r509-ca-http 0.2.2 → 0.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 82d99b04e38d9cc8ebfb61eae8abdd48bf707ca4
+  data.tar.gz: 24f2a0b80c757e1a5f4d93276095f8d3d7bd3b85
+SHA512:
+  metadata.gz: 7ad00ec81b2064448527af0b848dd1402536a438fee49f1023e204c438eab30ad357edcc6aadfd0655fadfaac6ce9190d30f038074d78150581a1bd11c81cb76
+  data.tar.gz: 79d2cc8d3fdaa2070f0c245c89d54a94f7259dc9c4dd24f9e062c6d85987fcd0aa1cbe1a3f904356129a2788aaf5c022caaf95a8ca5a09e78c95e08b7b54767d

data/README.md

@@ -1,22 +1,21 @@
-#r509-ca-http
+#r509-ca-http [![Build Status](https://secure.travis-ci.org/r509/r509-ca-http.png)](http://travis-ci.org/r509/r509-ca-http) [![Coverage Status](https://coveralls.io/repos/r509/r509-ca-http/badge.png)](https://coveralls.io/r/r509/r509-ca-http)
 
 r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.
 
 ##Requirements/Installation
 
-You need r509 and sinatra. For development/tests you need rack-test and rspec.
+You need [r509](https://github.com/r509/r509) and sinatra. For development/tests you need rack-test and rspec.
 
 ## API
 
 ### GET /1/crl/:ca/get
 
-Get the most recently generate CRL for the given ```:ca```.
+Deprecated; will be removed in a future version. Use generate instead.
 
-A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.
 
 ### GET /1/crl/:ca/generate
 
-Explicitly generate and get a new CRL for the given ```:ca```.
+Generate and get a new CRL for the given ```:ca```.
 
 ### POST /1/certificate/issue
 
@@ -37,6 +36,7 @@ The subject is provided like so:
 Optional POST parameters:
 
 - extensions[subjectAlternativeName]
+- message\_digest
 
 SAN names are provided like so:
 
@@ -44,6 +44,8 @@ SAN names are provided like so:
 
 The issue method will return the PEM text of the issued certificate.
 
+Please note that all fields subject/extension request fields encoded in a CSR are ignored in favor of the POST parameters.
+
 ### POST /1/certificate/revoke
 
 Revoke a certificate.
@@ -84,7 +86,7 @@ These pages are present on the server, for you to work with the CA with a basic
 
 You use the ```config.yaml``` file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.
 
-Information about how to construct the YAML can be found at [the official r509 documentation](https://github.com/reaperhulk/r509#config).
+Information about how to construct the YAML can be found at [the official r509 documentation](https://github.com/reaperhulk/r509).
 
 ## Middleware (config.ru)
 
@@ -97,6 +99,10 @@ For that, we've created a few pieces of Rack middleware for your use.
 
 After installing one or both of them, you'll have to edit your ```config.ru`` and/or ```config.yaml``` files.
 
+##Support
+
+You can file bugs on GitHub or join the #r509 channel on irc.freenode.net to ask questions.
+
 ## Rake tasks
 
 There are a few things you can do with Rake.

data/doc/R509.html

@@ -108,9 +108,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/R509/CertificateAuthority.html

@@ -108,9 +108,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/R509/CertificateAuthority/{Http.html → HTTP.html}

@@ -106,7 +106,7 @@
         <dt id="VERSION-constant" class="">VERSION =
           
         </dt>
-        <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>0.2.2</span><span class='tstring_end'>&quot;</span></span></pre></dd>
+        <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>0.3.0</span><span class='tstring_end'>&quot;</span></span></pre></dd>
       
     </dl>
   
@@ -122,9 +122,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/R509/CertificateAuthority/{Http → HTTP}/Factory.html

@@ -106,9 +106,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/R509/CertificateAuthority/{Http/Factory/CsrFactory.html → HTTP/Factory/CSRFactory.html}

@@ -180,9 +180,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/R509/CertificateAuthority/{Http/Factory/SpkiFactory.html → HTTP/Factory/SPKIFactory.html}

@@ -180,9 +180,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/R509/CertificateAuthority/{Http → HTTP}/Server.html

@@ -124,9 +124,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/R509/CertificateAuthority/{Http → HTTP}/SubjectParser.html

