r509 0.10.0 → 1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.mdown +2 -2
- data/Rakefile +2 -3
- data/bin/r509 +77 -80
- data/bin/r509-parse +4 -4
- data/doc/R509.html +60 -60
- data/doc/R509/ASN1.html +158 -48
- data/doc/R509/ASN1/GeneralName.html +157 -154
- data/doc/R509/ASN1/GeneralNames.html +246 -237
- data/doc/R509/CRL.html +41 -39
- data/doc/R509/CRL/Administrator.html +105 -100
- data/doc/R509/CRL/FileReaderWriter.html +146 -98
- data/doc/R509/CRL/ReaderWriter.html +57 -54
- data/doc/R509/CRL/SQLiteReaderWriter.html +727 -0
- data/doc/R509/CRL/SignedList.html +83 -80
- data/doc/R509/CSR.html +184 -162
- data/doc/R509/Cert.html +271 -269
- data/doc/R509/Cert/Extensions.html +62 -63
- data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +138 -108
- data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +100 -84
- data/doc/R509/Cert/Extensions/BasicConstraints.html +89 -88
- data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +87 -83
- data/doc/R509/Cert/Extensions/CertificatePolicies.html +78 -76
- data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +128 -125
- data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +83 -78
- data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +69 -67
- data/doc/R509/Cert/Extensions/KeyUsage.html +138 -135
- data/doc/R509/Cert/Extensions/NameConstraints.html +82 -81
- data/doc/R509/Cert/Extensions/NoticeReference.html +59 -56
- data/doc/R509/Cert/Extensions/OCSPNoCheck.html +70 -69
- data/doc/R509/Cert/Extensions/PolicyConstraints.html +71 -69
- data/doc/R509/Cert/Extensions/PolicyInformation.html +63 -60
- data/doc/R509/Cert/Extensions/PolicyQualifiers.html +60 -57
- data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +91 -87
- data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +72 -71
- data/doc/R509/Cert/Extensions/UserNotice.html +60 -57
- data/doc/R509/Cert/Extensions/ValidationMixin.html +43 -40
- data/doc/R509/CertificateAuthority.html +39 -37
- data/doc/R509/CertificateAuthority/OptionsBuilder.html +58 -55
- data/doc/R509/CertificateAuthority/Signer.html +277 -60
- data/doc/R509/Config.html +40 -38
- data/doc/R509/Config/CAConfig.html +255 -188
- data/doc/R509/Config/CAConfigPool.html +64 -61
- data/doc/R509/Config/CertProfile.html +119 -116
- data/doc/R509/Config/SubjectItemPolicy.html +94 -93
- data/doc/R509/Engine.html +60 -56
- data/doc/R509/Helpers.html +99 -96
- data/doc/R509/MessageDigest.html +69 -68
- data/doc/R509/NameSanitizer.html +51 -48
- data/doc/R509/OCSP.html +39 -37
- data/doc/R509/OCSP/Request.html +39 -37
- data/doc/R509/OCSP/Request/Nonce.html +67 -67
- data/doc/R509/OCSP/Response.html +93 -90
- data/doc/R509/OIDMapper.html +48 -46
- data/doc/R509/PrivateKey.html +170 -169
- data/doc/R509/R509Error.html +45 -42
- data/doc/R509/SPKI.html +99 -89
- data/doc/R509/Subject.html +86 -83
- data/doc/R509/Validity.html +57 -57
- data/doc/R509/Validity/Checker.html +63 -93
- data/doc/R509/Validity/DefaultChecker.html +58 -55
- data/doc/R509/Validity/DefaultWriter.html +62 -59
- data/doc/R509/Validity/Status.html +77 -74
- data/doc/R509/Validity/Writer.html +75 -123
- data/doc/_index.html +37 -31
- data/doc/class_list.html +25 -27
- data/doc/css/full_list.css +32 -31
- data/doc/css/style.css +221 -78
- data/doc/file.CONTRIBUTING.html +29 -30
- data/doc/file.LICENSE.html +29 -30
- data/doc/file.README.html +31 -32
- data/doc/file.YAML.html +33 -34
- data/doc/file.r509.html +39 -48
- data/doc/file_list.html +39 -30
- data/doc/frames.html +10 -21
- data/doc/index.html +31 -32
- data/doc/js/app.js +100 -71
- data/doc/js/full_list.js +168 -130
- data/doc/method_list.html +1788 -1119
- data/doc/top-level-namespace.html +45 -49
- data/lib/r509.rb +21 -7
- data/lib/r509/asn1.rb +45 -32
- data/lib/r509/cert.rb +45 -51
- data/lib/r509/cert/extensions/authority_info_access.rb +49 -23
- data/lib/r509/cert/extensions/authority_key_identifier.rb +16 -11
- data/lib/r509/cert/extensions/base.rb +22 -23
- data/lib/r509/cert/extensions/basic_constraints.rb +11 -12
- data/lib/r509/cert/extensions/certificate_policies.rb +26 -26
- data/lib/r509/cert/extensions/crl_distribution_points.rb +5 -7
