RubyGems - akero - Versions diffs - 1.0.4 → 1.1.0 - Mend

akero 1.0.4 → 1.1.0

Files changed (103) hide show

checksums.yaml +7 -0
data/.gitattributes +3 -0
data/.gitignore +0 -2
data/.rubocop.yml +43 -0
data/.travis.yml +3 -7
data/Gemfile +1 -0
data/Guardfile +4 -3
data/Makefile +26 -0
data/README.md +28 -10
data/Rakefile +8 -17
data/akero.gemspec +17 -10
data/bin/akero +6 -0
data/coverage/.last_run.json +5 -0
data/coverage/.resultset.json +367 -0
data/coverage/.resultset.json.lock +0 -0
data/coverage/assets/0.10.0/application.css +799 -0
data/coverage/assets/0.10.0/application.js +1707 -0
data/coverage/assets/0.10.0/colorbox/border.png +0 -0
data/coverage/assets/0.10.0/colorbox/controls.png +0 -0
data/coverage/assets/0.10.0/colorbox/loading.gif +0 -0
data/coverage/assets/0.10.0/colorbox/loading_background.png +0 -0
data/coverage/assets/0.10.0/favicon_green.png +0 -0
data/coverage/assets/0.10.0/favicon_red.png +0 -0
data/coverage/assets/0.10.0/favicon_yellow.png +0 -0
data/coverage/assets/0.10.0/loading.gif +0 -0
data/coverage/assets/0.10.0/magnify.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/coverage/assets/0.7.1/application.css +1110 -0
data/coverage/assets/0.7.1/application.js +626 -0
data/coverage/assets/0.7.1/fancybox/blank.gif +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_close.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_loading.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_nav_left.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_nav_right.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_e.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_n.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_ne.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_nw.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_s.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_se.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_sw.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_shadow_w.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_left.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_main.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_over.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancy_title_right.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox-x.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox-y.png +0 -0
data/coverage/assets/0.7.1/fancybox/fancybox.png +0 -0
data/coverage/assets/0.7.1/favicon_green.png +0 -0
data/coverage/assets/0.7.1/favicon_red.png +0 -0
data/coverage/assets/0.7.1/favicon_yellow.png +0 -0
data/coverage/assets/0.7.1/loading.gif +0 -0
data/coverage/assets/0.7.1/magnify.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/coverage/assets/0.7.1/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/coverage/index.html +2248 -0
data/doc/Akero/Message.html +475 -0
data/doc/Akero.html +1148 -0
data/doc/_index.html +125 -0
data/doc/class_list.html +53 -0
data/doc/css/common.css +1 -0
data/doc/css/full_list.css +57 -0
data/doc/css/style.css +338 -0
data/doc/file.README.html +186 -0
data/doc/file_list.html +55 -0
data/doc/frames.html +28 -0
data/doc/index.html +186 -0
data/doc/js/app.js +214 -0
data/doc/js/full_list.js +173 -0
data/doc/js/jquery.js +4 -0
data/doc/method_list.html +148 -0
data/doc/top-level-namespace.html +112 -0
data/lib/akero/benchmark.rb +21 -20
data/lib/akero/cli.rb +74 -0
data/lib/akero/version.rb +2 -1
data/lib/akero.rb +92 -90
data/spec/akero_spec.rb +66 -65
data/spec/spec_helper.rb +1 -0
metadata +164 -52

data/coverage/index.html ADDED Viewed

@@ -0,0 +1,2248 @@
+<!DOCTYPE html>
+<html xmlns='http://www.w3.org/1999/xhtml'>
+  <head>
+    <title>Code coverage for Akero</title>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+    <script src='./assets/0.10.0/application.js' type='text/javascript'></script>
+    <link href='./assets/0.10.0/application.css' media='screen, projection, print' rel='stylesheet' type='text/css'>
+    <link rel="shortcut icon" type="image/png" href="./assets/0.10.0/favicon_green.png" />
+    <link rel="icon" type="image/png" href="./assets/0.10.0/favicon.png" />
+  </head>
+  <body>
+    <div id="loading">
+      <img src="./assets/0.10.0/loading.gif" alt="loading"/>
+    </div>
+    <div id="wrapper" style="display:none;">
+      <div class="timestamp">Generated <abbr class="timeago" title="2016-06-11T05:02:19+02:00">2016-06-11T05:02:19+02:00</abbr></div>
+      <ul class="group_tabs"></ul>
+      <div id="content">
+        <div class="file_list_container" id="AllFiles">
+  <h2>
+    <span class="group_name">All Files</span>
+    (<span class="covered_percent"><span class="green">100.0%</span></span>
+     covered at
+     <span class="covered_strength">
+       <span class="green">
+         15.0
+       </span>
+    </span> hits/line)
+  </h2>
+  <a name="AllFiles"></a>
+  <div>
+    <b>1</b> files in total.
+    <b>139</b> relevant lines.
