flores 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c0fb409bcd13936e24dae9b9f932577b83321cfa
-  data.tar.gz: 0168c710951ccd26e4bff91434d4e811526cabe3
+  metadata.gz: 5628419d75d7725ac7a85dfb625142a1607b162e
+  data.tar.gz: 79027be03b9a83aca2573c3f05b17838bfb218f9
 SHA512:
-  metadata.gz: 9da3201822ace87268b2cd900d75c95ee7b9d02ac3b7801b5456039d3fc55e8a35739e8f88ff40524f4db7ba3c6bf6036967d652d2d94f19181eb4e67fdb3891
-  data.tar.gz: 1d79f887fbbeeb0cd4f641b31382b074fc20a3e7e2b6a3da55bfde4d35dbb491ef51463869981e9e53c862b506e4785182359cb2c084d64ca6d7ecedde0c603a
+  metadata.gz: 3898ab4b5e26cdd2cd8b1bb01284b0d525f0a141cc211dcfa0804c20f217b06c8e9a2ef37429bede123feb439d6a69a3b38a9e77956aae164776b42dd3e2a885
+  data.tar.gz: 058ddd9a151b86d5728eddcafb880144e7578d673b007b2f8389fc8511aee1f45ffe47620f85beb07251af68c5a80e6f960792bd0bf04f4bd62e5ebcc636bdc0

data/Gemfile

@@ -3,5 +3,10 @@ source "https://rubygems.org"
 group "development" do
   gem "rspec", ">= 3.0.0"
   gem "fuubar"
+  gem "stud"
   gem "pry"
 end
+
+group "test" do
+  gem 'simplecov', :require => false
+end

data/Gemfile.lock

@@ -8,6 +8,7 @@ GEM
       rspec (~> 3.0)
       ruby-progressbar (~> 1.4)
     method_source (0.8.2)
+    multi_json (1.11.1)
     pry (0.10.1)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
@@ -31,9 +32,14 @@ GEM
       rspec-support (~> 3.2.0)
     rspec-support (3.2.1)
     ruby-progressbar (1.7.1)
+    simplecov (0.6.4)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.5.3)
+    simplecov-html (0.5.3)
     slop (3.6.0)
     spoon (0.0.4)
       ffi
+    stud (0.0.19)
 
 PLATFORMS
   java
@@ -43,3 +49,5 @@ DEPENDENCIES
   fuubar
   pry
   rspec (>= 3.0.0)
+  simplecov
+  stud

data/README.md

@@ -1,5 +1,9 @@
 # Flores - a stress testing library
 
+This library is named in loving memory of Carlo Flores.
+
+---
+
 When writing tests, it is often good to test a wide variety of inputs to ensure
 your entire input range behaves correctly.
 
@@ -14,12 +18,17 @@ to find common patterns in failures!
 Let's look at a sample situation. Ruby's TCPServer. Let's write a spec to cover a spec covering port binding:
 
 ```ruby
+require "flores/rspec"
+RSpec.configure do |config|
+  Flores::RSpec.configure(config)
+end
+
 describe TCPServer do
   subject(:socket) { Socket.new(Socket::AF_INET, Socket::SOCK_STREAM, 0) }
   let(:port) { 5000 }
   let(:sockaddr) { Socket.sockaddr_in(port, "127.0.0.1") }
 
-  after { socket.close}
+  after { socket.close }
 
   it "should bind successfully" do
     socket.bind(sockaddr)
@@ -46,7 +55,7 @@ Let's assume I don't know anything about tcp port ranges and test randomly in th
 
 ```ruby
 describe TCPServer do
-  let(:port) { Randomized.integer(-100_000..100_000) }
+  let(:port) { Flores::Random.integer(-100_000..100_000) }
   ...
 end
 ```
@@ -61,15 +70,19 @@ Failures:
 
   1) TCPServer should bind successfully
      Failure/Error: expect(socket.local_address.ip_port).to(be == port)
-       expected: == 83359
-            got:    17823
-     # ./tcpserver_spec.rb:12:in `block (2 levels) in <top (required)>'
+       expected: == 70144
+            got:    4608
+     # ./tcpserver_spec.rb:18:in `block (2 levels) in <top (required)>'
 
-Finished in 0.00155 seconds (files took 0.10221 seconds to load)
+Finished in 0.00163 seconds (files took 0.09982 seconds to load)
 1 example, 1 failure
+
+Failed examples:
+
+rspec ./tcpserver_spec.rb:16 # TCPServer should bind successfully
 ```
 
-Well that's weird. Binding port 83359 actually made it bind on port 17823!
+Well that's weird. Binding port 70144 actually made it bind on port 4608!
 
 If we run it more times, we'll see all kinds of different results:
 
@@ -104,74 +117,66 @@ we introduced randomness to our test inputs.
 We can go further and run a given spec example many times and group the
 failures by similarity and include context (what the inputs were, etc)
 
-This library provides an `analyze_it` helper which behaves similarly to rspec's
-`it` except that it runs the block a random number of times and clears the `let` cache
-each time. This lets you run  a given test many times with many random inputs!
+This library provides an `stress_it` helper which behaves similarly to rspec's
+`it` except that the spec is copied (and run) many times.
 