@@ -208,8 +208,8 @@
 
   <span class='id identifier rubyid_subject'>subject</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Subject</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
   <span class='id identifier rubyid_raw'>raw</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>[&amp;;] *</span><span class='regexp_end'>/n</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_pair'>pair</span><span class='op'>|</span>
-    <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span> <span class='op'>=</span> <span class='id identifier rubyid_pair'>pair</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>=</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='int'>2</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_data'>data</span><span class='op'>|</span> <span class='id identifier rubyid_unescape'>unescape</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
-    <span class='id identifier rubyid_match'>match</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_name'>name</span><span class='rbrace'>}</span><span class='tstring_content'>\[(.*)\]</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span> <span class='op'>=</span> <span class='id identifier rubyid_pair'>pair</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>=</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='int'>2</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_data'>data</span><span class='op'>|</span> <span class='id identifier rubyid_unescape'>unescape</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
+    <span class='id identifier rubyid_match'>match</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_name'>name</span><span class='embexpr_end'>}</span><span class='tstring_content'>\[(.*)\]</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span>
     <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_match'>match</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
       <span class='id identifier rubyid_subject'>subject</span><span class='lbracket'>[</span><span class='id identifier rubyid_match'>match</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_value'>value</span>
     <span class='kw'>end</span>
@@ -256,9 +256,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/R509/CertificateAuthority/{Http → HTTP}/ValidityPeriodConverter.html

@@ -198,9 +198,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/_index.html

@@ -197,9 +197,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:00 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/file.README.html

@@ -2,7 +2,7 @@
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <title>
   File: README
   
@@ -61,25 +61,23 @@
 
     <iframe id="search_frame"></iframe>
 
-    <div id="content"><div id='filecontents'><h1>r509-ca-http</h1>
+    <div id="content"><div id='filecontents'><h1>r509-ca-http <a href="http://travis-ci.org/r509/r509-ca-http"><img src="https://secure.travis-ci.org/r509/r509-ca-http.png" alt="Build Status"></a> <a href="https://coveralls.io/r/r509/r509-ca-http"><img src="https://coveralls.io/repos/r509/r509-ca-http/badge.png" alt="Coverage Status"></a></h1>
 
 <p>r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.</p>
 
 <h2>Requirements/Installation</h2>
 
-<p>You need r509 and sinatra. For development/tests you need rack-test and rspec.</p>
+<p>You need <a href="https://github.com/r509/r509">r509</a> and sinatra. For development/tests you need rack-test and rspec.</p>
 
 <h2>API</h2>
 
 <h3>GET /1/crl/:ca/get</h3>
 
-<p>Get the most recently generate CRL for the given <code>:ca</code>.</p>
-
-<p>A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.</p>
+<p>Deprecated; will be removed in a future version. Use generate instead.</p>
 
 <h3>GET /1/crl/:ca/generate</h3>
 
-<p>Explicitly generate and get a new CRL for the given <code>:ca</code>.</p>
+<p>Generate and get a new CRL for the given <code>:ca</code>.</p>
 
 <h3>POST /1/certificate/issue</h3>
 
@@ -104,6 +102,7 @@
 
 <ul>
 <li>extensions[subjectAlternativeName]</li>
+<li>message_digest</li>
 </ul>
 
 <p>SAN names are provided like so:</p>
@@ -113,6 +112,8 @@
 
 <p>The issue method will return the PEM text of the issued certificate.</p>
 
+<p>Please note that all fields subject/extension request fields encoded in a CSR are ignored in favor of the POST parameters.</p>
+
 <h3>POST /1/certificate/revoke</h3>
 
 <p>Revoke a certificate.</p>
@@ -159,7 +160,7 @@
 
 <p>You use the <code>config.yaml</code> file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.</p>
 
-<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509#config">the official r509 documentation</a>.</p>
+<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509">the official r509 documentation</a>.</p>
 
 <h2>Middleware (config.ru)</h2>
 
@@ -174,6 +175,10 @@
 
 <p>After installing one or both of them, you&#39;ll have to edit your <code>config.ru`` and/or</code>config.yaml``` files.</p>
 
+<h2>Support</h2>
+
+<p>You can file bugs on GitHub or join the #r509 channel on irc.freenode.net to ask questions.</p>
+
 <h2>Rake tasks</h2>
 
