cert_validator 0.0.1

data/spec/crl_validator_spec.rb

@@ -0,0 +1,59 @@
+describe CertValidator::CrlValidator do
+  subject { described_class.new good_cert, ca }
+  let(:ca){ cert 'root' }
+  let(:good_cert){ cert 'good' }
+  let(:revoked_cert){ cert 'revoked' }
+  let(:empty_cert){ cert 'empty' }
+  let(:crl_data){ crl 'revoked' }
+  let(:mismatched_crl_data){ crl 'mismatched' }
+
+  it 'accepts a certificate on construction' do
+    expect{ described_class.new good_cert, ca }.to_not raise_error
+  end
+
+  it 'accepts OpenSSL CRL data to replace hitting a URL for it' do
+    expect{ subject.crl = crl_data }.to_not raise_error
+    expect(subject.available?).to be
+  end
+
+  describe 'with a good cert and matching CRL data' do
+    subject do
+      described_class.new(good_cert, ca).tap do |v|
+        v.crl = crl_data
+      end
+    end
+
+    it { is_expected.to be_available }
+    it { is_expected.to be_valid }
+  end
+
+  describe 'with a revoked cert and matching CRL data' do
+    subject do
+      described_class.new(revoked_cert, ca).tap do |v|
+        v.crl = crl_data
+      end
+    end
+
+    it { is_expected.to be_available }
+    it { is_expected.to_not be_valid }
+  end
+
+  describe 'with irrelevant CRL data' do
+    subject do
+      described_class.new(good_cert, ca).tap do |v|
+        v.crl = mismatched_crl_data
+      end
+    end
+    it { is_expected.to be_available }
+    it { is_expected.to_not be_valid }
+  end
+
+  describe 'with no CRL data' do
+    subject do
+      described_class.new(empty_cert, ca)
+    end
+
+    it { is_expected.to_not be_available }
+    it { is_expected.to_not be_valid }
+  end
+end

data/spec/null_ocsp_validator_spec.rb

@@ -0,0 +1,19 @@
+require 'cert_validator/ocsp/null_validator'
+
+describe CertValidator::NullOcspValidator do
+  subject{ described_class.new good_cert, ca }
+  let(:ca){ cert 'root' }
+  let(:good_cert){ cert 'good' }
+
+  it 'accepts a certificate and CA on construction' do
+    expect{ described_class.new good_cert, ca }.to_not raise_error
+  end
+
+  describe 'with a good cert and CA' do
+    it { is_expected.to_not be_available }
+
+    it 'raises an error when asked to validate' do
+      expect{ subject.valid? }.to raise_error CertValidator::OcspNotAvailableError
+    end
+  end
+end

data/spec/ocsp_extractor_spec.rb

@@ -0,0 +1,31 @@
+require 'cert_validator/ocsp/extractor'
+
+describe CertValidator::RealOcspValidator::Extractor do
+  it 'accepts a certificate on construction' do
+    expect{ described_class.new cert 'good' }.to_not raise_error
+  end
+
+  describe 'with one OCSP endpoint' do
+    subject { described_class.new cert 'good' }
+
+    it 'has an OCSP extension' do
+      expect(subject.has_ocsp_extension?).to be
+    end
+
+    it 'extracts the OCSP endpoint' do
+      expect(subject.endpoint).to eq 'http://cert-validator-test.herokuapp.com/ocsp'
+    end
+  end
+
+  describe 'with no OCSP endpoint' do
+    subject { described_class.new cert 'crl_only' }
+
+    it 'has no OCSP extension' do
+      expect(subject.has_ocsp_extension?).to_not be
+    end
+
+    it 'extracts no OCSP endpoint' do
+      expect(subject.endpoint).to be_nil
+    end
+  end
+end

