diff options
Diffstat (limited to 'spec/bundler/bundler/ssl_certs/certificate_manager_spec.rb')
-rw-r--r-- | spec/bundler/bundler/ssl_certs/certificate_manager_spec.rb | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/spec/bundler/bundler/ssl_certs/certificate_manager_spec.rb b/spec/bundler/bundler/ssl_certs/certificate_manager_spec.rb new file mode 100644 index 0000000000..66853a6815 --- /dev/null +++ b/spec/bundler/bundler/ssl_certs/certificate_manager_spec.rb @@ -0,0 +1,141 @@ +# frozen_string_literal: true +require "spec_helper" +require "bundler/ssl_certs/certificate_manager" + +RSpec.describe Bundler::SSLCerts::CertificateManager do + let(:rubygems_path) { root } + let(:stub_cert) { File.join(root.to_s, "lib", "rubygems", "ssl_certs", "rubygems.org", "ssl-cert.pem") } + let(:rubygems_certs_dir) { File.join(root.to_s, "lib", "rubygems", "ssl_certs", "rubygems.org") } + + subject { described_class.new(rubygems_path) } + + # Pretend bundler root is rubygems root + before do + # Backing up rubygems ceriticates + FileUtils.mv(rubygems_certs_dir, rubygems_certs_dir + ".back") if !!(ENV["BUNDLE_RUBY"] && ENV["BUNDLE_GEM"]) + + FileUtils.mkdir_p(rubygems_certs_dir) + FileUtils.touch(stub_cert) + end + + after do + rubygems_dir = File.join(root.to_s, "lib", "rubygems") + FileUtils.rm_rf(rubygems_certs_dir) + + # Restore rubygems certificates + FileUtils.mv(rubygems_certs_dir + ".back", rubygems_certs_dir) if !!(ENV["BUNDLE_RUBY"] && ENV["BUNDLE_GEM"]) + end + + describe "#update_from" do + let(:cert_manager) { double(:cert_manager) } + + before { allow(described_class).to receive(:new).with(rubygems_path).and_return(cert_manager) } + + it "should update the certs through a new certificate manager" do + allow(cert_manager).to receive(:update!) + expect(described_class.update_from!(rubygems_path)).to be_nil + end + end + + describe "#initialize" do + it "should set bundler_cert_path as path of the subdir with bundler ssl certs" do + expect(subject.bundler_cert_path).to eq(File.join(root, "lib/bundler/ssl_certs")) + end + + it "should set bundler_certs as the paths of the bundler ssl certs" do + expect(subject.bundler_certs).to include(File.join(root, "lib/bundler/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem")) + expect(subject.bundler_certs).to include(File.join(root, "lib/bundler/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem")) + end + + context "when rubygems_path is not nil" do + it "should set rubygems_certs" do + expect(subject.rubygems_certs).to include(File.join(root, "lib", "rubygems", "ssl_certs", "rubygems.org", "ssl-cert.pem")) + end + end + end + + describe "#up_to_date?" do + context "when bundler certs and rubygems certs are the same" do + before do + bundler_certs = Dir[File.join(root.to_s, "lib", "bundler", "ssl_certs", "**", "*.pem")] + FileUtils.rm(stub_cert) + FileUtils.cp(bundler_certs, rubygems_certs_dir) + end + + it "should return true" do + expect(subject).to be_up_to_date + end + end + + context "when bundler certs and rubygems certs are not the same" do + it "should return false" do + expect(subject).to_not be_up_to_date + end + end + end + + describe "#update!" do + context "when certificate manager is not up to date" do + before do + allow(subject).to receive(:up_to_date?).and_return(false) + allow(FileUtils).to receive(:rm) + allow(FileUtils).to receive(:cp) + end + + it "should remove the current bundler certs" do + expect(FileUtils).to receive(:rm).with(subject.bundler_certs) + subject.update! + end + + it "should copy the rubygems certs into bundler certs" do + expect(FileUtils).to receive(:cp).with(subject.rubygems_certs, subject.bundler_cert_path) + subject.update! + end + + it "should return nil" do + expect(subject.update!).to be_nil + end + end + + context "when certificate manager is up to date" do + before { allow(subject).to receive(:up_to_date?).and_return(true) } + + it "should return nil" do + expect(subject.update!).to be_nil + end + end + end + + describe "#connect_to" do + let(:host) { "http://www.host.com" } + let(:http) { Net::HTTP.new(host, 443) } + let(:cert_store) { OpenSSL::X509::Store.new } + let(:http_header_response) { double(:http_header_response) } + + before do + allow(Net::HTTP).to receive(:new).with(host, 443).and_return(http) + allow(OpenSSL::X509::Store).to receive(:new).and_return(cert_store) + allow(http).to receive(:head).with("/").and_return(http_header_response) + end + + it "should use ssl for the http request" do + expect(http).to receive(:use_ssl=).with(true) + subject.connect_to(host) + end + + it "use verify peer mode" do + expect(http).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) + subject.connect_to(host) + end + + it "set its cert store as a OpenSSL::X509::Store populated with bundler certs" do + expect(cert_store).to receive(:add_file).at_least(:once) + expect(http).to receive(:cert_store=).with(cert_store) + subject.connect_to(host) + end + + it "return the headers of the request response" do + expect(subject.connect_to(host)).to eq(http_header_response) + end + end +end |