test: reduce noise of unimportant details in test cases

cedarcode · Feb 28, 2021 · 3e9d3fb · 3e9d3fb
1 parent 1d76321
commit 3e9d3fb
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 79 deletions.
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -105,15 +105,17 @@ def create_ec_key
  OpenSSL::PKey::EC.new("prime256v1").generate_key
 end
 
-def create_root_certificate(key)
+X509_V3 = 2
+
+def create_root_certificate(key, not_before: Time.now - 1, not_after: Time.now + 60)
  certificate = OpenSSL::X509::Certificate.new
- common_name = "Root-#{rand(1_000_000)}"
 
- certificate.subject = OpenSSL::X509::Name.new([["CN", common_name]])
+ certificate.version = X509_V3
+ certificate.subject = OpenSSL::X509::Name.parse("CN=Root-#{rand(1_000_000)}")
  certificate.issuer = certificate.subject
  certificate.public_key = key
- certificate.not_before = Time.now - 1
- certificate.not_after = Time.now + 60
+ certificate.not_before = not_before
+ certificate.not_after = not_after
 
  extension_factory = OpenSSL::X509::ExtensionFactory.new
  extension_factory.subject_certificate = certificate
@@ -129,16 +131,30 @@ def create_root_certificate(key)
  certificate
 end
 
-def issue_certificate(ca_certificate, ca_key, key, name: nil)
+def issue_certificate(
+ ca_certificate,
+ ca_key,
+ key,
+ version: X509_V3,
+ name: "CN=Cert-#{rand(1_000_000)}",
+ not_before: Time.now - 1,
+ not_after: Time.now + 60,
+ extensions: nil
+)
+
  certificate = OpenSSL::X509::Certificate.new
- common_name = name || "Cert-#{rand(1_000_000)}"
 
- certificate.subject = OpenSSL::X509::Name.new([["CN", common_name]])
+ certificate.version = version
+ certificate.subject = OpenSSL::X509::Name.parse(name)
  certificate.issuer = ca_certificate.subject
- certificate.not_before = Time.now - 1
- certificate.not_after = Time.now + 60
+ certificate.not_before = not_before
+ certificate.not_after = not_after
  certificate.public_key = key
 
+ if extensions
+ certificate.extensions = extensions
+ end
+
  certificate.sign(ca_key, "SHA256")
 
  certificate

diff --git a/spec/webauthn/attestation_statement/android_key_spec.rb b/spec/webauthn/attestation_statement/android_key_spec.rb
@@ -54,21 +54,12 @@
  end
 
  let(:attestation_certificate) do
- certificate = OpenSSL::X509::Certificate.new
- certificate.subject = OpenSSL::X509::Name.new([["CN", "Fake Attestation"]])
- certificate.issuer = root_certificate.subject
- certificate.not_before = Time.now - 1
- certificate.not_after = Time.now + 60
- certificate.public_key = attestation_key
-
- extension_factory = OpenSSL::X509::ExtensionFactory.new
- extension_factory.subject_certificate = certificate
- extension_factory.issuer_certificate = certificate
- certificate.extensions = attestation_certificate_extensions
-
- certificate.sign(root_key, "SHA256")
-
- certificate.to_der
+ issue_certificate(
+ root_certificate,
+ root_key,
+ attestation_key,
+ extensions: attestation_certificate_extensions
+ ).to_der
  end
 
  let(:statement) do

diff --git a/spec/webauthn/attestation_statement/android_safetynet_spec.rb b/spec/webauthn/attestation_statement/android_safetynet_spec.rb
@@ -30,7 +30,7 @@
  let(:attestation_key) { create_rsa_key }
 
  let(:leaf_certificate) do
- issue_certificate(root_certificate, root_key, attestation_key, name: "attest.android.com")
+ issue_certificate(root_certificate, root_key, attestation_key, name: "CN=attest.android.com")
  end
 
  let(:root_key) { create_ec_key }

diff --git a/spec/webauthn/attestation_statement/packed_spec.rb b/spec/webauthn/attestation_statement/packed_spec.rb
@@ -97,51 +97,28 @@
  let(:attestation_certificate_end_time) { Time.now + 60 }
 
