exact4r 0.5 → 1.7

data/CHANGELOG

@@ -0,0 +1,69 @@
+== v1.7
+  Added support for setting a client certificate/key pair for use w/ SSL connections.
+
+== v1.6
+  Added support for use w/ ActiveSupport v3.
+
+== v1.5
+	Added support for specifying authorization_num & reference_no in CR requests, to obtain decrypted CC numbers.
+
+== v1.4
+	Added support for specifying alternative SSL certificates
+
+== v1.3
+	Added support for TaggedUpdate transactions
+	Added support for ReferencedVoid transactions
+
+== v1.2
+  Updated with new SSL certificates for https://api.e-xact.com
+
+== v1.1
+  Removed debugger statement. Sorry!
+
+== v1.0
+  Added support for Batch Query and Batch Close transactions.
+
+== v0.9.3
+  Reinstated Tagged Void support.
+
+== v0.9.2
+  Converted tests to Test::Unit
+  Added complete test suite, testing all transaction types.
+  Enhanced validation of mandatory request information.
+  
+== v0.9.1
+  Added unified Address Verification API
+
+== v0.9
+  Fixed incorrect decoding of boolean attributes from SOAP response
+
+== v0.8
+  Added User-Agent string to HTTP requests
+
+== v0.7
+  Updated with latest certificates for api.e-xact.com
+  Fixed SOAP namespace issue
+  Ensured expiry_date always submitted at MMYY
+
+== v0.6
+  Added client-side request validation
+  
+== v0.5.3
+  Added fake response messages for testing purposes
+  Moved EWS::Transaction::Transporter to EWS::Transporter
+  Fixed typos
+
+== v0.5.2
+  Updated Transporter to play nicely with mod_security
+  Stripped trailing '/'s from URLs
+  Transporter ow re-uses connection
+  Updated RDoc with test login details
+  
+== v0.5.1
+  Added CHANGELOG, LICENCE & VERSION
+  Ensured README etc. were included in gem and displayed as default in RDoc
+  Renamed send() to submit() in Transporter
+  Fixed path to default E-xact certificates
+
+== v0.5
+  Initial Release

data/LICENCE

@@ -0,0 +1,3 @@
+=Licence Terms
+
+Distributed under the Ruby software licence[http://www.ruby-lang.org/en/LICENSE.txt]

