diff options
Diffstat (limited to 'spec/lib/gitlab/ci/secure_files')
| -rw-r--r-- | spec/lib/gitlab/ci/secure_files/cer_spec.rb | 69 | ||||
| -rw-r--r-- | spec/lib/gitlab/ci/secure_files/mobile_provision_spec.rb | 149 | ||||
| -rw-r--r-- | spec/lib/gitlab/ci/secure_files/p12_spec.rb | 81 | ||||
| -rw-r--r-- | spec/lib/gitlab/ci/secure_files/x509_name_spec.rb | 30 |
4 files changed, 329 insertions, 0 deletions
diff --git a/spec/lib/gitlab/ci/secure_files/cer_spec.rb b/spec/lib/gitlab/ci/secure_files/cer_spec.rb new file mode 100644 index 00000000000..6b9cd0e3bfc --- /dev/null +++ b/spec/lib/gitlab/ci/secure_files/cer_spec.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::SecureFiles::Cer do + context 'when the supplied certificate cannot be parsed' do + let(:invalid_certificate) { described_class.new('xyzabc') } + + describe '#certificate_data' do + it 'assigns the error message and returns nil' do + expect(invalid_certificate.certificate_data).to be nil + expect(invalid_certificate.error).to eq('not enough data') + end + end + + describe '#metadata' do + it 'returns an empty hash' do + expect(invalid_certificate.metadata).to eq({}) + end + end + + describe '#expires_at' do + it 'returns nil' do + expect(invalid_certificate.metadata[:expires_at]).to be_nil + end + end + end + + context 'when the supplied certificate can be parsed' do + let(:sample_file) { fixture_file('ci_secure_files/sample.cer') } + let(:subject) { described_class.new(sample_file) } + + describe '#certificate_data' do + it 'returns an OpenSSL::X509::Certificate object' do + expect(subject.certificate_data.class).to be(OpenSSL::X509::Certificate) + end + end + + describe '#metadata' do + it 'returns a hash with the expected keys' do + expect(subject.metadata.keys).to match_array([:issuer, :subject, :id, :expires_at]) + end + end + + describe '#id' do + it 'returns the certificate serial number' do + expect(subject.metadata[:id]).to eq('33669367788748363528491290218354043267') + end + end + + describe '#expires_at' do + it 'returns the certificate expiration timestamp' do + expect(subject.metadata[:expires_at]).to eq('2022-04-26 19:20:40 UTC') + end + end + + describe '#issuer' do + it 'calls parse on X509Name' do + expect(subject.metadata[:issuer]["O"]).to eq('Apple Inc.') + end + end + + describe '#subject' do + it 'calls parse on X509Name' do + expect(subject.metadata[:subject]["OU"]).to eq('N7SYAN8PX8') + end + end + end +end diff --git a/spec/lib/gitlab/ci/secure_files/mobile_provision_spec.rb b/spec/lib/gitlab/ci/secure_files/mobile_provision_spec.rb new file mode 100644 index 00000000000..fb382174c64 --- /dev/null +++ b/spec/lib/gitlab/ci/secure_files/mobile_provision_spec.rb @@ -0,0 +1,149 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::SecureFiles::MobileProvision do + context 'when the supplied profile cannot be parsed' do + context 'when the supplied certificate cannot be parsed' do + let(:invalid_profile) { described_class.new('xyzabc') } + + describe '#decoded_plist' do + it 'assigns the error message and returns nil' do + expect(invalid_profile.decoded_plist).to be nil + expect(invalid_profile.error).to eq('Could not parse the PKCS7: not enough data') + end + end + + describe '#properties' do + it 'returns nil' do + expect(invalid_profile.properties).to be_nil + end + end + + describe '#metadata' do + it 'returns an empty hash' do + expect(invalid_profile.metadata).to eq({}) + end + end + + describe '#expires_at' do + it 'returns nil' do + expect(invalid_profile.metadata[:expires_at]).to be_nil + end + end + end + end + + context 'when the supplied profile can be parsed' do + let(:sample_file) { fixture_file('ci_secure_files/sample.mobileprovision') } + let(:subject) { described_class.new(sample_file) } + + describe '#decoded_plist' do + it 'returns an XML string' do + expect(subject.decoded_plist.class).to be(String) + expect(subject.decoded_plist.starts_with?('<?xml version="1.0"')).to be true + end + end + + describe '#properties' do + it 'returns the property list of the decoded plist provided' do + expect(subject.properties.class).to be(Hash) + expect(subject.properties.keys).to match_array(%w[AppIDName ApplicationIdentifierPrefix CreationDate + Platform IsXcodeManaged DeveloperCertificates + DER-Encoded-Profile PPQCheck Entitlements ExpirationDate + Name ProvisionedDevices TeamIdentifier TeamName + TimeToLive UUID Version]) + end + + it 'returns nil if the property list fails to be parsed from the decoded plist' do + allow(subject).to receive(:decoded_plist).and_return('foo/bar') + expect(subject.properties).to be nil + expect(subject.error).to start_with('invalid XML') + end + end + + describe '#metadata' do + it 'returns a hash with the expected keys' do + expect(subject.metadata.keys).to match_array([:id, :expires_at, :app_id, :app_id_prefix, :app_name, + :certificate_ids, :devices, :entitlements, :platforms, + :team_id, :team_name, :xcode_managed]) + end + end + + describe '#id' do + it 'returns the profile UUID' do + expect(subject.metadata[:id]).to eq('6b9fcce1-b9a9-4b37-b2ce-ec4da2044abf') + end + end + + describe '#expires_at' do + it 'returns the expiration timestamp of the profile' do + expect(subject.metadata[:expires_at].utc).to eq('2023-08-01 23:15:13 UTC') + end + end + + describe '#platforms' do + it 'returns the platforms assigned to the profile' do + expect(subject.metadata[:platforms]).to match_array(['iOS']) + end + end + + describe '#team_name' do + it 'returns the team name in the profile' do + expect(subject.metadata[:team_name]).to eq('Darby Frey') + end + end + + describe '#team_id' do + it 'returns the team ids in the profile' do + expect(subject.metadata[:team_id]).to match_array(['N7SYAN8PX8']) + end + end + + describe '#app_name' do + it 'returns the app name in the profile' do + expect(subject.metadata[:app_name]).to eq('iOS Demo') + end + end + + describe '#app_id' do + it 'returns the app id in the profile' do + expect(subject.metadata[:app_id]).to eq('match Development com.gitlab.ios-demo') + end + end + + describe '#app_id_prefix' do + it 'returns the app id prefixes in the profile' do + expect(subject.metadata[:app_id_prefix]).to match_array(['N7SYAN8PX8']) + end + end + + describe '#xcode_managed' do + it 'returns the xcode_managed property in the profile' do + expect(subject.metadata[:xcode_managed]).to be false + end + end + + describe '#entitlements' do + it 'returns the entitlements in the profile' do + expect(subject.metadata[:entitlements].keys).to match_array(['application-identifier', + 'com.apple.developer.game-center', + 'com.apple.developer.team-identifier', + 'get-task-allow', + 'keychain-access-groups']) + end + end + + describe '#devices' do + it 'returns the devices attached to the profile' do + expect(subject.metadata[:devices]).to match_array(["00008101-001454860C10001E"]) + end + end + + describe '#certificate_ids' do + it 'returns the certificate ids attached to the profile' do + expect(subject.metadata[:certificate_ids]).to match_array(["23380136242930206312716563638445789376"]) + end + end + end +end diff --git a/spec/lib/gitlab/ci/secure_files/p12_spec.rb b/spec/lib/gitlab/ci/secure_files/p12_spec.rb new file mode 100644 index 00000000000..beabf4b4856 --- /dev/null +++ b/spec/lib/gitlab/ci/secure_files/p12_spec.rb @@ -0,0 +1,81 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::SecureFiles::P12 do + context 'when the supplied certificate cannot be parsed' do + let(:invalid_certificate) { described_class.new('xyzabc') } + + describe '#certificate_data' do + it 'assigns the error message and returns nil' do + expect(invalid_certificate.certificate_data).to be nil + expect(invalid_certificate.error).to eq('PKCS12_parse: mac verify failure') + end + end + + describe '#metadata' do + it 'returns an empty hash' do + expect(invalid_certificate.metadata).to eq({}) + end + end + + describe '#expires_at' do + it 'returns nil' do + expect(invalid_certificate.metadata[:expires_at]).to be_nil + end + end + end + + context 'when the supplied certificate can be parsed, but the password is invalid' do + let(:sample_file) { fixture_file('ci_secure_files/sample.p12') } + let(:subject) { described_class.new(sample_file, 'foo') } + + describe '#certificate_data' do + it 'assigns the error message and returns nil' do + expect(subject.certificate_data).to be nil + expect(subject.error).to eq('PKCS12_parse: mac verify failure') + end + end + end + + context 'when the supplied certificate can be parsed' do + let(:sample_file) { fixture_file('ci_secure_files/sample.p12') } + let(:subject) { described_class.new(sample_file) } + + describe '#certificate_data' do + it 'returns an OpenSSL::X509::Certificate object' do + expect(subject.certificate_data.class).to be(OpenSSL::X509::Certificate) + end + end + + describe '#metadata' do + it 'returns a hash with the expected keys' do + expect(subject.metadata.keys).to match_array([:issuer, :subject, :id, :expires_at]) + end + end + + describe '#id' do + it 'returns the certificate serial number' do + expect(subject.metadata[:id]).to eq('75949910542696343243264405377658443914') + end + end + + describe '#expires_at' do + it 'returns the certificate expiration timestamp' do + expect(subject.metadata[:expires_at]).to eq('2022-09-21 14:56:00 UTC') + end + end + + describe '#issuer' do + it 'calls parse on X509Name' do + expect(subject.metadata[:issuer]["O"]).to eq('Apple Inc.') + end + end + + describe '#subject' do + it 'calls parse on X509Name' do + expect(subject.metadata[:subject]["OU"]).to eq('N7SYAN8PX8') + end + end + end +end diff --git a/spec/lib/gitlab/ci/secure_files/x509_name_spec.rb b/spec/lib/gitlab/ci/secure_files/x509_name_spec.rb new file mode 100644 index 00000000000..3a523924c5b --- /dev/null +++ b/spec/lib/gitlab/ci/secure_files/x509_name_spec.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::SecureFiles::X509Name do + describe '.parse' do + it 'parses an X509Name object into a hash format' do + sample = OpenSSL::X509::Name.new([ + ['C', 'Test Country'], + ['O', 'Test Org Name'], + ['OU', 'Test Org Unit'], + ['CN', 'Test Common Name'], + ['UID', 'Test UID'] + ]) + + parsed_sample = described_class.parse(sample) + + expect(parsed_sample["C"]).to eq('Test Country') + expect(parsed_sample["O"]).to eq('Test Org Name') + expect(parsed_sample["OU"]).to eq('Test Org Unit') + expect(parsed_sample["CN"]).to eq('Test Common Name') + expect(parsed_sample["UID"]).to eq('Test UID') + end + + it 'returns an empty hash when an error occurs' do + parsed_sample = described_class.parse('unexpectedinput') + expect(parsed_sample).to eq({}) + end + end +end |