-The result is grouped by failure and includes context. Let's see how it works:
+The result is grouped by failure and includes context (`let` and `subject`).
+Let's see how it works:
 
-We'll change `it` to use `analyze_it` instead:
+We'll change `it` to use `stress_it` instead, and also add `analyze_results`:
 
 ```diff
 - it "should bind successfully" do
-+ analyze_it "should bind successfully", [:port] do
++ analyze_results # track the `let` and `subject` values in our tests.
++ stress_it "should bind successfully" do
 ```
 
+The `analyze_results` method just adds an `after` hook to capture the `let` and
+`subject` values used in each example.
+
+The final step is to use a custom formatter provided with this library to do the analysis.
+
 Now rerunning the test. With barely any spec changes from the original, we have
 now enough randomness and stress testing to identify many different failure cases
 and input ranges for those failures.
 
 ```
-Failures:
-
-  1) TCPServer should bind successfully
-     Failure/Error: raise StandardError, Analysis.new(results) if results.any? { |k, _| k != :success }
-     StandardError:
-       31.14% tests successful of 2563 tests
-       Failure analysis:
-         50.57% -> [1296] SocketError
-           Sample exception for {:port=>-94900}
-             getaddrinfo: nodename nor servname provided, or not known
-           Samples causing SocketError:
-             {:port=>-49441}
-             {:port=>-1991}
-             {:port=>-54074}
-             {:port=>-1733}
-             {:port=>-21868}
-         16.89% -> [433] RSpec::Expectations::ExpectationNotMetError
-           Sample exception for {:port=>93844}
-             expected: == 93844
-                  got:    28308
-           Samples causing RSpec::Expectations::ExpectationNotMetError:
-             {:port=>89451}
-             {:port=>95627}
-             {:port=>95225}
-             {:port=>73106}
-             {:port=>77167}
-         1.01% -> [26] Errno::EACCES
-           Sample exception for {:port=>65649}
-             Permission denied - bind(2) for 127.0.0.1:113
-           Samples causing Errno::EACCES:
-             {:port=>913}
-             {:port=>141}
-             {:port=>66194}
-             {:port=>66217}
-             {:port=>66408}
-         0.39% -> [10] Errno::EADDRINUSE
-           Sample exception for {:port=>34402}
-             Address already in use - bind(2) for 127.0.0.1:34402
-           Samples causing Errno::EADDRINUSE:
-             {:port=>50905}
-             {:port=>71202}
-             {:port=>34402}
-             {:port=>28235}
-             {:port=>85641}
-     # ./lib/rspec/stress_it.rb:103:in `block in analyze_it'
-
-Finished in 0.0735 seconds (files took 0.10247 seconds to load)
-1 example, 1 failure
-
-Failed examples:
-
-rspec ./tcpserver_spec.rb:8 # TCPServer should bind successfully
+% rspec -f Flores::RSpec::Formatters::Analyze tcpserver_spec.rb
+
+TCPServer should bind successfully
+  33.96% (of 742 total) tests are successful
+  Failure analysis:
+    46.90% -> [348] SocketError
+      Sample exception for {:socket=>#<Socket:(closed)>, :port=>-74235}
+        getaddrinfo: nodename nor servname provided, or not known
+      Samples causing SocketError:
+        {:socket=>#<Socket:(closed)>, :port=>-60170}
+        {:socket=>#<Socket:(closed)>, :port=>-73159}
+        {:socket=>#<Socket:(closed)>, :port=>-84648}
+        {:socket=>#<Socket:(closed)>, :port=>-5936}
+        {:socket=>#<Socket:(closed)>, :port=>-78195}
+    18.33% -> [136] RSpec::Expectations::ExpectationNotMetError
+      Sample exception for {:socket=>#<Socket:(closed)>, :port=>72849, :sockaddr=>"\x10\x02\x1C\x91\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        expected: == 72849
+             got:    7313
+      Samples causing RSpec::Expectations::ExpectationNotMetError:
+        {:socket=>#<Socket:(closed)>, :port=>74072, :sockaddr=>"\x10\x02!X\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        {:socket=>#<Socket:(closed)>, :port=>77973, :sockaddr=>"\x10\x020\x95\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        {:socket=>#<Socket:(closed)>, :port=>88867, :sockaddr=>"\x10\x02[#\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        {:socket=>#<Socket:(closed)>, :port=>87710, :sockaddr=>"\x10\x02V\x9E\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        {:socket=>#<Socket:(closed)>, :port=>95690, :sockaddr=>"\x10\x02u\xCA\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+    0.81% -> [6] Errno::EACCES
+      Sample exception for {:socket=>#<Socket:(closed)>, :port=>65897, :sockaddr=>"\x10\x02\x01i\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        Permission denied - bind(2) for 127.0.0.1:361
+      Samples causing Errno::EACCES:
+        {:socket=>#<Socket:(closed)>, :port=>879, :sockaddr=>"\x10\x02\x03o\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        {:socket=>#<Socket:(closed)>, :port=>66258, :sockaddr=>"\x10\x02\x02\xD2\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        {:socket=>#<Socket:(closed)>, :port=>65829, :sockaddr=>"\x10\x02\x01%\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        {:socket=>#<Socket:(closed)>, :port=>66044, :sockaddr=>"\x10\x02\x01\xFC\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+        {:socket=>#<Socket:(closed)>, :port=>65897, :sockaddr=>"\x10\x02\x01i\x7F\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"}
+
+Finished in 0.10509 seconds
+742 examples, 490 failures
 ```
+
+Now we can see a wide variety of failure cases all found through randomization. Nice!

