RubyGems - certificate_authority - Versions diffs - 0.1.5 → 1.1.0 - Mend

certificate_authority 0.1.5 → 1.1.0

Files changed (37) hide show

checksums.yaml +7 -0
data/.github/workflows/ci.yml +26 -0
data/.gitignore +6 -0
data/.rspec +3 -0
data/Gemfile +2 -8
data/Gemfile.lock +71 -27
data/README.rdoc +91 -2
data/Rakefile +6 -41
data/certificate_authority.gemspec +22 -83
data/lib/certificate_authority/certificate.rb +139 -49
data/lib/certificate_authority/certificate_revocation_list.rb +34 -14
data/lib/certificate_authority/core_extensions.rb +46 -0
data/lib/certificate_authority/distinguished_name.rb +64 -16
data/lib/certificate_authority/extensions.rb +417 -45
data/lib/certificate_authority/key_material.rb +30 -9
data/lib/certificate_authority/ocsp_handler.rb +75 -5
data/lib/certificate_authority/pkcs11_key_material.rb +0 -2
data/lib/certificate_authority/revocable.rb +14 -0
data/lib/certificate_authority/serial_number.rb +15 -2
data/lib/certificate_authority/signing_request.rb +91 -0
data/lib/certificate_authority/validations.rb +31 -0
data/lib/certificate_authority/version.rb +3 -0
data/lib/certificate_authority.rb +6 -5
metadata +76 -71
data/VERSION.yml +0 -5
data/spec/spec_helper.rb +0 -4
data/spec/units/certificate_authority_spec.rb +0 -4
data/spec/units/certificate_revocation_list_spec.rb +0 -68
data/spec/units/certificate_spec.rb +0 -428
data/spec/units/distinguished_name_spec.rb +0 -59
data/spec/units/extensions_spec.rb +0 -115
data/spec/units/key_material_spec.rb +0 -100
data/spec/units/ocsp_handler_spec.rb +0 -104
data/spec/units/pkcs11_key_material_spec.rb +0 -41
data/spec/units/serial_number_spec.rb +0 -20
data/spec/units/signing_entity_spec.rb +0 -4
data/spec/units/units_helper.rb +0 -1

data/spec/units/key_material_spec.rb DELETED Viewed

@@ -1,100 +0,0 @@
-require File.dirname(__FILE__) + '/units_helper'
-describe CertificateAuthority::KeyMaterial do
-  [CertificateAuthority::MemoryKeyMaterial, CertificateAuthority::SigningRequestKeyMaterial].each do |key_material_class|
-    before do
-      @key_material = key_material_class.new
-    end
-    it "#{key_material_class} should know if a key is in memory or hardware" do
-      @key_material.is_in_hardware?.should_not be_nil
-      @key_material.is_in_memory?.should_not be_nil
-    end
-    it "should use memory by default" do
-      @key_material.is_in_memory?.should be_true
-    end
-  end
-end
-describe CertificateAuthority::MemoryKeyMaterial do
-  before(:each) do
-    @key_material = CertificateAuthority::MemoryKeyMaterial.new
-  end
-  it "should be able to generate an RSA key" do
-    @key_material.generate_key(1024).should_not be_nil
-  end
-  it "should generate a proper OpenSSL::PKey::RSA" do
-    @key_material.generate_key(1024).class.should == OpenSSL::PKey::RSA
-  end
-  it "should be able to specify the size of the modulus to generate" do
-    @key_material.generate_key(1024).should_not be_nil
-  end
-  describe "with generated key" do
-    before(:all) do
-      @key_material_in_memory = CertificateAuthority::MemoryKeyMaterial.new
-      @key_material_in_memory.generate_key(1024)
-    end
-    it "should be able to retrieve the private key" do
-      @key_material_in_memory.private_key.should_not be_nil
-    end
-    it "should be able to retrieve the public key" do
-      @key_material_in_memory.public_key.should_not be_nil
-    end
-  end
-  it "should not validate without public and private keys" do
-    @key_material.valid?.should be_false
-    @key_material.generate_key(1024)
-    @key_material.valid?.should be_true
-    pub = @key_material.public_key
-    @key_material.public_key = nil
-    @key_material.valid?.should be_false
-    @key_material.public_key = pub
-    @key_material.private_key = nil
-    @key_material.valid?.should be_false
-  end
-end
-describe CertificateAuthority::SigningRequestKeyMaterial do
-  before(:each) do
-    @request = OpenSSL::X509::Request.new <<CSR
------BEGIN CERTIFICATE REQUEST-----
-MIIBjTCB9wIBADBOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEU
-MBIGA1UEBxMLQmVyc2Vya2VsZXkxFDASBgNVBAoTC0NlcnRzICdSIFVzMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaGiBcv++581KYt6y2NNcUaZNPPeNZ0UkX
-ujzZQQllx7PlYmsKTE6ZzfTUc0AJvDBIuACg03eagaEaBZtUFbsLkSOLJyYiIfF5
-f9PuXImz2RDzBJQ/+u82gQAcvPhm94xK8jeNPcn0Ege7Y7SRK4YYonX+0ZveP02L
-FjuEfrZcZQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAecOQz0RfnmSxxzOyHZ1e
-Wo2hQqPOmkfIbvL2l1Ml+HybJQJn6OpLmeveyU48SI2M7UqeNkHtsogMljy3re4L
-QlwK7lNd6SymdfSCPjUcdoLOaHolZXYNvCHltTc5skRHG7ti5yv4cu0ItIcCS0yp
-7L3maDEbTLsDdouHeFfbLWA=
------END CERTIFICATE REQUEST-----
-CSR
-    @key_material = CertificateAuthority::SigningRequestKeyMaterial.new @request
-  end
-  it "should generate from a CSR" do
-    @key_material.should_not be_nil
-  end
-  it "should be able to expose a public key" do
-    @key_material.public_key.should_not be_nil
-  end
-  it "should not have a private key" do
-    @key_material.private_key.should be_nil
-  end
-  it "should raise when signature does not verify" do
-    invalid = @request
-    invalid.public_key = OpenSSL::PKey::RSA.new 512
-    lambda { CertificateAuthority::SigningRequestKeyMaterial.new invalid }.should raise_error
-  end
-end

data/spec/units/ocsp_handler_spec.rb DELETED Viewed

@@ -1,104 +0,0 @@
-require File.dirname(__FILE__) + '/units_helper'
-describe CertificateAuthority::OCSPHandler do
-  before(:each) do
-    @ocsp_handler = CertificateAuthority::OCSPHandler.new
-    @root_certificate = CertificateAuthority::Certificate.new
-    @root_certificate.signing_entity = true
-    @root_certificate.subject.common_name = "OCSP Root"
-    @root_certificate.key_material.generate_key(1024)
-    @root_certificate.serial_number.number = 1
-    @root_certificate.sign!
-    @certificate = CertificateAuthority::Certificate.new
-    @certificate.key_material.generate_key(1024)
-    @certificate.subject.common_name = "http://questionablesite.com"
-    @certificate.parent = @root_certificate
-    @certificate.serial_number.number = 2
-    @certificate.sign!
-    @ocsp_request = OpenSSL::OCSP::Request.new
-    openssl_cert_issuer = OpenSSL::X509::Certificate.new(@root_certificate.to_pem)
-    openssl_cert_subject = OpenSSL::X509::Certificate.new(@certificate.to_pem)
-    cert_id = OpenSSL::OCSP::CertificateId.new(openssl_cert_subject, openssl_cert_issuer)
-    @ocsp_request.add_certid(cert_id)
-    @ocsp_handler.ocsp_request = @ocsp_request.to_der
-  end
-  it "should be able to accept an OCSP Request" do
-    @ocsp_handler.ocsp_request = @ocsp_request
-    @ocsp_handler.ocsp_request.should_not be_nil
-  end
-  it "should raise an error if you try and extract certificates without a raw request" do
-    @ocsp_handler.extract_certificate_serials
-    @ocsp_handler.ocsp_request = nil
-    lambda {@ocsp_handler.extract_certificate_serials}.should raise_error
-  end
-  it "should return a hash of extracted certificates from OCSP requests" do
-    result = @ocsp_handler.extract_certificate_serials
-    result.size.should == 1
-  end
-  it "should be able to generate an OCSP response" do
-    @ocsp_handler.extract_certificate_serials
-    @ocsp_handler << @certificate
-    @ocsp_handler.parent = @root_certificate
-    @ocsp_handler.response
-  end
-  it "should require a 'parent' entity for signing" do
-    @ocsp_handler.parent = @root_certificate
-    @ocsp_handler.parent.should_not be_nil
-  end
-  it "should raise an error if you ask for the signed OCSP response without generating it" do
-    @ocsp_handler.extract_certificate_serials
-    @ocsp_handler << @certificate
-    @ocsp_handler.parent = @root_certificate
-    lambda { @ocsp_handler.to_der }.should raise_error
-    @ocsp_handler.response
-    @ocsp_handler.to_der.should_not be_nil
-  end
-  it "should raise an error if you generate a response without adding all certificates in request" do
-    @ocsp_handler.extract_certificate_serials
-    @ocsp_handler.parent = @root_certificate
-    lambda { @ocsp_handler.response }.should raise_error
-  end
-  it "should raise an error if you generate a response without adding a parent signing entity" do
-    @ocsp_handler.extract_certificate_serials
-    @ocsp_handler << @certificate
-    lambda { @ocsp_handler.response }.should raise_error
-  end
-  describe "Response" do
-    before(:each) do
-      @ocsp_handler.extract_certificate_serials
-      @ocsp_handler << @certificate
-      @ocsp_handler.parent = @root_certificate
-      @ocsp_handler.response
-      @openssl_ocsp_response = OpenSSL::OCSP::Response.new(@ocsp_handler.to_der)
-    end
-    it "should have a correct status/status string" do
-      @openssl_ocsp_response.status_string.should == "successful"
-      @openssl_ocsp_response.status.should == 0
-    end
-    it "should have an embedded BasicResponse with certificate statuses" do
-      # [#<OpenSSL::OCSP::CertificateId:0x000001020ecad8>, 0, 1, nil, 2011-04-15 23:29:47 UTC, 2011-04-15 23:30:17 UTC, []]
-      @openssl_ocsp_response.basic.status.first[1].should == 0 # Everything is OK
-    end
-    it "should have a next_update time" do
-      @openssl_ocsp_response.basic.status.first[5].should_not be_nil
-      @openssl_ocsp_response.basic.status.first[5].class.should == Time
-    end
-  end
-end

