RubyGems - akero - Versions diffs - 1.0.4 → 1.1.0 - Mend

akero 1.0.4 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (103) hide show

checksums.yaml +7 -0
data/.gitattributes +3 -0
data/.gitignore +0 -2
data/.rubocop.yml +43 -0
data/.travis.yml +3 -7
data/Gemfile +1 -0
data/Guardfile +4 -3
data/Makefile +26 -0
data/README.md +28 -10
data/Rakefile +8 -17
data/akero.gemspec +17 -10
data/bin/akero +6 -0
data/coverage/.last_run.json +5 -0
data/coverage/.resultset.json +367 -0
data/coverage/.resultset.json.lock +0 -0
data/coverage/assets/0.10.0/application.css +799 -0
data/coverage/assets/0.10.0/application.js +1707 -0
data/coverage/assets/0.10.0/colorbox/border.png +0 -0
data/coverage/assets/0.10.0/colorbox/controls.png +0 -0
data/coverage/assets/0.10.0/colorbox/loading.gif +0 -0
data/coverage/assets/0.10.0/colorbox/loading_background.png +0 -0
data/coverage/assets/0.10.0/favicon_green.png +0 -0
data/coverage/assets/0.10.0/favicon_red.png +0 -0
data/coverage/assets/0.10.0/favicon_yellow.png +0 -0
data/coverage/assets/0.10.0/loading.gif +0 -0
data/coverage/assets/0.10.0/magnify.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/coverage/assets/0.7.1/application.css +1110 -0
data/coverage/assets/0.7.1/application.js +626 -0
data/coverage/assets/0.7.1/fancybox/blank.gif +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_close.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_loading.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_nav_left.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_nav_right.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_e.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_n.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_ne.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_nw.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_s.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_se.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_sw.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_w.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_left.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_main.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_over.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_right.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox-x.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox-y.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox.png +0 -0
data/coverage/assets/0.7.1/favicon_green.png +0 -0
data/coverage/assets/0.7.1/favicon_red.png +0 -0
data/coverage/assets/0.7.1/favicon_yellow.png +0 -0
data/coverage/assets/0.7.1/loading.gif +0 -0
data/coverage/assets/0.7.1/magnify.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/coverage/index.html +2248 -0
data/doc/Akero/Message.html +475 -0
data/doc/Akero.html +1148 -0
data/doc/_index.html +125 -0
data/doc/class_list.html +53 -0
data/doc/css/common.css +1 -0
data/doc/css/full_list.css +57 -0
data/doc/css/style.css +338 -0
data/doc/file.README.html +186 -0
data/doc/file_list.html +55 -0
data/doc/frames.html +28 -0
data/doc/index.html +186 -0
data/doc/js/app.js +214 -0
data/doc/js/full_list.js +173 -0
data/doc/js/jquery.js +4 -0
data/doc/method_list.html +148 -0
data/doc/top-level-namespace.html +112 -0
data/lib/akero/benchmark.rb +21 -20
data/lib/akero/cli.rb +74 -0
data/lib/akero/version.rb +2 -1
data/lib/akero.rb +92 -90
data/spec/akero_spec.rb +66 -65
data/spec/spec_helper.rb +1 -0
metadata +164 -52

data/lib/akero.rb CHANGED Viewed

@@ -1,7 +1,8 @@
+# frozen_string_literal: true
 # Copyright (c) 2012 moe@busyloop.net
-#
+#
 # MIT License
-#
+#
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
@@ -9,10 +10,10 @@
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
-#
+#
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
-#
+#
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
@@ -21,15 +22,16 @@
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-require "akero/version"
+require 'akero/version'
 require 'openssl'
 require 'base64'
 # Akero is an easy-to-use library for peer-to-peer public key cryptography.
 #
-# Tested on: MRI 1.8.7, MRI 1.9.2, MRI 1.9.3, RBX 1.8, RBX 1.9
-# (JRuby may be added in the future but is currently NOT supported)
+# The only officially supported ruby runtime is MRI (latest version).
+# Regardless, Akero is known to work on any recent ruby version except JRuby.