data/README

@@ -0,0 +1,186 @@
+= exact4r
+A gem which provides access to E-xact's Web Services API, allowing the submission
+of financial transactions via REST, JSON or SOAP. 
+
+== Getting Started
+
+To submit requests to our transaction processing service, you must first have a Gateway ID,
+and a password. Test logins are as follows:
+
+  Account 1:  :gateway_id => "A00049-01", :password => "test1"
+  Account 2:  :gateway_id => "A00427-01", :password => "testus"
+
+
+=1. Submit a transaction
+
+  require 'rubygems'
+  require 'exact4r'
+  
+  # build a purchase request
+  request = EWS::Transaction::Request.new({
+    :transaction_type => :purchase,
+    :amount => 10.50,
+    :cardholder_name => "Simon Brown",
+    :cc_number => "4111111111111111",
+    :cc_expiry => "1012",             # MUST be MMYY format
+    :gateway_id => "XXXXXXX",         # which gateway to submit the request to
+    :password => "YYYYYY"             # your password for that gateway
+  })
+  
+  transporter = EWS::Transporter.new
+  response = transporter.submit(request)  # submits using REST (XML) by default
+
+  # submit using JSON, or
+  response = transporter.submit(request, :json)
+
+  # submit using SOAP, or
+  response = transporter.submit(request, :soap)
+
+  # submit explicitly via REST
+  response = transporter.submit(request, :rest)
+  
+  # The response object is independent of type of transport chosen.
+  # We decode the payload into a regular object
+  response.transaction_tag    # 1234
+  response.exact_resp_code    # "00"
+  response.exact_message      # "Transaction Normal"
+  response.bank_resp_code     # "00"
+  response.bank_message       # "APPROVED"
+
+=2. Find information on an existing transaction
+
+  require 'rubygems'
+  require 'exact4r'
+
+  # build a purchase request
+  request = EWS::Transaction::Request.new({
+    :transaction_type => :purchase,
+    :amount => 10.50,
+    :cardholder_name => "Simon Brown",
+    :cc_number => "4111111111111111",
+    :cc_expiry => "1012",             # MUST be MMYY format
+    :gateway_id => "XXXXXXX",         # which gateway to submit the request to
+    :password => "YYYYYY"             # your password for that gateway
+  })
+
+  transporter = EWS::Transporter.new
+  response = transporter.submit(request)  # submits using REST (XML) by default
+
+  # you need to know the transaction tag of the transaction you are looking for
+  find_request = EWS::Transaction::Request.new({
+    :transaction_type => :transaction_details,
+    :transaction_tag => response.transaction_tag,
+    :gateway_id => "XXXXXXX",
+    :password => "YYYYYY"
+  })
+  
+  find_response = transporter.submit(find_request, :json)  # again, can choose your transport type as before
+  find_response.cc_number          # 4111111111111111
+  find_response.amount             # 10.50
+  
+=3. Re-using a Transporter
+
+  require 'rubygems'
+  require 'exact4r'
+
+  # The transporter object can be re-used across multiple transactions, so set it up once
+  # and forget about it.
+  # In this example, we will continue to use E-xact's default web-service URL, but we
+  # will specify a default transport_type of :soap
+  transporter = EWS::Transporter.new("https://api.e-xact.com/", {:transaction_type => :soap})
+
+  # now let's submit do a recurring seed purchase...
+  rsp_req = EWS::Transaction::Request.new({
+    :transaction_type => :recurring_seed_purchase,
+    :amount => 12.00,
+    :cardholder_name => "Simon Brown",
+    :cc_number => "4111111111111111",
+    :cc_expiry => "1012",
+    :gateway_id => "XXXXXX",
+    :password => "YYYYYY"
+  })
+  
+  rsp_resp = transporter.submit(rsp_req)
+  raise "Seed Purchase failed" unless rsp_resp.approved?
+
+  # ...then do multiple refunds against it
+  1.upto(10) do
+    rf_req = EWS::Transaction::Request.new({
+      :transaction_type => :tagged_refund,
+      :transaction_tag => rsp_resp.transaction_tag,   # need to know which transaction we're refunding against...
+      :authorization_num => rsp_resp.authorization_num,           # and its authorization_num
+      :amount => 1.00,                                # refund a dollar at a time  
+      :gateway_id => "XXXXXX",
+      :password => "YYYYYY"
+    })
+    rf_resp = transporter.submit(rf_req)
+    raise "Refund failed: #{rf_resp.exact_resp_code}, #{rf_resp.exact_message}" unless rf_resp.approved?
+  end
+
+=4. Using the AVS API
+
+Allowable AVS params are:
+
+- :avs_street_address => "7501ELMST."
+- :avs_unit_no => "801"
+- :avs_po_box => nil # P.O. Box or street address may be specified, but not both
+- :avs_postal_code => "90210"
+- :avs_test_flag => "X" # AVS test flag (optional)
+
+
+===Test Flags
+In order to simulate an AVS response in the test environment, set the :+avs_test_flag+ to the AVS result code you would like
+returned. The AVS result is a one-character response that indicates the degree of match for the provided address.
+The following AVS responses are currently supported:
+
+===North American Response Codes
+  AVS Code - ABS Definition - Explanation
+- X - Exact match, 9 digit zip - Street Address, and 9 digit ZIP Code match
+- Y - Exact match, 5 digit zip - Street Address, and 5 digit ZIP Code match
+- A - Partial match - Street Address matches, ZIP Code does not
+- W - Partial match - ZIP Code matches, Street Address does not
+- Z - Partial match - 5 digit ZIP Code match only
+- N - No match - No Address or ZIP Code match
+- U - Unavailable - Address information is unavailable for that account number, or the card issuer does not support
+- G - Service Not supported, non-US Issuer does not participate
+- R - Retry - Issuer system unavailable, retry later
+- E - Not a mail or phone order
+- S - Service not supported
+
+===International Response Codes
+  AVS Code - ABS Definition and Explanation
+- G - Global non-AVS participant
+- B - Address matches only
+- C - Address and Postal Code do not match
+- D - Address and Postal Code match
+- F - Address and Postal Code match (UK only)
+- I - Address information not verified for international transaction
+- M - Address and Postal Code match
+- P - Postal Code matches only
+
+===Code Sample
+  avs_params = {
+    :avs_test_flag => 'N', 
+    :avs_street_address => '123BROWNSTREET',
+    :avs_unit_no => '4,
+    :avs_po_box => nil,
+    :avs_postal_code => '902101234'
+  }
+
+  tx_params = {
+    :transaction_type => :purchase,
+    :amount => 10.50,
+    :cardholder_name => "Simon Brown",
+    :cc_number => "4111111111111111",
+    :cc_expiry => "1012",
+    :gateway_id => "XXXXXXX",
+    :password => "YYYYYY"
+  }.merge(avs_params)
+
+  request = EWS::Transaction::Request.new(tx_params)
+  
+  transporter = EWS::Transporter.new("https://api.e-xact.com/")
+  response = transporter.submit(request)
+  
+  response.cc_verification_str1.should == "N123BROWNSTREET4902101234"
+  response.avs.should == N

data/Rakefile

@@ -0,0 +1,74 @@
+require 'rake/rdoctask'
+require 'rake/testtask'
+require "rubygems"
+require "rake/gempackagetask"
+
+task :default => :'test:chase'
+
+namespace :test do
+
+  desc 'Run all tests against all processors. Use LOCATION to specify web service URL.'
+  task :all do
+    %w(chase tsys emergis moneris).each do |processor|
+      3.times { puts }
+      puts "#-----------------------"
+      puts "# Testing: " + processor
+      puts "#-----------------------"
+
+      ENV['PROCESSOR'] = processor
+      begin
+        Rake::Task[:'test:processor'].execute
+      rescue
+        # don't care, just run it again. can examine output later
+      end
+    end
+  end
+  
+  desc 'Run all tests against Chase processor and Production web service. Use LOCATION to specify web service URL.'
+  task :chase do
+    ENV['PROCESSOR'] = 'chase'
+    ENV['LOCATION'] = 'PROD' if ENV['LOCATION'].nil?
+    begin
+      Rake::Task[:'test:processor'].execute
+    rescue
+      # don't care, just run it again. can examine output later
+    end
+  end
+  
+  desc 'Run all the tests against a specific processor. Use LOCATION to specify web service URL.'
+  Rake::TestTask.new(:processor) do |t|
+    t.libs << 'lib'
+    t.pattern = 'test/**/*_test.rb'
+    t.verbose = true
+  end
+  
+end
+
+desc "Build the RDoc"
+Rake::RDocTask.new { |rdoc|
+  rdoc.rdoc_dir = 'doc'
+  rdoc.title    = "exact4r"
+  rdoc.options << '--main' << 'README' << "--inline-source" << "--line-numbers"
+  rdoc.rdoc_files.include('CHANGELOG', 'LICENCE', 'README', 'VERSION', 'lib/**/*.rb')
+}
+
+desc "Build the exact4r gem"
+spec = Gem::Specification.new do |s|
+  s.name="exact4r"
+  s.author = "E-xact Transactions Ltd."
+  s.homepage = "http://e-xact4r.rubyforge.org/"
+  s.rubyforge_project = "exact4r"
+  s.email = "dredmond@e-xact.com"
+  s.version=`cat VERSION`
+  s.summary = 'E-xact Web Services Client Library.'
+  s.files = FileList["./**/**"].to_a
+  s.has_rdoc = true
+  s.extra_rdoc_files = ['CHANGELOG', 'LICENCE', 'README', 'VERSION']
+  s.rdoc_options << '--main' << 'README' << '--inline-source' << '--line-numbers'
+  s.add_dependency('activesupport', '>= 2.3.2')
+  s.add_dependency('builder', '>= 2.1.2')
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.need_tar = true
+end

data/VERSION

@@ -0,0 +1 @@
+1.7

data/certs/e-xact.com.crt

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFVTCCBD2gAwIBAgIHBITApWVLMTANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
+BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
+BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm
+aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5
+IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky
+ODcwHhcNMTAwMjE2MjMzNTQzWhcNMTUwMjE2MjMzNTQzWjBRMRUwEwYDVQQKDAwq
+LmUteGFjdC5jb20xITAfBgNVBAsMGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEV
+MBMGA1UEAwwMKi5lLXhhY3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEApvqzJMP4vtbvyXwepZhj8uaKXONIo4H8aN51FOL1PDdGEfWktlWw38Xj
+dU0KJrGeTcBgsfg8NehFwasilW6IbojhMmnvWyYaTzklEjMDmgda3hGRJRqbg/dW
+v0nZRMO7Xy0NNMGHeN9Sxs8977LRV5Y1VjK1M3WhilP3oxe49Ov1K4FEZrxT0fbn
+sqClwAm059XM+qWkUY5tBs6KSZQf1/+Xlx5txB/IqDWLrN5oRuCa+mBi5mIFE7nA
+suFtI/26szCYVuK6r8spbsYeo13c/qTv4yaZbLW3uXgbgTuI4FAtOR9NpUYvLQHR
+9kYYPeusqj0DnLD6ELMXkujHW0V6MQIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUw
+AwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQD
+AgWgMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Rz
+MS0xNC5jcmwwUwYDVR0gBEwwSjBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIB
+FitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMIGA
+BggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHku
+Y29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
+bS9yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axh
+MpNsRdbi7oVfmrrndplozOcwIwYDVR0RBBwwGoIMKi5lLXhhY3QuY29tggplLXhh
+Y3QuY29tMB0GA1UdDgQWBBRmlEOazZNz8dfnnl7UimMDqciOOzANBgkqhkiG9w0B
+AQUFAAOCAQEArQNhlZ3ij3Yz1U2GHiNY4fpYtNCAhzlrnNZUHaDlhiWEvOcXSB4j
+ER77sgaHmZOm8PW0mXg3eK0+Km5ANWbNbPLe0yPpKRa1GbmgxQx/P4MWMiM+872l
+QmpZlgLw2cGvivALAt7S74QTiqjYX10nNyHlpnlvB9Am2WgzQHQDzyKuKGglFjlw
+ItZpTFFkSGEWK99cxE69GMwtZCsr4b+RB80sDA+ckd45GISg808GkWHfqJVa64k8
+dlXVgRNQwLfrWN+BQeUsfsKu5jiNI7H2a8zrRt4mCa9urh15O+d4pDhXhrYSkQpI
+ezmbzKzCEd1mpiT+sjCzByN3uX6n7eF/Eg==
+-----END CERTIFICATE-----

data/certs/exact.cer

@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC7DCCAlWgAwIBAgIDCFDUMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
+MIIC7DCCAlWgAwIBAgIDCqSQMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
 MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
-aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMTE1MDA0MDAyWhcNMDkwMjE0MDA0MDAy
+aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwMjEzMDAxMDQ2WhcNMTAwMzE1MjMxMDQ2
 WjB3MQswCQYDVQQGEwJDQTEZMBcGA1UECBMQQnJpdGlzaCBDb2x1bWJpYTESMBAG
 A1UEBxMJVmFuY291dmVyMSIwIAYDVQQKExlFLXhhY3QgVHJhbnNhY3Rpb25zLCBM
 dGQuMRUwEwYDVQQDFAwqLmUteGFjdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAKDWJW7DQ9EAkYE0j8QKZtGyRPx84NHaMLA9uJsqG9EMPfNCRd8Puafx
-dJ6phUS/gP/ELRmJLlKO7qg6hTfLB3UwvAoMfF8VZM8jNbd3/b+SQD6CiPX0vETH
-85qIegdNrRQNm0ZKhq10bQlzKyoOrk0MDzDd6a98NyrLhVvb1nDlAgMBAAGjga4w
-gaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBTsLqYhwlm0BeEOq0Mhl6P5lxWP
-cTA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxz
+MIGJAoGBAKAEtyoEOQMqbYNTo/XGXx68vElKFb3lhQ9qimRlggadSCA3F1P40dMz
+3PlXDtKN9TcvqYalvmrntjmtY7/QgBu59AJOIoFDXe/XCtW16XAlANIrTvS9zhHd
+nnLhCHcLAhEJIssWb3ddXiK8NDIyHtIbWYRIdzT0aPOLtoUXfcBLAgMBAAGjga4w
+gaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBSTkCQC1iSGLxD/+kL5elS75kLe
+hDA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxz
 L3NlY3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAd
 BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEA
-X5PCTOTdEnxbG3qcrpgiwnh3ax0Orgy8VUEv3q08GlTu8b+p96/p9e4pWFnZ1FtH
-F8B9PGPeDGZDu0+d3HcMuPBgdl/qyVPI7BIfED7V/PXLj92QQP5VI49R9DI1dj+O
-bWaptb3x1gcxEP7ifBLl4fg080RlxAJmFrHTF2h9TQ4=
+iHFOvsHR2SZ93jry4TaDWXXVN3gBuK9S7j4ubcGbT4HZe/1OJXE8Hpdc6lFaBgdi
+ZK2qHFzZ7suhcOiF6f7HCtDDXdoGAhYJVWGvhd/2CsvaRzdVWkUQzfRgDXKoYU9W
+BEQs/Y5lG23rmq4WJe6HSVN0FMaZS3aVIr54821hKPc=
 -----END CERTIFICATE-----

data/certs/valicert_class2_root.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----

data/lib/ews/certificate_helper.rb

@@ -0,0 +1,68 @@
+module EWS # :nodoc:
+  module CertificateHelper
+    
+    EXACT_ISSUER_CERT_FILE = File.dirname(__FILE__)+"/../../certs/valicert_class2_root.crt" unless defined?(EXACT_ISSUER_CERT_FILE)
+    EXACT_SERVER_CERT_FILE = File.dirname(__FILE__)+"/../../certs/e-xact.com.crt" unless defined?(EXACT_SERVER_CERT_FILE)
+    
+    attr_accessor :issuer_cert_file, :server_cert, :client_cert, :client_key
+    
+    def configure_certificates(options)
+      self.issuer_cert_file = (options[:issuer_cert] || EXACT_ISSUER_CERT_FILE)
+      server_cert_file = (options[:server_cert] || EXACT_SERVER_CERT_FILE)
+      self.server_cert = File.new(server_cert_file).read
+      if options[:client_cert]
+        raise ArgumentError.new "Key file not supplied" if options[:client_key].blank?
+        self.client_cert = OpenSSL::X509::Certificate.new(File.new(options[:client_cert]).read)
+        self.client_key = client_cert.public_key.class.send(:new, File.new(options[:client_key]).read)
+      end
+    end
+    private :configure_certificates
+    
+    def validate_certificate(is_ok, ctx)
+      cert = ctx.current_cert
+      return false if cert.nil?
+
+      # preverify failed?
+      return false unless is_ok
+
+      self_signed = false
+      ca = false
+      pathlen = nil
+      server_auth = true
+      self_signed = (cert.subject.cmp(cert.issuer) == 0)
+
+      # Check extensions for the certificate purpose according to http://www.openssl.org/docs/apps/x509.html (Certificate Extensions) and
+      # http://www.ietf.org/rfc/rfc3280.txt.
+      cert.extensions.each do |ex|
+        case ex.oid
+        when 'basicConstraints'
+          /CA:(TRUE|FALSE)(?:, pathlen:)*(\d*)/  =~ ex.value
+          ca ||= ($1 == 'TRUE')
+          pathlen = $2.to_i
+        when 'keyUsage'
+          usage = ex.value.split(/\s*,\s*/)
+          # a CA must have
+          ca &&= !usage.grep(/Certificate Sign/i).empty?
+          # Server Cert Must have
+          server_auth &&= !usage.grep(/Key Encipherment/i).empty?
+        when 'extendedKeyUsage'
+          usage = ex.value.split(/\s*,\s*/)
+          # Server Cert Must have
+          server_auth &&= !usage.grep(/TLS Web Server Authentication/i).empty?
+        when 'nsCertType'
+          usage = ex.value.split(/\s*,\s*/)
+          ca ||= !usage.grep(/SSL CA/i).empty?
+          server_auth ||= !usage.grep(/SSL Server/i).empty?
+        end
+      end
+
+      # We're looking for the server cert, so accept all CAs (which have already passed pre-verification)
+      return true if self_signed || ca
+      
+      # ensure the server cert is the one we're expecting
+      return server_auth && self.server_cert == cert.to_pem
+    end
+    private :validate_certificate
+    
+  end
+end