jruby-openssl 0.8.0.pre3 → 0.8.0

data/test/fixture/purpose/ca/ca_config.rb

@@ -1,37 +0,0 @@
-class CAConfig
-  BASE_DIR = File.dirname(__FILE__)
-  KEYPAIR_FILE = "#{BASE_DIR}/private/cakeypair.pem"
-  CERT_FILE = "#{BASE_DIR}/cacert.pem"
-  SERIAL_FILE = "#{BASE_DIR}/serial"
-  NEW_CERTS_DIR = "#{BASE_DIR}/newcerts"
-  NEW_KEYPAIR_DIR = "#{BASE_DIR}/private/keypair_backup"
-  CRL_DIR = "#{BASE_DIR}/crl"
-
-  NAME = [['C', 'JP'], ['O', 'www.ruby-lang.org'], ['OU', 'development']]
-  CA_CERT_DAYS = 20 * 365
-  CA_RSA_KEY_LENGTH = 2048
-
-  CERT_DAYS = 18 * 365
-  CERT_KEY_LENGTH_MIN = 1024
-  CERT_KEY_LENGTH_MAX = 2048
-  CDP_LOCATION = nil
-  OCSP_LOCATION = nil
-
-  CRL_FILE = "#{CRL_DIR}/jruby.crl"
-  CRL_PEM_FILE = "#{CRL_DIR}/jruby.pem"
-  CRL_DAYS = 14
-
-  PASSWD_CB = Proc.new { |flag|
-    print "Enter password: "
-    pass = $stdin.gets.chop!
-    # when the flag is true, this passphrase
-    # will be used to perform encryption; otherwise it will
-    # be used to perform decryption.
-    if flag
-      print "Verify password: "
-      pass2 = $stdin.gets.chop!
-      raise "verify failed." if pass != pass2
-    end
-    pass
-  }
-end

data/test/fixture/purpose/ca/cacert.pem

@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
-MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
-MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDI5MjBaFw0yOTExMTQxMDI5MjBaMEwx
-CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzEUMBIGA1UE
-CwwLZGV2ZWxvcG1lbnQxCzAJBgNVBAMMAkNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA2nXhXZxXUs1Sfxqi8sReyzPHRcAHQM9RqDAGG9Nt1zYrLXwg
-MmUhOr4yBeW2KAxJGxdRQSzI38jyT6mrDRBpTl/OeU9zBG4p6AtFGkoMnRvUonB3
-CvgYJXhmrFjnHn34JNaRSORjaZDBmI9/fMGvaYndEM3wJ2b3jEOeizDIG60kZxA6
-XQ+X7ral+aABsjomubvjEQ9dlcDhQlssKjbjaN3NZ/kL/i/75jc6rzT05XYYkj+Z
-9rPRfT+HH3c5EYLtxcRTEHVWXMC8/of7oOFgZwwI3Cx9/v1s2Z6gdJ8J0kIkEoUL
-ziYsLIOmVB2tx0rKkmeivJB4PTM5QyHb7d1xUwIDAQABo4HsMIHpMA8GA1UdEwEB
-/wQFMAMBAf8wMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQg
-Q2VydGlmaWNhdGUwHQYDVR0OBBYEFBOZGvHkAfn+0Ct33rQ6tW2UmF5TMA4GA1Ud
-DwEB/wQEAwIBBjB0BgNVHSMEbTBrgBQTmRrx5AH5/tArd960OrVtlJheU6FQpE4w
-TDELMAkGA1UEBhMCSlAxGjAYBgNVBAoMEXd3dy5ydWJ5LWxhbmcub3JnMRQwEgYD
-VQQLDAtkZXZlbG9wbWVudDELMAkGA1UEAwwCQ0GCAQEwDQYJKoZIhvcNAQEFBQAD
-ggEBACfgSl3pA+e3JyjgS/zscaJHHNDwXIIoH0KY6pcrZnl7Zh8CW+Gdba621Lek
-aAy0YhAAM9bF87QZG1+sL7B2H1oSTt7F67SwQfq079oNWjhEdV5dxBKk6XaU0R31
-KXSsmLR4pMxcFdPzGM0FTiSj9FNKk2pydVySsa5jJeG0qvXVFMqsRUUwklQHl9Kx
-9GZiknt4PEGj/ThUwarhRbRjV5z7ZxXKexkangBlRWPX7TjvlpZPgLzAODG4fiRW
-ZUo8Ng7QolTJuPAhlVxhdi9n5hItm6mt21RTpQcP49KoGe8x+T4EzPO0PPdCMliD
-fH3udDO+bq2F8H4ts6ZJAYWFo8U=
------END CERTIFICATE-----

