add multi-host SSL checks

Tom Maher · Tom Maher · commit c6a465fbb867 · 2016-08-22T21:43:44.000-07:00
diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb
@@ -65,8 +65,75 @@ def test_bind_tls_with_bad_hostname
     )
   end
 
-  def test_bind_tls_with_good_hostname
-    omit_if true
-    assert_true false
+  def test_bind_tls_with_valid_hostname
+    @ldap.host = 'localhost'
+    @ldap.port = 9389
+    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
+      :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+      :ca_file     => CA_FILE,
+    )
+    @ldap.encryption(method: :start_tls, tls_options: tls_options)
+    assert @ldap.bind(method: :simple,
+                      username: "uid=user1,ou=People,dc=rubyldap,dc=com",
+                      password: "passworD1")
+    @ldap.get_operation_result.inspect
+  end
+
+  # The following depend on /etc/hosts hacking.
+  # We can do that on CI, but it's less than cool on people's dev boxes
+  def test_bind_tls_with_multiple_hosts
+    omit_unless ENV['TRAVIS'] == 'true'
+    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
+      :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+      :ca_file     => CA_FILE,
+    )
+    @ldap_multi.encryption(method: :start_tls, tls_options: tls_options)
+    assert @ldap_multi.bind(method: :simple,
+                            username: "uid=user1,ou=People,dc=rubyldap,dc=com",
+                            password: "passworD1")
+    @ldap_multi.get_operation_result.inspect
+  end
+
+  def test_bind_tls_with_multiple_bogus_hosts
+    omit_unless ENV['TRAVIS'] == 'true'
+    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
+      :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+      :ca_file     => CA_FILE,
+    )
+    @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap_multi.encryption(method: :start_tls, tls_options: tls_options)
+    error = assert_raise Net::LDAP::Error do
+      @ldap_multi.bind(method: :simple,
+                       username: "uid=user1,ou=People,dc=rubyldap,dc=com",
+                       password: "passworD1")
+    end
+    assert_equal("TODO - fix this",
+                 error.message)
+  end
+
+  def test_bind_tls_with_multiple_bogus_hosts_no_verification
+    omit_unless ENV['TRAVIS'] == 'true'
+    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
+      :verify_mode => OpenSSL::SSL::VERIFY_NONE,
+    )
+    @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap_multi.encryption(method: :start_tls, tls_options: tls_options)
+    assert @ldap_multi.bind(method: :simple,
+                            username: "uid=user1,ou=People,dc=rubyldap,dc=com",
+                            password: "passworD1")
+    @ldap_multi.get_operation_result.inspect
+  end
+
+  def test_bind_tls_with_multiple_bogus_hosts_ca_check_only
+    omit_unless ENV['TRAVIS'] == 'true'
+    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
+      :ca_file     => CA_FILE,
+    )
+    @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap_multi.encryption(method: :start_tls, tls_options: tls_options)
+    assert @ldap_multi.bind(method: :simple,
+                            username: "uid=user1,ou=People,dc=rubyldap,dc=com",
+                            password: "passworD1")
+    @ldap_multi.get_operation_result.inspect
   end
 end
