r509-cert-validator 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/r509/cert/validator.rb +9 -5
- data/lib/r509/cert/validator/crl_validator.rb +13 -5
- data/lib/r509/cert/validator/version.rb +1 -1
- data/spec/validator_spec.rb +16 -0
- metadata +24 -24
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3576b18ddf475a95078b2e2d8d87294f2232fab6
|
|
4
|
+
data.tar.gz: d68d96c2331becc79e802c3ed444656c54e8b9c9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5f6b3ce2392c229a8fc3c5a4e91adb3d34a921fad7ac8ede5143931084d1f6c5adb4fdb185f45bd0d08c47322d6949d0afd8dff1354e07a0376766e9696427ea
|
|
7
|
+
data.tar.gz: 2a25a2dda3c8c3865191ff6407d8aa9fb0e22afed1a53152d8e402a89873adf47a6d81dc4ca6e663e69e5d3eeb968f1cd168c121bd4d0081255a98e29111b11b
|
data/lib/r509/cert/validator.rb
CHANGED
|
@@ -9,13 +9,13 @@ module R509
|
|
|
9
9
|
# The certificate this Validator will validate
|
|
10
10
|
attr_reader :cert
|
|
11
11
|
|
|
12
|
-
def initialize(cert, issuer = nil)
|
|
12
|
+
def initialize(cert, issuer = nil, options = {})
|
|
13
13
|
if cert.is_a? OpenSSL::X509::Certificate
|
|
14
14
|
cert = R509::Cert.new cert: cert
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
if issuer.is_a? OpenSSL::X509::Certificate
|
|
18
|
-
|
|
18
|
+
issuer = R509::Cert.new cert: issuer
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
@cert = cert
|
|
@@ -31,12 +31,16 @@ module R509
|
|
|
31
31
|
raise Error.new "Tried to validate OCSP but cert has no OCSP data"
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
|
|
35
|
-
|
|
34
|
+
crl_file = opts[:crl_file]
|
|
35
|
+
|
|
36
|
+
crl_available = @crl.available? || (crl_file && File.exist?(crl_file))
|
|
37
|
+
|
|
38
|
+
if opts[:crl] && !crl_available
|
|
39
|
+
raise Error.new "Tried to validate CRL but cert has no CRL data"
|
|
36
40
|
end
|
|
37
41
|
|
|
38
42
|
@ocsp.validate! if opts[:ocsp]
|
|
39
|
-
@crl.validate! if opts[:crl]
|
|
43
|
+
@crl.validate!(crl_file) if opts[:crl]
|
|
40
44
|
true
|
|
41
45
|
end
|
|
42
46
|
|
|
@@ -8,15 +8,23 @@ module R509
|
|
|
8
8
|
return true
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
def validate!
|
|
12
|
-
|
|
11
|
+
def validate!(crl_file = nil)
|
|
12
|
+
if !available? && crl_file.nil?
|
|
13
13
|
raise Error.new "Tried to validate CRL but cert has no CRL data"
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
-
|
|
16
|
+
crl = unless crl_file.nil?
|
|
17
|
+
File.read crl_file
|
|
18
|
+
else
|
|
19
|
+
get(uris.first)
|
|
20
|
+
end
|
|
17
21
|
|
|
18
|
-
|
|
19
|
-
|
|
22
|
+
body = R509::CRL::SignedList.new(crl)
|
|
23
|
+
|
|
24
|
+
if @issuer
|
|
25
|
+
unless body.verify @issuer.public_key
|
|
26
|
+
raise CrlError.new "CRL did not match certificate"
|
|
27
|
+
end
|
|
20
28
|
end
|
|
21
29
|
|
|
22
30
|
if body.revoked? @cert.serial
|
data/spec/validator_spec.rb
CHANGED
|
@@ -2,6 +2,9 @@ require 'spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe R509::Cert::Validator do
|
|
4
4
|
let(:issuer_cert){ cert('root.crt') }
|
|
5
|
+
let(:crl_path) do
|
|
6
|
+
File.expand_path(File.join(__dir__, 'support/ca/rcv_spec.crl'))
|
|
7
|
+
end
|
|
5
8
|
|
|
6
9
|
describe 'with a cert without CRL or OCSP data' do
|
|
7
10
|
let(:no_validator_cert){ cert('empty.crt') }
|
|
@@ -15,6 +18,12 @@ describe R509::Cert::Validator do
|
|
|
15
18
|
expect{ subject.validate crl: true }.to raise_error
|
|
16
19
|
expect{ subject.validate ocsp: true }.to raise_error
|
|
17
20
|
end
|
|
21
|
+
|
|
22
|
+
it 'should validate against a CRL file' do
|
|
23
|
+
expect do
|
|
24
|
+
subject.validate crl: true, ocsp: false, crl_file: crl_path
|
|
25
|
+
end.to_not raise_error
|
|
26
|
+
end
|
|
18
27
|
end
|
|
19
28
|
|
|
20
29
|
describe 'with a cert with CRL and OCSP data' do
|
|
@@ -69,5 +78,12 @@ describe R509::Cert::Validator do
|
|
|
69
78
|
expect(subject.validate crl: false, ocsp: true).to_not be
|
|
70
79
|
expect{ subject.validate! crl: false, ocsp: true }.to raise_error /revoked/
|
|
71
80
|
end
|
|
81
|
+
|
|
82
|
+
it 'should validate false against a CRL file' do
|
|
83
|
+
expect(subject.validate crl: true, ocsp: false, crl_file: crl_path).
|
|
84
|
+
to_not be
|
|
85
|
+
expect{ subject.validate! crl: true, ocsp: false, crl_file: crl_path}.
|
|
86
|
+
to raise_error /revoked/
|
|
87
|
+
end
|
|
72
88
|
end
|
|
73
89
|
end
|
metadata
CHANGED
|
@@ -1,125 +1,125 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: r509-cert-validator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bryce Kerley
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-05-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - ~>
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '1.3'
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - ~>
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '1.3'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - ~>
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: 10.1.1
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - ~>
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: 10.1.1
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - ~>
|
|
45
|
+
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: 2.14.1
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - ~>
|
|
52
|
+
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: 2.14.1
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rack
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- - ~>
|
|
59
|
+
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
61
|
version: 1.5.2
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- - ~>
|
|
66
|
+
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: 1.5.2
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: puma
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
|
-
- - ~>
|
|
73
|
+
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
75
|
version: 2.7.1
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- - ~>
|
|
80
|
+
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: 2.7.1
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: r509-ocsp-responder
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
|
-
- - ~>
|
|
87
|
+
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
89
|
version: 0.3.3
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
|
-
- - ~>
|
|
94
|
+
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: 0.3.3
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: r509-validity-crl
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
|
-
- - ~>
|
|
101
|
+
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
103
|
version: 0.1.1
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
|
-
- - ~>
|
|
108
|
+
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
110
|
version: 0.1.1
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: r509
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
|
-
- - ~>
|
|
115
|
+
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
117
|
version: 0.10.0
|
|
118
118
|
type: :runtime
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
|
-
- - ~>
|
|
122
|
+
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
124
|
version: 0.10.0
|
|
125
125
|
description: Tool for validating x509 certificates against CRLs and OCSP.
|
|
@@ -129,9 +129,9 @@ executables: []
|
|
|
129
129
|
extensions: []
|
|
130
130
|
extra_rdoc_files: []
|
|
131
131
|
files:
|
|
132
|
-
- .gitignore
|
|
133
|
-
- .rspec
|
|
134
|
-
- .travis.yml
|
|
132
|
+
- ".gitignore"
|
|
133
|
+
- ".rspec"
|
|
134
|
+
- ".travis.yml"
|
|
135
135
|
- Gemfile
|
|
136
136
|
- LICENSE.txt
|
|
137
137
|
- README.md
|
|
@@ -168,17 +168,17 @@ require_paths:
|
|
|
168
168
|
- lib
|
|
169
169
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
170
170
|
requirements:
|
|
171
|
-
- - ~>
|
|
171
|
+
- - "~>"
|
|
172
172
|
- !ruby/object:Gem::Version
|
|
173
173
|
version: '2.0'
|
|
174
174
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
175
175
|
requirements:
|
|
176
|
-
- -
|
|
176
|
+
- - ">="
|
|
177
177
|
- !ruby/object:Gem::Version
|
|
178
178
|
version: '0'
|
|
179
179
|
requirements: []
|
|
180
180
|
rubyforge_project:
|
|
181
|
-
rubygems_version: 2.
|
|
181
|
+
rubygems_version: 2.2.2
|
|
182
182
|
signing_key:
|
|
183
183
|
specification_version: 4
|
|
184
184
|
summary: An r509-based tool for validating x509 certificates against CRLs and OCSP.
|