data/spec/ocsp_validator_spec.rb

@@ -0,0 +1,34 @@
+require 'cert_validator/ocsp/real_validator'
+require 'logger'
+
+describe CertValidator::RealOcspValidator, real_ocsp: true do
+  subject{ described_class.new good_cert, ca }
+  let(:ca){ cert 'root' }
+  let(:good_cert){ cert 'good' }
+
+  it 'accepts a certificate and CA on construction' do
+    expect{ described_class.new good_cert, ca }.to_not raise_error
+  end
+
+  describe 'with a good cert' do
+    it { is_expected.to be_available }
+    it { is_expected.to be_valid }
+  end
+
+  describe 'with a revoked cert' do
+    subject { described_class.new cert('revoked'), ca }
+    it { is_expected.to be_available }
+    it { is_expected.to_not be_valid }
+  end
+
+  pending 'with an irrelevant OCSP response' do
+    it { is_expected.to be_available }
+    it { is_expected.to_not be_valid }
+  end
+
+  describe 'with a cert with no OCSP data' do
+    subject { described_class.new cert('crl_only'), ca }
+    it { is_expected.to_not be_available }
+    it { is_expected.to_not be_valid }
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,15 @@
+require 'cert_validator'
+%w{certs validator_expectations}.each do |f|
+  require_relative "./support/#{f}"
+end
+
+RSpec.configure do |config|
+
+  config.include Certs
+
+  if defined? OpenSSL::OCSP
+    config.filter_run_excluding null_ocsp: true
+  else
+    config.filter_run_excluding real_ocsp: true
+  end
+end

data/spec/support/ca/crl_only.crt

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUDCCAfqgAwIBAgITBlDD3tpGAKR6eYnuUp6BHhl/oTANBgkqhkiG9w0BAQUF
+ADBhMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTEOMAwGA1UEBwwFTWlh
+bWkxHDAaBgNVBAoME3I1MDktY2VydC12YWxpZGF0b3IxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0xNDA4MTgxNjMwNTNaFw0xNTA4MTgxNjMwNTNaMGExCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdGbG9yaWRhMQ4wDAYDVQQHDAVNaWFtaTEcMBoGA1UECgwT
+cjUwOS1jZXJ0LXZhbGlkYXRvcjESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBAMYnb+qH8hUAv1t/OiLlN1S8H9GeEdYPmxFRfPdi7kxy
+07uSLd7GwECamr88beyxd/k+Hshwqvbc2aH2Jy1UifcCAwEAAaOBijCBhzAdBgNV
+HQ4EFgQUnkH8OtJt4erTy0qbCRGNtijd9JwwHwYDVR0jBBgwFoAUpWpVTvQF6qq/
+XnR6wLqe3OhV1q8wRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL2NlcnQtdmFsaWRh
+dG9yLXRlc3QuaGVyb2t1YXBwLmNvbS9yZXZva2VkLmNybDANBgkqhkiG9w0BAQUF
+AANBAGb7XHWaLgQJPqSduN6Pt99ZvmEiH/+VPEfBBUkb+1FnfUsbyKdMl9oVTbFS
+0L5gqimm3ryuKG/t7t/hjo5cScU=
+-----END CERTIFICATE-----

data/spec/support/ca/empty.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBzCCAbGgAwIBAgITBlDD3tpwd/fvU138B/YOHbu/kzANBgkqhkiG9w0BAQUF
+ADBhMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTEOMAwGA1UEBwwFTWlh
+bWkxHDAaBgNVBAoME3I1MDktY2VydC12YWxpZGF0b3IxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0xNDA4MTgxNjMwNTNaFw0xNTA4MTgxNjMwNTNaMGExCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdGbG9yaWRhMQ4wDAYDVQQHDAVNaWFtaTEcMBoGA1UECgwT
+cjUwOS1jZXJ0LXZhbGlkYXRvcjESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBAKupO4YL7W/YUnIsAKiPCoDOQQzhxOMJ8/8ggrduhzTo
+CaPFhKsyAt3fFK/hgKiIWmhXx1xXZ4pZy43NO/RjvEUCAwEAAaNCMEAwHQYDVR0O
+BBYEFLrt5qDb2oRSdDLgprfOM5d5lqZcMB8GA1UdIwQYMBaAFKVqVU70Beqqv150
+esC6ntzoVdavMA0GCSqGSIb3DQEBBQUAA0EAokhoIY/qlqBD/BIaBAG39tgL+YWl
++QqDY3BfgdaPD/XZfuBqiOluv6k4tytfN12TnpWdwS9MPlXPuQ9lZE2WuQ==
+-----END CERTIFICATE-----

