eassl2 2.0.0

data/lib/eassl/signing_request.rb

@@ -0,0 +1,55 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class SigningRequest
+    def initialize(options = {})
+      @options = {
+        :name       => {},                #required, CertificateName
+        :key        => nil,               #required
+      }.update(options)
+      @options[:key] ||= Key.new(@options)
+    end
+
+    def ssl
+      unless @ssl
+        @ssl = OpenSSL::X509::Request.new
+        @ssl.version = 0
+        @ssl.subject = CertificateName.new(@options[:name].options).name
+        @ssl.public_key = key.public_key
+        @ssl.sign(key.private_key, OpenSSL::Digest::SHA1.new)
+      end
+      @ssl
+    end
+
+    def key
+      @options[:key]
+    end
+
+    def to_pem
+      ssl.to_pem
+    end
+
+    # This method is used to intercept and pass-thru calls to openSSL methods and instance
+    # variables.
+    def method_missing(method)
+      ssl.send(method)
+    end
+
+    def self.load(pem_file_path)
+      new.load(File.read(pem_file_path))
+    end
+
+    def load(pem_string)
+      begin
+        @ssl = OpenSSL::X509::Request.new(pem_string)
+      rescue
+        raise "SigningRequestLoader: Error loading signing request"
+      end
+      self
+    end
+  end
+end

data/lib/eassl.rb

@@ -0,0 +1,71 @@
+require 'openssl'
+require 'fileutils'
+$:.unshift File.expand_path(File.dirname(__FILE__))
+# = About EaSSL
+#
+# Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+# Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+# Copyright:: Copyright (c) 2006 WebPower Design
+# License::   Distributes under the same terms as Ruby
+#
+# By requiring <tt>eassl</tt>, you can load the full set of EaSSL classes.
+#
+# For a full list of features and instructions, see the #README.
+#
+# EaSSL is a module containing all of the great EaSSL classes for creating
+# and managing openSSL keys, signing request, and certificates.
+#
+# * EaSSL::Key: the class for loading and creating SSL keys
+# * EaSSL::SigningRequest: the class for creating SSL signing requests
+
+module EaSSL
+  VERSION = '2.0.0'
+
+  def self.generate_self_signed(options)
+    ca = CertificateAuthority.new({:bits => 1024}.update(options[:ca_options]||{}))
+    sr = SigningRequest.new(options)
+    cert = ca.create_certificate(sr)
+    [ca, sr, cert]
+  end
+
+  def self.config_webrick(webrick_config, options = {})
+    hostname = `hostname`.strip
+    eassl_host_dir = "#{File.expand_path('~')}/.eassl/#{hostname}"
+    ca_cert_file = "#{eassl_host_dir}/ca.crt"
+    ca_key_file = "#{eassl_host_dir}/ca.key"
+    server_key_file = "#{eassl_host_dir}/server.key"
+    server_cert_file = "#{eassl_host_dir}/server.crt"
+    FileUtils.rm_rf(eassl_host_dir) if options[:force_regeneration]
+
+    if File.exist?(server_cert_file)
+      key = Key.load(server_key_file, 'countinghouse1234')
+      cert = Certificate.load(server_cert_file)
+    else
+      ca, sr, cert = self.generate_self_signed({:name => {:common_name => hostname}, :bits => 1024}.update(options))
+      key = sr.key
+      FileUtils.makedirs(eassl_host_dir)
+      File.open(%(#{ca_cert_file}.pem), "w", 0777) {|f| f << ca.certificate.to_pem }
+      File.open(%(#{ca_cert_file}.der), "w", 0777) {|f| f << ca.certificate.to_der }
+      File.open(ca_key_file, "w", 0777) {|f| f << ca.key.to_pem }
+      File.open(server_key_file, "w", 0777) {|f| f << key.to_pem }
+      File.open(server_cert_file, "w", 0777) {|f| f << cert.to_pem }
+    end
+
+    webrick_config.update({
+      :SSLEnable       => true,
+      :SSLPrivateKey => key.ssl,
+      :SSLCertificate => cert.ssl,
+      :SSLExtraChainCert => [Certificate.load(%(#{ca_cert_file}.pem)).ssl],
+      :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
+      :SSLStartImmediately => true,
+    })
+  end
+end
+
+require 'eassl/key'
+require 'eassl/certificate_name'
+require 'eassl/signing_request'
+require 'eassl/certificate'
+require 'eassl/authority_certificate'
+require 'eassl/certificate_authority'
+require 'eassl/serial'