+# Tested on: MRI 1.8.7, MRI 1.9.2, MRI 1.9.3, RBX 1.8, RBX 1.9, MRI 2.3.*, and more.
 class Akero
   # Akero::Message wraps a received message.
   class Message
@@ -40,7 +42,9 @@ class Akero
     # @private
     def initialize(body, signer_cert, type)
-      @body, @signer_cert, @type = body, signer_cert, type
+      @body = body
+      @signer_cert = signer_cert
+      @type = type
     end
     # @private
@@ -62,25 +66,26 @@ class Akero
   end
 end
+# Akero
 class Akero
-  ERR_MSG_MALFORMED_ENV = "Malformed message: Could not parse envelope" # @private
-  ERR_MSG_MALFORMED_BODY = "Malformed message: Could not parse body; POSSIBLE SPOOF ATTEMPT" # @private
-  ERR_PKEY_CORRUPT = "Invalid private key (checksum mismatch)" # @private
-  ERR_CERT_CORRUPT = "Invalid certificate" # @private
-  ERR_INVALID_RECIPIENT = "Invalid recipient (must be a String)" # @private
-  ERR_INVALID_RECIPIENT_CERT = "Invalid recipient (corrupt public key?)" # @private
-  ERR_DECRYPT = "Could not decrypt message" # @private
-  ERR_MSG_NOT_STRING_NOR_PKCS7 = "Message must be of type String or OpenSSL::PKCS7" # @private
-  ERR_MSG_CORRUPT_CERT = "Malformed message: Embedded certificate could not be verified; POSSIBLE SPOOF ATTEMPT!" # @private
-  ERR_MSG_TOO_MANY_SIGNERS = "Corrupt message: Zero or multiple signers, expected exactly 1; POSSIBLE SPOOF ATTEMPT" # @private
+  ERR_MSG_MALFORMED_ENV = 'Malformed message: Could not parse envelope' # @private
+  ERR_MSG_MALFORMED_BODY = 'Malformed message: Could not parse body; POSSIBLE SPOOF ATTEMPT' # @private
+  ERR_PKEY_CORRUPT = 'Invalid private key (checksum mismatch)' # @private
+  ERR_CERT_CORRUPT = 'Invalid certificate' # @private
+  ERR_INVALID_RECIPIENT = 'Invalid recipient (must be a String)' # @private
+  ERR_INVALID_RECIPIENT_CERT = 'Invalid recipient (corrupt public key?)' # @private
+  ERR_DECRYPT = 'Could not decrypt message' # @private
+  ERR_MSG_NOT_STRING_NOR_PKCS7 = 'Message must be of type String or OpenSSL::PKCS7' # @private
+  ERR_MSG_CORRUPT_CERT = 'Malformed message: Embedded certificate could not be verified; POSSIBLE SPOOF ATTEMPT!' # @private
+  ERR_MSG_TOO_MANY_SIGNERS = 'Corrupt message: Zero or multiple signers, expected exactly 1; POSSIBLE SPOOF ATTEMPT' # @private
