github.com/Venafi/vcert/v5@v5.10.2/aruba/features/step_definitions/openssl.rb

github.com/Venafi/vcert/v5@v5.10.2/aruba/features/step_definitions/openssl.rb (about)

     1  
     2  
     3  
     4  Then(/^I get JSON response$/) do
     5  
     6    JSON.parse(last_json)
     7  
     8    begin
     9      certificate_pem_block = unescape_text(normalize_json(last_json, "Certificate")).tr('"', '')
    10      tmp_file = random_filename
    11      steps %{
    12        Given the file named "#{tmp_file}" with:
    13        """
    14        #{certificate_pem_block}
    15        """
    16        And I decode certificate from file "#{tmp_file}"
    17      }
    18    rescue
    19      # there was no "Certificate" path
    20    end
    21  
    22  end
    23  
    24  When(/^I decode CSR from file "([^"]*)"$/) do |filename|
    25    steps %{
    26      Then I run `openssl req -text -noout -in "#{filename}"`
    27      And the exit status should be 0
    28    }
    29    @csr_text = last_command_started.output.to_s
    30  end
    31  
    32  When(/^I decode certificate from file "([^"]+)"$/) do |filename|
    33    steps %{
    34      Then I try to run `openssl x509 -text -fingerprint -noout -in "#{filename}"`
    35      And the exit status should be 0
    36    }
    37    @certificate_text = last_command_started.output.to_s
    38    m = last_command_started.output.match /^SHA1 Fingerprint=(\S+)$/
    39    if m
    40      @certificate_fingerprint = m[1]
    41    else
    42      @certificate_fingerprint = ""
    43    end
    44  
    45    m2 =  last_command_started.output.match /X509v3 Subject Alternative Name:\s+([^\n]+)\n/m
    46    if m2
    47      @certififcate_sans = m2[1].split
    48    else
    49      @certififcate_sans = []
    50    end
    51  end
    52  
    53  When(/^that (CSR|certificate)?( Subject)? should( not)? contain "([^"]*)"$/) do |block, subject, negated, expected|
    54    text = case block
    55           when "CSR" then @csr_text
    56           when "certificate" then @certificate_text
    57           else ""
    58           end
    59    if subject
    60      if negated
    61        expect(text).not_to match(/Subject.+#{expected}/)
    62      else
    63        expect(text).to match(/Subject.+#{expected}/)
    64      end
    65    else
    66      if negated
    67        expect(text).not_to send(:an_output_string_including, expected)
    68      else
    69        expect(text).to send(:an_output_string_including, expected)
    70      end
    71    end
    72  end
    73  
    74  When(/^CSR in "([^"]*)" file and private key in "([^"]*)" file should( not)? have the same modulus$/) do |csr_file, key_file, negated|
    75    steps %{
    76      When I run `openssl req -modulus -noout -in #{csr_file}`
    77      And I remember the output
    78      And I run `openssl rsa -modulus -passin pass:#{DUMMY_PASSWORD} -noout -in #{key_file}`
    79      Then the outputs should#{negated} be the same
    80    }
    81  end
    82  
    83  When(/^CSR in "([^"]*)" and private key in "([^"]*)" and certificate in "([^"]*)" should have the same modulus$/) do |csr_file, key_file, cert_file|
    84    steps %{
    85      Then I run `openssl req -modulus -noout -in #{csr_file}`
    86      And I remember the output
    87      Then I run `openssl rsa -modulus -passin pass:#{DUMMY_PASSWORD} -noout -in #{key_file}`
    88      And the outputs should be the same
    89      And I remember the output
    90      And I run `openssl x509 -modulus -noout -in #{cert_file}`
    91      Then the outputs should be the same
    92    }
    93  end
    94  
    95  When(/^private key in "([^"]*)" and certificate in "([^"]*)" should have the same modulus$/) do |key_file, cert_file|
    96    if @key_password != ""
    97      steps %{ Then I run `openssl rsa -modulus -noout -passin pass:#{@key_password} -in #{key_file}` }
    98    else
    99      steps %{ Then I run `openssl rsa -modulus -noout -in #{key_file}` }
   100    end
   101    steps %{
   102      And I remember the output