data/test/CA/cacert.pem

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyzCCAjSgAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJVUzEO
+MAwGA1UECgwFVmVuZGExEDAOBgNVBAsMB2F1dG8tQ0ExCzAJBgNVBAMMAkNBMB4X
+DTExMTIwNjE3NDE1M1oXDTIxMTIwMzE3NDE1M1owPDELMAkGA1UEBhMCVVMxDjAM
+BgNVBAoMBVZlbmRhMRAwDgYDVQQLDAdhdXRvLUNBMQswCQYDVQQDDAJDQTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu8QKXQjfp9mbf8GLzBy95l4QWJspeLiv
+GvYUgxDl9q3q+C37s/px8LIdDhSXp+bL0gUTzL1/DUNKoMkYZZ2Lozdlg0gp7eQ6
+1M7baDveuKeD86U1pCdBZiPIlBAUny8qxe1AvetSrLYH1RV4An68+lKKlj8o/pOQ
+T6u4XnHIwNkCAwEAAaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIB
+DQQkFiJSdWJ5L09wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBT+n8Ml3oKlSBBaeaaDrWFS9THk5TAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0w
+W4AU/p/DJd6CpUgQWnmmg61hUvUx5OWhQKQ+MDwxCzAJBgNVBAYTAlVTMQ4wDAYD
+VQQKDAVWZW5kYTEQMA4GA1UECwwHYXV0by1DQTELMAkGA1UEAwwCQ0GCAQAwDQYJ
+KoZIhvcNAQEFBQADgYEABpz5uxouNMgKxVtjsiLDaD8XfpfRgM8J7H6uP9dpzZf1
+GkCNWN9DPI/uTF9sXkZ9nXA8U85MX9EfgBL0E9gyIocKeGn24X32X3CtbP1fH0n1
+dL2rzIwcDTHJahnkXu2icQbp59DKx1+Od/vfvQwKwZxMWrUWjzB+O8+kgKoMOlg=
+-----END CERTIFICATE-----

data/test/CA/cakey.pem

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,69D5C965A334A6CF
+
+EzKzR7BN1Eiye5Qv3Dwqsqcg6L6XK2xjjBR6thfAmGolOPPkMgKDAVo6owNeMpqc
+x+VyH4yQ2kKn7hHTznAb7pdyPXCHZkX+o1glJ2MpMWtXvRzQDVsC9ZA83aIYUIKI
+CmzbTd7jwtTzefybkHM5TYG2L6dNHGQXb4mm2SXuH9996AIb06alHljav7SKbwuR
+RmAulGPolxWTBU5LQTQO/u89NB6xpADzqli8GZzoO+76OqNqyPmDmx1E1s7GMLow
+mls2hqrUNSRF78fvGDkFdM7gzpde/RFeqB6h5CRi65xUWZRgRwbIa+gBgHp+SgfD
+EwgZgKS7o2bEA4RI+0cpHUQYYiyxow9vfRCaAhAWe3N7jmGa/tzH0zmQ8GkYpTE+
+8y+y8xD6qL53uPcQOtCPYUIgKlNf7Bj+z9yW94qHfLmKqT0weHHBRl+exuvXBLyg
+djdtSnXZ/NpUQFoIsTricqh2E/NqAzJpY0DEJijSffGnUrPl0dwDwK2HfLoh8N4X
+t2t4SBLYZIoVa/AvSBxVS4rRJldkANPmIPNVxk6aXSVsWqmb7/U1dzk1QbblZIY5
+3DpdkcDtsLLJX3eiluomkkz+d0BJ7wJBYd+G6W+LJn9aja77PwxJGlZM10ccZkg0
+dglULaBkPgwitLwZV3wexOLsnw2nPtFIf1qimXYEJAfTTloaDnQHuRyiO9WLCaUn
+pWDgNcVdoN6zS7Cn1duHtR0HCiQuJv5ur5F5g5BcFLpuaH1JU+x33d9w1s+EEkQB
+8Dxj59BsbmOFbTiK3Tf9Z1u0RyRbI3PGC/T7Q309vK3x+r9T2AqPog==
+-----END RSA PRIVATE KEY-----

