test: reduce noise of unimportant details in test cases

Author: grzuy

spec/spec_helper.rb

@@ -105,15 +105,17 @@ def create_ec_key
   OpenSSL::PKey::EC.new("prime256v1").generate_key
 end
 
-def create_root_certificate(key)
+X509_V3 = 2
+
+def create_root_certificate(key, not_before: Time.now - 1, not_after: Time.now + 60)
   certificate = OpenSSL::X509::Certificate.new
-  common_name = "Root-#{rand(1_000_000)}"
 
-  certificate.subject = OpenSSL::X509::Name.new([["CN", common_name]])
+  certificate.version = X509_V3
+  certificate.subject = OpenSSL::X509::Name.parse("CN=Root-#{rand(1_000_000)}")
   certificate.issuer = certificate.subject
   certificate.public_key = key
-  certificate.not_before = Time.now - 1
-  certificate.not_after = Time.now + 60
+  certificate.not_before = not_before
+  certificate.not_after = not_after
 
   extension_factory = OpenSSL::X509::ExtensionFactory.new
   extension_factory.subject_certificate = certificate
@@ -129,16 +131,30 @@ def create_root_certificate(key)
   certificate
 end
 
-def issue_certificate(ca_certificate, ca_key, key, name: nil)
+def issue_certificate(
+  ca_certificate,
+  ca_key,
+  key,
+  version: X509_V3,
+  name: "CN=Cert-#{rand(1_000_000)}",
+  not_before: Time.now - 1,
+  not_after: Time.now + 60,
+  extensions: nil
+)
+
   certificate = OpenSSL::X509::Certificate.new
-  common_name = name || "Cert-#{rand(1_000_000)}"
 
-  certificate.subject = OpenSSL::X509::Name.new([["CN", common_name]])
+  certificate.version = version
+  certificate.subject = OpenSSL::X509::Name.parse(name)
   certificate.issuer = ca_certificate.subject
-  certificate.not_before = Time.now - 1
-  certificate.not_after = Time.now + 60
+  certificate.not_before = not_before
+  certificate.not_after = not_after
   certificate.public_key = key
 
+  if extensions
+    certificate.extensions = extensions
+  end
+
   certificate.sign(ca_key, "SHA256")
 
   certificate

spec/webauthn/attestation_statement/android_key_spec.rb

@@ -54,21 +54,12 @@
     end
 
     let(:attestation_certificate) do
-      certificate = OpenSSL::X509::Certificate.new
-      certificate.subject = OpenSSL::X509::Name.new([["CN", "Fake Attestation"]])
-      certificate.issuer = root_certificate.subject
-      certificate.not_before = Time.now - 1
-      certificate.not_after = Time.now + 60
-      certificate.public_key = attestation_key
-
-      extension_factory = OpenSSL::X509::ExtensionFactory.new
-      extension_factory.subject_certificate = certificate
-      extension_factory.issuer_certificate = certificate
-      certificate.extensions = attestation_certificate_extensions
-
-      certificate.sign(root_key, "SHA256")
-
-      certificate.to_der
+      issue_certificate(
+        root_certificate,
+        root_key,
+        attestation_key,
+        extensions: attestation_certificate_extensions
+      ).to_der
     end
 
     let(:statement) do

spec/webauthn/attestation_statement/android_safetynet_spec.rb

@@ -30,7 +30,7 @@
     let(:attestation_key) { create_rsa_key }
 
     let(:leaf_certificate) do
-      issue_certificate(root_certificate, root_key, attestation_key, name: "attest.android.com")
+      issue_certificate(root_certificate, root_key, attestation_key, name: "CN=attest.android.com")
     end
 
     let(:root_key) { create_ec_key }

spec/webauthn/attestation_statement/packed_spec.rb

@@ -97,51 +97,28 @@
       let(:attestation_certificate_end_time) { Time.now + 60 }
 
       let(:attestation_certificate) do
-        certificate = OpenSSL::X509::Certificate.new
-        certificate.version = attestation_certificate_version
-        certificate.subject = OpenSSL::X509::Name.parse(attestation_certificate_subject)
-        certificate.issuer = root_certificate.subject
-        certificate.not_before = attestation_certificate_start_time
-        certificate.not_after = attestation_certificate_end_time
-        certificate.public_key = attestation_key
-
         extension_factory = OpenSSL::X509::ExtensionFactory.new
-        extension_factory.subject_certificate = certificate
-        extension_factory.issuer_certificate = certificate
-
-        certificate.extensions = [
-          extension_factory.create_extension("basicConstraints", attestation_certificate_basic_constraints, true),
-        ]
 