   103      And I run `openssl x509 -modulus -noout -in #{cert_file}`
   104      Then the outputs should be the same
   105    }
   106  end
   107  
   108  When(/^certificate in "([^"]*)" and certificate in "([^"]*)" should( not)? have the same (modulus|serial)$/) do |cert1_file, cert2_file, negated, field|
   109    steps %{
   110      When I run `openssl x509 -#{field} -noout -in #{cert1_file}`
   111      And I remember the output
   112      And I run `openssl x509 -#{field} -noout -in #{cert2_file}`
   113      Then the outputs should#{negated} be the same
   114    }
   115  end
   116  
   117  When(/^"([^"]*)" should be a certificate with key size (\d+) bits$/) do |cert_file, bit_len|
   118    steps %{
   119      Then I decode certificate from file "#{cert_file}"
   120      And the output should contain "Public-Key: (#{bit_len} bit)"
   121    }
   122  end
   123  
   124  When(/^"([^"]*)" should be PKCS#12 archive with password "([^"]*)"$/) do |filename, password|
   125    steps %{
   126      Then I try to run `openssl pkcs12 -in "#{filename}" -passin pass:#{password} -noout`
   127      And the exit status should be 0
   128    }
   129    # -nokeys           Don't output private keys
   130    # -nocerts          Don't output certificates
   131    # -clcerts          Only output client certificates
   132    # -cacerts          Only output CA certificates
   133    # -noout            Don't output anything, just verify
   134    # -nodes            Don't encrypt private keys
   135  end
   136  
   137  When(/^"([^"]*)" should be PKCS#12 archive with dummy password$/) do |filename|
   138    steps %{
   139      Then I try to run `openssl pkcs12 -in "#{filename}" -passin pass:#{DUMMY_PASSWORD} -noout`
   140      And the exit status should be 0
   141    }
   142    # -nokeys           Don't output private keys
   143    # -nocerts          Don't output certificates
   144    # -clcerts          Only output client certificates
   145    # -cacerts          Only output CA certificates
   146    # -noout            Don't output anything, just verify
   147    # -nodes            Don't encrypt private keys
   148  end
   149  
   150  When(/^"([^"]*)" should be PKCS#12 archive in legacy mode with password "([^"]*)"$/) do |filename, password|
   151    steps %{
   152      Then I try to run `openssl pkcs12 -in "#{filename}" -legacy -passin pass:#{password} -noout`
   153      And the exit status should be 0
   154    }
   155    # -nokeys           Don't output private keys
   156    # -nocerts          Don't output certificates
   157    # -clcerts          Only output client certificates
   158    # -cacerts          Only output CA certificates
   159    # -noout            Don't output anything, just verify
   160    # -nodes            Don't encrypt private keys
   161  end
   162  
   163  When(/^"([^"]*)" should be PKCS#12 archive in legacy mode with dummy password/) do |filename|
   164    steps %{
   165      Then I try to run `openssl pkcs12 -in "#{filename}" -legacy -passin pass:#{DUMMY_PASSWORD} -noout`
   166      And the exit status should be 0
   167    }
   168    # -nokeys           Don't output private keys
   169    # -nocerts          Don't output certificates
   170    # -clcerts          Only output client certificates
   171    # -cacerts          Only output CA certificates
   172    # -noout            Don't output anything, just verify
   173    # -nodes            Don't encrypt private keys
   174  end
   175  
   176  When(/^"([^"]*)" should be RSA private key with password "([^"]*)"$/) do |filename, password|
   177    steps %{
   178      Then I try to run `openssl rsa -in "#{filename}" -passin pass:#{password} -noout`
   179      And the exit status should be 0
   180    }
   181  end
   182  
   183  
   184  When(/certificate in "([^"]*)" should have (\d+) DNS SANs/) do |filename, sans_number|
   185    steps %{
   186    Then I decode certificate from file "#{filename}"
   187    }
   188    expect(@certififcate_sans.length).to eq(sans_number.to_i)
   189  end