r509-ocsp-responder 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. data/README.md +77 -0
  2. data/Rakefile +38 -0
  3. data/doc/R509.html +115 -0
  4. data/doc/R509/Ocsp.html +130 -0
  5. data/doc/R509/Ocsp/Helper.html +126 -0
  6. data/doc/R509/Ocsp/Helper/RequestChecker.html +739 -0
  7. data/doc/R509/Ocsp/Helper/ResponseSigner.html +583 -0
  8. data/doc/R509/Ocsp/Responder.html +129 -0
  9. data/doc/R509/Ocsp/Responder/OcspConfig.html +289 -0
  10. data/doc/R509/Ocsp/Responder/Server.html +128 -0
  11. data/doc/R509/Ocsp/Responder/StatusError.html +134 -0
  12. data/doc/R509/Ocsp/Signer.html +584 -0
  13. data/doc/_index.html +197 -0
  14. data/doc/class_list.html +53 -0
  15. data/doc/css/common.css +1 -0
  16. data/doc/css/full_list.css +57 -0
  17. data/doc/css/style.css +328 -0
  18. data/doc/file.README.html +156 -0
  19. data/doc/file_list.html +55 -0
  20. data/doc/frames.html +28 -0
  21. data/doc/index.html +156 -0
  22. data/doc/js/app.js +214 -0
  23. data/doc/js/full_list.js +173 -0
  24. data/doc/js/jquery.js +4 -0
  25. data/doc/method_list.html +164 -0
  26. data/doc/top-level-namespace.html +112 -0
  27. data/lib/r509/ocsp/responder/ocsp-config.rb +35 -0
  28. data/lib/r509/ocsp/responder/server.rb +169 -0
  29. data/lib/r509/ocsp/responder/version.rb +7 -0
  30. data/lib/r509/ocsp/signer.rb +244 -0
  31. data/spec/fixtures.rb +196 -0
  32. data/spec/fixtures/cert1.pem +24 -0
  33. data/spec/fixtures/config_test_various.yaml +46 -0
  34. data/spec/fixtures/ocsptest.r509.local.pem +27 -0
  35. data/spec/fixtures/second_ca.cer +26 -0
  36. data/spec/fixtures/second_ca.key +27 -0
  37. data/spec/fixtures/stca.pem +22 -0
  38. data/spec/fixtures/stca_ocsp_request.der +0 -0
  39. data/spec/fixtures/stca_ocsp_response.der +0 -0
  40. data/spec/fixtures/test_ca.cer +22 -0
  41. data/spec/fixtures/test_ca.key +28 -0
  42. data/spec/fixtures/test_ca_ocsp.cer +26 -0
  43. data/spec/fixtures/test_ca_ocsp.key +27 -0
  44. data/spec/fixtures/test_ca_ocsp_chain.txt +48 -0
  45. data/spec/fixtures/test_ca_request.der +0 -0
  46. data/spec/fixtures/test_ca_response.der +0 -0
  47. data/spec/fixtures/test_ca_subroot.cer +25 -0
  48. data/spec/fixtures/test_ca_subroot.key +27 -0
  49. data/spec/fixtures/test_ca_subroot_ocsp.cer +25 -0
  50. data/spec/fixtures/test_ca_subroot_ocsp.key +27 -0
  51. data/spec/fixtures/test_config.yaml +17 -0
  52. data/spec/server_spec.rb +400 -0
  53. data/spec/signer_spec.rb +275 -0
  54. data/spec/spec_helper.rb +18 -0
  55. metadata +259 -0
@@ -0,0 +1,275 @@
1
+ require 'spec_helper'
2
+ require 'r509/ocsp'
3
+ require 'openssl'
4
+
5
+ describe R509::Ocsp::Signer do
6
+ before :all do
7
+ @cert = TestFixtures::CERT
8
+ @stca_cert = TestFixtures::STCA_CERT
9
+ @stca_ocsp_request = TestFixtures::STCA_OCSP_REQUEST
10
+ @ocsp_test_cert = TestFixtures::OCSP_TEST_CERT
11
+ @test_ca_config = TestFixtures.test_ca_config
12
+ @test_ca_subroot_config = TestFixtures.test_ca_subroot_config
13
+ @second_ca_config = TestFixtures.second_ca_config
14
+ @ocsp_delegate_config = R509::Config::CaConfig.from_yaml("ocsp_delegate_ca", File.read("#{File.dirname(__FILE__)}/fixtures/config_test_various.yaml"), {:ca_root_path => "#{File.dirname(__FILE__)}/fixtures"})
15
+ @ocsp_subroot_delegate_config = R509::Config::CaConfig.from_yaml("ocsp_subroot_delegate_ca", File.read("#{File.dirname(__FILE__)}/fixtures/config_test_various.yaml"), {:ca_root_path => "#{File.dirname(__FILE__)}/fixtures"})
16
+ @ocsp_chain_config = R509::Config::CaConfig.from_yaml("ocsp_chain_ca", File.read("#{File.dirname(__FILE__)}/fixtures/config_test_various.yaml"), {:ca_root_path => "#{File.dirname(__FILE__)}/fixtures"})
17
+ Dependo::Registry.clear
18
+ Dependo::Registry[:log] = Logger.new(nil)
19
+
20
+ end
21
+ it "allows access to the validity checker object" do
22
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
23
+ ocsp_handler.validity_checker.kind_of?(R509::Validity::DefaultChecker).should == true