- data/lib/r509/cert/extensions/extended_key_usage.rb +5 -5
- data/lib/r509/cert/extensions/inhibit_any_policy.rb +4 -3
- data/lib/r509/cert/extensions/key_usage.rb +5 -5
- data/lib/r509/cert/extensions/name_constraints.rb +16 -16
- data/lib/r509/cert/extensions/ocsp_no_check.rb +3 -3
- data/lib/r509/cert/extensions/policy_constraints.rb +8 -8
- data/lib/r509/cert/extensions/subject_alternative_name.rb +5 -4
- data/lib/r509/cert/extensions/subject_key_identifier.rb +5 -5
- data/lib/r509/cert/extensions/validation_mixin.rb +11 -10
- data/lib/r509/certificate_authority/options_builder.rb +19 -21
- data/lib/r509/certificate_authority/signer.rb +26 -27
- data/lib/r509/config.rb +1 -0
- data/lib/r509/config/ca_config.rb +70 -75
- data/lib/r509/config/cert_profile.rb +9 -8
- data/lib/r509/config/subject_item_policy.rb +25 -28
- data/lib/r509/crl/administrator.rb +19 -20
- data/lib/r509/crl/reader_writer.rb +10 -8
- data/lib/r509/crl/signed_list.rb +4 -4
- data/lib/r509/crl/sqlite_reader_writer.rb +75 -0
- data/lib/r509/csr.rb +54 -60
- data/lib/r509/ec-hack.rb +3 -2
- data/lib/r509/engine.rb +5 -6
- data/lib/r509/exceptions.rb +1 -1
- data/lib/r509/helpers.rb +11 -14
- data/lib/r509/io_helpers.rb +7 -7
- data/lib/r509/message_digest.rb +5 -6
- data/lib/r509/ocsp.rb +11 -13
- data/lib/r509/oid_mapper.rb +2 -2
- data/lib/r509/private_key.rb +28 -32
- data/lib/r509/spki.rb +17 -20
- data/lib/r509/subject.rb +26 -27
- data/lib/r509/trollop.rb +1 -0
- data/lib/r509/validity.rb +30 -21
- data/lib/r509/version.rb +4 -2
- data/r509.yaml +9 -17
- data/spec/asn1_spec.rb +145 -146
- data/spec/cert/extensions/authority_info_access_spec.rb +41 -41
- data/spec/cert/extensions/authority_key_identifier_spec.rb +29 -23
- data/spec/cert/extensions/base_spec.rb +38 -34
- data/spec/cert/extensions/basic_constraints_spec.rb +21 -21
- data/spec/cert/extensions/certificate_policies_spec.rb +99 -87
- data/spec/cert/extensions/crl_distribution_points_spec.rb +24 -25
- data/spec/cert/extensions/extended_key_usage_spec.rb +40 -36
- data/spec/cert/extensions/inhibit_any_policy_spec.rb +12 -12
- data/spec/cert/extensions/key_usage_spec.rb +44 -39
- data/spec/cert/extensions/name_constraints_spec.rb +83 -83
- data/spec/cert/extensions/ocsp_no_check_spec.rb +10 -10
- data/spec/cert/extensions/policy_constraints_spec.rb +19 -19
- data/spec/cert/extensions/subject_alternative_name_spec.rb +46 -47
- data/spec/cert/extensions/subject_key_identifier_spec.rb +10 -10
- data/spec/cert_spec.rb +105 -101
- data/spec/certificate_authority/options_builder_spec.rb +90 -90
- data/spec/certificate_authority/signer_spec.rb +41 -41
- data/spec/config/ca_config_spec.rb +169 -119
- data/spec/config/cert_profile_spec.rb +33 -33
- data/spec/config/subject_item_policy_spec.rb +22 -22
- data/spec/crl/administrator_spec.rb +65 -65
- data/spec/crl/reader_writer_spec.rb +20 -19
- data/spec/crl/signed_list_spec.rb +26 -26
- data/spec/crl/sqlite_reader_writer_spec.rb +42 -0
- data/spec/csr_spec.rb +149 -145
- data/spec/engine_spec.rb +14 -14
- data/spec/fixtures.rb +56 -39
- data/spec/fixtures/crl_list.sql +13 -0
- data/spec/fixtures/csr1.der +0 -0
- data/spec/fixtures/csr1.pem +6 -6
- data/spec/message_digest_spec.rb +43 -43
- data/spec/ocsp_spec.rb +25 -25
- data/spec/oid_mapper_spec.rb +18 -19
- data/spec/private_key_spec.rb +79 -81
- data/spec/r509_spec.rb +16 -16
- data/spec/spec_helper.rb +3 -3
- data/spec/spki_spec.rb +94 -94
- data/spec/subject_spec.rb +107 -107
- data/spec/validity_spec.rb +25 -25
- metadata +113 -111
- metadata.gz.sig +0 -0
@@ -7,20 +7,20 @@ shared_examples_for "a correct R509 AuthorityInfoAccess object" do |critical|
|
|
7
7
|
extension_name = "authorityInfoAccess"
|
8
8
|
klass = AuthorityInfoAccess
|
9
9
|
ef = OpenSSL::X509::ExtensionFactory.new
|
10
|
-
openssl_ext = ef.create_extension(
|
11
|
-
@r509_ext = klass.new(
|
10
|
+
openssl_ext = ef.create_extension(extension_name, @extension_value, critical)
|
11
|
+
@r509_ext = klass.new(openssl_ext)
|
12
12
|
end
|
13
13
|
|
14
14
|
it "ca_issuers_uri should be correct critical:#{critical}" do
|
15
|
-
@r509_ext.ca_issuers.uris.