   PKEY_HEADER = "-----BEGIN AKERO PRIVATE KEY-----\n" # @private
   PKEY_FOOTER = "-----END AKERO PRIVATE KEY-----\n" # @private
-  PLATE_CERT = ['CERTIFICATE','AKERO PUBLIC KEY'] # @private
-  PLATE_SIGNED = ['PKCS7', 'AKERO SIGNED MESSAGE'] # @private
-  PLATE_CRYPTED = ['PKCS7', 'AKERO SECRET MESSAGE'] # @private
+  PLATE_CERT = ['CERTIFICATE', 'AKERO PUBLIC KEY'].freeze # @private
+  PLATE_SIGNED = ['PKCS7', 'AKERO SIGNED MESSAGE'].freeze # @private
+  PLATE_CRYPTED = ['PKCS7', 'AKERO SECRET MESSAGE'].freeze # @private
-  DEFAULT_RSA_BITS = 2048
+  DEFAULT_RSA_BITS = 4096
   DEFAULT_DIGEST = OpenSSL::Digest::SHA512
   # Unique fingerprint of this Akero keypair.
@@ -104,26 +109,26 @@ class Akero
   # @param [Integer] rsa_bits RSA key length
   # @param [OpenSSL::Digest] digest Signature digest
   # @return [Akero] New Akero instance
-  def initialize(rsa_bits=DEFAULT_RSA_BITS, digest=DEFAULT_DIGEST)
+  def initialize(rsa_bits = DEFAULT_RSA_BITS, digest = DEFAULT_DIGEST)
     @key, @cert = generate_keypair(rsa_bits, digest) unless rsa_bits.nil?
   end
   # Load an Akero identity.
-  #
+  #
   # @example Load previously stored private key
   #   Akero.load(File.read('/tmp/alice.akr'))
   #
   # @param [String] private_key Akero private key
   # @return [Akero] New Akero instance
   def self.load(private_key)
-    inner = Base64.decode64(private_key[PKEY_HEADER.length..private_key.length-PKEY_FOOTER.length])
+    inner = Base64.decode64(private_key[PKEY_HEADER.length..private_key.length - PKEY_FOOTER.length])
     if inner[0..63] != OpenSSL::Digest::SHA512.new(inner[64..-1]).digest
-      raise RuntimeError, ERR_PKEY_CORRUPT
+      raise ERR_PKEY_CORRUPT
     end
     cert_len = inner[64..65].unpack('S')[0]
     akero = Akero.new(nil)
-    akero.instance_variable_set(:@cert, OpenSSL::X509::Certificate.new(inner[66..66+cert_len]))
-    akero.instance_variable_set(:@key, OpenSSL::PKey::RSA.new(inner[66+cert_len..-1]))
+    akero.instance_variable_set(:@cert, OpenSSL::X509::Certificate.new(inner[66..66 + cert_len]))
+    akero.instance_variable_set(:@key, OpenSSL::PKey::RSA.new(inner[66 + cert_len..-1]))
     akero
   end
@@ -134,18 +139,18 @@ class Akero
   #
   # @return [String] Public key (ascii armored)
   def public_key
-    Akero::replate(@cert.to_s, Akero::PLATE_CERT)
+    Akero.replate(@cert.to_s, Akero::PLATE_CERT)
   end
   # Private key (do not share this with anyone!)
-  #
+  #
   # @example Save and load an Akero identity
   #   alice = Akero.new
   #   # Save
   #   File.open('/tmp/alice.akr', 'w') { |f| f.write(alice.private_key) }
   #   # Load
   #   new_alice = Akero.load(File.read('/tmp/alice.akr'))
-  #
+  #
   # @return [String] Private key (ascii armored)
   # @see Akero#load
   def private_key
@@ -156,7 +161,7 @@ class Akero
     out << cert_der
     out << @key.to_der
     out.insert(0, OpenSSL::Digest::SHA512.new(out).digest)
-    PKEY_HEADER+Base64.encode64(out)+PKEY_FOOTER
+    PKEY_HEADER + Base64.encode64(out) + PKEY_FOOTER
   end
   # Sign a message.
@@ -164,7 +169,7 @@ class Akero
   # @param [String] plaintext The message to sign (binary safe)
   # @param [Boolean] ascii_armor Convert the output in base64?
   # @return [String] Akero signed message
-  def sign(plaintext, ascii_armor=true)
+  def sign(plaintext, ascii_armor = true)
     out = _sign(plaintext)
