Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding:binary -*-
2
require 'spec_helper'
3
require 'rex/text'
4

5
RSpec.describe Rex::Proto::Gss::ChannelBinding do
6
  let(:peer_cert) do
7
    OpenSSL::X509::Certificate.new(<<~CERTIFICATE
8
      -----BEGIN CERTIFICATE-----
9
      MIIGijCCBXKgAwIBAgITNQAAAAKLvdEO5Pbo1AAAAAAAAjANBgkqhkiG9w0BAQsF
10
      ADBcMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxHTAbBgoJkiaJk/IsZAEZFg1sYWJz
11
      MWNvbGxhYnUwMSQwIgYDVQQDExtsYWJzMWNvbGxhYnUwLVNSVi1BRERTMDEtQ0Ew
12
      HhcNMjQwNDE5MTcyMzAwWhcNMjUwNDE5MTcyMzAwWjApMScwJQYDVQQDEx5TUlYt
13
      QUREUzAxLmxhYnMxY29sbGFidTAubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
14
      DwAwggEKAoIBAQCr/zrK2bEDVkBewjWznxhH9gW6HQ+1cC/gx8lOVF8mju/hTmTQ
15
      J4lMvGyub3yUG0K5vt17veGf3fTaGBT9tn3yQf1IBMF71hiswQCZ0KV2Hti4Zd1b
16
      eWmw0UPF1xtpRHznAIjmKDHLvXjzEHnw/DNxPMbSI9Xu7x2iy6tGumh1neb4ojcK
17
      q8Fni0q3HT9WqybsD1cMchzNWgz+KPiimjusCujLGu+aGJdr5vMpg2Ho9GSt4OaT
18
      8/g6+XUFWcD6xi7lcoNlb1WYGexWZ0TZFzO36g/7FWsy+1E79/8XbyOTeePk3PHV
19
      QK/xS8nrYoCjgHOp+6gNaEGcXrUsoMt/yqaxAgMBAAGjggN2MIIDcjAvBgkrBgEE
20
      AYI3FAIEIh4gAEQAbwBtAGEAaQBuAEMAbwBuAHQAcgBvAGwAbABlAHIwHQYDVR0l
21
      BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDB4BgkqhkiG
22
      9w0BCQ8EazBpMA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwCwYJYIZI
23
      AWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQMEAQIwCwYJYIZIAWUDBAEFMAcG
24
      BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBS/lN4BjRJ+SlqTLHhQXUsYwCbv
25
      7zAfBgNVHSMEGDAWgBRXm1vGVJecz1AoeScpiNfSfSGr6zCB5AYDVR0fBIHcMIHZ
26
      MIHWoIHToIHQhoHNbGRhcDovLy9DTj1sYWJzMWNvbGxhYnUwLVNSVi1BRERTMDEt
27
      Q0EsQ049U1JWLUFERFMwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2Vydmlj
28
      ZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1sYWJzMWNvbGxhYnUw
29
      LERDPWxvY2FsP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RD
30
      bGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCB1QYIKwYBBQUHAQEEgcgwgcUwgcIG
31
      CCsGAQUFBzAChoG1bGRhcDovLy9DTj1sYWJzMWNvbGxhYnUwLVNSVi1BRERTMDEt
32
      Q0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2Vz
33
      LENOPUNvbmZpZ3VyYXRpb24sREM9bGFiczFjb2xsYWJ1MCxEQz1sb2NhbD9jQUNl
34
      cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0
35
      eTBKBgNVHREEQzBBoB8GCSsGAQQBgjcZAaASBBBXIgqBkBcAQIVerWGi3mV5gh5T
36
      UlYtQUREUzAxLmxhYnMxY29sbGFidTAubG9jYWwwSwYJKwYBBAGCNxkCBD4wPKA6
37
      BgorBgEEAYI3GQIBoCwEKlMtMS01LTIxLTc5NTUwMy0zMDUwMzM0Mzk0LTM2NDQ0
38
      MDA2MjQtMTAwMDANBgkqhkiG9w0BAQsFAAOCAQEAw/1kFOsPbYc1J0JWPqfnhKmO
39
      TCim8r4pIckZZpkgLXjAzfHdJLYt9O5s7I48lojqdeg61EpjVxj1h1BT3aTDk+TS
40
      hW3WlvpscOKdu4+tqpJ96Buf6Y91QWDyKn7ZRM9Mq3GbTqkEFMLczGAqBWuqUDHG
41
      Lo7tyBfLw5mMAKV7xFHPjH5nQ0tzfymp+yuP5TKCzTf7v06621PPZ1xVeZTQxAmx
42
      e9ViEMYy5IC+okMsIXg6+wbynubxL6CzZFZhwJtujmRfHABuydV17El2NrUW1pdQ
43
      cFUXmAXwiCvGBSkr7QfsMGx70pmP+VBQKkBRWaCo00Vj0ukRFV5r/BtKbZp0+w==
44
      -----END CERTIFICATE-----
45
    CERTIFICATE
46
    )
47
  end
48

49
  describe '.create' do
50
    let(:channel_binding) { described_class.create(peer_cert) }
51

52
    # this ensures API compatibility with the underlying Net::NTLM::ChannelBinding class which would use the certificate
53
    # directly however that couples the calculation logic with the object type
54
    it 'should DER encode the certificate' do
55
      der_encoded = peer_cert.to_der
56
      expect(peer_cert).to receive(:to_der).with(no_args).and_return(der_encoded).exactly(1).times
57
      expect(described_class).to receive(:new).with(der_encoded).exactly(1).times
58
      described_class.create(peer_cert)
59
    end
60

61
    describe '#channel' do
62
      it 'should be the DER encoded certificate data' do
63
        expect(channel_binding.channel).to eq peer_cert.to_der
64
      end
65
    end
66

67
    describe '#channel_hash' do
68
      let(:channel_hash) { channel_binding.channel_hash }
69
      it 'should be an OpenSSL::Digest' do
70
        expect(channel_hash).to be_a OpenSSL::Digest
71
      end
72

73
      it 'should be correct' do
74
        expect(channel_hash.digest.unpack1('H*')).to eq 'f79b1e5d605710356244f2d5005c1b57895c88dcfbbae22a15349b192ddca597'
75
      end
76
    end
77

78
    describe '#digest_algorithm' do
79
      it 'should be SHA256' do
80
        expect(channel_binding.digest_algorithm).to eq 'SHA256'
81
      end
82
    end
83

84
    describe '#unique_prefix' do
85
      it 'should be "tls-server-end-point"' do
86
        expect(channel_binding.unique_prefix).to eq 'tls-server-end-point'
87
      end
88
    end
89
  end
90

91
  describe '.from_tls_cert' do
92
    let(:channel_binding) { described_class.from_tls_cert(peer_cert) }
93

94
    it 'should check the signature algorithm' do
95
      expect(peer_cert).to receive(:signature_algorithm).with(no_args).and_call_original.at_least(1).times
96
      described_class.from_tls_cert(peer_cert)
97
    end
98

99
    describe '#channel' do
100
      it 'should be the DER encoded certificate data' do
101
        expect(channel_binding.channel).to eq peer_cert.to_der
102
      end
103
    end
104

105
    describe '#channel_hash' do
106
      let(:channel_hash) { channel_binding.channel_hash }
107
      it 'should be an OpenSSL::Digest' do
108
        expect(channel_hash).to be_a OpenSSL::Digest
109
      end
110

111
      it 'should be correct' do
112
        expect(channel_hash.digest.unpack1('H*')).to eq 'f79b1e5d605710356244f2d5005c1b57895c88dcfbbae22a15349b192ddca597'
113
      end
114
    end
115

116
    describe '#digest_algorithm' do
117
      it 'should be SHA256' do
118
        expect(channel_binding.digest_algorithm).to eq 'SHA256'
119
      end
120
    end
121

122
    describe '#unique_prefix' do
123
      it 'should be "tls-server-end-point"' do
124
        expect(channel_binding.unique_prefix).to eq 'tls-server-end-point'
125
      end
126
    end
127
  end
128
end
129

130