|
15
|
+
expect(@r509_ext.ca_issuers.uris).to eq(@ca_issuers_uris)
|
16
16
|
end
|
17
17
|
|
18
18
|
it "ocsp_uri should be correct critical:#{critical}" do
|
19
|
-
@r509_ext.ocsp.uris.
|
19
|
+
expect(@r509_ext.ocsp.uris).to eq(@ocsp_uris)
|
20
20
|
end
|
21
21
|
|
22
22
|
it "reports #critical? properly" do
|
23
|
-
@r509_ext.critical
|
23
|
+
expect(@r509_ext.critical?).to eq(critical)
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
@@ -29,30 +29,30 @@ describe R509::Cert::Extensions::AuthorityInfoAccess do
|
|
29
29
|
|
30
30
|
context "validation" do
|
31
31
|
it "raises an error when not a hash" do
|
32
|
-
expect { AuthorityInfoAccess.new(
|
32
|
+
expect { AuthorityInfoAccess.new("some-url") }.to raise_error(ArgumentError, 'You must pass a hash with at least one of the following two keys (:ocsp_location, :ca_issuers_location)')
|
33
33
|
end
|
34
34
|
|
35
35
|
it "raises an error with empty hash" do
|
36
|
-
expect { AuthorityInfoAccess.new(
|
36
|
+
expect { AuthorityInfoAccess.new({}) }.to raise_error(ArgumentError, 'You must pass a hash with at least one of the following two keys (:ocsp_location, :ca_issuers_location)')
|
37
37
|
end
|
38
38
|
|
39
39
|
it "raises an error if you pass an ocsp_location that is not an array" do
|
40
|
-
expect { AuthorityInfoAccess.new(
|
40
|
+
expect { AuthorityInfoAccess.new(:ocsp_location => "some-url") }.to raise_error(ArgumentError, 'ocsp_location must contain an array or R509::ASN1::GeneralNames object if provided')
|
41
41
|
end
|
42
42
|
|
43
43
|
it "raises an error if you pass a ca_issuers_location that is not an array" do
|
44
|
-
expect { AuthorityInfoAccess.new(
|
44
|
+
expect { AuthorityInfoAccess.new(:ca_issuers_location => "some-url") }.to raise_error(ArgumentError, 'ca_issuers_location must contain an array or R509::ASN1::GeneralNames object if provided')
|
45
45
|
end
|
46
46
|
|
47
47
|
it "raises an error if you pass an array that does not contain hashes" do
|
48
|
-
expect { AuthorityInfoAccess.new(
|
48
|
+
expect { AuthorityInfoAccess.new(:ca_issuers_location => [{}, "string"]) }.to raise_error(ArgumentError, 'All elements of the array must be hashes with a :type and :value')
|
49
49
|
end
|
50
50
|
|
51
51
|
it "raises an error if you pass an array that does not contain both :type and :value" do
|
52
|
-
expect { AuthorityInfoAccess.new(
|
53
|
-
expect { AuthorityInfoAccess.new(
|
54
|
-
expect { AuthorityInfoAccess.new(
|
55
|
-
expect { AuthorityInfoAccess.new(
|
52
|
+
expect { AuthorityInfoAccess.new(:ca_issuers_location => [{ :type => 'URI' }]) }.to raise_error(ArgumentError, 'All elements of the array must be hashes with a :type and :value')
|
53
|
+
expect { AuthorityInfoAccess.new(:ca_issuers_location => [{ :value => 'value' }]) }.to raise_error(ArgumentError, 'All elements of the array must be hashes with a :type and :value')
|
54
|
+
expect { AuthorityInfoAccess.new(:ocsp_location => [{ :type => 'URI' }]) }.to raise_error(ArgumentError, 'All elements of the array must be hashes with a :type and :value')
|
55
|
+
expect { AuthorityInfoAccess.new(:ocsp_location => [{ :value => 'value' }]) }.to raise_error(ArgumentError, 'All elements of the array must be hashes with a :type and :value')
|
56
56
|
end
|
57
57
|
end
|
58
58
|
|
@@ -70,73 +70,73 @@ describe R509::Cert::Extensions::AuthorityInfoAccess do
|
|
70
70
|
end
|
71
71
|
|
72
72
|
it "creates extension" do
|
73
|
-
@aia.ocsp.rfc_822_names.
