou=Trust Center,o=Example,l=World,c=Galaxy' }
+      let(:certificate_attributes) do
+        {
+          'CN' => 'CA, Issuing',
+          'OU' => 'Trust Center',
+          'O' => 'Example'
+        }
+      end
+
+      it 'returns the attributes on any case search' do
+        expect(x509_subject(comma_dn, search_lowercase)).to eq(certificate_attributes)
+        expect(x509_subject(comma_dn, search_uppercase)).to eq(certificate_attributes)
+      end
+    end
+
+    context 'with mal formed DN' do
+      let(:bad_dn) { 'cn=CA, Issuing,ou=Trust Center,o=Example,l=World,c=Galaxy' }
+
+      it 'returns nil on any case search' do
+        expect(x509_subject(bad_dn, search_lowercase)).to eq({})
+        expect(x509_subject(bad_dn, search_uppercase)).to eq({})
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/x509/commit_spec.rb b/spec/lib/gitlab/x509/commit_spec.rb
index 9cddf27ddce..c31e9e4b8e6 100644
--- a/spec/lib/gitlab/x509/commit_spec.rb
+++ b/spec/lib/gitlab/x509/commit_spec.rb
@@ -204,5 +204,38 @@ describe Gitlab::X509::Commit do
         expect(described_class.new(commit).signature).to be_nil
       end
     end
+
+    context 'certificate_crl' do
+      let!(:commit) { create :commit, project: project, sha: commit_sha, created_at: Time.utc(2019, 1, 1, 20, 15, 0), committer_email: X509Helpers::User1.emails.first }
+      let(:signed_commit) { described_class.new(commit) }
+
+      describe 'valid crlDistributionPoints' do
+        before do
+          allow(signed_commit).to receive(:get_certificate_extension).and_call_original
+
+          allow(signed_commit).to receive(:get_certificate_extension)
+            .with('crlDistributionPoints')
+            .and_return("\nFull Name:\n  URI:http://ch.siemens.com/pki?ZZZZZZA2.crl\n  URI:ldap://cl.siemens.net/CN=ZZZZZZA2,L=PKI?certificateRevocationList\n  URI:ldap://cl.siemens.com/CN=ZZZZZZA2,o=Trustcenter?certificateRevocationList\n")
+        end
+
+        it 'returns an unverified signature' do
+          expect(signed_commit.signature.x509_certificate.x509_issuer).to have_attributes(user1_issuer_attributes)
+        end
+      end
+
+      describe 'valid crlDistributionPoints providing multiple http URIs' do
+        before do
+          allow(signed_commit).to receive(:get_certificate_extension).and_call_original
+
+          allow(signed_commit).to receive(:get_certificate_extension)
+            .with('crlDistributionPoints')
+            .and_return("\nFull Name:\n  URI:http://cdp1.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl\n\nFull Name:\n  URI:http://cdp2.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl\n")
+        end
+
+        it 'extracts the first URI' do
+          expect(signed_commit.signature.x509_certificate.x509_issuer.crl_url).to eq("http://cdp1.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl")
+        end
+      end
+    end
   end
 end
diff --git a/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb b/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
index 6c772ddf897..37f1b33d455 100644
--- a/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
@@ -264,6 +264,8 @@ RSpec.shared_examples 'cluster application status specs' do |application_name|
   describe '#available?' do
     using RSpec::Parameterized::TableSyntax
 
+    let_it_be(:cluster) { create(:cluster, :provided_by_gcp) }
+
     where(:trait, :available) do
       :not_installable   | false
       :installable       | false
@@ -280,7 +282,7 @@ RSpec.shared_examples 'cluster application status specs' do |application_name|
     end
 
     with_them do
-      subject { build(application_name, trait) }
+      subject { build(application_name, trait, cluster: cluster) }
 
       if params[:available]
         it { is_expected.to be_available }
diff --git a/spec/support/shared_examples/models/cluster_application_version_shared_examples.rb b/spec/support/shared_examples/models/cluster_application_version_shared_examples.rb
index e293467774e..cf7010c48c2 100644
--- a/spec/support/shared_examples/models/cluster_application_version_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_version_shared_examples.rb
@@ -2,16 +2,18 @@
 
 RSpec.shared_examples 'cluster application version specs' do |application_name|
   describe 'update_available?' do
+    let_it_be(:cluster) { create(:cluster, :provided_by_gcp) }
+
     let(:version) { '0.0.0' }
 
-    subject { create(application_name, :installed, version: version).update_available? }
+    subject { build(application_name, :installed, version: version, cluster: cluster).update_available? }
 
     context 'version is not the same as VERSION' do
       it { is_expected.to be_truthy }
     end
 
     context 'version is the same as VERSION' do
-      let(:application) { build(application_name) }
+      let(:application) { build(application_name, cluster: cluster) }
       let(:version) { application.class.const_get(:VERSION, false) }
 
       it { is_expected.to be_falsey }
diff --git a/spec/workers/concerns/gitlab/github_import/notify_upon_death_spec.rb b/spec/workers/concerns/gitlab/notify_upon_death_spec.rb
index 200cdffd560..1c75ac99227 100644
--- a/spec/workers/concerns/gitlab/github_import/notify_upon_death_spec.rb
+++ b/spec/workers/concerns/gitlab/notify_upon_death_spec.rb
@@ -2,11 +2,11 @@
 
 require 'spec_helper'
 
-describe Gitlab::GithubImport::NotifyUponDeath do
+describe Gitlab::NotifyUponDeath do
   let(:worker_class) do
     Class.new do
       include Sidekiq::Worker
-      include Gitlab::GithubImport::NotifyUponDeath
+      include Gitlab::NotifyUponDeath
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-10 09:08:07 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-10 09:08:07 +0300
commit	232655bf32cd474d54de357b65ef43d77271117c (patch)
tree	d176e36660e41bb2b629237639015d4dde7d4414 /spec
parent	f5ae9d0960aa422a65a2a22e230100257dddb9ed (diff)