From 72006c11b4e4ff2e1a317b2c949d11956035824c Mon Sep 17 00:00:00 2001 From: Andrew White Date: Mon, 21 May 2018 22:15:38 +0100 Subject: [PATCH] Generate SSL certificate for testing on demand To ensure there's no confusion about the SSL certificate used for testing, generate it and cache it in tmp/ssl instead of committing it. --- features/support/server.crt | 22 ----------------- features/support/server.key | 27 --------------------- features/support/ssl_server.rb | 43 ++++++++++++++++++++++++++++++---- 3 files changed, 39 insertions(+), 53 deletions(-) delete mode 100644 features/support/server.crt delete mode 100644 features/support/server.key diff --git a/features/support/server.crt b/features/support/server.crt deleted file mode 100644 index a5afede3b..000000000 --- a/features/support/server.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDoDCCAogCCQCekqNKz2tQ3TANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC -VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCUN1cGVydGlubzEUMBIG -A1UEChMLQXBwbGUsIEluYy4xDzANBgNVBAsTBmlUdW5lczESMBAGA1UEAxMJbG9j -YWxob3N0MR4wHAYJKoZIhvcNAQkBFg9hZG1pbkBsb2NhbGhvc3QwHhcNMTQwOTAx -MTYwMjQxWhcNMjQwODI5MTYwMjQxWjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgT -CkNhbGlmb3JuaWExEjAQBgNVBAcTCUN1cGVydGlubzEUMBIGA1UEChMLQXBwbGUs -IEluYy4xDzANBgNVBAsTBmlUdW5lczESMBAGA1UEAxMJbG9jYWxob3N0MR4wHAYJ -KoZIhvcNAQkBFg9hZG1pbkBsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDgPw26w6h9se2gf4L0jZ9bOOJeFVRdatGbGzIb94TNgUjzan7g -1rwukZxwO9dm/aWTveT4FVRZFyXwwqxOKhDbTBsIayfi3uWOs0LoUWRK8kXAF9lU -3giwU8dId7gtv+xvJfXiVF9u8hlk9ZkjYfpHA3j64KPsUZ15pgGQFYjLsGLrK13j -3xhjJEMirxEwHU9JPvYnEBcb43sXLT8IbvY1Spjl/T5uNsxcOOHJbAgwQBqxbV9Q -LvdLzHQapdHVHSxE6urMq/EVNYICgAxeN44rRih4ExEzfMcUDbpUJL5YYiV4lwTL -muuoncqLB41XGmGCWWmIhspGw7LZYf7tgwWJAgMBAAEwDQYJKoZIhvcNAQEFBQAD -ggEBANd1FSpQKaAE1DjDdT1RXBlRdLUZkTr7KZQwCgW02H44NHh+GsFLoVBGtNOg -6Ye8JBXmOnaiZnC30f3LxOgCDeEgt9dbbkPB6J4JIWDwasEtcDZ9II0acdKwCb2o -Krf8XjwEmREIYs6Tq03c4JxhCzoVC4mA6x7lcSTxP+yhfJTfkkrJqQl4+Z23sSVp -GohDcaDxCd8c/K/C/NFHFYL5Pg3u195/FODIvpzPyJs0Z+hrz/LECCWbIA/UfS/n -u3dy2S3jZLAQgLlJx/FqjvdZI2Nl79l1HwMtlTZG/+OtN0pZ/xGCoB3zCSKBvfnu -SStLmGLFRaTAR7IsGC0SdR5RqPo= ------END CERTIFICATE----- diff --git a/features/support/server.key b/features/support/server.key deleted file mode 100644 index 7e7a7d105..000000000 --- a/features/support/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA4D8NusOofbHtoH+C9I2fWzjiXhVUXWrRmxsyG/eEzYFI82p+ -4Na8LpGccDvXZv2lk73k+BVUWRcl8MKsTioQ20wbCGsn4t7ljrNC6FFkSvJFwBfZ -VN4IsFPHSHe4Lb/sbyX14lRfbvIZZPWZI2H6RwN4+uCj7FGdeaYBkBWIy7Bi6ytd -498YYyRDIq8RMB1PST72JxAXG+N7Fy0/CG72NUqY5f0+bjbMXDjhyWwIMEAasW1f -UC73S8x0GqXR1R0sROrqzKvxFTWCAoAMXjeOK0YoeBMRM3zHFA26VCS+WGIleJcE -y5rrqJ3KiweNVxphgllpiIbKRsOy2WH+7YMFiQIDAQABAoIBAD2+fsxG5VS+shw4 -H9mwSQl4DzQykUkriU043sI+k+11xJ1pXEgSODxmUXnBsFymSHn2ll4MmW3yZrr1 -DzZydLO9L9BQmOnpz7FMAIcxKflM3hG3P1sTy7apSrzUYf0O1E4CWMKZ0rEcrgtT -aHgKmTwGY8BILDp8emytXc7LbyAOC/7xLpZtpr4Ly5iPIzmxWdj9Fy/gQdc4XN7d -ZGVCyH2iJl8c/S6/3yqW1MTjpC0sokcQfuJHOSFO1QYpyDu9bqF3fbrw3moS/NVw -BalEFNNe1pxU28ABUMvIWWqaVRpbSjTvTGuCBxufXYl5sKxennUqF0KR43qW248M -Rm8awvUCgYEA/G0mV5hVWQkxyfnn1RHO6sBBDC7r3PC0zHS+BdAlHev/vv4gk732 -HD4GaGedGdC7WKNSqxj9KRtpGL9M5Oa1sbsr0syDwS9ao6Aovwqs2aADGBFodDDM -UPuw3mOPwBSCmTpPRDR1JNlACWFLJpmxWmhqbejxrLTgeN6DNMVgjyMCgYEA42vF -3zAOEJ4M1lx6hBN1mOTEUC9zCeYIgRshtBFixkcDb1wEnMoHfPfZs9mCpeVGJT0t -3vpKDxmecKMUDrA211lpE5/9m4w7RNz80UmWHC+ey7+5aLESbHYB56/k2snY7cYn -YyUfTHfpkBCfRhhmZDZI+kfK8HpDCq7CvFG92WMCgYA+JoGyP4eEDId9u1IhW+ke -U4ewgD0CgSGC1ZuTwtPgsiKd2+QZfEQEYCEjw58ipAn8oPnRtq1eWaletnswQL2r -rPH1TPWDsy0V7HEb2H0GeCdK3b5iHUGxDsdVeh4CpQoiwACUQnY1RGhH5vSh5GWO -ZPcPaLNYWpCKMf8MFyzXEQKBgQCc5559fgo2LNVukB93QHXCJxPKvvH/wlXbvXxj -YBtl8VjNXA9SnZDNB7OMAmXBT4414x/i14yBHovR6rHL8IflzCpS/+9ZgkbiHBXR -z5NhnvlQWdbyBDlR25k04IZk7R5d7nj+Tn5po9HhM5awJeV+/nUbOK0rfS8ED88L -Xto9QQKBgQD5NMDQFYRAqhpm4kv40339IYTr3p9vt4L+Vx/nu2bq586PvV1Ta6fF -rSV1mIjxfQf/TAap71RlEs13+zMcLdHZbfFkCgbAGTTEiYqKxeRs1TAPNFj/Vv8c -rtNsVrGKtIiyLKIwF301Vh3BNqYVrPQ5rKjTKDcfwj7nQZ/uvXBpUg== ------END RSA PRIVATE KEY----- diff --git a/features/support/ssl_server.rb b/features/support/ssl_server.rb index bae1236f1..ece59c861 100644 --- a/features/support/ssl_server.rb +++ b/features/support/ssl_server.rb @@ -1,3 +1,4 @@ +require 'fileutils' require 'webrick/https' require 'rack/handler/webrick' @@ -16,7 +17,7 @@ def defaults SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE, SSLPrivateKey: private_key, SSLCertificate: ssl_certificate, - SSLCertName: [["US", 'localhost']], + SSLCertName: [['GB', 'petition.parliament.uk']], AccessLog: [], Logger: logger } @@ -27,23 +28,57 @@ def logger end def log_path - Rails.root.join("./log/capybara_test.log").to_s + Rails.root.join('log', 'capybara_test.log').to_s end def private_key + unless File.exist?(private_key_path) + generate_ssl_certificate + end + OpenSSL::PKey::RSA.new(File.read(private_key_path)) end def private_key_path - Rails.root.join("./features/support/server.key").to_s + ssl_dir.join('key.pem').to_s end def ssl_certificate + unless File.exist?(ssl_certificate_path) + generate_ssl_certificate + end + OpenSSL::X509::Certificate.new(File.read(ssl_certificate_path)) end def ssl_certificate_path - Rails.root.join("./features/support/server.crt").to_s + ssl_dir.join('cert.pem').to_s + end + + def generate_ssl_certificate + FileUtils.mkdir_p(ssl_dir) unless Dir.exist?(ssl_dir) + + details = [] + details << 'C=GB' + details << 'ST=London' + details << 'L=London' + details << 'O=Houses of Parliament' + details << 'OU=Parliamentary ICT' + details << 'CN=petition.parliament.uk' + + args = %w[openssl req -x509] + args.concat ['-newkey', 'rsa:2048'] + args.concat ['-keyout', private_key_path] + args.concat ['-out', ssl_certificate_path] + args.concat ['-days', '3650'] + args.concat ['-nodes', '-sha256'] + args.concat ['-subj', "/#{details.join('/')}"] + + Kernel.system *args, err: File::NULL, out: File::NULL + end + + def ssl_dir + Rails.root.join('tmp', 'ssl') end end end