certificate_authority 0.1.2 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +6 -0
- data/.rspec +3 -0
- data/.travis.yml +11 -0
- data/Gemfile +2 -8
- data/Gemfile.lock +71 -27
- data/README.rdoc +184 -89
- data/Rakefile +6 -41
- data/certificate_authority.gemspec +22 -81
- data/lib/certificate_authority.rb +7 -6
- data/lib/certificate_authority/certificate.rb +151 -71
- data/lib/certificate_authority/certificate_revocation_list.rb +46 -26
- data/lib/certificate_authority/core_extensions.rb +46 -0
- data/lib/certificate_authority/distinguished_name.rb +84 -17
- data/lib/certificate_authority/extensions.rb +483 -96
- data/lib/certificate_authority/key_material.rb +75 -21
- data/lib/certificate_authority/ocsp_handler.rb +99 -29
- data/lib/certificate_authority/pkcs11_key_material.rb +13 -15
- data/lib/certificate_authority/revocable.rb +14 -0
- data/lib/certificate_authority/serial_number.rb +18 -5
- data/lib/certificate_authority/signing_entity.rb +5 -7
- data/lib/certificate_authority/signing_request.rb +91 -0
- data/lib/certificate_authority/validations.rb +31 -0
- data/lib/certificate_authority/version.rb +3 -0
- metadata +96 -94
- data/VERSION.yml +0 -5
- data/spec/spec_helper.rb +0 -4
- data/spec/units/certificate_authority_spec.rb +0 -4
- data/spec/units/certificate_revocation_list_spec.rb +0 -68
- data/spec/units/certificate_spec.rb +0 -351
- data/spec/units/distinguished_name_spec.rb +0 -38
- data/spec/units/extensions_spec.rb +0 -53
- data/spec/units/key_material_spec.rb +0 -96
- data/spec/units/ocsp_handler_spec.rb +0 -104
- data/spec/units/serial_number_spec.rb +0 -20
- data/spec/units/signing_entity_spec.rb +0 -4
- data/spec/units/units_helper.rb +0 -1
|
@@ -1,104 +0,0 @@
|
|
|
1
|
-
require File.dirname(__FILE__) + '/units_helper'
|
|
2
|
-
|
|
3
|
-
describe CertificateAuthority::OCSPHandler do
|
|
4
|
-
before(:each) do
|
|
5
|
-
@ocsp_handler = CertificateAuthority::OCSPHandler.new
|
|
6
|
-
|
|
7
|
-
@root_certificate = CertificateAuthority::Certificate.new
|
|
8
|
-
@root_certificate.signing_entity = true
|
|
9
|
-
@root_certificate.subject.common_name = "OCSP Root"
|
|
10
|
-
@root_certificate.key_material.generate_key
|
|
11
|
-
@root_certificate.serial_number.number = 1
|
|
12
|
-
@root_certificate.sign!
|
|
13
|
-
|
|
14
|
-
@certificate = CertificateAuthority::Certificate.new
|
|
15
|
-
@certificate.key_material.generate_key
|
|
16
|
-
@certificate.subject.common_name = "http://questionablesite.com"
|
|
17
|
-
@certificate.parent = @root_certificate
|
|
18
|
-
@certificate.serial_number.number = 2
|
|
19
|
-
@certificate.sign!
|
|
20
|
-
|
|
21
|
-
@ocsp_request = OpenSSL::OCSP::Request.new
|
|
22
|
-
openssl_cert_issuer = OpenSSL::X509::Certificate.new(@root_certificate.to_pem)
|
|
23
|
-
openssl_cert_subject = OpenSSL::X509::Certificate.new(@certificate.to_pem)
|
|
24
|
-
|
|
25
|
-
cert_id = OpenSSL::OCSP::CertificateId.new(openssl_cert_subject, openssl_cert_issuer)
|
|
26
|
-
@ocsp_request.add_certid(cert_id)
|
|
27
|
-
@ocsp_handler.ocsp_request = @ocsp_request.to_der
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
it "should be able to accept an OCSP Request" do
|
|
31
|
-
@ocsp_handler.ocsp_request = @ocsp_request
|
|
32
|
-
@ocsp_handler.ocsp_request.should_not be_nil
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
it "should raise an error if you try and extract certificates without a raw request" do
|
|
36
|
-
@ocsp_handler.extract_certificate_serials
|
|
37
|
-
@ocsp_handler.ocsp_request = nil
|
|
38
|
-
lambda {@ocsp_handler.extract_certificate_serials}.should raise_error
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
it "should return a hash of extracted certificates from OCSP requests" do
|
|
42
|
-
result = @ocsp_handler.extract_certificate_serials
|
|
43
|
-
result.size.should == 1
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
it "should be able to generate an OCSP response" do
|
|
47
|
-
@ocsp_handler.extract_certificate_serials
|
|
48
|
-
@ocsp_handler << @certificate
|
|
49
|
-
@ocsp_handler.parent = @root_certificate
|
|
50
|
-
@ocsp_handler.response
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
it "should require a 'parent' entity for signing" do
|
|
54
|
-
@ocsp_handler.parent = @root_certificate
|
|
55
|
-
@ocsp_handler.parent.should_not be_nil
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
it "should raise an error if you ask for the signed OCSP response without generating it" do
|
|
59
|
-
@ocsp_handler.extract_certificate_serials
|
|
60
|
-
@ocsp_handler << @certificate
|
|
61
|
-
@ocsp_handler.parent = @root_certificate
|
|
62
|
-
lambda { @ocsp_handler.to_der }.should raise_error
|
|
63
|
-
@ocsp_handler.response
|
|
64
|
-
@ocsp_handler.to_der.should_not be_nil
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
it "should raise an error if you generate a response without adding all certificates in request" do
|
|
68
|
-
@ocsp_handler.extract_certificate_serials
|
|
69
|
-
@ocsp_handler.parent = @root_certificate
|
|
70
|
-
lambda { @ocsp_handler.response }.should raise_error
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
it "should raise an error if you generate a response without adding a parent signing entity" do
|
|
74
|
-
@ocsp_handler.extract_certificate_serials
|
|
75
|
-
@ocsp_handler << @certificate
|
|
76
|
-
lambda { @ocsp_handler.response }.should raise_error
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
describe "Response" do
|
|
80
|
-
before(:each) do
|
|
81
|
-
@ocsp_handler.extract_certificate_serials
|
|
82
|
-
@ocsp_handler << @certificate
|
|
83
|
-
@ocsp_handler.parent = @root_certificate
|
|
84
|
-
@ocsp_handler.response
|
|
85
|
-
|
|
86
|
-
@openssl_ocsp_response = OpenSSL::OCSP::Response.new(@ocsp_handler.to_der)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
it "should have a correct status/status string" do
|
|
90
|
-
@openssl_ocsp_response.status_string.should == "successful"
|
|
91
|
-
@openssl_ocsp_response.status.should == 0
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
it "should have an embedded BasicResponse with certificate statuses" do
|
|
95
|
-
# [#<OpenSSL::OCSP::CertificateId:0x000001020ecad8>, 0, 1, nil, 2011-04-15 23:29:47 UTC, 2011-04-15 23:30:17 UTC, []]
|
|
96
|
-
@openssl_ocsp_response.basic.status.first[1].should == 0 # Everything is OK
|
|
97
|
-
end
|
|
98
|
-
|
|
99
|
-
it "should have a next_update time" do
|
|
100
|
-
@openssl_ocsp_response.basic.status.first[5].should_not be_nil
|
|
101
|
-
@openssl_ocsp_response.basic.status.first[5].class.should == Time
|
|
102
|
-
end
|
|
103
|
-
end
|
|
104
|
-
end
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
require File.dirname(__FILE__) + '/units_helper'
|
|
2
|
-
|
|
3
|
-
describe CertificateAuthority::SerialNumber do
|
|
4
|
-
before(:each) do
|
|
5
|
-
@serial_number = CertificateAuthority::SerialNumber.new
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
it "should support basic integer serial numbers", :rfc3280 => true do
|
|
9
|
-
@serial_number.number = 25
|
|
10
|
-
@serial_number.should be_valid
|
|
11
|
-
@serial_number.number = "abc"
|
|
12
|
-
@serial_number.should_not be_valid
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
it "should not allow negative serial numbers", :rfc3280 => true do
|
|
16
|
-
@serial_number.number = -5
|
|
17
|
-
@serial_number.should_not be_valid
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
end
|
data/spec/units/units_helper.rb
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
require File.dirname(__FILE__) + '/../spec_helper'
|