     ascii_armor ? Akero.replate(out.to_s, Akero::PLATE_SIGNED) : out.to_der
   end
@@ -189,20 +194,20 @@ class Akero
   # @param [String] plaintext The message to encrypt (binary safe)
   # @param [Boolean] ascii_armor Convert the output to base64?
   # @return [String] Akero secret message
-  def encrypt(to, plaintext, ascii_armor=true)
+  def encrypt(to, plaintext, ascii_armor = true)
     to = [to] unless to.is_a? Array
-    to = to.map { |e|
+    to = to.map do |e|
       case e
-        when String
-          begin
-            OpenSSL::X509::Certificate.new(Akero.replate(e, Akero::PLATE_CERT, true))
-          rescue OpenSSL::X509::CertificateError
-            raise RuntimeError, ERR_INVALID_RECIPIENT_CERT
-          end
-        else
-          raise RuntimeError, ERR_INVALID_RECIPIENT
+      when String
+        begin
+          OpenSSL::X509::Certificate.new(Akero.replate(e, Akero::PLATE_CERT, true))
+        rescue OpenSSL::X509::CertificateError
+          raise ERR_INVALID_RECIPIENT_CERT
+        end
+      else
+        raise ERR_INVALID_RECIPIENT
       end
-    }
+    end
     out = _sign(_encrypt(to, _sign(plaintext, false)))
     ascii_armor ? Akero.replate(out.to_s, PLATE_CRYPTED) : out.to_der
   end
@@ -218,21 +223,21 @@ class Akero
     begin
       body, signer_cert, body_type = verify(ciphertext, nil)
     rescue ArgumentError
-      raise RuntimeError, ERR_MSG_MALFORMED_ENV
+      raise ERR_MSG_MALFORMED_ENV
     end
     case body_type.ord
-      when 0x00
-        # public message (signed)
-        return Message.new(body, signer_cert, :signed)
-      when 0x01
-        # private message (signed, crypted, signed)
-        signed_plaintext = _decrypt(body)
-        plaintext, verified_cert, body_type = verify(signed_plaintext, signer_cert)
-        msg = Message.new(plaintext, signer_cert, :encrypted)
-        return msg
+    when 0x00
+      # public message (signed)
+      return Message.new(body, signer_cert, :signed)
+    when 0x01
+      # private message (signed, crypted, signed)
+      signed_plaintext = _decrypt(body)
+      plaintext, _verified_cert, _body_type = verify(signed_plaintext, signer_cert)
+      msg = Message.new(plaintext, signer_cert, :encrypted)
+      return msg
     end
-    raise RuntimeError, ERR_MSG_MALFORMED_BODY
+    raise ERR_MSG_MALFORMED_BODY
   end
   # @private
@@ -244,9 +249,9 @@ class Akero
   def to_s
     inspect
   end
   #---------------------------------------------------------------------------
-  protected
+  class << self; protected; end
   # Swap the "license plates" on an ascii-armored message.
   # This is done for user-friendliness, so stored Akero
@@ -256,9 +261,9 @@ class Akero
   # @param [Array] plates Array of the two plates to swap
   # @param [Boolean] reverse Reverse the swap?
   # @return [String] The replated message
-  def self.replate(msg, plates, reverse=false)
-    a,b = reverse ? [1,0] : [0,1]
-    "-----BEGIN #{plates[b]}-----#{msg.strip[plates[a].length+16..-(plates[a].length+15)]}-----END #{plates[b]}-----\n"
+  def self.replate(msg, plates, reverse = false)
+    a, b = reverse ? [1, 0] : [0, 1]
+    "-----BEGIN #{plates[b]}-----#{msg.strip[plates[a].length + 16..-(plates[a].length + 15)]}-----END #{plates[b]}-----\n"