|
74
|
-
@aia.ocsp.directory_names[0].to_s.
|
75
|
-
@aia.ca_issuers.rfc_822_names.
|
73
|
+
expect(@aia.ocsp.rfc_822_names).to eq(['random string'])
|
74
|
+
expect(@aia.ocsp.directory_names[0].to_s).to eq('/CN=test/O=myOrg/C=US')
|
75
|
+
expect(@aia.ca_issuers.rfc_822_names).to eq(['random string'])
|
76
76
|
end
|
77
77
|
|
78
78
|
it "builds yaml" do
|
79
|
-
YAML.load(@aia.to_yaml).
|
79
|
+
expect(YAML.load(@aia.to_yaml)).to eq(:critical => false, :ocsp_location => [{ :type => "email", :value => "random string" }, { :type => "dirName", :value => { :CN => "test", :O => "myOrg", :C => "US" } }], :ca_issuers_location => [{ :type => "email", :value => "random string" }, { :type => "dirName", :value => { :CN => "test", :O => "myOrg", :C => "US" } }])
|
80
80
|
end
|
81
81
|
end
|
82
82
|
|
83
83
|
context "one OCSP location" do
|
84
84
|
before :all do
|
85
|
-
@args = { :ocsp_location => [{:type => "URI", :value => 'http://ocsp.domain.com' }], :critical => false }
|
85
|
+
@args = { :ocsp_location => [{ :type => "URI", :value => 'http://ocsp.domain.com' }], :critical => false }
|
86
86
|
@aia = R509::Cert::Extensions::AuthorityInfoAccess.new(@args)
|
87
87
|
end
|
88
88
|
|
89
89
|
it "creates extension" do
|
90
|
-
@aia.ocsp.uris.
|
90
|
+
expect(@aia.ocsp.uris).to eq(['http://ocsp.domain.com'])
|
91
91
|
end
|
92
92
|
|
93
93
|
it "builds yaml" do
|
94
|
-
YAML.load(@aia.to_yaml).
|
94
|
+
expect(YAML.load(@aia.to_yaml)).to eq(@args)
|
95
95
|
end
|
96
96
|
end
|
97
97
|
|
98
98
|
context " multiple OCSP locations" do
|
99
99
|
before :all do
|
100
|
-
@args = { :ocsp_location => [
|
100
|
+
@args = { :ocsp_location => [{ :type => 'URI', :value => 'http://ocsp.domain.com' }, { :type => "URI", :value => 'http://ocsp2.domain.com' }], :critical => false }
|
101
101
|
@aia = R509::Cert::Extensions::AuthorityInfoAccess.new(@args)
|
102
102
|
end
|
103
103
|
|
104
104
|
it "creates extension" do
|
105
|
-
@aia.ocsp.uris.
|
105
|
+
expect(@aia.ocsp.uris).to eq(['http://ocsp.domain.com', 'http://ocsp2.domain.com'])
|
106
106
|
end
|
107
107
|
|
108
108
|
it "builds yaml" do
|
109
|
-
YAML.load(@aia.to_yaml).
|
109
|
+
expect(YAML.load(@aia.to_yaml)).to eq(@args)
|
110
110
|
end
|
111
111
|
end
|
112
112
|
|
113
113
|
context "one caIssuers" do
|
114
114
|
before :all do
|
115
|
-
@args = { :ca_issuers_location => [
|
115
|
+
@args = { :ca_issuers_location => [{ :type => 'URI', :value => 'http://www.domain.com' }], :critical => false }
|
116
116
|
@aia = R509::Cert::Extensions::AuthorityInfoAccess.new(@args)
|
117
117
|
end
|
118
118
|
|
119
119
|
it "creates extension" do
|
120
|
-
@aia.ca_issuers.uris.
|
120
|
+
expect(@aia.ca_issuers.uris).to eq(['http://www.domain.com'])
|
121
121
|
end
|
122
122
|
|
123
123
|
it "builds yaml" do
|
124
|
-
YAML.load(@aia.to_yaml).
|
124
|
+
expect(YAML.load(@aia.to_yaml)).to eq(@args)
|
125
125
|
end
|
126
126
|
end
|
127
127
|
|
128
128
|
context "multiple caIssuers" do
|
129
129
|
before :all do
|
130
|
-
@args = { :ca_issuers_location => [
|
130
|
+
@args = { :ca_issuers_location => [{ :type => 'URI', :value => 'http://www.domain.com' }, { :type => "URI", :value => 'http://www2.domain.com' }], :critical => false }
|
131
131
|
@aia = R509::Cert::Extensions::AuthorityInfoAccess.new(@args)
|
132
132
|
end
|
133
133
|
|
134
134
|
it "creates extension" do
|
135
|
-
@aia.ca_issuers.uris.