+    <span class="green"><b>139</b> lines covered</span> and
+    <span class="red"><b>0</b> lines missed </span>
+  </div>
+  <table class="file_list">
+    <thead>
+      <tr>
+        <th>File</th>
+        <th>% covered</th>
+        <th>Lines</th>
+        <th>Relevant Lines</th>
+        <th>Lines covered</th>
+        <th>Lines missed</th>
+        <th>Avg. Hits / Line</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td class="strong"><a href="#ad481d62c68ecf4617e688dfcdb07c844e51ed9c" class="src_link" title="lib/akero.rb">lib/akero.rb</a></td>
+        <td class="green strong">100.0 %</td>
+        <td>358</td>
+        <td>139</td>
+        <td>139</td>
+        <td>0</td>
+        <td>15.0</td>
+      </tr>
+    </tbody>
+  </table>
+</div>
+      </div>
+      <div id="footer">
+        Generated by <a href="http://github.com/colszowka/simplecov">simplecov</a> v0.11.2
+        and simplecov-html v0.10.0<br/>
+        using RSpec
+      </div>
+      <div class="source_files">
+        <div class="source_table" id="ad481d62c68ecf4617e688dfcdb07c844e51ed9c">
+  <div class="header">
+    <h3>lib/akero.rb</h3>
+    <h4><span class="green">100.0 %</span> covered</h4>
+    <div>
+      <b>139</b> relevant lines.
+      <span class="green"><b>139</b> lines covered</span> and
+      <span class="red"><b>0</b> lines missed.</span>
+    </div>
+  </div>
+  <pre>
+    <ol>
+        <li class="never" data-hits="" data-linenumber="1">
+          <code class="ruby"># frozen_string_literal: true</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="2">
+          <code class="ruby"># Copyright (c) 2012 moe@busyloop.net</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="3">
+          <code class="ruby">#</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="4">
+          <code class="ruby"># MIT License</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="5">
+          <code class="ruby">#</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="6">
+          <code class="ruby"># Permission is hereby granted, free of charge, to any person obtaining</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="7">
+          <code class="ruby"># a copy of this software and associated documentation files (the</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="8">
+          <code class="ruby"># &quot;Software&quot;), to deal in the Software without restriction, including</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="9">
+          <code class="ruby"># without limitation the rights to use, copy, modify, merge, publish,</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="10">
+          <code class="ruby"># distribute, sublicense, and/or sell copies of the Software, and to</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="11">
+          <code class="ruby"># permit persons to whom the Software is furnished to do so, subject to</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="12">
+          <code class="ruby"># the following conditions:</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="13">
+          <code class="ruby">#</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="14">
+          <code class="ruby"># The above copyright notice and this permission notice shall be</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="15">
+          <code class="ruby"># included in all copies or substantial portions of the Software.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="16">
+          <code class="ruby">#</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="17">
+          <code class="ruby"># THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND,</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="18">
+          <code class="ruby"># EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="19">
+          <code class="ruby"># MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="20">
+          <code class="ruby"># NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="21">
+          <code class="ruby"># LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="22">
+          <code class="ruby"># OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="23">
+          <code class="ruby"># WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="24">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="25">
+          <span class="hits">1</span>
+          <code class="ruby">require &#39;akero/version&#39;</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="26">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="27">
+          <span class="hits">1</span>
+          <code class="ruby">require &#39;openssl&#39;</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="28">
+          <span class="hits">1</span>
+          <code class="ruby">require &#39;base64&#39;</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="29">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="30">
+          <code class="ruby"># Akero is an easy-to-use library for peer-to-peer public key cryptography.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="31">
+          <code class="ruby">#</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="32">
+          <code class="ruby"># The only officially supported ruby runtime is MRI (latest version).</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="33">
+          <code class="ruby"># Regardless, Akero is known to work on any recent ruby version except JRuby.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="34">
+          <code class="ruby"># Tested on: MRI 1.8.7, MRI 1.9.2, MRI 1.9.3, RBX 1.8, RBX 1.9, MRI 2.3.*, and more.</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="35">
+          <span class="hits">1</span>
+          <code class="ruby">class Akero</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="36">
+          <code class="ruby">  # Akero::Message wraps a received message.</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="37">
+          <span class="hits">1</span>
+          <code class="ruby">  class Message</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="38">
+          <code class="ruby">    # @return [String] Message body</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="39">
+          <span class="hits">1</span>
+          <code class="ruby">    attr_reader :body</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="40">
+          <code class="ruby">    # @return [Symbol] Message type (:signed or :encrypted)</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="41">
+          <span class="hits">1</span>
+          <code class="ruby">    attr_reader :type</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="42">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="43">
+          <code class="ruby">    # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="44">
+          <span class="hits">1</span>
+          <code class="ruby">    def initialize(body, signer_cert, type)</code>
+        </li>
+        <li class="covered" data-hits="9" data-linenumber="45">
+          <span class="hits">9</span>
+          <code class="ruby">      @body = body</code>
