r509-ca-http 0.1 → 0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +18 -18
- data/doc/R509/CertificateAuthority/Http/Factory/CsrFactory.html +11 -11
- data/doc/R509/CertificateAuthority/Http/Factory/SpkiFactory.html +11 -11
- data/doc/R509/CertificateAuthority/Http/Factory.html +9 -9
- data/doc/R509/CertificateAuthority/Http/Server.html +9 -9
- data/doc/R509/CertificateAuthority/Http/SubjectParser.html +22 -22
- data/doc/R509/CertificateAuthority/Http/ValidityPeriodConverter.html +19 -19
- data/doc/R509/CertificateAuthority/Http.html +11 -11
- data/doc/R509/CertificateAuthority.html +6 -6
- data/doc/R509.html +5 -5
- data/doc/_index.html +21 -21
- data/doc/class_list.html +2 -2
- data/doc/css/style.css +10 -0
- data/doc/file.README.html +7 -7
- data/doc/file_list.html +1 -1
- data/doc/frames.html +1 -1
- data/doc/index.html +7 -7
- data/doc/js/full_list.js +6 -1
- data/doc/method_list.html +10 -20
- data/doc/top-level-namespace.html +5 -5
- data/lib/r509/certificateauthority/http/factory.rb +12 -12
- data/lib/r509/certificateauthority/http/server.rb +219 -223
- data/lib/r509/certificateauthority/http/subjectparser.rb +27 -27
- data/lib/r509/certificateauthority/http/validityperiodconverter.rb +14 -14
- data/lib/r509/certificateauthority/http/version.rb +4 -4
- data/lib/r509/certificateauthority/http/views/test_issue.erb +73 -73
- data/lib/r509/certificateauthority/http/views/test_revoke.erb +19 -19
- data/lib/r509/certificateauthority/http/views/test_unrevoke.erb +14 -14
- data/spec/fixtures/test_config.yaml +14 -15
- data/spec/http_spec.rb +235 -227
- data/spec/spec_helper.rb +1 -1
- data/spec/subject_parser_spec.rb +2 -2
- data/spec/validity_period_converter_spec.rb +2 -2
- metadata +20 -20
data/spec/http_spec.rb
CHANGED
@@ -1,250 +1,258 @@
|
|
1
1
|
require File.dirname(__FILE__) + '/spec_helper'
|
2
2
|
require "openssl"
|
3
3
|
|
4
|
-
describe R509::CertificateAuthority::
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
4
|
+
describe R509::CertificateAuthority::HTTP::Server do
|
5
|
+
before :all do
|
6
|
+
#config_pool registry is in spec_helper because we need to register it
|
7
|
+
#BEFORE we include r509-ca-http
|
8
|
+
Dependo::Registry[:log] = Logger.new(nil)
|
9
|
+
end
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
11
|
+
before :each do
|
12
|
+
@crls = { "test_ca" => double("crl") }
|
13
|
+
@certificate_authorities = { "test_ca" => double("test_ca") }
|
14
|
+
@subject_parser = double("subject parser")
|
15
|
+
@validity_period_converter = double("validity period converter")
|
16
|
+
@csr_factory = double("csr factory")
|
17
|
+
@spki_factory = double("spki factory")
|
18
|
+
end
|
19
19
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
20
|
+
def app
|
21
|
+
@app ||= R509::CertificateAuthority::HTTP::Server
|
22
|
+
@app.send(:set, :crls, @crls)
|
23
|
+
@app.send(:set, :certificate_authorities, @certificate_authorities)
|
24
|
+
@app.send(:set, :subject_parser, @subject_parser)
|
25
|
+
@app.send(:set, :validity_period_converter, @validity_period_converter)
|
26
|
+
@app.send(:set, :csr_factory, @csr_factory)
|
27
|
+
@app.send(:set, :spki_factory, @spki_factory)
|
28
|
+
end
|
29
29
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
end
|
30
|
+
context "get CRL" do
|
31
|
+
it "gets the CRL" do
|
32
|
+
@crls["test_ca"].should_receive(:to_pem).and_return("generated crl")
|
33
|
+
get "/1/crl/test_ca/get"
|
34
|
+
last_response.should be_ok
|
35
|
+
last_response.content_type.should match /text\/plain/
|
36
|
+
last_response.body.should == "generated crl"
|
37
|
+
end
|
38
|
+
it "when CA is not found" do
|
39
|
+
get "/1/crl/bogus/get/"
|
40
|
+
last_response.status.should == 500
|
41
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
43
42
|
end
|
43
|
+
end
|
44
44
|
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
end
|
52
|
-
it "when CA is not found" do
|
53
|
-
get "/1/crl/bogus/generate/"
|
54
|
-
last_response.status.should == 500
|
55
|
-
last_response.body.should == "#<ArgumentError: CA not found>"
|
56
|
-
end
|
45
|
+
context "generate CRL" do
|
46
|
+
it "generates the CRL" do
|
47
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return("generated crl")
|
48
|
+
get "/1/crl/test_ca/generate"
|
49
|
+
last_response.should be_ok
|
50
|
+
last_response.body.should == "generated crl"
|
57
51
|
end
|
52
|
+
it "when CA is not found" do
|
53
|
+
get "/1/crl/bogus/generate/"
|
54
|
+