data/test/CA/serial.txt

@@ -0,0 +1 @@
+000B

data/test/certificate.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAzigAwIBAgIBAjANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJVUzEO
+MAwGA1UECgwFVmVuZGExEDAOBgNVBAsMB2F1dG8tQ0ExCzAJBgNVBAMMAkNBMB4X
+DTExMTIwNzE5MTIxN1oXDTE2MTIwNTE5MTIxN1owgakxCzAJBgNVBAYTAlVTMRcw
+FQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEWMBQGA1UEBxMNRnVxdWF5IFZhcmluYTEY
+MBYGA1UECgwPV2ViUG93ZXIgRGVzaWduMRUwEwYDVQQLDAxXZWIgU2VjdXJpdHkx
+FDASBgNVBAMMC2Zvby5iYXIuY29tMSIwIAYJKoZIhvcNAQkBDBNlYXNzbEBydWJ5
+Zm9yZ2Uub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqWgYizb
+EaafCYheeaTCGLK4FOq42e2CavOComQlWXEGR2YHYOL/cPK9Lpc+f/4qxse8SChx
+1maDuUh+iT+fNa/jqbBExmK7h914mXW2pcZCfbboND0Va9wLm63HsMVwY2FGDC9P
+Qh5hviVfIoGVbC2ZDI1pt98pexPsSOSHn2ch1q4s/9pfICnWN+KsEyNJuBwlo24t
+Eg+zvnVE9w3YzlSQ7NCgPFf1aX2VBWZi50gbAwoxoKyrtZFQ/tIrF6WtMxYTpfYq
+LYWLMsb9+xZHkhEc+XvvipD6Y25tlyDWoFOR3sy0B5SZGoik9ZD1bTCWHdEtNRzG
+cRoChZSCv9+LeQIDAQABo4HuMIHrMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0G
+A1UdDgQWBBT6dj30hJuziSwhPx9PnsTyGCi3BjATBgNVHSUEDDAKBggrBgEFBQcD
+ATA3BglghkgBhvhCAQ0EKhYoUnVieS9PcGVuU1NML0VhU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTBkBgNVHSMEXTBbgBT+n8Ml3oKlSBBaeaaDrWFS9THk5aFApD4w
+PDELMAkGA1UEBhMCVVMxDjAMBgNVBAoMBVZlbmRhMRAwDgYDVQQLDAdhdXRvLUNB
+MQswCQYDVQQDDAJDQYIBADANBgkqhkiG9w0BAQUFAAOBgQBjN8LEARLiWjxV0o6U
+XSM4ubws0pAXya34TIAQnlDKEEssZ0i1IYyyqieCkdaH+n0wnhGLwGf21yyrqCLd
++nDavx/2EBrDcF0yE7aapzXcfeXZ2gZxkZycuwc8dKR6IEXLWrMYS7HKyT490G0R
+XBbgCxQiIndLwRnNMavd+vx0Wg==
+-----END CERTIFICATE-----

data/test/csr.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBhDCB7gIBADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEh
+MB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC+RvNakUHlmlT3jMtkVx0Eajv6sxtzyk0qmSRKHU9/2q+1
+3/jUM9fnc18hDBoI9PsObJc8CueXFnOVN9fyaQQXyr/mesvYgNn+XTSkE8HWiFSP
+CMD3Sc8picEFEW5G/ZDrkqmygIY9E/kk9tQmWFolfIjWCTQPe/xh0f9kK/MkYwID
+AQABoAAwDQYJKoZIhvcNAQEFBQADgYEAp5Bf2vGSzAB9uhWZ3bDPmAcvFDgXRSrk
+3qlsOLDFy2uxHZxrJROo89YstwHMEDPHN2uNMpMaAfT2aiAVwQbjeu7/wQ5rnf35
+LY18Mf/fqkFIqSolbHhaV3j1MvBMseAj3GidItX/HZiwzU2dSsb36o8KthkO5IX1
+9R2JzARogT0=
+-----END CERTIFICATE REQUEST-----

data/test/encrypted_key.pem

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,95157FEDE26860DF
+
+QtQcPFoYz58qBAE1BgrhZriIF8CFvMYgK5p92fSSHt9V2ySeEuBMwLJncp4tBJGG
+IbjBVK9v4VB8NxrGoC7Qs/0JI5PkMVxwUIuzRC+KAXnImRaV258t+ydboYIwnsfl
+2Do9eQonjPOWHvU1vWCQMXa/Jku9cqJnL3a7quZaGPHDW0ch/v2zPbF2LOFFJV8v
+YvdYo7ml27+Zrr0rmnhF/XVtDwkQd/K0I3sXIr92fHk=
+-----END RSA PRIVATE KEY-----