 <p>There are a few things you can do with Rake.</p>
@@ -200,9 +205,9 @@
 </div></div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:00 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/index.html

@@ -2,7 +2,7 @@
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <title>
   File: README
   
@@ -61,25 +61,23 @@
 
     <iframe id="search_frame"></iframe>
 
-    <div id="content"><div id='filecontents'><h1>r509-ca-http</h1>
+    <div id="content"><div id='filecontents'><h1>r509-ca-http <a href="http://travis-ci.org/r509/r509-ca-http"><img src="https://secure.travis-ci.org/r509/r509-ca-http.png" alt="Build Status"></a> <a href="https://coveralls.io/r/r509/r509-ca-http"><img src="https://coveralls.io/repos/r509/r509-ca-http/badge.png" alt="Coverage Status"></a></h1>
 
 <p>r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.</p>
 
 <h2>Requirements/Installation</h2>
 
-<p>You need r509 and sinatra. For development/tests you need rack-test and rspec.</p>
+<p>You need <a href="https://github.com/r509/r509">r509</a> and sinatra. For development/tests you need rack-test and rspec.</p>
 
 <h2>API</h2>
 
 <h3>GET /1/crl/:ca/get</h3>
 
-<p>Get the most recently generate CRL for the given <code>:ca</code>.</p>
-
-<p>A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.</p>
+<p>Deprecated; will be removed in a future version. Use generate instead.</p>
 
 <h3>GET /1/crl/:ca/generate</h3>
 
-<p>Explicitly generate and get a new CRL for the given <code>:ca</code>.</p>
+<p>Generate and get a new CRL for the given <code>:ca</code>.</p>
 
 <h3>POST /1/certificate/issue</h3>
 
@@ -104,6 +102,7 @@
 
 <ul>
 <li>extensions[subjectAlternativeName]</li>
+<li>message_digest</li>
 </ul>
 
 <p>SAN names are provided like so:</p>
@@ -113,6 +112,8 @@
 
 <p>The issue method will return the PEM text of the issued certificate.</p>
 
+<p>Please note that all fields subject/extension request fields encoded in a CSR are ignored in favor of the POST parameters.</p>
+
 <h3>POST /1/certificate/revoke</h3>
 
 <p>Revoke a certificate.</p>
@@ -159,7 +160,7 @@
 
 <p>You use the <code>config.yaml</code> file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.</p>
 
-<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509#config">the official r509 documentation</a>.</p>
+<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509">the official r509 documentation</a>.</p>
 
 <h2>Middleware (config.ru)</h2>
 
@@ -174,6 +175,10 @@
 
 <p>After installing one or both of them, you&#39;ll have to edit your <code>config.ru`` and/or</code>config.yaml``` files.</p>
 
+<h2>Support</h2>
+
+<p>You can file bugs on GitHub or join the #r509 channel on irc.freenode.net to ask questions.</p>
+
 <h2>Rake tasks</h2>
 
 <p>There are a few things you can do with Rake.</p>
@@ -200,9 +205,9 @@
 </div></div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:00 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/doc/top-level-namespace.html

@@ -103,9 +103,9 @@
 </div>
 
     <div id="footer">
-  Generated on Wed May 15 11:10:01 2013 by
+  Generated on Sun Jan 26 14:20:49 2014 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-1.9.3).
+  0.8.6.1 (ruby-2.0.0).
 </div>
 
   </body>

data/lib/r509/certificateauthority/http/server.rb

@@ -22,13 +22,16 @@ module R509
 
           crls = {}
           certificate_authorities = {}
+          options_builders = {}
           config_pool.names.each do |name|
             crls[name] = R509::CRL::Administrator.new(config_pool[name])
+            options_builders[name] = R509::CertificateAuthority::OptionsBuilder.new(config_pool[name])
             certificate_authorities[name] = R509::CertificateAuthority::Signer.new(config_pool[name])
           end
 
           set :crls, crls
           set :certificate_authorities, certificate_authorities
+          set :options_builders, options_builders
           set :subject_parser, R509::CertificateAuthority::HTTP::SubjectParser.new
           set :validity_period_converter, R509::CertificateAuthority::HTTP::ValidityPeriodConverter.new
           set :csr_factory, R509::CertificateAuthority::HTTP::Factory::CSRFactory.new
@@ -46,6 +49,9 @@ module R509
           def ca(name)
             settings.certificate_authorities[name]
           end
+          def builder(name)
+            settings.options_builders[name]
+          end
           def subject_parser
             settings.subject_parser
           end
@@ -78,13 +84,13 @@ module R509
         end
 
         get '/1/crl/:ca/get/?' do
-          log.info "Get CRL for #{params[:ca]}"
+          log.info "DEPRECATED: Get CRL for #{params[:ca]}"
 
           if not crl(params[:ca])
             raise ArgumentError, "CA not found"
           end
 