last_response.status.should == 500
|
55
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
56
|
+
end
|
57
|
+
end
|
58
58
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
59
|
+
context "issue certificate" do
|
60
|
+
it "when no parameters are given" do
|
61
|
+
post "/1/certificate/issue"
|
62
|
+
last_response.should_not be_ok
|
63
|
+
last_response.body.should == "#<ArgumentError: Must provide a CA>"
|
64
|
+
end
|
65
|
+
it "when there's a profile, subject, CSR, validity period, but no ca" do
|
66
|
+
post "/1/certificate/issue", "profile" => "my profile", "subject" => "subject", "csr" => "my csr", "validityPeriod" => 365
|
67
|
+
last_response.should_not be_ok
|
68
|
+
last_response.body.should == "#<ArgumentError: Must provide a CA>"
|
69
|
+
end
|
70
|
+
it "when there's a ca, profile, subject, CSR, but no validity period" do
|
71
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "my profile", "subject" => "subject", "csr" => "my csr"
|
72
|
+
last_response.should_not be_ok
|
73
|
+
last_response.body.should == "#<ArgumentError: Must provide a validity period>"
|
74
|
+
end
|
75
|
+
it "when there's a ca, profile, subject, validity period, but no CSR" do
|
76
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "my profile", "subject" => "subject", "validityPeriod" => 365
|
77
|
+
last_response.should_not be_ok
|
78
|
+
last_response.body.should == "#<ArgumentError: Must provide a CSR or SPKI>"
|
79
|
+
end
|
80
|
+
it "when there's a ca, profile, CSR, validity period, but no subject" do
|
81
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(R509::Subject.new)
|
82
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "validityPeriod" => 365, "csr" => "csr"
|
83
|
+
last_response.should_not be_ok
|
84
|
+
last_response.body.should == "#<ArgumentError: Must provide a subject>"
|
85
|
+
end
|
86
|
+
it "when there's a ca, subject, CSR, validity period, but no profile" do
|
87
|
+
post "/1/certificate/issue", "ca" => "test_ca", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
|
88
|
+
last_response.should_not be_ok
|
89
|
+
last_response.body.should == "#<ArgumentError: Must provide a CA profile>"
|
90
|
+
end
|
91
|
+
it "when the given CA is not found" do
|
92
|
+
post "/1/certificate/issue", "ca" => "some bogus CA"
|
93
|
+
last_response.should_not be_ok
|
94
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
95
|
+
end
|
96
|
+
it "fails to issue" do
|
97
|
+
csr = double("csr")
|
98
|
+
@csr_factory.should_receive(:build).with({:csr => "csr"}).and_return(csr)
|
99
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
100
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
101
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
102
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_raise(R509::R509Error.new("failed to issue because of: good reason"))
|
103
103
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
104
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
|
105
|
+
last_response.should_not be_ok
|
106
|
+
last_response.body.should == "#<R509::R509Error: failed to issue because of: good reason>"
|
107
|
+
end
|
108
|
+
it "issues a CSR with no SAN extensions" do
|
109
|
+
csr = double("csr")
|
110
|
+
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
111
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
112
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
113
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
114
|
+
cert = double("cert")
|
115
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_return(cert)
|
116
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
117
117
|
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
118
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
|
119
|
+
last_response.should be_ok
|
120
|
+
last_response.body.should == "signed cert"
|
121
|
+
end
|
122
|
+
it "issues a CSR with SAN extensions" do
|
123
|
+
csr = double("csr")
|
124
|
+
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
125
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
126
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
127
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
128
|
+
cert = double("cert")
|
129
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
|
130
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
131
131
|
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
132
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
|
133
|
+
last_response.should be_ok
|
134
|
+
last_response.body.should == "signed cert"
|
135
|
+
end
|
136
|
+
it "issues an SPKI without SAN extensions" do
|
137
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
138
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
139
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
140
|
+
spki = double("spki")
|
141
|
+
@spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
|
142
|
+
cert = double("cert")
|
143
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:spki => spki, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_return(cert)
|
144
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
145
145
|
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
146
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki"
|
147
|
+
last_response.should be_ok
|
148
|
+
last_response.body.should == "signed cert"
|
149
|
+
end
|
150
|
+
it "issues an SPKI with SAN extensions" do
|
151
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
152
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
153
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
154
|
+
spki = double("spki")
|
155
|
+
@spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
|
156
|
+
cert = double("cert")
|
157
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:spki => spki, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
|
158
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
159
159
|
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
160
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
|
161
|
+
last_response.should be_ok
|
162
|
+
last_response.body.should == "signed cert"
|
163
|
+
end
|
164
|
+
it "when there are empty SAN names" do
|
165
|
+
csr = double("csr")
|
166
|
+
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
167
|
+
@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
168
|
+
subject = R509::Subject.new [["CN", "domain.com"]]
|
169
|
+
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
170
|
+
cert = double("cert")
|
171
|
+
@certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
|
172
|
+
cert.should_receive(:to_pem).and_return("signed cert")
|
173
173
|
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
end
|
174
|
+
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com","",""]
|
175
|
+
last_response.should be_ok
|
176
|
+
last_response.body.should == "signed cert"
|
178
177
|
end
|
178
|
+
end
|
179
179
|
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 1).and_return(nil)
|
205
|
-
@crls["test_ca"].should_receive(:to_pem).and_return("generated crl")
|
206
|
-
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "1"
|
207
|
-
last_response.should be_ok
|
208
|
-
last_response.body.should == "generated crl"
|
209
|
-
end
|
210
|
-
it "when serial is not an integer" do
|
211
|
-
@crls["test_ca"].should_receive(:revoke_cert).with(0, 0).and_raise(R509::R509Error.new("some r509 error"))
|
212
|
-
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "foo"
|
213
|
-
last_response.should_not be_ok
|
214
|
-
last_response.body.should == "#<R509::R509Error: some r509 error>"
|
215
|
-
end
|
216
|
-
it "when reason is not an integer" do
|
217
|
-
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 0).and_return(nil)
|
218
|
-
@crls["test_ca"].should_receive(:to_pem).and_return("generated crl")
|
219
|
-
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "foo"
|
220
|
-
last_response.should be_ok
|
221
|
-
last_response.body.should == "generated crl"
|
222
|
-
end
|
180
|
+
context "revoke certificate" do
|
181
|
+
it "when no CA is given" do
|
182
|
+
post "/1/certificate/revoke", "serial" => "foo"
|
183
|
+
last_response.status.should == 500
|
184
|
+
last_response.body.should == "#<ArgumentError: CA must be provided>"
|
185
|
+
end
|
186
|
+
it "when CA is not found" do
|
187
|
+
post "/1/certificate/revoke", "ca" => "bogus ca name", "serial" => "foo"
|
188
|
+
last_response.status.should == 500
|
189
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
190
|
+
end
|
191
|
+
it "when no serial is given" do
|
192
|
+
post "/1/certificate/revoke", "ca" => "test_ca"
|
193
|
+
last_response.should_not be_ok
|
194
|
+
last_response.body.should == "#<ArgumentError: Serial must be provided>"
|
195
|
+
end
|
196
|
+
it "when serial is given but not reason" do
|
197
|
+
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 0).and_return(nil)
|
198
|
+
crl_list = double("crl-list")
|
199
|
+
@crls["test_ca"].should_receive(:crl).and_return(crl_list)
|
200
|
+
crl_list.should_receive(:to_pem).and_return("generated crl")
|
201
|
+
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345"
|
202
|
+
last_response.should be_ok
|
203
|
+
last_response.body.should == "generated crl"
|
223
204
|
end
|
205
|
+
it "when serial and reason are given" do
|
206
|
+
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 1).and_return(nil)
|
207
|
+
crl_list = double("crl-list")
|
208
|
+
@crls["test_ca"].should_receive(:crl).and_return(crl_list)
|
209
|
+
crl_list.should_receive(:to_pem).and_return("generated crl")
|
210
|
+
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "1"
|
211
|
+
last_response.should be_ok
|
212
|
+
last_response.body.should == "generated crl"
|
213
|
+
end
|
214
|
+
it "when serial is not an integer" do
|
215
|
+
@crls["test_ca"].should_receive(:revoke_cert).with(0, 0).and_raise(R509::R509Error.new("some r509 error"))
|
216
|
+
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "foo"
|
217
|
+
last_response.should_not be_ok
|
218
|
+
last_response.body.should == "#<R509::R509Error: some r509 error>"
|
219
|
+
end
|
220
|
+
it "when reason is not an integer" do
|
221
|
+
@crls["test_ca"].should_receive(:revoke_cert).with(12345, 0).and_return(nil)
|
222
|
+
crl_list = double("crl-list")
|
223
|
+
@crls["test_ca"].should_receive(:crl).and_return(crl_list)
|
224
|
+
crl_list.should_receive(:to_pem).and_return("generated crl")
|
225
|
+
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "foo"
|
226
|
+
last_response.should be_ok
|
227
|
+
last_response.body.should == "generated crl"
|
228
|
+
end
|
229
|
+
end
|
224
230
|
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
231
|
+
context "unrevoke certificate" do
|
232
|
+
it "when no CA is given" do
|
233
|
+
post "/1/certificate/unrevoke", "serial" => "foo"
|
234
|
+
last_response.status.should == 500
|
235
|
+
last_response.body.should == "#<ArgumentError: CA must be provided>"
|
236
|
+
end
|
237
|
+
it "when CA is not found" do
|
238
|
+
post "/1/certificate/unrevoke", "ca" => "bogus ca", "serial" => "foo"
|
239
|
+
last_response.status.should == 500
|
240
|
+
last_response.body.should == "#<ArgumentError: CA not found>"
|
241
|
+
end
|
242
|
+
it "when no serial is given" do
|
243
|
+
post "/1/certificate/unrevoke", "ca" => "test_ca"
|
244
|
+
last_response.should_not be_ok
|
245
|
+
last_response.body.should == "#<ArgumentError: Serial must be provided>"
|
246
|
+
end
|
247
|
+
it "when serial is given" do
|
248
|
+
@crls["test_ca"].should_receive(:unrevoke_cert).with(12345).and_return(nil)
|
249
|
+
crl_list = double("crl-list")
|
250
|
+
@crls["test_ca"].should_receive(:crl).and_return(crl_list)
|
251
|
+
crl_list.should_receive(:to_pem).and_return("generated crl")
|
252
|
+
post "/1/certificate/unrevoke", "ca" => "test_ca", "serial" => "12345"
|
253
|
+
last_response.should be_ok
|
254
|
+
last_response.body.should == "generated crl"
|
248
255
|
end
|
256
|
+
end
|
249
257
|
|
250
258
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -13,7 +13,7 @@ require 'r509'
|
|
13
13
|
require 'dependo'
|
14
14
|
require 'logger'
|
15
15
|
|
16
|
-
Dependo::Registry[:config_pool] = R509::Config::
|
16
|
+
Dependo::Registry[:config_pool] = R509::Config::CAConfigPool.from_yaml("certificate_authorities", File.read(File.dirname(__FILE__)+"/fixtures/test_config.yaml"), {:ca_root_path => "#{File.dirname(__FILE__)}/fixtures"})
|
17
17
|
|
18
18
|
require 'r509/certificateauthority/http/server'
|
19
19
|
|
data/spec/subject_parser_spec.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
require File.dirname(__FILE__) + '/spec_helper'
|
2
2
|
|
3
|
-
describe R509::CertificateAuthority::
|
3
|
+
describe R509::CertificateAuthority::HTTP::SubjectParser do
|
4
4
|
before :all do
|
5
|
-
@parser = R509::CertificateAuthority::
|
5
|
+
@parser = R509::CertificateAuthority::HTTP::SubjectParser.new
|
6
6
|
end
|
7
7
|
|
8
8
|
it "when the query string is nil" do
|
@@ -1,8 +1,8 @@
|
|
1
1
|
require File.dirname(__FILE__) + "/spec_helper"
|
2
2
|
|
3
|
-
describe R509::CertificateAuthority::
|
3
|
+
describe R509::CertificateAuthority::HTTP::ValidityPeriodConverter do
|
4
4
|
before :all do
|
5
|
-
@converter = R509::CertificateAuthority::
|
5
|
+
@converter = R509::CertificateAuthority::HTTP::ValidityPeriodConverter.new
|
6
6
|
end
|
7
7
|
|
8
8
|
it "when validity period is nil" do
|