+        </li>
+        <li class="covered" data-hits="9" data-linenumber="46">
+          <span class="hits">9</span>
+          <code class="ruby">      @signer_cert = signer_cert</code>
+        </li>
+        <li class="covered" data-hits="9" data-linenumber="47">
+          <span class="hits">9</span>
+          <code class="ruby">      @type = type</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="48">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="49">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="50">
+          <code class="ruby">    # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="51">
+          <span class="hits">1</span>
+          <code class="ruby">    def inspect</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="52">
+          <span class="hits">1</span>
+          <code class="ruby">      &quot;#&lt;Akero::Message @type=#{@type} @from=#{from} @body=(#{@body.length} bytes)&gt;&quot;</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="53">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="54">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="55">
+          <code class="ruby">    # @!attribute [r] from</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="56">
+          <code class="ruby">    # @return [String] Sender Fingerprint</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="57">
+          <span class="hits">1</span>
+          <code class="ruby">    def from</code>
+        </li>
+        <li class="covered" data-hits="3" data-linenumber="58">
+          <span class="hits">3</span>
+          <code class="ruby">      Akero.fingerprint_from_cert(@signer_cert)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="59">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="60">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="61">
+          <code class="ruby">    # @!attribute [r] from_pk</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="62">
+          <code class="ruby">    # @return [String] Sender public key</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="63">
+          <span class="hits">1</span>
+          <code class="ruby">    def from_pk</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="64">
+          <span class="hits">2</span>
+          <code class="ruby">      Akero.replate(@signer_cert.to_s, PLATE_CERT)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="65">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="66">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="67">
+          <code class="ruby">end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="68">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="69">
+          <code class="ruby"># Akero</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="70">
+          <span class="hits">1</span>
+          <code class="ruby">class Akero</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="71">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_MSG_MALFORMED_ENV = &#39;Malformed message: Could not parse envelope&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="72">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_MSG_MALFORMED_BODY = &#39;Malformed message: Could not parse body; POSSIBLE SPOOF ATTEMPT&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="73">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_PKEY_CORRUPT = &#39;Invalid private key (checksum mismatch)&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="74">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_CERT_CORRUPT = &#39;Invalid certificate&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="75">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_INVALID_RECIPIENT = &#39;Invalid recipient (must be a String)&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="76">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_INVALID_RECIPIENT_CERT = &#39;Invalid recipient (corrupt public key?)&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="77">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_DECRYPT = &#39;Could not decrypt message&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="78">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_MSG_NOT_STRING_NOR_PKCS7 = &#39;Message must be of type String or OpenSSL::PKCS7&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="79">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_MSG_CORRUPT_CERT = &#39;Malformed message: Embedded certificate could not be verified; POSSIBLE SPOOF ATTEMPT!&#39; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="80">
+          <span class="hits">1</span>
+          <code class="ruby">  ERR_MSG_TOO_MANY_SIGNERS = &#39;Corrupt message: Zero or multiple signers, expected exactly 1; POSSIBLE SPOOF ATTEMPT&#39; # @private</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="81">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="82">
+          <span class="hits">1</span>
+          <code class="ruby">  PKEY_HEADER = &quot;-----BEGIN AKERO PRIVATE KEY-----\n&quot; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="83">
+          <span class="hits">1</span>
+          <code class="ruby">  PKEY_FOOTER = &quot;-----END AKERO PRIVATE KEY-----\n&quot; # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="84">
+          <span class="hits">1</span>
+          <code class="ruby">  PLATE_CERT = [&#39;CERTIFICATE&#39;, &#39;AKERO PUBLIC KEY&#39;].freeze # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="85">
+          <span class="hits">1</span>
+          <code class="ruby">  PLATE_SIGNED = [&#39;PKCS7&#39;, &#39;AKERO SIGNED MESSAGE&#39;].freeze # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="86">
+          <span class="hits">1</span>
+          <code class="ruby">  PLATE_CRYPTED = [&#39;PKCS7&#39;, &#39;AKERO SECRET MESSAGE&#39;].freeze # @private</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="87">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="88">
+          <span class="hits">1</span>
+          <code class="ruby">  DEFAULT_RSA_BITS = 4096</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="89">
+          <span class="hits">1</span>
+          <code class="ruby">  DEFAULT_DIGEST = OpenSSL::Digest::SHA512</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="90">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="91">
+          <code class="ruby">  # Unique fingerprint of this Akero keypair.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="92">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="93">
+          <code class="ruby">  # @return [String] Akero fingerprint</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="94">
+          <span class="hits">1</span>
+          <code class="ruby">  def id</code>
+        </li>
+        <li class="covered" data-hits="19" data-linenumber="95">
+          <span class="hits">19</span>
+          <code class="ruby">    Akero.fingerprint_from_cert(@cert)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="96">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="97">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="98">
+          <code class="ruby">  # Create a new Akero instance.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="99">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="100">
+          <code class="ruby">  # @example Create new Akero instance with default settings</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="101">
+          <code class="ruby">  #   Akero.new</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="102">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="103">
+          <code class="ruby">  # @example Create new Akero instance with a 4096-bit key</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="104">
+          <code class="ruby">  #   Akero.new(4096)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="105">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="106">
+          <code class="ruby">  # @example Create new Akero instance with a 4096-bit key and SHA512 digest</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="107">
+          <code class="ruby">  #   Akero.new(4096, OpenSSL::Digest::SHA512)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="108">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="109">
+          <code class="ruby">  # @param [Integer] rsa_bits RSA key length</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="110">
+          <code class="ruby">  # @param [OpenSSL::Digest] digest Signature digest</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="111">
+          <code class="ruby">  # @return [Akero] New Akero instance</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="112">
+          <span class="hits">1</span>
+          <code class="ruby">  def initialize(rsa_bits = DEFAULT_RSA_BITS, digest = DEFAULT_DIGEST)</code>
+        </li>
+        <li class="covered" data-hits="60" data-linenumber="113">
+          <span class="hits">60</span>
+          <code class="ruby">    @key, @cert = generate_keypair(rsa_bits, digest) unless rsa_bits.nil?</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="114">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="115">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="116">
+          <code class="ruby">  # Load an Akero identity.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="117">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="118">
+          <code class="ruby">  # @example Load previously stored private key</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="119">
+          <code class="ruby">  #   Akero.load(File.read(&#39;/tmp/alice.akr&#39;))</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="120">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="121">
+          <code class="ruby">  # @param [String] private_key Akero private key</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="122">
+          <code class="ruby">  # @return [Akero] New Akero instance</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="123">
+          <span class="hits">1</span>
+          <code class="ruby">  def self.load(private_key)</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="124">
+          <span class="hits">2</span>
+          <code class="ruby">    inner = Base64.decode64(private_key[PKEY_HEADER.length..private_key.length - PKEY_FOOTER.length])</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="125">
+          <span class="hits">2</span>
+          <code class="ruby">    if inner[0..63] != OpenSSL::Digest::SHA512.new(inner[64..-1]).digest</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="126">
+          <span class="hits">1</span>
+          <code class="ruby">      raise ERR_PKEY_CORRUPT</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="127">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="128">
+          <span class="hits">1</span>
+          <code class="ruby">    cert_len = inner[64..65].unpack(&#39;S&#39;)[0]</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="129">
+          <span class="hits">1</span>
+          <code class="ruby">    akero = Akero.new(nil)</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="130">
+          <span class="hits">1</span>
+          <code class="ruby">    akero.instance_variable_set(:@cert, OpenSSL::X509::Certificate.new(inner[66..66 + cert_len]))</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="131">
+          <span class="hits">1</span>
+          <code class="ruby">    akero.instance_variable_set(:@key, OpenSSL::PKey::RSA.new(inner[66 + cert_len..-1]))</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="132">
+          <span class="hits">1</span>
+          <code class="ruby">    akero</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="133">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="134">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="135">
+          <code class="ruby">  # Akero public key.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="136">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="137">
+          <code class="ruby">  # Share this with other Akero instances that you</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="138">
+          <code class="ruby">  # wish to receive encrypted messages from.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="139">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="140">
+          <code class="ruby">  # @return [String] Public key (ascii armored)</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="141">
+          <span class="hits">1</span>
+          <code class="ruby">  def public_key</code>
+        </li>
+        <li class="covered" data-hits="27" data-linenumber="142">
+          <span class="hits">27</span>
+          <code class="ruby">    Akero.replate(@cert.to_s, Akero::PLATE_CERT)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="143">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="144">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="145">
+          <code class="ruby">  # Private key (do not share this with anyone!)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="146">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="147">
+          <code class="ruby">  # @example Save and load an Akero identity</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="148">
+          <code class="ruby">  #   alice = Akero.new</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="149">
+          <code class="ruby">  #   # Save</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="150">
+          <code class="ruby">  #   File.open(&#39;/tmp/alice.akr&#39;, &#39;w&#39;) { |f| f.write(alice.private_key) }</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="151">
+          <code class="ruby">  #   # Load</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="152">
+          <code class="ruby">  #   new_alice = Akero.load(File.read(&#39;/tmp/alice.akr&#39;))</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="153">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="154">
+          <code class="ruby">  # @return [String] Private key (ascii armored)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="155">
+          <code class="ruby">  # @see Akero#load</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="156">
+          <span class="hits">1</span>
+          <code class="ruby">  def private_key</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="157">
+          <code class="ruby">    # We do not use PKCS#12 (&quot;PFX&quot;) for serialization here</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="158">
+          <code class="ruby">    # because of http://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html</code>
+        </li>
+        <li class="covered" data-hits="4" data-linenumber="159">
+          <span class="hits">4</span>
+          <code class="ruby">    cert_der = @cert.to_der</code>
+        </li>
+        <li class="covered" data-hits="4" data-linenumber="160">
+          <span class="hits">4</span>
+          <code class="ruby">    out = [cert_der.length].pack(&#39;S&#39;)</code>
+        </li>
+        <li class="covered" data-hits="4" data-linenumber="161">
+          <span class="hits">4</span>
+          <code class="ruby">    out &lt;&lt; cert_der</code>
+        </li>
+        <li class="covered" data-hits="4" data-linenumber="162">
+          <span class="hits">4</span>
+          <code class="ruby">    out &lt;&lt; @key.to_der</code>
+        </li>
+        <li class="covered" data-hits="4" data-linenumber="163">
+          <span class="hits">4</span>
+          <code class="ruby">    out.insert(0, OpenSSL::Digest::SHA512.new(out).digest)</code>
+        </li>
+        <li class="covered" data-hits="4" data-linenumber="164">
+          <span class="hits">4</span>
+          <code class="ruby">    PKEY_HEADER + Base64.encode64(out) + PKEY_FOOTER</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="165">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="166">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="167">
+          <code class="ruby">  # Sign a message.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="168">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="169">
+          <code class="ruby">  # @param [String] plaintext The message to sign (binary safe)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="170">
+          <code class="ruby">  # @param [Boolean] ascii_armor Convert the output in base64?</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="171">
+          <code class="ruby">  # @return [String] Akero signed message</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="172">
+          <span class="hits">1</span>
+          <code class="ruby">  def sign(plaintext, ascii_armor = true)</code>
+        </li>
+        <li class="covered" data-hits="6" data-linenumber="173">
+          <span class="hits">6</span>
+          <code class="ruby">    out = _sign(plaintext)</code>
+        </li>
+        <li class="covered" data-hits="6" data-linenumber="174">
+          <span class="hits">6</span>
+          <code class="ruby">    ascii_armor ? Akero.replate(out.to_s, Akero::PLATE_SIGNED) : out.to_der</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="175">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="176">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="177">
+          <code class="ruby">  # Sign-&gt;encrypt-&gt;sign a message for 1 or more recipients.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="178">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="179">
+          <code class="ruby">  # Only the listed recipients can decrypt the message-body</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="180">
+          <code class="ruby">  # but anyone can extract the sender&#39;s public key.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="181">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="182">
+          <code class="ruby">  # @example Alice encrypts a message to Bob</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="183">
+          <code class="ruby">  #   alice = Akero.new</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="184">
+          <code class="ruby">  #   bob = Akero.new</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="185">
+          <code class="ruby">  #   ciphertext = alice.encrypt(bob.public_key, &quot;Hello Bob!&quot;)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="186">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="187">
+          <code class="ruby">  # @example Alice encrypts a message to Bob and Charlie</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="188">
+          <code class="ruby">  #   alice = Akero.new</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="189">
+          <code class="ruby">  #   bob = Akero.new</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="190">
+          <code class="ruby">  #   charlie = Akero.new</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="191">
+          <code class="ruby">  #   ciphertext = alice.encrypt([bob.public_key, charlie.public_key], &quot;Hello Bob and Charlie!&quot;)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="192">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="193">
+          <code class="ruby">  # @param [Array] to Akero public keys of recipients</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="194">
+          <code class="ruby">  # @param [String] plaintext The message to encrypt (binary safe)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="195">
+          <code class="ruby">  # @param [Boolean] ascii_armor Convert the output to base64?</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="196">
+          <code class="ruby">  # @return [String] Akero secret message</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="197">
+          <span class="hits">1</span>
+          <code class="ruby">  def encrypt(to, plaintext, ascii_armor = true)</code>
+        </li>
+        <li class="covered" data-hits="13" data-linenumber="198">
+          <span class="hits">13</span>
+          <code class="ruby">    to = [to] unless to.is_a? Array</code>
+        </li>
+        <li class="covered" data-hits="13" data-linenumber="199">
+          <span class="hits">13</span>
+          <code class="ruby">    to = to.map do |e|</code>
+        </li>
+        <li class="covered" data-hits="23" data-linenumber="200">
+          <span class="hits">23</span>
+          <code class="ruby">      case e</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="201">
+          <code class="ruby">      when String</code>
+        </li>
+        <li class="covered" data-hits="21" data-linenumber="202">
+          <span class="hits">21</span>
+          <code class="ruby">        begin</code>
+        </li>
+        <li class="covered" data-hits="21" data-linenumber="203">
+          <span class="hits">21</span>
+          <code class="ruby">          OpenSSL::X509::Certificate.new(Akero.replate(e, Akero::PLATE_CERT, true))</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="204">
+          <code class="ruby">        rescue OpenSSL::X509::CertificateError</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="205">
+          <span class="hits">2</span>
+          <code class="ruby">          raise ERR_INVALID_RECIPIENT_CERT</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="206">
+          <code class="ruby">        end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="207">
+          <code class="ruby">      else</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="208">
+          <span class="hits">2</span>
+          <code class="ruby">        raise ERR_INVALID_RECIPIENT</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="209">
+          <code class="ruby">      end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="210">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="covered" data-hits="9" data-linenumber="211">
+          <span class="hits">9</span>
+          <code class="ruby">    out = _sign(_encrypt(to, _sign(plaintext, false)))</code>
+        </li>
+        <li class="covered" data-hits="7" data-linenumber="212">
+          <span class="hits">7</span>
+          <code class="ruby">    ascii_armor ? Akero.replate(out.to_s, PLATE_CRYPTED) : out.to_der</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="213">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="214">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="215">
+          <code class="ruby">  # Receive an Akero message.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="216">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="217">
+          <code class="ruby">  # @param [String] ciphertext Akero Message</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="218">
+          <code class="ruby">  # @return [Akero::Message] Message_body, signer_certificate, body_type</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="219">
+          <span class="hits">1</span>
+          <code class="ruby">  def receive(ciphertext)</code>
+        </li>
+        <li class="covered" data-hits="19" data-linenumber="220">
+          <span class="hits">19</span>
+          <code class="ruby">    if ciphertext.start_with? &#39;-----BEGIN &#39;</code>
+        </li>
+        <li class="covered" data-hits="11" data-linenumber="221">
+          <span class="hits">11</span>
+          <code class="ruby">      ciphertext = Akero.replate(ciphertext, Akero::PLATE_CRYPTED, true)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="222">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="covered" data-hits="19" data-linenumber="223">
+          <span class="hits">19</span>
+          <code class="ruby">    begin</code>
+        </li>
+        <li class="covered" data-hits="19" data-linenumber="224">
+          <span class="hits">19</span>
+          <code class="ruby">      body, signer_cert, body_type = verify(ciphertext, nil)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="225">
+          <code class="ruby">    rescue ArgumentError</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="226">
+          <span class="hits">2</span>
+          <code class="ruby">      raise ERR_MSG_MALFORMED_ENV</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="227">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="228">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="15" data-linenumber="229">
+          <span class="hits">15</span>
+          <code class="ruby">    case body_type.ord</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="230">
+          <code class="ruby">    when 0x00</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="231">
+          <code class="ruby">      # public message (signed)</code>
+        </li>
+        <li class="covered" data-hits="5" data-linenumber="232">
+          <span class="hits">5</span>
+          <code class="ruby">      return Message.new(body, signer_cert, :signed)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="233">
+          <code class="ruby">    when 0x01</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="234">
+          <code class="ruby">      # private message (signed, crypted, signed)</code>
+        </li>
+        <li class="covered" data-hits="8" data-linenumber="235">
+          <span class="hits">8</span>
+          <code class="ruby">      signed_plaintext = _decrypt(body)</code>
+        </li>
+        <li class="covered" data-hits="6" data-linenumber="236">
+          <span class="hits">6</span>
+          <code class="ruby">      plaintext, _verified_cert, _body_type = verify(signed_plaintext, signer_cert)</code>
+        </li>
+        <li class="covered" data-hits="4" data-linenumber="237">
+          <span class="hits">4</span>
+          <code class="ruby">      msg = Message.new(plaintext, signer_cert, :encrypted)</code>
+        </li>
+        <li class="covered" data-hits="4" data-linenumber="238">
+          <span class="hits">4</span>
+          <code class="ruby">      return msg</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="239">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="240">
+          <span class="hits">2</span>
+          <code class="ruby">    raise ERR_MSG_MALFORMED_BODY</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="241">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="242">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="243">
+          <code class="ruby">  # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="244">
+          <span class="hits">1</span>
+          <code class="ruby">  def inspect</code>
+        </li>
+        <li class="covered" data-hits="3" data-linenumber="245">
+          <span class="hits">3</span>
+          <code class="ruby">    &quot;#&lt;Akero id=#{id}&gt;&quot;</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="246">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="247">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="248">
+          <code class="ruby">  # @private</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="249">
+          <span class="hits">1</span>
+          <code class="ruby">  def to_s</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="250">
+          <span class="hits">1</span>
+          <code class="ruby">    inspect</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="251">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="252">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="253">
+          <code class="ruby">  #---------------------------------------------------------------------------</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="254">
+          <span class="hits">2</span>
+          <code class="ruby">  class &lt;&lt; self; protected; end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="255">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="256">
+          <code class="ruby">  # Swap the &quot;license plates&quot; on an ascii-armored message.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="257">
+          <code class="ruby">  # This is done for user-friendliness, so stored Akero</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="258">
+          <code class="ruby">  # messages and keys can be easily identified at a glance.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="259">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="260">
+          <code class="ruby">  # @param [String] msg Message to be replated</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="261">
+          <code class="ruby">  # @param [Array] plates Array of the two plates to swap</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="262">
+          <code class="ruby">  # @param [Boolean] reverse Reverse the swap?</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="263">
+          <code class="ruby">  # @return [String] The replated message</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="264">
+          <span class="hits">1</span>
+          <code class="ruby">  def self.replate(msg, plates, reverse = false)</code>
+        </li>
+        <li class="covered" data-hits="74" data-linenumber="265">
+          <span class="hits">74</span>
+          <code class="ruby">    a, b = reverse ? [1, 0] : [0, 1]</code>
+        </li>
+        <li class="covered" data-hits="74" data-linenumber="266">
+          <span class="hits">74</span>
+          <code class="ruby">    &quot;-----BEGIN #{plates[b]}-----#{msg.strip[plates[a].length + 16..-(plates[a].length + 15)]}-----END #{plates[b]}-----\n&quot;</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="267">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="268">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="269">
+          <code class="ruby">  # Extract fingerprint from an Akero public key.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="270">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="271">
+          <code class="ruby">  # @return [String] Akero fingerprint</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="272">
+          <span class="hits">1</span>
+          <code class="ruby">  def self.fingerprint_from_cert(cert)</code>
+        </li>
+        <li class="covered" data-hits="23" data-linenumber="273">
+          <span class="hits">23</span>
+          <code class="ruby">    cert.extensions.map.each do |e|</code>
+        </li>
+        <li class="covered" data-hits="44" data-linenumber="274">
+          <span class="hits">44</span>
+          <code class="ruby">      return &quot;AK:#{e.value}&quot; if e.oid == &#39;subjectKeyIdentifier&#39;</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="275">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="276">
+          <span class="hits">1</span>
+          <code class="ruby">    raise ERR_CERT_CORRUPT</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="277">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="278">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="279">
+          <code class="ruby">  #---------------------------------------------------------------------------</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="280">
+          <span class="hits">1</span>
+          <code class="ruby">  private</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="281">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="282">
+          <span class="hits">1</span>
+          <code class="ruby">  def _decrypt(crypted_msg)</code>
+        </li>
+        <li class="covered" data-hits="8" data-linenumber="283">
+          <span class="hits">8</span>
+          <code class="ruby">    OpenSSL::PKCS7.new(crypted_msg).decrypt(@key, @cert)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="284">
+          <code class="ruby">  rescue OpenSSL::PKCS7::PKCS7Error, &#39;decrypt error&#39;</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="285">
+          <span class="hits">2</span>
+          <code class="ruby">    raise ERR_DECRYPT</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="286">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="287">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="288">
+          <span class="hits">1</span>
+          <code class="ruby">  def _encrypt(to, msg, cipher = nil)</code>
+        </li>
+        <li class="covered" data-hits="9" data-linenumber="289">
+          <span class="hits">9</span>
+          <code class="ruby">    cipher ||= OpenSSL::Cipher.new(&#39;AES-256-CFB&#39;)</code>
+        </li>
+        <li class="covered" data-hits="9" data-linenumber="290">
+          <span class="hits">9</span>
+          <code class="ruby">    OpenSSL::PKCS7.encrypt(to, msg.to_der, cipher, OpenSSL::PKCS7::BINARY)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="291">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="292">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="293">
+          <span class="hits">1</span>
+          <code class="ruby">  def _sign(message, embed_cert = true)</code>
+        </li>
+        <li class="covered" data-hits="26" data-linenumber="294">
+          <span class="hits">26</span>
+          <code class="ruby">    flags = embed_cert ? OpenSSL::PKCS7::BINARY : (OpenSSL::PKCS7::BINARY | OpenSSL::PKCS7::NOCERTS)</code>
+        </li>
+        <li class="covered" data-hits="26" data-linenumber="295">
+          <span class="hits">26</span>
+          <code class="ruby">    case message</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="296">
+          <code class="ruby">    when String</code>
+        </li>
+        <li class="covered" data-hits="15" data-linenumber="297">
+          <span class="hits">15</span>
+          <code class="ruby">      type = 0x00</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="298">
+          <code class="ruby">    when OpenSSL::PKCS7</code>
+        </li>
+        <li class="covered" data-hits="9" data-linenumber="299">
+          <span class="hits">9</span>
+          <code class="ruby">      type = 0x01</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="300">
+          <code class="ruby">    else</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="301">
+          <span class="hits">2</span>
+          <code class="ruby">      raise ERR_MSG_NOT_STRING_NOR_PKCS7</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="302">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="covered" data-hits="24" data-linenumber="303">
+          <span class="hits">24</span>
+          <code class="ruby">    message = message.to_der if message.is_a? OpenSSL::PKCS7</code>
+        </li>
+        <li class="covered" data-hits="24" data-linenumber="304">
+          <span class="hits">24</span>
+          <code class="ruby">    OpenSSL::PKCS7.sign(@cert, @key, type.chr + message, [], flags)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="305">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="306">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="307">
+          <span class="hits">1</span>
+          <code class="ruby">  def verify(signed_msg, cert)</code>
+        </li>
+        <li class="covered" data-hits="26" data-linenumber="308">
+          <span class="hits">26</span>
+          <code class="ruby">    signed_msg = OpenSSL::PKCS7.new(signed_msg) if signed_msg.is_a? String</code>
+        </li>
+        <li class="covered" data-hits="24" data-linenumber="309">
+          <span class="hits">24</span>
+          <code class="ruby">    store = OpenSSL::X509::Store.new</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="310">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="24" data-linenumber="311">
+          <span class="hits">24</span>
+          <code class="ruby">    if cert.nil?</code>
+        </li>
+        <li class="covered" data-hits="18" data-linenumber="312">
+          <span class="hits">18</span>
+          <code class="ruby">      if signed_msg.certificates.nil? || signed_msg.certificates.length != 1</code>
+        </li>
+        <li class="covered" data-hits="2" data-linenumber="313">
+          <span class="hits">2</span>
+          <code class="ruby">        raise ERR_MSG_TOO_MANY_SIGNERS</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="314">
+          <code class="ruby">      end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="315">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="16" data-linenumber="316">
+          <span class="hits">16</span>
+          <code class="ruby">      cert = signed_msg.certificates[0]</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="317">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="318">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="22" data-linenumber="319">
+          <span class="hits">22</span>
+          <code class="ruby">    unless signed_msg.verify([cert], store, nil, OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOVERIFY)</code>
+        </li>
+        <li class="covered" data-hits="3" data-linenumber="320">
+          <span class="hits">3</span>
+          <code class="ruby">      raise ERR_MSG_CORRUPT_CERT</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="321">
+          <code class="ruby">    end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="322">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="19" data-linenumber="323">
+          <span class="hits">19</span>
+          <code class="ruby">    [signed_msg.data[1..-1], cert, signed_msg.data[0]]</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="324">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="325">
+          <code class="ruby"></code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="326">
+          <code class="ruby">  # Generate new RSA keypair and certificate.</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="327">
+          <code class="ruby">  #</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="328">
+          <code class="ruby">  # @param [Integer] rsa_bits RSA key length</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="329">
+          <code class="ruby">  # @param [OpenSSL::Digest] digest Signature digest</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="330">
+          <code class="ruby">  # @return [Array] rsa_keypair, certificate</code>
+        </li>
+        <li class="covered" data-hits="1" data-linenumber="331">
+          <span class="hits">1</span>
+          <code class="ruby">  def generate_keypair(rsa_bits = DEFAULT_RSA_BITS, digest = DEFAULT_DIGEST)</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="332">
+          <span class="hits">61</span>
+          <code class="ruby">    cn = &quot;Akero #{Akero::VERSION}&quot;</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="333">
+          <span class="hits">61</span>
+          <code class="ruby">    rsa = OpenSSL::PKey::RSA.new(rsa_bits)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="334">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="335">
+          <span class="hits">61</span>
+          <code class="ruby">    cert = OpenSSL::X509::Certificate.new</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="336">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.version = 3</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="337">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.serial = rand(2**42)</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="338">
+          <span class="hits">61</span>
+          <code class="ruby">    name = OpenSSL::X509::Name.parse(&quot;/CN=#{cn}&quot;)</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="339">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.subject = name</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="340">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.issuer = name</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="341">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.not_before = Time.now</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="342">
+          <code class="ruby">    # valid until 2038-01-19 04:14:06 +0100</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="343">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.not_after = Time.at(2_147_483_646)</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="344">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.public_key = rsa.public_key</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="345">
+          <code class="ruby"></code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="346">
+          <span class="hits">61</span>
+          <code class="ruby">    ef = OpenSSL::X509::ExtensionFactory.new(nil, cert)</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="347">
+          <span class="hits">61</span>
+          <code class="ruby">    ef.issuer_certificate = cert</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="348">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.extensions = [</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="349">
+          <code class="ruby">      ef.create_extension(&#39;basicConstraints&#39;, &#39;CA:FALSE&#39;),</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="350">
+          <code class="ruby">      ef.create_extension(&#39;subjectKeyIdentifier&#39;, &#39;hash&#39;)</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="351">
+          <code class="ruby">    ]</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="352">
+          <span class="hits">61</span>
+          <code class="ruby">    aki = ef.create_extension(&#39;authorityKeyIdentifier&#39;,</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="353">
+          <code class="ruby">                              &#39;keyid:always,issuer:always&#39;)</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="354">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.add_extension(aki)</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="355">
+          <span class="hits">61</span>
+          <code class="ruby">    cert.sign(rsa, digest.new)</code>
+        </li>
+        <li class="covered" data-hits="61" data-linenumber="356">
+          <span class="hits">61</span>
+          <code class="ruby">    [rsa, cert]</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="357">
+          <code class="ruby">  end</code>
+        </li>
+        <li class="never" data-hits="" data-linenumber="358">
+          <code class="ruby">end</code>
+        </li>
+    </ol>
+  </pre>
+</div>
+      </div>
+    </div>
+  </body>
+</html>