-        certificate.sign(root_key, "SHA256")
-
-        certificate.to_der
+        issue_certificate(
+          root_certificate,
+          root_key,
+          attestation_key,
+          version: attestation_certificate_version,
+          name: attestation_certificate_subject,
+          not_before: attestation_certificate_start_time,
+          not_after: attestation_certificate_end_time,
+          extensions: [
+            extension_factory.create_extension("basicConstraints", attestation_certificate_basic_constraints, true),
+          ]
+        ).to_der
       end
 
       let(:root_key) { create_ec_key }
       let(:root_certificate_start_time) { Time.now - 1 }
       let(:root_certificate_end_time) { Time.now + 60 }
 
       let(:root_certificate) do
-        root_certificate = OpenSSL::X509::Certificate.new
-        root_certificate.version = attestation_certificate_version
-        root_certificate.subject = OpenSSL::X509::Name.parse("/DC=org/DC=fake-ca/CN=Fake CA")
-        root_certificate.issuer = root_certificate.subject
-        root_certificate.public_key = root_key
-        root_certificate.not_before = root_certificate_start_time
-        root_certificate.not_after = root_certificate_end_time
-
-        extension_factory = OpenSSL::X509::ExtensionFactory.new
-        extension_factory.subject_certificate = root_certificate
-        extension_factory.issuer_certificate = root_certificate
-        root_certificate.extensions = [
-          extension_factory.create_extension("basicConstraints", "CA:TRUE", true),
-          extension_factory.create_extension("keyUsage", "keyCertSign,cRLSign", true),
-        ]
-
-        root_certificate.sign(root_key, "SHA256")
-
-        root_certificate
+        create_root_certificate(root_key, not_before: root_certificate_start_time, not_after: root_certificate_end_time)
       end
 
       let(:statement) do

spec/webauthn/attestation_statement/tpm_spec.rb

@@ -29,26 +29,23 @@
       let(:algorithm) { -257 }
 
       let(:aik_certificate) do
-        cert = OpenSSL::X509::Certificate.new
-        cert.version = aik_certificate_version
-        cert.issuer = root_certificate.subject
-        cert.subject = OpenSSL::X509::Name.parse(aik_certificate_subject)
-        cert.not_before = aik_certificate_start_time
-        cert.not_after = aik_certificate_end_time
-        cert.public_key = aik
-
         extension_factory = OpenSSL::X509::ExtensionFactory.new
         extension_factory.config = aik_certificate_san_config
 
-        cert.extensions = [
-          extension_factory.create_extension("basicConstraints", aik_certificate_basic_constraints, true),
-          extension_factory.create_extension("extendedKeyUsage", aik_certificate_extended_key_usage),
-          extension_factory.create_extension("subjectAltName", "ASN1:SEQUENCE:dir_seq", aik_certificate_san_critical),
-        ]
-
-        cert.sign(root_key, "SHA256")
-
-        cert
+        issue_certificate(
+          root_certificate,
+          root_key,
+          aik,
+          version: aik_certificate_version,
+          name: aik_certificate_subject,
+          not_before: aik_certificate_start_time,
+          not_after: aik_certificate_end_time,
+          extensions: [
+            extension_factory.create_extension("basicConstraints", aik_certificate_basic_constraints, true),
+            extension_factory.create_extension("extendedKeyUsage", aik_certificate_extended_key_usage),
+            extension_factory.create_extension("subjectAltName", "ASN1:SEQUENCE:dir_seq", aik_certificate_san_critical),
+          ]
+        )
       end
 
       let(:aik) { create_rsa_key }