   end
   # Extract fingerprint from an Akero public key.
@@ -268,37 +273,35 @@ class Akero
     cert.extensions.map.each do |e|
       return "AK:#{e.value}" if e.oid == 'subjectKeyIdentifier'
     end
-    raise RuntimeError, ERR_CERT_CORRUPT
+    raise ERR_CERT_CORRUPT
   end
   #---------------------------------------------------------------------------
-  private
+  private
   def _decrypt(crypted_msg)
-    begin
-      OpenSSL::PKCS7.new(crypted_msg).decrypt(@key, @cert)
-    rescue OpenSSL::PKCS7::PKCS7Error, "decrypt error"
-      raise RuntimeError, ERR_DECRYPT
-    end
+    OpenSSL::PKCS7.new(crypted_msg).decrypt(@key, @cert)
+  rescue OpenSSL::PKCS7::PKCS7Error, 'decrypt error'
+    raise ERR_DECRYPT
   end
-  def _encrypt(to, msg, cipher=nil)
-    cipher ||= OpenSSL::Cipher::new("AES-256-CFB")
-    OpenSSL::PKCS7::encrypt(to, msg.to_der, cipher, OpenSSL::PKCS7::BINARY)
+  def _encrypt(to, msg, cipher = nil)
+    cipher ||= OpenSSL::Cipher.new('AES-256-CFB')
+    OpenSSL::PKCS7.encrypt(to, msg.to_der, cipher, OpenSSL::PKCS7::BINARY)
   end
-  def _sign(message, embed_cert=true)
+  def _sign(message, embed_cert = true)
     flags = embed_cert ? OpenSSL::PKCS7::BINARY : (OpenSSL::PKCS7::BINARY | OpenSSL::PKCS7::NOCERTS)
     case message
-      when String
-        type = 0x00
-      when OpenSSL::PKCS7
-        type = 0x01
-      else
-        raise RuntimeError, ERR_MSG_NOT_STRING_NOR_PKCS7
+    when String
+      type = 0x00
+    when OpenSSL::PKCS7
+      type = 0x01
+    else
+      raise ERR_MSG_NOT_STRING_NOR_PKCS7
     end
     message = message.to_der if message.is_a? OpenSSL::PKCS7
-    OpenSSL::PKCS7::sign(@cert, @key, type.chr + message, [], flags)
+    OpenSSL::PKCS7.sign(@cert, @key, type.chr + message, [], flags)
   end
   def verify(signed_msg, cert)
@@ -306,15 +309,15 @@ class Akero
     store = OpenSSL::X509::Store.new
     if cert.nil?
-      if signed_msg.certificates.nil? or signed_msg.certificates.length != 1
-        raise RuntimeError, ERR_MSG_TOO_MANY_SIGNERS
+      if signed_msg.certificates.nil? || signed_msg.certificates.length != 1
+        raise ERR_MSG_TOO_MANY_SIGNERS
       end
       cert = signed_msg.certificates[0]
     end
     unless signed_msg.verify([cert], store, nil, OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOVERIFY)
-      raise RuntimeError, ERR_MSG_CORRUPT_CERT
+      raise ERR_MSG_CORRUPT_CERT
     end
     [signed_msg.data[1..-1], cert, signed_msg.data[0]]
@@ -325,7 +328,7 @@ class Akero
   # @param [Integer] rsa_bits RSA key length
   # @param [OpenSSL::Digest] digest Signature digest
   # @return [Array] rsa_keypair, certificate
-  def generate_keypair(rsa_bits=DEFAULT_RSA_BITS, digest=DEFAULT_DIGEST)
+  def generate_keypair(rsa_bits = DEFAULT_RSA_BITS, digest = DEFAULT_DIGEST)
     cn = "Akero #{Akero::VERSION}"
     rsa = OpenSSL::PKey::RSA.new(rsa_bits)
@@ -337,20 +340,19 @@ class Akero
     cert.issuer = name
     cert.not_before = Time.now
     # valid until 2038-01-19 04:14:06 +0100
-    cert.not_after = Time.at(2147483646)
+    cert.not_after = Time.at(2_147_483_646)
     cert.public_key = rsa.public_key
     ef = OpenSSL::X509::ExtensionFactory.new(nil, cert)
     ef.issuer_certificate = cert
     cert.extensions = [
-      ef.create_extension("basicConstraints","CA:FALSE"),
-      ef.create_extension("subjectKeyIdentifier", "hash"),
+      ef.create_extension('basicConstraints', 'CA:FALSE'),
+      ef.create_extension('subjectKeyIdentifier', 'hash')
     ]
-    aki = ef.create_extension("authorityKeyIdentifier",
-                              "keyid:always,issuer:always")
+    aki = ef.create_extension('authorityKeyIdentifier',
+                              'keyid:always,issuer:always')
     cert.add_extension(aki)
     cert.sign(rsa, digest.new)
     [rsa, cert]
   end
 end

data/spec/akero_spec.rb CHANGED Viewed

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 require 'spec_helper'
 require 'openssl'
 describe Akero do
   subject { Akero.new(1024) }
   describe '#new' do
-    it "returns instance with unique fingerprint" do
+    it 'returns instance with unique fingerprint' do
       memo = {}
       10.times do
         id = Akero.new.id
@@ -15,7 +16,7 @@ describe Akero do
   end
   describe '#id' do
-    it "returns a String that looks like an Akero fingerprint" do
+    it 'returns a String that looks like an Akero fingerprint' do
       subject.id.should be_a String
       subject.id.should match /^AK(:([a-fA-Z0-9]){2}){20}$/
     end
@@ -23,13 +24,13 @@ describe Akero do
   describe '#private_key' do
     describe 'return value' do
-      it "is a String that looks like an Akero private key" do
+      it 'is a String that looks like an Akero private key' do
         subject.private_key.should be_a String
         subject.private_key.should match /^#{Akero::PKEY_HEADER}/
         subject.private_key.should match /\n#{Akero::PKEY_FOOTER}$/
       end
-      it "can be loaded by Akero" do
+      it 'can be loaded by Akero' do
         bob = Akero.load(subject.private_key)
         bob.id.should == subject.id
         bob.public_key.should == subject.public_key
@@ -39,29 +40,29 @@ describe Akero do
   describe '#public_key' do
     describe 'return value' do
-      it "is a String that looks like an Akero public key" do
+      it 'is a String that looks like an Akero public key' do
         subject.public_key.should be_a String
         subject.public_key.should match /^-----BEGIN #{Akero::PLATE_CERT[1]}-----\n/
         subject.public_key.should match /\n-----END #{Akero::PLATE_CERT[1]}-----\n$/
       end
-      it "raises RuntimeError when trying to load as private key" do
-        lambda {
+      it 'raises RuntimeError when trying to load as private key' do
+        lambda do
           bob = Akero.load(subject.public_key)
           bob.id.should == subject.id
           bob.public_key.should == subject.public_key
-        }.should raise_error RuntimeError, Akero::ERR_PKEY_CORRUPT
+        end.should raise_error RuntimeError, Akero::ERR_PKEY_CORRUPT
       end
     end
   end
   describe '#sign' do
-    ([true, false]).each do |ascii_armor|
+    [true, false].each do |ascii_armor|
       describe "ascii_armor=#{ascii_armor}" do
         describe 'return value' do
           if ascii_armor
-            it "is a String that looks like an Akero signed message" do
-              plaintext = "Hello world!"
+            it 'is a String that looks like an Akero signed message' do
+              plaintext = 'Hello world!'
               signed_msg = subject.sign(plaintext, ascii_armor)
               signed_msg.should be_a String
               signed_msg.should match /^-----BEGIN #{Akero::PLATE_SIGNED[1]}-----\n/
@@ -69,8 +70,8 @@ describe Akero do
             end
           end
-          it "contains valid signature" do
-            plaintext = "Hello world!"
+          it 'contains valid signature' do
+            plaintext = 'Hello world!'
             signed_msg = subject.sign(plaintext, ascii_armor)
             bob = Akero.new
             msg = bob.receive(signed_msg)
@@ -85,12 +86,12 @@ describe Akero do
   end
   describe '#encrypt' do
-    ([true, false]).each do |ascii_armor|
+    [true, false].each do |ascii_armor|
       describe "ascii_armor=#{ascii_armor}" do
         describe 'return value' do
           if ascii_armor
-            it "is a String that looks like an Akero secret message" do
-              plaintext = "Hello world!"
+            it 'is a String that looks like an Akero secret message' do
+              plaintext = 'Hello world!'
               ciphertext = subject.encrypt(subject.public_key, plaintext, ascii_armor)
               ciphertext.should be_a String
               ciphertext.should match /^-----BEGIN #{Akero::PLATE_CRYPTED[1]}-----\n/
@@ -98,25 +99,25 @@ describe Akero do
             end
           end
-          it "raises RuntimeError on invalid recipient (invalid public key)" do
-            lambda {
-              msg = "Hello world!"