data/test/fixture/purpose/ca/newcerts/2_cert.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBjCCAe6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
-MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
-MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDMwMTdaFw0yODExMTQxMDMwMTdaMD0x
-CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzESMBAGA1UE
-AwwJc3Nsc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgYsazavfR
-a72yK4qfnIjOrDT9Uv2ToL4swbE86PXY5N+YvUig3fVmNJo72rT5JlAODs+MtJJU
-aJ8HsczlGdrhjTWyT/0fyoY/rC4mi5UFASBCbaoaviDPgbhI6ehBY6d5vEYQOW79
-fL95KIa+OyGzUNYy+EkSxJmvt/8EJYtqIwIDAQABo4GFMIGCMAwGA1UdEwEB/wQC
-MAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
-aWNhdGUwHQYDVR0OBBYEFJsUyGU/R4muSKVIeckJElcBNbipMAsGA1UdDwQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAAc49qdDC
-TzFoWy794TYEx/uSAFQPMxp/dktYuMvtMSqhOfkDAaX7YFAD40R9tQljm6Vb7uEB
-afAecveSyBN2EPZas8NdohJJcTT/pu39E9iMuvAoxz+R8RV7S/RikFOtoet79owa
-6lnD3893tz5RR5BloRX7yRii87U5LUdxd3CvEmA7ycNTO8ZEaAuLDitsTMxhPiIJ
-DeGW5L8DCyiWuDt9K6S13XdnDxTvYUmafVPU59BncdSoY/3BebappMzDM8QM0yCZ
-GWh7ItY4sncMur1fc9ZuSsyplT3d3jysmVXolz2khxboMPVBoRSTtgBOn1PSsVma
-FWULbrbYBK5Cqg==
------END CERTIFICATE-----

data/test/fixture/purpose/ca/newcerts/3_cert.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEDCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
-MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
-MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDMwMjdaFw0yODExMTQxMDMwMjdaMD0x
-CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzESMBAGA1UE
-AwwJc3NsY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgemBPByEo
-KbxaYnHXJxslyYsdWWCKf6j2mVIoxzC0b7W4TS5loBzOkZ05rkuapZ7O5flSMjtH
-5NMJ2h7/zsgK5XBkNRCPFK+8HMXVFdSs+euKY+2qE01P0NIuCrkvKjJgsrXdy3sG
-2UVUEoYEt5MHDR6aBL0Km+nVKc6T7O+KtQIDAQABo4GPMIGMMAwGA1UdEwEB/wQC
-MAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
-aWNhdGUwHQYDVR0OBBYEFOFnq0r6adftxM/7aApl0DDrLTNWMAsGA1UdDwQEAwIF
-4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQAD
-ggEBACiRGC9KvUP2PaU7JmcIzJHMJtz0mUsO8KJeFWmBCSkfQErF3egOzE47WcRM
-0lGy0e4fjJB3at/O2V4RgwkFpsBpGXv9LJ5ZVXkEu9PwzwLTGZ4VfSPNIXgse1lK
-9EYOXgL8XhL7c9XPJLRFOWt6Odwp1VjQ2RqkpYLYnsHZam+5gsRd5K2yS0VO8A1Q
-otxH1D4evwpoSAaRHSff71Qh7046g2jGvCvdEVqBXuAoOuY8IRvf6YpTKEcPuOOo
-t7h5kLIVKuG4/AikVZ62Xh7DjdRFxy/Pxg3uIhrvkHkG8QtEFgBBMHoQR6iSGf6N
-1SNrs9tpu1oqTSzoKFG72BsEA6M=
------END CERTIFICATE-----

data/test/fixture/purpose/ca/newcerts/4_cert.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBjCCAe6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
-MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
-MQswCQYDVQQDDAJDQTAeFw0xMTEyMTQwNDQxNTNaFw0yOTEyMDkwNDQxNTNaMD0x
-CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzESMBAGA1UE
-AwwJc3Nsc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgYsazavfR
-a72yK4qfnIjOrDT9Uv2ToL4swbE86PXY5N+YvUig3fVmNJo72rT5JlAODs+MtJJU
-aJ8HsczlGdrhjTWyT/0fyoY/rC4mi5UFASBCbaoaviDPgbhI6ehBY6d5vEYQOW79
-fL95KIa+OyGzUNYy+EkSxJmvt/8EJYtqIwIDAQABo4GFMIGCMAwGA1UdEwEB/wQC
-MAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
-aWNhdGUwHQYDVR0OBBYEFJsUyGU/R4muSKVIeckJElcBNbipMAsGA1UdDwQEAwIF
-IDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEArdmTvG5H
-elHkiHWp/yFdiIrbUHfDsAmB1jN7Zhte9yWzUuaVKR6GS6FzL4zU6dgAA3UNroVK
-MuyeL5Cejsck2+HgOvAtwTJFjP4c8YwdlYuycvMkk5EbaByY1h59ZvV1J+GxmoDA
-uO3iTqGrKwrFDK59yuxhdn1yyGTwYTBAdvllfSmTmfnbOkV/faF8gpRvrenx3lLK
-eAVhBCzAw2cblXKJEvly+wzAXykS6jagtrnHm5ilt2R5zPzS1wNJlzBq4laI+pZU
-timqb2wMA9TLd4FCKqK4HwiUKyAR7eknxtdskQ0/2DBAiOoh1Gl5hwnrDAlb73vA
-DDOusxgmoBZS4w==
------END CERTIFICATE-----

data/test/fixture/purpose/ca/private/cakeypair.pem

@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,1381BA5304F6971E
-
-NmDiHjP3Kn3gG7q0oG8n5nyCM8wp5PYeEpuwrZmnNzpdsTTxpPV2Px8wy9EBrR4k
-SeZufUHA7T+zOLc1mSGMm+LOSSV2CMcUnby+yVRuV7CTtw7AwD+et7asff/HU1v6
-GE4SbX0tnZskiAR00zZTN/C17w27HIG7qNHrEjCng/S4fKFVNe6riQbmQqvykYQS
-8bZsQzzlB8e8kxNV5EDvYag3oevgY7RpIWUXEwTHd46o+8GsExuhs+8WpiO1az1D
-vu0u0MpO5t6PKyafp5vdiLTiwoY8VUdCF627FbyCWFkSuRbYxXNiRZzIvgwtZS7d
-wHOr5aVA2ROli2S7W5Mmx00tww05mPdzQbk5q6ZMxD+lK9bIuHEGwBY0IaWjkJtt
-a0RyBilLatVE9866D40dmNKA4mzAqtADdq6vwzoEqd7kVdwjdk7EMvaZgACrBypH
-NfadJ+HG2TW+4gnZLG60y6YaMPXAbObCUHCUYVhJe/E4mGdSkKOGgiQks9hT448T
-+/YBt2TqCq3UQU2rfxLVV6AlD/tywTwPTb0Leu40oTNEQyJ9aaQXmcZHZlDWI+Sl
-xdvGule84RenlV+GnC5UlBxUopTKbVSI7tw10grJtz5/TWx7ubOQ4pCNHzxksQH7
-YqygX5F6jlR6GbZFYUozNf57Frh9zUmhc6YWGFeTz1uc6rRqTCrKcyqvRD9QCYPY
-P+8MhvztbbYOr+XRStVeuDXzMwS6/HUrlPTt0IvO3Hq9dFDaTg1bW4mzgdKuYotV
-VF5DRenkF8lalTFpMppNsfpldazrZ8VvW5qRwbKF4mu7AWsBh9IpZMW15LtI7fUA
-L+JQO8aBUq6gyXTzaJxx8kxpdcIRtubOIultptj2m/XPXNNFSsI5DMv7V5jh58sC
-ju2RwxwivcWh1XtQxc4RNzvP3/Ek85at+cO9Q74Tu4f8alJZiWT51PZRwaucdQ8y
-rYT32rsqoWw1MvkDDENHbEt1QZ7AFmO3zFeGYXbPNHoi2gKzCo7xQtCm+QXQAh7B
-87KoKqwS9BO9QA/F+htVW9mbA+Yc5a2vcykxYbGlGqyMleI8cU5AeIbGoZdyYaun
-cDX/NtyV3HGPD5aHUPcz/sP7KAbdLzwh72CzRqQQo8yxOmQEWdd7W8jtxt0on2cs
-AXj59c9jKRJl5XlXMQO+VWnWO04bWxs8PAgop5Y4ePY766/mL1bAr02kdI6DJ9mx
-Opmpqk4gPZpnksnCQWJelPPYad0S49QxbOIWf5bI9FMi+6cgVh76iC5nMGVGI+gw
-lS64zEHhSRXuAC9Nsw5d+owc3aCG15DzUjpEBhDJ8EYKP9kgiJU0rnqPqGrriyrb
-f6kNOisGvAbI3RldVDLvvZbZEffPu60yA1rP7XaBRPn4K3g+3KTiEcn00wwJaoc3
-rddzmUCbx6fOluN+34BiPdJzHBZsROEvCcT4KGw1/nZIp/GgX3f3nPW40go2RLFP
-THQ5L0tuEvyhtJWaiLzjoZ3kCiwWZUzUwYCSfP9raVVXAxLoS4wU+qqKPl6/AaLI
-NDgIDJtZ0hrnptZuCkBUzVGQzxpMr8IVK/zQDq8uSXI53heZhLQoww==
------END RSA PRIVATE KEY-----

data/test/fixture/purpose/ca/serial

@@ -1 +0,0 @@
-0005

data/test/fixture/purpose/cacert.pem

@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
-MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
-MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDI5MjBaFw0yOTExMTQxMDI5MjBaMEwx
-CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzEUMBIGA1UE
-CwwLZGV2ZWxvcG1lbnQxCzAJBgNVBAMMAkNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA2nXhXZxXUs1Sfxqi8sReyzPHRcAHQM9RqDAGG9Nt1zYrLXwg
-MmUhOr4yBeW2KAxJGxdRQSzI38jyT6mrDRBpTl/OeU9zBG4p6AtFGkoMnRvUonB3
-CvgYJXhmrFjnHn34JNaRSORjaZDBmI9/fMGvaYndEM3wJ2b3jEOeizDIG60kZxA6
-XQ+X7ral+aABsjomubvjEQ9dlcDhQlssKjbjaN3NZ/kL/i/75jc6rzT05XYYkj+Z
-9rPRfT+HH3c5EYLtxcRTEHVWXMC8/of7oOFgZwwI3Cx9/v1s2Z6gdJ8J0kIkEoUL
-ziYsLIOmVB2tx0rKkmeivJB4PTM5QyHb7d1xUwIDAQABo4HsMIHpMA8GA1UdEwEB
-/wQFMAMBAf8wMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQg
-Q2VydGlmaWNhdGUwHQYDVR0OBBYEFBOZGvHkAfn+0Ct33rQ6tW2UmF5TMA4GA1Ud
-DwEB/wQEAwIBBjB0BgNVHSMEbTBrgBQTmRrx5AH5/tArd960OrVtlJheU6FQpE4w
-TDELMAkGA1UEBhMCSlAxGjAYBgNVBAoMEXd3dy5ydWJ5LWxhbmcub3JnMRQwEgYD
-VQQLDAtkZXZlbG9wbWVudDELMAkGA1UEAwwCQ0GCAQEwDQYJKoZIhvcNAQEFBQAD
-ggEBACfgSl3pA+e3JyjgS/zscaJHHNDwXIIoH0KY6pcrZnl7Zh8CW+Gdba621Lek
-aAy0YhAAM9bF87QZG1+sL7B2H1oSTt7F67SwQfq079oNWjhEdV5dxBKk6XaU0R31
-KXSsmLR4pMxcFdPzGM0FTiSj9FNKk2pydVySsa5jJeG0qvXVFMqsRUUwklQHl9Kx
-9GZiknt4PEGj/ThUwarhRbRjV5z7ZxXKexkangBlRWPX7TjvlpZPgLzAODG4fiRW
-ZUo8Ng7QolTJuPAhlVxhdi9n5hItm6mt21RTpQcP49KoGe8x+T4EzPO0PPdCMliD
-fH3udDO+bq2F8H4ts6ZJAYWFo8U=
------END CERTIFICATE-----

