omf_common 6.0.7.1 → 6.0.8.pre.1

data/lib/omf_common/message.rb

@@ -32,6 +32,7 @@ module OmfCommon
     }
     @@message_class = nil
     @@authenticate_messages = false
+    @@authorisation_hook = nil
 
     def self.create(type, properties, body = {})
       @@message_class.create(type, properties || {}, body)
@@ -49,15 +50,23 @@ module OmfCommon
     end
 
     # Parse message from 'str' and pass it to 'block'.
-    # If authnetication is on, the message will only be handed
-    # to 'block' if the source of the message can be authenticated.
+    # If authentication is on, the message will only be handed
+    # to 'block' if the source of the message can be authorized.
     #
     def self.parse(str, content_type = nil, &block)
       raise ArgumentError, 'Need message handling block' unless block
-      @@message_class.parse(str, content_type, &block)
+      @@message_class.parse(str, content_type) do |msg|
+        if @@authorisation_hook
+          # Hook will return message if it's authorized. Handing in
+          # dispatch block in case hook needs more time for authorization.
+          msg = @@authorisation_hook.authorize(msg, &block)
+        end
+        block.call(msg) if msg
+      end
     end
 
     def self.init(opts = {})
+      puts opts.inspect
       if @@message_class
         raise "Message provider already iniitalised"
       end
@@ -75,9 +84,21 @@ module OmfCommon
       else
         raise "Missing provider class info - :constructor"
       end
-      @@authenticate_messages = opts[:authenticate] if opts[:authenticate]
+      aopts = opts[:authenticate] || {}
+      @@authenticate_messages = opts[:authenticate] && !(aopts[:authenticate] == false)
+      if pdp_opts = (opts[:authenticate] || {})[:pdp]
+        require pdp_opts.delete(:require) if pdp_opts[:require]
+        unless pdp_constructor = pdp_opts.delete(:constructor)
+          raise "Missing PDP provider declaration."
+        end
+
+        pdp_class = pdp_constructor.split('::').inject(Object) {|c,n| c.const_get(n) }
+        @@authorisation_hook = pdp_class.new(pdp_opts)
+      end
     end
 
+    attr_reader :issuer
+
     OMF_CORE_READ.each do |pname|
       define_method(pname.to_s) do |*args|
         _get_core(pname)
@@ -109,7 +130,7 @@ module OmfCommon
       #raise if name.to_sym == :itype
       if ns
         @props_ns ||= {}
-        @props_ns.merge(ns)
+        @props_ns.merge!(ns)
       end
       _set_property(name.to_sym, value, ns)
     end
@@ -204,7 +225,7 @@ module OmfCommon
     # Get all property namespace defs
     def props_ns
       @props_ns ||= {}
-      default_props_ns.merge(@props_ns)
+      default_props_ns.merge(@props_ns).stringify_keys
     end
 
     private

data/lib/omf_common/message/json/json_message.rb

@@ -29,7 +29,7 @@ module OmfCommon
             #properties = {select: properties}
             properties = {}
             req_props.each {|n| properties[n] = nil }
-            
+
           elsif not properties.kind_of?(Hash)
             raise "Expected hash, but got #{properties.class}"
           end
@@ -38,7 +38,8 @@ module OmfCommon
             mid: SecureRandom.uuid,
             props: properties
           })
-          self.new(content)
+          issuer = self.authenticate? ? (body[:issuer] || body[:src]) : nil
+          self.new(content, issuer)
         end
 
         def self.create_inform_message(itype = nil, properties = {}, body = {})
@@ -46,22 +47,25 @@ module OmfCommon
           create(:inform, properties, body)
         end
 
-        # Create and return a message by parsing 'str'
+        # Create and authenticate, if necessary a message and pass it
+        # on to 'block' if parsing (and authentication) is successful.
         #
         def self.parse(str, content_type, &block)
           #puts "CT>> #{content_type}"
+          issuer = nil
           case content_type.to_s
           when 'jwt'
-            content = parse_jwt(str, &block)
+            content, issuer = parse_jwt(str, &block)
           when 'text/json'
             content = JSON.parse(str, :symbolize_names => true)
           else
             warn "Received message with unknown content type '#{content_type}'"
           end
           #puts "CTTT>> #{content}::#{content.class}"
-          msg = content ? new(content) : nil
-          block.call(msg) if msg
-          msg
+          if (content)
+            msg = new(content, issuer)
+            block.call(msg)
+          end
         end
 
         def self.parse_jwt(jwt_string)
@@ -84,16 +88,17 @@ module OmfCommon
             # NOTE:
             #  Some JSON libraries generates wrong format of JSON (spaces between keys and values etc.)
             #  So we need to use raw base64 strings for signature verification.
-            unless src = claims[:iss]
+            unless issuer = claims[:iss]
               warn "JWT: Message is missing :iss element"
               return nil
             end
-            if cert_pem = claims[:crt]
+            if ceat_pem = claims[:crt]
               # let's the credential store take care of it
-              OmfCommon::Auth::CertificateStore.instance.register_x509(cert_pem, src)
+              pem = "#{OmfCommon::Auth::Certificate::BEGIN_CERT}#{cert_pem}#{OmfCommon::Auth::Certificate::END_CERT}"
+              OmfCommon::Auth::CertificateStore.instance.register_x509(pem)
             end
-            unless cert = OmfCommon::Auth::CertificateStore.instance.cert_for(src)
-              warn "JWT: Can't find cert for issuer '#{src}'"
+            unless cert = OmfCommon::Auth::CertificateStore.instance.cert_for(issuer)
+              warn "JWT: Can't find cert for issuer '#{issuer}'"
               return nil
             end
 
@@ -103,7 +108,7 @@ module OmfCommon
 
             #puts ">>> #{cert.to_x509.public_key}::#{signature_base_string}"
             jwt.verify signature_base_string, cert.to_x509.public_key #unless key_or_secret == :skip_verification
-            JSON.parse(claims[:cnt], :symbolize_names => true)
+            [JSON.parse(claims[:cnt], :symbolize_names => true), cert]
           else
             warn('JWT: Invalid Format. JWT should include 2 or 3 dots.')
             return nil
@@ -180,17 +185,26 @@ module OmfCommon
           if @content[:src].is_a? OmfCommon::Comm::Topic
             @content[:src] = @content[:src].address
           end
+          @content[:itype] = self.itype(:frcp)
+
           #raise 'local/local' if @content[:src].id.match 'local:/local'
           #puts @content.inspect
           payload = @content.to_json
           if self.class.authenticate?
-             src = @content[:src]
-             cert = OmfCommon::Auth::CertificateStore.instance.cert_for(src)
+             unless issuer = self.issuer
+               raise "Missing ISSUER for '#{self}'"
+             end
+             if issuer.is_a? OmfCommon::Auth::CertificateStore
+               cert = issuer
+               issuer = cert.subject
+             else
+               cert = OmfCommon::Auth::CertificateStore.instance.cert_for(issuer)
+             end
              if cert && cert.can_sign?
-               debug "Found cert for '#{src} - #{cert}"
-               msg = {cnt: payload, iss: src}
-               unless @certOnTopic[k = [topic, src]]
-                 # first time for this src on this topic, so let's send the cert along
+               debug "Found cert for '#{issuer} - #{cert}"
+               msg = {cnt: payload, iss: issuer}
+               unless @certOnTopic[k = [topic, issuer]]
+                 # first time for this issuer on this topic, so let's send the cert along
                  msg[:crt] = cert.to_pem_compact
                  #ALWAYS ADD CERT @certOnTopic[k] = Time.now
                end
@@ -204,12 +218,13 @@ module OmfCommon
         end
 
         private
-        def initialize(content)
+        def initialize(content, issuer = nil)
           debug "Create message: #{content.inspect}"
           unless op = content[:op]
             raise "Missing message type (:operation)"
           end
           @content = {}
+          @issuer = issuer
           content[:op] = op.to_sym # needs to be symbol
           if src = content[:src]
             content[:src] = OmfCommon.comm.create_topic(src)
@@ -244,4 +259,4 @@ module OmfCommon
       end # class
     end
   end
-end
+end

data/lib/omf_common/message/xml/message.rb

@@ -48,7 +48,9 @@ class XML
           properties: properties
         })
 
-        new(content)
+        issuer = self.authenticate? ? (core_elements[:issuer] || core_elements[:src]) : nil
+
+        new(content, issuer)
       end
 
       def parse(xml, content_type = "text/xml", &block)
@@ -67,14 +69,10 @@ class XML
           xml_node = xml_node.element_children.find { |v| v.element_name =~ /create|request|configure|release|inform/ }
 
           if self.authenticate?
-            existing_cert = OmfCommon::Auth::CertificateStore.instance.cert_for(iss)
-
-            if existing_cert
-               cert = existing_cert
-            else
-              OmfCommon::Auth::CertificateStore.instance.register_x509(cert, iss)
-              cert = OmfCommon::Auth::CertificateStore.instance.cert_for(iss)
-            end
+            pem = "#{OmfCommon::Auth::Certificate::BEGIN_CERT}#{cert}#{OmfCommon::Auth::Certificate::END_CERT}"
+            cert = OmfCommon::Auth::Certificate.create_from_pem(pem)
+            cert.resource_id = iss
+            OmfCommon::Auth::CertificateStore.instance.register(cert)
 
             if cert.nil?
               warn "Missing certificate of '#{iss}'"
@@ -100,7 +98,7 @@ class XML
           end
         end
 
-        parsed_msg = self.create(xml_node.name.to_sym).tap do |message|
+        parsed_msg = self.create(xml_node.name.to_sym, {}, { issuer: cert }).tap do |message|
           message.xml = xml_node
 
           message.send(:_set_core, :mid, message.xml.attr('mid'))
@@ -112,9 +110,13 @@ class XML
 
             if el.name == 'props'
               message.read_element('props').first.element_children.each do |prop_node|
-                message.send(:_set_property,
-                             prop_node.element_name,
-                             message.reconstruct_data(prop_node))
+                e_name = prop_node.element_name
+
+                if (ns_prefix = prop_node.namespace.prefix)
+                  e_name = "#{ns_prefix}__#{e_name}"
+                end
+
+                message.send(:_set_property, e_name, message.reconstruct_data(prop_node))
               end
             end
 
@@ -126,8 +128,9 @@ class XML
             end
           end
 
-          if OmfCommon::Measure.enabled? && !@@mid_list.include?(message.mid)
-            MPMessage.inject(Time.now.to_f, message.operation.to_s, message.mid, message.cid, message.to_s.gsub("\n",''))
+          if OmfCommon::Measure.enabled?
+            MPMessage.inject(Time.now.to_f, message.content.operation.to_s,
+              message.content.mid, message.content.cid, message.content.to_s.gsub("\n",''))
           end
         end
         block.call(parsed_msg)
@@ -145,8 +148,9 @@ class XML
 
       if self.class.authenticate?
         src = @content[:src]
+        issuer = @content[:issuer]
         src = src.address if src.is_a?(OmfCommon::Comm::Topic)
-        cert = OmfCommon::Auth::CertificateStore.instance.cert_for(src)
+        cert = OmfCommon::Auth::CertificateStore.instance.cert_for(issuer)
         if cert && cert.can_sign?
           debug "Found cert for '#{src} - #{cert}"
           signature_node = Niceogiri::XML::Node.new(:sig)
@@ -161,7 +165,7 @@ class XML
           @envelope.add_child(signature_node)
 
           iss_node = Niceogiri::XML::Node.new(:iss)
-          iss_node.add_child(src)
+          iss_node.add_child(issuer)
           @envelope.add_child(iss_node)
 
           #unless @certOnTopic[k = [topic, src]]
@@ -194,7 +198,7 @@ class XML
       guard_node = Niceogiri::XML::Node.new(:guard)
 
       props_ns.each do |k, v|
-        props_node.add_namespace_definition(k.to_s, v.to_s)
+        props_node.add_namespace_definition(k, v.to_s)
       end
 
       @xml.add_child(props_node)
@@ -225,8 +229,8 @@ class XML
     #
     def add_property(key, value = nil, add_to = :props)
       key = escape_key(key)
-      if !default_props_ns.empty? && add_to == :props
-        key_node = Niceogiri::XML::Node.new(key, nil, default_props_ns)
+      if !props_ns.empty? && add_to == :props && key =~ /^(.+)__(.+)$/
+        key_node = Niceogiri::XML::Node.new($2, nil, { $1 => props_ns[$1] })
       else
         key_node = Niceogiri::XML::Node.new(key)
       end
@@ -425,13 +429,15 @@ class XML
 
     private
 
-    def initialize(content = {})
+    def initialize(content = {}, issuer = nil)
       @content = content
       @content.mid = SecureRandom.uuid
       @content.ts = Time.now.utc.to_i
       if (src = content[:src])
         @content.src = OmfCommon.comm.create_topic(src)
       end
+      @issuer = issuer
+      @content.issuer = @issuer
       # keep track if we sent local certs on a topic. Should do this the first time
       @certOnTopic = {}
     end

data/lib/omf_common/version.rb

@@ -4,6 +4,13 @@
 # By downloading or using this software you accept the terms and the liability disclaimer in the License.
 
 module OmfCommon
-  VERSION = "6.0.7.1"
   PROTOCOL_VERSION = "6.0"
+
+  def self.version_of(name)
+    git_tag  = `git describe --tags 2> /dev/null`
+    gem_v = Gem.loaded_specs[name].version.to_s rescue '0.0.0'
+    git_tag.empty? ? gem_v : git_tag.gsub(/-/, '.')
+  end
+
+  VERSION = version_of('omf_common')
 end

data/omf_common.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
 
   # specify any dependencies here; for example:
-  s.add_development_dependency "minitest", "~> 3.2"
+  s.add_development_dependency "minitest"
   s.add_development_dependency "em-minitest-spec", "~> 1.1.1"
   s.add_development_dependency "simplecov"
   s.add_development_dependency "pry"
@@ -33,6 +33,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "hashie", "~> 1.2.0"
   s.add_runtime_dependency "oml4r", "~> 2.9.5"
   s.add_runtime_dependency "json", "~> 1.7.7"
-  #s.add_runtime_dependency "json-jwt", "~> 0.5.2"
-  #s.add_runtime_dependency "amqp", "~> 1.0.1"
+  s.add_runtime_dependency "json-jwt"
+  s.add_runtime_dependency "amqp"
+  s.add_runtime_dependency "uuidtools"
 end