+          it 'raises RuntimeError on invalid recipient (invalid public key)' do
+            lambda do
+              msg = 'Hello world!'
               ciphertext = subject.encrypt([subject.public_key, 'foo'], msg)
-            }.should raise_error RuntimeError, Akero::ERR_INVALID_RECIPIENT_CERT
+            end.should raise_error RuntimeError, Akero::ERR_INVALID_RECIPIENT_CERT
           end
-          it "raises RuntimeError on invalid recipient (wrong type)" do
-            lambda {
-              msg = "Hello world!"
+          it 'raises RuntimeError on invalid recipient (wrong type)' do
+            lambda do
+              msg = 'Hello world!'
               ciphertext = subject.encrypt([subject.public_key, 42], msg)
-            }.should raise_error RuntimeError, Akero::ERR_INVALID_RECIPIENT
+            end.should raise_error RuntimeError, Akero::ERR_INVALID_RECIPIENT
           end
-          it "raises RuntimeError when message is not String" do
-            lambda {
-              msg = "Hello world!"
+          it 'raises RuntimeError when message is not String' do
+            lambda do
+              msg = 'Hello world!'
               ciphertext = subject.encrypt(subject.public_key, 42)
-            }.should raise_error RuntimeError, Akero::ERR_MSG_NOT_STRING_NOR_PKCS7
+            end.should raise_error RuntimeError, Akero::ERR_MSG_NOT_STRING_NOR_PKCS7
           end
         end
       end
@@ -124,18 +125,18 @@ describe Akero do
   end
   describe '#receive' do
-    ([true, false]).each do |ascii_armor|
+    [true, false].each do |ascii_armor|
       describe "ascii_armor=#{ascii_armor}" do
-        it "decrypts message that was encrypted for self" do
-          plaintext = "Hello world!"
+        it 'decrypts message that was encrypted for self' do
+          plaintext = 'Hello world!'
           ciphertext = subject.encrypt(subject.public_key, plaintext, ascii_armor)
           msg = subject.receive(ciphertext)
           msg.body.should == plaintext
           msg.type.should == :encrypted
         end
-        it "decrypts message that was encrypted for self and other recipients" do
-          plaintext = "Hello world!"
+        it 'decrypts message that was encrypted for self and other recipients' do
+          plaintext = 'Hello world!'
           alice = Akero.new
           bob   = Akero.new
           ciphertext = subject.encrypt([alice.public_key, subject.public_key, bob.public_key], plaintext, ascii_armor)
@@ -144,20 +145,20 @@ describe Akero do
           msg.type.should == :encrypted
         end
-        it "fails to decrypt message that was encrypted only for other recipients" do
-          lambda {
-            plaintext = "Hello world!"
+        it 'fails to decrypt message that was encrypted only for other recipients' do
+          lambda do
+            plaintext = 'Hello world!'
             alice = Akero.new
             bob   = Akero.new
             ciphertext = subject.encrypt([alice.public_key, bob.public_key], plaintext, ascii_armor)
             msg = subject.receive(ciphertext)
             msg.body.should == plaintext
             msg.type.should == :encrypted
-          }.should raise_error RuntimeError, Akero::ERR_DECRYPT
+          end.should raise_error RuntimeError, Akero::ERR_DECRYPT
         end
-        it "extracts signature from signed message" do
-          plaintext = "Hello world!"
+        it 'extracts signature from signed message' do
+          plaintext = 'Hello world!'