-          crl(params[:ca]).to_pem
+          crl(params[:ca]).generate_crl.to_pem
         end
 
         get '/1/crl/:ca/generate/?' do
@@ -94,7 +100,7 @@ module R509
             raise ArgumentError, "CA not found"
           end
 
-          crl(params[:ca]).generate_crl
+          crl(params[:ca]).generate_crl.to_pem
         end
 
         post '/1/certificate/issue/?' do
@@ -128,39 +134,48 @@ module R509
             raise ArgumentError, "Must provide a subject"
           end
 
+          extensions = []
           if params.has_key?("extensions") and params["extensions"].has_key?("subjectAlternativeName")
             san_names = params["extensions"]["subjectAlternativeName"].select { |name| not name.empty? }
+            if not san_names.empty?
+              extensions.push(R509::Cert::Extensions::SubjectAlternativeName.new(:value => R509::ASN1.general_name_parser(san_names)))
+            end
           elsif params.has_key?("extensions") and params["extensions"].has_key?("dNSNames")
             san_names = R509::ASN1::GeneralNames.new
             params["extensions"]["dNSNames"].select{ |name| not name.empty? }.each do |name|
               san_names.create_item(:tag => 2, :value => name.strip)
             end
-          else
-            san_names = []
+            if not san_names.names.empty?
+              extensions.push(R509::Cert::Extensions::SubjectAlternativeName.new(:value => san_names))
+            end
           end
 
           validity_period = validity_period_converter.convert(params["validityPeriod"])
 
           if params.has_key?("csr")
             csr = csr_factory.build(:csr => params["csr"])
-            cert = ca(params["ca"]).sign(
+            signer_opts = builder(params["ca"]).build_and_enforce(
               :csr => csr,
               :profile_name => params["profile"],
               :subject => subject,
-              :san_names => san_names,
+              :extensions => extensions,
+              :message_digest => params["message_digest"],
               :not_before => validity_period[:not_before],
-              :not_after => validity_period[:not_after]
+              :not_after => validity_period[:not_after],
             )
+            cert = ca(params["ca"]).sign(signer_opts)
           elsif params.has_key?("spki")
             spki = spki_factory.build(:spki => params["spki"], :subject => subject)
-            cert = ca(params["ca"]).sign(
+            signer_opts = builder(params["ca"]).build_and_enforce(
               :spki => spki,
               :profile_name => params["profile"],
               :subject => subject,
-              :san_names => san_names,
+              :extensions => extensions,
+              :message_digest => params["message_digest"],
               :not_before => validity_period[:not_before],
-              :not_after => validity_period[:not_after]
+              :not_after => validity_period[:not_after],
             )
+            cert = ca(params["ca"]).sign(signer_opts)
           else
             raise ArgumentError, "Must provide a CSR or SPKI"
           end
@@ -193,7 +208,7 @@ module R509
 
           crl(ca).revoke_cert(serial, reason)
 
-          crl(ca).crl.to_pem
+          crl(ca).generate_crl.to_pem
         end
 
         post '/1/certificate/unrevoke/?' do
@@ -213,7 +228,7 @@ module R509
 
           crl(ca).unrevoke_cert(serial.to_i)
 
-          crl(ca).crl.to_pem
+          crl(ca).generate_crl.to_pem
         end
 
         get '/test/certificate/issue/?' do

data/lib/r509/certificateauthority/http/version.rb

@@ -1,7 +1,7 @@
 module R509
   module CertificateAuthority
     module HTTP
-      VERSION="0.2.2"
+      VERSION="0.3.0"
     end
   end
 end

data/spec/fixtures/test_config.yaml

@@ -1,17 +1,25 @@
-certificate_authorities: {
-  test_ca: {
-    ca_cert: {
-      cert: "test_ca.cer",
-      key: "test_ca.key"
-    },
-    cdp_location: ['http://crl.domain.com/test_ca.crl'],
-    message_digest: 'SHA1', #SHA1, SHA256, SHA512 supported. MD5 too, but you really shouldn't use that unless you have a good reason
-    profiles: {
-      server: {
-        basic_constraints: { "ca" : false },
-        key_usage: [digitalSignature,keyEncipherment],
-        extended_key_usage: [serverAuth]
-      }
-    }
-  }
-}
+---
+certificate_authorities:
+  test_ca:
+    ca_cert:
+      cert: test_ca.cer
+      key: test_ca.key
+    profiles:
+      server:
+        basic_constraints:
+          :ca: false
+        key_usage:
+          :value:
+          - digitalSignature
+          - keyEncipherment
+        extended_key_usage:
+          :value:
+          - serverAuth
+        crl_distribution_points:
+          :value:
+          - :type: URI
+            :value: http://crl.domain.com/test_ca.crl
+        default_md: SHA1
+        allowed_mds:
+        - SHA1
+        - SHA256

data/spec/http_spec.rb

@@ -11,8 +11,9 @@ describe R509::CertificateAuthority::HTTP::Server do
   before :each do
     @crls = { "test_ca" => double("crl") }
     @certificate_authorities = { "test_ca" => double("test_ca") }
+    @options_builders = { "test_ca" => double("options_builder") }
     @subject_parser = double("subject parser")
-    @validity_period_converter = double("validity period converter")
+    #@validity_period_converter = double("validity period converter")
     @csr_factory = double("csr factory")
     @spki_factory = double("spki factory")
   end
@@ -21,18 +22,21 @@ describe R509::CertificateAuthority::HTTP::Server do
     @app ||= R509::CertificateAuthority::HTTP::Server
     @app.send(:set, :crls, @crls)
     @app.send(:set, :certificate_authorities, @certificate_authorities)
+    @app.send(:set, :options_builders, @options_builders)
     @app.send(:set, :subject_parser, @subject_parser)
-    @app.send(:set, :validity_period_converter, @validity_period_converter)
+    #@app.send(:set, :validity_period_converter, @validity_period_converter)
     @app.send(:set, :csr_factory, @csr_factory)
     @app.send(:set, :spki_factory, @spki_factory)
   end
 
   context "get CRL" do
     it "gets the CRL" do
-      @crls["test_ca"].should_receive(:to_pem).and_return("generated crl")
+      crl = double('crl')
+      crl.should_receive(:to_pem).and_return("generated crl")
+      @crls["test_ca"].should_receive(:generate_crl).and_return(crl)
       get "/1/crl/test_ca/get"
       last_response.should be_ok
-      last_response.content_type.should match /text\/plain/
+      last_response.content_type.should match(/text\/plain/)
       last_response.body.should == "generated crl"
     end
     it "when CA is not found" do
@@ -44,7 +48,9 @@ describe R509::CertificateAuthority::HTTP::Server do
 
   context "generate CRL" do
     it "generates the CRL" do
-      @crls["test_ca"].should_receive(:generate_crl).and_return("generated crl")
+      crl = double('crl')
+      crl.should_receive(:to_pem).and_return("generated crl")
+      @crls["test_ca"].should_receive(:generate_crl).and_return(crl)
       get "/1/crl/test_ca/generate"
       last_response.should be_ok
       last_response.body.should == "generated crl"
@@ -96,10 +102,10 @@ describe R509::CertificateAuthority::HTTP::Server do
     it "fails to issue" do
       csr = double("csr")
       @csr_factory.should_receive(:build).with({:csr => "csr"}).and_return(csr)
-      @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+      #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
       subject = R509::Subject.new [["CN", "domain.com"]]
       @subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
-      @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_raise(R509::R509Error.new("failed to issue because of: good reason"))
+      @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_raise(R509::R509Error.new("failed to issue because of: good reason"))
 
       post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
       last_response.should_not be_ok
@@ -108,11 +114,12 @@ describe R509::CertificateAuthority::HTTP::Server do
     it "issues a CSR with no SAN extensions" do
       csr = double("csr")
       @csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
-      @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+      #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
       subject = R509::Subject.new [["CN", "domain.com"]]
       @subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
       cert = double("cert")
-      @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_return(cert)
+      @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1", :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+      @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
       cert.should_receive(:to_pem).and_return("signed cert")
 
       post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
@@ -122,11 +129,12 @@ describe R509::CertificateAuthority::HTTP::Server do
     it "issues a CSR with SAN extensions" do
       csr = double("csr")
       @csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
-      @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+      #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
       subject = R509::Subject.new [["CN", "domain.com"]]
       @subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
       cert = double("cert")
-      @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
+      @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => kind_of(Array), :subject => subject, :extensions => kind_of(Array), :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1", :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+      @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
       cert.should_receive(:to_pem).and_return("signed cert")
 
       post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
@@ -136,15 +144,12 @@ describe R509::CertificateAuthority::HTTP::Server do
     it "issues a CSR with dNSNames" do
       csr = double("csr")
       @csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
-      @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+      #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
       subject = R509::Subject.new [["CN", "domain.com"]]
       @subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
-      general_names = double("general names")
-      R509::ASN1::GeneralNames.should_receive(:new).and_return(general_names)
-      general_names.should_receive(:create_item).with(:tag => 2, :value => "domain1.com")
-      general_names.should_receive(:create_item).with(:tag => 2, :value => "domain2.com")
       cert = double("cert")
-      @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => general_names, :not_before => 1, :not_after => 2).and_return(cert)
+      @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1")
+      @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
       cert.should_receive(:to_pem).and_return("signed cert")
 
       post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[dNSNames][]" => ["domain1.com","domain2.com"]
@@ -154,11 +159,12 @@ describe R509::CertificateAuthority::HTTP::Server do
     it "issues a CSR with both SAN names and dNSNames provided (and ignore the dNSNames)" do
       csr = double("csr")
       @csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
-      @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+      #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
       subject = R509::Subject.new [["CN", "domain.com"]]
       @subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
       cert = double("cert")
-      @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
+      @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr)
+      @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
       cert.should_receive(:to_pem).and_return("signed cert")
 
       post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"], "extensions[dNSNames][]" => ["domain3.com", "domain4.com"]
@@ -166,13 +172,14 @@ describe R509::CertificateAuthority::HTTP::Server do
       last_response.body.should == "signed cert"
     end
     it "issues an SPKI without SAN extensions" do
-      @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+      #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
       subject = R509::Subject.new [["CN", "domain.com"]]
       @subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
       spki = double("spki")
       @spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
       cert = double("cert")
-      @certificate_authorities["test_ca"].should_receive(:sign).with(:spki => spki, :profile_name => "profile", :subject => subject, :san_names => [], :not_before => 1, :not_after => 2).and_return(cert)
+      @options_builders["test_ca"].should_receive(:build_and_enforce).with(:spki => spki, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:spki => spki, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+      @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
       cert.should_receive(:to_pem).and_return("signed cert")
 
       post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki"
@@ -180,13 +187,14 @@ describe R509::CertificateAuthority::HTTP::Server do
       last_response.body.should == "signed cert"
     end
     it "issues an SPKI with SAN extensions" do
-      @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+      #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
       subject = R509::Subject.new [["CN", "domain.com"]]
       @subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
       spki = double("spki")
       @spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
       cert = double("cert")
-      @certificate_authorities["test_ca"].should_receive(:sign).with(:spki => spki, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
+      @options_builders["test_ca"].should_receive(:build_and_enforce).with(:spki => spki, :profile_name => "profile", :extensions => kind_of(Array), :subject => subject, :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:spki => spki, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+      @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
       cert.should_receive(:to_pem).and_return("signed cert")
 
       post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
@@ -196,11 +204,12 @@ describe R509::CertificateAuthority::HTTP::Server do
     it "when there are empty SAN names" do
       csr = double("csr")
       @csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
-      @validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
+      #@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
       subject = R509::Subject.new [["CN", "domain.com"]]
       @subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
       cert = double("cert")
-      @certificate_authorities["test_ca"].should_receive(:sign).with(:csr => csr, :profile_name => "profile", :subject => subject, :san_names => ["domain1.com", "domain2.com"], :not_before => 1, :not_after => 2).and_return(cert)
+      @options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
+      @certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
       cert.should_receive(:to_pem).and_return("signed cert")
 
       post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com","",""]
@@ -227,18 +236,18 @@ describe R509::CertificateAuthority::HTTP::Server do
     end
     it "when serial is given but not reason" do
       @crls["test_ca"].should_receive(:revoke_cert).with("12345", nil).and_return(nil)
-      crl_list = double("crl-list")
-      @crls["test_ca"].should_receive(:crl).and_return(crl_list)
-      crl_list.should_receive(:to_pem).and_return("generated crl")
+      crl_obj = double("crl-obj")
+      @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+      crl_obj.should_receive(:to_pem).and_return("generated crl")
       post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345"
       last_response.should be_ok
       last_response.body.should == "generated crl"
     end
     it "when serial and reason are given" do
       @crls["test_ca"].should_receive(:revoke_cert).with("12345", "1").and_return(nil)
-      crl_list = double("crl-list")
-      @crls["test_ca"].should_receive(:crl).and_return(crl_list)
-      crl_list.should_receive(:to_pem).and_return("generated crl")
+      crl_obj = double("crl-obj")
+      @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+      crl_obj.should_receive(:to_pem).and_return("generated crl")
       post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "1"
       last_response.should be_ok
       last_response.body.should == "generated crl"
@@ -251,18 +260,18 @@ describe R509::CertificateAuthority::HTTP::Server do
     end
     it "when reason is not an integer" do
       @crls["test_ca"].should_receive(:revoke_cert).with("12345", "foo").and_return(nil)
-      crl_list = double("crl-list")
-      @crls["test_ca"].should_receive(:crl).and_return(crl_list)
-      crl_list.should_receive(:to_pem).and_return("generated crl")
+      crl_obj = double("crl-obj")
+      @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+      crl_obj.should_receive(:to_pem).and_return("generated crl")
       post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "foo"
       last_response.should be_ok
       last_response.body.should == "generated crl"
     end
     it "when reason is an empty string" do
       @crls["test_ca"].should_receive(:revoke_cert).with("12345", nil).and_return(nil)
-      crl_list = double("crl-list")
-      @crls["test_ca"].should_receive(:crl).and_return(crl_list)
-      crl_list.should_receive(:to_pem).and_return("generated crl")
+      crl_obj = double("crl-obj")
+      @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+      crl_obj.should_receive(:to_pem).and_return("generated crl")
       post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => ""
       last_response.should be_ok
       last_response.body.should == "generated crl"
@@ -287,9 +296,9 @@ describe R509::CertificateAuthority::HTTP::Server do
     end
     it "when serial is given" do
       @crls["test_ca"].should_receive(:unrevoke_cert).with(12345).and_return(nil)
-      crl_list = double("crl-list")
-      @crls["test_ca"].should_receive(:crl).and_return(crl_list)
-      crl_list.should_receive(:to_pem).and_return("generated crl")
+      crl_obj = double("crl-obj")
+      @crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
+      crl_obj.should_receive(:to_pem).and_return("generated crl")
       post "/1/certificate/unrevoke", "ca" => "test_ca", "serial" => "12345"
       last_response.should be_ok
       last_response.body.should == "generated crl"

data/spec/spec_helper.rb

@@ -1,6 +1,9 @@
-if (RUBY_VERSION.split('.')[1].to_i > 8)
-    require 'simplecov'
-    SimpleCov.start
+require 'simplecov'
+SimpleCov.start
+begin
+  require 'coveralls'
+  Coveralls.wear!
+rescue LoadError
 end
 
 $:.unshift File.expand_path("../../lib", __FILE__)

metadata

@@ -1,93 +1,135 @@
 --- !ruby/object:Gem::Specification
 name: r509-ca-http
 version: !ruby/object:Gem::Version
-  version: 0.2.2
-  prerelease: 
+  version: 0.3.0
 platform: ruby
 authors:
 - Sean Schulte
 autorequire: 
 bindir: bin
-cert_chain: []
-date: 2013-05-15 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRYwFAYDVQQDDA1wYXVs
+  Lmwua2VocmVyMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZ
+  FgNjb20wHhcNMTMxMjA2MDAzNTU0WhcNMTQxMjA2MDAzNTU0WjBEMRYwFAYDVQQD
+  DA1wYXVsLmwua2VocmVyMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJ
+  k/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLVC6U
+  0ZyX4C4HllJxHW0Uq39bvRvfNXc0RXMSvIRklxjupx3EICVATpAJzg4qBxbpxRTe
+  XcsmuYfaZAriSH2M97C2sBJnVEAr63ws2vmBQKw9cXHV3RjQTeqQUTQudE790DTI
+  7pc1ObprB4pM2j3O6JtPVzmJ/PGACjtyg4bys6bx7JQJW5liunK26mS6w6mAAcAV
+  scAz7oh6fmOI0OSS45l3ycOEh5sb42cZzs7TNzcvVmEppTRa4wBP4/eDTuohxlPH
+  skuIPWcdU6YTo2LWwqEaGgUItj8lRqXGDcEZ1FhKyZ6HUD3l1zPGxojW8BKr0Svj
+  /cMP+y0YH5OeoD+vAgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
+  BgNVHQ4EFgQURv1xuy9aKzcxwxkGiL/e4UYCWGowIgYDVR0RBBswGYEXcGF1bC5s
+  LmtlaHJlckBnbWFpbC5jb20wIgYDVR0SBBswGYEXcGF1bC5sLmtlaHJlckBnbWFp
+  bC5jb20wDQYJKoZIhvcNAQEFBQADggEBADsnINhvXWJ8r7U02fzbmOitcDZOlCnN
+  jtyYfzDbYtEnQCpBCHhpNC8SVI3OUgGJbrb5Debs0f1UxrYsGn0u8LsLu6xmst+D
+  zZdxtzvnsqowLw2dCzXow0CGwBGcWq38Wqn0v/ez3otQBj2GGGV0jyLUoRWfMwTK
+  dqbGuJ0s/ZORipbl4jdfucPbrGPQHmf8/H8w0/kH7tBnhcyGI1exBSQexiu2qRqP
+  wQ9nsK5DoJSWf5vG8Xu/TEnv2Gu8z6T4wBrbIr20EYu6lb0i5ekGhrHOcaPRI6X9
+  lYMLMTFSyjE66v5QiUlZ9V4oV6O/MPS9fXPxog3TCsYpgfsgA+RlO8I=
+  -----END CERTIFICATE-----
+date: 2014-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: r509
-  requirement: &2154140280 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: 0.10.0
   type: :runtime
   prerelease: false
-  version_requirements: *2154140280
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.10.0
 - !ruby/object:Gem::Dependency
   name: sinatra
-  requirement: &2154139840 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2154139840
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: dependo
-  requirement: &2154139360 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2154139360
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2154138900 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2154138900
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &2154138480 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2154138480
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2154138060 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2154138060
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
-  requirement: &2154137580 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2154137580
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A HTTP CA API for r509
 email: sirsean@gmail.com
 executables: []
@@ -124,42 +166,38 @@ files:
 - doc/js/full_list.js
 - doc/js/jquery.js
 - doc/method_list.html
-- doc/R509/CertificateAuthority/Http/Factory/CsrFactory.html
-- doc/R509/CertificateAuthority/Http/Factory/SpkiFactory.html
-- doc/R509/CertificateAuthority/Http/Factory.html
-- doc/R509/CertificateAuthority/Http/Server.html
-- doc/R509/CertificateAuthority/Http/SubjectParser.html
-- doc/R509/CertificateAuthority/Http/ValidityPeriodConverter.html
-- doc/R509/CertificateAuthority/Http.html
+- doc/R509/CertificateAuthority/HTTP/Factory/CSRFactory.html
+- doc/R509/CertificateAuthority/HTTP/Factory/SPKIFactory.html
+- doc/R509/CertificateAuthority/HTTP/Factory.html
+- doc/R509/CertificateAuthority/HTTP/Server.html
+- doc/R509/CertificateAuthority/HTTP/SubjectParser.html
+- doc/R509/CertificateAuthority/HTTP/ValidityPeriodConverter.html
+- doc/R509/CertificateAuthority/HTTP.html
 - doc/R509/CertificateAuthority.html
 - doc/R509.html
 - doc/top-level-namespace.html
 homepage: http://vikinghammer.com
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 2820993732791311661
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 2.0.3
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A (relatively) simple certificate authority API written to work with r509
 test_files: []
 has_rdoc: