RubyGems - akero - Versions diffs - 1.0.4 → 1.1.0 - Mend

akero 1.0.4 → 1.1.0

Files changed (103) hide show

checksums.yaml +7 -0
data/.gitattributes +3 -0
data/.gitignore +0 -2
data/.rubocop.yml +43 -0
data/.travis.yml +3 -7
data/Gemfile +1 -0
data/Guardfile +4 -3
data/Makefile +26 -0
data/README.md +28 -10
data/Rakefile +8 -17
data/akero.gemspec +17 -10
data/bin/akero +6 -0
data/coverage/.last_run.json +5 -0
data/coverage/.resultset.json +367 -0
data/coverage/.resultset.json.lock +0 -0
data/coverage/assets/0.10.0/application.css +799 -0
data/coverage/assets/0.10.0/application.js +1707 -0
data/coverage/assets/0.10.0/colorbox/border.png +0 -0
data/coverage/assets/0.10.0/colorbox/controls.png +0 -0
data/coverage/assets/0.10.0/colorbox/loading.gif +0 -0
data/coverage/assets/0.10.0/colorbox/loading_background.png +0 -0
data/coverage/assets/0.10.0/favicon_green.png +0 -0
data/coverage/assets/0.10.0/favicon_red.png +0 -0
data/coverage/assets/0.10.0/favicon_yellow.png +0 -0
data/coverage/assets/0.10.0/loading.gif +0 -0
data/coverage/assets/0.10.0/magnify.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/coverage/assets/0.7.1/application.css +1110 -0
data/coverage/assets/0.7.1/application.js +626 -0
data/coverage/assets/0.7.1/fancybox/blank.gif +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_close.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_loading.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_nav_left.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_nav_right.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_e.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_n.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_ne.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_nw.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_s.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_se.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_sw.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_w.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_left.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_main.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_over.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_right.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox-x.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox-y.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox.png +0 -0
data/coverage/assets/0.7.1/favicon_green.png +0 -0
data/coverage/assets/0.7.1/favicon_red.png +0 -0
data/coverage/assets/0.7.1/favicon_yellow.png +0 -0
data/coverage/assets/0.7.1/loading.gif +0 -0
data/coverage/assets/0.7.1/magnify.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/coverage/index.html +2248 -0
data/doc/Akero/Message.html +475 -0
data/doc/Akero.html +1148 -0
data/doc/_index.html +125 -0
data/doc/class_list.html +53 -0
data/doc/css/common.css +1 -0
data/doc/css/full_list.css +57 -0
data/doc/css/style.css +338 -0
data/doc/file.README.html +186 -0
data/doc/file_list.html +55 -0
data/doc/frames.html +28 -0
data/doc/index.html +186 -0
data/doc/js/app.js +214 -0
data/doc/js/full_list.js +173 -0
data/doc/js/jquery.js +4 -0
data/doc/method_list.html +148 -0
data/doc/top-level-namespace.html +112 -0
data/lib/akero/benchmark.rb +21 -20
data/lib/akero/cli.rb +74 -0
data/lib/akero/version.rb +2 -1
data/lib/akero.rb +92 -90
data/spec/akero_spec.rb +66 -65
data/spec/spec_helper.rb +1 -0
metadata +164 -52

data/lib/akero.rb CHANGED Viewed

@@ -1,7 +1,8 @@
+# frozen_string_literal: true
 # Copyright (c) 2012 moe@busyloop.net
-#
+#
 # MIT License
-#
+#
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
@@ -9,10 +10,10 @@
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
@@ -21,15 +22,16 @@
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-require "akero/version"
+require 'akero/version'
 require 'openssl'
 require 'base64'
 # Akero is an easy-to-use library for peer-to-peer public key cryptography.
 #
-# Tested on: MRI 1.8.7, MRI 1.9.2, MRI 1.9.3, RBX 1.8, RBX 1.9
-# (JRuby may be added in the future but is currently NOT supported)
+# The only officially supported ruby runtime is MRI (latest version).
+# Regardless, Akero is known to work on any recent ruby version except JRuby.