           alice = Akero.new
           signed_msg = subject.sign(plaintext, ascii_armor)
           msg = alice.receive(signed_msg)
@@ -165,82 +166,82 @@ describe Akero do
           msg.type.should == :signed
         end
-        it "raises RuntimeError on invalid message" do
-          lambda {
-            subject.receive("foobar")
-          }.should raise_error RuntimeError #, Akero::ERR_MSG_MALFORMED_ENV
+        it 'raises RuntimeError on invalid message' do
+          lambda do
+            subject.receive('foobar')
+          end.should raise_error RuntimeError # , Akero::ERR_MSG_MALFORMED_ENV
         end
-        it "raises RuntimeError when payload does not match envelope signature" do
-          lambda {
+        it 'raises RuntimeError when payload does not match envelope signature' do
+          lambda do
             oscar = Akero.new
             raw_key = subject.send(:instance_variable_get, '@cert')
             a = subject.send(:_encrypt, [raw_key], subject.send(:_sign, 'foobar'))
             b = oscar.send(:_sign, a)
             c = ascii_armor ? Akero.replate(b.to_s, Akero::PLATE_CRYPTED) : b.to_der
             subject.receive(c)
-          }.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
+          end.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
         end
-        it "raises RuntimeError on malformed inner message" do
-          lambda {
+        it 'raises RuntimeError on malformed inner message' do
+          lambda do
             key, cert = subject.send(:generate_keypair, 1024)
-            env = OpenSSL::PKCS7::sign(cert, key, 0xff.chr, [], OpenSSL::PKCS7::BINARY)
+            env = OpenSSL::PKCS7.sign(cert, key, 0xff.chr, [], OpenSSL::PKCS7::BINARY)
             broken_msg = Akero.replate(env.to_s, Akero::PLATE_CRYPTED)
             subject.receive(broken_msg)
-          }.should raise_error RuntimeError, Akero::ERR_MSG_MALFORMED_BODY
+          end.should raise_error RuntimeError, Akero::ERR_MSG_MALFORMED_BODY
         end
-        it "raises RuntimeError on unsigned message" do
-          lambda {
+        it 'raises RuntimeError on unsigned message' do
+          lambda do
             raw_key = subject.send(:instance_variable_get, '@cert')
-            env = OpenSSL::PKCS7::encrypt([raw_key], 'foobar', OpenSSL::Cipher::new("AES-256-CFB"), OpenSSL::PKCS7::BINARY)
+            env = OpenSSL::PKCS7.encrypt([raw_key], 'foobar', OpenSSL::Cipher.new('AES-256-CFB'), OpenSSL::PKCS7::BINARY)
             broken_msg = Akero.replate(env.to_s, Akero::PLATE_CRYPTED)
             subject.receive(broken_msg)
-          }.should raise_error RuntimeError, Akero::ERR_MSG_TOO_MANY_SIGNERS
+          end.should raise_error RuntimeError, Akero::ERR_MSG_TOO_MANY_SIGNERS
         end
       end
     end
   end
   describe '#verify' do
-    it "raises RuntimeError when embedded certificate can not be verified" do
-      lambda {
+    it 'raises RuntimeError when embedded certificate can not be verified' do
+      lambda do
         fake_msg = mock('fake_msg')
         fake_msg.stub(:verify).and_return(false)
         fake_msg.stub_chain(:certificates, :length).and_return(1)
         fake_msg.stub_chain(:certificates, :[]).and_return(nil)
         subject.send(:verify, fake_msg, nil)
-      }.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
+      end.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
     end
   end
   describe '#inspect' do
-    it "returns a summary String" do
+    it 'returns a summary String' do
       s = subject.inspect
       s.should match /id=AK:/
     end
   end
   describe '#to_s' do
-    it "returns the same value as #inspect" do
+    it 'returns the same value as #inspect' do
       subject.to_s.should == subject.inspect
     end
   end
   describe '.fingerprint_from_cert' do
-    it "raises RuntimeError on invalid cert" do
+    it 'raises RuntimeError on invalid cert' do
       mock_cert = mock('mock_cert')
       mock_cert.stub_chain(:extensions, :map, :each).and_return(nil)
-      lambda {
+      lambda do
         Akero.fingerprint_from_cert(mock_cert)
-      }.should raise_error RuntimeError, Akero::ERR_CERT_CORRUPT
+      end.should raise_error RuntimeError, Akero::ERR_CERT_CORRUPT
     end
   end
   describe Akero::Message do
     describe '#inspect' do
-      it "returns a summary String" do
+      it 'returns a summary String' do
         signed_msg = subject.sign('')
         msg = subject.receive(signed_msg)
         s = msg.inspect

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'simplecov'
 SimpleCov.start