  let(:attestation_certificate) do
- certificate = OpenSSL::X509::Certificate.new
- certificate.version = attestation_certificate_version
- certificate.subject = OpenSSL::X509::Name.parse(attestation_certificate_subject)
- certificate.issuer = root_certificate.subject
- certificate.not_before = attestation_certificate_start_time
- certificate.not_after = attestation_certificate_end_time
- certificate.public_key = attestation_key
-
  extension_factory = OpenSSL::X509::ExtensionFactory.new
- extension_factory.subject_certificate = certificate
- extension_factory.issuer_certificate = certificate
-
- certificate.extensions = [
- extension_factory.create_extension("basicConstraints", attestation_certificate_basic_constraints, true),
- ]
 
- certificate.sign(root_key, "SHA256")
-
- certificate.to_der
+ issue_certificate(
+ root_certificate,
+ root_key,
+ attestation_key,
+ version: attestation_certificate_version,
+ name: attestation_certificate_subject,
+ not_before: attestation_certificate_start_time,
+ not_after: attestation_certificate_end_time,
+ extensions: [
+ extension_factory.create_extension("basicConstraints", attestation_certificate_basic_constraints, true),
+ ]
+ ).to_der
  end
 
  let(:root_key) { create_ec_key }
  let(:root_certificate_start_time) { Time.now - 1 }
  let(:root_certificate_end_time) { Time.now + 60 }
 
  let(:root_certificate) do
- root_certificate = OpenSSL::X509::Certificate.new
- root_certificate.version = attestation_certificate_version
- root_certificate.subject = OpenSSL::X509::Name.parse("/DC=org/DC=fake-ca/CN=Fake CA")
- root_certificate.issuer = root_certificate.subject
- root_certificate.public_key = root_key
- root_certificate.not_before = root_certificate_start_time
- root_certificate.not_after = root_certificate_end_time
-
- extension_factory = OpenSSL::X509::ExtensionFactory.new
- extension_factory.subject_certificate = root_certificate
- extension_factory.issuer_certificate = root_certificate
- root_certificate.extensions = [
- extension_factory.create_extension("basicConstraints", "CA:TRUE", true),
- extension_factory.create_extension("keyUsage", "keyCertSign,cRLSign", true),
- ]
-
- root_certificate.sign(root_key, "SHA256")
-
- root_certificate
+ create_root_certificate(root_key, not_before: root_certificate_start_time, not_after: root_certificate_end_time)
  end
 
  let(:statement) do

diff --git a/spec/webauthn/attestation_statement/tpm_spec.rb b/spec/webauthn/attestation_statement/tpm_spec.rb
@@ -29,26 +29,23 @@
  let(:algorithm) { -257 }
 
  let(:aik_certificate) do
- cert = OpenSSL::X509::Certificate.new
- cert.version = aik_certificate_version
- cert.issuer = root_certificate.subject
- cert.subject = OpenSSL::X509::Name.parse(aik_certificate_subject)
- cert.not_before = aik_certificate_start_time
- cert.not_after = aik_certificate_end_time
- cert.public_key = aik
-
  extension_factory = OpenSSL::X509::ExtensionFactory.new
  extension_factory.config = aik_certificate_san_config
 
- cert.extensions = [
- extension_factory.create_extension("basicConstraints", aik_certificate_basic_constraints, true),
- extension_factory.create_extension("extendedKeyUsage", aik_certificate_extended_key_usage),
- extension_factory.create_extension("subjectAltName", "ASN1:SEQUENCE:dir_seq", aik_certificate_san_critical),
- ]
-
- cert.sign(root_key, "SHA256")
-
- cert
+ issue_certificate(
+ root_certificate,
+ root_key,
+ aik,
+ version: aik_certificate_version,
+ name: aik_certificate_subject,
+ not_before: aik_certificate_start_time,
+ not_after: aik_certificate_end_time,
+ extensions: [
+ extension_factory.create_extension("basicConstraints", aik_certificate_basic_constraints, true),
+ extension_factory.create_extension("extendedKeyUsage", aik_certificate_extended_key_usage),
+ extension_factory.create_extension("subjectAltName", "ASN1:SEQUENCE:dir_seq", aik_certificate_san_critical),
+ ]
+ )
  end
 
  let(:aik) { create_rsa_key }