openssl-extensions 0.0.9 → 1.0.0

data/CHANGELOG.md

@@ -0,0 +1,6 @@
+## 1.0.0, released 2011-01-17
+
+* Initial major release.
+* Extends OpenSSL::X509::Request, OpenSSL::X509::Certificate, OpenSSL::X509::Name
+* Adds OpenSSLExtensions::X509::CertificateChain and OpenSSLExtensions::X509::AuthorityKeyIdentifier
+

data/LICENSE

@@ -0,0 +1,21 @@
+Copyright (c) 2010 Envy Labs LLC
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.md

@@ -0,0 +1,50 @@
+# OpenSSL Extensions
+
+This library generally provides helper methods which makes working with
+OpenSSL a little more bearable.  It does, however, provide some additional
+structures (such as a CertificateChain) which extend the traditional
+features of the library.
+
+## Installation
+
+With [Bundler](http://gembundler.com):
+
+    gem 'openssl-extensions', :require => 'openssl-extensions/all'
+
+With standard RubyGems:
+
+    gem install openssl-extensions
+
+    require 'rubygems'
+    require 'openssl-extensions/all'
+
+Once required, the extensions are automatically applied.
+
+## Usage
+
+In general, this extension library should be somewhat transparent to you.
+It does not directly provide many classes with which you might interact.
+Instead, it extends the current classes provided by Ruby's OpenSSL library
+(being OpenSSL::X509::Request, OpenSSL::X509::Certificate, and
+OpenSSL::X509::NAME).
+
+Below is a simple example exercising a few helpers provided by this 
+library:
+
+    csr_body = File.read('example.csr') # assuming this is valid and exists
+    request = OpenSSL::X509::Request.new(csr_body)
+    
+    request.subject.common_name         # => "example.com"
+    request.subject.organization        # => "Example Corp"
+    request.subject.locality            # => "Orlando"
+    request.subject.region              # => "Florida"
+    request.subject.country             # => "US"
+    request.subject.location            # => "Orlando, Florida, US"
+    
+    request.strength                    # => 2048
+    request.challenge_password?         # => false
+    request.subject_alternative_names   # => ['example.com', 'www.example.com']
+
+## License
+
+Released under the MIT License. See the LICENSE file for further details.

data/lib/openssl-extensions/version.rb

@@ -1,3 +1,3 @@
 module OpenSSLExtensions
-  Version = '0.0.9'
+  Version = '1.0.0'
 end

data/lib/openssl-extensions/x509/certificate.rb

@@ -84,6 +84,23 @@ module OpenSSLExtensions::X509::Certificate
     read_extension_by_oid('subjectKeyIdentifier')
   end
 
+  ##
+  # Returns the SSL version used by the certificate.  Most likely, this
+  # will return +3+, since version +1+ was unreleased, and version +2+ was
+  # abandoned in 1995.
+  #
+  # See http://en.wikipedia.org/wiki/Secure_Sockets_Layer.
+  #
+  #--
+  # OPTIMIZE: This should really use a call directly to the OpenSSL library, but will require becoming a compiled gem.
+  #++
+  #
+  def ssl_version
+    if to_text =~ %r{^\s+Version: (\d+)}m
+      $1.to_i
+    end
+  end
+
 end
 
 OpenSSL::X509::Certificate.send(:include, OpenSSLExtensions::X509::Certificate)

data/spec/fixtures/certificate_requests/1024.csr

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBtzCCASACAQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0dlb3JnaWExEDAO
+BgNVBAcTB0F0bGFudGExFTATBgNVBAoTDEdlb0NlcnRzIEluYzESMBAGA1UECxMJ
+U1NMIFNhbGVzMRkwFwYDVQQDExB3d3cuZ2VvY2VydHMuY29tMIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDdlqVkMMohJ1kUqBxqZJojCFtJFht7f4JDs5kURI7Q
+SCpN6eB/KLqP4x8skx3FGktU/Vgsdri9OeLS71cyw389eJyxmDFroicE0pyAd2o6
+dZGh1x9/7AJuIDwolhyNAhHLtKppTRh1LIUoU2ZU9xuywN9QzI5Yj29pNBaszsbE
+JwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAC3LXB167uc3gXxMSn+aMk6FxnAaB
+o7FMPV//zpk7gqijWxDmDaiIKp5cCKzoaC6M53vR00cx4O65V5La9U39I5NFqmqP
+m/x5k6iO35VPTrqbO0ZXM2YsoDarjNnYBYBwLd/MpjpVZIHIRcyndK6gWrU15T4I
+cfsIpGfkscraHNA=
+-----END CERTIFICATE REQUEST-----

data/spec/fixtures/certificate_requests/challenge.csr

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB+zCCAWQCAQAwgaUxCzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUx
+EDAOBgNVBAcTB05ld2J1cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMQ4wDAYD
+VQQLEwVTYWxlczEnMCUGA1UEAxMed3d3LnVuc3VwcG9ydGVkLWV4dGVudGlvbnMu
+bmV0MR4wHAYJKoZIhvcNAQkBFg91c2VyQGRvbWFpbi5jb20wgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAK7A15mxNCj+NoDbOYgiDp5V3i3+I3qww73iwy6UjA8e
+/+xOvdLCsXapBCQEz6Zj+AUTPIqVeo6WZbZSHBocBCztRqj5B17gudsaBnV+wJ7h
+Cqy+/TWG95DwlwDSBkoNL5aaB1ytwDJke2+s77RUrI26teTCqdXWJ4EzvOEiZUFZ
+AgMBAAGgFTATBgkqhkiG9w0BCQcxBgwEKiZeJTANBgkqhkiG9w0BAQUFAAOBgQBA
+Idns2ji1Mgs/DMEnBejSpD/cXFQytIZw0hcthhhRYzeZC44SeLoOQl7zusySAnlq
+Pk3NonCEGHYDTw7A3s4RNxsfhEnCddB3hvW07tJzFq/CAyC8kack/3zCzfTT6ZCg
+E6vUd3TRLLjR2KYz34fsvH7VExIm6ilNUzyvIu2oCQ==
+-----END CERTIFICATE REQUEST-----
+

data/spec/fixtures/certificate_requests/envylabs.csr

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDETCCAfkCAQAwgZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRAw
+DgYDVQQHEwdPcmxhbmRvMRYwFAYDVQQKEw1FbnZ5IExhYnMgTExDMREwDwYDVQQL
+EwhJbnRlcm5ldDEVMBMGA1UEAxMMZW52eWxhYnMuY29tMSMwIQYJKoZIhvcNAQkB
+FhRzdXBwb3J0QGVudnlsYWJzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALlhCULQ4sdyrB48Fz7+FZ8c7IYJAXpJU/bnsTeRvf2je5xD9ZOpQbLA
+lprXaDWWd28LJOenQ7zxPGNGhcsdSnZ/zZautNVh9hgTmqfOCqZO6UV3atmrR3Wc
+69ZRbIEKf6IjwWpA1IjIa4fI82UVXL2k0R2ZZyz1gvBapa50WEWqYvzv385q9NAP
+lqqZsrh11Sl1jxdk5+a9y74TOyFRwPHH2ZVVAYurZ0JuiAbyiKD+XruL9A2eXw1c
+dAuUiOsmoXrt9lYyXhwcgrrgpdt/uP4+fn5HR+QOEPrB6lX48O3r06KkoYNJ3PKw
++UhhJpiBK8hn7IR5nHKSb0fq+6Rd+08CAwEAAaAzMBcGCSqGSIb3DQEJBzEKEwhw
+YXNzd29yZDAYBgkqhkiG9w0BCQIxCxMJRW52eSBMYWJzMA0GCSqGSIb3DQEBBQUA
+A4IBAQCE17fnA6ew4gddqo4yXArRjkmYjSWR7/fc620tSEfo6DXS0ToZfDcT/Qo2
+O9i2BLNJjz2zvGzuH39vlFqFy+YYf2EIUZb4NLPAWacdB0XKNX4S8dwUlNW7q9Ji
+SdDI3ggIyUusI9Uw8MQWLgcso3T3f3jIpTLAB+4uy7V4xWNTVrqlcf/bEIlJt/gA
+Seg7hhHWrhmbJ0UjV8CBs/7IITzpkUZbNyuT0XwjU/WbadiSvB3G9jc8yhWPQmo+
+LhNnqXFgShvlkUpugjyz2igUzR9uRZwUG1iHMC+0l7mZ2DD0HKdWeAnMdfVJMSGc
+UhWy1VRgbLSjxJNAOQZSJwta+q/h
+-----END CERTIFICATE REQUEST-----

data/spec/fixtures/certificate_requests/geocerts.csr

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0dlb3JnaWExEDAO
+BgNVBAcTB0F0bGFudGExFTATBgNVBAoTDEdlb0NlcnRzIEluYzESMBAGA1UECxMJ
+U1NMIFNhbGVzMRkwFwYDVQQDExB3d3cuZ2VvY2VydHMuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXWzKA84WdxAhyOSsJgyh4Xa6UCItYcEanPL
+1NP5vAsDXyoGlKry49hRDGQkX6SQ+ER3NLYw7jjADn0eB9wIe3RRABRaHzaGTR4s
+aFuRlBFahWq7WlRXtyGGM/3LO93GXbN/ZGqZVVzkP/4UhPge6mEs81mTmVAiuLan
+RrNnakt/6wJuJg/leyaXtQ82RHE6Oge+h8LaEbHUtfx2Z8ooiwAr4hk4rAH3AqQf
+mWiEF+XDIEDI0fBWcUCEXTxpfthojP6JuRC1PS1X9kk5P4ol3nSDlDl4YS4x6LF8
+OYhZyBMLxCat9YueS7T8vx64+ilwhXevsqVVu84HHx1TDupLjwIDAQABoAAwDQYJ
+KoZIhvcNAQEFBQADggEBAF9xFJQK0R7m75Qw2LWjQ5jI/V1XlOca0G61TKyuYXdn
+LpJkIo8cpRnU7/GCEM/lSAmIx2sQeIwpzGErwqLVlq3GnsbbDEkaclJ9hAtalDIc
+UrH8Crso1GehjNy08r8UppveG+b/sD7L2GDf7Pxqdxb3x+vt5osmo0l12BFf/85s
+K5tjLVnkqjtbMdESgOPvML0Ppq+q9M4TURDqs8zbMSJBu10oZDgxOyGw53JA7yI3
+PgiRWlylJlblXTpHm/jvPXaEMeCJ9CrO0z4bMF61A52yFW2+jFmA1L58a7OQ68Kg
+u+witRMeQm42iOZGES2p9d/wLPwKXgRPzcvgNyiRLiI=
+-----END CERTIFICATE REQUEST-----

data/spec/fixtures/certificate_requests/geocerts.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAuXWzKA84WdxAhyOSsJgyh4Xa6UCItYcEanPL1NP5vAsDXyoG
+lKry49hRDGQkX6SQ+ER3NLYw7jjADn0eB9wIe3RRABRaHzaGTR4saFuRlBFahWq7
+WlRXtyGGM/3LO93GXbN/ZGqZVVzkP/4UhPge6mEs81mTmVAiuLanRrNnakt/6wJu
+Jg/leyaXtQ82RHE6Oge+h8LaEbHUtfx2Z8ooiwAr4hk4rAH3AqQfmWiEF+XDIEDI
+0fBWcUCEXTxpfthojP6JuRC1PS1X9kk5P4ol3nSDlDl4YS4x6LF8OYhZyBMLxCat
+9YueS7T8vx64+ilwhXevsqVVu84HHx1TDupLjwIDAQABAoIBAGXVvURX5ydgi4Yp
+AFk7mTNVSrkdmHOk6cXSQ7BfnRemLHnKx8ZGgAygMRDOxDJIWNoaLiKhkAie3MaX
+6S+DoJy5Z+jVRA8zj1c1JElBTpSxWrU7wBh/i5KhM+HEkB4VTuEQuPjYl82JrkN9
+LqM84yzroxUUsLlUiVxH314xEK4KS4vzEte9Mf3YGO00OTcKRHig3J1en+5m56i/
+3GsGjCogT8xTAPV+KSX6qU7GQ/1KE0soQzt2WlVQT7HwvcUhLn2C9l28Asn+mZaF
+1aPsiEoFGPsBfDopWywST6dvxe4RHByLWEpjUUKhUMuv8Eqfd531+qPFnhrHn9QY
+aM5SFAECgYEA4VLDcDjALNNZEYN/hZHm9l/RJONHZ+CLAwpTHDdlwcejHL8gxTo0
+G8cEbgT0IyL6dIAC8aB/ne7Cb/Ua2AIklA04FJe2B4Q83ICmPFtHdoQq/ViGqVxM
+yvU/KY28A7UYIGYmoKFsONo//HIXED61iK7ChUDMUXcZpublOTEQFo8CgYEA0rWQ
+p1EebI7cZqQzSs2wueTKDDswIRnIoX9x8O0Ar1HkzoJ2JOAW999UZ8x8jeQhRNQX
+NZ/r+ixWvzzVPQva+SxgQqx4dB08NJGgdEOkYqzl3bRnR2q2I+nyNDYU8elxIvUd
+95OGOQZGd12oLUKBG3YIb8Oc4Hfwz5/7ACqE+wECgYBfF1iXobuor0ElnQNSUXLR
+gzp2gNx/wEmqbM8KV27ASwpRdW/VDG01U9ZQwBJwSbC9PdEAPCXfdwXjzeMYSj85
+pCKIvkX6AhrVTA3b5wHPyJOD+7pI+0UFWl7foIs6XVDjS3j9zWIo1CKw3U1Sc8SU
+/HvnVKNltgfDYipW6pfJjQKBgBajPRxMwckF/DXm1D/oI2GFbBOuVDhqLbz0FUi+
+HcG4Oa3aJFlH3g/ZZZcVSBhydwSPCMNRICgrlVJMddhuKqN0mg7vuq026t32+1ci
+YUncq4GLPUFV/KWVH9luKgfnfak0znhn2BbOTsnKPSRHrdlGcBeZ24PePvf/hxb4
+ensBAoGANyQfL6E4RcBHQWZ1d2wq+Gd/mFctLrHWaJwdYd0dxd7oQ5zhue7+yPfD
+q5dosxjGs7ZEF5HbMwf5Iv0RAkb/W4BKja/tC6PIplpCTt59COlGdnLyHJeoRmF6
+KnSai8jcXz2SWdOMQWgHSSdfWqxosIf3wAIwbtY7wNv1t+1JguE=
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/certificate_requests/geocerts_1024.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDdlqVkMMohJ1kUqBxqZJojCFtJFht7f4JDs5kURI7QSCpN6eB/
+KLqP4x8skx3FGktU/Vgsdri9OeLS71cyw389eJyxmDFroicE0pyAd2o6dZGh1x9/
+7AJuIDwolhyNAhHLtKppTRh1LIUoU2ZU9xuywN9QzI5Yj29pNBaszsbEJwIDAQAB
+AoGBALm8LTPW5YZ2qedzpiXT35MfzQxs+GpDDdhbsSNY9/BDnRojwKY1aHN1J8tA
+IUL2cFBz7rWOaflKjQLL1WZakcpQW9msIemPF0gKD5cNJrMuPcHZEu5vpPOXcTtR
+N4VxW5+U/PYU5J69j6q800z/Z0rWl+YtLnKc8ZbIIbFX1DBhAkEA9U4WR9QokPDf
+IPjDJOZkBVvvLLfnCx8RkcTmrJslfJ/5VrFLCVHMw1oaZuDOJVIG8bvMElcQR3/E
+qUHCw90V9wJBAOc/2i9gY/Mimzfs9xBNv+NFXEoJdoVHw9NAZgDi9otHZmfQHzYh
+3DCQLzptJSp4cArVL5SB1mlLBFpmhBkLd1ECQAzjHFKLt9HdhatixkXDANAzQz5z
+LuUrra2dzYyV3gNNGDlQuSN1M6+zpR1whAP76jd66T6xaj6HXNqThNrrW4MCQDAI
+rlx67Cf7vzwdp7AmRj6CEMp8Lrc+kemWjdmPS2Dg4t+bdnA7Fk6sFHNRao/o1nUZ
+lTmGwq+6WlwgwT2miRECQQDrfnkHnjQP3yWtuwzx8/LeMSZ6rfMmQAAWUnF6FoRg
+/v7SVDx353vmj8k+ulQoyP6RKCnKZf4dGPRWCgpetdRk
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/certificate_requests/sans.csr