data/test/fixture/purpose/scripts/gen_cert.rb

@@ -1,127 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'openssl'
-require 'ca_config'
-require 'fileutils'
-require 'getopts'
-
-include OpenSSL
-
-def usage
-  myname = File::basename($0)
-  $stderr.puts "Usage: #{myname} [--type (client|server|ca|ocsp)] [--out certfile] csr_file"
-  exit
-end
-
-getopts nil, 'type:client', 'out:', 'force'
-
-cert_type = $OPT_type
-out_file = $OPT_out || 'cert.pem'
-csr_file = ARGV.shift or usage
-ARGV.empty? or usage
-
-csr = X509::Request.new(File.open(csr_file).read)
-unless csr.verify(csr.public_key)
-  raise "CSR sign verification failed."
-end
-p csr.public_key
-if csr.public_key.n.num_bits < CAConfig::CERT_KEY_LENGTH_MIN
-  raise "Key length too short"
-end
-if csr.public_key.n.num_bits > CAConfig::CERT_KEY_LENGTH_MAX
-  raise "Key length too long"
-end
-if csr.subject.to_a[0, CAConfig::NAME.size] != CAConfig::NAME
-  unless $OPT_force
-    p csr.subject.to_a
-    p CAConfig::NAME
-    raise "DN does not match"
-  end
-end
-
-# Only checks signature here.  You must verify CSR according to your CP/CPS.
-
-$stdout.sync = true
-
-# CA setup
-
-ca_file = CAConfig::CERT_FILE
-puts "Reading CA cert (from #{ca_file})"
-ca = X509::Certificate.new(File.read(ca_file))
-
-ca_keypair_file = CAConfig::KEYPAIR_FILE
-puts "Reading CA keypair (from #{ca_keypair_file})"
-ca_keypair = PKey::RSA.new(File.read(ca_keypair_file), &CAConfig::PASSWD_CB)
-
-serial = File.open(CAConfig::SERIAL_FILE, "r").read.chomp.hex
-File.open(CAConfig::SERIAL_FILE, "w") do |f|
-  f << sprintf("%04X", serial + 1)
-end
-
-# Generate new cert
-
-cert = X509::Certificate.new
-from = Time.now # + 30 * 60	# Wait 30 minutes.
-cert.subject = csr.subject
-cert.issuer = ca.subject
-cert.not_before = from
-cert.not_after = from + CAConfig::CERT_DAYS * 24 * 60 * 60
-cert.public_key = csr.public_key
-cert.serial = serial
-cert.version = 2 # X509v3
-
-basic_constraint = nil
-key_usage = []
-ext_key_usage = []
-case cert_type
-when "ca"
-  basic_constraint = "CA:TRUE"
-  key_usage << "cRLSign" << "keyCertSign"
-when "terminalsubca"
-  basic_constraint = "CA:TRUE,pathlen:0"
-  key_usage << "cRLSign" << "keyCertSign"
-when "server"
-  basic_constraint = "CA:FALSE"
-  key_usage << "digitalSignature" << "keyEncipherment"
-  ext_key_usage << "serverAuth"
-when "ocsp"
-  basic_constraint = "CA:FALSE"
-  key_usage << "nonRepudiation" << "digitalSignature"
-  ext_key_usage << "serverAuth" << "OCSPSigning"
-when "client"
-  basic_constraint = "CA:FALSE"
-  key_usage << "nonRepudiation" << "digitalSignature" << "keyEncipherment"
-  ext_key_usage << "clientAuth" << "emailProtection"
-else
-  raise "unknonw cert type \"#{cert_type}\" is specified."
-end
-
-ef = X509::ExtensionFactory.new
-ef.subject_certificate = cert
-ef.issuer_certificate = ca
-ex = []
-ex << ef.create_extension("basicConstraints", basic_constraint, true)
-ex << ef.create_extension("nsComment","Ruby/OpenSSL Generated Certificate")
-ex << ef.create_extension("subjectKeyIdentifier", "hash")
-#ex << ef.create_extension("nsCertType", "client,email")
-ex << ef.create_extension("keyUsage", key_usage.join(",")) unless key_usage.empty?
-#ex << ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
-#ex << ef.create_extension("authorityKeyIdentifier", "keyid:always")
-ex << ef.create_extension("extendedKeyUsage", ext_key_usage.join(",")) unless ext_key_usage.empty?
-
-ex << ef.create_extension("crlDistributionPoints", CAConfig::CDP_LOCATION) if CAConfig::CDP_LOCATION
-ex << ef.create_extension("authorityInfoAccess", "OCSP;" << CAConfig::OCSP_LOCATION) if CAConfig::OCSP_LOCATION
-cert.extensions = ex
-cert.sign(ca_keypair, OpenSSL::Digest::SHA1.new)
-
-# For backup
-
-cert_file = CAConfig::NEW_CERTS_DIR + "/#{cert.serial}_cert.pem"
-File.open(cert_file, "w", 0644) do |f|
-  f << cert.to_pem
-end
-
-puts "Writing cert.pem..."
-FileUtils.copy(cert_file, out_file)
-
-puts "DONE. (Generated certificate for '#{cert.subject}')"

data/test/fixture/purpose/scripts/gen_csr.rb

@@ -1,50 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'getopts'
-require 'openssl'
-
-include OpenSSL
-
-def usage
-  myname = File::basename($0)
-  $stderr.puts <<EOS
-Usage: #{myname} [--key keypair_file] name
-  name ... ex. /C=JP/O=RRR/OU=CA/CN=NaHi/emailAddress=nahi@example.org
-EOS
-  exit
-end
-
-getopts nil, "key:", "csrout:", "keyout:"
-keypair_file = $OPT_key
-csrout = $OPT_csrout || "csr.pem"
-keyout = $OPT_keyout || "keypair.pem"
-
-$stdout.sync = true
-name_str = ARGV.shift or usage()
-p name_str
-name = X509::Name.parse(name_str)
-
-keypair = nil
-if keypair_file
-  keypair = PKey::RSA.new(File.open(keypair_file).read)
-else
-  keypair = PKey::RSA.new(1024) { putc "." }
-  puts
-  puts "Writing #{keyout}..."
-  File.open(keyout, "w", 0400) do |f|
-    f << keypair.to_pem
-  end
-end
-
-puts "Generating CSR for #{name_str}"
-
-req = X509::Request.new
-req.version = 0
-req.subject = name
-req.public_key = keypair.public_key
-req.sign(keypair, OpenSSL::Digest::MD5.new)
-
-puts "Writing #{csrout}..."
-File.open(csrout, "w") do |f|
-  f << req.to_pem
-end

data/test/fixture/purpose/scripts/init_ca.rb

@@ -1,66 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'openssl'
-require 'ca_config'
-
-include OpenSSL
-
-$stdout.sync = true
-
-cn = ARGV.shift || 'CA'
-
-unless FileTest.exist?('private')
-  Dir.mkdir('private', 0700)
-end
-unless FileTest.exist?('newcerts')
-  Dir.mkdir('newcerts')
-end
-unless FileTest.exist?('crl')
-  Dir.mkdir('crl')
-end
-unless FileTest.exist?('serial')
-  File.open('serial', 'w') do |f|
-    f << '2'
-  end
-end
-
-print "Generating CA keypair: "
-keypair = PKey::RSA.new(CAConfig::CA_RSA_KEY_LENGTH) { putc "." }
-putc "\n"
-
-now = Time.now
-cert = X509::Certificate.new
-name = CAConfig::NAME.dup << ['CN', cn]
-cert.subject = cert.issuer = X509::Name.new(name)
-cert.not_before = now
-cert.not_after = now + CAConfig::CA_CERT_DAYS * 24 * 60 * 60
-cert.public_key = keypair.public_key
-cert.serial = 0x1
-cert.version = 2 # X509v3
-
-key_usage = ["cRLSign", "keyCertSign"]
-ef = X509::ExtensionFactory.new
-ef.subject_certificate = cert
-ef.issuer_certificate = cert # we needed subjectKeyInfo inside, now we have it
-ext1 = ef.create_extension("basicConstraints","CA:TRUE", true)
-ext2 = ef.create_extension("nsComment","Ruby/OpenSSL Generated Certificate")
-ext3 = ef.create_extension("subjectKeyIdentifier", "hash")
-ext4 = ef.create_extension("keyUsage", key_usage.join(","), true)
-cert.extensions = [ext1, ext2, ext3, ext4]
-ext0 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
-cert.add_extension(ext0)
-cert.sign(keypair, OpenSSL::Digest::SHA1.new)
-
-keypair_file = CAConfig::KEYPAIR_FILE
-puts "Writing keypair."
-File.open(keypair_file, "w", 0400) do |f|
-  f << keypair.export(Cipher::DES.new(:EDE3, :CBC), &CAConfig::PASSWD_CB)
-end
-
-cert_file = CAConfig::CERT_FILE
-puts "Writing #{cert_file}."
-File.open(cert_file, "w", 0644) do |f|
-  f << cert.to_pem
-end
-
-puts "DONE. (Generated certificate for '#{cert.subject}')"

data/test/fixture/purpose/sslclient.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEDCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
-MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
-MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDMwMjdaFw0yODExMTQxMDMwMjdaMD0x
-CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzESMBAGA1UE
-AwwJc3NsY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgemBPByEo
-KbxaYnHXJxslyYsdWWCKf6j2mVIoxzC0b7W4TS5loBzOkZ05rkuapZ7O5flSMjtH
-5NMJ2h7/zsgK5XBkNRCPFK+8HMXVFdSs+euKY+2qE01P0NIuCrkvKjJgsrXdy3sG
-2UVUEoYEt5MHDR6aBL0Km+nVKc6T7O+KtQIDAQABo4GPMIGMMAwGA1UdEwEB/wQC
-MAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
-aWNhdGUwHQYDVR0OBBYEFOFnq0r6adftxM/7aApl0DDrLTNWMAsGA1UdDwQEAwIF
-4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQAD
-ggEBACiRGC9KvUP2PaU7JmcIzJHMJtz0mUsO8KJeFWmBCSkfQErF3egOzE47WcRM
-0lGy0e4fjJB3at/O2V4RgwkFpsBpGXv9LJ5ZVXkEu9PwzwLTGZ4VfSPNIXgse1lK
-9EYOXgL8XhL7c9XPJLRFOWt6Odwp1VjQ2RqkpYLYnsHZam+5gsRd5K2yS0VO8A1Q
-otxH1D4evwpoSAaRHSff71Qh7046g2jGvCvdEVqBXuAoOuY8IRvf6YpTKEcPuOOo
-t7h5kLIVKuG4/AikVZ62Xh7DjdRFxy/Pxg3uIhrvkHkG8QtEFgBBMHoQR6iSGf6N
-1SNrs9tpu1oqTSzoKFG72BsEA6M=
------END CERTIFICATE-----