data/test/helper.rb

@@ -0,0 +1,21 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+
+#require 'simplecov'
+#SimpleCov.start
+
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'eassl'
+
+class Test::Unit::TestCase
+end

data/test/test_eassl.rb

@@ -0,0 +1,33 @@
+require 'helper'
+
+class TestEassl < Test::Unit::TestCase
+
+  def test_generate_self_signed_defaults
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    ca, sr, cert = EaSSL.generate_self_signed(:name => name)
+
+    assert ca
+    assert_equal EaSSL::CertificateAuthority, ca.class
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=CA/emailAddress=eassl@rubyforge.org", ca.certificate.subject.to_s
+
+    assert sr
+    assert_equal EaSSL::SigningRequest, sr.class
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=foo.bar.com/emailAddress=eassl@rubyforge.org", sr.subject.to_s
+
+    assert cert
+    assert_equal EaSSL::Certificate, cert.class
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=foo.bar.com/emailAddress=eassl@rubyforge.org", cert.subject.to_s
+
+    key = sr.key
+    assert key
+    assert_equal EaSSL::Key, key.class
+    assert_equal 2048, key.length
+  end
+
+  def test_config_webrick
+    #webrick_config = {}
+    #name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    #EaSSL.config_webrick(webrick_config, :name => name)
+  end
+
+end

data/test/test_eassl_authority_certificate.rb

@@ -0,0 +1,60 @@
+require 'helper'
+
+class TestEasslCertificateAuthority < Test::Unit::TestCase
+
+  def test_new_certificate
+    key = EaSSL::Key.new
+    cacert = EaSSL::AuthorityCertificate.new(:key => key)
+    assert cacert
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=CA/emailAddress=eassl@rubyforge.org", cacert.subject.to_s
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=CA/emailAddress=eassl@rubyforge.org", cacert.issuer.to_s
+  end
+
+  def test_load_certificate
+    cacert_path = File.join(File.dirname(__FILE__), 'CA', 'cacert.pem')
+    cacert = EaSSL::AuthorityCertificate.load(cacert_path)
+    assert cacert
+    assert_equal "/C=US/O=Venda/OU=auto-CA/CN=CA", cacert.subject.to_s
+    assert_equal "/C=US/O=Venda/OU=auto-CA/CN=CA", cacert.issuer.to_s
+  end
+
+  def test_certificate_from_text
+    cacert_text = <<CACERT
+-----BEGIN CERTIFICATE-----
+MIICyzCCAjSgAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJVUzEO
+MAwGA1UECgwFVmVuZGExEDAOBgNVBAsMB2F1dG8tQ0ExCzAJBgNVBAMMAkNBMB4X
+DTExMTIwNjE3NDE1M1oXDTIxMTIwMzE3NDE1M1owPDELMAkGA1UEBhMCVVMxDjAM
+BgNVBAoMBVZlbmRhMRAwDgYDVQQLDAdhdXRvLUNBMQswCQYDVQQDDAJDQTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu8QKXQjfp9mbf8GLzBy95l4QWJspeLiv
+GvYUgxDl9q3q+C37s/px8LIdDhSXp+bL0gUTzL1/DUNKoMkYZZ2Lozdlg0gp7eQ6
+1M7baDveuKeD86U1pCdBZiPIlBAUny8qxe1AvetSrLYH1RV4An68+lKKlj8o/pOQ
+T6u4XnHIwNkCAwEAAaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIB
+DQQkFiJSdWJ5L09wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBT+n8Ml3oKlSBBaeaaDrWFS9THk5TAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0w
+W4AU/p/DJd6CpUgQWnmmg61hUvUx5OWhQKQ+MDwxCzAJBgNVBAYTAlVTMQ4wDAYD
+VQQKDAVWZW5kYTEQMA4GA1UECwwHYXV0by1DQTELMAkGA1UEAwwCQ0GCAQAwDQYJ
+KoZIhvcNAQEFBQADgYEABpz5uxouNMgKxVtjsiLDaD8XfpfRgM8J7H6uP9dpzZf1
+GkCNWN9DPI/uTF9sXkZ9nXA8U85MX9EfgBL0E9gyIocKeGn24X32X3CtbP1fH0n1
+dL2rzIwcDTHJahnkXu2icQbp59DKx1+Od/vfvQwKwZxMWrUWjzB+O8+kgKoMOlg=
+-----END CERTIFICATE-----
+CACERT
+    cacert = EaSSL::AuthorityCertificate.new({}).load(cacert_text)
+    assert cacert
+    assert_equal "/C=US/O=Venda/OU=auto-CA/CN=CA", cacert.subject.to_s
+    assert_equal "/C=US/O=Venda/OU=auto-CA/CN=CA", cacert.issuer.to_s
+  end
+
+  def test_load_nonexistent_file
+    assert_raises Errno::ENOENT do
+      key = EaSSL::AuthorityCertificate.load('./foo')
+    end
+  end
+
+  def test_load_bad_file
+    file = File.join(File.dirname(__FILE__), '..', 'Rakefile')
+    assert_raises RuntimeError do
+      key = EaSSL::AuthorityCertificate.load(file)
+    end
+  end
+
+end