data/examples/analyze_number.rb

@@ -17,15 +17,19 @@
 require "flores/rspec"
 require "flores/random"
 
-RSpec.configure do |c|
-  Flores::RSpec.configure(c)
-  c.add_formatter("Flores::RSpec::Formatters::Analyze")
+RSpec.configure do |config|
+  Flores::RSpec.configure(config)
+  Kernel.srand config.seed
+
+  # Demonstrate the wonderful Analyze formatter
+  config.add_formatter("Flores::RSpec::Formatters::Analyze")
 end
 
 describe "a random number" do
+  analyze_results
+
   context "between 0 and 200 inclusive" do
     let(:number) { Flores::Random.number(0..200) }
-    analyze_results
     stress_it "should be less than 100" do
       expect(number).to(be < 100)
     end

data/examples/socket_acceptance_spec.rb

@@ -14,12 +14,16 @@
 # 
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+require "flores/rspec"
 require "flores/random"
 require "socket"
-require "flores/rspec"
 
-RSpec.configure do |c|
-  Flores::RSpec.configure(c)
+RSpec.configure do |config|
+  Kernel.srand config.seed
+  Flores::RSpec.configure(config)
+
+  # Demonstrate the wonderful Analyze formatter
+  config.add_formatter("Flores::RSpec::Formatters::Analyze")
 end
 
 # A factory for encapsulating behavior of a tcp server and client for the
@@ -53,7 +57,9 @@ class TCPIntegrationTestFactory
 
     @client.syswrite(text)
     @client.close
-    server.read
+    data = server.read
+    data.force_encoding(Encoding.default_external).encoding
+    data
   ensure
     @client.close unless @client.closed?
     server.close unless server.nil? || server.closed?
@@ -61,25 +67,27 @@ class TCPIntegrationTestFactory
 end
 
 describe "TCPServer+TCPSocket" do
+  analyze_results
+
   let(:port) { Flores::Random.integer(1024..65535) }
   let(:text) { Flores::Random.text(1..2000) }
   subject { TCPIntegrationTestFactory.new(port) }
-  
-  describe "using stress_it" do
-    stress_it2 "should send data correctly", [:port, :text] do
-      begin
-        subject.setup
-      rescue Errno::EADDRINUSE
-        next # Skip port bindings that are in use
-      end
 
-      begin
-        received = subject.send_and_receive(text)
-        expect(received.encoding).to(be == text.encoding)
-        expect(received).to(be == text)
-      ensure
-        subject.teardown
-      end
+  before do
+    begin
+      subject.setup
+    rescue Errno::EADDRINUSE
+      skip "Port #{port} was in use. Skipping!"
+    end
+  end
+  
+  stress_it "should send data correctly", [:port, :text] do
+    begin
+      received = subject.send_and_receive(text)
+      expect(received.encoding).to(be == text.encoding)
+      expect(received).to(be == text)
+    ensure
+      subject.teardown
     end
   end
 end

data/examples/socket_stress_spec.rb

@@ -14,31 +14,33 @@
 # 
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+require "flores/rspec"
 require "flores/random"
 require "socket"
-require "flores/rspec"
 
-RSpec.configure do |c|
-  Flores::RSpec.configure(c)
+RSpec.configure do |config|
+  Flores::RSpec.configure(config)
+  Kernel.srand(config.seed)
+
+  # Demonstrate the wonderful Analyze formatter
+  config.add_formatter("Flores::RSpec::Formatters::Analyze")
 end
 
 describe TCPServer do
-  analyze
-
+  analyze_results
   subject(:socket) { Socket.new(Socket::AF_INET, Socket::SOCK_STREAM, 0) }
   let(:sockaddr) { Socket.sockaddr_in(port, "127.0.0.1") }
-  let(:ignore_eaddrinuse) do
-    proc do |m, *args|
-      begin
-        m.call(*args)
-      rescue Errno::EADDRINUSE # rubocop:disable Lint/HandleExceptions
-        # ignore
-      end
-    end
-  end
 
   after do
-    socket.close
+    socket.close unless socket.closed?
+  end
+
+  context "on a random port" do
+    let(:port) { Flores::Random.integer(-100_000..100_000) }
+    stress_it "should bind successfully", [:port] do
+      socket.bind(sockaddr)
+      expect(socket.local_address.ip_port).to(be == port)
+    end
   end
 
   context "on privileged ports" do
@@ -53,7 +55,13 @@ describe TCPServer do
     stress_it "should bind on a port" do
       # EADDRINUSE is expected since we are picking ports at random
       # Let's ignore this specific exception
-      allow(socket).to(receive(:bind).and_wrap_original(&ignore_eaddrinuse))
+      allow(socket).to(receive(:bind).and_wrap_original do |original, *args|
+        begin
+          original.call(*args)
+        rescue Errno::EADDRINUSE # rubocop:disable Lint/HandleExceptions
+          # Ignore
+        end
+      end)
       expect { socket.bind(sockaddr) }.to_not(raise_error)
     end
   end

data/flores.gemspec

@@ -2,7 +2,7 @@ Gem::Specification.new do |spec|
   files = %x(git ls-files).split("\n")
 
   spec.name = "flores"
-  spec.version = "0.0.3"
+  spec.version = "0.0.4"
   spec.summary = "Fuzz, randomize, and stress your tests"
   spec.description = <<-DESCRIPTION
     Add fuzzing, randomization, and stress to your tests.