24
+ end
25
+
26
+ it "rejects ocsp requests from an unknown CA" do
27
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
28
+ request_response = ocsp_handler.handle_request(@stca_ocsp_request)
29
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_UNAUTHORIZED
30
+ end
31
+ it "rejects malformed OCSP requests" do
32
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
33
+ request_response = ocsp_handler.handle_request("notreallyanocsprequest")
34
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_MALFORMEDREQUEST
35
+ end
36
+ it "responds successfully with an OCSP delegate" do
37
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @ocsp_delegate_config) )
38
+ csr = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
39
+ ca = R509::CertificateAuthority::Signer.new(@test_ca_config)
40
+ cert = ca.sign(:csr => csr, :profile_name => 'server')
41
+ ocsp_request = OpenSSL::OCSP::Request.new
42
+ certid = OpenSSL::OCSP::CertificateId.new(cert.cert,@test_ca_config.ca_cert.cert)
43
+ ocsp_request.add_certid(certid)
44
+ request_response = ocsp_handler.handle_request(ocsp_request)
45
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
46
+ request_response[:response].verify(@ocsp_delegate_config.ca_cert.cert).should == true
47
+ #TODO Better way to check whether we're adding the certs when signing the basic_response than response size...
48
+ request_response[:response].to_der.size.should >= 1500
49
+ request_response[:response].to_der.size.should <= 1800
50
+ end
51
+ it "responds successfully for a subroot (signing via subroot)" do
52
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_subroot_config) )
53
+ csr = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
54
+ ca = R509::CertificateAuthority::Signer.new(@test_ca_subroot_config)
55
+ cert = ca.sign(:csr => csr, :profile_name => 'server')
56
+ ocsp_request = OpenSSL::OCSP::Request.new
57
+ certid = OpenSSL::OCSP::CertificateId.new(cert.cert,@test_ca_subroot_config.ca_cert.cert)
58
+ ocsp_request.add_certid(certid)
59
+ request_response = ocsp_handler.handle_request(ocsp_request)
60
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
61
+ request_response[:response].verify([@test_ca_subroot_config.ca_cert.cert,@test_ca_config.ca_cert.cert]).should == true
62
+ end
63
+ it "responds successfully for a subroot (signing via delegate)" do
64
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @ocsp_subroot_delegate_config) )
65
+ csr = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
66
+ ca = R509::CertificateAuthority::Signer.new(@test_ca_subroot_config)
67
+ cert = ca.sign(:csr => csr, :profile_name => 'server')
68
+ ocsp_request = OpenSSL::OCSP::Request.new
69
+ certid = OpenSSL::OCSP::CertificateId.new(cert.cert,@test_ca_subroot_config.ca_cert.cert)
70
+ ocsp_request.add_certid(certid)
71
+ request_response = ocsp_handler.handle_request(ocsp_request)
72
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
73
+ request_response[:response].verify([@test_ca_subroot_config.ca_cert.cert,@test_ca_config.ca_cert.cert]).should == true
74
+ end
75
+ it "responds successfully with an OCSP chain" do
76
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @ocsp_chain_config) )
77
+ csr = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
78
+ ca = R509::CertificateAuthority::Signer.new(@test_ca_config)
79
+ cert = ca.sign(:csr => csr, :profile_name => 'server')
80
+ ocsp_request = OpenSSL::OCSP::Request.new
81
+ certid = OpenSSL::OCSP::CertificateId.new(cert.cert,@test_ca_config.ca_cert.cert)
82
+ ocsp_request.add_certid(certid)
83
+ request_response = ocsp_handler.handle_request(ocsp_request)
84
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
85
+ request_response[:response].verify(@ocsp_chain_config.ca_cert.cert).should == true
86
+ #TODO Better way to check whether we're adding the certs when signing the basic_response than response size...
87
+ request_response[:response].to_der.size.should >= 3600
88
+ request_response[:response].to_der.size.should <= 3900
89
+ end
90
+ it "responds successfully from the test_ca" do
91
+ csr = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
92
+ ca = R509::CertificateAuthority::Signer.new(@test_ca_config)
93
+ cert = ca.sign(:csr => csr, :profile_name => 'server')
94
+ ocsp_request = OpenSSL::OCSP::Request.new
95
+ certid = OpenSSL::OCSP::CertificateId.new(cert.cert,@test_ca_config.ca_cert.cert)
96
+ ocsp_request.add_certid(certid)
97
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
98
+ request_response = ocsp_handler.handle_request(ocsp_request)
99
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
100
+ request_response[:request].should_not be_nil
101
+ end
102
+ it "rejects request with 2 certs from different known CAs" do
103
+ ca = R509::CertificateAuthority::Signer.new(@test_ca_config)
104
+
105
+ csr = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
106
+ cert = ca.sign(:csr => csr, :profile_name => 'server')
107
+
108
+ ca2 = R509::CertificateAuthority::Signer.new(@second_ca_config)
109
+
110
+ csr2 = R509::Csr.new( :subject => [['CN','ocsptest2.r509.local']], :bit_strength => 1024 )
111
+ cert2 = ca2.sign(:csr => csr2, :profile_name => 'server')
112
+
113
+ ocsp_request = OpenSSL::OCSP::Request.new
114
+ certid = OpenSSL::OCSP::CertificateId.new(cert.cert,@test_ca_config.ca_cert.cert)
115
+ ocsp_request.add_certid(certid)
116
+ certid2 = OpenSSL::OCSP::CertificateId.new(cert2.cert,@second_ca_config.ca_cert.cert)
117
+ ocsp_request.add_certid(certid2)
118
+
119
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config, 'second_ca' => @second_ca_config) )
120
+ request_response = ocsp_handler.handle_request(ocsp_request)
121
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_UNAUTHORIZED
122
+ request_response[:request].should be_nil
123
+ end
124
+ it "rejects request with 1 cert from known CA and 1 cert from unknown CA" do
125
+ ca = R509::CertificateAuthority::Signer.new(@test_ca_config)
126
+
127
+ csr = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
128
+ cert = ca.sign(:csr => csr, :profile_name => 'server')
129
+
130
+ ocsp_request = OpenSSL::OCSP::Request.new
131
+ certid = OpenSSL::OCSP::CertificateId.new(cert.cert,@test_ca_config.ca_cert.cert)
132
+ ocsp_request.add_certid(certid)
133
+ certid2 = OpenSSL::OCSP::CertificateId.new(OpenSSL::X509::Certificate.new(@cert),OpenSSL::X509::Certificate.new(@stca_cert))
134
+ ocsp_request.add_certid(certid2)
135
+
136
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
137
+ request_response = ocsp_handler.handle_request(ocsp_request)
138
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_UNAUTHORIZED
139
+ end
140
+ it "responds successfully with 2 certs from 1 known CA" do
141
+ ca = R509::CertificateAuthority::Signer.new(@test_ca_config)
142
+
143
+ csr = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
144
+ cert = ca.sign(:csr => csr, :profile_name => 'server')
145
+
146
+ csr2 = R509::Csr.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
147
+ cert2 = ca.sign(:csr => csr2, :profile_name => 'server')
148
+
149
+ ocsp_request = OpenSSL::OCSP::Request.new
150
+ certid = OpenSSL::OCSP::CertificateId.new(cert.cert,@test_ca_config.ca_cert.cert)
151
+ ocsp_request.add_certid(certid)
152
+ certid2 = OpenSSL::OCSP::CertificateId.new(cert2.cert,@test_ca_config.ca_cert.cert)
153
+ ocsp_request.add_certid(certid2)
154
+
155
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
156
+ request_response = ocsp_handler.handle_request(ocsp_request)
157
+ request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
158
+ end
159
+ it "signs an OCSP response properly" do
160
+ cert = OpenSSL::X509::Certificate.new(@ocsp_test_cert)