data/spec/units/pkcs11_key_material_spec.rb DELETED Viewed

@@ -1,41 +0,0 @@
-require File.dirname(__FILE__) + '/units_helper'
-## Anything that requires crypto hardware needs to be tagged as 'pkcs11'
-describe CertificateAuthority::Pkcs11KeyMaterial, :pkcs11 => true do
-  before(:each) do
-    @key_material_in_hardware = CertificateAuthority::Pkcs11KeyMaterial.new
-    @key_material_in_hardware.token_id = "46"
-    @key_material_in_hardware.pkcs11_lib = "/usr/lib/libeTPkcs11.so"
-    @key_material_in_hardware.openssl_pkcs11_engine_lib = "/usr/lib/engines/engine_pkcs11.so"
-    @key_material_in_hardware.pin = "11111111"
-  end
-  it "should identify as being in hardware", :pkcs11 => true do
-    @key_material_in_hardware.is_in_hardware?.should be_true
-  end
-  it "should return a Pkey ref if the private key is requested", :pkcs11 => true do
-    @key_material_in_hardware.private_key.class.should == OpenSSL::PKey::RSA
-  end
-  it "should return a Pkey ref if the public key is requested", :pkcs11 => true do
-    @key_material_in_hardware.public_key.class.should == OpenSSL::PKey::RSA
-  end
-  it "should accept an ID for on-token objects", :pkcs11 => true do
-    @key_material_in_hardware.respond_to?(:token_id).should be_true
-  end
-  it "should accept a path to a shared library for a PKCS11 driver", :pkcs11 => true do
-    @key_material_in_hardware.respond_to?(:pkcs11_lib).should be_true
-  end
-  it "should accept a path to OpenSSL's dynamic PKCS11 engine (provided by libengine-pkcs11-openssl)", :pkcs11 => true do
-    @key_material_in_hardware.respond_to?(:openssl_pkcs11_engine_lib).should be_true
-  end
-  it "should accept an optional PIN to authenticate to the token", :pkcs11 => true do
-    @key_material_in_hardware.respond_to?(:pin).should be_true
-  end
-end

data/spec/units/serial_number_spec.rb DELETED Viewed

@@ -1,20 +0,0 @@
-require File.dirname(__FILE__) + '/units_helper'
-describe CertificateAuthority::SerialNumber do
-  before(:each) do
-    @serial_number = CertificateAuthority::SerialNumber.new
-  end
-  it "should support basic integer serial numbers", :rfc3280 => true do
-    @serial_number.number = 25
-    @serial_number.should be_valid
-    @serial_number.number = "abc"
-    @serial_number.should_not be_valid
-  end
-  it "should not allow negative serial numbers", :rfc3280 => true do
-    @serial_number.number = -5
-    @serial_number.should_not be_valid
-  end
-end

data/spec/units/signing_entity_spec.rb DELETED Viewed

@@ -1,4 +0,0 @@
-require File.dirname(__FILE__) + '/units_helper'
-describe CertificateAuthority::SigningEntity do
-end

data/spec/units/units_helper.rb DELETED Viewed

	@@ -1 +0,0 @@
1	- require File.dirname(__FILE__) + '/../spec_helper'