r509-cert-validator 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/r509/cert/validator.rb +9 -5
  3. data/lib/r509/cert/validator/crl_validator.rb +13 -5
  4. data/lib/r509/cert/validator/version.rb +1 -1
  5. data/spec/validator_spec.rb +16 -0
  6. metadata +24 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f1727921e4d1ea7764cfd809a42478d3ec8cb4cf
4
- data.tar.gz: ecca2f905cfe41c45a7130d3eeb095fecff9693a
3
+ metadata.gz: 3576b18ddf475a95078b2e2d8d87294f2232fab6
4
+ data.tar.gz: d68d96c2331becc79e802c3ed444656c54e8b9c9
5
5
  SHA512:
6
- metadata.gz: 711bb8c8d34ffbbefcd0859f512cee2056696f2d047ff8c60ed6d629186122c0986501914db7397d726e997da1ec5bf26e3d4469e277750fd80962102298e4db
7
- data.tar.gz: 5f4d58440734468761e8f8eb9363246f3cb12a05de8dd0aa27ab0e33fe15d933d38f62c3f37efc0e08b270f9e174907c089676b582ca4fea58ba1ef3d358c483
6
+ metadata.gz: 5f6b3ce2392c229a8fc3c5a4e91adb3d34a921fad7ac8ede5143931084d1f6c5adb4fdb185f45bd0d08c47322d6949d0afd8dff1354e07a0376766e9696427ea
7
+ data.tar.gz: 2a25a2dda3c8c3865191ff6407d8aa9fb0e22afed1a53152d8e402a89873adf47a6d81dc4ca6e663e69e5d3eeb968f1cd168c121bd4d0081255a98e29111b11b
data/lib/r509/cert/validator.rb CHANGED
@@ -9,13 +9,13 @@ module R509
9
9
  # The certificate this Validator will validate
10
10
  attr_reader :cert
11
11
 
12
- def initialize(cert, issuer = nil)
12
+ def initialize(cert, issuer = nil, options = {})
13
13
  if cert.is_a? OpenSSL::X509::Certificate
14
14
  cert = R509::Cert.new cert: cert
15
15
  end
16
16
 
17
17
  if issuer.is_a? OpenSSL::X509::Certificate
18
- cert = R509::Cert.new cert: cert
18
+ issuer = R509::Cert.new cert: issuer
19
19
  end
20
20
 
21
21
  @cert = cert
@@ -31,12 +31,16 @@ module R509
31
31
  raise Error.new "Tried to validate OCSP but cert has no OCSP data"
32
32
  end
33
33
 
34
- if opts[:crl] && !@crl.available?
35
-
34
+ crl_file = opts[:crl_file]
35
+
36
+ crl_available = @crl.available? || (crl_file && File.exist?(crl_file))
37
+
38
+ if opts[:crl] && !crl_available
39
+ raise Error.new "Tried to validate CRL but cert has no CRL data"
36
40
  end
37
41
 
38
42
  @ocsp.validate! if opts[:ocsp]
39
- @crl.validate! if opts[:crl]
43
+ @crl.validate!(crl_file) if opts[:crl]
40
44
  true
41
45
  end
42
46
 
data/lib/r509/cert/validator/crl_validator.rb CHANGED
@@ -8,15 +8,23 @@ module R509
8
8
  return true
9
9
  end
10
10
 
11
- def validate!
12
- unless available?
11
+ def validate!(crl_file = nil)
12
+ if !available? && crl_file.nil?
13
13
  raise Error.new "Tried to validate CRL but cert has no CRL data"
14
14
  end
15
15
 
16
- body = R509::CRL::SignedList.new(get(uris.first))
16
+ crl = unless crl_file.nil?
17
+ File.read crl_file
18
+ else
19
+ get(uris.first)
20
+ end
17
21
 
18
- unless body.verify @issuer.public_key
19
- raise CrlError.new "CRL did not match certificate"
22
+ body = R509::CRL::SignedList.new(crl)
23
+
24
+ if @issuer
25
+ unless body.verify @issuer.public_key
26
+ raise CrlError.new "CRL did not match certificate"
27
+ end
20
28
  end
21
29
 
22
30
  if body.revoked? @cert.serial
data/lib/r509/cert/validator/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module R509
2
2
  class Cert
3
3
  class Validator
4
- VERSION = "0.0.1"
4
+ VERSION = "0.0.2"
5
5
  end
6
6
  end
7
7
  end
data/spec/validator_spec.rb CHANGED
@@ -2,6 +2,9 @@ require 'spec_helper'
2
2
 
3
3
  describe R509::Cert::Validator do
4
4
  let(:issuer_cert){ cert('root.crt') }
5
+ let(:crl_path) do
6
+ File.expand_path(File.join(__dir__, 'support/ca/rcv_spec.crl'))
7
+ end
5
8
 
6
9
  describe 'with a cert without CRL or OCSP data' do
7
10
  let(:no_validator_cert){ cert('empty.crt') }
@@ -15,6 +18,12 @@ describe R509::Cert::Validator do
15
18
  expect{ subject.validate crl: true }.to raise_error
16
19
  expect{ subject.validate ocsp: true }.to raise_error
17
20
  end
21
+
22
+ it 'should validate against a CRL file' do
23
+ expect do
24
+ subject.validate crl: true, ocsp: false, crl_file: crl_path
25
+ end.to_not raise_error
26
+ end
18
27
  end
19
28
 
20
29
  describe 'with a cert with CRL and OCSP data' do
@@ -69,5 +78,12 @@ describe R509::Cert::Validator do
69
78
  expect(subject.validate crl: false, ocsp: true).to_not be
70
79
  expect{ subject.validate! crl: false, ocsp: true }.to raise_error /revoked/
71
80
  end
81
+
82
+ it 'should validate false against a CRL file' do
83
+ expect(subject.validate crl: true, ocsp: false, crl_file: crl_path).
84
+ to_not be
85
+ expect{ subject.validate! crl: true, ocsp: false, crl_file: crl_path}.
86
+ to raise_error /revoked/
87
+ end
72
88
  end
73
89
  end
metadata CHANGED
@@ -1,125 +1,125 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: r509-cert-validator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bryce Kerley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-02-12 00:00:00.000000000 Z
11
+ date: 2014-05-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ~>
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: '1.3'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ~>
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '1.3'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ~>
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
33
  version: 10.1.1
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ~>
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: 10.1.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ~>
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
47
  version: 2.14.1
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ~>
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: 2.14.1
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rack
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ~>
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
61
  version: 1.5.2
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ~>
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: 1.5.2
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: puma
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ~>
73
+ - - "~>"
74
74
  - !ruby/object:Gem::Version
75
75
  version: 2.7.1
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ~>
80
+ - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: 2.7.1
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: r509-ocsp-responder
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ~>
87
+ - - "~>"
88
88
  - !ruby/object:Gem::Version
89
89
  version: 0.3.3
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ~>
94
+ - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: 0.3.3
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: r509-validity-crl
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ~>
101
+ - - "~>"
102
102
  - !ruby/object:Gem::Version
103
103
  version: 0.1.1
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ~>
108
+ - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: 0.1.1
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: r509
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - ~>
115
+ - - "~>"
116
116
  - !ruby/object:Gem::Version
117
117
  version: 0.10.0
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
- - - ~>
122
+ - - "~>"
123
123
  - !ruby/object:Gem::Version
124
124
  version: 0.10.0
125
125
  description: Tool for validating x509 certificates against CRLs and OCSP.
@@ -129,9 +129,9 @@ executables: []
129
129
  extensions: []
130
130
  extra_rdoc_files: []
131
131
  files:
132
- - .gitignore
133
- - .rspec
134
- - .travis.yml
132
+ - ".gitignore"
133
+ - ".rspec"
134
+ - ".travis.yml"
135
135
  - Gemfile
136
136
  - LICENSE.txt
137
137
  - README.md
@@ -168,17 +168,17 @@ require_paths:
168
168
  - lib
169
169
  required_ruby_version: !ruby/object:Gem::Requirement
170
170
  requirements:
171
- - - ~>
171
+ - - "~>"
172
172
  - !ruby/object:Gem::Version
173
173
  version: '2.0'
174
174
  required_rubygems_version: !ruby/object:Gem::Requirement
175
175
  requirements:
176
- - - '>='
176
+ - - ">="
177
177
  - !ruby/object:Gem::Version
178
178
  version: '0'
179
179
  requirements: []
180
180
  rubyforge_project:
181
- rubygems_version: 2.0.14
181
+ rubygems_version: 2.2.2
182
182
  signing_key:
183
183
  specification_version: 4
184
184
  summary: An r509-based tool for validating x509 certificates against CRLs and OCSP.