test: reduce noise in tests about unimportant details to the test case

Author: grzuy

spec/spec_helper.rb

@@ -101,6 +101,10 @@ def create_rsa_key
   OpenSSL::PKey::RSA.new(key_bits)
 end
 
+def create_ec_key
+  OpenSSL::PKey::EC.new("prime256v1").generate_key
+end
+
 def create_root_certificate(key)
   certificate = OpenSSL::X509::Certificate.new
   common_name = "Root-#{rand(1_000_000)}"

spec/webauthn/attestation_statement/android_key_spec.rb

@@ -8,7 +8,7 @@
 
 RSpec.describe "AndroidKey attestation" do
   describe "#valid?" do
-    let(:credential_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+    let(:credential_key) { create_ec_key }
     let(:client_data_hash) { OpenSSL::Digest::SHA256.digest({}.to_json) }
 
     let(:authenticator_data_bytes) do
@@ -79,7 +79,7 @@
       )
     end
 
-    let(:root_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+    let(:root_key) { create_ec_key }
     let(:root_certificate) { create_root_certificate(root_key) }
     let(:google_certificates) { [root_certificate] }
 
@@ -117,7 +117,7 @@
       end
 
       context "because it was signed with a different key" do
-        let(:signature) { OpenSSL::PKey::EC.new("prime256v1").generate_key.sign("SHA256", to_be_signed) }
+        let(:signature) { create_ec_key.sign("SHA256", to_be_signed) }
 
         it "fails" do
           expect(statement.valid?(authenticator_data, client_data_hash)).to be_falsy
@@ -142,7 +142,7 @@
     end
 
     context "when the attestation key doesn't match the credential key" do
-      let(:attestation_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+      let(:attestation_key) { create_ec_key }
 
       it "fails" do
         expect(statement.valid?(authenticator_data, client_data_hash)).to be_falsy
@@ -202,9 +202,7 @@
     end
 
     context "when the attestation certificate is not signed by Google" do
-      let(:google_certificates) do
-        [create_root_certificate(OpenSSL::PKey::EC.new("prime256v1").generate_key)]
-      end
+      let(:google_certificates) { [create_root_certificate(create_ec_key)] }
 
       it "fails" do
         expect(statement.valid?(authenticator_data, client_data_hash)).to be_falsy

spec/webauthn/attestation_statement/android_safetynet_spec.rb

@@ -33,7 +33,7 @@
       issue_certificate(root_certificate, root_key, attestation_key, name: "attest.android.com")
     end
 
-    let(:root_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+    let(:root_key) { create_ec_key }
     let(:root_certificate) { create_root_certificate(root_key) }
     let(:authenticator_data) { WebAuthn::AuthenticatorData.deserialize(authenticator_data_bytes) }
 
@@ -79,9 +79,7 @@
     end
 
     context "when the attestation certificate is not signed by Google" do
-      let(:google_certificates) do
-        [create_root_certificate(OpenSSL::PKey::EC.new("prime256v1").generate_key)]
-      end
+      let(:google_certificates) { [create_root_certificate(create_ec_key)] }
 
       it "fails" do
         expect(statement.valid?(authenticator_data, client_data_hash)).to be_falsy

spec/webauthn/attestation_statement/fido_u2f_spec.rb

@@ -8,7 +8,7 @@
 
 RSpec.describe "FidoU2f attestation" do
   describe "#valid?" do
-    let(:credential_public_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key.public_key }
+    let(:credential_public_key) { create_ec_key.public_key }
     let(:client_data_hash) { OpenSSL::Digest::SHA256.digest({}.to_json) }
 
     let(:authenticator_data_bytes) do
@@ -28,7 +28,7 @@
         credential_public_key.to_bn.to_s(2)
     end
 
-    let(:attestation_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+    let(:attestation_key) { create_ec_key }
     let(:signature) { attestation_key.sign("SHA256", to_be_signed) }
 
     let(:attestation_certificate) do
@@ -42,7 +42,7 @@
       )
     end
 
-    let(:root_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+    let(:root_key) { create_ec_key }
 
     let(:root_certificate) do
       create_root_certificate(root_key)
@@ -58,7 +58,7 @@
 
     context "when signature is invalid" do
       context "because it was signed with a different signing key (self attested)" do
-        let(:signature) { OpenSSL::PKey::EC.new("prime256v1").generate_key.sign("SHA256", to_be_signed) }
+        let(:signature) { create_ec_key.sign("SHA256", to_be_signed) }
 
         it "fails" do
           expect(statement.valid?(authenticator_data, client_data_hash)).to be_falsy

spec/webauthn/attestation_statement/packed_spec.rb

@@ -8,7 +8,7 @@
 
 RSpec.describe "Packed attestation" do
   describe "#valid?" do
-    let(:credential_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+    let(:credential_key) { create_ec_key }
     let(:client_data_hash) { OpenSSL::Digest::SHA256.digest({}.to_json) }
 
     let(:authenticator_data_bytes) do
@@ -61,7 +61,7 @@
         end
 
         context "because it was signed with a different signing key" do
-          let(:signature) { OpenSSL::PKey::EC.new("prime256v1").generate_key.sign("SHA256", to_be_signed) }
+          let(:signature) { create_ec_key.sign("SHA256", to_be_signed) }
 
           it "fails" do
             expect(statement.valid?(authenticator_data, client_data_hash)).to be_falsy
@@ -88,7 +88,7 @@
 
     context "x5c attestation" do
       let(:algorithm) { -7 }
-      let(:attestation_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+      let(:attestation_key) { create_ec_key }
       let(:signature) { attestation_key.sign("SHA256", to_be_signed) }
       let(:attestation_certificate_version) { 2 }
       let(:attestation_certificate_subject) { "/C=UY/O=ACME/OU=Authenticator Attestation/CN=CN" }
@@ -118,7 +118,7 @@
         certificate.to_der
       end
 
-      let(:root_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+      let(:root_key) { create_ec_key }
       let(:root_certificate_start_time) { Time.now - 1 }
       let(:root_certificate_end_time) { Time.now + 60 }
 
@@ -172,7 +172,7 @@
         end
 
         context "because it was signed with a different signing key (self attested)" do
-          let(:signature) { OpenSSL::PKey::EC.new("prime256v1").generate_key.sign("SHA256", to_be_signed) }
+          let(:signature) { create_ec_key.sign("SHA256", to_be_signed) }
 
           it "fails" do
             expect(statement.valid?(authenticator_data, client_data_hash)).to be_falsy

spec/webauthn/attestation_statement/tpm_spec.rb

@@ -88,7 +88,7 @@
       end
       let(:aik_certificate_start_time) { Time.now - 1 }
       let(:aik_certificate_end_time) { Time.now + 60 }
-      let(:root_key) { OpenSSL::PKey::RSA.new(2048) }
+      let(:root_key) { create_rsa_key }
       let(:root_certificate) { create_root_certificate(root_key) }
       let(:signature) { aik.sign("SHA256", cert_info) }
 
@@ -155,7 +155,7 @@
 
       context "when the attestation certificate is not signed by a TPM" do
         let(:tpm_certificates) do
-          [create_root_certificate(OpenSSL::PKey::RSA.new(2048))]
+          [create_root_certificate(create_rsa_key)]
         end
 
         it "fails" do
@@ -171,8 +171,8 @@
 
       context "when EC algorithm" do
         let(:algorithm) { -7 }
-        let(:aik) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
-        let(:credential_key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+        let(:aik) { create_ec_key }
+        let(:credential_key) { create_ec_key }
 
         let(:pub_area) do
           t_public = ::TPM::TPublic.new
@@ -204,8 +204,7 @@
               t_public.alg_type = ::TPM::ALG_ECC
               t_public.name_alg = name_alg
               t_public.parameters = pub_area_parameters
-              t_public.unique.buffer =
-                OpenSSL::PKey::EC.generate("prime256v1").generate_key.public_key.to_bn.to_s(2)[1..-1]
+              t_public.unique.buffer = create_ec_key.public_key.to_bn.to_s(2)[1..-1]
 
               t_public.to_binary_s
             end