r509-ca-http 0.1 → 0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +18 -18
- data/doc/R509/CertificateAuthority/Http/Factory/CsrFactory.html +11 -11
- data/doc/R509/CertificateAuthority/Http/Factory/SpkiFactory.html +11 -11
- data/doc/R509/CertificateAuthority/Http/Factory.html +9 -9
- data/doc/R509/CertificateAuthority/Http/Server.html +9 -9
- data/doc/R509/CertificateAuthority/Http/SubjectParser.html +22 -22
- data/doc/R509/CertificateAuthority/Http/ValidityPeriodConverter.html +19 -19
- data/doc/R509/CertificateAuthority/Http.html +11 -11
- data/doc/R509/CertificateAuthority.html +6 -6
- data/doc/R509.html +5 -5
- data/doc/_index.html +21 -21
- data/doc/class_list.html +2 -2
- data/doc/css/style.css +10 -0
- data/doc/file.README.html +7 -7
- data/doc/file_list.html +1 -1
- data/doc/frames.html +1 -1
- data/doc/index.html +7 -7
- data/doc/js/full_list.js +6 -1
- data/doc/method_list.html +10 -20
- data/doc/top-level-namespace.html +5 -5
- data/lib/r509/certificateauthority/http/factory.rb +12 -12
- data/lib/r509/certificateauthority/http/server.rb +219 -223
- data/lib/r509/certificateauthority/http/subjectparser.rb +27 -27
- data/lib/r509/certificateauthority/http/validityperiodconverter.rb +14 -14
- data/lib/r509/certificateauthority/http/version.rb +4 -4
- data/lib/r509/certificateauthority/http/views/test_issue.erb +73 -73
- data/lib/r509/certificateauthority/http/views/test_revoke.erb +19 -19
- data/lib/r509/certificateauthority/http/views/test_unrevoke.erb +14 -14
- data/spec/fixtures/test_config.yaml +14 -15
- data/spec/http_spec.rb +235 -227
- data/spec/spec_helper.rb +1 -1
- data/spec/subject_parser_spec.rb +2 -2
- data/spec/validity_period_converter_spec.rb +2 -2
- metadata +20 -20
data/spec/http_spec.rb
CHANGED
|
@@ -1,250 +1,258 @@
|
|
|
1
1
|
require File.dirname(__FILE__) + '/spec_helper'
|
|
2
2
|
require "openssl"
|
|
3
3
|
|
|
4
|
-
describe R509::CertificateAuthority::
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
4
|
+
describe R509::CertificateAuthority::HTTP::Server do
|
|
5
|
+
before :all do
|
|
6
|
+
#config_pool registry is in spec_helper because we need to register it
|
|
7
|
+
#BEFORE we include r509-ca-http
|
|
8
|
+
Dependo::Registry[:log] = Logger.new(nil)
|
|
9
|
+
end
|
|
10
10
|
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
11
|
+
before :each do
|
|
12
|
+
@crls = { "test_ca" => double("crl") }
|
|
13
|
+
@certificate_authorities = { "test_ca" => double("test_ca") }
|
|
14
|
+
@subject_parser = double("subject parser")
|
|
15
|
+
@validity_period_converter = double("validity period converter")
|
|
16
|
+
@csr_factory = double("csr factory")
|
|
17
|
+
@spki_factory = double("spki factory")
|
|
18
|
+
end
|
|
19
19
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
20
|
+
def app
|
|
21
|
+
@app ||= R509::CertificateAuthority::HTTP::Server
|
|
22
|
+
@app.send(:set, :crls, @crls)
|
|
23
|
+
@app.send(:set, :certificate_authorities, @certificate_authorities)
|
|
24
|
+
@app.send(:set, :subject_parser, @subject_parser)
|
|
25
|
+
@app.send(:set, :validity_period_converter, @validity_period_converter)
|
|
26
|
+
@app.send(:set, :csr_factory, @csr_factory)
|
|
27
|
+
@app.send(:set, :spki_factory, @spki_factory)
|
|
28
|
+
end
|
|
29
29
|
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
end
|
|
30
|
+
context "get CRL" do
|
|
31
|
+
it "gets the CRL" do
|
|
32
|
+
@crls["test_ca"].should_receive(:to_pem).and_return("generated crl")
|
|
33
|
+
get "/1/crl/test_ca/get"
|
|
34
|
+
last_response.should be_ok
|
|
35
|
+
last_response.content_type.should match /text\/plain/
|
|
36
|
+
last_response.body.should == "generated crl"
|
|
37
|
+
end
|
|
38
|
+
it "when CA is not found" do
|
|
39
|
+
get "/1/crl/bogus/get/"
|
|
40
|
+
last_response.status.should == 500
|
|
41
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
|
43
42
|
end
|
|
43
|
+
end
|
|
44
44
|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
end
|
|
52
|
-
it "when CA is not found" do
|
|
53
|
-
get "/1/crl/bogus/generate/"
|
|
54
|
-
last_response.status.should == 500
|
|
55
|
-
last_response.body.should == "#<ArgumentError: CA not found>"
|
|
56
|
-
end
|
|
45
|
+
context "generate CRL" do
|
|
46
|
+
it "generates the CRL" do
|
|
47
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return("generated crl")
|
|
48
|
+
get "/1/crl/test_ca/generate"
|
|
49
|
+
last_response.should be_ok
|
|
50
|
+
last_response.body.should == "generated crl"
|
|
57
51
|
end
|
|
52
|
+
it "when CA is not found" do
|
|
53
|
+
get "/1/crl/bogus/generate/"
|
|
54
|
+
last_response.status.should == 500