data/test/fixture/alice-cert.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAWCgAwIBAgIBAzANBgkqhkiG9w0BAQQFADAmMSQwIgYDVQQDExtnZW5p
+Ly9ncG8vL2djZi5hdXRob3JpdHkuc2EwHhcNMTEwNzI5MTYzODA5WhcNMTYwNzI3
+MTYzODA5WjAkMSIwIAYDVQQDExlnZW5pLy9ncG8vL2djZi51c2VyLmFsaWNlMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYrkSvNd4wX8cNiSiaIl+nyryUWQLG
+ktYvUedceefKqgYCDWqSPKeb7930NMYYIvw+P2Wumqh2dXiPuqsZSJ8cL0qIBQ5F
+o9Ohc1sMltAbia0f0HB+nyZD32KOZYGZJk8EfJXANjxPXSppvvTUhZQr6Z61ieQx
+UGGz/s8IPGILgwIDAQABozcwNTAzBgNVHREELDAqhih1cm46cHVibGljaWQ6SURO
+K2dlbmk6Z3BvOmdjZit1c2VyK2FsaWNlMA0GCSqGSIb3DQEBBAUAA4GBAE1zoAWQ
+ml19QdtB0qHXFTupZ2TMUFk/5edEwaB4fg++7qSIMI/4MVCRgcnhBi8yC3NMoBRe
+w7GRXgUKlcWyB+B7vPvvqPu3xJq0D81jFc89pP/dnRqjXNVfd4GK/E2S3O6OYQys
+JPknFdP40Xd8fikSS4X5L/YmCz6TBe1zDpC5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB+zCCAWSgAwIBAgIBAzANBgkqhkiG9w0BAQQFADAmMSQwIgYDVQQDExtnZW5p
+Ly9ncG8vL2djZi5hdXRob3JpdHkuc2EwHhcNMTEwNzI5MTYzODA5WhcNMTYwNzI3
+MTYzODA5WjAmMSQwIgYDVQQDExtnZW5pLy9ncG8vL2djZi5hdXRob3JpdHkuc2Ew
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANTDGRrP7EBZT377Jm+xAbdZPhEz
+vJKGv/4a8ebUOxSw9TDd8IeQbNa9TCUWqnmRk/ZnC6tJ+2+OE84AhPSBtPDb/m4c
+Ca/wS3f39Fh1SL9K5z0R67MLjymRxpDGsRyPPNwNAD/DmdDA3GnuAggzScuha6G1
+baqzArmA3IA/it5PAgMBAAGjOTA3MDUGA1UdEQQuMCyGKnVybjpwdWJsaWNpZDpJ
+RE4rZ2VuaTpncG86Z2NmK2F1dGhvcml0eStzYTANBgkqhkiG9w0BAQQFAAOBgQCc
+cECf2ybDu3kjuMzkqDcbkjAU1dKoRro0FXmYl5Z/BiYWGlMu4qU5Hq+P2GgKBGg6
+7FjqL3DwyFUvvxAS4xlS+vJI2WFJNbgoBsCRyalzrMM5hOV/U78/OMpvunO/j1Ug
+bpSLcxQPHkWLU6VE73Pc1vc7LpJ8OUSbbF89WysG2A==
+-----END CERTIFICATE-----

data/test/fixture/alice-key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCYrkSvNd4wX8cNiSiaIl+nyryUWQLGktYvUedceefKqgYCDWqS
+PKeb7930NMYYIvw+P2Wumqh2dXiPuqsZSJ8cL0qIBQ5Fo9Ohc1sMltAbia0f0HB+
+nyZD32KOZYGZJk8EfJXANjxPXSppvvTUhZQr6Z61ieQxUGGz/s8IPGILgwIDAQAB
+AoGAP+Td9XzTiObsBCwcA7TS1wMuu94sHTGh1Jev/LE/YT6Z2Q4IRT6A3e8ZsXLM
+W5l4egxJ3zH1we0TEQMLSz9q5dkjqnl81w5pQdnGonZkFkkBmLQheak+U2BuVrte
+umSF4NlEgF8wBRwAvMc6AJpANqB0HhKWWMVSh9GVNOAxo6ECQQDGEriUC0iUPaql
+LqyctVCcsrCiDdxI1DnI0EpqfizbmaGlQvOlNqHwudHF7fzJ4pNZqD9YOwKywnoH
+vHZeKBbrAkEAxVUfkv6dcr/fSsyVxRADwsUjgIGIRPV+iOF2/EAiijdJbDXKrxMd
+rTO1acbUjqOkd3G0puUFNlYN40/RDC7nyQJAMJPc0uolhb3OAS7+RHyvZY7phQUT
+NoVeGqMC7TU+uSjnnQlbifRpKQnZqcphSf4Yl0+NIY1vbvoFRapx+UupuwJBAKJp
+LAJ8orOV7b6PYVj+lEnSnSSf97rh3pHkF10HoCXn2PtBzp6Hei5aV55Gch0v3CYe
+pJOT/NU6wFVtFN4VINkCQQCkR8dAc6jSP80mERrVrMKDQGrtCPeX6tMdGme2+rWG
+KghGKBTOmCecjh3lBh0f2bPUdMp4LtE+Y9zVMFhJ1Pkj
+-----END RSA PRIVATE KEY-----

data/test/omf_common/auth/certificate_spec.rb

@@ -9,7 +9,7 @@ describe OmfCommon::Auth::Certificate do
   before do
     OmfCommon::Auth::CertificateStore.init
 
-    @root = OmfCommon::Auth::Certificate.create(nil, 'omf_ca', 'ca', 'omf')
+    @root = OmfCommon::Auth::Certificate.create_root
 
     OmfCommon::Auth::CertificateStore.instance.register(@root)
   end
@@ -20,9 +20,12 @@ describe OmfCommon::Auth::Certificate do
 
   it "must create a self-signed root CA cert" do
     @root.must_be_kind_of OmfCommon::Auth::Certificate
-    @root.address.must_be_nil
+
+    @root.addresses.must_be_kind_of Hash
+    @root.addresses.must_equal({ email: "sa@acme.org", geni: "acme.org+authority+sa" })
+
     @root.subject.must_be_kind_of OpenSSL::X509::Name
-    @root.subject.to_s(OpenSSL::X509::Name::RFC2253).must_equal "CN=frcp//omf//frcp.ca.omf_ca"
+    @root.subject.to_s(OpenSSL::X509::Name::RFC2253).must_equal "CN=sa,OU=Roadrunner,O=ACME,ST=CA,C=US"
     @root.key.must_be_kind_of OpenSSL::PKey::RSA
     @root.digest.must_be_kind_of OpenSSL::Digest::SHA1
 
@@ -35,16 +38,16 @@ describe OmfCommon::Auth::Certificate do
   end
 
   it "must create an end-entity cert using root cert" do
-    lambda { @root.create_for }.must_raise ArgumentError
+    lambda { @root.create_for_resource }.must_raise ArgumentError
 
-    @entity = @root.create_for('my_addr', 'bob', 'my_resource', 'omf')
+    @entity = @root.create_for_resource('my_addr', 'my_resource')
     cert = @entity.to_x509
 
     cert.issuer.must_equal @root.subject
     cert.issuer.wont_equal cert.subject
 
-    cert.issuer.to_s(OpenSSL::X509::Name::RFC2253).must_equal "CN=frcp//omf//frcp.ca.omf_ca"
-    cert.subject.to_s(OpenSSL::X509::Name::RFC2253).must_equal "CN=frcp//omf//frcp.my_resource.bob"
+    cert.issuer.to_s(OpenSSL::X509::Name::RFC2253).must_equal "CN=sa,OU=Roadrunner,O=ACME,ST=CA,C=US"
+    cert.subject.to_s(OpenSSL::X509::Name::RFC2253).must_match /CN=my_addr\/type=my_resource\/uuid=.+,OU=Roadrunner,O=ACME,ST=CA,C=US/
 
     cert.verify(@root.to_x509.public_key).must_equal true
 
@@ -55,7 +58,7 @@ describe OmfCommon::Auth::Certificate do
     store = OpenSSL::X509::Store.new
     store.add_cert(@root.to_x509)
 
-    @entity = @root.create_for('my_addr', 'bob', 'my_resource', 'omf')
+    @entity = @root.create_for_resource('my_addr', 'my_resource')
 
     store.verify(@root.to_x509).must_equal true
     store.verify(@entity.to_x509).must_equal true
@@ -63,13 +66,13 @@ describe OmfCommon::Auth::Certificate do
 
   it "must verify cert validity" do
     @root.verify_cert.must_equal true
-    @root.create_for('my_addr', 'bob', 'my_resource', 'omf').verify_cert.must_equal true
+    @root.create_for_resource('my_addr', :my_resource).verify_cert.must_equal true
   end
 
   describe "when init from an exisitng cert in pem format" do
     before do
       @private_folder = "#{File.dirname(__FILE__)}/../../fixture"
-      @cert = OmfCommon::Auth::Certificate.create_from_x509(File.read("#{@private_folder}/omf_test.cert.pem"))
+      @cert = OmfCommon::Auth::Certificate.create_from_pem(File.read("#{@private_folder}/omf_test.cert.pem"))
       @key = OpenSSL::PKey::RSA.new(File.read("#{@private_folder}/omf_test.pem"))
       @pub_key = OpenSSL::PKey::RSA.new(File.read("#{@private_folder}/omf_test.pub.pem"))
     end
@@ -98,43 +101,19 @@ describe OmfCommon::Auth::Certificate do
     end
   end
 
-  describe "when provided an existing public key" do
-    it "must generate a cert contains a converted public key" do
-      private_folder = "#{File.dirname(__FILE__)}/../../fixture"
-      pub_key = OpenSSL::PKey::RSA.new(File.read("#{private_folder}/omf_test.pub.pem"))
-
-      test_entity = @root.create_for('my_addr', 'bob', 'my_resource', 'omf', 365, pub_key)
-      test_entity.to_x509.public_key.to_s.must_equal  pub_key.to_s
-      test_entity.can_sign?.must_equal false
-      test_entity.verify_cert.must_equal true
-    end
-
-    it "must generate a cert from SSH key too" do
-      private_folder = "#{File.dirname(__FILE__)}/../../fixture"
-      ssh_pub_key = File.read("#{private_folder}/omf_test.pub")
-      pub_key = OpenSSL::PKey::RSA.new(File.read("#{private_folder}/omf_test.pub.pem"))
-      lambda do
-        test_entity = @root.create_for('my_addr', 'bob', 'my_resource', 'omf', 365, 'bob')
-      end.must_raise ArgumentError
-
-      test_entity = @root.create_for('my_addr', 'bob', 'my_resource', 'omf', 365, ssh_pub_key)
-      test_entity.to_x509.public_key.to_s.must_equal  pub_key.to_s
-    end
-  end
-
-  describe "when provided an existing public cert and I have a private key associated" do
-    it "must attach the private key into instance so it could sign messages" do
+  describe "when provided an existing cert with a private key attached" do
+    it "must parse it into a Certificate instance correctly" do
       private_folder = "#{File.dirname(__FILE__)}/../../fixture"
-      key = OpenSSL::PKey::RSA.new(File.read("#{private_folder}/omf_test.pem"))
-      pub_key = OpenSSL::PKey::RSA.new(File.read("#{private_folder}/omf_test.pub.pem"))
 
-      x509_cert = @root.create_for('my_addr', 'bob', 'my_resource', 'omf', 365, pub_key).to_x509.to_s
+      x509_cert = File.read("#{private_folder}/omf_test.cert.pem")
+      priv_key = File.read("#{private_folder}/omf_test.pem")
+      pub_key = File.read("#{private_folder}/omf_test.pub.pem")
 
       # Now create an instance using this cert
-      test_entity = OmfCommon::Auth::Certificate.create_from_x509(x509_cert, key)
+      test_entity = OmfCommon::Auth::Certificate.create_from_pem(x509_cert + priv_key)
       test_entity.to_x509.public_key.to_s.must_equal  pub_key.to_s
       test_entity.can_sign?.must_equal true
-      test_entity.to_x509.check_private_key(key).must_equal true
+      test_entity.to_x509.check_private_key(OpenSSL::PKey::RSA.new(priv_key)).must_equal true
     end
   end
 end