+# Tested on: MRI 1.8.7, MRI 1.9.2, MRI 1.9.3, RBX 1.8, RBX 1.9, MRI 2.3.*, and more.
 class Akero
   # Akero::Message wraps a received message.
   class Message
@@ -40,7 +42,9 @@ class Akero
     # @private
     def initialize(body, signer_cert, type)
-      @body, @signer_cert, @type = body, signer_cert, type
+      @body = body
+      @signer_cert = signer_cert
+      @type = type
     end
     # @private
@@ -62,25 +66,26 @@ class Akero
   end
 end
+# Akero
 class Akero
-  ERR_MSG_MALFORMED_ENV = "Malformed message: Could not parse envelope" # @private
-  ERR_MSG_MALFORMED_BODY = "Malformed message: Could not parse body; POSSIBLE SPOOF ATTEMPT" # @private
-  ERR_PKEY_CORRUPT = "Invalid private key (checksum mismatch)" # @private
-  ERR_CERT_CORRUPT = "Invalid certificate" # @private
-  ERR_INVALID_RECIPIENT = "Invalid recipient (must be a String)" # @private
-  ERR_INVALID_RECIPIENT_CERT = "Invalid recipient (corrupt public key?)" # @private
-  ERR_DECRYPT = "Could not decrypt message" # @private
-  ERR_MSG_NOT_STRING_NOR_PKCS7 = "Message must be of type String or OpenSSL::PKCS7" # @private
-  ERR_MSG_CORRUPT_CERT = "Malformed message: Embedded certificate could not be verified; POSSIBLE SPOOF ATTEMPT!" # @private
-  ERR_MSG_TOO_MANY_SIGNERS = "Corrupt message: Zero or multiple signers, expected exactly 1; POSSIBLE SPOOF ATTEMPT" # @private
+  ERR_MSG_MALFORMED_ENV = 'Malformed message: Could not parse envelope' # @private
+  ERR_MSG_MALFORMED_BODY = 'Malformed message: Could not parse body; POSSIBLE SPOOF ATTEMPT' # @private
+  ERR_PKEY_CORRUPT = 'Invalid private key (checksum mismatch)' # @private
+  ERR_CERT_CORRUPT = 'Invalid certificate' # @private
+  ERR_INVALID_RECIPIENT = 'Invalid recipient (must be a String)' # @private
+  ERR_INVALID_RECIPIENT_CERT = 'Invalid recipient (corrupt public key?)' # @private
+  ERR_DECRYPT = 'Could not decrypt message' # @private
+  ERR_MSG_NOT_STRING_NOR_PKCS7 = 'Message must be of type String or OpenSSL::PKCS7' # @private
+  ERR_MSG_CORRUPT_CERT = 'Malformed message: Embedded certificate could not be verified; POSSIBLE SPOOF ATTEMPT!' # @private
+  ERR_MSG_TOO_MANY_SIGNERS = 'Corrupt message: Zero or multiple signers, expected exactly 1; POSSIBLE SPOOF ATTEMPT' # @private
   PKEY_HEADER = "-----BEGIN AKERO PRIVATE KEY-----\n" # @private
   PKEY_FOOTER = "-----END AKERO PRIVATE KEY-----\n" # @private
-  PLATE_CERT = ['CERTIFICATE','AKERO PUBLIC KEY'] # @private
-  PLATE_SIGNED = ['PKCS7', 'AKERO SIGNED MESSAGE'] # @private
-  PLATE_CRYPTED = ['PKCS7', 'AKERO SECRET MESSAGE'] # @private
+  PLATE_CERT = ['CERTIFICATE', 'AKERO PUBLIC KEY'].freeze # @private
+  PLATE_SIGNED = ['PKCS7', 'AKERO SIGNED MESSAGE'].freeze # @private
+  PLATE_CRYPTED = ['PKCS7', 'AKERO SECRET MESSAGE'].freeze # @private
-  DEFAULT_RSA_BITS = 2048
+  DEFAULT_RSA_BITS = 4096
   DEFAULT_DIGEST = OpenSSL::Digest::SHA512
   # Unique fingerprint of this Akero keypair.
@@ -104,26 +109,26 @@ class Akero
   # @param [Integer] rsa_bits RSA key length
   # @param [OpenSSL::Digest] digest Signature digest
   # @return [Akero] New Akero instance
-  def initialize(rsa_bits=DEFAULT_RSA_BITS, digest=DEFAULT_DIGEST)
+  def initialize(rsa_bits = DEFAULT_RSA_BITS, digest = DEFAULT_DIGEST)
     @key, @cert = generate_keypair(rsa_bits, digest) unless rsa_bits.nil?