data/spec/support/ca/github.crt

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF4DCCBMigAwIBAgIQDACTENIG2+M3VTWAEY3chzANBgkqhkiG9w0BAQsFADB1
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
+IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDQwODAwMDAwMFoXDTE2MDQxMjEy
+MDAwMFowgfAxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
+BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
+Ewc1MTU3NTUwMRcwFQYDVQQJEw41NDggNHRoIFN0cmVldDEOMAwGA1UEERMFOTQx
+MDcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
+YW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp
+dGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx1Nw8r/3z
+Tu3BZ63myyLot+KrKPL33GJwCNEMr9YWaiGwNksXDTZjBK6/6iBRlWVm8r+5TaQM
+Kev1FbHoNbNwEJTVG1m0Jg/Wg1dZneF8Cd3gE8pNb0Obzc+HOhWnhd1mg+2TDP4r
+bTgceYiQz61YGC1R0cKj8keMbzgJubjvTJMLy4OUh+rgo7XZe5trD0P5yu6ADSin
+dvEl9ME1PPZ0rd5qM4J73P1LdqfC7vJqv6kkpl/nLnwO28N0c/p+xtjPYOs2ViG2
+wYq4JIJNeCS66R2hiqeHvmYlab++O3JuT+DkhSUIsZGJuNZ0ZXabLE9iH6H6Or6c
+JL+fyrDFwGeNAgMBAAGjggHuMIIB6jAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl
+0yHU+PjWDzAdBgNVHQ4EFgQUakOQfTuYFHJSlTqqKApD+FF+06YwJQYDVR0RBB4w
+HIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G
+A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o
+dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzEuY3JsMDSg
+MqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzEu
+Y3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBz
+Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEF
+BQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRw
+Oi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxp
+ZGF0aW9uU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQAD
+ggEBAG/nbcuC8++QhwnXDxUiLIz+06scipbbXRJd0XjAMbD/RciJ9wiYUhcfTEsg
+ZGpt21DXEL5+q/4vgNipSlhBaYFyGQiDm5IQTmIte0ZwQ26jUxMf4pOmI1v3kj43
+FHU7uUskQS6lPUgND5nqHkKXxv6V2qtHmssrA9YNQMEK93ga2rWDpK21mUkgLviT
+PB5sPdE7IzprOCp+Ynpf3RcFddAkXb6NqJoQRPrStMrv19C1dqUmJRwIQdhkkqev
+ff6IQDlhC8BIMKmCNK33cEYDfDWROtW7JNgBvBTwww8jO1gyug8SbGZ6bZ3k8OV8
+XX4C2NesiZcLYbc2n7B9O+63M2k=
+-----END CERTIFICATE-----

data/spec/support/ca/good.crt

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmzCCAkWgAwIBAgITBlDD3tnoYCMw1nYyk5g/+ehFkTANBgkqhkiG9w0BAQUF
+ADBhMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTEOMAwGA1UEBwwFTWlh
+bWkxHDAaBgNVBAoME3I1MDktY2VydC12YWxpZGF0b3IxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0xNDA4MTgxNjMwNTNaFw0xNTA4MTgxNjMwNTNaMGExCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdGbG9yaWRhMQ4wDAYDVQQHDAVNaWFtaTEcMBoGA1UECgwT
+cjUwOS1jZXJ0LXZhbGlkYXRvcjESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBANQTxRioShTbbMynU6Qm5KLf7iCgmw4tH6kF1tezrO5+
+SptbxUo5W5MfYOuSdvmVGeHLx/ttPI0JyJppcY+u5IMCAwEAAaOB1TCB0jAdBgNV
+HQ4EFgQUpCv8JWvjw5WAdeGfm1UNf7PoavEwHwYDVR0jBBgwFoAUpWpVTvQF6qq/
+XnR6wLqe3OhV1q8wRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL2NlcnQtdmFsaWRh
+dG9yLXRlc3QuaGVyb2t1YXBwLmNvbS9yZXZva2VkLmNybDBJBggrBgEFBQcBAQQ9
+MDswOQYIKwYBBQUHMAGGLWh0dHA6Ly9jZXJ0LXZhbGlkYXRvci10ZXN0Lmhlcm9r
+dWFwcC5jb20vb2NzcDANBgkqhkiG9w0BAQUFAANBABnK+JbR0Hzo509f4Qp450nI
+L/aEO4PTUblLqNu3PaojWjGtq0wX/7UkoqL/yfq9OJAsjoea1+0BjFM+Rnemwmc=
+-----END CERTIFICATE-----

data/spec/support/ca/mismatched.crl

@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIICBTCB7gIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxDjAMBgNVBAoMBUJhc2hv
+MRswGQYDVQQLDBJSaWFrIFB5dGhvbiBDbGllbnQxCzAJBgNVBAMMAkNBMSAwHgYJ
+KoZIhvcNAQkBFhFjbGllbnRzQGJhc2hvLmNvbRcNMTQwNTI3MTk0MjQ4WhcNMTQw
+NjI2MTk0MjQ4WjAWMBQCA2beDRcNMTQwNTI3MTk0MjQ4WqARMA8wDQYDVR0UBAYC
+BACikbwwDQYJKoZIhvcNAQEFBQADggEBAKPIogNgS8I4MR21ZrLkyV0wPGjzB26W
+AplQMQqr8GYLLxkRPZBKDVdjwZINjmAm0MUsL74vnvrABJ91M0IRkanVPc3UA/Gk
+ZNjH5WgTWbGP8SwdwPzjJeYckVQRNTpF9YQ/0XN1mtJA95WwSy7VuWKnMNRU0uf6
+CWcXO+hlsPkwBTu+NMqkD2E5PpbcLvob9sdGMAJ2AzI2Oa8JPpVS9RXDFJTtqFAZ
+JikU5MmZmpY9hL++3OD4rRih2lW32OzO710olJGPcV3o8Ax8KxPk13sVgdwTNPmj
+auGtyqY/m/94SwNPUcglAkWn0wRO9sD+1PvoZJPxq+NBs/EKihFY1GI=
+-----END X509 CRL-----

data/spec/support/ca/ocsp_only.crt

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVDCCAf6gAwIBAgITBlDD3toc61D/0rrzeSlp/1NFvDANBgkqhkiG9w0BAQUF
+ADBhMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTEOMAwGA1UEBwwFTWlh
+bWkxHDAaBgNVBAoME3I1MDktY2VydC12YWxpZGF0b3IxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0xNDA4MTgxNjMwNTNaFw0xNTA4MTgxNjMwNTNaMGExCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdGbG9yaWRhMQ4wDAYDVQQHDAVNaWFtaTEcMBoGA1UECgwT
+cjUwOS1jZXJ0LXZhbGlkYXRvcjESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBAMTlPewWSsPlUG9idTsT2K2ORmFRPXX60ODDW0/2sjvE
+hWcKdPccIGOSm95VtSL3+0DQMiC10uI4BBgGbXnJ4qcCAwEAAaOBjjCBizAdBgNV
+HQ4EFgQUG5SeTrisYSI69NPcEAt2g+snrAMwHwYDVR0jBBgwFoAUpWpVTvQF6qq/
+XnR6wLqe3OhV1q8wSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzABhi1odHRwOi8v
+Y2VydC12YWxpZGF0b3ItdGVzdC5oZXJva3VhcHAuY29tL29jc3AwDQYJKoZIhvcN
+AQEFBQADQQAj3kdRTZ1Pk7AsOGsBrsxPzeCHtwEo/YL5bAW79uJTZGj2GCYd61uX
+FMzUztX7cEkZW0LqXzPKO5pYg3bwHoGK
+-----END CERTIFICATE-----

data/spec/support/ca/revoked.crl

@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBQTCB7AIBATANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CAwHRmxvcmlkYTEOMAwGA1UEBwwFTWlhbWkxHDAaBgNVBAoME3I1MDktY2VydC12
+YWxpZGF0b3IxEjAQBgNVBAMMCWxvY2FsaG9zdBcNMTQwODE4MjEzMDUzWhcNMjQw
+ODE1MjIzMDUzWjAmMCQCEwZQw97arFvKuvBO4bBLd8uNiyMXDTE0MDgxODIyMzA1
+M1qgLzAtMAoGA1UdFAQDAgEBMB8GA1UdIwQYMBaAFKVqVU70Beqqv150esC6ntzo
+VdavMA0GCSqGSIb3DQEBBQUAA0EALwWpIJPB2bBEnhG0/V9sawKcqip8jKWeiIuu
+vTIYJSKZZb14mDbnfMxz4By6QnY0zV/6V7uoQtb2UqeYI9EWzg==
+-----END X509 CRL-----

data/spec/support/ca/revoked.crt

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmzCCAkWgAwIBAgITBlDD3tqsW8q68E7hsEt3y42LIzANBgkqhkiG9w0BAQUF
+ADBhMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTEOMAwGA1UEBwwFTWlh
+bWkxHDAaBgNVBAoME3I1MDktY2VydC12YWxpZGF0b3IxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0xNDA4MTgxNjMwNTNaFw0xNTA4MTgxNjMwNTNaMGExCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdGbG9yaWRhMQ4wDAYDVQQHDAVNaWFtaTEcMBoGA1UECgwT
+cjUwOS1jZXJ0LXZhbGlkYXRvcjESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBALH+sXLe0yn6E7NIVSDaI0LTUSAoeNh73JgjsYo8enyv
+uPfabwR94l/wuSDJZK6JCKUGhjg8AQuopcmyrrS6fVcCAwEAAaOB1TCB0jAdBgNV
+HQ4EFgQUtbEyhfmU2TxYq1WUyA9C7fRHuBQwHwYDVR0jBBgwFoAUpWpVTvQF6qq/
+XnR6wLqe3OhV1q8wRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL2NlcnQtdmFsaWRh
+dG9yLXRlc3QuaGVyb2t1YXBwLmNvbS9yZXZva2VkLmNybDBJBggrBgEFBQcBAQQ9
+MDswOQYIKwYBBQUHMAGGLWh0dHA6Ly9jZXJ0LXZhbGlkYXRvci10ZXN0Lmhlcm9r
+dWFwcC5jb20vb2NzcDANBgkqhkiG9w0BAQUFAANBAKQdX9I+KAjFu2j0isy7HVJz
+7KDrzawL6bh5no5WQkxVj5qiyW+htAWSSgw5ZVIg9tAQ1JVKvmduDkMqC9knXDk=
+-----END CERTIFICATE-----

data/spec/support/ca/root.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICGDCCAcKgAwIBAgITBlDD3tl93VE/AZAL1eO6oeRQkTANBgkqhkiG9w0BAQUF
+ADBhMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTEOMAwGA1UEBwwFTWlh
+bWkxHDAaBgNVBAoME3I1MDktY2VydC12YWxpZGF0b3IxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0xNDA4MTgxNjMwNTNaFw0yNDA4MTUyMjMwNTNaMGExCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdGbG9yaWRhMQ4wDAYDVQQHDAVNaWFtaTEcMBoGA1UECgwT
+cjUwOS1jZXJ0LXZhbGlkYXRvcjESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBAN8e7yWwTySejwwQj8LTbzcdRsHy0/q7lbg/+YuFIjvC
+zPbMqVCNJA/ylvGs5iO6xRtPTZt0Nb3b/JnTxMx7jScCAwEAAaNTMFEwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUpWpVTvQF6qq/XnR6wLqe3OhV1q8wHwYDVR0j
+BBgwFoAUpWpVTvQF6qq/XnR6wLqe3OhV1q8wDQYJKoZIhvcNAQEFBQADQQCM2Wxj
+7HHi6uZN5sBFczvDifdxryI+BotbRQqA07zgoa4PjPZGrT7oqhXd29UvNDE8bFTC
+LzDB9a8J8ITkUSmQ
+-----END CERTIFICATE-----

data/spec/support/ca/root.key

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAN8e7yWwTySejwwQj8LTbzcdRsHy0/q7lbg/+YuFIjvCzPbMqVCN
+JA/ylvGs5iO6xRtPTZt0Nb3b/JnTxMx7jScCAwEAAQJBAJ8TSgO/6R09otVCNYz8
+++z6hYkf3LyF41/i1MMBX3/ktM2LD3pB59ifyNPjix08XQPGVyZ51e18JBdIGYCA
+4GkCIQD7Wx29cj7tgC7437E6zdNAvlEd9L5WvXPn+GRagBlgiwIhAOM+RPXBiK1z
+Nz2wFa1smcaq8FSbb1yCet1NfhKHdF1VAiBTnS7ae2u1g+OcRIVnY1q3+ddwGJ9M
+qX8qFnYDqQNIGwIgAe5sjZ4oeDjrdkXB2Wh74hlf04hCqQme27Sl5qhqD8UCIQCm
+D9bqLg3O+PWgLXfKdOKIiRleQtiyb+b5f/JLy4vozw==
+-----END RSA PRIVATE KEY-----

data/spec/support/certs.rb

@@ -0,0 +1,17 @@
+require 'openssl'
+
+module Certs
+  def cert(name)
+    OpenSSL::X509::Certificate.new load "#{name}.crt"
+  end
+
+  def crl(name)
+    OpenSSL::X509::CRL.new load "#{name}.crl"
+  end
+
+  private
+  def load(filename)
+    path = File.join(File.dirname(__FILE__), 'ca', filename)
+    File.read path
+  end
+end

data/spec/support/ocsp_guard.rb

@@ -0,0 +1,2 @@
+module OcspGuard
+end

data/spec/support/validator_expectations.rb

@@ -0,0 +1,13 @@
+module ValidatorExpectations
+  RSpec::Matchers.define :be_available do
+    match do |actual|
+      actual.available?
+    end
+  end
+
+  RSpec::Matchers.define :be_valid do
+    match do |actual|
+      actual.valid?
+    end
+  end
+end

metadata

@@ -0,0 +1,150 @@
+--- !ruby/object:Gem::Specification
+name: cert_validator
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Bryce Kerley
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-08-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+description: Validate an X509 certificate against its listed OCSP endpoint and/or
+  a CRL.
+email:
+- bkerley@brycekerley.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- cert_validator.gemspec
+- lib/cert_validator.rb
+- lib/cert_validator/asn1.rb
+- lib/cert_validator/crl/extractor.rb
+- lib/cert_validator/crl_validator.rb
+- lib/cert_validator/errors.rb
+- lib/cert_validator/ocsp.rb
+- lib/cert_validator/ocsp/extractor.rb
+- lib/cert_validator/ocsp/null_validator.rb
+- lib/cert_validator/ocsp/real_validator.rb
+- lib/cert_validator/version.rb
+- lib/tasks/ca.rb
+- lib/tasks/helper.rb
+- spec/cert_validator_spec.rb
+- spec/crl_extractor_spec.rb
+- spec/crl_validator_spec.rb
+- spec/null_ocsp_validator_spec.rb
+- spec/ocsp_extractor_spec.rb
+- spec/ocsp_validator_spec.rb
+- spec/spec_helper.rb
+- spec/support/ca/crl_only.crt
+- spec/support/ca/digicert.crl
+- spec/support/ca/empty.crt
+- spec/support/ca/github.crt
+- spec/support/ca/good.crt
+- spec/support/ca/mismatched.crl
+- spec/support/ca/ocsp_only.crt
+- spec/support/ca/revoked.crl
+- spec/support/ca/revoked.crt
+- spec/support/ca/root.crt
+- spec/support/ca/root.key
+- spec/support/certs.rb
+- spec/support/ocsp_guard.rb
+- spec/support/validator_expectations.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.3.0
+signing_key: 
+specification_version: 4
+summary: Validate X509 certificates against CRL and OCSP.
+test_files:
+- spec/cert_validator_spec.rb
+- spec/crl_extractor_spec.rb
+- spec/crl_validator_spec.rb
+- spec/null_ocsp_validator_spec.rb
+- spec/ocsp_extractor_spec.rb
+- spec/ocsp_validator_spec.rb
+- spec/spec_helper.rb
+- spec/support/ca/crl_only.crt
+- spec/support/ca/digicert.crl
+- spec/support/ca/empty.crt
+- spec/support/ca/github.crt
+- spec/support/ca/good.crt
+- spec/support/ca/mismatched.crl
+- spec/support/ca/ocsp_only.crt
+- spec/support/ca/revoked.crl
+- spec/support/ca/revoked.crt
+- spec/support/ca/root.crt
+- spec/support/ca/root.key
+- spec/support/certs.rb
+- spec/support/ocsp_guard.rb
+- spec/support/validator_expectations.rb
+has_rdoc: