letscert 0.4.0 → 0.4.1

data/spec/certificate_spec.rb

@@ -1,185 +0,0 @@
-require_relative 'spec_helper'
-
-module LetsCert
-
-  describe Certificate do
-
-    before(:all) { Certificate.logger = Logger.new('/dev/null') }
-
-    before(:all) do
-      root_key = OpenSSL::PKey::RSA.new(512)
-
-      @domains = %w(example.org www.example.org)
-
-      key = OpenSSL::PKey::RSA.new(512)
-      @cert = OpenSSL::X509::Certificate.new
-      @cert.version = 2
-      @cert.serial = 2
-      @cert.issuer = OpenSSL::X509::Name.parse "/DC=letscert/CN=CA"
-      @cert.public_key = key.public_key
-      @cert.not_before = Time.now
-      # 20 days validity
-      @cert.not_after = @cert.not_before + 20 * 24 * 60 * 60
-      ef = OpenSSL::X509::ExtensionFactory.new
-      ef.subject_certificate = @cert
-      @domains.each do |domain|
-        @cert.add_extension(ef.create_extension('subjectAltName',
-                                                "DNS:#{domain}",
-                                                false))
-      end
-      @cert.sign(root_key, OpenSSL::Digest::SHA256.new)
-
-      # minimum size accepted by ACME server
-      @account_key2048 = OpenSSL::PKey::RSA.new(2048)
-    end
-
-    let(:certificate) { Certificate.new(@cert) }
-
-    context '#get' do
-
-      it 'checks all domains have a root' do
-        runner = Runner.new
-        ARGV.clear
-
-        ARGV << '-d' << 'example.com:/var/ww/html'
-        ARGV << '--server' << 'https://acme-staging.api.letsencrypt.org/directory'
-        runner.parse_options
-        VCR.use_cassette('single-domain') do
-          # raise error because no e-mail address was given
-          expect { certificate.get(nil, nil, runner.options) }.
-            to raise_error(Acme::Client::Error)
-        end
-
-        ARGV.clear
-        ARGV << '-d' << 'example.com:/var/www/html'
-        ARGV << '-d' << 'www.example.com'
-        ARGV << '--server' << 'https://acme-staging.api.letsencrypt.org/directory'
-        runner.options[:domains] = []
-        runner.parse_options
-        expect { certificate.get(nil, nil, runner.options) }.
-          to raise_error(LetsCert::Error).
-              with_message(/not specified: www\.example\.com\./)
-
-        ARGV.clear
-        ARGV << '-d' << 'example.com:/var/www/html'
-        ARGV << '-d' << 'www.example.com'
-        ARGV << '--default-root' << '/opt/www'
-        ARGV << '--server' << 'https://acme-staging.api.letsencrypt.org/directory'
-        runner.parse_options
-        VCR.use_cassette('default-root') do
-          # raise error because no e-mail address was given
-          expect { certificate.get(nil, nil, runner.options) }.
-            to raise_error(Acme::Client::Error)
-        end
-        expect(runner.options[:roots]['example.com']).to eq('/var/www/html')
-        expect(runner.options[:roots]['www.example.com']).to eq('/opt/www')
-      end
-
-      it 'uses existing account key' do
-        options = { roots: { 'example.com' => '/var/www/html' } }
-
-        VCR.use_cassette('no-server') do
-          # Connection error: no server to connect to
-          expect { certificate.get(@account_key2048, nil, options) }.
-            to raise_error(Faraday::ConnectionFailed)
-        end
-        expect(certificate.client.private_key).to eq(@account_key2048)
-      end
-
-      it 'creates an ACME account key if non exists' do
-        options = {
-          roots: { 'example.com' => '/var/www/html' },
-          account_key_size: 128,
-        }
-
-        VCR.use_cassette('no-server') do
-          # Connection error: no server to connect to
-          expect { certificate.get(nil, nil, options) }.
-            to raise_error(Faraday::ConnectionFailed)
-        end
-        expect(certificate.client.private_key).to be_a(OpenSSL::PKey::RSA)
-      end
-
-      it 'creates an ACME client with provided account key and end point' do
-        options = {
-          roots: { 'example.com' => '/var/www/html' },
-          server: 'https://acme-staging.api.letsencrypt.org/directory',
-        }
-
-        VCR.use_cassette('create-acme-client') do
-          # Acme error: not valid e-mail address
-          expect { certificate.get(@account_key2048, nil, options) }.
-            to raise_error(Acme::Client::Error)
-        end
-        expect(certificate.client.private_key).to eq(@account_key2048)
-        expect(certificate.client.instance_eval { @endpoint }).to eq(options[:server])
-      end
-
-      it 'raises when register without e-mail' do
-        options = {
-          roots: { 'example.com' => '/var/www/html' },
-          server: 'https://acme-staging.api.letsencrypt.org/directory',
-        }
-
-        VCR.use_cassette('create-acme-client-but-bad-email') do
-          # Acme error: not valid e-mail address
-          expect { certificate.get(@account_key2048, nil, options) }.
-            to raise_error(Acme::Client::Error).
-                with_message('not a valid e-mail address')
-        end
-      end
-
-      it 'responds to HTTP-01 challenge'
-
-      it 'raises if HTTP-01 challenge is unavailable' do
-        options = {
-          roots: { 'example.com' => '/var/www/html' },
-          server: 'https://acme-staging.api.letsencrypt.org/directory',
-          email: 'test@example.org',
-        }
-
-        VCR.use_cassette('no-http-01-challenge') do
-          certificate.get_acme_client(@account_key2048, options) do |client|
-            client.connection.builder.insert 0, RemoveHttp01Middleware
-          end
-          expect { certificate.get(@account_key2048, nil, options) }.
-            to raise_error(LetsCert::Error).with_message(/not offer http-01/)
-        end
-      end
-
-      it 'reuses existing private key if --reuse-key is present'
-
-    end
-
-    context '#revoke' do
-      it 'raises if no certificate is given' do
-        certificate = Certificate.new(nil)
-        expect { certificate.revoke(@account_key2048) }.
-          to raise_error(LetsCert::Error)
-      end
-
-      it 'revokes an existing certificate'
-    end
-
-    context '#valid?' do
-
-      it 'checks whether a certificate is valid given a minimum valid duration' do
-        expect(certificate.valid?(@domains)).to be(true)
-        expect(certificate.valid?(@domains, 19)).to be(true)
-        expect(certificate.valid?(@domains, 21 * 24 * 3600)).to be(false)
-      end
-
-      it 'raises whether a certificate does not validate a given domain' do
-        expect(certificate.valid?(@domains)).to be(true)
-        expect(certificate.valid?(@domains[0, 1])).to be(true)
-
-        domains = @domains + %w(another.tld)
-        expect { certificate.valid?(domains) }.to raise_error(LetsCert::Error)
-        expect { certificate.valid?(%w(another.tld)) }.to raise_error(LetsCert::Error)
-      end
-
-    end
-
-  end
-
-end

data/spec/chain.pem

@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
-BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
-PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
-dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
-gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
-4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
-EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
-BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
-b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
-ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
-MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
-AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
-MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
-LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
-pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
-v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
-ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
-ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
-6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
-f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
------END CERTIFICATE-----

data/spec/fullchain.pem

@@ -1,59 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFmzCCBIOgAwIBAgISAVjEgN3oIZzLvwTkSOVu08NlMA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMTExNzQyMDBaFw0x
-NjA1MTExNzQyMDBaMBIxEDAOBgNVBAMTB2xkNzcuZXUwggGiMA0GCSqGSIb3DQEB
-AQUAA4IBjwAwggGKAoIBgQDPpsQCigwsWHwBhKGiXb8IDDVdV2q36tIsyP2WQmZy
-G4JpasPpmVxuK2qPsYjEQRt+9VsKwOvuq1hNpQCJLtHXEweg8d4Px83WVQbcrdP5
-U3hJgPbFFI6UXyx5BtsctDdYLxxi91tKn8g7nZgEGw1/NcSXkXQ6Q1/O5zwt2CME
-/xGTASI74kR2nXhIU8ZPth52R99UpIYquy2n0cNyadgFuhNq+jWZ8ks+ZYY/b1s4
-YL6cCx9SIAvDonrZGGG01ilZJWCxjgXxwXN5o78/22vyHcoBuwiK+6vPTKZ/+zvK
-MjDXES7sM791mjgh7c+NL57SCw4D4zYq7ABmx7tCip5BGTT9n/BdoKxBK8vaU9tA
-Qe3OYYXcdXN3g9up249U/+H9Hy/fu2/BYe7CDIkEU/1kQosYYKpSJv1WAU12gb77
-k7u1DnR+5vP/EwA+/rLb9MvEuj8mA9oKnLVq6zOaY/LXxcVVXEJEktoDV+Y27VuU
-yB5J1n7OL2SXzycj693Sk/sCAwEAAaOCAjEwggItMA4GA1UdDwEB/wQEAwIFoDAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
-HQ4EFgQUtxSm/clLMtOKm+p5seP4OsvYSFEwHwYDVR0jBBgwFoAUqEpqYwR93brm
-0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8v
-b2NzcC5pbnQteDEubGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDov
-L2NlcnQuaW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wOwYDVR0RBDQwMoIHbGQ3Ny5l
-dYIMaW1hcC5sZDc3LmV1ggxzbXRwLmxkNzcuZXWCC3d3dy5sZDc3LmV1MIH+BgNV
-HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
-ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
-VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
-aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
-aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
-cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAEUjrcJKy04CiIGMuJwdHUQ7
-25YywkoVxo7K8GnLs1uf5XREJgil2GPD6uL//U2V8FzreP/eDQFluNJSYE3F9F1b
-f2X3TOSnJnRllFputgWMiIL8BzAbrR5UgEhrsSWS0AxK5Zh3GNTFa3pjQWu6swIl
-eDAj2iJHCOuL2t33vk8G2bYdFOih0EL6WwWjrwsu4lNmjxDqKe3VOM0HJE/DBbWw
-sqhZv1UOZZl8hJ6iID/hL7Tco6r1LcH5Fsyq8Yd/qbd4+kErWEvz/CeGsMDHFgYn
-oefVSYJ7mA/lJTWdydeUTkdQ04H8s/pjtI8SKpMmVTQa+xdqsH2YMBEv8dspMzk=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
-BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
-PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
-dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
-gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
-4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
-EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
-BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
-b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
-ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
-MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
-AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
-MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
-LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
-pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
-v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
-ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
-ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
-6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
-f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
------END CERTIFICATE-----

data/spec/io_plugin_spec.rb

@@ -1,387 +0,0 @@
-require_relative 'spec_helper'
-require 'fileutils'
-
-module LetsCert
-
-  describe IOPlugin do
-
-    it '.empty_data always returns the same hash' do
-      hsh = IOPlugin.empty_data
-
-      expect(hsh.keys.size).to eq(4)
-      [:account_key, :key, :cert, :chain].each do |key|
-        expect(hsh.keys).to include(key)
-        expect(hsh[key]).to be_nil
-      end
-    end
-
-    it '.register registers known subclasses' do
-      names = %w(account_key.json key.pem key.der chain.pem fullchain.pem)
-      names += %w(cert.pem cert.der)
-
-      expect(IOPlugin.registered.size).to eq(names.size)
-
-      names.each do |name|
-        expect(IOPlugin.registered.keys).to include(name)
-      end
-    end
-
-    it '.register may register new classes' do
-      class NewIO < IOPlugin;end
-      IOPlugin.register(NewIO, 'newio')
-
-      expect(IOPlugin.registered.keys).to include('newio')
-      expect(IOPlugin.registered['newio']).to be_a(NewIO)
-    end
-
-  end
-
-  describe JWKIOPluginMixin do
-
-    class Test; include JWKIOPluginMixin; end
-
-    let(:test) { Test.new }
-
-    it "#load_jwk loads a RSA key from a JSON Web Key raw string" do
-      jwk = File.read(File.join(File.dirname(__FILE__), 'test.json'))
-      key = test.load_jwk(jwk)
-
-      expect(key).to be_a(OpenSSL::PKey::PKey)
-    end
-
-    it "#dump_jwk dumps a RSA key to a JSON Web Key raw string" do
-      jwk = File.read(File.join(File.dirname(__FILE__), 'test.json'))
-      key = test.load_jwk(jwk)
-
-      jwk2 = test.dump_jwk(key)
-      expect(jwk2).to eq(jwk)
-    end
-  end
-
-  describe AccountKey do
-
-    before(:all) { IOPlugin.logger = Logger.new('/dev/null') }
-    let(:ak) { IOPlugin.registered['account_key.json'] }
-
-    it 'persist account_key' do
-      persisted = ak.persisted
-      expect(persisted[:account_key]).to be(true)
-    end
-
-    it "#load account key from account_key.json file" do
-      expect(ak).to be_a(AccountKey)
-
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        content = ak.load
-        expect(content).to be_a(Hash)
-        expect(content.keys.size).to eq(1)
-        expect(content[:account_key]).to be_a(OpenSSL::PKey::PKey)
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-    end
-
-    it "#save account key to account_key.json file" do
-      data = { account_key: OpenSSL::PKey::RSA.new(1024) }
-      ak.save(data)
-      begin
-        expect(File.exist?('account_key.json')).to be_truthy
-      rescue Exception
-        raise
-      ensure
-        File.unlink('account_key.json')
-      end
-    end
-
-  end
-
-  describe KeyFile do
-
-    let(:keypem) { IOPlugin.registered['key.pem'] }
-    let(:keyder) { IOPlugin.registered['key.der'] }
-
-    it 'persist key' do
-      expect(keypem.persisted[:key]).to be(true)
-      expect(keyder.persisted[:key]).to be(true)
-    end
-
-    it '#load private key from key.pem file' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = keypem.load
-        expect(data[:key]).to be_a(OpenSSL::PKey::RSA)
-        expect(data[:key].params['d']).to eq(OpenSSL::BN.new(0x573C8C0EADCBA5E571CD57FAB4D9FE6AC9DC5F9ADF8FEC48667D836B6A0EA9E1240D2A5861258A7E6E5EA1052AFAD71176A49E90BA80F43C44F2BD415161C1E71AA37E7C2BE5C7C18CF964A5A7100C801F558C7B7825D082FEF79A76963786D8CDFE1058F7F178869A09F5377F51DD45EA05B428F41F09C9F29D37BB539512C5))
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-    end
-
-    it '#save private key to key.pem file' do
-      data = { key: OpenSSL::PKey::RSA.new(512) }
-      keypem.save data
-      begin
-        expect(File.exist? 'key.pem').to be(true)
-
-        data2 = keypem.load
-        expect(data2[:key].params['d'].to_i).to eq(data[:key].params['d'].to_i)
-      rescue Exception
-        raise
-      ensure
-        File.unlink 'key.pem'
-      end
-    end
-
-    it '#load private key from key.der file' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = keyder.load
-        expect(data[:key]).to be_a(OpenSSL::PKey::RSA)
-        expect(data[:key].params['d']).to eq(OpenSSL::BN.new(0x648C2A57083D12CA32A89538DD1AD7BAC5C522E682F0AFD9C834BB44CC536A57880F24D9D8987A0FC2CEF5C8F7A9BA70223E3C3E06229C815955FCE06F198175))
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-    end
-
-    it '#save private key to key.der file' do
-      data = { key: OpenSSL::PKey::RSA.new(512) }
-      keyder.save data
-      begin
-        expect(File.exist? 'key.der').to be(true)
-
-        data2 = keyder.load
-        expect(data2[:key].params['d'].to_i).to eq(data[:key].params['d'].to_i)
-      rescue Exception
-        raise
-      ensure
-        File.unlink 'key.der'
-      end
-    end
-  end
-
-  describe ChainFile do
-    let(:chain) { IOPlugin.registered['chain.pem'] }
-
-    it 'persist chain' do
-      expect(chain.persisted[:chain]).to be(true)
-    end
-
-    it '#load chain from chain.pem file' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = chain.load
-        expect(data[:cert]).to be_nil
-        expect(data[:chain]).to_not be_nil
-        expect(data[:chain]).to be_a(Array)
-        expect(data[:chain].first).to be_a(OpenSSL::X509::Certificate)
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-    end
-
-    it '#save chain to chain.pem file' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = chain.load
-        expect(data[:cert]).to be_nil
-        expect(data[:chain]).to_not be_nil
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-
-      chain.save data
-
-      begin
-        expect(File.exist? 'chain.pem').to be(true)
-
-        data2 = chain.load
-        data2[:chain].each_with_index do |cert, i|
-          expect(cert.to_pem).to eq(data[:chain][i].to_pem)
-        end
-      rescue Exception
-        raise
-      ensure
-        File.unlink 'chain.pem'
-      end
-    end
-
-  end
-
-  describe FullChainFile do
-    let(:fullchain) { IOPlugin.registered['fullchain.pem'] }
-
-    it 'persist chain' do
-      expect(fullchain.persisted[:chain]).to be(true)
-    end
-
-    it 'persist cert' do
-      expect(fullchain.persisted[:cert]).to be(true)
-    end
-
-    it '#load cert and chain from fullchain.pem file' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = fullchain.load
-        expect(data[:cert]).to_not be_nil
-        expect(data[:cert]).to be_a(OpenSSL::X509::Certificate)
-        expect(data[:chain]).to_not be_nil
-        expect(data[:chain]).to be_a(Array)
-        expect(data[:chain].first).to be_a(OpenSSL::X509::Certificate)
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-    end
-
-    it '#save cert and chain to fullchain.pem file' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = fullchain.load
-        expect(data[:cert]).to_not be_nil
-        expect(data[:chain]).to_not be_nil
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-
-      fullchain.save data
-
-      begin
-        expect(File.exist? 'fullchain.pem').to be(true)
-
-        data2 = fullchain.load
-        expect(data2[:cert].to_pem).to eq(data[:cert].to_pem)
-        data2[:chain].each_with_index do |cert, i|
-          expect(cert.to_pem).to eq(data[:chain][i].to_pem)
-        end
-      rescue Exception
-        raise
-      ensure
-        File.unlink 'fullchain.pem'
-      end
-    end
-
-  end
-
-  describe CertFile do
-
-    let(:certpem) { IOPlugin.registered['cert.pem'] }
-    let(:certder) { IOPlugin.registered['cert.der'] }
-
-    it 'persist cert' do
-      expect(certpem.persisted[:cert]).to be(true)
-      expect(certder.persisted[:cert]).to be(true)
-    end
-
-    it '#load cert from cert.pem' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = certpem.load
-        expect(data[:cert]).to_not be_nil
-        expect(data[:cert]).to be_a(OpenSSL::X509::Certificate)
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-    end
-
-    it '#load cert from cert.der' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = certder.load
-        expect(data[:cert]).to_not be_nil
-        expect(data[:cert]).to be_a(OpenSSL::X509::Certificate)
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-    end
-
-    it '#save cert to cert.pem' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = certpem.load
-        expect(data[:cert]).to_not be_nil
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-
-      certpem.save data
-
-      begin
-        expect(File.exist? 'cert.pem').to be(true)
-
-        data2 = certpem.load
-        expect(data2[:cert].to_pem).to eq(data[:cert].to_pem)
-      rescue Exception
-        raise
-      ensure
-        File.unlink 'cert.pem'
-      end
-    end
-
-    it '#save cert to cert.der' do
-      pwd = FileUtils.pwd
-      FileUtils.cd File.dirname(__FILE__)
-
-      begin
-        data = certder.load
-        expect(data[:cert]).to_not be_nil
-      rescue Exception
-        raise
-      ensure
-        FileUtils.cd pwd
-      end
-
-      certder.save data
-
-      begin
-        expect(File.exist? 'cert.der').to be(true)
-
-        data2 = certder.load
-        expect(data2[:cert].to_pem).to eq(data[:cert].to_pem)
-      rescue Exception
-        raise
-      ensure
-        File.unlink 'cert.der'
-      end
-    end
-  end
-
-end

data/spec/key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCcUtDEgi7FE8IO5NINg6qNmxm4XBw24GYMCfPz+InzGu1naMoQ
-Up83B9qlNJpNKj7MnaRFePWnEgS9JbUxEYPoUB6zRDnabgzABsy4Tcrg6F3LXsHG
-T72QZfU/fInLr+Ib4qE+oJ8jpQY6zRb1/SMXEcPFF5zSLzT3IEYNrAgUoQIDAQAB
-AoGAVzyMDq3LpeVxzVf6tNn+asncX5rfj+xIZn2Da2oOqeEkDSpYYSWKfm5eoQUq
-+tcRdqSekLqA9DxE8r1BUWHB5xqjfnwr5cfBjPlkpacQDIAfVYx7eCXQgv73mnaW
-N4bYzf4QWPfxeIaaCfU3f1HdReoFtCj0HwnJ8p03u1OVEsUCQQDQIUQZN9KyTv6B
-EBc50RNjeUxz13Ivjn8lWX95yf2VFfFRbS9hwOzsDl3jNtWqEtoePZsqdjwHlbMI
-ovfls/rTAkEAwEcs2u2+07EflbLkbmEF/5zJQXdslKd8Cx6Xp/jtyO09sPj9Jjnb
-h6pWXRLHgn8JsojX6ALPpqOGpryKBgXiOwJBAMMwT4Mu/SRIPRqhEocgcwR5P5/s
-T6QWCVvnwUtgibcFqxloQmV03zzKhHaQeHVV1MVDlX+O/uFGHW9eFwqPbg0CQQCA
-aojgpsw+IhvQJSw/M/mHoDUhzhrspXdJDeOHwc891ITRP1oDP70IvJD1lGc/Fo1p
-ec+JGueIicqSbXVZVHClAkBW8wwSK/QBG9eAkWH9i2WCJb3okYsmRoSwDAYIsnMO
-GOn1TJ8b7rorKE6S3G1v+jQSXFx6Pc+HU+weS7Ux8UIV
------END RSA PRIVATE KEY-----