data/lib/flores/pki.rb

@@ -0,0 +1,254 @@
+# encoding: utf-8
+# This file is part of ruby-flores.
+# Copyright (C) 2015 Jordan Sissel
+# 
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+# 
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+require "flores/namespace"
+require "flores/random"
+require "English"
+require "openssl"
+
+module Flores::PKI
+  # Generate a random serial number for a certificate.
+  def self.random_serial
+    # RFC5280 (X509) says:
+    # > 4.1.2.2.  Serial Number 
+    # > Certificate users MUST be able to handle serialNumber values up to 20 octets
+    Flores::Random.integer(1..9).to_s + Flores::Random.iterations(0..19).collect { Flores::Random.integer(0..9) }.join
+  end
+
+  # A certificate signing request.
+  #
+  # From here, you can configure a certificate to be created based on your
+  # desired configuration.
+  #
+  # Example making a root CA:
+  #
+  #     key = OpenSSL::PKey::RSA.generate(4096, 65537)
+  #     csr = Flores::PKI::CertificateSigningRequest.new
+  #     csr.subject = "OU=Fancy Pants Inc."
+  #     certificate = csr.create_root(key)
+  #
+  # Example making an intermediate CA:
+  #     
+  #     root_key = OpenSSL::PKey::RSA.generate(4096, 65537)
+  #     root_csr = Flores::PKI::CertificateSigningRequest.new
+  #     root_csr.subject = "OU=Fancy Pants Inc."
+  #     root_csr.public_key = root_key.public
+  #     root_certificate = csr.create_root(root_key)
+  #
+  #     intermediate_key = OpenSSL::PKey::RSA.generate(4096, 65537)
+  #     intermediate_csr = Flores::PKI::CertificateSigningRequest.new
+  #     intermediate_csr.public_key = intermediate_key.public
+  #     intermediate_csr.subject = "OU=Fancy Pants Inc. Intermediate 1"
+  #     intermediate_certificate = csr.create_intermediate(root_certificate, root_key)
+  class CertificateSigningRequest
+    # raised when an invalid signing configuration is given
+    class InvalidRequest < StandardError; end
+
+    # raised when invalid data is present in a certificate request
+    class InvalidData < StandardError; end
+
+    # raised when an invalid subject (format, or whatever) is given in a certificate request
+    class InvalidSubject < InvalidData; end
+
+    # raised when an invalid time value is given for a certificate request
+    class InvalidTime < InvalidData; end
+
+    def initialize
+      self.serial = Flores::PKI.random_serial
+      self.digest_method = default_digest_method
+    end
+
+    private
+
+    def validate_subject(value)
+      OpenSSL::X509::Name.parse(value)
+    rescue OpenSSL::X509::NameError => e
+      raise InvalidSubject, "Invalid subject '#{value}'. (#{e})"
+    rescue TypeError => e
+      # Bug(?) in MRI 2.1.6(?)
+      raise InvalidSubject, "Invalid subject '#{value}'. (#{e})"
+    end
+
+    def subject=(value)
+      @subject = validate_subject(value)
+    end
+
+    attr_reader :subject
+
+    def subject_alternates=(values)
+      @subject_alternates = values
+    end
+
+    attr_reader :subject_alternates
+
+    def public_key=(value)
+      @public_key = validate_public_key(value)
+    end
+
+    def validate_public_key(value)
+      raise InvalidData, "public key must be a OpenSSL::PKey::PKey" unless value.is_a? OpenSSL::PKey::PKey
+      value
+    end
+
+    attr_reader :public_key
+
+    def start_time=(value)
+      @start_time = validate_time(value)
+    end
+
+    attr_reader :start_time
+
+    def expire_time=(value)
+      @expire_time = validate_time(value)
+    end
+
+    attr_reader :expire_time
+
+    def validate_time(value)
+      raise InvalidTime, "#{value.inspect} (class #{value.class.name})" unless value.is_a?(Time)
+      value
+    end
+
+    def certificate
+      return @certificate  if @certificate
+      @certificate = OpenSSL::X509::Certificate.new
+
+      # RFC5280
+      # > 4.1.2.1.  Version
+      # > version MUST be 3 (value is 2).
+      #
+      # Version value of '2' means a v3 certificate.
+      @certificate.version = 2
+
+      @certificate.subject = subject
+      @certificate.not_before = start_time
+      @certificate.not_after = expire_time
+      @certificate.public_key = public_key
+      @certificate
+    end
+
+    def default_digest_method
+      OpenSSL::Digest::SHA256.new
+    end
+
+    def self_signed?
+      @signing_certificate.nil?
+    end
+
+    def validate!
+      if self_signed?
+        if @signing_key.nil?
+          raise InvalidRequest, "No signing_key given. Cannot sign key."
+        end
+      elsif @signing_certificate.nil? && @signing_key
+        raise InvalidRequest, "signing_key given, but no signing_certificate is set"
+      elsif @signing_certificate && @signing_key.nil?
+        raise InvalidRequest, "signing_certificate given, but no signing_key is set"
+      end
+    end
+
+    def create
+      validate!
+      extensions = OpenSSL::X509::ExtensionFactory.new
+      extensions.subject_certificate = certificate
+      extensions.issuer_certificate = self_signed? ? certificate : signing_certificate
+
+      certificate.issuer = extensions.issuer_certificate.subject
+      certificate.add_extension(extensions.create_extension("subjectKeyIdentifier", "hash", true))
+
+      # RFC 5280 4.2.1.1. Authority Key Identifier
+      # This is "who signed this key"
+      certificate.add_extension(extensions.create_extension("authorityKeyIdentifier", "keyid:always,issuer", true))
+
+      if want_signature_ability?
+        # Create a CA.
+        certificate.add_extension(extensions.create_extension("basicConstraints", "CA:TRUE", true))
+        # Rough googling seems to indicate at least keyCertSign is required for CA and intermediate certs.
+        certificate.add_extension(extensions.create_extension("keyUsage", "keyCertSign, cRLSign, digitalSignature", true))
+      else
+        # Create a client+server certificate
+        #
+        # It feels weird to create a certificate that's valid as both server and client, but a brief inspection of major
+        # web properties (apple.com, google.com, yahoo.com, github.com, fastly.com, mozilla.com, amazon.com) reveals that
+        # major web properties have certificates with both clientAuth and serverAuth extended key usages. Further,
+        # these major server certificates all have digitalSignature and keyEncipherment for key usage.
+        #
+        # Here's the command I used to check this:
+        #    echo mozilla.com apple.com github.com google.com yahoo.com fastly.com elastic.co amazon.com \
+        #    | xargs -n1 sh -c 'openssl s_client -connect $1:443 \
+        #    | sed -ne "/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p" \
+        #    | openssl x509 -text -noout | sed -ne "/X509v3 extensions/,/Signature Algorithm/p" | sed -e "s/^/$1 /"' - \
+        #    | grep -A2 'Key Usage'
+        certificate.add_extension(extensions.create_extension("keyUsage", "digitalSignature, keyEncipherment", true))
+        certificate.add_extension(extensions.create_extension("extendedKeyUsage", "clientAuth, serverAuth", false))
+      end
+      certificate.serial = OpenSSL::BN.new(serial)
+      certificate.sign(signing_key, digest_method)
+      certificate
+    end
+
+    # Set the certificate which is going to be signing this request.
+    def signing_certificate=(certificate)
+      raise InvalidData, "signing_certificate must be an OpenSSL::X509::Certificate" unless certificate.is_a?(OpenSSL::X509::Certificate)
+      @signing_certificate = certificate
+    end
+    attr_reader :signing_certificate
+
+    attr_reader :signing_key
+    def signing_key=(private_key)
+      raise InvalidData, "signing_key must be an OpenSSL::PKey::PKey (or a subclass)" unless private_key.is_a?(OpenSSL::PKey::PKey)
+      @signing_key = private_key
+    end
+
+    def want_signature_ability=(value)
+      raise InvalidData, "want_signature_ability must be a boolean" unless value == true || value == false
+      @want_signature_ability = value
+    end
+
+    def want_signature_ability?
+      @want_signature_ability == true
+    end
+
+    attr_reader :digest_method
+    def digest_method=(value)
+      raise InvalidData, "digest_method must be a OpenSSL::Digest (or a subclass)" unless value.is_a?(OpenSSL::Digest)
+      @digest_method = value
+    end
+
+    attr_reader :serial
+    def serial=(value)
+      begin
+        Integer(value)
+      rescue
+        raise InvalidData, "Invalid serial value. Must be a number (or a String containing only nubers)"
+      end
+      @serial = value
+    end
+
+    public(:serial, :serial=)
+    public(:subject, :subject=)
+    public(:subject_alternates, :subject_alternates=)
+    public(:public_key, :public_key=)
+    public(:start_time, :start_time=)
+    public(:expire_time, :expire_time=)
+    public(:digest_method, :digest_method=)
+    public(:want_signature_ability?, :want_signature_ability=)
+    public(:signing_key, :signing_key=)
+    public(:signing_certificate, :signing_certificate=)
+    public(:create)
+  end # class CertificateSigningRequest
+end  # Flores::PKI

data/lib/flores/random.rb

@@ -16,6 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 require "flores/namespace"
+autoload :Socket, "socket"
 
 # A collection of methods intended for use in randomized testing.
 module Flores::Random
@@ -26,7 +27,7 @@ module Flores::Random
   # characters.
   CHARACTERS = [
     # Basic Latin
-    *(32..126).map(&:chr),
+    *(32..126).map(&:chr).map { |c| c.force_encoding(Encoding.default_external) },
 
     # hand-selected CJK Unified Ideographs Extension A
     "㐤", "㐨", "㐻", "㑐",
@@ -99,4 +100,97 @@ module Flores::Random
       integer(range).times
     end
   end # def iterations
-end # module Randomized
+
+  # Return a random element from an array
+  def self.item(array)
+    array[integer(0...array.size)]
+  end
+
+  # Return a random IPv4 address as a string
+  def self.ipv4
+    # TODO(sissel): Support CIDR range restriction?
+    # TODO(sissel): Support netmask restriction?
+    [integer(0..IPV4_MAX)].pack("N").unpack("C4").join(".")
+  end
+
+  # Return a random IPv6 address as a string
+  #
+  # The address may be in abbreviated form (ABCD::01EF):w
+  def self.ipv6
+    # TODO(sissel): Support CIDR range restriction?
+    # TODO(sissel): Support netmask restriction?
+    length = integer(2..8)
+    if length == 8
+      # Full address; nothing to abbreviate
+      ipv6_pack(length)
+    else
+      abbreviation = ipv6_abbreviation(length)
+      if length == 2
+        first = 1
+        second = 1
+      else
+        first = integer(2...length)
+        second = length - first
+      end
+      ipv6_pack(first) + abbreviation + ipv6_pack(second)
+    end
+  end
+
+  # Get a TCP socket bound and listening on a random port.
+  #
+  # You are responsible for closing the socket.
+  #
+  # Returns [socket, address, port]
+  def self.tcp_listener(host = "127.0.0.1")
+    socket_listener(Socket::SOCK_STREAM, host)
+  end
+
+  # Get a UDP socket bound and listening on a random port.
+  #
+  # You are responsible for closing the socket.
+  #
+  # Returns [socket, address, port]
+  def self.udp_listener(host = "127.0.0.1")
+    socket_listener(Socket::SOCK_DGRAM, host)
+  end
+
+  private
+
+  IPV4_MAX = 1 << 32
+  IPV6_SEGMENT = 1 << 16
+
+  def self.ipv6_pack(length)
+    length.times.collect { integer(0..IPV6_SEGMENT).to_s(16) }.join(":")
+  end
+
+  def self.ipv6_abbreviation(length)
+    abbreviate = (integer(0..1) == 0)
+    if abbreviate
+      "::"
+    else
+      ":" + (8 - length).times.collect { "0" }.join(":") + ":"
+    end
+  end
+
+  LISTEN_BACKLOG = 5
+  def self.socket_listener(type, host)
+    socket = server_socket_class.new(Socket::AF_INET, type)
+    socket.bind(Socket.pack_sockaddr_in(0, host))
+    if type == Socket::SOCK_STREAM || type == Socket::SOCK_SEQPACKET
+      socket.listen(LISTEN_BACKLOG)
+    end
+
+    port = socket.local_address.ip_port
+    address = socket.local_address.ip_address
+    [socket, address, port]
+  end
+
+  def self.server_socket_class
+    if RUBY_ENGINE == 'jruby'
+      # https://github.com/jruby/jruby/wiki/ServerSocket
+      ServerSocket
+    else
+      Socket
+    end
+  end
+end # module Flores::Random

data/lib/flores/rspec/analyze.rb

@@ -85,13 +85,21 @@ module Flores::RSpec::Analyze
     end # def total
 
     def success_count
-      if @results.include?(:success)
-        @results[:success].length
+      if @results.include?(:passed)
+        @results[:passed].length
       else
         0
       end
     end # def success_count
 
+    def success_and_pending_count
+      count = 0
+      [:passed, :pending].each do |group|
+        count += @results[group].length
+      end
+      count
+    end # def success_count
+
     def percent(count)
       return (count + 0.0) / total
     end # def percent
@@ -100,10 +108,16 @@ module Flores::RSpec::Analyze
       return format("%.2f%%", percent(count) * 100)
     end # def percent_s
 
-    def to_s
+    def to_s # rubocop:disable Metrics/AbcSize
       # This method is crazy complex for a formatter. Should refactor this significantly.
-      report = ["#{percent_s(success_count)} tests successful of #{total} tests"]
-      report += failure_summary if success_count < total
+      report = []
+      if @results[:pending].any?
+        # We have pending examples, put a clear message.
+        report << "#{percent_s(success_and_pending_count)} (of #{total} total) tests are successful or pending"
+      else
+        report << "#{percent_s(success_count)} (of #{total} total) tests are successful"
+      end
+      report += failure_summary if success_and_pending_count < total
       report.join("\n")
     end # def to_s
 
@@ -112,7 +126,8 @@ module Flores::RSpec::Analyze
     def failure_summary
       report = ["Failure analysis:"]
       report += @results.sort_by { |_, v| -v.length }.collect do |group, instances|
-        next if group == :success
+        next if group == :passed
+        next if group == :pending
         error_report(group, instances)
       end.reject(&:nil?).flatten
       report

data/lib/flores/rspec/formatters/analyze.rb

@@ -18,18 +18,62 @@ require "flores/namespace"
 require "rspec/core/formatters/base_text_formatter"
 