161
+ ocsp_request = OpenSSL::OCSP::Request.new
162
+ certid = OpenSSL::OCSP::CertificateId.new(cert,@test_ca_config.ca_cert.cert)
163
+ ocsp_request.add_certid(certid)
164
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
165
+ request_response = ocsp_handler.handle_request(ocsp_request)
166
+ request_response[:response].verify(@test_ca_config.ca_cert.cert).should == true
167
+ request_response[:response].verify(@second_ca_config.ca_cert.cert).should == false
168
+ request_response[:response].basic.status[0][1].should == OpenSSL::OCSP::V_CERTSTATUS_GOOD
169
+ end
170
+ it "passes in a specific validity checker" do
171
+ class R509::Validity::BogusTestChecker < R509::Validity::Checker
172
+ def check(issuer_fingerprint, serial)
173
+ R509::Validity::Status.new(:status => R509::Validity::REVOKED, :revocation_time => Time.now.to_i)
174
+ end
175
+ end
176
+ cert = OpenSSL::X509::Certificate.new(@ocsp_test_cert)
177
+ ocsp_request = OpenSSL::OCSP::Request.new
178
+ certid = OpenSSL::OCSP::CertificateId.new(cert,@test_ca_config.ca_cert.cert)
179
+ ocsp_request.add_certid(certid)
180
+ ocsp_handler = R509::Ocsp::Signer.new({ :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config), :validity_checker => R509::Validity::BogusTestChecker.new })
181
+ request_response = ocsp_handler.handle_request(ocsp_request)
182
+ request_response[:response].verify(@test_ca_config.ca_cert.cert).should == true
183
+ request_response[:response].basic.status[0][1].should == OpenSSL::OCSP::V_CERTSTATUS_REVOKED
184
+ end
185
+ it "encodes the proper revocation time in the response" do
186
+ time = Time.now.to_i-3600
187
+ class R509::Validity::BogusTestChecker < R509::Validity::Checker
188
+ def initialize(time)
189
+ @time = time
190
+ end
191
+ def check(issuer_fingerprint, serial)
192
+ R509::Validity::Status.new(:status => R509::Validity::REVOKED, :revocation_time => @time)
193
+ end
194
+ end
195
+ cert = OpenSSL::X509::Certificate.new(@ocsp_test_cert)
196
+ ocsp_request = OpenSSL::OCSP::Request.new
197
+ certid = OpenSSL::OCSP::CertificateId.new(cert,@test_ca_config.ca_cert.cert)
198
+ ocsp_request.add_certid(certid)
199
+ ocsp_handler = R509::Ocsp::Signer.new({ :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config), :validity_checker => R509::Validity::BogusTestChecker.new(time) })
200
+ request_response = ocsp_handler.handle_request(ocsp_request)
201
+ request_response[:response].basic.status[0][3].to_i.should == time
202
+ end
203
+ it "copies nonce from request to response if copy_nonce is true" do
204
+ cert = OpenSSL::X509::Certificate.new(@ocsp_test_cert)
205
+ ocsp_request = OpenSSL::OCSP::Request.new
206
+ certid = OpenSSL::OCSP::CertificateId.new(cert,@test_ca_config.ca_cert.cert)
207
+ ocsp_request.add_certid(certid)
208
+ ocsp_request.add_nonce
209
+ ocsp_handler = R509::Ocsp::Signer.new({ :copy_nonce => true, :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) })
210
+ request_response = ocsp_handler.handle_request(ocsp_request)
211
+ request_response[:response].check_nonce(ocsp_request).should == R509::Ocsp::Request::Nonce::PRESENT_AND_EQUAL
212
+ end
213
+ it "doesn't copy nonce if request doesn't have one and copy_nonce is true" do
214
+ cert = OpenSSL::X509::Certificate.new(@ocsp_test_cert)
215
+ ocsp_request = OpenSSL::OCSP::Request.new
216
+ certid = OpenSSL::OCSP::CertificateId.new(cert,@test_ca_config.ca_cert.cert)
217
+ ocsp_request.add_certid(certid)
218
+ ocsp_handler = R509::Ocsp::Signer.new( :copy_nonce => true, :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
219
+ request_response = ocsp_handler.handle_request(ocsp_request)
220
+ request_response[:response].check_nonce(ocsp_request).should == R509::Ocsp::Request::Nonce::BOTH_ABSENT
221
+ end
222
+ it "doesn't copy nonce if request doesn't have one and copy_nonce is false" do
223
+ cert = OpenSSL::X509::Certificate.new(@ocsp_test_cert)
224
+ ocsp_request = OpenSSL::OCSP::Request.new
225
+ certid = OpenSSL::OCSP::CertificateId.new(cert,@test_ca_config.ca_cert.cert)
226
+ ocsp_request.add_certid(certid)
227
+ ocsp_handler = R509::Ocsp::Signer.new( :copy_nonce => false, :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
228
+ request_response = ocsp_handler.handle_request(ocsp_request)
229
+ request_response[:response].check_nonce(ocsp_request).should == R509::Ocsp::Request::Nonce::BOTH_ABSENT
230
+ end
231
+ it "nonce in request only if copy_nonce is false" do
232
+ cert = OpenSSL::X509::Certificate.new(@ocsp_test_cert)
233
+ ocsp_request = OpenSSL::OCSP::Request.new
234
+ certid = OpenSSL::OCSP::CertificateId.new(cert,@test_ca_config.ca_cert.cert)
235
+ ocsp_request.add_certid(certid)
236
+ ocsp_request.add_nonce
237
+ ocsp_handler = R509::Ocsp::Signer.new( :copy_nonce => false, :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
238
+ request_response = ocsp_handler.handle_request(ocsp_request)
239
+ request_response[:response].check_nonce(ocsp_request).should == R509::Ocsp::Request::Nonce::REQUEST_ONLY
240
+ end
241
+ it "encodes thisUpdate/nextUpdate time properly" do
242
+ cert = OpenSSL::X509::Certificate.new(@ocsp_test_cert)
243
+ ocsp_request = OpenSSL::OCSP::Request.new
244
+ certid = OpenSSL::OCSP::CertificateId.new(cert,@test_ca_config.ca_cert.cert)
245
+ ocsp_request.add_certid(certid)
246
+ now = Time.now
247
+ ocsp_handler = R509::Ocsp::Signer.new( :configs => R509::Config::CaConfigPool.new('testca' => @test_ca_config) )
248
+ request_response = ocsp_handler.handle_request(ocsp_request)
249
+ request_response[:response].basic.status[0][4].to_i.should == now.to_i - @test_ca_config.ocsp_start_skew_seconds
250
+ request_response[:response].basic.status[0][5].to_i.should == now.to_i + @test_ca_config.ocsp_validity_hours*3600
251
+ end
252
+ end
253
+
254
+ describe R509::Ocsp::Helper::RequestChecker do
255
+ before :all do
256
+ @cert = TestFixtures::CERT
257
+ @test_ca_config = TestFixtures.test_ca_config
258
+ @second_ca_config = TestFixtures.second_ca_config
259
+ end
260
+ it "fails if initialized without R509::Config::CaConfigPool" do
261
+ expect { R509::Ocsp::Helper::RequestChecker.new({}, nil) }.to raise_error(R509::R509Error,'Must pass R509::Config::CaConfigPool object')
262
+ end
263
+ it "fails if you give it a valid config but nil validity checker" do
264
+ expect { R509::Ocsp::Helper::RequestChecker.new(R509::Config::CaConfigPool.new('testca' =>@test_ca_config), nil) }.to raise_error(R509::R509Error,'Must supply a R509::Validity::Checker')
265
+ end
266
+ it "fails if you give it a valid config but the validity checker doesn't respond to a check method" do
267
+ class FakeChecker
268
+ end
269
+ fake_checker = FakeChecker.new
270
+ expect { R509::Ocsp::Helper::RequestChecker.new([@test_ca_config], fake_checker) }.to raise_error(R509::R509Error)
271
+ end
272
+ end
273
+
274
+ describe R509::Ocsp::Helper::ResponseSigner do
275
+ end
@@ -0,0 +1,18 @@
1
+ if (RUBY_VERSION.split('.')[1].to_i > 8 || RUBY_VERSION.split('.')[0].to_i > 1)
2
+ require 'simplecov'
3
+ SimpleCov.start
4
+ end
5
+
6
+ $:.unshift File.expand_path("../../lib", __FILE__)
7
+ $:.unshift File.expand_path("../", __FILE__)
8
+ require 'rubygems'
9
+ require 'fixtures'
10
+ require 'rspec'
11
+ require 'rack/test'
12
+ require 'r509'
13
+ require 'r509/ocsp/responder/server'
14
+ require 'r509/ocsp/signer'
15
+
16
+ RSpec.configure do |conf|
17
+ conf.include Rack::Test::Methods
18
+ end
metadata ADDED
@@ -0,0 +1,259 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: r509-ocsp-responder
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.3.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Paul Kehrer
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-11-08 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: r509
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: 0.8.0
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ~>
28
+ - !ruby/object:Gem::Version
29
+ version: 0.8.0
30
+ - !ruby/object:Gem::Dependency
31
+ name: redis
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :runtime
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ - !ruby/object:Gem::Dependency
47
+ name: r509-validity-redis
48
+ requirement: !ruby/object:Gem::Requirement
49
+ none: false
50
+ requirements:
51
+ - - ~>
52
+ - !ruby/object:Gem::Version
53
+ version: 0.4.0
54
+ type: :runtime
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ~>
60
+ - !ruby/object:Gem::Version
61
+ version: 0.4.0
62
+ - !ruby/object:Gem::Dependency
63
+ name: sinatra
64
+ requirement: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ! '>='
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ type: :runtime
71
+ prerelease: false
72
+ version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ - !ruby/object:Gem::Dependency
79
+ name: dependo
80
+ requirement: !ruby/object:Gem::Requirement
81
+ none: false
82
+ requirements:
83
+ - - ! '>='
84
+ - !ruby/object:Gem::Version
85
+ version: '0'
86
+ type: :runtime
87
+ prerelease: false
88
+ version_requirements: !ruby/object:Gem::Requirement
89
+ none: false
90
+ requirements:
91
+ - - ! '>='
92
+ - !ruby/object:Gem::Version
93
+ version: '0'
94
+ - !ruby/object:Gem::Dependency
95
+ name: rspec
96
+ requirement: !ruby/object:Gem::Requirement
97
+ none: false
98
+ requirements:
99
+ - - ! '>='
100
+ - !ruby/object:Gem::Version
101
+ version: '2.11'
102
+ type: :development
103
+ prerelease: false
104
+ version_requirements: !ruby/object:Gem::Requirement
105
+ none: false
106
+ requirements:
107
+ - - ! '>='
108
+ - !ruby/object:Gem::Version
109
+ version: '2.11'
110
+ - !ruby/object:Gem::Dependency
111
+ name: rake
112
+ requirement: !ruby/object:Gem::Requirement
113
+ none: false
114
+ requirements:
115
+ - - ! '>='
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ none: false
122
+ requirements:
123
+ - - ! '>='
124
+ - !ruby/object:Gem::Version
125
+ version: '0'
126
+ - !ruby/object:Gem::Dependency
127
+ name: syntax
128
+ requirement: !ruby/object:Gem::Requirement
129
+ none: false
130
+ requirements:
131
+ - - ! '>='
132
+ - !ruby/object:Gem::Version
133
+ version: '0'
134
+ type: :development
135
+ prerelease: false
136
+ version_requirements: !ruby/object:Gem::Requirement
137
+ none: false
138
+ requirements:
139
+ - - ! '>='
140
+ - !ruby/object:Gem::Version
141
+ version: '0'
142
+ - !ruby/object:Gem::Dependency
143
+ name: rack-test
144
+ requirement: !ruby/object:Gem::Requirement
145
+ none: false
146
+ requirements:
147
+ - - ! '>='
148
+ - !ruby/object:Gem::Version
149
+ version: '0'
150
+ type: :development
151
+ prerelease: false
152
+ version_requirements: !ruby/object:Gem::Requirement
153
+ none: false
154
+ requirements:
155
+ - - ! '>='
156
+ - !ruby/object:Gem::Version
157
+ version: '0'
158
+ - !ruby/object:Gem::Dependency
159
+ name: simplecov
160
+ requirement: !ruby/object:Gem::Requirement
161
+ none: false
162
+ requirements:
163
+ - - ! '>='
164
+ - !ruby/object:Gem::Version
165
+ version: '0'
166
+ type: :development
167
+ prerelease: false
168
+ version_requirements: !ruby/object:Gem::Requirement
169
+ none: false
170
+ requirements:
171
+ - - ! '>='
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ description: A ruby OCSP responder using Sinatra and redis. RFC 2560 and 5019 compliant.
175
+ email: paul.l.kehrer@gmail.com
176
+ executables: []
177
+ extensions: []
178
+ extra_rdoc_files: []
179
+ files:
180
+ - README.md
181
+ - Rakefile
182
+ - lib/r509/ocsp/responder/ocsp-config.rb
183
+ - lib/r509/ocsp/responder/server.rb
184
+ - lib/r509/ocsp/responder/version.rb
185
+ - lib/r509/ocsp/signer.rb
186
+ - spec/fixtures/cert1.pem
187
+ - spec/fixtures/config_test_various.yaml
188
+ - spec/fixtures/ocsptest.r509.local.pem
189
+ - spec/fixtures/second_ca.cer
190
+ - spec/fixtures/second_ca.key
191
+ - spec/fixtures/stca.pem
192
+ - spec/fixtures/stca_ocsp_request.der
193
+ - spec/fixtures/stca_ocsp_response.der
194
+ - spec/fixtures/test_ca.cer
195
+ - spec/fixtures/test_ca.key
196
+ - spec/fixtures/test_ca_ocsp.cer
197
+ - spec/fixtures/test_ca_ocsp.key
198
+ - spec/fixtures/test_ca_ocsp_chain.txt
199
+ - spec/fixtures/test_ca_request.der
200
+ - spec/fixtures/test_ca_response.der
201
+ - spec/fixtures/test_ca_subroot.cer
202
+ - spec/fixtures/test_ca_subroot.key
203
+ - spec/fixtures/test_ca_subroot_ocsp.cer
204
+ - spec/fixtures/test_ca_subroot_ocsp.key
205
+ - spec/fixtures/test_config.yaml
206
+ - spec/fixtures.rb
207
+ - spec/server_spec.rb
208
+ - spec/signer_spec.rb
209
+ - spec/spec_helper.rb
210
+ - doc/_index.html
211
+ - doc/class_list.html
212
+ - doc/css/common.css
213
+ - doc/css/full_list.css
214
+ - doc/css/style.css
215
+ - doc/file.README.html
216
+ - doc/file_list.html
217
+ - doc/frames.html
218
+ - doc/index.html
219
+ - doc/js/app.js
220
+ - doc/js/full_list.js
221
+ - doc/js/jquery.js
222
+ - doc/method_list.html
223
+ - doc/R509/Ocsp/Helper/RequestChecker.html
224
+ - doc/R509/Ocsp/Helper/ResponseSigner.html
225
+ - doc/R509/Ocsp/Helper.html
226
+ - doc/R509/Ocsp/Responder/OcspConfig.html
227
+ - doc/R509/Ocsp/Responder/Server.html
228
+ - doc/R509/Ocsp/Responder/StatusError.html
229
+ - doc/R509/Ocsp/Responder.html
230
+ - doc/R509/Ocsp/Signer.html
231
+ - doc/R509/Ocsp.html
232
+ - doc/R509.html
233
+ - doc/top-level-namespace.html
234
+ homepage: http://langui.sh
235
+ licenses: []
236
+ post_install_message:
237
+ rdoc_options: []
238
+ require_paths:
239
+ - lib
240
+ required_ruby_version: !ruby/object:Gem::Requirement
241
+ none: false
242
+ requirements:
243
+ - - ! '>='
244
+ - !ruby/object:Gem::Version
245
+ version: 1.8.6
246
+ required_rubygems_version: !ruby/object:Gem::Requirement
247
+ none: false
248
+ requirements:
249
+ - - ! '>='
250
+ - !ruby/object:Gem::Version
251
+ version: '0'
252
+ requirements: []
253
+ rubyforge_project:
254
+ rubygems_version: 1.8.24
255
+ signing_key:
256
+ specification_version: 3
257
+ summary: A (relatively) simple OCSP responder written to work with r509
258
+ test_files: []
259
+ has_rdoc: