r509 0.10.0 → 1.0

data/lib/r509/ec-hack.rb

@@ -4,7 +4,7 @@
 # a method named #private? on the PKey object. OpenSSL::PKey::RSA and OpenSSL::PKey::DSA
 # both define this method, but OpenSSL::PKey::EC defines #private_key? instead. This
 # will open up the class and add #private? as an alias to allow successful signing
-if defined?(OpenSSL::PKey::EC) and not OpenSSL::PKey::EC.method_defined?('private?')
+if defined?(OpenSSL::PKey::EC) && !OpenSSL::PKey::EC.method_defined?('private?')
   # marked as @private so it won't appear in the yard doc
   # @private
   module OpenSSL::PKey
@@ -16,7 +16,7 @@ if defined?(OpenSSL::PKey::EC) and not OpenSSL::PKey::EC.method_defined?('privat
       end
     end
   end
-elsif not defined?(OpenSSL::PKey::EC)
+elsif !defined?(OpenSSL::PKey::EC)
   # this is a stub implementation for when EC is unavailable. Any method called against
   # it will raise an R509Error
   # marked as @private so it won't appear in the yard doc
@@ -29,6 +29,7 @@ elsif not defined?(OpenSSL::PKey::EC)
       def initialize(*args)
         raise R509::R509Error, "EC is unavailable. You may need to recompile Ruby with an OpenSSL that has elliptic curve support."
       end
+
       def method_missing(method, *args, &block)
         raise R509::R509Error, "EC is unavailable. You may need to recompile Ruby with an OpenSSL that has elliptic curve support."
       end

data/lib/r509/engine.rb

@@ -14,7 +14,7 @@ module R509
     # @return OpenSSL::Engine object
     def load(hash)
       validate_hash(hash)
-      if @engines.has_key?(hash[:id])
+      if @engines.key?(hash[:id])
         @engines[hash[:id]]
       else
         init_engine(hash)
@@ -31,16 +31,15 @@ module R509
     def init_engine(hash)
       OpenSSL::Engine.load
       @engines[hash[:id]] = OpenSSL::Engine.by_id("dynamic") do |e|
-        e.ctrl_cmd("SO_PATH",hash[:so_path])
-        e.ctrl_cmd("ID",hash[:id])
+        e.ctrl_cmd("SO_PATH", hash[:so_path])
+        e.ctrl_cmd("ID", hash[:id])
         e.ctrl_cmd("LOAD")
       end
     end
 
     def validate_hash(hash)
-      if not hash.respond_to?(:has_key?) or not hash.has_key?(:so_path) or not hash.has_key?(:id)
-        raise ArgumentError, "You must supply a hash with both :so_path and :id"
-      end
+      return unless !hash.respond_to?(:key?) || !hash.key?(:so_path) || !hash.key?(:id)
+      raise ArgumentError, "You must supply a hash with both :so_path and :id"
     end
   end
 end

data/lib/r509/exceptions.rb

@@ -1,5 +1,5 @@
 module R509
-  #An error r509 sometimes raises. You know, when it feels like it.
+  # An error r509 sometimes raises. You know, when it feels like it.
   class R509Error < StandardError
   end
 end

data/lib/r509/helpers.rb

@@ -2,26 +2,25 @@ module R509
   # Various helper methods to reduce duplication across classes. These methods
   # are used in the Cert, CSR, SPKI, and PrivateKey classes.
   module Helpers
-
     # Returns whether the public key is RSA
     #
     # @return [Boolean] true if the public key is RSA, false otherwise
     def rsa?
-      internal_obj.public_key.kind_of?(OpenSSL::PKey::RSA)
+      internal_obj.public_key.is_a?(OpenSSL::PKey::RSA)
     end
 
     # Returns whether the public key is DSA
     #
     # @return [Boolean] true if the public key is DSA, false otherwise
     def dsa?
-      internal_obj.public_key.kind_of?(OpenSSL::PKey::DSA)
+      internal_obj.public_key.is_a?(OpenSSL::PKey::DSA)
     end
 
     # Returns whether the public key is EC
     #
     # @return [Boolean] true if the public key is EC, false otherwise
     def ec?
-      internal_obj.public_key.kind_of?(OpenSSL::PKey::EC)
+      internal_obj.public_key.is_a?(OpenSSL::PKey::EC)
     end
 
     # Returns key algorithm (RSA/DSA/EC)
@@ -60,7 +59,7 @@ module R509
         raise R509::R509Error, 'Bit length is not available for EC at this time.'
       end
     end
-    alias :bit_strength :bit_length
+    alias_method :bit_strength, :bit_length
 
     # Writes the object into PEM format
     # @param [String, #write] filename_or_io Either a string of the path for
@@ -80,24 +79,23 @@ module R509
     #
     # @return [String] the object converted into PEM format.
     def to_pem
-        internal_obj.to_pem
+      internal_obj.to_pem
     end
 
     # Converts the object into DER format
     #
     # @return [String] the object converted into DER format.
     def to_der
-        internal_obj.to_der
+      internal_obj.to_der
     end
 
     # @private
     def load_private_key(opts)
-      if opts.has_key?(:key)
-        if opts[:key].kind_of?(R509::PrivateKey)
-          return opts[:key]
-        else
-          return R509::PrivateKey.new(:key => opts[:key])
-        end
+      return unless opts.key?(:key)
+      if opts[:key].is_a?(R509::PrivateKey)
+        return opts[:key]
+      else
+        return R509::PrivateKey.new(:key => opts[:key])
       end
     end
 
@@ -105,6 +103,5 @@ module R509
     def internal_obj
       raise R509::R509Error, "Internal object for helpers not implemented"
     end
-
   end
 end

data/lib/r509/io_helpers.rb

@@ -7,12 +7,12 @@ module R509
     #  the file that you'd like to write, or an IO-like object.
     # @param [String] data The data that we want to write
     # @param [String] mode The write mode
-    def self.write_data(filename_or_io, data, mode='wb:ascii-8bit')
+    def self.write_data(filename_or_io, data, mode = 'wb:ascii-8bit')
       if filename_or_io.respond_to?(:write)
-        if filename_or_io.kind_of?(StringIO) and mode != "a:ascii-8bit"
+        if filename_or_io.is_a?(StringIO) && mode != "a:ascii-8bit"
           # Writing to a StringIO in a non-append mode. This requires
           # us to rewind and truncate it first.
-          filename_or_io.rewind()
+          filename_or_io.rewind
           filename_or_io.truncate(0)
         end
         filename_or_io.write(data)
@@ -28,10 +28,10 @@ module R509
     #  the file that you'd like to read, or an IO-like object.
     def self.read_data(filename_or_io)
       if filename_or_io.respond_to?(:read)
-        if filename_or_io.kind_of?(StringIO)
-          filename_or_io.rewind()
+        if filename_or_io.is_a?(StringIO)
+          filename_or_io.rewind
         end
-        filename_or_io.read()
+        filename_or_io.read
       else
         return File.open(filename_or_io, 'rb:ascii-8bit') do |f|
           f.read
@@ -43,7 +43,7 @@ module R509
     # @param [String, #write] filename_or_io Either a string of the path for
     #  the file that you'd like to write, or an IO-like object.
     # @param [String] data The data that we want to write
-    def write_data(filename_or_io, data, mode='wb:ascii-8bit')
+    def write_data(filename_or_io, data, mode = 'wb:ascii-8bit')
       IOHelpers.write_data(filename_or_io, data, mode)
     end
 

data/lib/r509/message_digest.rb

@@ -1,20 +1,20 @@
 require 'openssl'
 
 module R509
-  #MessageDigest allows you to specify MDs in a more friendly fashion
+  # MessageDigest allows you to specify MDs in a more friendly fashion
   class MessageDigest
     # a list of message digests that this class understands
-    KNOWN_MDS = ['SHA1','SHA224','SHA256','SHA384','SHA512','DSS1','MD5']
+    KNOWN_MDS = ['SHA1', 'SHA224', 'SHA256', 'SHA384', 'SHA512', 'DSS1', 'MD5']
 
     # this constant defines the default message digest if it is not supplied
     # or an invalid digest is passed
-    DEFAULT_MD = 'SHA1'
+    DEFAULT_MD = 'SHA256'
 
     attr_reader :name, :digest
 
     # @param [String,OpenSSL::Digest] arg
-    def initialize(arg=nil)
-      if arg.kind_of?(String)
+    def initialize(arg = nil)
+      if arg.is_a?(String)
         @name = arg.downcase
         @digest = translate_name_to_digest
       elsif arg.nil?
@@ -60,4 +60,3 @@ module R509
     end
   end
 end
-

data/lib/r509/ocsp.rb

@@ -2,14 +2,13 @@ require 'openssl'
 require 'r509/exceptions'
 require 'r509/config'
 
-#OCSP module
+# OCSP module
 module R509::OCSP
-
-  #builds OCSP responses
+  # builds OCSP responses
   class Response
     # @param ocsp_response [OpenSSL::OCSP::Response]
     def initialize(ocsp_response)
-      if not ocsp_response.kind_of?(OpenSSL::OCSP::Response)
+      unless ocsp_response.is_a?(OpenSSL::OCSP::Response)
         raise R509::R509Error, 'You must pass an OpenSSL::OCSP::Response object to the constructor. See R509::OCSP::Response.parse if you are trying to parse'
       end
       @ocsp_response = ocsp_response
@@ -42,7 +41,7 @@ module R509::OCSP
     # @return [Boolean] true if the response is valid according to the given root
     def verify(certs)
       store = OpenSSL::X509::Store.new
-      if certs.kind_of?(Array)
+      if certs.is_a?(Array)
         stack = certs
         certs.each do |cert|
           store.add_cert(cert)
@@ -52,14 +51,14 @@ module R509::OCSP
         store.add_cert(certs)
       end
 
-      #suppress verbosity since #verify will output a warning if it does not match
-      #as well as returning false. we just want the boolean
+      # suppress verbosity since #verify will output a warning if it does not match
+      # as well as returning false. we just want the boolean
       original_verbosity = $VERBOSE
       $VERBOSE = nil
-      #still a bit unclear on why we add to store and pass in array to verify
+      # still a bit unclear on why we add to store and pass in array to verify
       result = @ocsp_response.basic.verify(stack, store)
       $VERBOSE = original_verbosity
-      return result
+      result
     end
 
     # @param [OpenSSL::OCSP::Request] ocsp_request the OCSP request whose nonce to check
@@ -69,12 +68,12 @@ module R509::OCSP
     end
   end
 
-  #holds OCSP request related items
+  # holds OCSP request related items
   module Request
     # contains constants r509 uses for OCSP responses
     module Nonce
-      #these values are defined at
-      #http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/OCSP/Request.html
+      # these values are defined at
+      # http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/OCSP/Request.html
       # nonce is present and matches
       PRESENT_AND_EQUAL = 1
 
@@ -89,7 +88,6 @@ module R509::OCSP
 
       # nonce is present in request only
       REQUEST_ONLY = -1
-
     end
   end
 end

data/lib/r509/oid_mapper.rb

@@ -8,7 +8,7 @@ module R509
     # @param [String] short_name The short name (e.g. CN, O, OU, emailAddress)
     # @param [String] long_name Optional long name. Defaults to the same as short_name
     # @return [Boolean] success/failure
-    def self.register(oid,short_name,long_name=nil)
+    def self.register(oid, short_name, long_name = nil)
       if long_name.nil?
         long_name = short_name
       end
@@ -24,7 +24,7 @@ module R509
     # ]
     def self.batch_register(oids)
       oids.each do |oid_hash|
-        self.register(oid_hash[:oid],oid_hash[:short_name],oid_hash[:long_name])
+        self.register(oid_hash[:oid], oid_hash[:short_name], oid_hash[:long_name])
       end
       nil
     end

data/lib/r509/private_key.rb

@@ -3,12 +3,12 @@ require 'r509/io_helpers'
 require 'r509/exceptions'
 
 module R509
-  #private key management
+  # private key management
   class PrivateKey
     include R509::IOHelpers
 
     # a list of key types
-    KNOWN_TYPES = ["RSA","DSA","EC"]
+    KNOWN_TYPES = ["RSA", "DSA", "EC"]
     # the default type
     DEFAULT_TYPE = "RSA"
     # default bit length for DSA/RSA
@@ -24,13 +24,13 @@ module R509
     # @option opts [String,OpenSSL::PKey::RSA,OpenSSL::PKey::DSA,OpenSSL::PKey::EC] :key
     # @option opts [OpenSSL::Engine] :engine
     # @option opts [string] :key_name (used with engine)
-    def initialize(opts={})
-      if not opts.kind_of?(Hash)
+    def initialize(opts = {})
+      unless opts.is_a?(Hash)
         raise ArgumentError, 'Must provide a hash of options'
       end
       validate_engine(opts)
 
-      if opts.has_key?(:key)
+      if opts.key?(:key)
         validate_key(opts)
       else
         generate_key(opts)
@@ -41,11 +41,10 @@ module R509
     #
     # @param [String] filename Path to file you want to load
     # @return [R509::PrivateKey] PrivateKey object
-    def self.load_from_file( filename, password = nil )
-      return R509::PrivateKey.new(:key => IOHelpers.read_data(filename), :password => password )
+    def self.load_from_file(filename, password = nil)
+      R509::PrivateKey.new(:key => IOHelpers.read_data(filename), :password => password)
     end
 
-
     # Returns the bit length of the key
     #
     # @return [Integer]
@@ -58,7 +57,7 @@ module R509
         raise R509::R509Error, 'Bit length is not available for EC at this time.'
       end
     end
-    alias :bit_strength :bit_length
+    alias_method :bit_strength, :bit_length
 
     # Returns the short name of the elliptic curve used to generate the private key
     # if the key is EC. If not, raises an error.
@@ -83,7 +82,7 @@ module R509
 
     # @return [Boolean] whether the key is resident in hardware or not
     def in_hardware?
-      if not @engine.nil?
+      if @engine
         true
       else
         false
@@ -99,14 +98,14 @@ module R509
         # We have to supply the curve name to the temporary key object or else #public_key= fails
         curve_name = self.key.group.curve_name
         temp_key = OpenSSL::PKey::EC.new(curve_name)
-        temp_key.public_key=self.key.public_key
+        temp_key.public_key = self.key.public_key
         temp_key
       else
         self.key.public_key
       end
     end
 
-    alias :to_s :public_key
+    alias_method :to_s, :public_key
 
     # Converts the key into the PEM format
     #
@@ -125,15 +124,14 @@ module R509
     # (common ones are des3, aes256, aes128)
     # @param [String] password password
     # @return [String] the key converted into encrypted PEM format.
-    def to_encrypted_pem(cipher,password)
+    def to_encrypted_pem(cipher, password)
       if in_hardware?
         raise R509::R509Error, "This method cannot be called when using keys in hardware"
       end
       cipher = OpenSSL::Cipher::Cipher.new(cipher)
-      self.key.to_pem(cipher,password)
+      self.key.to_pem(cipher, password)
     end
 
-
     # Converts the key into the DER format
     #
     # @return [String] the key converted into DER format.
@@ -152,7 +150,6 @@ module R509
       write_data(filename_or_io, self.to_pem)
     end
 
-
     # Writes the key into encrypted PEM format with specified cipher
     #
     # @param [String, #write] filename_or_io Either a string of the path for
@@ -161,8 +158,8 @@ module R509
     # full list of available ciphers can be obtained with OpenSSL::Cipher.ciphers
     # (common ones are des3, aes256, aes128)
     # @param [String] password password
-    def write_encrypted_pem(filename_or_io,cipher,password)
-      write_data(filename_or_io, to_encrypted_pem(cipher,password))
+    def write_encrypted_pem(filename_or_io, cipher, password)
+      write_data(filename_or_io, to_encrypted_pem(cipher, password))
     end
 
     # Writes the key into the DER format
@@ -173,39 +170,38 @@ module R509
       write_data(filename_or_io, self.to_der)
     end
 
-
     # Returns whether the key is RSA
     #
     # @return [Boolean] true if the key is RSA, false otherwise
     def rsa?
-      self.key.kind_of?(OpenSSL::PKey::RSA)
+      self.key.is_a?(OpenSSL::PKey::RSA)
     end
 
     # Returns whether the key is DSA
     #
     # @return [Boolean] true if the key is DSA, false otherwise
     def dsa?
-      self.key.kind_of?(OpenSSL::PKey::DSA)
+      self.key.is_a?(OpenSSL::PKey::DSA)
     end
 
     # Returns whether the key is EC
     #
     # @return [Boolean] true if the key is EC, false otherwise
     def ec?
-      self.key.kind_of?(OpenSSL::PKey::EC)
+      self.key.is_a?(OpenSSL::PKey::EC)
     end
 
     private
 
     def validate_engine(opts)
-      if opts.has_key?(:engine) and opts.has_key?(:key)
+      if opts.key?(:engine) && opts.key?(:key)
         raise ArgumentError, 'You can\'t pass both :key and :engine'
-      elsif opts.has_key?(:key_name) and not opts.has_key?(:engine)
+      elsif opts.key?(:key_name) && !opts.key?(:engine)
         raise ArgumentError, 'When providing a :key_name you MUST provide an :engine'
-      elsif opts.has_key?(:engine) and not opts.has_key?(:key_name)
+      elsif opts.key?(:engine) && !opts.key?(:key_name)
         raise ArgumentError, 'When providing an :engine you MUST provide a :key_name'
-      elsif opts.has_key?(:engine) and opts.has_key?(:key_name)
-        if not opts[:engine].kind_of?(OpenSSL::Engine)
+      elsif opts.key?(:engine) && opts.key?(:key_name)
+        unless opts[:engine].is_a?(OpenSSL::Engine)
           raise ArgumentError, 'When providing an engine, it must be of type OpenSSL::Engine'
         end
         @engine = opts[:engine]
@@ -215,16 +211,16 @@ module R509
 
     def validate_key(opts)
       password = opts[:password] || nil
-      #OpenSSL::PKey.read solves this begin/rescue garbage but is only
-      #available to Ruby 1.9.3+ and may not solve the EC portion
+      # OpenSSL::PKey.read solves this begin/rescue garbage but is only
+      # available to Ruby 1.9.3+ and may not solve the EC portion
       begin
-        @key = OpenSSL::PKey::RSA.new(opts[:key],password)
+        @key = OpenSSL::PKey::RSA.new(opts[:key], password)
       rescue OpenSSL::PKey::RSAError
         begin
-          @key = OpenSSL::PKey::DSA.new(opts[:key],password)
+          @key = OpenSSL::PKey::DSA.new(opts[:key], password)
         rescue
           begin
-            @key = OpenSSL::PKey::EC.new(opts[:key],password)
+            @key = OpenSSL::PKey::EC.new(opts[:key], password)
           rescue
             raise R509::R509Error, "Failed to load private key. Invalid key or incorrect password."
           end