 Flores::RSpec::Formatters::Analyze = Class.new(RSpec::Core::Formatters::BaseTextFormatter) do
-  RSpec::Core::Formatters.register self, :dump_failures, :dump_summary
+  RSpec::Core::Formatters.register self, :dump_failures, :dump_summary, :start, :example_passed, :example_failed, :example_pending
+
+  SPINNER = %w(▘ ▝ ▗ ▖)
+
+  def example_passed(_event)
+    increment(:pass)
+  end
+
+  def example_failed(_event)
+    increment(:failed)
+  end
+
+  def example_pending(_event)
+    increment(:pending)
+  end
+
+  def increment(status)
+    return unless output.tty?
+    now = Time.new
+    if status == :failed
+      output.write("F")
+    elsif status == :pending
+      output.write("P")
+    end
+
+    update_status if now - @last_update > 0.200
+  end
+
+  def update_status
+    glyph = SPINNER[@count]
+    output.write("#{glyph} ")
+    @last_update = Time.new
+    @count += 1
+    @count = 0 if @count >= SPINNER.size
+  end
+
+  def start(event)
+    @last_update = Time.now
+    @total = event.count
+    @count = 0
+  end
 
   def dump_summary(event)
+    output.write("\r") if output.tty?
     # The event is an RSpec::Core::Notifications::SummaryNotification
     # Let's mimic the BaseTextFormatter but without the failing test report
-    output.puts 
     output.puts "Finished in #{event.formatted_duration}"
     output.puts "#{event.colorized_totals_line}"
   end
 
+  def failures?(examples)
+    return examples.select { |e| e.metadata[:execution_result].status == :failed }.any?
+  end
+
   def dump_failures(event)
-    output.puts
+    return unless failures?(event.examples)
     group = event.examples.each_with_object(Hash.new { |h, k| h[k] = [] }) do |e, m| 
       m[e.metadata[:full_description]] << e
       m
@@ -45,8 +89,10 @@ Flores::RSpec::Formatters::Analyze = Class.new(RSpec::Core::Formatters::BaseText
 
   def group_by_result(examples) # rubocop:disable Metrics/AbcSize
     examples.each_with_object(Hash.new { |h, k| h[k] = [] }) do |example, results|
-      if example.metadata[:execution_result].status == :passed
-        results[:success] << [example.metadata[:values], nil]
+      status = example.metadata[:execution_result].status
+      case status
+      when :passed, :pending
+        results[status] << [example.metadata[:values], nil]
       else
         exception = example.metadata[:execution_result].exception
         results[exception.class] << [example.metadata[:values], exception]

data/spec/flores/pki_spec.rb

@@ -0,0 +1,74 @@
+# encoding: utf-8
+# This file is part of ruby-flores.
+# Copyright (C) 2015 Jordan Sissel
+# 
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+# 
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+require "spec_init"
+require "flores/pki"
+
+describe Flores::PKI::CertificateSigningRequest do
+  let(:csr) { Flores::PKI::CertificateSigningRequest.new }
+
+  # Here, I use a 512-bit key for faster tests. 
+  # Please do not use 512-bit keys in production.
+  let(:key_bits) { 512 }
+
+  let(:key) { OpenSSL::PKey::RSA.generate(key_bits, 65537) }
+  let(:certificate_duration) { Flores::Random.number(1..86400) }
+
+  #before do
+    #csr.subject = "OU=Fancy Pants Co."
+    #csr.public_key = root_key.public_key
+    #csr.start_time = Time.now
+    #csr.expire_time = csr.start_time + certificate_duration
+  #end
+
+  shared_examples_for "a certificate" do
+    it "returns a valid certificate" do
+      expect(certificate).to(be_a(OpenSSL::X509::Certificate))
+    end
+  end
+
+  context "#subject=" do
+    context "with an invalid subject" do
+      let(:certificate_subject) { Flores::Random.text(1..20) }
+      it "fails" do
+        expect { csr.subject = certificate_subject }.to(raise_error(Flores::PKI::CertificateSigningRequest::InvalidSubject))
+      end
+    end
+  end
+
+  context "a self-signed client/server certificate" do
+    let(:certificate_subject) { "CN=server.example.com" }
+    before do
+      csr.subject = certificate_subject
+      csr.public_key = key.public_key
+      csr.start_time = Time.now
+      csr.expire_time = csr.start_time + certificate_duration
+      csr.signing_key = key
+    end
+    let(:certificate) { csr.create }
+    it_behaves_like "a certificate"
+  end
+end
+
+describe Flores::PKI do
+  context "#random_serial" do
+    let(:serial) { Flores::PKI.random_serial }
+    stress_it "generates a valid OpenSSL::BN value" do
+      OpenSSL::BN.new(serial)
+      Integer(serial)
+    end
+  end
+end

data/spec/flores/random_spec.rb

@@ -20,11 +20,27 @@ shared_examples_for String do
   stress_it "should be a String" do
     expect(subject).to(be_a(String))
   end
+  stress_it "have expected encoding" do
+    expect(subject.encoding).to(be == Encoding.default_external)
+  end
   stress_it "have valid encoding" do
     expect(subject).to(be_valid_encoding)
   end
 end
 
+shared_examples_for "network address" do
+  before { require "socket" }
+  stress_it "should be a valid ipv6 address according to Socket.pack_sockaddr_in" do
+    expect { Socket.pack_sockaddr_in(0, subject) }.not_to(raise_error)
+  end
+end
+
+shared_examples_for Socket do
+  stress_it "should be a Socket" do
+    expect(socket).to(be_a(Socket))
+  end
+end
+
 describe Flores::Random do
   analyze_results
 