|
135
|
+
expect(@aia.ca_issuers.uris).to eq(['http://www.domain.com', 'http://www2.domain.com'])
|
136
136
|
end
|
137
137
|
|
138
138
|
it "builds yaml" do
|
139
|
-
YAML.load(@aia.to_yaml).
|
139
|
+
expect(YAML.load(@aia.to_yaml)).to eq(@args)
|
140
140
|
end
|
141
141
|
end
|
142
142
|
|
@@ -147,42 +147,42 @@ describe R509::Cert::Extensions::AuthorityInfoAccess do
|
|
147
147
|
end
|
148
148
|
|
149
149
|
it "creates extension" do
|
150
|
-
@aia.ca_issuers.uris.
|
151
|
-
@aia.ocsp.uris.
|
150
|
+
expect(@aia.ca_issuers.uris).to eq(['http://www.domain.com'])
|
151
|
+
expect(@aia.ocsp.uris).to eq(['http://ocsp.domain.com'])
|
152
152
|
end
|
153
153
|
|
154
154
|
it "builds yaml" do
|
155
|
-
YAML.load(@aia.to_yaml).
|
155
|
+
expect(YAML.load(@aia.to_yaml)).to eq(@args)
|
156
156
|
end
|
157
157
|
end
|
158
158
|
|
159
159
|
context "default criticality" do
|
160
160
|
before :all do
|
161
|
-
|
162
|
-
|
161
|
+
@args = { :ocsp_location => [{ :type => 'URI', :value => 'http://ocsp.domain.com' }] }
|
162
|
+
@aia = R509::Cert::Extensions::AuthorityInfoAccess.new(@args)
|
163
163
|
end
|
164
164
|
|
165
165
|
it "creates extension" do
|
166
|
-
@aia.critical
|
166
|
+
expect(@aia.critical?).to be false
|
167
167
|
end
|
168
168
|
|
169
169
|
it "builds yaml" do
|
170
|
-
YAML.load(@aia.to_yaml).
|
170
|
+
expect(YAML.load(@aia.to_yaml)).to eq(@args.merge(:critical => false))
|
171
171
|
end
|
172
172
|
end
|
173
173
|
|
174
174
|
context "non-default criticality" do
|
175
175
|
before :all do
|
176
|
-
|
177
|
-
|
176
|
+
@args = { :ocsp_location => [{ :type => 'URI', :value => 'http://ocsp.domain.com' }], :critical => true }
|
177
|
+
@aia = R509::Cert::Extensions::AuthorityInfoAccess.new(@args)
|
178
178
|
end
|
179
179
|
|
180
180
|
it "creates extension" do
|
181
|
-
@aia.critical
|
181
|
+
expect(@aia.critical?).to be true
|
182
182
|
end
|
183
183
|
|
184
184
|
it "builds yaml" do
|
185
|
-
YAML.load(@aia.to_yaml).
|
185
|
+
expect(YAML.load(@aia.to_yaml)).to eq(@args)
|
186
186
|
end
|
187
187
|
end
|
188
188
|
|
@@ -8,20 +8,20 @@ shared_examples_for "a correct R509 AuthorityKeyIdentifier object" do
|
|
8
8
|
klass = AuthorityKeyIdentifier
|
9
9
|
ef = OpenSSL::X509::ExtensionFactory.new
|
10
10
|
ef.issuer_certificate = OpenSSL::X509::Certificate.new TestFixtures::TEST_CA_CERT
|
11
|
-
openssl_ext = ef.create_extension(
|
12
|
-
@r509_ext = klass.new(
|
11
|
+
openssl_ext = ef.create_extension(extension_name, @extension_value)
|
12
|
+
@r509_ext = klass.new(openssl_ext)
|
13
13
|
end
|
14
14
|
|
15
15
|
it "has the expected type" do
|
16
|
-
@r509_ext.oid.
|
16
|
+
expect(@r509_ext.oid).to eq("authorityKeyIdentifier")
|
17
17
|
end
|
18
18
|
|
19
19
|
it "contains the key identifier" do
|
20
|
-
@r509_ext.key_identifier.
|
20
|
+
expect(@r509_ext.key_identifier).to eq("79:75:BB:84:3A:CB:2C:DE:7A:09:BE:31:1B:43:BC:1C:2A:4D:53:58")
|
21
21
|
end
|
22
22
|
it "parses the authority cert issuer and serial number" do
|
23
|
-
@r509_ext.authority_cert_issuer.value.to_s.
|
24
|
-
@r509_ext.authority_cert_serial_number.
|
23
|
+
expect(@r509_ext.authority_cert_issuer.value.to_s).to eq("/C=US/ST=Illinois/L=Chicago/O=Ruby CA Project/CN=Test CA")
|
24
|
+
expect(@r509_ext.authority_cert_serial_number).to eq('FF:D9:C7:0B:87:37:D1:94')
|
25
25
|
end
|
26
26
|
end
|
27
27
|
|
@@ -34,47 +34,53 @@ describe R509::Cert::Extensions::AuthorityKeyIdentifier do
|
|
34
34
|
end
|
35
35
|
|
36
36
|
it "errors when not supplying a public_key" do
|
37
|
-
expect
|
37
|
+
expect do
|
38
38
|
R509::Cert::Extensions::AuthorityKeyIdentifier.new({})
|
39
|
-
|
39
|
+
end.to raise_error(ArgumentError, 'You must supply an OpenSSL::PKey object to :public_key if aki value contains keyid (present by default)')
|
40
40
|
end
|
41
41
|
|
42
42
|
it "errors when not supplying an issuer subject when embedding issuer info" do
|
43
|
-
expect
|
44
|
-
R509::Cert::Extensions::AuthorityKeyIdentifier.new(:value => "issuer:always")
|
45
|
-
|
43
|
+
expect do
|
44
|
+
R509::Cert::Extensions::AuthorityKeyIdentifier.new(:value => "issuer:always", :issuer_serial => 3)
|
45
|
+
end.to raise_error(ArgumentError, 'You must supply an R509::Subject object to :issuer_subject if aki value contains issuer')
|
46
|
+
end
|
47
|
+
|
48
|
+
it "errors when not supplying an issuer serial when embedding issuer info" do
|
49
|
+
expect do
|
50
|
+
R509::Cert::Extensions::AuthorityKeyIdentifier.new(:value => "issuer:always", :issuer_subject => R509::Subject.new(:CN => 'something'))
|
51
|
+
end.to raise_error(ArgumentError, 'You must supply an integer to :issuer_serial if aki value contains issuer')
|
46
52
|
end
|
47
53
|
|
48
54
|
it "creates successfully with default value" do
|
49
55
|
aki = R509::Cert::Extensions::AuthorityKeyIdentifier.new(:public_key => @cert.public_key)
|
50
|
-
aki.key_identifier.
|
51
|
-
aki.authority_cert_issuer.
|
56
|
+
expect(aki.key_identifier).not_to be_nil
|
57
|
+
expect(aki.authority_cert_issuer).to be_nil
|
52
58
|
end
|
53
59
|
|
54
60
|
it "creates successfully with issuer value" do
|
55
|
-
aki = R509::Cert::Extensions::AuthorityKeyIdentifier.new(:issuer_subject => @cert.subject, :value => "issuer:always")
|
56
|
-
aki.authority_cert_issuer.
|
57
|
-
aki.authority_cert_serial_number.
|
61
|
+
aki = R509::Cert::Extensions::AuthorityKeyIdentifier.new(:issuer_subject => @cert.subject, :issuer_serial => 5, :value => "issuer:always")
|
62
|
+
expect(aki.authority_cert_issuer.to_h).to eq(:type => "dirName", :value => { :C => "US", :ST => "Illinois", :L => "Chicago", :O => "Ruby CA Project", :CN => "Test CA" })
|
63
|
+
expect(aki.authority_cert_serial_number).to eq("05")
|
58
64
|
end
|
59
65
|
|
60
66
|
it "creates successfully with issuer+keyid value" do
|
61
|
-
aki = R509::Cert::Extensions::AuthorityKeyIdentifier.new(:issuer_subject => @cert.subject, :public_key => @cert.public_key, :value => "issuer:always,keyid:always")
|
62
|
-
aki.authority_cert_issuer.
|
63
|
-
aki.authority_cert_serial_number.
|
64
|
-
aki.key_identifier.
|
67
|
+
aki = R509::Cert::Extensions::AuthorityKeyIdentifier.new(:issuer_subject => @cert.subject, :issuer_serial => 5, :public_key => @cert.public_key, :value => "issuer:always,keyid:always")
|
68
|
+
expect(aki.authority_cert_issuer.to_h).to eq(:type => "dirName", :value => { :C => "US", :ST => "Illinois", :L => "Chicago", :O => "Ruby CA Project", :CN => "Test CA" })
|
69
|
+
expect(aki.authority_cert_serial_number).not_to be_nil
|
70
|
+
expect(aki.key_identifier).not_to be_nil
|
65
71
|
end
|
66
72
|
|
67
73
|
it "creates with default criticality" do
|
68
74
|
aki = R509::Cert::Extensions::AuthorityKeyIdentifier.new(:public_key => @cert.public_key)
|
69
|
-
aki.critical
|
75
|
+
expect(aki.critical?).to be false
|
70
76
|
end
|
71
77
|
|
72
78
|
it "creates with non-default criticality" do
|
73
79
|
aki = R509::Cert::Extensions::AuthorityKeyIdentifier.new(:public_key => @cert.public_key, :critical => true)
|
74
|
-
aki.critical
|
80
|
+
expect(aki.critical?).to be true
|
75
81
|
end
|
76
82
|
|
77
|
-
|
83
|
+
end
|
78
84
|
context "AuthorityKeyIdentifier" do
|
79
85
|
before :all do
|
80
86
|
@extension_value = "keyid:always,issuer:always"
|
@@ -4,43 +4,47 @@ include R509::Cert::Extensions
|
|
4
4
|
|
5
5
|
shared_examples_for "a correctly implemented wrap_openssl_extensions" do
|
6
6
|
before :each do
|
7
|
-
@r509_extensions = R509::Cert::Extensions.wrap_openssl_extensions(
|
8
|
-
|
9
|
-
@r509_classes = [
|
10
|
-
|
11
|
-
|
12
|
-
|
7
|
+
@r509_extensions = R509::Cert::Extensions.wrap_openssl_extensions(@openssl_extensions)
|
8
|
+
|
9
|
+
@r509_classes = [
|
10
|
+
BasicConstraints, KeyUsage, ExtendedKeyUsage,
|
11
|
+
SubjectKeyIdentifier, AuthorityKeyIdentifier,
|
12
|
+
SubjectAlternativeName, AuthorityInfoAccess,
|
13
|
+
CRLDistributionPoints, OCSPNoCheck
|
14
|
+
]
|
13
15
|
end
|
14
16
|
|
15
17
|
it "should not have returned values that aren't R509 extensions" do
|
16
18
|
classes = @r509_extensions.values.map { |ext| ext.class }
|
17
19
|
non_r509_classes = classes.reject { |ext_class| @r509_classes.include?(ext_class) }
|
18
|
-
non_r509_classes.
|
20
|
+
expect(non_r509_classes).to eq([])
|
19
21
|
end
|
20
22
|
|
21
23
|
it "should have returned the right number of extensions" do
|
22
|
-
@r509_extensions.count.
|
24
|
+
expect(@r509_extensions.count).to eq(@wrappable_extensions.count)
|
23
25
|
end
|
24
26
|
|
25
27
|
it "should not have returned keys improperly mapped to values" do
|
26
|
-
incorrect_mappings = @r509_extensions.select { |key_class,ext| ext.class != key_class }
|
28
|
+
incorrect_mappings = @r509_extensions.select { |key_class, ext| ext.class != key_class }
|
27
29
|
incorrect_mappings = {} if incorrect_mappings == [] # compatibility for old versions of Ruby
|
28
|
-
incorrect_mappings.
|
30
|
+
expect(incorrect_mappings).to eq({})
|
29
31
|
end
|
30
32
|
|
31
33
|
it "should not have failed to map an implemented extension" do
|
32
34
|
missing_extensions = []
|
33
35
|
@wrappable_extensions.each do |openssl_ext|
|
34
|
-
if (@r509_extensions.select {|
|
36
|
+
if (@r509_extensions.select { |_r509_class, r509_ext| r509_ext.oid == openssl_ext.oid }) == {}
|
37
|
+
missing_extensions << openssl_ext.oid
|
38
|
+
end
|
35
39
|
end
|
36
40
|
|
37
|
-
missing_extensions.
|
41
|
+
expect(missing_extensions).to eq([])
|
38
42
|
end
|
39
43
|
end
|
40
44
|
|
41
45
|
shared_examples_for "a correctly implemented get_unknown_extensions" do
|
42
46
|
it "should not have returned values that are R509 extensions" do
|
43
|
-
R509::Cert::Extensions.get_unknown_extensions(
|
47
|
+
expect(R509::Cert::Extensions.get_unknown_extensions(@openssl_extensions)).to eq(@unknown_extensions)
|
44
48
|
end
|
45
49
|
end
|
46
50
|
|
@@ -65,7 +69,7 @@ describe R509::Cert::Extensions do
|
|
65
69
|
before :each do
|
66
70
|
@wrappable_extensions = []
|
67
71
|
ef = OpenSSL::X509::ExtensionFactory.new
|
68
|
-
@wrappable_extensions << ef.create_extension(
|
72
|
+
@wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0")
|
69
73
|
|
70
74
|
@unknown_extensions = []
|
71
75
|
|
@@ -82,14 +86,14 @@ describe R509::Cert::Extensions do
|
|
82
86
|
ef = OpenSSL::X509::ExtensionFactory.new
|
83
87
|
ef.issuer_certificate = OpenSSL::X509::Certificate.new TestFixtures::TEST_CA_CERT
|
84
88
|