   end
   # Load an Akero identity.
-  #
+  #
   # @example Load previously stored private key
   #   Akero.load(File.read('/tmp/alice.akr'))
   #
   # @param [String] private_key Akero private key
   # @return [Akero] New Akero instance
   def self.load(private_key)
-    inner = Base64.decode64(private_key[PKEY_HEADER.length..private_key.length-PKEY_FOOTER.length])
+    inner = Base64.decode64(private_key[PKEY_HEADER.length..private_key.length - PKEY_FOOTER.length])
     if inner[0..63] != OpenSSL::Digest::SHA512.new(inner[64..-1]).digest
-      raise RuntimeError, ERR_PKEY_CORRUPT
+      raise ERR_PKEY_CORRUPT
     end
     cert_len = inner[64..65].unpack('S')[0]
     akero = Akero.new(nil)
-    akero.instance_variable_set(:@cert, OpenSSL::X509::Certificate.new(inner[66..66+cert_len]))
-    akero.instance_variable_set(:@key, OpenSSL::PKey::RSA.new(inner[66+cert_len..-1]))
+    akero.instance_variable_set(:@cert, OpenSSL::X509::Certificate.new(inner[66..66 + cert_len]))
+    akero.instance_variable_set(:@key, OpenSSL::PKey::RSA.new(inner[66 + cert_len..-1]))
     akero
   end
@@ -134,18 +139,18 @@ class Akero
   #
   # @return [String] Public key (ascii armored)
   def public_key
-    Akero::replate(@cert.to_s, Akero::PLATE_CERT)
+    Akero.replate(@cert.to_s, Akero::PLATE_CERT)
   end
   # Private key (do not share this with anyone!)
-  #
+  #
   # @example Save and load an Akero identity
   #   alice = Akero.new
   #   # Save
   #   File.open('/tmp/alice.akr', 'w') { |f| f.write(alice.private_key) }
   #   # Load
   #   new_alice = Akero.load(File.read('/tmp/alice.akr'))
-  #
+  #
   # @return [String] Private key (ascii armored)
   # @see Akero#load
   def private_key
@@ -156,7 +161,7 @@ class Akero
     out << cert_der
     out << @key.to_der
     out.insert(0, OpenSSL::Digest::SHA512.new(out).digest)
-    PKEY_HEADER+Base64.encode64(out)+PKEY_FOOTER
+    PKEY_HEADER + Base64.encode64(out) + PKEY_FOOTER
   end
   # Sign a message.
@@ -164,7 +169,7 @@ class Akero
   # @param [String] plaintext The message to sign (binary safe)
   # @param [Boolean] ascii_armor Convert the output in base64?
   # @return [String] Akero signed message
-  def sign(plaintext, ascii_armor=true)
+  def sign(plaintext, ascii_armor = true)
     out = _sign(plaintext)
     ascii_armor ? Akero.replate(out.to_s, Akero::PLATE_SIGNED) : out.to_der
   end
@@ -189,20 +194,20 @@ class Akero
   # @param [String] plaintext The message to encrypt (binary safe)
   # @param [Boolean] ascii_armor Convert the output to base64?
   # @return [String] Akero secret message
-  def encrypt(to, plaintext, ascii_armor=true)
+  def encrypt(to, plaintext, ascii_armor = true)
     to = [to] unless to.is_a? Array
-    to = to.map { |e|
+    to = to.map do |e|
       case e
-        when String
-          begin
-            OpenSSL::X509::Certificate.new(Akero.replate(e, Akero::PLATE_CERT, true))
-          rescue OpenSSL::X509::CertificateError
-            raise RuntimeError, ERR_INVALID_RECIPIENT_CERT
-          end
-        else
-          raise RuntimeError, ERR_INVALID_RECIPIENT
+      when String
+        begin
+          OpenSSL::X509::Certificate.new(Akero.replate(e, Akero::PLATE_CERT, true))
+        rescue OpenSSL::X509::CertificateError
+          raise ERR_INVALID_RECIPIENT_CERT
+        end
+      else
+        raise ERR_INVALID_RECIPIENT
       end
-    }
+    end
     out = _sign(_encrypt(to, _sign(plaintext, false)))
     ascii_armor ? Akero.replate(out.to_s, PLATE_CRYPTED) : out.to_der
   end
@@ -218,21 +223,21 @@ class Akero
     begin
       body, signer_cert, body_type = verify(ciphertext, nil)
     rescue ArgumentError
-      raise RuntimeError, ERR_MSG_MALFORMED_ENV
+      raise ERR_MSG_MALFORMED_ENV
     end
     case body_type.ord
-      when 0x00
-        # public message (signed)
-        return Message.new(body, signer_cert, :signed)
-      when 0x01
-        # private message (signed, crypted, signed)
-        signed_plaintext = _decrypt(body)
-        plaintext, verified_cert, body_type = verify(signed_plaintext, signer_cert)
-        msg = Message.new(plaintext, signer_cert, :encrypted)
-        return msg
+    when 0x00
+      # public message (signed)
+      return Message.new(body, signer_cert, :signed)
+    when 0x01
+      # private message (signed, crypted, signed)
+      signed_plaintext = _decrypt(body)
+      plaintext, _verified_cert, _body_type = verify(signed_plaintext, signer_cert)
+      msg = Message.new(plaintext, signer_cert, :encrypted)
+      return msg
     end
-    raise RuntimeError, ERR_MSG_MALFORMED_BODY
+    raise ERR_MSG_MALFORMED_BODY
   end
   # @private
@@ -244,9 +249,9 @@ class Akero
   def to_s
     inspect
   end
   #---------------------------------------------------------------------------
-  protected
+  class << self; protected; end
   # Swap the "license plates" on an ascii-armored message.
   # This is done for user-friendliness, so stored Akero
@@ -256,9 +261,9 @@ class Akero
   # @param [Array] plates Array of the two plates to swap
   # @param [Boolean] reverse Reverse the swap?
   # @return [String] The replated message
-  def self.replate(msg, plates, reverse=false)
-    a,b = reverse ? [1,0] : [0,1]
-    "-----BEGIN #{plates[b]}-----#{msg.strip[plates[a].length+16..-(plates[a].length+15)]}-----END #{plates[b]}-----\n"
+  def self.replate(msg, plates, reverse = false)
+    a, b = reverse ? [1, 0] : [0, 1]
+    "-----BEGIN #{plates[b]}-----#{msg.strip[plates[a].length + 16..-(plates[a].length + 15)]}-----END #{plates[b]}-----\n"
   end
   # Extract fingerprint from an Akero public key.
@@ -268,37 +273,35 @@ class Akero
     cert.extensions.map.each do |e|
       return "AK:#{e.value}" if e.oid == 'subjectKeyIdentifier'
     end
-    raise RuntimeError, ERR_CERT_CORRUPT
+    raise ERR_CERT_CORRUPT
   end
   #---------------------------------------------------------------------------
-  private
+  private
   def _decrypt(crypted_msg)
-    begin
-      OpenSSL::PKCS7.new(crypted_msg).decrypt(@key, @cert)
-    rescue OpenSSL::PKCS7::PKCS7Error, "decrypt error"
-      raise RuntimeError, ERR_DECRYPT
-    end
+    OpenSSL::PKCS7.new(crypted_msg).decrypt(@key, @cert)
+  rescue OpenSSL::PKCS7::PKCS7Error, 'decrypt error'
+    raise ERR_DECRYPT
   end
-  def _encrypt(to, msg, cipher=nil)
-    cipher ||= OpenSSL::Cipher::new("AES-256-CFB")
-    OpenSSL::PKCS7::encrypt(to, msg.to_der, cipher, OpenSSL::PKCS7::BINARY)
+  def _encrypt(to, msg, cipher = nil)
+    cipher ||= OpenSSL::Cipher.new('AES-256-CFB')
+    OpenSSL::PKCS7.encrypt(to, msg.to_der, cipher, OpenSSL::PKCS7::BINARY)
   end
-  def _sign(message, embed_cert=true)
+  def _sign(message, embed_cert = true)
     flags = embed_cert ? OpenSSL::PKCS7::BINARY : (OpenSSL::PKCS7::BINARY | OpenSSL::PKCS7::NOCERTS)
     case message
-      when String
-        type = 0x00
-      when OpenSSL::PKCS7
-        type = 0x01
-      else
-        raise RuntimeError, ERR_MSG_NOT_STRING_NOR_PKCS7
+    when String
+      type = 0x00
+    when OpenSSL::PKCS7
+      type = 0x01
+    else
+      raise ERR_MSG_NOT_STRING_NOR_PKCS7
     end
     message = message.to_der if message.is_a? OpenSSL::PKCS7
-    OpenSSL::PKCS7::sign(@cert, @key, type.chr + message, [], flags)
+    OpenSSL::PKCS7.sign(@cert, @key, type.chr + message, [], flags)
   end
   def verify(signed_msg, cert)
@@ -306,15 +309,15 @@ class Akero
     store = OpenSSL::X509::Store.new
     if cert.nil?
-      if signed_msg.certificates.nil? or signed_msg.certificates.length != 1
-        raise RuntimeError, ERR_MSG_TOO_MANY_SIGNERS
+      if signed_msg.certificates.nil? || signed_msg.certificates.length != 1
+        raise ERR_MSG_TOO_MANY_SIGNERS
       end
       cert = signed_msg.certificates[0]
     end
     unless signed_msg.verify([cert], store, nil, OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOVERIFY)
-      raise RuntimeError, ERR_MSG_CORRUPT_CERT
+      raise ERR_MSG_CORRUPT_CERT
     end
     [signed_msg.data[1..-1], cert, signed_msg.data[0]]
@@ -325,7 +328,7 @@ class Akero
   # @param [Integer] rsa_bits RSA key length
   # @param [OpenSSL::Digest] digest Signature digest
   # @return [Array] rsa_keypair, certificate
-  def generate_keypair(rsa_bits=DEFAULT_RSA_BITS, digest=DEFAULT_DIGEST)
+  def generate_keypair(rsa_bits = DEFAULT_RSA_BITS, digest = DEFAULT_DIGEST)
     cn = "Akero #{Akero::VERSION}"
     rsa = OpenSSL::PKey::RSA.new(rsa_bits)
@@ -337,20 +340,19 @@ class Akero
     cert.issuer = name
     cert.not_before = Time.now
     # valid until 2038-01-19 04:14:06 +0100
-    cert.not_after = Time.at(2147483646)
+    cert.not_after = Time.at(2_147_483_646)
     cert.public_key = rsa.public_key
     ef = OpenSSL::X509::ExtensionFactory.new(nil, cert)
     ef.issuer_certificate = cert
     cert.extensions = [
-      ef.create_extension("basicConstraints","CA:FALSE"),
-      ef.create_extension("subjectKeyIdentifier", "hash"),
+      ef.create_extension('basicConstraints', 'CA:FALSE'),
+      ef.create_extension('subjectKeyIdentifier', 'hash')
     ]
-    aki = ef.create_extension("authorityKeyIdentifier",
-                              "keyid:always,issuer:always")
+    aki = ef.create_extension('authorityKeyIdentifier',
+                              'keyid:always,issuer:always')
     cert.add_extension(aki)
     cert.sign(rsa, digest.new)
     [rsa, cert]
   end
 end

data/spec/akero_spec.rb CHANGED Viewed

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 require 'spec_helper'
 require 'openssl'
 describe Akero do
   subject { Akero.new(1024) }