@@ -44,6 +60,10 @@ describe Flores::Random do
         stress_it "has correct length" do
           expect(subject.length).to(eq(length))
         end
+
+        stress_it "has correct encoding" do
+          expect(subject.encoding).to(be == Encoding.default_external)
+        end
       end
 
       context "that is negative" do
@@ -128,5 +148,101 @@ describe Flores::Random do
       # counts (via iteration) and is slow on large numbers.
       expect(range).to(include(subject.count))
     end
+
+    context "{ ... }" do
+      stress_it "should invoke a given block for each iteration" do
+        count = 0
+        Flores::Random.iterations(range) do
+          count += 1
+        end
+        expect(count).to(be > 0)
+        expect(range).to(include(count))
+      end
+    end
+  end
+
+  describe "#items" do
+    let(:start) { Flores::Random.integer(1..1000) }
+    let(:length) { Flores::Random.integer(1..1000) }
+    let(:range) { start..(start + length) }
+    let(:items) { Flores::Random.iterations(range).collect { Flores::Random.number(1..1000) } }
+    subject { Flores::Random.item(items) }
+
+    stress_it "should choose a random item from the list" do
+      expect(items).to(include(subject))
+    end
+
+    context "with a list of numbers" do
+      stress_it "should be return a number" do
+        expect(subject).to(be_a(Numeric))
+      end
+    end
+  end
+
+  describe "#ipv6" do
+    subject { Flores::Random.ipv6 }
+    it_behaves_like "network address"
+  end
+
+  describe "#ipv4" do
+    subject { Flores::Random.ipv4 }
+    it_behaves_like "network address"
+  end
+
+  describe "networking" do
+    let(:socket) { subject[0] }
+    let(:host) { subject[1] }
+    let(:port) { subject[2] }
+    after do
+      socket.close
+    end
+
+    describe "#udp_listener" do
+      let(:text) { Flores::Random.text(1..100) }
+      subject { Flores::Random.udp_listener }
+      it_behaves_like Socket
+
+      context "#recvfrom" do
+        let(:payload) do
+          data, _ = socket.recvfrom(65536)
+          data.force_encoding(text.encoding)
+        end
+        let(:client) { UDPSocket.new }
+
+        before do
+          client.send(text, 0, host, port)
+        end
+
+        after do
+          client.close
+        end
+
+        it "receives udp packets" do
+          expect(payload).to(be == text)
+        end
+      end
+    end
+
+    describe "#tcp_listener" do
+      subject { Flores::Random.tcp_listener }
+      it_behaves_like Socket
+
+      context "#accept" do
+        let(:client) { TCPSocket.new(host, port) }
+
+        before do
+          client
+        end
+
+        after do
+          client.close
+        end
+
+        it "returns a socket" do
+          connection, _address = socket.accept
+          expect(connection).to(be_a(Socket))
+        end
+      end
+    end
   end
 end 

data/spec/spec_init.rb

@@ -14,6 +14,8 @@
 # 
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+require "simplecov"
+SimpleCov.start
 require "flores/random"
 require "flores/rspec"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: flores
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Jordan Sissel
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-24 00:00:00.000000000 Z
+date: 2015-06-23 00:00:00.000000000 Z
 dependencies: []
 description: |2
       Add fuzzing, randomization, and stress to your tests.
@@ -23,7 +23,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .rubocop.yml
+- ".rubocop.yml"
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -31,41 +31,43 @@ files:
 - README.md
 - examples/analyze_number.rb
 - examples/socket_acceptance_spec.rb
-- examples/socket_analyze_spec.rb
 - examples/socket_stress_spec.rb
 - flores.gemspec
 - lib/flores/namespace.rb
+- lib/flores/pki.rb
 - lib/flores/random.rb
 - lib/flores/rspec.rb
 - lib/flores/rspec/analyze.rb
 - lib/flores/rspec/formatters/analyze.rb
 - lib/flores/rspec/stress.rb
+- spec/flores/pki_spec.rb
 - spec/flores/random_spec.rb
 - spec/flores/rspec/stress_spec.rb
 - spec/spec_init.rb
-homepage:
+homepage: 
 licenses:
 - AGPL 3.0 - http://www.gnu.org/licenses/agpl-3.0.html
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.4.5
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
 specification_version: 4
 summary: Fuzz, randomize, and stress your tests
 test_files: []
+has_rdoc: 

data/examples/socket_analyze_spec.rb

@@ -1,40 +0,0 @@
-# encoding: utf-8
-# This file is part of ruby-flores.
-# Copyright (C) 2015 Jordan Sissel
-# 
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-# 
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-require "flores/random"
-require "socket"
-require "flores/rspec"
-
-RSpec.configure do |c|
-  Flores::RSpec.configure(c)
-end
-
-describe TCPServer do
-  subject(:socket) { Socket.new(Socket::AF_INET, Socket::SOCK_STREAM, 0) }
-  let(:sockaddr) { Socket.sockaddr_in(port, "127.0.0.1") }
-
-  context "on a random port" do
-    let(:port) { Flores::Random.integer(-100_000..100_000) }
-    stress_it2 "should bind successfully", [:port] do
-      begin
-        socket.bind(sockaddr)
-        expect(socket.local_address.ip_port).to(be == port)
-      ensure
-        socket.close
-      end
-    end
-  end
-end