ef.subject_certificate = OpenSSL::X509::Certificate.new TestFixtures::TEST_CA_CERT
|
85
|
-
@wrappable_extensions << ef.create_extension(
|
86
|
-
@wrappable_extensions << ef.create_extension(
|
87
|
-
@wrappable_extensions << ef.create_extension(
|
88
|
-
@wrappable_extensions << ef.create_extension(
|
89
|
-
@wrappable_extensions << ef.create_extension(
|
90
|
-
@wrappable_extensions << ef.create_extension(
|
91
|
-
@wrappable_extensions << ef.create_extension(
|
92
|
-
@wrappable_extensions << ef.create_extension(
|
89
|
+
@wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0", true)
|
90
|
+
@wrappable_extensions << ef.create_extension("keyUsage", KeyUsage::AU_DIGITAL_SIGNATURE)
|
91
|
+
@wrappable_extensions << ef.create_extension("extendedKeyUsage", ExtendedKeyUsage::AU_WEB_SERVER_AUTH)
|
92
|
+
@wrappable_extensions << ef.create_extension("subjectKeyIdentifier", "hash")
|
93
|
+
@wrappable_extensions << ef.create_extension("authorityKeyIdentifier", "keyid:always")
|
94
|
+
@wrappable_extensions << ef.create_extension("subjectAltName", "DNS:www.test.local")
|
95
|
+
@wrappable_extensions << ef.create_extension("authorityInfoAccess", "caIssuers;URI:http://www.test.local")
|
96
|
+
@wrappable_extensions << ef.create_extension("crlDistributionPoints", "URI:http://www.test.local")
|
93
97
|
|
94
98
|
@unknown_extensions = []
|
95
99
|
|
@@ -105,7 +109,7 @@ describe R509::Cert::Extensions do
|
|
105
109
|
@wrappable_extensions = []
|
106
110
|
|
107
111
|
@unknown_extensions = []
|
108
|
-
@unknown_extensions << OpenSSL::X509::Extension.new(
|
112
|
+
@unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www.test.local")
|
109
113
|
|
110
114
|
@openssl_extensions = @wrappable_extensions + @unknown_extensions
|
111
115
|
end
|
@@ -118,10 +122,10 @@ describe R509::Cert::Extensions do
|
|
118
122
|
before :each do
|
119
123
|
@wrappable_extensions = []
|
120
124
|
ef = OpenSSL::X509::ExtensionFactory.new
|
121
|
-
@wrappable_extensions << ef.create_extension(
|
125
|
+
@wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0")
|
122
126
|
|
123
127
|
@unknown_extensions = []
|
124
|
-
@unknown_extensions << OpenSSL::X509::Extension.new(
|
128
|
+
@unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www.test.local")
|
125
129
|
|
126
130
|
@openssl_extensions = @wrappable_extensions + @unknown_extensions
|
127
131
|
end
|
@@ -134,19 +138,19 @@ describe R509::Cert::Extensions do
|
|
134
138
|
before :each do
|
135
139
|
@wrappable_extensions = []
|
136
140
|
ef = OpenSSL::X509::ExtensionFactory.new
|
137
|
-
@wrappable_extensions << ef.create_extension(
|
138
|
-
@wrappable_extensions << ef.create_extension(
|
141
|
+
@wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0")
|
142
|
+
@wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:1")
|
139
143
|
|
140
144
|
@unknown_extensions = []
|
141
|
-
@unknown_extensions << OpenSSL::X509::Extension.new(
|
145
|
+
@unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www.test.local")
|
142
146
|
|
143
147
|
@openssl_extensions = @wrappable_extensions + @unknown_extensions
|
144
148
|
end
|
145
149
|
|
146
150
|
it "should raise an ArgumentError for #wrap_openssl_extensions" do
|
147
|
-
expect
|
148
|
-
R509::Cert::Extensions.wrap_openssl_extensions(
|
149
|
-
|
151
|
+
expect do
|
152
|
+
R509::Cert::Extensions.wrap_openssl_extensions(@openssl_extensions)
|
153
|
+
end.to raise_error(ArgumentError)
|
150
154
|
end
|
151
155
|
it_should_behave_like "a correctly implemented get_unknown_extensions"
|
152
156
|
end
|
@@ -155,11 +159,11 @@ describe R509::Cert::Extensions do
|
|
155
159
|
before :each do
|
156
160
|
@wrappable_extensions = []
|
157
161
|
ef = OpenSSL::X509::ExtensionFactory.new
|
158
|
-
@wrappable_extensions << ef.create_extension(
|
162
|
+
@wrappable_extensions << ef.create_extension("basicConstraints", "CA:TRUE,pathlen:0")
|
159
163
|
|
160
164
|
@unknown_extensions = []
|
161
|
-
@unknown_extensions << OpenSSL::X509::Extension.new(
|
162
|
-
@unknown_extensions << OpenSSL::X509::Extension.new(
|
165
|
+
@unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www.test.local")
|
166
|
+
@unknown_extensions << OpenSSL::X509::Extension.new("issuerAltName", "DNS:www2.test.local")
|
163
167
|
|
164
168
|
@openssl_extensions = @wrappable_extensions + @unknown_extensions
|
165
169
|
end
|