@@ -0,0 +1,30 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIE3TCCA8UCAQAwga8xGTAXBgNVBAMMEG1haWwuc2lwY2hlbS5jb20xCzAJBgNV
+BAsMAklUMTwwOgYDVQQKDDNTYXVkaSBJbnRlcm5hdGlvbmFsIFBldHJvY2hlbWlj
+YWwgQ29tcGFueSAoU0lQQ0hFTSkxHzAdBgNVBAcMFkp1YmFpbCBJbmR1c3RyaWFs
+IENpdHkxGTAXBgNVBAgMEEVhc3Rlcm4gUHJvdmluY2UxCzAJBgNVBAYTAlNBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3FqEVQCm0bBsA1YQX+/cq0y
+2ZBPMsrQtP5S8F8bi2S8b6+BmsPuOIo7pdl7KYmpiD228mrpQqyrwkX7oBkNn94u
+TnxUlNJ+ach8Ni+V42O0IAALtYBd1JNoaCqmpr4+xmtWvdFow3cDTSYmqPapY9iN
+2fxDm7VdNv9WMV89CrZg0a6F2p+PaKn8hOR1guax2AYnyVNx9DZJYiHqRfGXyWM1
+dIZaHTL/RtOzhrzxOvU/u+qulzWsSIslrz36rDqNTdDHGZNbKzix1etA0qP349/B
+jqIN7lP4+8pjaPp/Ygit6M2wuCTFhq5rm5SHanBlzCCq8pyhraQCjTvdNH0JRQID
+AQABoIIB5jAaBgorBgEEAYI3DQIDMQwWCjYuMS43NjAwLjIwZQYJKwYBBAGCNxUU
+MVgwVgIBBQwYc2lwYy1jYXMwMS5zaXBjaGVtLmxvY2FsDBNTSVBDSEVNXFNJUEMt
+Q0FTMDEkDCJNaWNyb3NvZnQuRXhjaGFuZ2UuU2VydmljZUhvc3QuZXhlMHIGCisG
+AQQBgjcNAgIxZDBiAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMA
+QwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIA
+bwB2AGkAZABlAHIDAQAwgewGCSqGSIb3DQEJDjGB3jCB2zAOBgNVHQ8BAf8EBAMC
+BaAwgZsGA1UdEQSBkzCBkIISbWFpbC5zaXBjaGVtLmxvY2FsghBtYWlsLnNpcGNo
+ZW0uY29tggtzaXBjaGVtLmNvbYIaYXV0b2Rpc2NvdmVyLnNpcGNoZW0ubG9jYWyC
+GGF1dG9kaXNjb3Zlci5zaXBjaGVtLmNvbYIKc2lwYy1jYXMwMYIKc2lwYy1jYXMw
+MoINc2lwY2hlbS5sb2NhbDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSqTt2+024w
+mEJ1nXZpJKMvJAb/uTANBgkqhkiG9w0BAQUFAAOCAQEAIMAxnkhyqkmnqdXfWVSV
+ucYeulY0UWlxquBO91n39Vx7f8dDuTlxLXnO4N0GYgkHQWB+NJOXpGhowRc9iJLV
+uKFzCbF/t5JekmGU+Vh3+Lns/09pa4zs1LAU+lvfEosI0ay8iBRP7aN0h4H6W7Y9
+cmh3Z1OemLy3HvbHkplbNN0agEpcITOzvugN5SnGaXS44271VSas10pBWD27CjlA
+nsP4Q1n8OHO9I83UTGqjqzMjMnFMZ7DcFIzEoW8M6TqJQsQVpZ+6WxGKG/1z63Ka
+OGbJUk+wK5KJjp8fkB1gSlQhvEyDF6DFcQCjbcssfn06hobLuiF2aNb9YDFUf+s/
+9g==
+-----END NEW CERTIFICATE REQUEST-----
+

data/spec/fixtures/certificates/app1.hongkongpost.com.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIDI2WeMA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNVBAYTAkhL
+MRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSIwIAYDVQQDExlIb25na29uZyBQb3N0
+IGUtQ2VydCBDQSAxMB4XDTA5MDgxMDA4NDYwOVoXDTExMDgyOTE2MDAwMFowgcMx
+CzAJBgNVBAYTAkhLMSYwJAYDVQQKEx1Ib25na29uZyBQb3N0IGUtQ2VydCAoU2Vy
+dmVyKTETMBEGA1UECxMKMDAwMDA3NzE1NjElMCMGA1UECxMcMDAwMDAwMDAwMDAw
+MDAwMDAwMDAwMDAwSEtQTzEhMB8GA1UECxMYSG9uZyBLb25nIFNBUiBHb3Zlcm5t
+ZW50MQ0wCwYDVQQLEwRIS1BPMR4wHAYDVQQDExVhcHAxLmhvbmdrb25ncG9zdC5j
+b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKB5YgVYDWFfeQSg7Bd3cWDK
+UnArAqfNqGC59KxwwY5tpy8QQNpI8l/SHDpDqJ0E/4pNFEDFNSv2c/VaORmxybqI
+mbP6iUZuxjBa3YMfDYMuVjvA+cw7JGsyE3hPz3OJlkzTIgB4J7Hvbo+XlKn8a/N4
+rBeNVQm0QBdBagctkVKTAgMBAAGjggEVMIIBETA+BgNVHSAENzA1MDMGCisGAQQB
+/R4BARAwJTAjBggrBgEFBQcCARYXd3d3Lmhvbmdrb25ncG9zdC5nb3YuaGswCQYD
+VR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwDgYDVR0PAQH/BAQDAgUgMFoGA1Ud
+IwRTMFGhS6RJMEcxCzAJBgNVBAYTAkhLMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0
+MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMYICA+0wRQYDVR0fBD4w
+PDA6oDigNoY0aHR0cDovL2NybDEuaG9uZ2tvbmdwb3N0Lmdvdi5oay9jcmwvZUNl
+cnRDQTFDUkwyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAsyO3KMxHle+AyWM8Ku5v
+Sz2uXaR8YmadOIBc8MKe522j6eq2MORC4EQ/ObCJ2vzyq8NoJ6aUtIi8k3He9B00
+pRKa9uAtgFGW1HVr6soGWvr4UcSVCDYs6C58+XEgbzCiurO5IIaprQCjOptkTLa/
+x4QXkF6YVvtYXufjILl1i5RPr6YmwByeGxJnPKUhNuDsqJ9PfGqq3wfBX7ogEwG7
+Hu9L2Kbk9P7+OvqU7flh9GfxhPOTyFvN9itwcmImIScM9EG59JsZOBZHN4SeUzWk
+cYrNNv1NTqzBfFWKnX1aAuzeSC3tQP472gC+NgTcL84aBBjCk+2xmwP9OLdQyrkd
+ZQ==
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/equifax-secure-ca.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/geotrust-extended-validation-ssl-ca.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIQaUiiayAapCHomLHEksfFjjANBgkqhkiG9w0BAQUFADBY
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
+R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx
+MjkwMDAwMDBaFw0xNjExMjgyMzU5NTlaMIGFMQswCQYDVQQGEwJVUzEVMBMGA1UE
+ChMMR2VvVHJ1c3QgSW5jMTEwLwYDVQQLEyhTZWUgd3d3Lmdlb3RydXN0LmNvbS9y
+ZXNvdXJjZXMvY3BzIChjKTA2MSwwKgYDVQQDEyNHZW9UcnVzdCBFeHRlbmRlZCBW
+YWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMLv7ewLLXKKdGhzNm4QqH5If1i7eGfc7XvWfKZPPZ9dbwrQoLRl/b7Tv3e2lKWC
+/4GVnSgQBuzCtJCqWlFMc9lrdKg1SfSmNoDUXHWennwBx4ycgciGgxqOvQATotz/
+pXiqdywhYgiXP4C992ekedt91z5uttWWuZiGTnpn4pOv2qXRJ/vxZsMqAwy2x4Id
+Ofs83ik2cV3hqLUWOXwb/3uG9YCSleADO6pE+/QAteWp4voY+YSaweH2Lg6BixQp
+NP8fVWCIpJnGb28EOTp1pKceWN+3/8maHXDbg6DTgxstbSqQW6NjkXO1/52CekHz
+06ovCw2fz0TAXseha8+ulNsCAwEAAaOCATIwggEuMB0GA1UdDgQWBBQoxOuP8V95
+kKMrVcNWTn1rU3IsGDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6
+Ly9FVlNlY3VyZS1vY3NwLmdlb3RydXN0LmNvbTASBgNVHRMBAf8ECDAGAQH/AgEA
+MEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdl
+b3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6
+Ly9FVlNlY3VyZS1jcmwuZ2VvdHJ1c3QuY29tL0dlb1RydXN0UENBLmNybDAOBgNV
+HQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ
+KoZIhvcNAQEFBQADggEBAAJgoxYSndgcGeRaN2z/Mpg3Rk+8gXyAw8qJKgD+Xj7s
+uowrH6uVa5GUIaBgHwIG+s8XbfiVq814IxSWwJ0fG+tQ4WVCitKzya2Aw2fPtFgb
+1QTkWP40ReD7pIQii+niN0yY8Qv/pIlT0U3AaEjXWYcaO3310Pkjcspg/cMiFfCa
+lVhvfCST7KUSPbQbAejuae1Ba1LLmrdcFdG9BkB64AyXy2Dngl9qX95JhFZqr3yw
+S62MTw95oMwRPCXnRr960C+IyL/rlAtqdTN/cwC4EnAjXlV/RVseELECaNgnQM8k
+CeJldM6JRI17KJBorqzCOMhWDTOIKH9U/Dw8UAmTPTg=
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/geotrust-primary-certification-authority.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDizCCAvSgAwIBAgIDBo4dMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
+aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMTI4MTYwODMxWhcNMTgwODIxMTUwODMx
+WjBYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UE
+AxMoR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64FXv/1Hx9Z62DZHvIQlMt3/aE
+CCBh1gFZapxEEa/vdv2Vfs5hMLt6g18CvQFmyu4VjW+hMJy9oYWelDrzVogAMc/Y
+7mqWAtntA4z7dW3n6rhVFgUWmvTgXrGIwGSFXBVNiMe3uuB16a0FPZ3HiUjguyjI
+A+Ewk2ReUsBZcCI1V4iK8ZUKg9e8MXMBNO3vRnHgawKoNXJrl5tm4MsceV/YGgRo
+HkcC5p1g4jaXAd/ONZLfvmfHbXdZO4+d1pAVlLxCNBDBOfmxJz5+1op1xbKvltOi
+3pvkmL594emBrbZv/NcO2uA0sA0ad+fjCJjvWPqchLc2r8LfrNL0EAZwcTUCAwEA
+AaOB6DCB5TAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCzVUEGXFYvwjzZhW0r7
+a9mZyTOSMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/UMA8GA1UdEwEB
+/wQFMAMBAf8wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5j
+b20vY3Jscy9zZWN1cmVjYS5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYB
+BQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJ
+KoZIhvcNAQEFBQADgYEAe2AG6d2nHSkI7xH51Ts80itTyz7tvnZgZEig5svoScMa
+v92txUy9U0hVQdsYsU47OmgsJFpB9cipRKYyKS11+E3yUI7w4pvp4eQ7cLcyiduo
+OcVbaFa9BBXDtssbJEqn/MTVjbaY3QP2sbOU2j9SoKRQBspFZ07/8UGJQAA2fnk=
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/globalsign-root-ca.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/hongkong-post-e-cert-ca-1.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhqgAwIBAgICA+0wDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx
+FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+Um9vdCBDQSAxMB4XDTAzMDUxNTA3MjkzNFoXDTEzMDUxNTA3MjkxMFowSTELMAkG
+A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIjAgBgNVBAMTGUhvbmdr
+b25nIFBvc3QgZS1DZXJ0IENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDMuy41bQKNRsp21OVxWu3JI4Vp48VgeVriKqLBhmdOird5LD9FhsiIStw0
+mOXZVuwJ8HmpuE4phvqIpSuxKhz/eCCTWO0duIa7XZ36uEv3vWJowjkcmn/r+6V3
+AN1Ts/1Ga39eqVIIJGMVDpFAH1vS3II7YOoYWJkfbwgIxSJ80bVxroNEzP2T2bW/
+m4JhFhGC2WBHM8mobpvqqRFPQ1uc+w7bFMs3mKc+zq71FjTu0s3NAZu3LXIdMYn2
+pOM0agz8J3Yn/3Stru3UiC7HASupAcasbIAf6edrroYf4ZvQQp4oiaG9bGEchjyw
+ghGQPn9MFq+AzV1SkCjl/LPd3FFRAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBBQUAA4IBAQChcHcWuSHwYRMl
+RFbLCt0ee9zmataVUMaCpSNwHutmvaYbnwDe30ipJkUzxBlTcWgHp5zKTZLzU8go
+rsA+pHpznU2VLD+Sr1OOpefJ+t04ZmkAYpTCsi65SEEL3dhFRF/fHtTK/4JKSHuZ
+3oyuHwbjONGRPos212h/EFw20vR5R2acK8l5/6iPkl+jKhmfqsHd5Ve/JWN3G05+
+4KkrAgLFjCXUh9PmFTeGsR7GELuL6xQC33udGnLDRALdumafePAMbKqYLUb6Ftrz
+Fb9gih/+sTUt+hWme/Bas3Vwl7oswqzMDaJG4q/vqO5w48LPvE1nKEMoVw5nzJ+h
+f+4cB/TZ
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/hongkong-post-e-cert-ca.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDLTCCAhWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJISzEW
+MBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEeMBwGA1UEAxMVSG9uZ2tvbmcgUG9zdCBS
+b290IENBMB4XDTAwMDExNjA4NDMwMFoXDTEwMDExNjIzNTkwMFowRzELMAkGA1UE
+BhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25n
+IFBvc3QgZS1DZXJ0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+0Nimo3Osj9gWM+WFpQ5PksMquQ8CXOUdpHCOl9l5KvGZqdSH3QhYhYDe0MmM+mSO
+Oz1HHxjDniDmEZuzTveQdhlkOYuW5zAhNy7R+kXOnEku0Tmvrd6/YEHQxThgTXSk
+wF0vcd4zMrajUNQUv+d1QbL40Gg6mV3T3wbZG9gk4KblakGd/znx/EeNAGaLRrjU
+GNn3l/DmxzEf80uBtLYBsBhUzCA24SqpMh5x3waEyN/kNzjb7NT0XI0hKs0yGE32
+R7hrkHM/RSTa7in0AqLy/gJaPBIypzpY+5h/XRMmef0yAggWThOJJtWhJC8/AwOF
+wPfAkZtJ71+f8+2c6t7x7wIDAQABoyYwJDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0T
+AQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOCAQEAbaENyadgv8R5k2qUGWCm
+4iA3XLu/P8qo6sulk+M+bKpL8WmU+Pl36yeBZax+QJTrHrdqgvgaZNvfmRykOvVm
+OZMGLSG9DxejqZtydEC5kGCqr3XmdQgkM8END5YDZNaOlj92WAVnuF7lw0nM54w9
+1URkLN7I6tbAbD4X66HwKB2JotO9EPLbdVrMZIPOj7wNMWdxbBImmHIizH3mD7HV
+VdjLQNgh5ErB2mDouKLwHX/ok2GiiNRC8vNqBgV7cJDs58c23Pm7q2TjjmkAMCc0
+dy0QCKffH1ncMcPkVha1EhIx35HMyDa0RPJlVjW0M9LWMzfup9luU3uYKd1EG4g+
+fA==
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/hongkong-post-root-ca-1.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx
+FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG
+A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
+b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ
+jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn
+PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh
+ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9
+nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h
+q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED
+MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC
+mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
+7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
+oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
+EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
+fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
+AmvZWg==
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/hongkong-post-root-ca.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDKzCCAhOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJISzEW
+MBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEeMBwGA1UEAxMVSG9uZ2tvbmcgUG9zdCBS
+b290IENBMB4XDTAwMDExNjA3NDIwMFoXDTEwMDExNjIzNTkwMFowRTELMAkGA1UE
+BhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxHjAcBgNVBAMTFUhvbmdrb25n
+IFBvc3QgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWi
+kb485TY8Su80j4j9um1xpmJy7cIGvHYlu4pfFSUnON3pkZEBim+O1Vumvz4js2PD
+VOHxwwyWTPt6Dice8CMQgNIoaL0GlYt96Sn51Cf28ndfIqslqEWXl0VWYVichyQy
+nTgdPe24HHQFNWWgpZEPr2g9eg9cIfvnLBv+VoZScXNkgdTghIDQlVa9SdA9JDNd
+jnqCOFS2avS6dGkuu9FBcBF05jdoY69M6tyiIM32j0zm0IAIJFCZGHTlztYH0HgW
+Bl893IXLdD94fxnIDY5IVGlqBYCpbLJB/rQEBou6taJ+Kaaqr0HpHEkRtw1ICHJ/
+S4OY8xMaeUvRThTOEjMCAwEAAaMmMCQwEgYDVR0TAQH/BAgwBgEB/wIBAzAOBgNV
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAJUFGRYwVpy5mEtANI0RW08k
+8SxowrWsteC0hKBMbeyKdmHB89V08WGffL4gkidS+jEkuNGe4PNtULqt4i2vKHVr
+4Srv+CHNO8vIMh7TulnPOOjykHjdnghElV+GT2qb3KKL5ZymVouGZTUcbAzKHqSe
+TlwSk9J4yNhp6mmGJtSk04+tV0pY9OzGf2y7tPLHkvLOPPRCwyFnhm2lTaA/wvcY
+q1fW6MeS+oanNgUOGXK/BvCspERMrD7o730LSMXBGzPpyQHQzO/+Ye2M6DKazPXJ
+2ck9eKYABR0p6yYBjkv+OazFkv++cJpXwvLPIbhmLt7g1P6727RHiZJ/GLwshrU=
+-----END CERTIFICATE-----
+

