From 7f420ebd54227bf96686415b9dc19ae37170e1bf Mon Sep 17 00:00:00 2001
From: Tero Saarni <tero.saarni@est.tech>
Date: Thu, 14 Sep 2023 12:19:15 +0300
Subject: [PATCH] Added test for RSA and EC private key

---
 spec/fixtures/certs.yaml        |  3 +++
 spec/fixtures/client-ec-key.pem |  5 +++++
 spec/fixtures/client-ec.pem     | 13 +++++++++++++
 spec/outputs/syslog_tls_spec.rb | 29 +++++++++++++++++++++--------
 4 files changed, 42 insertions(+), 8 deletions(-)
 create mode 100644 spec/fixtures/client-ec-key.pem
 create mode 100644 spec/fixtures/client-ec.pem

diff --git a/spec/fixtures/certs.yaml b/spec/fixtures/certs.yaml
index 479c6b2..eca15cf 100644
--- a/spec/fixtures/certs.yaml
+++ b/spec/fixtures/certs.yaml
@@ -32,3 +32,6 @@ subject: cn=client
 issuer: cn=ca
 key_type: RSA
 ---
+subject: cn=client-ec
+issuer: cn=ca
+key_type: EC
diff --git a/spec/fixtures/client-ec-key.pem b/spec/fixtures/client-ec-key.pem
new file mode 100644
index 0000000..ac00d3a
--- /dev/null
+++ b/spec/fixtures/client-ec-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6P7i1NqXVKChh8dR
+pqHcCSwlxDjKoaDBGiYzWHgy5vqhRANCAAQSX1YGFCuXL7f5Utp5X45+h7ixghyQ
+vhYfT4gY6M31DAUaf59DENYUZ36k4IYrWP6lU/ChBH0Mlntjb1TCD+Tw
+-----END PRIVATE KEY-----
diff --git a/spec/fixtures/client-ec.pem b/spec/fixtures/client-ec.pem
new file mode 100644
index 0000000..a80cb95
--- /dev/null
+++ b/spec/fixtures/client-ec.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCjCB86ADAgECAggXhLgPAPW4dzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQD
+EwJjYTAeFw0yMzA5MTQwODU1MzRaFw0yNDA5MTMwODU1MzRaMBQxEjAQBgNVBAMT
+CWNsaWVudC1lYzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBJfVgYUK5cvt/lS
+2nlfjn6HuLGCHJC+Fh9PiBjozfUMBRp/n0MQ1hRnfqTghitY/qVT8KEEfQyWe2Nv
+VMIP5PCjMzAxMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBRNukfgtxJMkwu7
+XMvQ8ETWqi5BVTANBgkqhkiG9w0BAQsFAAOCAQEAP+HsEKYA2d6kCAH/JJSpxMnP
+gwMfjDkmV1bMguYSoOv8fbD17WqpyRojhi+THInP6ggXhJW0Zbz6UNy2GHXtO4+o
+OGLKI2FMUnaLRDMF4NL//FcC1unRQxyw8HQ2oMPNtWVEoo8KURLe0IW2q9/afT89
+59RAZYxizFKSWcoIQGeCoyWzVIa/E+MB4cFKgpTF3zkxr6uWJvXYYwkVtzknsGvW
+v0c2h2Ck//kuQatJSZQpbMaYMEE2480VnwskiOTu1ltxrmcQxz5P0g1zcjEnKQAm
+kB3ENdewzHIq8yaybbf+a/WCsNyyEjKPOsSWeElk77v719B24x1HqkV8FW/eRA==
+-----END CERTIFICATE-----
diff --git a/spec/outputs/syslog_tls_spec.rb b/spec/outputs/syslog_tls_spec.rb
index fefd490..eae7cc3 100644
--- a/spec/outputs/syslog_tls_spec.rb
+++ b/spec/outputs/syslog_tls_spec.rb
@@ -109,29 +109,42 @@
   context "read PEM" do
     let(:options) { { "host" => "localhost", "port" => port, "protocol" => "ssl-tcp", "ssl_verify" => true } }
 
-    context "invalid client certificate" do
+    context "RSA certificate and private key" do
       let(:options ) { super().merge(
-        "ssl_cert" => File.join(FIXTURES_PATH, "invalid.pem"),
+        "ssl_cert" => File.join(FIXTURES_PATH, "client.pem"),
         "ssl_key" => File.join(FIXTURES_PATH, "client-key.pem"),
         "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"),
         "ssl_crl"  => File.join(FIXTURES_PATH, "ca-crl.pem")
       ) }
 
-      it "register raises error" do
-        expect { subject.register }.to raise_error(OpenSSL::X509::CertificateError, /malformed PEM data/)
+      it "register succeeds" do
+        expect { subject.register }.not_to raise_error
       end
     end
 
-    context "invalid client private key" do
+    context "EC certificate and private key" do
       let(:options ) { super().merge(
-        "ssl_cert" => File.join(FIXTURES_PATH, "client.pem"),
-        "ssl_key" => File.join(FIXTURES_PATH, "invalid.pem"),
+        "ssl_cert" => File.join(FIXTURES_PATH, "client-ec.pem"),
+        "ssl_key" => File.join(FIXTURES_PATH, "client-ec-key.pem"),
+        "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"),
+        "ssl_crl"  => File.join(FIXTURES_PATH, "ca-crl.pem")
+      ) }
+
+      it "register succeeds" do
+        expect { subject.register }.not_to raise_error
+      end
+    end
+
+    context "invalid client certificate" do
+      let(:options ) { super().merge(
+        "ssl_cert" => File.join(FIXTURES_PATH, "invalid.pem"),
+        "ssl_key" => File.join(FIXTURES_PATH, "client-key.pem"),
         "ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"),
         "ssl_crl"  => File.join(FIXTURES_PATH, "ca-crl.pem")
       ) }
 
       it "register raises error" do
-        expect { subject.register }.to raise_error(OpenSSL::PKey::RSAError, /Neither PUB key nor PRIV key/)
+        expect { subject.register }.to raise_error(OpenSSL::X509::CertificateError, /malformed PEM data/)
       end
     end