|
|
55
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
58
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
59
|
+
context "issue certificate" do
|
|
60
|
+
it "when no parameters are given" do
|
|
61
|
+
post "/1/certificate/issue"
|
|
62
|
+
last_response.should_not be_ok
|
|
63
|
+
last_response.body.should == "#<ArgumentError: Must provide a CA>"
|
|
64
|
+
end
|
|
65
|
+
it "when there's a profile, subject, CSR, validity period, but no ca" do
|
|
66
|
+
post "/1/certificate/issue", "profile" => "my profile", "subject" => "subject", "csr" => "my csr", "validityPeriod" => 365
|
|
67
|
+
last_response.should_not be_ok
|
|
68
|
+
last_response.body.should == "#<ArgumentError: Must provide a CA>"
|
|
69
|
+
end
|
|
70
|
+
it "when there's a ca, profile, subject, CSR, but no validity period" do
|
|
71
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "my profile", "subject" => "subject", "csr" => "my csr"
|
|
72
|
+
last_response.should_not be_ok
|
|
73
|
+
last_response.body.should == "#<ArgumentError: Must provide a validity period>"
|
|
74
|
+
end
|
|
75
|
+
it "when there's a ca, profile, subject, validity period, but no CSR" do
|
|
76
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "my profile", "subject" => "subject", "validityPeriod" => 365
|
|
77
|
+
last_response.should_not be_ok
|
|
78
|
+
last_response.body.should == "#<ArgumentError: Must provide a CSR or SPKI>"
|
|
79
|
+
end
|
|
80
|
+
it "when there's a ca, profile, CSR, validity period, but no subject" do
|
|
81
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(R509::Subject.new)
|
|
82
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "validityPeriod" => 365, "csr" => "csr"
|
|
83
|
+
last_response.should_not be_ok
|
|
84
|
+
last_response.body.should == "#<ArgumentError: Must provide a subject>"
|
|
85
|
+
end
|
|
86
|
+
it "when there's a ca, subject, CSR, validity period, but no profile" do
|
|
87
|
+
post "/1/certificate/issue", "ca" => "test_ca", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
|
|
88
|
+
last_response.should_not be_ok
|
|
89
|
+
last_response.body.should == "#<ArgumentError: Must provide a CA profile>"
|
|
90
|
+
end
|
|
91
|
+
it "when the given CA is not found" do
|
|
92
|
+
post "/1/certificate/issue", "ca" => "some bogus CA"
|
|
93
|
+
last_response.should_not be_ok
|
|
94
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
|
95
|
+
end
|
|
96
|
+
it "fails to issue" do
|
|
97
|
+
csr = double("csr")
|
|
98
|
+
@csr_factory.should_receive(:build).with({:csr => "csr"}).and_return(csr)
|
|
99
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
|
100
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
|
101
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
|
102
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_raise(R509::R509Error.new("failed to issue because of: good reason"))
|
|
103
103
|
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
104
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
|
|
105
|
+
last_response.should_not be_ok
|
|
106
|
+
last_response.body.should == "#<R509::R509Error: failed to issue because of: good reason>"
|
|
107
|
+
end
|
|
108
|
+
it "issues a CSR with no SAN extensions" do
|
|
109
|
+
csr = double("csr")
|
|
110
|
+
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
|
111
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
|
112
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
|
113
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
|
114
|
+
cert = double("cert")
|
|
115
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_return(cert)
|
|
116
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
|
117
117
|
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
118
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
|
|
119
|
+
last_response.should be_ok
|
|
120
|
+
last_response.body.should == "signed cert"
|
|
121
|
+
end
|
|
122
|
+
it "issues a CSR with SAN extensions" do
|
|
123
|
+
csr = double("csr")
|
|
124
|
+
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
|
125
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
|
126
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
|
127
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
|
128
|
+
cert = double("cert")
|
|
129
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
|
|
130
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
|
131
131
|
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
132
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
|
|
133
|
+
last_response.should be_ok
|
|
134
|
+
last_response.body.should == "signed cert"
|
|
135
|
+
end
|
|
136
|
+
it "issues an SPKI without SAN extensions" do
|
|
137
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
|
138
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
|
139
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
|
140
|
+
spki = double("spki")
|
|
141
|
+
@spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
|
|
142
|
+
cert = double("cert")
|
|
143
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:spki => spki, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_return(cert)
|
|
144
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
|
145
145
|
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
146
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki"
|
|
147
|
+
last_response.should be_ok
|
|
148
|
+
last_response.body.should == "signed cert"
|
|
149
|
+
end
|
|
150
|
+
it "issues an SPKI with SAN extensions" do
|
|
151
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
|
152
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
|
153
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
|
154
|
+
spki = double("spki")
|
|
155
|
+
@spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
|
|
156
|
+
cert = double("cert")
|
|
157
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:spki => spki, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
|
|
158
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
|
159
159
|
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
160
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
|
|
161
|
+
last_response.should be_ok
|
|
162
|
+
last_response.body.should == "signed cert"
|
|
163
|
+
end
|
|
164
|
+
it "when there are empty SAN names" do
|
|
165
|
+
csr = double("csr")
|
|
166
|
+
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
|
167
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
|
168
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
|
169
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
|
170
|
+
cert = double("cert")
|
|
171
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
|
|
172
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
|
173
173
|
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
end
|
|
174
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com","",""]
|
|
175
|
+
last_response.should be_ok
|
|
176
|
+
last_response.body.should == "signed cert"
|
|
178
177
|
end
|
|
178
|
+
end
|
|
179
179
|
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 1).and_return(nil)
|
|
205
|
-
@crls["test_ca"].should_receive(:to_pem).and_return("generated crl")
|
|
206
|
-
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "1"
|
|
207
|
-
last_response.should be_ok
|
|
208
|
-
last_response.body.should == "generated crl"
|
|
209
|
-
end
|
|
210
|
-
it "when serial is not an integer" do
|
|
211
|
-
@crls["test_ca"].should_receive(:revoke_cert).with(0, 0).and_raise(R509::R509Error.new("some r509 error"))
|
|
212
|
-
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "foo"
|
|
213
|
-
last_response.should_not be_ok
|
|
214
|
-
last_response.body.should == "#<R509::R509Error: some r509 error>"
|
|
215
|
-
end
|
|
216
|
-
it "when reason is not an integer" do
|
|
217
|
-
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 0).and_return(nil)
|
|
218
|
-
@crls["test_ca"].should_receive(:to_pem).and_return("generated crl")
|
|
219
|
-
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "foo"
|
|
220
|
-
last_response.should be_ok
|
|
221
|
-
last_response.body.should == "generated crl"
|
|
222
|
-
end
|
|
180
|
+
context "revoke certificate" do
|
|
181
|
+
it "when no CA is given" do
|
|
182
|
+
post "/1/certificate/revoke", "serial" => "foo"
|
|
183
|
+
last_response.status.should == 500
|
|
184
|
+
last_response.body.should == "#<ArgumentError: CA must be provided>"
|
|
185
|
+
end
|
|
186
|
+
it "when CA is not found" do
|
|
187
|
+
post "/1/certificate/revoke", "ca" => "bogus ca name", "serial" => "foo"
|
|
188
|
+
last_response.status.should == 500
|
|
189
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
|
190
|
+
end
|
|
191
|
+
it "when no serial is given" do
|
|
192
|
+
post "/1/certificate/revoke", "ca" => "test_ca"
|
|
193
|
+
last_response.should_not be_ok
|
|
194
|
+
last_response.body.should == "#<ArgumentError: Serial must be provided>"
|
|
195
|
+
end
|
|
196
|
+
it "when serial is given but not reason" do
|
|
197
|
+
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 0).and_return(nil)
|
|
198
|
+
crl_list = double("crl-list")
|
|
199
|
+
@crls["test_ca"].should_receive(:crl).and_return(crl_list)
|
|
200
|
+
crl_list.should_receive(:to_pem).and_return("generated crl")
|
|
201
|
+
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345"
|
|
202
|
+
last_response.should be_ok
|
|
203
|
+
last_response.body.should == "generated crl"
|
|
223
204
|
end
|
|
205
|
+
it "when serial and reason are given" do
|
|
206
|
+
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 1).and_return(nil)
|
|
207
|
+
crl_list = double("crl-list")
|
|
208
|
+
@crls["test_ca"].should_receive(:crl).and_return(crl_list)
|
|
209
|
+
crl_list.should_receive(:to_pem).and_return("generated crl")
|
|
210
|
+
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "1"
|
|
211
|
+
last_response.should be_ok
|
|
212
|
+
last_response.body.should == "generated crl"
|
|
213
|
+
end
|
|
214
|
+
it "when serial is not an integer" do
|
|
215
|
+
@crls["test_ca"].should_receive(:revoke_cert).with(0, 0).and_raise(R509::R509Error.new("some r509 error"))
|
|
216
|
+
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "foo"
|
|
217
|
+
last_response.should_not be_ok
|
|
218
|
+
last_response.body.should == "#<R509::R509Error: some r509 error>"
|
|
219
|
+
end
|
|
220
|
+
it "when reason is not an integer" do
|
|
221
|
+
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 0).and_return(nil)
|
|
222
|
+
crl_list = double("crl-list")
|
|
223
|
+
@crls["test_ca"].should_receive(:crl).and_return(crl_list)
|
|
224
|
+
crl_list.should_receive(:to_pem).and_return("generated crl")
|
|
225
|
+
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "foo"
|
|
226
|
+
last_response.should be_ok
|
|
227
|
+
last_response.body.should == "generated crl"
|
|
228
|
+
end
|
|
229
|
+
end
|
|
224
230
|
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
231
|
+
context "unrevoke certificate" do
|
|
232
|
+
it "when no CA is given" do
|
|
233
|
+
post "/1/certificate/unrevoke", "serial" => "foo"
|
|
234
|
+
last_response.status.should == 500
|
|
235
|
+
last_response.body.should == "#<ArgumentError: CA must be provided>"
|
|
236
|
+
end
|
|
237
|
+
it "when CA is not found" do
|
|
238
|
+
post "/1/certificate/unrevoke", "ca" => "bogus ca", "serial" => "foo"
|
|
239
|
+
last_response.status.should == 500
|
|
240
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
|
241
|
+
end
|
|
242
|
+
it "when no serial is given" do
|
|
243
|
+
post "/1/certificate/unrevoke", "ca" => "test_ca"
|
|
244
|
+
last_response.should_not be_ok
|
|
245
|
+
last_response.body.should == "#<ArgumentError: Serial must be provided>"
|
|
246
|
+
end
|
|
247
|
+
it "when serial is given" do
|
|
248
|
+
@crls["test_ca"].should_receive(:unrevoke_cert).with(12345).and_return(nil)
|
|
249
|
+
crl_list = double("crl-list")
|
|
250
|
+
@crls["test_ca"].should_receive(:crl).and_return(crl_list)
|
|
251
|
+
crl_list.should_receive(:to_pem).and_return("generated crl")
|
|
252
|
+
post "/1/certificate/unrevoke", "ca" => "test_ca", "serial" => "12345"
|
|
253
|
+
last_response.should be_ok
|
|
254
|
+
last_response.body.should == "generated crl"
|
|
248
255
|
end
|
|
256
|
+
end
|
|
249
257
|
|
|
250
258
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -13,7 +13,7 @@ require 'r509'
|
|
|
13
13
|
require 'dependo'
|
|
14
14
|
require 'logger'
|
|
15
15
|
|
|
16
|
-
Dependo::Registry[:config_pool] = R509::Config::
|
|
16
|
+
Dependo::Registry[:config_pool] = R509::Config::CAConfigPool.from_yaml("certificate_authorities", File.read(File.dirname(__FILE__)+"/fixtures/test_config.yaml"), {:ca_root_path => "#{File.dirname(__FILE__)}/fixtures"})
|
|
17
17
|
|
|
18
18
|
require 'r509/certificateauthority/http/server'
|
|
19
19
|
|
data/spec/subject_parser_spec.rb
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
require File.dirname(__FILE__) + '/spec_helper'
|
|
2
2
|
|
|
3
|
-
describe R509::CertificateAuthority::
|
|
3
|
+
describe R509::CertificateAuthority::HTTP::SubjectParser do
|
|
4
4
|
before :all do
|
|
5
|
-
@parser = R509::CertificateAuthority::
|
|
5
|
+
@parser = R509::CertificateAuthority::HTTP::SubjectParser.new
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
it "when the query string is nil" do
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
require File.dirname(__FILE__) + "/spec_helper"
|
|
2
2
|
|
|
3
|
-
describe R509::CertificateAuthority::
|
|
3
|
+
describe R509::CertificateAuthority::HTTP::ValidityPeriodConverter do
|
|
4
4
|
before :all do
|
|
5
|
-
@converter = R509::CertificateAuthority::
|
|
5
|
+
@converter = R509::CertificateAuthority::HTTP::ValidityPeriodConverter.new
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
it "when validity period is nil" do
|