data/spec/fixtures/certificates/www.geocerts.com.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFaDCCBFCgAwIBAgICCokwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxHZW9UcnVzdCBJbmMxMTAvBgNVBAsTKFNlZSB3d3cuZ2VvdHJ1
+c3QuY29tL3Jlc291cmNlcy9jcHMgKGMpMDYxLDAqBgNVBAMTI0dlb1RydXN0IEV4
+dGVuZGVkIFZhbGlkYXRpb24gU1NMIENBMB4XDTEwMDYxODIwNTUwNloXDTEyMDgx
+MjE0MTkwNVowgdUxGzAZBgNVBA8TElYxLjAsIENsYXVzZSA1LihiKTETMBEGCysG
+AQQBgjc8AgEDEwJVUzEYMBYGCysGAQQBgjc8AgECEwdHZW9yZ2lhMRAwDgYDVQQF
+EwcwNDUwNzcxMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHR2VvcmdpYTEQMA4GA1UE
+BxMHQXRsYW50YTEVMBMGA1UEChMMR2VvQ2VydHMgSW5jMRIwEAYDVQQLEwlTU0wg
+U2FsZXMxGTAXBgNVBAMTEHd3dy5nZW9jZXJ0cy5jb20wggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCfSaBRuqglkqNaIRqdd2CzPOVdw14YPheWEOG28iFI
+Oi+Pzjk0XU+KFEJ3ID7aC+ntyb/CjXjOiv7k9Xrjp4+y4e/bXPr4Cz1SSQwYtY5Q
+6xbUnRXkCn3SETsGeub8pKM/KCJB0Tbmmtqw7TgJbGSHTbWNkxTY9oUIMRYx44sE
+2LLh2o08WMiYrFO2L9kRyR6rn4tLL7RGj4Q2ZZbWG4xzkwDL4GhZ9eUnOFz7vzWc
+CB+EAggMlM8pck1bJD/7z8qCMbV7h/NYJFDRb8Gd1skBd0b58tYlY8sn+P9qYRWc
+oWUWES8XSP/HUehuLKIzIy0JckAt88U8rRy4DLP9rD3BAgMBAAGjggGOMIIBijAf
+BgNVHSMEGDAWgBQoxOuP8V95kKMrVcNWTn1rU3IsGDBuBggrBgEFBQcBAQRiMGAw
+KgYIKwYBBQUHMAGGHmh0dHA6Ly9FVlNTTC1vY3NwLmdlb3RydXN0LmNvbTAyBggr
+BgEFBQcwAoYmaHR0cDovL0VWU1NMLWFpYS5nZW90cnVzdC5jb20vZXZjYS5jcnQw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAp
+BgNVHREEIjAgghB3d3cuZ2VvY2VydHMuY29tggxnZW9jZXJ0cy5jb20wQgYDVR0f
+BDswOTA3oDWgM4YxaHR0cDovL0VWU1NMLWNybC5nZW90cnVzdC5jb20vY3Jscy9n
+dGV4dHZhbGNhLmNybDAMBgNVHRMBAf8EAjAAMEsGA1UdIAREMEIwQAYJKwYBBAHw
+IgEGMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291
+cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAIppmd9Lm9+cbSPrKKlIdunEbwTU
+kquqmCaJP7tP6ASb2NfJczfzpdlxidiVOp1wJxIHhuAQjhWt0nO7aOTjMD8WZa1d
+NIQMWHeFyhAuqJFXtJ6Ha9t1CB+V3ksNNKIhR5urZXlRc4G7Y2udyIYuqq4VzWsS
+TFCS6/lAuDob4h5+TEdm51CV6BFyJweYt4o1FKSDVKwQmRMmc4Tk2oyBlX4jKPdS
+WPKMKb7f934e69sZlne575+Ml4FJm3g2QK+AR/2rSuQsO2vV+stkhknLZsCIrrkh
+9zClcbFt/pHG1LTI0KNs87Eix3avl2uLIzb9MSyQbKPbtDXlH+fqSAao/mY=
+-----END CERTIFICATE-----