data/test/test_eassl_certificate.rb

@@ -0,0 +1,109 @@
+require 'helper'
+
+class TestEasslCertificate < Test::Unit::TestCase
+
+  def test_new_certificate_self_signed
+    key  = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr  = EaSSL::SigningRequest.new(:name => name, :key => key)
+
+    cert = EaSSL::Certificate.new(:signing_request => csr)
+    assert cert
+    assert cert.ssl
+    assert_equal cert.subject.to_s, csr.subject.to_s
+    assert_equal cert.subject.to_s, cert.issuer.to_s
+  end
+
+  def test_certificate_to_pem
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+
+    cert = EaSSL::Certificate.new(:signing_request => csr)
+    assert cert.to_pem =~ /BEGIN CERTIFICATE/
+  end
+
+  def test_new_server_certificate_ca_signed
+    ca_path = File.join(File.dirname(__FILE__), 'CA')
+    ca = EaSSL::CertificateAuthority.load(:ca_path => ca_path, :ca_password => '1234')
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+
+    cert = EaSSL::Certificate.new(:signing_request => csr, :ca_certificate => ca.certificate)
+    cert.sign(ca.key)
+    assert cert.to_pem =~ /BEGIN CERTIFICATE/
+    assert_equal cert.subject.to_s, csr.subject.to_s
+    assert_equal cert.issuer.to_s, ca.certificate.subject.to_s
+    ext_key_usage = cert.extensions.select {|e| e.oid == 'extendedKeyUsage' }
+    assert_equal "TLS Web Server Authentication", ext_key_usage[0].value
+  end
+
+  def test_new_client_certificate_ca_signed
+    ca_path = File.join(File.dirname(__FILE__), 'CA')
+    ca = EaSSL::CertificateAuthority.load(:ca_path => ca_path, :ca_password => '1234')
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+
+    cert = EaSSL::Certificate.new(:type => 'client', :signing_request => csr, :ca_certificate => ca.certificate)
+    cert.sign(ca.key)
+    assert cert.to_pem =~ /BEGIN CERTIFICATE/
+    assert_equal cert.subject.to_s, csr.subject.to_s
+    assert_equal cert.issuer.to_s, ca.certificate.subject.to_s
+    ext_key_usage = cert.extensions.select {|e| e.oid == 'extendedKeyUsage' }
+    assert_equal "TLS Web Client Authentication, E-mail Protection", ext_key_usage[0].value
+  end
+
+  def test_load_certificate_file
+    file = File.join(File.dirname(__FILE__), 'certificate.pem')
+    cert = EaSSL::Certificate.load(file)
+    assert cert
+    assert_equal "55:27:E8:46:50:03:39:F4:A3:24:3D:88:57:BA:67:5C:F1:E8:84:1D", cert.sha1_fingerprint
+  end
+
+  def test_load_certificate_text
+    cert_text = <<CERT
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAzigAwIBAgIBAjANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJVUzEO
+MAwGA1UECgwFVmVuZGExEDAOBgNVBAsMB2F1dG8tQ0ExCzAJBgNVBAMMAkNBMB4X
+DTExMTIwNzE5MTIxN1oXDTE2MTIwNTE5MTIxN1owgakxCzAJBgNVBAYTAlVTMRcw
+FQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEWMBQGA1UEBxMNRnVxdWF5IFZhcmluYTEY
+MBYGA1UECgwPV2ViUG93ZXIgRGVzaWduMRUwEwYDVQQLDAxXZWIgU2VjdXJpdHkx
+FDASBgNVBAMMC2Zvby5iYXIuY29tMSIwIAYJKoZIhvcNAQkBDBNlYXNzbEBydWJ5
+Zm9yZ2Uub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqWgYizb
+EaafCYheeaTCGLK4FOq42e2CavOComQlWXEGR2YHYOL/cPK9Lpc+f/4qxse8SChx
+1maDuUh+iT+fNa/jqbBExmK7h914mXW2pcZCfbboND0Va9wLm63HsMVwY2FGDC9P
+Qh5hviVfIoGVbC2ZDI1pt98pexPsSOSHn2ch1q4s/9pfICnWN+KsEyNJuBwlo24t
+Eg+zvnVE9w3YzlSQ7NCgPFf1aX2VBWZi50gbAwoxoKyrtZFQ/tIrF6WtMxYTpfYq
+LYWLMsb9+xZHkhEc+XvvipD6Y25tlyDWoFOR3sy0B5SZGoik9ZD1bTCWHdEtNRzG
+cRoChZSCv9+LeQIDAQABo4HuMIHrMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0G
+A1UdDgQWBBT6dj30hJuziSwhPx9PnsTyGCi3BjATBgNVHSUEDDAKBggrBgEFBQcD
+ATA3BglghkgBhvhCAQ0EKhYoUnVieS9PcGVuU1NML0VhU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTBkBgNVHSMEXTBbgBT+n8Ml3oKlSBBaeaaDrWFS9THk5aFApD4w
+PDELMAkGA1UEBhMCVVMxDjAMBgNVBAoMBVZlbmRhMRAwDgYDVQQLDAdhdXRvLUNB
+MQswCQYDVQQDDAJDQYIBADANBgkqhkiG9w0BAQUFAAOBgQBjN8LEARLiWjxV0o6U
+XSM4ubws0pAXya34TIAQnlDKEEssZ0i1IYyyqieCkdaH+n0wnhGLwGf21yyrqCLd
++nDavx/2EBrDcF0yE7aapzXcfeXZ2gZxkZycuwc8dKR6IEXLWrMYS7HKyT490G0R
+XBbgCxQiIndLwRnNMavd+vx0Wg==
+-----END CERTIFICATE-----
+CERT
+    cert = EaSSL::Certificate.new({}).load(cert_text)
+    assert cert
+    assert_equal "55:27:E8:46:50:03:39:F4:A3:24:3D:88:57:BA:67:5C:F1:E8:84:1D", cert.sha1_fingerprint
+  end
+
+  def test_load_nonexistent_file
+    assert_raises Errno::ENOENT do
+      key = EaSSL::Certificate.load('./foo')
+    end
+  end
+
+  def test_load_bad_file
+    file = File.join(File.dirname(__FILE__), '..', 'Rakefile')
+    assert_raises RuntimeError do
+      key = EaSSL::Certificate.load(file)
+    end
+  end
+
+end

data/test/test_eassl_certificate_authority.rb

@@ -0,0 +1,126 @@
+require 'helper'
+
+class TestEasslCertificateAuthority < Test::Unit::TestCase
+
+  def test_new_ca
+    ca = EaSSL::CertificateAuthority.new
+    assert ca
+    assert ca.key
+    assert ca.certificate
+
+    assert_equal 2048, ca.key.length
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=CA/emailAddress=eassl@rubyforge.org", ca.certificate.subject.to_s
+  end
+
+  def test_load_ca
+    ca_path = File.join(File.dirname(__FILE__), 'CA')
+    ca = EaSSL::CertificateAuthority.load(:ca_path => ca_path, :ca_password => '1234')
+    assert ca
+    assert ca.key
+    assert ca.certificate
+
+    assert_equal 1024, ca.key.length
+    assert_equal "/C=US/O=Venda/OU=auto-CA/CN=CA", ca.certificate.subject.to_s
+  end
+
+  def test_new_ca_specified_name
+    ca = EaSSL::CertificateAuthority.new(:name => {
+      :country => 'GB',
+      :state => 'London',
+      :city => 'London',
+      :organization => 'Venda Ltd',
+      :department => 'Development',
+      :common_name => 'CA',
+      :email => 'dev@venda.com'
+    })
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(
+      :country => 'GB',
+      :state => 'London',
+      :city => 'London',
+      :organization => 'Venda Ltd',
+      :department => 'Development',
+      :common_name => 'foo.bar.com',
+      :email => 'dev@venda.com'
+    )
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+    cert = ca.create_certificate(csr)
+    assert cert
+    assert_equal "/C=GB/ST=London/L=London/O=Venda Ltd/OU=Development/CN=foo.bar.com/emailAddress=dev@venda.com", cert.subject.to_s
+    assert_equal "/C=GB/ST=London/L=London/O=Venda Ltd/OU=Development/CN=CA/emailAddress=dev@venda.com", cert.issuer.to_s
+    ext_key_usage = cert.extensions.select {|e| e.oid == 'extendedKeyUsage' }
+    assert_equal "TLS Web Server Authentication", ext_key_usage[0].value
+  end
+
+  def test_new_ca_sign_cert
+    ca = EaSSL::CertificateAuthority.new
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+    cert = ca.create_certificate(csr)
+    assert cert
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=foo.bar.com/emailAddress=eassl@rubyforge.org", cert.subject.to_s
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=CA/emailAddress=eassl@rubyforge.org", cert.issuer.to_s
+    ext_key_usage = cert.extensions.select {|e| e.oid == 'extendedKeyUsage' }
+    assert_equal "TLS Web Server Authentication", ext_key_usage[0].value
+  end
+
+  def test_new_ca_sign_client_cert
+    ca = EaSSL::CertificateAuthority.new
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+    cert = ca.create_certificate(csr, 'client')
+    assert cert
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=foo.bar.com/emailAddress=eassl@rubyforge.org", cert.subject.to_s
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=CA/emailAddress=eassl@rubyforge.org", cert.issuer.to_s
+    ext_key_usage = cert.extensions.select {|e| e.oid == 'extendedKeyUsage' }
+    assert_equal "TLS Web Client Authentication, E-mail Protection", ext_key_usage[0].value
+  end
+
+  def test_new_ca_sign_client_cert_with_expiry
+    ca = EaSSL::CertificateAuthority.new
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+    t = Time.now
+    cert = ca.create_certificate(csr, 'client', 10)
+    assert cert
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=foo.bar.com/emailAddress=eassl@rubyforge.org", cert.subject.to_s
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=CA/emailAddress=eassl@rubyforge.org", cert.issuer.to_s
+    ext_key_usage = cert.extensions.select {|e| e.oid == 'extendedKeyUsage' }
+    assert_equal "TLS Web Client Authentication, E-mail Protection", ext_key_usage[0].value
+    assert_equal (t + (24 * 60 * 60 * 10)).to_i, cert.ssl.not_after.to_i
+  end
+
+  def test_loaded_ca_sign_cert
+    ca_path = File.join(File.dirname(__FILE__), 'CA')
+    ca = EaSSL::CertificateAuthority.load(:ca_path => ca_path, :ca_password => '1234')
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+    cert = ca.create_certificate(csr)
+    assert cert
+    assert_equal "/C=US/ST=North Carolina/L=Fuquay Varina/O=WebPower Design/OU=Web Security/CN=foo.bar.com/emailAddress=eassl@rubyforge.org", cert.subject.to_s
+    assert_equal "/C=US/O=Venda/OU=auto-CA/CN=CA", cert.issuer.to_s
+  end
+
+  def test_loaded_ca_sign_certs_with_serial
+    ca_path = File.join(File.dirname(__FILE__), 'CA')
+    ca = EaSSL::CertificateAuthority.load(:ca_path => ca_path, :ca_password => '1234')
+
+    next_serial = ca.serial.next
+
+    key = EaSSL::Key.new
+    name = EaSSL::CertificateName.new(:common_name => 'foo.bar.com')
+    csr = EaSSL::SigningRequest.new(:name => name, :key => key)
+    cert = ca.create_certificate(csr)
+    assert cert
+    assert cert.serial.to_i == next_serial
+    assert ca.serial.next == next_serial + 1
+
+    ca = EaSSL::CertificateAuthority.load(:ca_path => ca_path, :ca_password => '1234')
+    assert ca.serial.next == next_serial + 1
+  end
+
+end

data/test/test_eassl_key.rb

@@ -0,0 +1,106 @@
+require 'helper'
+
+class TestEasslKey < Test::Unit::TestCase
+
+  def test_new_keys_ssl
+    key = EaSSL::Key.new
+    assert key.ssl
+    assert_equal OpenSSL::PKey::RSA, key.ssl.class
+  end
+
+  def test_new_keys_private_key
+    key = EaSSL::Key.new
+    assert key.private_key
+    assert_equal OpenSSL::PKey::RSA, key.private_key.class
+  end
+
+  def test_new_key_defaults_bit_length
+    key = EaSSL::Key.new
+    assert_equal 2048, key.length
+  end
+
+  def test_new_key_defaults_password
+    key = EaSSL::Key.new
+    enckey = key.to_pem
+    key2 = OpenSSL::PKey::RSA::new(enckey, 'ssl_password')
+    assert_equal key2.to_s, key.ssl.to_s
+  end
+
+  def test_override_bit_length
+    key = EaSSL::Key.new(:bits => 1024)
+    assert_equal 1024, key.length
+  end
+
+  def test_override_password
+    key = EaSSL::Key.new(:password => 'xyzzy')
+    enckey = key.to_pem
+    key2 = OpenSSL::PKey::RSA::new(enckey, 'xyzzy')
+    assert_equal key2.to_s, key.ssl.to_s
+  end
+
+  def test_to_pem_string
+    key = EaSSL::Key.new(:password => 'xyzzy')
+    enckey = key.to_pem
+    assert_equal String, enckey.class
+    assert enckey =~ /BEGIN RSA PRIVATE KEY/
+    assert enckey =~ /ENCRYPTED/
+  end
+
+  def test_load_encrypted_key_text
+    key_text = <<KEY
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,95157FEDE26860DF
+
+QtQcPFoYz58qBAE1BgrhZriIF8CFvMYgK5p92fSSHt9V2ySeEuBMwLJncp4tBJGG
+IbjBVK9v4VB8NxrGoC7Qs/0JI5PkMVxwUIuzRC+KAXnImRaV258t+ydboYIwnsfl
+2Do9eQonjPOWHvU1vWCQMXa/Jku9cqJnL3a7quZaGPHDW0ch/v2zPbF2LOFFJV8v
+YvdYo7ml27+Zrr0rmnhF/XVtDwkQd/K0I3sXIr92fHk=
+-----END RSA PRIVATE KEY-----
+KEY
+    key = EaSSL::Key.new.load(key_text, 'ssl_password')
+    assert key
+    assert_equal 256, key.length
+  end
+
+  def test_load_encrypted_key_file
+    file = File.join(File.dirname(__FILE__), 'encrypted_key.pem')
+    key = EaSSL::Key.load(file, 'ssl_password')
+    assert key
+    assert_equal 256, key.length
+  end
+
+  def test_load_unencrypted_key_text
+    key_text = <<KEY
+-----BEGIN RSA PRIVATE KEY-----
+MIGsAgEAAiEAy57X7ZFkqicM+Nb9kOjCBs0Fz3dc3F3nhqx9cDnwHaMCAwEAAQIh
+ALOYKsOzVaJuRxbEKWpCob5hIpOCJqwmdA9cFbrEv9zhAhEA/B/sb8dzCvaFM/p5
+Bt6Y7QIRAM7AD/gt+xiWUH8z+ra7js8CEQCXelqkofFloc1P+GnkjbLVAhAriPXT
+5JrDCqPYpTFd2RCxAhEA+WMGuSLXT3xK5XP/LHIiVg==
+-----END RSA PRIVATE KEY-----
+KEY
+    key = EaSSL::Key.new.load(key_text)
+    assert key
+    assert_equal 256, key.length
+  end
+
+  def test_load_unencrypted_key_file
+    file = File.join(File.dirname(__FILE__), 'unencrypted_key.pem')
+    key = EaSSL::Key.load(file)
+    assert key
+    assert_equal 256, key.length
+  end
+
+  def test_load_nonexistent_file
+    assert_raises Errno::ENOENT do
+      key = EaSSL::Key.load('./foo')
+    end
+  end
+
+  def test_load_bad_file
+    file = File.join(File.dirname(__FILE__), '..', 'Rakefile')
+    assert_raises RuntimeError do
+      key = EaSSL::Key.load(file)
+    end
+  end
+end