RubyGems - omf_common - Versions diffs - 6.0.0 → 6.0.2.pre.1 - Mend

omf_common 6.0.0 → 6.0.2.pre.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

data/Gemfile +4 -0
data/bin/file_broadcaster.rb +56 -0
data/bin/file_receiver.rb +62 -0
data/bin/omf_keygen +21 -0
data/bin/{monitor_topic.rb → omf_monitor_topic} +21 -8
data/bin/omf_send_create +118 -0
data/bin/{send_request.rb → omf_send_request} +12 -7
data/example/engine_alt.rb +23 -24
data/example/ls_app.yaml +21 -0
data/lib/omf_common.rb +73 -12
data/lib/omf_common/auth.rb +15 -0
data/lib/omf_common/auth/certificate.rb +174 -0
data/lib/omf_common/auth/certificate_store.rb +72 -0
data/lib/omf_common/auth/ssh_pub_key_convert.rb +80 -0
data/lib/omf_common/comm.rb +66 -9
data/lib/omf_common/comm/amqp/amqp_communicator.rb +40 -13
data/lib/omf_common/comm/amqp/amqp_file_transfer.rb +259 -0
data/lib/omf_common/comm/amqp/amqp_topic.rb +14 -21
data/lib/omf_common/comm/local/local_communicator.rb +31 -2
data/lib/omf_common/comm/local/local_topic.rb +19 -3
data/lib/omf_common/comm/topic.rb +48 -34
data/lib/omf_common/comm/xmpp/communicator.rb +19 -10
data/lib/omf_common/comm/xmpp/topic.rb +22 -81
data/lib/omf_common/default_logging.rb +11 -0
data/lib/omf_common/eventloop.rb +14 -0
data/lib/omf_common/eventloop/em.rb +39 -6
data/lib/omf_common/eventloop/local_evl.rb +15 -0
data/lib/omf_common/exec_app.rb +29 -15
data/lib/omf_common/message.rb +53 -5
data/lib/omf_common/message/json/json_message.rb +149 -39
data/lib/omf_common/message/xml/message.rb +112 -39
data/lib/omf_common/protocol/6.0.rnc +5 -1
data/lib/omf_common/protocol/6.0.rng +12 -0
data/lib/omf_common/version.rb +1 -1
data/omf_common.gemspec +7 -2
data/test/fixture/omf_test.cert.pem +15 -0
data/test/fixture/omf_test.pem +15 -0
data/test/fixture/omf_test.pub +1 -0
data/test/fixture/omf_test.pub.pem +6 -0
data/test/omf_common/auth/certificate_spec.rb +113 -0
data/test/omf_common/auth/ssh_pub_key_convert_spec.rb +13 -0
data/test/omf_common/comm/topic_spec.rb +175 -0
data/test/omf_common/comm/xmpp/communicator_spec.rb +15 -16
data/test/omf_common/comm/xmpp/topic_spec.rb +63 -10
data/test/omf_common/comm_spec.rb +66 -9
data/test/omf_common/message/xml/message_spec.rb +43 -13
data/test/omf_common/message_spec.rb +14 -0
data/test/test_helper.rb +25 -0
metadata +78 -15
data/bin/send_create.rb +0 -94

data/lib/omf_common/message/xml/message.rb CHANGED Viewed

@@ -9,7 +9,6 @@ require 'omf_common/message/xml/relaxng_schema'
 module OmfCommon
 class Message
 class XML
   # @example To create a valid omf message, e.g. a 'create' message:
   #
   #   Message.create(:create,
@@ -47,12 +46,46 @@ class XML
         new(content)
       end
-      def parse(xml)
+      def parse(xml, content_type = "text/xml", &block)
+        raise ArgumentError, 'Need message handling block' unless block
+        content_type ||= "text/xml" # Since by default parent class pass in nil object
+        raise ArgumentError, "Unknown content type: #{content_type}" unless content_type =~ /xml/
         raise ArgumentError, 'Can not parse an empty XML into OMF message' if xml.nil? || xml.empty?
         xml_node = Nokogiri::XML(xml).root
-        self.create(xml_node.name.to_sym).tap do |message|
+        if xml_node.name.to_sym == :env # envelope
+          cert = xml_node.element_children.find { |v| v.element_name == 'cert' }.content
+          sig = xml_node.element_children.find { |v| v.element_name == 'sig' }.content
+          iss = xml_node.element_children.find { |v| v.element_name == 'iss' }.content
+          xml_node = xml_node.element_children.find { |v| v.element_name =~ /create|request|configure|release|inform/ }
+          if self.authenticate?
+            existing_cert = OmfCommon::Auth::CertificateStore.instance.cert_for(iss)
+            if existing_cert
+               cert = existing_cert
+            else
+              OmfCommon::Auth::CertificateStore.instance.register_x509(cert, iss)
+              cert = OmfCommon::Auth::CertificateStore.instance.cert_for(iss)
+            end
+            unless cert.verify_cert
+              warn "Invalid certificate '#{cert.to_s}', NOT signed by root certificate."
+              return nil
+            end
+            canonicalised_xml_node = fix_canonicalised_xml(xml_node.canonicalize)
+            unless cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(canonicalised_xml_node), Base64.decode64(sig), canonicalised_xml_node)
+              warn "Verfication failed #{canonicalised_xml_node} #{OpenSSL::Digest::SHA256.new(canonicalised_xml_node)}"
+              return nil
+            end
+          end
+        end
+        parsed_msg = self.create(xml_node.name.to_sym).tap do |message|
           message.xml = xml_node
           message.send(:_set_core, :mid, message.xml.attr('mid'))
@@ -82,6 +115,8 @@ class XML
             MPMessage.inject(Time.now.to_f, message.operation.to_s, message.mid, message.cid, message.to_s.gsub("\n",''))
           end
         end
+        block.call(parsed_msg)
+        parsed_msg
       end
     end
@@ -90,17 +125,50 @@ class XML
       OmfCommon::Comm::XMPP::Topic.create(r_id)
     end
-    def itype
-      @content.itype.to_s.upcase.gsub(/_/, '.') unless @content.itype.nil?
-    end
     def marshall
       build_xml
-      @xml.to_xml
+      if self.class.authenticate?
+        src = @content[:src]
+        src = src.address if src.is_a?(OmfCommon::Comm::Topic)
+        cert = OmfCommon::Auth::CertificateStore.instance.cert_for(src)
+        if cert && cert.can_sign?
+          debug "Found cert for '#{src} - #{cert}"
+          signature_node = Niceogiri::XML::Node.new(:sig)
+          canonicalised_xml = self.class.fix_canonicalised_xml(@xml.canonicalize)
+          signature = Base64.encode64(cert.key.sign(OpenSSL::Digest::SHA256.new(canonicalised_xml), canonicalised_xml)).encode('utf-8')
+          signature_node.add_child(signature)
+          @envelope = Niceogiri::XML::Node.new(:env, nil, OMF_NAMESPACE)
+          @envelope.add_child(@xml)
+          @envelope.add_child(signature_node)
+          iss_node = Niceogiri::XML::Node.new(:iss)
+          iss_node.add_child(src)
+          @envelope.add_child(iss_node)
+          #unless @certOnTopic[k = [topic, src]]
+          # first time for this src on this topic, so let's send the cert along
+          cert_node = Niceogiri::XML::Node.new(:cert)
+          cert_node.add_child(cert.to_pem_compact)
+          @envelope.add_child(cert_node)
+          #ALWAYS ADD CERT @certOnTopic[k] = Time.now
+          #end
+          ['text/xml', @envelope]
+        else
+          error "Missing cert for #{src}"
+          ['text/xml', nil]
+        end
+      else
+        ['text/xml', @xml]
+      end
     end
-    alias_method :to_xml, :marshall
-    alias_method :to_s, :marshall
+    def to_s
+      @content
+    end
     def build_xml
       @xml = Niceogiri::XML::Node.new(self.operation.to_s, nil, OMF_NAMESPACE)
@@ -118,25 +186,30 @@ class XML
       @xml.add_child(guard_node) if _get_core(:guard)
       (OMF_CORE_READ - [:mid, :guard, :operation]).each do |attr|
-        attr_value = self.send(attr)
+        attr_value = case attr
+                     when :itype
+                       self.itype(:frcp)
+                     when :src
+                       self.src.is_a?(OmfCommon::Comm::Topic) ? self.src.address : self.src
+                     else
+                       self.send(attr)
+                     end
         next unless attr_value
         add_element(attr, attr_value) unless (self.operation != :release && attr == :res_id)
       end
-      self.properties.each { |k, v| add_property(k, v) }
+      self.properties.each { |k, v| add_property(k, v) unless k == 'certificate'}
       self.guard.each { |k, v| add_property(k, v, :guard) } if _get_core(:guard)
-      #digest = OpenSSL::Digest::SHA512.new(@xml.canonicalize)
-      #add_element(:digest, digest)
       @xml
     end
     # Construct a property xml node
     #
     def add_property(key, value = nil, add_to = :props)
+      key = escape_key(key)
       if !default_props_ns.empty? && add_to == :props
         key_node = Niceogiri::XML::Node.new(key, nil, default_props_ns)
       else
@@ -162,6 +235,7 @@ class XML
       when Hash
         [].tap do |array|
           value.each_pair do |k, v|
+            k = escape_key(k)
             n = Niceogiri::XML::Node.new(k, nil, OMF_NAMESPACE)
             n.write_attr('type', ruby_type_2_prop_type(v.class))
@@ -191,33 +265,13 @@ class XML
         if key.nil?
           string_value(value)
         else
+          key = escape_key(key)
           n = Niceogiri::XML::Node.new(key, nil, OMF_NAMESPACE)
           n.add_child(string_value(value))
         end
       end
     end
-    # Generate SHA1 of canonicalised xml and write into the ID attribute of the message
-    #
-    def sign
-      write_attr('mid', SecureRandom.uuid)
-      write_attr('ts', Time.now.utc.to_i)
-      canonical_msg = self.canonicalize
-      #priv_key =  OmfCommon::Key.instance.private_key
-      #digest = OpenSSL::Digest::SHA512.new(canonical_msg)
-      #signature = Base64.encode64(priv_key.sign(digest, canonical_msg)).encode('utf-8') if priv_key
-      #write_attr('digest', digest)
-      #write_attr('signature', signature) if signature
-      if OmfCommon::Measure.enabled?
-        MPMessage.inject(Time.now.to_f, operation.to_s, mid, cid, self.to_s.gsub("\n",''))
-        @@mid_list << mid
-      end
-      self
-    end
     # Validate against relaxng schema
     #
     def valid?
@@ -236,6 +290,7 @@ class XML
     # Short cut for adding xml node
     #
     def add_element(key, value = nil, &block)
+      key = escape_key(key)
       key_node = Niceogiri::XML::Node.new(key)
       @xml.add_child(key_node)
       if block
@@ -310,7 +365,7 @@ class XML
     end
     def has_properties?
-      @content.properties.empty?
+      !@content.properties.empty?
     end
     def guard?
@@ -350,9 +405,8 @@ class XML
     #  end
     #end
-    alias_method :read_property, :[]
     alias_method :write_property, :[]=
+    alias_method :read_property, :[]
     private
@@ -360,6 +414,11 @@ class XML
       @content = content
       @content.mid = SecureRandom.uuid
       @content.ts = Time.now.utc.to_i
+      if (src = content[:src])
+        @content.src = OmfCommon.comm.create_topic(src)
+      end
+      # keep track if we sent local certs on a topic. Should do this the first time
+      @certOnTopic = {}
     end
     def _set_core(key, value)
@@ -394,6 +453,16 @@ class XML
       end
     end
+    def escape_key(key)
+      key = key.to_s
+      if key =~ /\W+/
+        warn "Due to the limitation of XML messages, please only use word character (a-z A-Z 0-9 _) in your property names. Offending characters will be replaced with underscore(_)."
+        key = key.gsub(/\W+/, '_')
+      else
+        key
+      end
+    end
     # Get string of a value object, escape if object is string
     def string_value(value)
       if value.kind_of? String
@@ -403,6 +472,10 @@ class XML
       end
       value
     end
+    def self.fix_canonicalised_xml(str)
+      str.gsub(/\n +/, '').gsub(/ xmlns=\"\"/, '')
+    end
   end
 end
 end

data/lib/omf_common/protocol/6.0.rnc CHANGED Viewed

@@ -1,6 +1,6 @@
 default namespace = "http://schema.mytestbed.net/omf/6.0/protocol"
-start = (create | configure | request | release | inform)
+start = (create | configure | request | release | inform | env)
 common_elements = attribute mid { text }?
   & element ts { text }
@@ -36,3 +36,7 @@ inform = element inform {
   & element cid { text }?
   & element itype { "CREATION.OK" | "CREATION.FAILED" | "STATUS" | "RELEASED" | "ERROR" | "WARN" }
 }
+env = element env {
+ create | configure | request | release | inform
+}

data/lib/omf_common/protocol/6.0.rng CHANGED Viewed

@@ -7,6 +7,7 @@
       <ref name="request"/>
       <ref name="release"/>
       <ref name="inform"/>
+      <ref name="env"/>
     </choice>
   </start>
   <define name="common_elements">
@@ -125,4 +126,15 @@
       </interleave>
     </element>
   </define>
+  <define name="env">
+    <element name="env">
+      <choice>
+        <ref name="create"/>
+        <ref name="configure"/>
+        <ref name="request"/>
+        <ref name="release"/>
+        <ref name="inform"/>
+      </choice>
+    </element>
+  </define>
 </grammar>

data/lib/omf_common/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module OmfCommon
-  VERSION = "6.0.0"
+  VERSION = "6.0.2.pre.1"
   PROTOCOL_VERSION = "6.0"
 end

data/omf_common.gemspec CHANGED Viewed

@@ -17,16 +17,21 @@ Gem::Specification.new do |s|
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.executables   = ["omf_monitor_topic","omf_send_request", "omf_send_create"]
   s.require_paths = ["lib"]
   # specify any dependencies here; for example:
   s.add_development_dependency "minitest", "~> 3.2"
   s.add_development_dependency "em-minitest-spec", "~> 1.1.1"
   s.add_development_dependency "simplecov"
+  s.add_development_dependency "pry"
+  s.add_development_dependency "mocha"
   s.add_runtime_dependency "eventmachine", "~> 0.12.10"
   s.add_runtime_dependency "blather", "= 0.8.1"
   s.add_runtime_dependency "logging", "~> 1.7.1"
   s.add_runtime_dependency "hashie", "~> 1.2.0"
-  s.add_runtime_dependency "oml4r", "~> 2.8.0"
+  s.add_runtime_dependency "oml4r", "~> 2.9.1"
+  #s.add_runtime_dependency "json-jwt", "~> 0.5.2"
+  #s.add_runtime_dependency "amqp", "~> 1.0.1"
 end

data/test/fixture/omf_test.cert.pem ADDED Viewed

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAcGgAwIBAgIJAIZg2YXVVvPIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTMwNDIzMDQyOTE5WhcNMjMwNDIxMDQyOTE5WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQC24IfY2Kat2C35gw+X1fM8NI7CJ5DvT19BoDjQviXy8RhBl4fCTNVBvYYzgZXC
+zVcTi4nAgJFbxvHMBeORmSWih5s3E/zllPWVmRstxGqscqoshjSnnU32p6HBXHEB
+0zuZsO/8Ff2+L0Q1QX9XhFntrJsyeiOk2fstz5AXovL6iQIDAQABo1AwTjAdBgNV
+HQ4EFgQUeXgde/SzFMMdPj0Sv7nGKlE0LoEwHwYDVR0jBBgwFoAUeXgde/SzFMMd
+Pj0Sv7nGKlE0LoEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAgLs56
+W7MpT9gc+/QGPt1FEIHqGGGwS/FuxQJEJnrnI0MpCf+2dqAlOwTKQDh+QB8558YO
+cdGqgrFKPJSVvIaqow9OStOqn+PpyhBgfrDMkKMCdmN3yW4JeytAM+z5pV44YtTw
+GBlr4kQzF0y3V1oo1+Ck1F1n+CARt2knmi3zAQ==
+-----END CERTIFICATE-----

data/test/fixture/omf_test.pem ADDED Viewed

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC24IfY2Kat2C35gw+X1fM8NI7CJ5DvT19BoDjQviXy8RhBl4fC
+TNVBvYYzgZXCzVcTi4nAgJFbxvHMBeORmSWih5s3E/zllPWVmRstxGqscqoshjSn
+nU32p6HBXHEB0zuZsO/8Ff2+L0Q1QX9XhFntrJsyeiOk2fstz5AXovL6iQIDAQAB
+AoGBALJb/mJBux6mTwChEJ43rskzQWCfEj40nWT2DTOZoI13Ev81+NRJ91vsqmyl
+oBikCJ8pYqp7OknWmJEx1Sd1xDs/jsb6AUfNsfJALtE54Cq2iEWBU3Q4BTuT1meE
+Fyvqww9YoFZIaYHvyDWYTH2B8eYrswSt4nCpKmr9eb/cBplhAkEA42Fl+aYUv2A6
+7EGFe+1OT9ctLZeEGPBIWuWIma6vj4+iM6Zn1rmsoqx3qsrjsIVUxpmmH5RvrJOY
+Vq0WvqDwxQJBAM3lJ3lzs5fLEjzk/obiU6PJFq6BCFUTVtbjaRe8uN450fBEm+0M
+pOacio2jDhA21ayHE+yAfZ2h0V+WXSvHNvUCQDV2JBTjoMMybAg6i5kMvbn1/NBY
+bJ20eT6t80U3Fl4pxlhgis+ozlddN7G3jHtnjfw4CiAotW0dMtdGUS+3BYUCQD3a
+YYly4LjxIIF6qZwL0eSaPF4gFUi5jpTvrFqdL0xTQmZTtiP4cHF3BYiXO1pTns09
+pxadYx8/xY5ZtZO5PSECQQCwGIGrXQnT6FVpuJFRIl1m0rglbXEHy1x8xRYaQNJX
+7cUKcQaIXoroQ43TQnkIcIK7Q11EFomrJBTTL7icpgfU
+-----END RSA PRIVATE KEY-----

data/test/fixture/omf_test.pub ADDED Viewed

	@@ -0,0 +1 @@
1	+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC24IfY2Kat2C35gw+X1fM8NI7CJ5DvT19BoDjQviXy8RhBl4fCTNVBvYYzgZXCzVcTi4nAgJFbxvHMBeORmSWih5s3E/zllPWVmRstxGqscqoshjSnnU32p6HBXHEB0zuZsO/8Ff2+L0Q1QX9XhFntrJsyeiOk2fstz5AXovL6iQ==

data/test/fixture/omf_test.pub.pem ADDED Viewed

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC24IfY2Kat2C35gw+X1fM8NI7C
+J5DvT19BoDjQviXy8RhBl4fCTNVBvYYzgZXCzVcTi4nAgJFbxvHMBeORmSWih5s3
+E/zllPWVmRstxGqscqoshjSnnU32p6HBXHEB0zuZsO/8Ff2+L0Q1QX9XhFntrJsy
+eiOk2fstz5AXovL6iQIDAQAB
+-----END PUBLIC KEY-----

data/test/omf_common/auth/certificate_spec.rb ADDED Viewed

@@ -0,0 +1,113 @@
+require 'test_helper'
+describe OmfCommon::Auth::Certificate do
+  before do
+    OmfCommon::Auth::CertificateStore.init
+    @root = OmfCommon::Auth::Certificate.create(nil, 'omf_ca', 'ca', 'omf')
+    OmfCommon::Auth::CertificateStore.instance.register(@root)
+  end
+  after do
+    OmfCommon::Auth::CertificateStore.reset
+  end
+  it "must create a self-signed root CA cert" do
+    @root.must_be_kind_of OmfCommon::Auth::Certificate
+    @root.address.must_be_nil
+    @root.subject.must_be_kind_of OpenSSL::X509::Name
+    @root.subject.to_s(OpenSSL::X509::Name::RFC2253).must_equal "CN=frcp//omf//frcp.ca.omf_ca"
+    @root.key.must_be_kind_of OpenSSL::PKey::RSA
+    @root.digest.must_be_kind_of OpenSSL::Digest::SHA1
+    cert = @root.to_x509
+    cert.must_be_kind_of OpenSSL::X509::Certificate
+    # It is self signed
+    cert.issuer.must_equal @root.subject
+    cert.verify(cert.public_key).must_equal true
+  end
+  it "must create an end-entity cert using root cert" do
+    lambda { @root.create_for }.must_raise ArgumentError
+    @entity = @root.create_for('my_addr', 'bob', 'my_resource', 'omf')
+    cert = @entity.to_x509
+    cert.issuer.must_equal @root.subject
+    cert.issuer.wont_equal cert.subject
+    cert.issuer.to_s(OpenSSL::X509::Name::RFC2253).must_equal "CN=frcp//omf//frcp.ca.omf_ca"
+    cert.subject.to_s(OpenSSL::X509::Name::RFC2253).must_equal "CN=frcp//omf//frcp.my_resource.bob"
+    cert.verify(@root.to_x509.public_key).must_equal true
+    @entity.verify_cert.must_equal true
+  end
+  it "must verify cert validity" do
+    @root.verify_cert.must_equal true
+    @root.create_for('my_addr', 'bob', 'my_resource', 'omf').verify_cert.must_equal true
+  end
+  describe "when init from an exisitng cert in pem format" do
+    before do
+      @private_folder = "#{File.dirname(__FILE__)}/../../fixture"
+      @cert = OmfCommon::Auth::Certificate.create_from_x509(File.read("#{@private_folder}/omf_test.cert.pem"))
+      @key = OpenSSL::PKey::RSA.new(File.read("#{@private_folder}/omf_test.pem"))
+      @pub_key = OpenSSL::PKey::RSA.new(File.read("#{@private_folder}/omf_test.pub.pem"))
+    end
+    it "must verify itself" do
+      # It is a self signed cert
+      @cert.subject.to_s(OpenSSL::X509::Name::RFC2253).must_equal "O=Internet Widgits Pty Ltd,ST=Some-State,C=AU"
+      @cert.to_x509.issuer.to_s(OpenSSL::X509::Name::RFC2253).must_equal "O=Internet Widgits Pty Ltd,ST=Some-State,C=AU"
+      @cert.verify_cert.must_equal true
+    end
+    it "must not have pirivate key initialised"  do
+      @cert.can_sign?.must_equal false
+    end
+    it "must have a correct public key" do
+      @pub_key.public?.must_equal true
+      @pub_key.private?.must_equal false
+      @cert.to_x509.public_key.to_s.must_equal @pub_key.to_s
+    end
+    it "must have a correct private key associated" do
+      @key.public?.must_equal true
+      @key.private?.must_equal true
+      @cert.to_x509.check_private_key(@key).must_equal true
+    end
+  end
+  describe "when provided an existing public key" do
+    it "must generate a cert contains a converted public key" do
+      private_folder = "#{File.dirname(__FILE__)}/../../fixture"
+      pub_key = OpenSSL::PKey::RSA.new(File.read("#{private_folder}/omf_test.pub.pem"))
+      test_entity = @root.create_for('my_addr', 'bob', 'my_resource', 'omf', 365, pub_key)
+      test_entity.to_x509.public_key.to_s.must_equal  pub_key.to_s
+      test_entity.can_sign?.must_equal false
+      test_entity.verify_cert.must_equal true
+    end
+  end
+  describe "when provided an existing public cert and I have a private key associated" do
+    it "must attach the private key into instance so it could sign messages" do
+      private_folder = "#{File.dirname(__FILE__)}/../../fixture"
+      key = OpenSSL::PKey::RSA.new(File.read("#{private_folder}/omf_test.pem"))
+      pub_key = OpenSSL::PKey::RSA.new(File.read("#{private_folder}/omf_test.pub.pem"))
+      x509_cert = @root.create_for('my_addr', 'bob', 'my_resource', 'omf', 365, pub_key).to_x509.to_s
+      # Now create an instance using this cert
+      test_entity = OmfCommon::Auth::Certificate.create_from_x509(x509_cert, key)
+      test_entity.to_x509.public_key.to_s.must_equal  pub_key.to_s
+      test_entity.can_sign?.must_equal true
+      test_entity.to_x509.check_private_key(key).must_equal true
+    end
+  end
+end