data/spec/fixtures/certificates/www.twongo.com.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAsqgAwIBAgIDDqS7MA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
+aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTAwMTA0MTU1ODMzWhcNMTEwMTA2MTAzNzAy
+WjCB6zEpMCcGA1UEBRMgVk9hT080MW1qbHdiTS8tbFNvZWlpTjRuQWxabUJuRFMx
+CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw53d3cudHdvbmdvLmNvbTETMBEGA1UECxMK
+R1Q5OTYyNTQyMzExMC8GA1UECxMoU2VlIHd3dy5nZW90cnVzdC5jb20vcmVzb3Vy
+Y2VzL2NwcyAoYykxMDE3MDUGA1UECxMuRG9tYWluIENvbnRyb2wgVmFsaWRhdGVk
+IC0gUXVpY2tTU0wgUHJlbWl1bShSKTEXMBUGA1UEAxMOd3d3LnR3b25nby5jb20w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPQnD+rXT4qG8tbp9qDV4EflRm1d
+z4U0DqjcSZDPVLN3ae3E1dQQP7aSe4LlgYP0ZFgn+cTNFOwe950diE22zPQR/yRq
+ZhzNkXwvwxL1eirP6Evd3aX60xmQoV/g103KsVeCx+ZJ/6G1xA01x4Sw+5G1pH0j
+T+NnqYAODxD3uxDnAgMBAAGjga4wgaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQW
+BBRO6N23fnbWi7eK5OHvN05UYN+LijA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8v
+Y3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI
+5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+AwIwDQYJKoZIhvcNAQEFBQADgYEACmWFvfv3qUV3KO0j5R3eS35cl44EvVeq8FFX
+Ib46eOoMybZLt4tMK56zeTyE4mACOdjqLB4G8gLYTDMw4bGpHBLnOM+F97As7FD3
+VpzIfd8DBTkJqC/u9zpHz7VCWoufYIXRzH/kSh6V3TJlTWasgYsI+OLfPuXra4WY
+FgjRhhc=
+-----END CERTIFICATE-----
+

data/spec/integration/openssl/ssl/ssl_socket_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+describe OpenSSL::SSL::SSLSocket do
+  it 'carries the OpenSSLExtensions::SSL::SSLSocket extensions' do
+    OpenSSL::SSL::SSLSocket.ancestors.should include(OpenSSLExtensions::SSL::SSLSocket)
+  end
+end

data/spec/integration/openssl/x509/certificate_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe OpenSSL::X509::Certificate do
+  subject { ssl_certificates('www.geocerts.com') }
+
+  it "includes the OpenSSLExtensions::X509::Certificate extensions" do
+    subject.should be_kind_of OpenSSLExtensions::X509::Certificate
+  end
+end

data/spec/integration/openssl/x509/name_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe OpenSSL::X509::Name do
+  subject { ssl_certificates('www.geocerts.com').issuer }
+
+  it "includes the OpenSSLExtensions::X509::Name extensions" do
+    subject.should be_kind_of OpenSSLExtensions::X509::Name
+  end
+end

data/spec/integration/openssl/x509/request_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe OpenSSL::X509::Request do
+  subject { certificate_request('geocerts') }
+
+  it "includes the OpenSSLExtensions::X509::Request extensions" do
+    subject.should be_kind_of OpenSSLExtensions::X509::Request
+  end
+end
+

data/spec/models/openssl-extensions/ssl/ssl_socket_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe OpenSSLExtensions::SSL::SSLSocket do
+  context 'peer_cert_chain' do
+    it 'delegates to OpenSSLExtensions::X509::CertificateChain' do
+      pending 'Figure out how to stub the IO required for SSLSocket without using an actual File or TCPSocket.'
+      OpenSSLExtensions::X509::CertificateChain.
+        should_receive(:new).
+        with(an_instance_of(OpenSSL::X509::Certificate),
+             an_instance_of(Array)).
+        once.
+        and_return([])
+      subject.peer_cert_chain
+    end
+  end
+end

data/spec/models/openssl-extensions/x509/authority_key_identifier_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe OpenSSLExtensions::X509::AuthorityKeyIdentifier do
+  context 'using a V1 identifier' do
+    subject { OpenSSLExtensions::X509::AuthorityKeyIdentifier.new('DirName:/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1, serial:03:ED') }
+
+    its(:issuer_name) { should == 'Hongkong Post Root CA 1' }
+    its(:serial_number) { should == '03:ED' }
+    its(:serial) { should == '03:ED' }
+  end
+
+  context 'using a V3 identifier' do
+    subject { OpenSSLExtensions::X509::AuthorityKeyIdentifier.new("keyid:28:C4:EB:8F:F1:5F:79:90:A3:2B:55:C3:56:4E:7D:6B:53:72:2C:18\n") }
+
+    its(:key_id) { should == '28:C4:EB:8F:F1:5F:79:90:A3:2B:55:C3:56:4E:7D:6B:53:72:2C:18' }
+  end
+end

data/spec/models/openssl-extensions/x509/certificate_chain_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper'
+
+describe OpenSSLExtensions::X509::CertificateChain do
+  context 'with SSL V3 certificates' do
+    subject do
+      OpenSSLExtensions::X509::CertificateChain.
+        new(ssl_certificates('www.geocerts.com'), [ssl_certificates('www.geocerts.com'),
+            ssl_certificates('GeoTrust Primary Certification Authority'),
+            ssl_certificates('GeoTrust Extended Validation SSL CA') ])
+    end
+
+    it 'is the correct size' do
+      subject.size.should == 3
+    end
+
+    it 'reports itself as an Array' do
+      subject.class.should == Array
+    end
+
+    it 'is in the correct order' do
+      subject.should == [ssl_certificates('www.geocerts.com'),
+        ssl_certificates('GeoTrust Extended Validation SSL CA'),
+        ssl_certificates('GeoTrust Primary Certification Authority')]
+    end
+  end
+
+  context 'with SSL V1 certificates' do
+    subject do
+      OpenSSLExtensions::X509::CertificateChain.
+        new(ssl_certificates('app1.hongkongpost.com'), [ssl_certificates('app1.hongkongpost.com'),
+            ssl_certificates('Hongkong Post e-Cert CA'),
+            ssl_certificates('Hongkong Post Root CA'),
+            ssl_certificates('Hongkong Post e-Cert CA 1'),
+            ssl_certificates('Hongkong Post Root CA 1') ])
+    end
+
+    it 'filters out unlinked certificates' do
+      subject.should_not include(ssl_certificates('Hongkong Post e-Cert CA'))
+      subject.should_not include(ssl_certificates('Hongkong Post Root CA'))
+    end
+
+    it 'includes chained certificates' do
+      subject.should include(ssl_certificates('app1.hongkongpost.com'))
+      subject.should include(ssl_certificates('Hongkong Post e-Cert CA 1'))
+      subject.should include(ssl_certificates('Hongkong Post Root CA 1'))
+    end
+
+    it 'is in the correct order' do
+      subject.should == [ssl_certificates('app1.hongkongpost.com'),
+        ssl_certificates('Hongkong Post e-Cert CA 1'),
+        ssl_certificates('Hongkong Post Root CA 1')]
+    end
+  end
+end

data/spec/models/openssl-extensions/x509/certificate_spec.rb

@@ -0,0 +1,109 @@
+require 'spec_helper'
+
+describe OpenSSLExtensions::X509::Certificate do
+  subject { extended_ssl_certificates('www.geocerts.com') }
+
+  its(:subject_alternative_names) { should == %w(www.geocerts.com geocerts.com) }
+  its(:subject_key_identifier) { should be_nil }
+  its(:authority_key_identifier) { should be_kind_of(OpenSSLExtensions::X509::AuthorityKeyIdentifier) }
+  its(:ssl_version) { should == 3 }
+
+  context 'strength' do
+    it 'is 2048 bits' do
+      subject.strength.should == 2048
+    end
+
+    it 'is 1024 bits' do
+      extended_ssl_certificates('www.twongo.com').strength.should == 1024
+    end
+  end
+
+  context 'allows_certificate_signing?' do
+    context 'for V3' do
+      it 'is true for a root certificate' do
+        extended_ssl_certificates('GeoTrust Primary Certification Authority').allows_certificate_signing?.should be_true
+      end
+
+      it 'is false for a site certificate' do
+        extended_ssl_certificates('www.geocerts.com').allows_certificate_signing?.should be_false
+      end
+    end
+
+    context 'for V1' do
+      it 'is true for a root certificate' do
+        extended_ssl_certificates('HongKong Post Root CA 1').allows_certificate_signing?.should be_true
+      end
+
+      it 'is false for a site certificate' do
+        extended_ssl_certificates('app1.hongkongpost.com').allows_certificate_signing?.should be_false
+      end
+    end
+  end
+
+  context 'issuing_certificate?' do
+    context 'for V3' do
+      it 'is true when passing the issuing certificate' do
+        extended_ssl_certificates('www.geocerts.com').
+          issuing_certificate?(extended_ssl_certificates('GeoTrust Extended Validation SSL CA')).should be_true
+      end
+
+      it 'is false when passing the distant root certificate' do
+        extended_ssl_certificates('www.geocerts.com').
+          issuing_certificate?(extended_ssl_certificates('GeoTrust Primary Certification Authority')).should be_false
+      end
+
+      it 'is false when passing a different site certificate' do
+        extended_ssl_certificates('www.geocerts.com').
+          issuing_certificate?(extended_ssl_certificates('www.twongo.com'))
+      end
+    end
+  end
+
+  context 'equality (==)' do
+    it 'is true with matching PEMs' do
+      ssl_certificates('www.geocerts.com').should == ssl_certificates('www.geocerts.com')
+    end
+
+    it 'is false with mismatched PEMs' do
+      certificate = ssl_certificates('www.geocerts.com')
+      certificate.should_receive(:to_pem).and_return('DIFFERENTPEM')
+      ssl_certificates('www.geocerts.com').should_not == certificate
+    end
+  end
+
+  context 'in a collection, uniq' do
+    it 'removes duplicate certificates' do
+      [ssl_certificates('www.geocerts.com'),
+        ssl_certificates('www.geocerts.com')].uniq.should ==
+        [ssl_certificates('www.geocerts.com')]
+    end
+
+    it 'does not modify non-duplicates' do
+      [ssl_certificates('www.geocerts.com'),
+        ssl_certificates('GeoTrust Extended Validation SSL CA')].uniq.should ==
+      [ssl_certificates('www.geocerts.com'),
+        ssl_certificates('GeoTrust Extended Validation SSL CA')]
+    end
+  end
+
+  context 'when a subject key identifier is provided' do
+
+    subject { ssl_certificates('GeoTrust Extended Validation SSL CA').extend(OpenSSLExtensions::X509::Certificate) }
+
+    its(:subject_key_identifier) { should == '28:C4:EB:8F:F1:5F:79:90:A3:2B:55:C3:56:4E:7D:6B:53:72:2C:18' }
+  end
+
+  context 'root?' do
+    it 'is false for a certificate with a separate issuer' do
+      extended_ssl_certificates('www.geocerts.com').should_not be_root
+    end
+
+    it 'is true for a certificate which is its own issuer' do
+      extended_ssl_certificates('equifax-secure-ca').should be_root
+    end
+
+    it 'is true for a certificate with a matching subject and issuer, subject identifier given, but no authority identifier provided' do
+      extended_ssl_certificates('globalsign-root-ca').should be_root
+    end
+  end
+end

data/spec/models/openssl-extensions/x509/name_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe OpenSSLExtensions::X509::Name do
+  subject { ssl_certificates('www.geocerts.com').subject.extend(OpenSSLExtensions::X509::Name) }
+
+  its(:organization) { should == 'GeoCerts Inc' }
+  its(:organizational_unit) { should == 'SSL Sales' }
+  its(:common_name) { should == 'www.geocerts.com' }
+  its(:country) { should == 'US' }
+  its(:locality) { should == 'Atlanta' }
+  its(:state) { should == 'Georgia' }
+  its(:region) { should == 'Georgia' }
+
+  context 'with an email address' do
+    subject { certificate_request('envylabs').subject.extend(OpenSSLExtensions::X509::Name) }
+    its(:email) { should == 'support@envylabs.com' }
+  end
+
+  its(:location) { should == 'Atlanta, Georgia, US' }
+end

data/spec/models/openssl-extensions/x509/request_spec.rb

@@ -0,0 +1,77 @@
+require 'spec_helper'
+
+describe OpenSSLExtensions::X509::Request do
+  subject { extended_certificate_request('geocerts') }
+
+  context 'subject_alternative_names' do
+    context 'on a CSR with SANs' do
+      subject { extended_certificate_request('sans') }
+      it 'returns a collection of the alternative names' do
+        subject.subject_alternative_names.should ==
+          ['mail.sipchem.local',
+            'mail.sipchem.com',
+            'sipchem.com',
+            'autodiscover.sipchem.local',
+            'autodiscover.sipchem.com',
+            'sipc-cas01',
+            'sipc-cas02',
+            'sipchem.local' ]
+      end
+    end
+
+    context 'on a CSR without SANs' do
+      it 'returns an empty collection' do
+        subject.subject_alternative_names.should == []
+      end
+    end
+  end
+
+  context 'challenge_password?' do
+    context 'on a CSR with a challenge password' do
+      subject { extended_certificate_request('challenge') }
+      its(:challenge_password?) { should be_true }
+    end
+
+    context 'on a CSR without a challenge password' do
+      its(:challenge_password?) { should be_false }
+    end
+  end
+
+  context 'strength' do
+    it 'is 2048 bits' do
+      subject.strength.should == 2048
+    end
+
+    it 'is 1024 bits' do
+      extended_certificate_request('1024').strength.should == 1024
+    end
+  end
+
+  context 'equality (==)' do
+    it 'is true with matching PEMs' do
+      extended_certificate_request('geocerts').should ==
+        extended_certificate_request('geocerts')
+    end
+
+    it 'is false with mismatched PEMs' do
+      certificate = extended_certificate_request('geocerts')
+      certificate.should_receive(:to_pem).and_return('DIFFERENTPEM')
+      extended_certificate_request('geocerts').should_not == certificate
+    end
+  end
+
+  context 'in a collection, uniq' do
+    it 'removes duplicate certificates' do
+      [extended_certificate_request('geocerts'),
+        extended_certificate_request('geocerts')].uniq.should ==
+        [extended_certificate_request('geocerts')]
+    end
+
+    it 'does not modify non-duplicates' do
+      [extended_certificate_request('geocerts'),
+        extended_certificate_request('1024')].uniq.should ==
+      [extended_certificate_request('geocerts'),
+        extended_certificate_request('1024')]
+    end
+  end
+end

data/spec/models/openssl-extensions_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe OpenSSLExtensions do
+  context 'check_dependencies!' do
+    context 'with OpenSSL extensions installed' do
+      before(:each) do
+        OpenSSLExtensions.should_receive(:require).with('openssl').and_return(true)
+      end
+
+      it 'does not exit' do
+        OpenSSLExtensions.should_receive(:exit).never
+        OpenSSLExtensions.check_dependencies!
+      end
+
+      it 'does not write to STDERR' do
+        $stderr.should_receive(:puts).never
+        OpenSSLExtensions.check_dependencies!
+      end
+    end
+
+    context 'without OpenSSL extensions installed' do
+      before(:each) do
+        OpenSSLExtensions.should_receive(:require).with('openssl').and_raise(LoadError)
+
+        $stderr.stub!(:puts)
+        OpenSSLExtensions.stub!(:exit)
+      end
+
+      it 'write a message on STDERR' do
+        $stderr.should_receive(:puts).with("OpenSSLExtensions requires Ruby to be compiled with OpenSSL support.")
+        OpenSSLExtensions.check_dependencies!
+      end
+
+      it 'exits with error' do
+        OpenSSLExtensions.should_receive(:exit).with(1)
+        OpenSSLExtensions.check_dependencies!
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+# encoding: utf-8
+lib = File.expand_path('../../lib', __FILE__)
+$:.unshift lib unless $:.include?(lib)
+
+begin
+  require 'openssl'
+rescue LoadError
+  $stderr.puts "OpenSSLExtensions requires Ruby to be compiled with OpenSSL support"
+  exit(1)
+end
+
+require 'rubygems'
+require 'bundler'
+
+Bundler.setup
+Bundler.require :default, :test
+
+require 'openssl-extensions/all'
+
+Dir.glob(File.join(File.dirname(__FILE__), 'support/**/*.rb')).each do |f|
+  require f
+end

data/spec/support/certificate_request_fixtures.rb

@@ -0,0 +1,29 @@
+module CertificateRequestFixtures
+
+  ##
+  # Returns an OpenSSL::X509::Request without explicit extensions.
+  #
+  def certificate_request(name)
+    name = name.to_s.downcase.gsub(/[^\w\.]/, '-')
+    @_certificate_requests ||= {}
+    return @_certificate_requests[name].dup if @_certificate_requests.has_key?(name)
+
+    request_path = File.expand_path("../../fixtures/certificate_requests/#{name}.csr", __FILE__)
+    @_certificate_requests[name] = File.exist?(request_path) ?
+      OpenSSL::X509::Request.new(File.read(request_path)) :
+      nil
+  end
+
+  ##
+  # Returns an OpenSSL::X509::Request explicitly extended with OpenSSLExtensions::X509::Request.
+  #
+  def extended_certificate_request(name)
+    certificate_request(name).extend(OpenSSLExtensions::X509::Request)
+  end
+
+end
+
+RSpec.configure do |config|
+  config.include CertificateRequestFixtures
+end
+

data/spec/support/ssl_certificate_fixtures.rb

@@ -0,0 +1,28 @@
+module SslCertificateFixtures
+
+  ##
+  # Returns an OpenSSL::X509::Certificate without explicit extensions.
+  #
+  def ssl_certificates(name)
+    name = name.to_s.downcase.gsub(/[^\w\.]/, '-')
+    @_ssl_certificates ||= {}
+    return @_ssl_certificates[name].dup if @_ssl_certificates.has_key?(name)
+
+    certificate_path = File.expand_path("../../fixtures/certificates/#{name}.pem", __FILE__)
+    @_ssl_certificates[name] = File.exist?(certificate_path) ?
+      OpenSSL::X509::Certificate.new(File.read(certificate_path)) :
+      nil
+  end
+
+  ##
+  # Returns an OpenSSL::X509::Certificate explicitly extended with OpenSSLExtensions::X509::Certificate.
+  #
+  def extended_ssl_certificates(name)
+    ssl_certificates(name).extend(OpenSSLExtensions::X509::Certificate)
+  end
+
+end
+
+RSpec.configure do |config|
+  config.include SslCertificateFixtures
+end

metadata

@@ -1,13 +1,12 @@
 --- !ruby/object:Gem::Specification 
 name: openssl-extensions
 version: !ruby/object:Gem::Version 
-  hash: 13
   prerelease: false
   segments: 
+  - 1
   - 0
   - 0
-  - 9
-  version: 0.0.9
+  version: 1.0.0
 platform: ruby
 authors: 
 - Nathaniel Bibler
@@ -15,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-12-07 00:00:00 -05:00
+date: 2011-01-07 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -24,14 +23,13 @@ dependencies:
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        hash: 11
         segments: 
         - 2
-        - 1
+        - 4
         - 0
-        version: 2.1.0
+        version: 2.4.0
   type: :development
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -40,9 +38,8 @@ dependencies:
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        hash: 29
         segments: 
         - 0
         - 0
@@ -71,6 +68,41 @@ files:
 - lib/openssl-extensions/x509/request.rb
 - lib/openssl-extensions/x509.rb
 - lib/openssl-extensions.rb
+- CHANGELOG.md
+- LICENSE
+- README.md
+- spec/fixtures/certificate_requests/1024.csr
+- spec/fixtures/certificate_requests/challenge.csr
+- spec/fixtures/certificate_requests/envylabs.csr
+- spec/fixtures/certificate_requests/geocerts.csr
+- spec/fixtures/certificate_requests/geocerts.key
+- spec/fixtures/certificate_requests/geocerts_1024.key
+- spec/fixtures/certificate_requests/sans.csr
+- spec/fixtures/certificates/app1.hongkongpost.com.pem
+- spec/fixtures/certificates/equifax-secure-ca.pem
+- spec/fixtures/certificates/geotrust-extended-validation-ssl-ca.pem
+- spec/fixtures/certificates/geotrust-primary-certification-authority.pem
+- spec/fixtures/certificates/globalsign-root-ca.pem
+- spec/fixtures/certificates/hongkong-post-e-cert-ca-1.pem
+- spec/fixtures/certificates/hongkong-post-e-cert-ca.pem
+- spec/fixtures/certificates/hongkong-post-root-ca-1.pem
+- spec/fixtures/certificates/hongkong-post-root-ca.pem
+- spec/fixtures/certificates/www.geocerts.com.pem
+- spec/fixtures/certificates/www.twongo.com.pem
+- spec/integration/openssl/ssl/ssl_socket_spec.rb
+- spec/integration/openssl/x509/certificate_spec.rb
+- spec/integration/openssl/x509/name_spec.rb
+- spec/integration/openssl/x509/request_spec.rb
+- spec/models/openssl-extensions/ssl/ssl_socket_spec.rb
+- spec/models/openssl-extensions/x509/authority_key_identifier_spec.rb
+- spec/models/openssl-extensions/x509/certificate_chain_spec.rb
+- spec/models/openssl-extensions/x509/certificate_spec.rb
+- spec/models/openssl-extensions/x509/name_spec.rb
+- spec/models/openssl-extensions/x509/request_spec.rb
+- spec/models/openssl-extensions_spec.rb
+- spec/spec_helper.rb
+- spec/support/certificate_request_fixtures.rb
+- spec/support/ssl_certificate_fixtures.rb
 has_rdoc: true
 homepage: http://github.com/envylabs/openssl-extensions
 licenses: []
@@ -85,7 +117,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
       segments: 
       - 0
       version: "0"
@@ -94,7 +125,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 23
       segments: 
       - 1
       - 3
@@ -107,5 +137,36 @@ rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: Helper methods and extensions for OpenSSL to make the interface more intuitive.
-test_files: []
-
+test_files: 
+- spec/fixtures/certificate_requests/1024.csr
+- spec/fixtures/certificate_requests/challenge.csr
+- spec/fixtures/certificate_requests/envylabs.csr
+- spec/fixtures/certificate_requests/geocerts.csr
+- spec/fixtures/certificate_requests/geocerts.key
+- spec/fixtures/certificate_requests/geocerts_1024.key
+- spec/fixtures/certificate_requests/sans.csr
+- spec/fixtures/certificates/app1.hongkongpost.com.pem
+- spec/fixtures/certificates/equifax-secure-ca.pem
+- spec/fixtures/certificates/geotrust-extended-validation-ssl-ca.pem
+- spec/fixtures/certificates/geotrust-primary-certification-authority.pem
+- spec/fixtures/certificates/globalsign-root-ca.pem
+- spec/fixtures/certificates/hongkong-post-e-cert-ca-1.pem
+- spec/fixtures/certificates/hongkong-post-e-cert-ca.pem
+- spec/fixtures/certificates/hongkong-post-root-ca-1.pem
+- spec/fixtures/certificates/hongkong-post-root-ca.pem
+- spec/fixtures/certificates/www.geocerts.com.pem
+- spec/fixtures/certificates/www.twongo.com.pem
+- spec/integration/openssl/ssl/ssl_socket_spec.rb
+- spec/integration/openssl/x509/certificate_spec.rb
+- spec/integration/openssl/x509/name_spec.rb
+- spec/integration/openssl/x509/request_spec.rb
+- spec/models/openssl-extensions/ssl/ssl_socket_spec.rb
+- spec/models/openssl-extensions/x509/authority_key_identifier_spec.rb
+- spec/models/openssl-extensions/x509/certificate_chain_spec.rb
+- spec/models/openssl-extensions/x509/certificate_spec.rb
+- spec/models/openssl-extensions/x509/name_spec.rb
+- spec/models/openssl-extensions/x509/request_spec.rb
+- spec/models/openssl-extensions_spec.rb
+- spec/spec_helper.rb
+- spec/support/certificate_request_fixtures.rb
+- spec/support/ssl_certificate_fixtures.rb