   describe '#new' do
-    it "returns instance with unique fingerprint" do
+    it 'returns instance with unique fingerprint' do
       memo = {}
       10.times do
         id = Akero.new.id
@@ -15,7 +16,7 @@ describe Akero do
   end
   describe '#id' do
-    it "returns a String that looks like an Akero fingerprint" do
+    it 'returns a String that looks like an Akero fingerprint' do
       subject.id.should be_a String
       subject.id.should match /^AK(:([a-fA-Z0-9]){2}){20}$/
     end
@@ -23,13 +24,13 @@ describe Akero do
   describe '#private_key' do
     describe 'return value' do
-      it "is a String that looks like an Akero private key" do
+      it 'is a String that looks like an Akero private key' do
         subject.private_key.should be_a String
         subject.private_key.should match /^#{Akero::PKEY_HEADER}/
         subject.private_key.should match /\n#{Akero::PKEY_FOOTER}$/
       end
-      it "can be loaded by Akero" do
+      it 'can be loaded by Akero' do
         bob = Akero.load(subject.private_key)
         bob.id.should == subject.id
         bob.public_key.should == subject.public_key
@@ -39,29 +40,29 @@ describe Akero do
   describe '#public_key' do
     describe 'return value' do
-      it "is a String that looks like an Akero public key" do
+      it 'is a String that looks like an Akero public key' do
         subject.public_key.should be_a String
         subject.public_key.should match /^-----BEGIN #{Akero::PLATE_CERT[1]}-----\n/
         subject.public_key.should match /\n-----END #{Akero::PLATE_CERT[1]}-----\n$/
       end
-      it "raises RuntimeError when trying to load as private key" do
-        lambda {
+      it 'raises RuntimeError when trying to load as private key' do
+        lambda do
           bob = Akero.load(subject.public_key)
           bob.id.should == subject.id
           bob.public_key.should == subject.public_key
-        }.should raise_error RuntimeError, Akero::ERR_PKEY_CORRUPT
+        end.should raise_error RuntimeError, Akero::ERR_PKEY_CORRUPT
       end
     end
   end
   describe '#sign' do
-    ([true, false]).each do |ascii_armor|
+    [true, false].each do |ascii_armor|
       describe "ascii_armor=#{ascii_armor}" do
         describe 'return value' do
           if ascii_armor
-            it "is a String that looks like an Akero signed message" do
-              plaintext = "Hello world!"
+            it 'is a String that looks like an Akero signed message' do
+              plaintext = 'Hello world!'
               signed_msg = subject.sign(plaintext, ascii_armor)
               signed_msg.should be_a String
               signed_msg.should match /^-----BEGIN #{Akero::PLATE_SIGNED[1]}-----\n/
@@ -69,8 +70,8 @@ describe Akero do
             end
           end
-          it "contains valid signature" do
-            plaintext = "Hello world!"
+          it 'contains valid signature' do
+            plaintext = 'Hello world!'
             signed_msg = subject.sign(plaintext, ascii_armor)
             bob = Akero.new
             msg = bob.receive(signed_msg)
@@ -85,12 +86,12 @@ describe Akero do
   end
   describe '#encrypt' do
-    ([true, false]).each do |ascii_armor|
+    [true, false].each do |ascii_armor|
       describe "ascii_armor=#{ascii_armor}" do
         describe 'return value' do
           if ascii_armor
-            it "is a String that looks like an Akero secret message" do
-              plaintext = "Hello world!"
+            it 'is a String that looks like an Akero secret message' do
+              plaintext = 'Hello world!'
               ciphertext = subject.encrypt(subject.public_key, plaintext, ascii_armor)
               ciphertext.should be_a String
               ciphertext.should match /^-----BEGIN #{Akero::PLATE_CRYPTED[1]}-----\n/
@@ -98,25 +99,25 @@ describe Akero do
             end
           end
-          it "raises RuntimeError on invalid recipient (invalid public key)" do
-            lambda {
-              msg = "Hello world!"
+          it 'raises RuntimeError on invalid recipient (invalid public key)' do
+            lambda do
+              msg = 'Hello world!'
               ciphertext = subject.encrypt([subject.public_key, 'foo'], msg)
-            }.should raise_error RuntimeError, Akero::ERR_INVALID_RECIPIENT_CERT
+            end.should raise_error RuntimeError, Akero::ERR_INVALID_RECIPIENT_CERT
           end
-          it "raises RuntimeError on invalid recipient (wrong type)" do
-            lambda {
-              msg = "Hello world!"
+          it 'raises RuntimeError on invalid recipient (wrong type)' do
+            lambda do
+              msg = 'Hello world!'
               ciphertext = subject.encrypt([subject.public_key, 42], msg)
-            }.should raise_error RuntimeError, Akero::ERR_INVALID_RECIPIENT
+            end.should raise_error RuntimeError, Akero::ERR_INVALID_RECIPIENT
           end
-          it "raises RuntimeError when message is not String" do
-            lambda {
-              msg = "Hello world!"
+          it 'raises RuntimeError when message is not String' do
+            lambda do
+              msg = 'Hello world!'
               ciphertext = subject.encrypt(subject.public_key, 42)
-            }.should raise_error RuntimeError, Akero::ERR_MSG_NOT_STRING_NOR_PKCS7
+            end.should raise_error RuntimeError, Akero::ERR_MSG_NOT_STRING_NOR_PKCS7
           end
         end
       end
@@ -124,18 +125,18 @@ describe Akero do
   end
   describe '#receive' do
-    ([true, false]).each do |ascii_armor|
+    [true, false].each do |ascii_armor|
       describe "ascii_armor=#{ascii_armor}" do
-        it "decrypts message that was encrypted for self" do
-          plaintext = "Hello world!"
+        it 'decrypts message that was encrypted for self' do
+          plaintext = 'Hello world!'
           ciphertext = subject.encrypt(subject.public_key, plaintext, ascii_armor)
           msg = subject.receive(ciphertext)
           msg.body.should == plaintext
           msg.type.should == :encrypted
         end
-        it "decrypts message that was encrypted for self and other recipients" do
-          plaintext = "Hello world!"
+        it 'decrypts message that was encrypted for self and other recipients' do
+          plaintext = 'Hello world!'
           alice = Akero.new
           bob   = Akero.new
           ciphertext = subject.encrypt([alice.public_key, subject.public_key, bob.public_key], plaintext, ascii_armor)
@@ -144,20 +145,20 @@ describe Akero do
           msg.type.should == :encrypted
         end
-        it "fails to decrypt message that was encrypted only for other recipients" do
-          lambda {
-            plaintext = "Hello world!"
+        it 'fails to decrypt message that was encrypted only for other recipients' do
+          lambda do
+            plaintext = 'Hello world!'
             alice = Akero.new
             bob   = Akero.new
             ciphertext = subject.encrypt([alice.public_key, bob.public_key], plaintext, ascii_armor)
             msg = subject.receive(ciphertext)
             msg.body.should == plaintext
             msg.type.should == :encrypted
-          }.should raise_error RuntimeError, Akero::ERR_DECRYPT
+          end.should raise_error RuntimeError, Akero::ERR_DECRYPT
         end
-        it "extracts signature from signed message" do
-          plaintext = "Hello world!"
+        it 'extracts signature from signed message' do
+          plaintext = 'Hello world!'
           alice = Akero.new
           signed_msg = subject.sign(plaintext, ascii_armor)
           msg = alice.receive(signed_msg)
@@ -165,82 +166,82 @@ describe Akero do
           msg.type.should == :signed
         end
-        it "raises RuntimeError on invalid message" do
-          lambda {
-            subject.receive("foobar")
-          }.should raise_error RuntimeError #, Akero::ERR_MSG_MALFORMED_ENV
+        it 'raises RuntimeError on invalid message' do
+          lambda do
+            subject.receive('foobar')
+          end.should raise_error RuntimeError # , Akero::ERR_MSG_MALFORMED_ENV
         end
-        it "raises RuntimeError when payload does not match envelope signature" do
-          lambda {
+        it 'raises RuntimeError when payload does not match envelope signature' do
+          lambda do
             oscar = Akero.new
             raw_key = subject.send(:instance_variable_get, '@cert')
             a = subject.send(:_encrypt, [raw_key], subject.send(:_sign, 'foobar'))
             b = oscar.send(:_sign, a)
             c = ascii_armor ? Akero.replate(b.to_s, Akero::PLATE_CRYPTED) : b.to_der
             subject.receive(c)
-          }.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
+          end.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
         end
-        it "raises RuntimeError on malformed inner message" do
-          lambda {
+        it 'raises RuntimeError on malformed inner message' do
+          lambda do
             key, cert = subject.send(:generate_keypair, 1024)
-            env = OpenSSL::PKCS7::sign(cert, key, 0xff.chr, [], OpenSSL::PKCS7::BINARY)
+            env = OpenSSL::PKCS7.sign(cert, key, 0xff.chr, [], OpenSSL::PKCS7::BINARY)
             broken_msg = Akero.replate(env.to_s, Akero::PLATE_CRYPTED)
             subject.receive(broken_msg)
-          }.should raise_error RuntimeError, Akero::ERR_MSG_MALFORMED_BODY
+          end.should raise_error RuntimeError, Akero::ERR_MSG_MALFORMED_BODY
         end
-        it "raises RuntimeError on unsigned message" do
-          lambda {
+        it 'raises RuntimeError on unsigned message' do
+          lambda do
             raw_key = subject.send(:instance_variable_get, '@cert')
-            env = OpenSSL::PKCS7::encrypt([raw_key], 'foobar', OpenSSL::Cipher::new("AES-256-CFB"), OpenSSL::PKCS7::BINARY)
+            env = OpenSSL::PKCS7.encrypt([raw_key], 'foobar', OpenSSL::Cipher.new('AES-256-CFB'), OpenSSL::PKCS7::BINARY)
             broken_msg = Akero.replate(env.to_s, Akero::PLATE_CRYPTED)
             subject.receive(broken_msg)
-          }.should raise_error RuntimeError, Akero::ERR_MSG_TOO_MANY_SIGNERS
+          end.should raise_error RuntimeError, Akero::ERR_MSG_TOO_MANY_SIGNERS
         end
       end
     end
   end
   describe '#verify' do
-    it "raises RuntimeError when embedded certificate can not be verified" do
-      lambda {
+    it 'raises RuntimeError when embedded certificate can not be verified' do
+      lambda do
         fake_msg = mock('fake_msg')
         fake_msg.stub(:verify).and_return(false)
         fake_msg.stub_chain(:certificates, :length).and_return(1)
         fake_msg.stub_chain(:certificates, :[]).and_return(nil)
         subject.send(:verify, fake_msg, nil)
-      }.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
+      end.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
     end
   end
   describe '#inspect' do
-    it "returns a summary String" do
+    it 'returns a summary String' do
       s = subject.inspect
       s.should match /id=AK:/
     end
   end
   describe '#to_s' do
-    it "returns the same value as #inspect" do
+    it 'returns the same value as #inspect' do
       subject.to_s.should == subject.inspect
     end
   end
   describe '.fingerprint_from_cert' do
-    it "raises RuntimeError on invalid cert" do
+    it 'raises RuntimeError on invalid cert' do
       mock_cert = mock('mock_cert')
       mock_cert.stub_chain(:extensions, :map, :each).and_return(nil)
-      lambda {
+      lambda do
         Akero.fingerprint_from_cert(mock_cert)
-      }.should raise_error RuntimeError, Akero::ERR_CERT_CORRUPT
+      end.should raise_error RuntimeError, Akero::ERR_CERT_CORRUPT
     end
   end
   describe Akero::Message do
     describe '#inspect' do
-      it "returns a summary String" do
+      it 'returns a summary String' do
         signed_msg = subject.sign('')
         msg = subject.receive(signed_msg)
         s = msg.inspect

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'simplecov'
 SimpleCov.start