r509 0.10.0 → 1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.mdown +2 -2
- data/Rakefile +2 -3
- data/bin/r509 +77 -80
- data/bin/r509-parse +4 -4
- data/doc/R509.html +60 -60
- data/doc/R509/ASN1.html +158 -48
- data/doc/R509/ASN1/GeneralName.html +157 -154
- data/doc/R509/ASN1/GeneralNames.html +246 -237
- data/doc/R509/CRL.html +41 -39
- data/doc/R509/CRL/Administrator.html +105 -100
- data/doc/R509/CRL/FileReaderWriter.html +146 -98
- data/doc/R509/CRL/ReaderWriter.html +57 -54
- data/doc/R509/CRL/SQLiteReaderWriter.html +727 -0
- data/doc/R509/CRL/SignedList.html +83 -80
- data/doc/R509/CSR.html +184 -162
- data/doc/R509/Cert.html +271 -269
- data/doc/R509/Cert/Extensions.html +62 -63
- data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +138 -108
- data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +100 -84
- data/doc/R509/Cert/Extensions/BasicConstraints.html +89 -88
- data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +87 -83
- data/doc/R509/Cert/Extensions/CertificatePolicies.html +78 -76
- data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +128 -125
- data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +83 -78
- data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +69 -67
- data/doc/R509/Cert/Extensions/KeyUsage.html +138 -135
- data/doc/R509/Cert/Extensions/NameConstraints.html +82 -81
- data/doc/R509/Cert/Extensions/NoticeReference.html +59 -56
- data/doc/R509/Cert/Extensions/OCSPNoCheck.html +70 -69
- data/doc/R509/Cert/Extensions/PolicyConstraints.html +71 -69
- data/doc/R509/Cert/Extensions/PolicyInformation.html +63 -60
- data/doc/R509/Cert/Extensions/PolicyQualifiers.html +60 -57
- data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +91 -87
- data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +72 -71
- data/doc/R509/Cert/Extensions/UserNotice.html +60 -57
- data/doc/R509/Cert/Extensions/ValidationMixin.html +43 -40
- data/doc/R509/CertificateAuthority.html +39 -37
- data/doc/R509/CertificateAuthority/OptionsBuilder.html +58 -55
- data/doc/R509/CertificateAuthority/Signer.html +277 -60
- data/doc/R509/Config.html +40 -38
- data/doc/R509/Config/CAConfig.html +255 -188
- data/doc/R509/Config/CAConfigPool.html +64 -61
- data/doc/R509/Config/CertProfile.html +119 -116
- data/doc/R509/Config/SubjectItemPolicy.html +94 -93
- data/doc/R509/Engine.html +60 -56
- data/doc/R509/Helpers.html +99 -96
- data/doc/R509/MessageDigest.html +69 -68
- data/doc/R509/NameSanitizer.html +51 -48
- data/doc/R509/OCSP.html +39 -37
- data/doc/R509/OCSP/Request.html +39 -37
- data/doc/R509/OCSP/Request/Nonce.html +67 -67
- data/doc/R509/OCSP/Response.html +93 -90
- data/doc/R509/OIDMapper.html +48 -46
- data/doc/R509/PrivateKey.html +170 -169
- data/doc/R509/R509Error.html +45 -42
- data/doc/R509/SPKI.html +99 -89
- data/doc/R509/Subject.html +86 -83
- data/doc/R509/Validity.html +57 -57
- data/doc/R509/Validity/Checker.html +63 -93
- data/doc/R509/Validity/DefaultChecker.html +58 -55
- data/doc/R509/Validity/DefaultWriter.html +62 -59
- data/doc/R509/Validity/Status.html +77 -74
- data/doc/R509/Validity/Writer.html +75 -123
- data/doc/_index.html +37 -31
- data/doc/class_list.html +25 -27
- data/doc/css/full_list.css +32 -31
- data/doc/css/style.css +221 -78
- data/doc/file.CONTRIBUTING.html +29 -30
- data/doc/file.LICENSE.html +29 -30
- data/doc/file.README.html +31 -32
- data/doc/file.YAML.html +33 -34
- data/doc/file.r509.html +39 -48
- data/doc/file_list.html +39 -30
- data/doc/frames.html +10 -21
- data/doc/index.html +31 -32
- data/doc/js/app.js +100 -71
- data/doc/js/full_list.js +168 -130
- data/doc/method_list.html +1788 -1119
- data/doc/top-level-namespace.html +45 -49
- data/lib/r509.rb +21 -7
- data/lib/r509/asn1.rb +45 -32
- data/lib/r509/cert.rb +45 -51
- data/lib/r509/cert/extensions/authority_info_access.rb +49 -23
- data/lib/r509/cert/extensions/authority_key_identifier.rb +16 -11
- data/lib/r509/cert/extensions/base.rb +22 -23
- data/lib/r509/cert/extensions/basic_constraints.rb +11 -12
- data/lib/r509/cert/extensions/certificate_policies.rb +26 -26
- data/lib/r509/cert/extensions/crl_distribution_points.rb +5 -7
- data/lib/r509/cert/extensions/extended_key_usage.rb +5 -5
- data/lib/r509/cert/extensions/inhibit_any_policy.rb +4 -3
- data/lib/r509/cert/extensions/key_usage.rb +5 -5
- data/lib/r509/cert/extensions/name_constraints.rb +16 -16
- data/lib/r509/cert/extensions/ocsp_no_check.rb +3 -3
- data/lib/r509/cert/extensions/policy_constraints.rb +8 -8
- data/lib/r509/cert/extensions/subject_alternative_name.rb +5 -4
- data/lib/r509/cert/extensions/subject_key_identifier.rb +5 -5
- data/lib/r509/cert/extensions/validation_mixin.rb +11 -10
- data/lib/r509/certificate_authority/options_builder.rb +19 -21
- data/lib/r509/certificate_authority/signer.rb +26 -27
- data/lib/r509/config.rb +1 -0
- data/lib/r509/config/ca_config.rb +70 -75
- data/lib/r509/config/cert_profile.rb +9 -8
- data/lib/r509/config/subject_item_policy.rb +25 -28
- data/lib/r509/crl/administrator.rb +19 -20
- data/lib/r509/crl/reader_writer.rb +10 -8
- data/lib/r509/crl/signed_list.rb +4 -4
- data/lib/r509/crl/sqlite_reader_writer.rb +75 -0
- data/lib/r509/csr.rb +54 -60
- data/lib/r509/ec-hack.rb +3 -2
- data/lib/r509/engine.rb +5 -6
- data/lib/r509/exceptions.rb +1 -1
- data/lib/r509/helpers.rb +11 -14
- data/lib/r509/io_helpers.rb +7 -7
- data/lib/r509/message_digest.rb +5 -6
- data/lib/r509/ocsp.rb +11 -13
- data/lib/r509/oid_mapper.rb +2 -2
- data/lib/r509/private_key.rb +28 -32
- data/lib/r509/spki.rb +17 -20
- data/lib/r509/subject.rb +26 -27
- data/lib/r509/trollop.rb +1 -0
- data/lib/r509/validity.rb +30 -21
- data/lib/r509/version.rb +4 -2
- data/r509.yaml +9 -17
- data/spec/asn1_spec.rb +145 -146
- data/spec/cert/extensions/authority_info_access_spec.rb +41 -41
- data/spec/cert/extensions/authority_key_identifier_spec.rb +29 -23
- data/spec/cert/extensions/base_spec.rb +38 -34
- data/spec/cert/extensions/basic_constraints_spec.rb +21 -21
- data/spec/cert/extensions/certificate_policies_spec.rb +99 -87
- data/spec/cert/extensions/crl_distribution_points_spec.rb +24 -25
- data/spec/cert/extensions/extended_key_usage_spec.rb +40 -36
- data/spec/cert/extensions/inhibit_any_policy_spec.rb +12 -12
- data/spec/cert/extensions/key_usage_spec.rb +44 -39
- data/spec/cert/extensions/name_constraints_spec.rb +83 -83
- data/spec/cert/extensions/ocsp_no_check_spec.rb +10 -10
- data/spec/cert/extensions/policy_constraints_spec.rb +19 -19
- data/spec/cert/extensions/subject_alternative_name_spec.rb +46 -47
- data/spec/cert/extensions/subject_key_identifier_spec.rb +10 -10
- data/spec/cert_spec.rb +105 -101
- data/spec/certificate_authority/options_builder_spec.rb +90 -90
- data/spec/certificate_authority/signer_spec.rb +41 -41
- data/spec/config/ca_config_spec.rb +169 -119
- data/spec/config/cert_profile_spec.rb +33 -33
- data/spec/config/subject_item_policy_spec.rb +22 -22
- data/spec/crl/administrator_spec.rb +65 -65
- data/spec/crl/reader_writer_spec.rb +20 -19
- data/spec/crl/signed_list_spec.rb +26 -26
- data/spec/crl/sqlite_reader_writer_spec.rb +42 -0
- data/spec/csr_spec.rb +149 -145
- data/spec/engine_spec.rb +14 -14
- data/spec/fixtures.rb +56 -39
- data/spec/fixtures/crl_list.sql +13 -0
- data/spec/fixtures/csr1.der +0 -0
- data/spec/fixtures/csr1.pem +6 -6
- data/spec/message_digest_spec.rb +43 -43
- data/spec/ocsp_spec.rb +25 -25
- data/spec/oid_mapper_spec.rb +18 -19
- data/spec/private_key_spec.rb +79 -81
- data/spec/r509_spec.rb +16 -16
- data/spec/spec_helper.rb +3 -3
- data/spec/spki_spec.rb +94 -94
- data/spec/subject_spec.rb +107 -107
- data/spec/validity_spec.rb +25 -25
- metadata +113 -111
- metadata.gz.sig +0 -0
@@ -5,24 +5,24 @@ shared_examples_for "a correct R509 BasicConstraints object" do |critical|
|
|
5
5
|
extension_name = "basicConstraints"
|
6
6
|
klass = R509::Cert::Extensions::BasicConstraints
|
7
7
|
ef = OpenSSL::X509::ExtensionFactory.new
|
8
|
-
openssl_ext = ef.create_extension(
|
9
|
-
@r509_ext = klass.new(
|
8
|
+
openssl_ext = ef.create_extension(extension_name, @extension_value, critical)
|
9
|
+
@r509_ext = klass.new(openssl_ext)
|
10
10
|
end
|
11
11
|
|
12
12
|
it "is_ca? should correctly report whether it's a CA certificate (critical:#{critical})" do
|
13
|
-
@r509_ext.is_ca
|
13
|
+
expect(@r509_ext.is_ca?).to eq(@is_ca)
|
14
14
|
end
|
15
15
|
|
16
16
|
it "the path length should be correct (critical:#{critical})" do
|
17
|
-
@r509_ext.path_length.
|
17
|
+
expect(@r509_ext.path_length).to eq(@pathlen)
|
18
18
|
end
|
19
19
|
|
20
20
|
it "allows_sub_ca? should correctly report whether its path length allows it to issue CA certs (critical:#{critical})" do
|
21
|
-
@r509_ext.allows_sub_ca
|
21
|
+
expect(@r509_ext.allows_sub_ca?).to eq(@allows_sub_ca)
|
22
22
|
end
|
23
23
|
|
24
24
|
it "reports #critical? properly" do
|
25
|
-
@r509_ext.critical
|
25
|
+
expect(@r509_ext.critical?).to eq(critical)
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
@@ -55,12 +55,12 @@ describe R509::Cert::Extensions::BasicConstraints do
|
|
55
55
|
end
|
56
56
|
|
57
57
|
it "creates extension" do
|
58
|
-
@bc.is_ca
|
59
|
-
@bc.path_length.
|
58
|
+
expect(@bc.is_ca?).to be true
|
59
|
+
expect(@bc.path_length).to be_nil
|
60
60
|
end
|
61
61
|
|
62
62
|
it "builds yaml" do
|
63
|
-
YAML.load(@bc.to_yaml).
|
63
|
+
expect(YAML.load(@bc.to_yaml)).to eq(@args)
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
@@ -71,12 +71,12 @@ describe R509::Cert::Extensions::BasicConstraints do
|
|
71
71
|
end
|
72
72
|
|
73
73
|
it "creates extension" do
|
74
|
-
@bc.is_ca
|
75
|
-
@bc.path_length.
|
74
|
+
expect(@bc.is_ca?).to be true
|
75
|
+
expect(@bc.path_length).to eq(3)
|
76
76
|
end
|
77
77
|
|
78
78
|
it "builds yaml" do
|
79
|
-
YAML.load(@bc.to_yaml).
|
79
|
+
expect(YAML.load(@bc.to_yaml)).to eq(@args)
|
80
80
|
end
|
81
81
|
end
|
82
82
|
|
@@ -87,12 +87,12 @@ describe R509::Cert::Extensions::BasicConstraints do
|
|
87
87
|
end
|
88
88
|
|
89
89
|
it "creates extension" do
|
90
|
-
@bc.is_ca
|
91
|
-
@bc.path_length.
|
90
|
+
expect(@bc.is_ca?).to be false
|
91
|
+
expect(@bc.path_length).to be_nil
|
92
92
|
end
|
93
93
|
|
94
94
|
it "builds yaml" do
|
95
|
-
YAML.load(@bc.to_yaml).
|
95
|
+
expect(YAML.load(@bc.to_yaml)).to eq(@args)
|
96
96
|
end
|
97
97
|
end
|
98
98
|
|
@@ -103,11 +103,11 @@ describe R509::Cert::Extensions::BasicConstraints do
|
|
103
103
|
end
|
104
104
|
|
105
105
|
it "creates extension" do
|
106
|
-
@bc.critical
|
106
|
+
expect(@bc.critical?).to be true
|
107
107
|
end
|
108
108
|
|
109
109
|
it "builds yaml" do
|
110
|
-
YAML.load(@bc.to_yaml).
|
110
|
+
expect(YAML.load(@bc.to_yaml)).to eq(@args.merge(:critical => true))
|
111
111
|
end
|
112
112
|
end
|
113
113
|
|
@@ -118,18 +118,18 @@ describe R509::Cert::Extensions::BasicConstraints do
|
|
118
118
|
end
|
119
119
|
|
120
120
|
it "creates extension" do
|
121
|
-
@bc.critical
|
121
|
+
expect(@bc.critical?).to be false
|
122
122
|
end
|
123
123
|
|
124
124
|
it "builds yaml" do
|
125
|
-
YAML.load(@bc.to_yaml).
|
125
|
+
expect(YAML.load(@bc.to_yaml)).to eq(@args)
|
126
126
|
end
|
127
127
|
end
|
128
128
|
|
129
129
|
it "errors when supplying path_length if CA:FALSE" do
|
130
|
-
expect
|
130
|
+
expect do
|
131
131
|
R509::Cert::Extensions::BasicConstraints.new(:ca => false, :path_length => 4)
|
132
|
-
|
132
|
+
end.to raise_error(ArgumentError, ":path_length is not allowed when :ca is false")
|
133
133
|
end
|
134
134
|
|
135
135
|
end
|
@@ -8,9 +8,9 @@ shared_examples_for "a correct R509 CertificatePolicies object" do
|
|
8
8
|
end
|
9
9
|
|
10
10
|
it "should correctly parse the data" do
|
11
|
-
@r509_ext.policies.count.
|
12
|
-
@r509_ext.policies[0].policy_identifier.
|
13
|
-
@r509_ext.policies[0].policy_qualifiers.cps_uris.
|
11
|
+
expect(@r509_ext.policies.count).to eq(1)
|
12
|
+
expect(@r509_ext.policies[0].policy_identifier).to eq("2.16.840.1.12345.1.2.3.4.1")
|
13
|
+
expect(@r509_ext.policies[0].policy_qualifiers.cps_uris).to eq(["http://example.com/cps", "http://other.com/cps"])
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
@@ -19,27 +19,27 @@ describe R509::Cert::Extensions::CertificatePolicies do
|
|
19
19
|
|
20
20
|
context "validate certificate policy structure" do
|
21
21
|
it "must be an array" do
|
22
|
-
expect { CertificatePolicies.new(:value => "whatever") }.to raise_error(ArgumentError,'Not a valid certificate policy structure. Must be an array of hashes')
|
22
|
+
expect { CertificatePolicies.new(:value => "whatever") }.to raise_error(ArgumentError, 'Not a valid certificate policy structure. Must be an array of hashes')
|
23
23
|
end
|
24
24
|
|
25
25
|
it "require a policy identifier" do
|
26
|
-
expect { CertificatePolicies.new(:value => [{"stuff" => "thing"}]) }.to raise_error(ArgumentError,'Each policy requires a policy identifier')
|
26
|
+
expect { CertificatePolicies.new(:value => [{ "stuff" => "thing" }]) }.to raise_error(ArgumentError, 'Each policy requires a policy identifier')
|
27
27
|
end
|
28
28
|
|
29
29
|
it "the cps uri must be array of strings" do
|
30
|
-
expect { CertificatePolicies.new(:value => [{:policy_identifier => "1.2.3.4.5", :cps_uris => "not an array"}]) }.to raise_error(ArgumentError,'CPS URIs must be an array of strings')
|
30
|
+
expect { CertificatePolicies.new(:value => [{ :policy_identifier => "1.2.3.4.5", :cps_uris => "not an array" }]) }.to raise_error(ArgumentError, 'CPS URIs must be an array of strings')
|
31
31
|
end
|
32
32
|
|
33
33
|
it "user notices must be an array of hashes" do
|
34
|
-
expect { CertificatePolicies.new(:value => [{:policy_identifier => "1.2.3.4.5", :user_notices => "not an array"}]) }.to raise_error(ArgumentError,'User notices must be an array of hashes')
|
34
|
+
expect { CertificatePolicies.new(:value => [{ :policy_identifier => "1.2.3.4.5", :user_notices => "not an array" }]) }.to raise_error(ArgumentError, 'User notices must be an array of hashes')
|
35
35
|
end
|
36
36
|
|
37
37
|
it "org in user notice requires notice numbers" do
|
38
|
-
expect { CertificatePolicies.new(:value => [{:policy_identifier => "1.2.3.4.5", :user_notices => [{:explicit_text => "explicit", :organization => "something"}]}]) }.to raise_error(ArgumentError,'If you provide an organization you must provide notice numbers')
|
38
|
+
expect { CertificatePolicies.new(:value => [{ :policy_identifier => "1.2.3.4.5", :user_notices => [{ :explicit_text => "explicit", :organization => "something" }] }]) }.to raise_error(ArgumentError, 'If you provide an organization you must provide notice numbers')
|
39
39
|
end
|
40
40
|
|
41
41
|
it "notice numbers in user notice requires org" do
|
42
|
-
expect { CertificatePolicies.new(:value => [{:policy_identifier => "1.2.3.4.5", :user_notices => [{:explicit_text => "explicit", :notice_numbers => "1,2,3"}]}]) }.to raise_error(ArgumentError,'If you provide notice numbers you must provide an organization')
|
42
|
+
expect { CertificatePolicies.new(:value => [{ :policy_identifier => "1.2.3.4.5", :user_notices => [{ :explicit_text => "explicit", :notice_numbers => "1,2,3" }] }]) }.to raise_error(ArgumentError, 'If you provide notice numbers you must provide an organization')
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
@@ -53,27 +53,37 @@ describe R509::Cert::Extensions::CertificatePolicies do
|
|
53
53
|
before :all do
|
54
54
|
@args = {
|
55
55
|
:critical => false,
|
56
|
-
:value => [
|
57
|
-
|
58
|
-
|
56
|
+
:value => [
|
57
|
+
{
|
58
|
+
:policy_identifier => "2.16.840.1.12345.1.2.3.4.1",
|
59
|
+
:cps_uris => ["http://example.com/cps", "http://other.com/cps"],
|
60
|
+
:user_notices => [
|
61
|
+
{
|
62
|
+
:explicit_text => "thing",
|
63
|
+
:organization => "my org",
|
64
|
+
:notice_numbers => [1, 2, 3, 4]
|
65
|
+
}
|
66
|
+
]
|
67
|
+
}
|
68
|
+
]
|
59
69
|
}
|
60
70
|
@cp = R509::Cert::Extensions::CertificatePolicies.new(@args)
|
61
71
|
end
|
62
72
|
|
63
73
|
it "creates extension" do
|
64
|
-
@cp.
|
65
|
-
@cp.policies.count.
|
66
|
-
@cp.policies[0].policy_identifier.
|
67
|
-
@cp.policies[0].policy_qualifiers.cps_uris.
|
68
|
-
@cp.policies[0].policy_qualifiers.user_notices.count.
|
74
|
+
expect(@cp).not_to be_nil
|
75
|
+
expect(@cp.policies.count).to eq(1)
|
76
|
+
expect(@cp.policies[0].policy_identifier).to eq("2.16.840.1.12345.1.2.3.4.1")
|
77
|
+
expect(@cp.policies[0].policy_qualifiers.cps_uris).to eq(["http://example.com/cps", "http://other.com/cps"])
|
78
|
+
expect(@cp.policies[0].policy_qualifiers.user_notices.count).to eq(1)
|
69
79
|
un = @cp.policies[0].policy_qualifiers.user_notices[0]
|
70
|
-
un.notice_reference.notice_numbers.
|
71
|
-
un.notice_reference.organization.
|
72
|
-
un.explicit_text.
|
80
|
+
expect(un.notice_reference.notice_numbers).to eq([1, 2, 3, 4])
|
81
|
+
expect(un.notice_reference.organization).to eq('my org')
|
82
|
+
expect(un.explicit_text).to eq("thing")
|
73
83
|
end
|
74
84
|
|
75
85
|
it "builds yaml" do
|
76
|
-
YAML.load(@cp.to_yaml).
|
86
|
+
expect(YAML.load(@cp.to_yaml)).to eq(@args)
|
77
87
|
end
|
78
88
|
end
|
79
89
|
|
@@ -81,51 +91,53 @@ describe R509::Cert::Extensions::CertificatePolicies do
|
|
81
91
|
before :all do
|
82
92
|
@args = {
|
83
93
|
:critical => false,
|
84
|
-
:value => [
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
94
|
+
:value => [
|
95
|
+
{
|
96
|
+
:policy_identifier => "2.16.840.1.99999.21.234",
|
97
|
+
:cps_uris => ["http://example.com/cps", "http://other.com/cps"],
|
98
|
+
:user_notices => [{ :explicit_text => "this is a great thing", :organization => "my org", :notice_numbers => [1, 2, 3, 4] }]
|
99
|
+
}, {
|
100
|
+
:policy_identifier => "2.16.840.1.99999.21.235",
|
101
|
+
:cps_uris => ["http://example.com/cps2"],
|
102
|
+
:user_notices => [{ :explicit_text => "this is a bad thing", :organization => "another org", :notice_numbers => [3, 2, 1] }, { :explicit_text => "another user notice" }]
|
103
|
+
},
|
104
|
+
{
|
105
|
+
:policy_identifier => "2.16.840.1.99999.0"
|
106
|
+
}
|
107
|
+
]
|
96
108
|
}
|
97
109
|
@cp = R509::Cert::Extensions::CertificatePolicies.new(@args)
|
98
110
|
end
|
99
111
|
|
100
112
|
it "creates extension" do
|
101
|
-
@cp.
|
102
|
-
@cp.policies.count.
|
113
|
+
expect(@cp).not_to be_nil
|
114
|
+
expect(@cp.policies.count).to eq(3)
|
103
115
|
p0 = @cp.policies[0]
|
104
|
-
p0.policy_identifier.
|
105
|
-
p0.policy_qualifiers.cps_uris.
|
106
|
-
p0.policy_qualifiers.user_notices.count.
|
116
|
+
expect(p0.policy_identifier).to eq("2.16.840.1.99999.21.234")
|
117
|
+
expect(p0.policy_qualifiers.cps_uris).to eq(["http://example.com/cps", "http://other.com/cps"])
|
118
|
+
expect(p0.policy_qualifiers.user_notices.count).to eq(1)
|
107
119
|
un0 = p0.policy_qualifiers.user_notices[0]
|
108
|
-
un0.notice_reference.notice_numbers.
|
109
|
-
un0.notice_reference.organization.
|
110
|
-
un0.explicit_text.
|
120
|
+
expect(un0.notice_reference.notice_numbers).to eq([1, 2, 3, 4])
|
121
|
+
expect(un0.notice_reference.organization).to eq("my org")
|
122
|
+
expect(un0.explicit_text).to eq("this is a great thing")
|
111
123
|
p1 = @cp.policies[1]
|
112
|
-
p1.policy_identifier.
|
113
|
-
p1.policy_qualifiers.cps_uris.
|
114
|
-
p1.policy_qualifiers.user_notices.count.
|
124
|
+
expect(p1.policy_identifier).to eq("2.16.840.1.99999.21.235")
|
125
|
+
expect(p1.policy_qualifiers.cps_uris).to eq(["http://example.com/cps2"])
|
126
|
+
expect(p1.policy_qualifiers.user_notices.count).to eq(2)
|
115
127
|
un1 = p1.policy_qualifiers.user_notices[0]
|
116
|
-
un1.notice_reference.notice_numbers.
|
117
|
-
un1.notice_reference.organization.
|
118
|
-
un1.explicit_text.
|
128
|
+
expect(un1.notice_reference.notice_numbers).to eq([3, 2, 1])
|
129
|
+
expect(un1.notice_reference.organization).to eq("another org")
|
130
|
+
expect(un1.explicit_text).to eq('this is a bad thing')
|
119
131
|
un2 = p1.policy_qualifiers.user_notices[1]
|
120
|
-
un2.notice_reference.
|
121
|
-
un2.explicit_text.
|
132
|
+
expect(un2.notice_reference).to be_nil
|
133
|
+
expect(un2.explicit_text).to eq("another user notice")
|
122
134
|
p2 = @cp.policies[2]
|
123
|
-
p2.policy_identifier.
|
124
|
-
p2.policy_qualifiers.
|
135
|
+
expect(p2.policy_identifier).to eq("2.16.840.1.99999.0")
|
136
|
+
expect(p2.policy_qualifiers).to be_nil
|
125
137
|
end
|
126
138
|
|
127
139
|
it "builds yaml" do
|
128
|
-
YAML.load(@cp.to_yaml).
|
140
|
+
expect(YAML.load(@cp.to_yaml)).to eq(@args)
|
129
141
|
end
|
130
142
|
end
|
131
143
|
|
@@ -136,11 +148,11 @@ describe R509::Cert::Extensions::CertificatePolicies do
|
|
136
148
|
end
|
137
149
|
|
138
150
|
it "creates extension" do
|
139
|
-
@cp.critical
|
151
|
+
expect(@cp.critical?).to be false
|
140
152
|
end
|
141
153
|
|
142
154
|
it "builds yaml" do
|
143
|
-
YAML.load(@cp.to_yaml).
|
155
|
+
expect(YAML.load(@cp.to_yaml)).to eq(@args.merge(:critical => false))
|
144
156
|
end
|
145
157
|
end
|
146
158
|
|
@@ -151,11 +163,11 @@ describe R509::Cert::Extensions::CertificatePolicies do
|
|
151
163
|
end
|
152
164
|
|
153
165
|
it "creates extension" do
|
154
|
-
@cp.critical
|
166
|
+
expect(@cp.critical?).to be true
|
155
167
|
end
|
156
168
|
|
157
169
|
it "builds yaml" do
|
158
|
-
YAML.load(@cp.to_yaml).
|
170
|
+
expect(YAML.load(@cp.to_yaml)).to eq(@args)
|
159
171
|
end
|
160
172
|
end
|
161
173
|
|
@@ -170,30 +182,30 @@ describe R509::Cert::Extensions::CertificatePolicies::PolicyInformation do
|
|
170
182
|
it "loads data with a policy oid but no qualifiers" do
|
171
183
|
data = OpenSSL::ASN1.decode "0\r\u0006\v`\x86H\u0001\xE09\u0001\u0002\u0003\u0004\u0001"
|
172
184
|
pi = R509::Cert::Extensions::CertificatePolicies::PolicyInformation.new(data)
|
173
|
-
pi.policy_identifier.
|
174
|
-
pi.policy_qualifiers.
|
185
|
+
expect(pi.policy_identifier).to eq('2.16.840.1.12345.1.2.3.4.1')
|
186
|
+
expect(pi.policy_qualifiers).to be_nil
|
175
187
|
end
|
176
188
|
|
177
189
|
it "loads data with a policy oid and a single qualifier" do
|
178
190
|
data = OpenSSL::ASN1.decode "0U\u0006\v`\x86H\u0001\xE09\u0001\u0002\u0003\u0004\u00010F0\"\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u0001\u0016\u0016http://example.com/cps0 \u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u0001\u0016\u0014http://other.com/cps"
|
179
191
|
pi = R509::Cert::Extensions::CertificatePolicies::PolicyInformation.new(data)
|
180
|
-
pi.policy_identifier.
|
181
|
-
pi.policy_qualifiers.cps_uris.empty
|
182
|
-
pi.policy_qualifiers.user_notices.empty
|
192
|
+
expect(pi.policy_identifier).to eq('2.16.840.1.12345.1.2.3.4.1')
|
193
|
+
expect(pi.policy_qualifiers.cps_uris.empty?).to eq(false)
|
194
|
+
expect(pi.policy_qualifiers.user_notices.empty?).to eq(true)
|
183
195
|
end
|
184
196
|
|
185
197
|
it "loads data with a policy oid and multiple qualifiers" do
|
186
198
|
data = OpenSSL::ASN1.decode "0\x81\x94\u0006\n`\x86H\u0001\x86\x8D\u001F\u0015\x81k0\x81\x850#\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u0001\u0016\u0017http://example.com/cps20;\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u00020/0\u0018\u0016\vanother org0\t\u0002\u0001\u0003\u0002\u0001\u0002\u0002\u0001\u0001\u001A\u0013this is a bad thing0!\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u00020\u0015\u001A\u0013another user notice"
|
187
199
|
pi = R509::Cert::Extensions::CertificatePolicies::PolicyInformation.new(data)
|
188
|
-
pi.policy_identifier.
|
189
|
-
pi.policy_qualifiers.cps_uris.empty
|
190
|
-
pi.policy_qualifiers.user_notices.empty
|
200
|
+
expect(pi.policy_identifier).to eq('2.16.840.1.99999.21.235')
|
201
|
+
expect(pi.policy_qualifiers.cps_uris.empty?).to eq(false)
|
202
|
+
expect(pi.policy_qualifiers.user_notices.empty?).to eq(false)
|
191
203
|
end
|
192
204
|
|
193
205
|
it "builds yaml" do
|
194
206
|
data = OpenSSL::ASN1.decode "0\x81\x94\u0006\n`\x86H\u0001\x86\x8D\u001F\u0015\x81k0\x81\x850#\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u0001\u0016\u0017http://example.com/cps20;\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u00020/0\u0018\u0016\vanother org0\t\u0002\u0001\u0003\u0002\u0001\u0002\u0002\u0001\u0001\u001A\u0013this is a bad thing0!\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u00020\u0015\u001A\u0013another user notice"
|
195
207
|
pi = R509::Cert::Extensions::CertificatePolicies::PolicyInformation.new(data)
|
196
|
-
YAML.load(pi.to_yaml).
|
208
|
+
expect(YAML.load(pi.to_yaml)).to eq(:policy_identifier => "2.16.840.1.99999.21.235", :cps_uris => ["http://example.com/cps2"], :user_notices => [{ :explicit_text => "this is a bad thing", :organization => "another org", :notice_numbers => [3, 2, 1] }, { :explicit_text => "another user notice" }])
|
197
209
|
end
|
198
210
|
end
|
199
211
|
|
@@ -203,29 +215,29 @@ describe R509::Cert::Extensions::CertificatePolicies::PolicyQualifiers do
|
|
203
215
|
end
|
204
216
|
|
205
217
|
it "initializes empty cps_uris and user_notices" do
|
206
|
-
@pq.
|
207
|
-
@pq.cps_uris.empty
|
208
|
-
@pq.user_notices.empty
|
218
|
+
expect(@pq).not_to be_nil
|
219
|
+
expect(@pq.cps_uris.empty?).to eq(true)
|
220
|
+
expect(@pq.user_notices.empty?).to eq(true)
|
209
221
|
end
|
210
222
|
|
211
223
|
it "parses a cps qualifier and adds it to cps_uris" do
|
212
224
|
data = OpenSSL::ASN1.decode "0#\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u0001\u0016\u0017http://example.com/cps2"
|
213
225
|
@pq.parse(data)
|
214
|
-
@pq.cps_uris.
|
215
|
-
@pq.user_notices.
|
226
|
+
expect(@pq.cps_uris).to eq(['http://example.com/cps2'])
|
227
|
+
expect(@pq.user_notices).to eq([])
|
216
228
|
end
|
217
229
|
|
218
230
|
it "parses a user notice and adds it to user_notices" do
|
219
231
|
data = OpenSSL::ASN1.decode "0!\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u00020\u0015\u001A\u0013another user notice"
|
220
232
|
@pq.parse(data)
|
221
|
-
@pq.cps_uris.
|
222
|
-
@pq.user_notices.count.
|
233
|
+
expect(@pq.cps_uris).to eq([])
|
234
|
+
expect(@pq.user_notices.count).to eq(1)
|
223
235
|
end
|
224
236
|
|
225
237
|
it "builds yaml" do
|
226
238
|
data = OpenSSL::ASN1.decode "0#\u0006\b+\u0006\u0001\u0005\u0005\a\u0002\u0001\u0016\u0017http://example.com/cps2"
|
227
239
|
@pq.parse(data)
|
228
|
-
YAML.load(@pq.to_yaml).
|
240
|
+
expect(YAML.load(@pq.to_yaml)).to eq(:cps_uris => ["http://example.com/cps2"])
|
229
241
|
end
|
230
242
|
end
|
231
243
|
|
@@ -233,28 +245,28 @@ describe R509::Cert::Extensions::CertificatePolicies::UserNotice do
|
|
233
245
|
it "loads data with both a notice reference and explicit text" do
|
234
246
|
data = OpenSSL::ASN1.decode "0\u001F0\u0016\u0016\u0006my org0\f\u0002\u0001\u0001\u0002\u0001\u0002\u0002\u0001\u0003\u0002\u0001\u0004\u001A\u0005thing"
|
235
247
|
un = R509::Cert::Extensions::CertificatePolicies::UserNotice.new(data)
|
236
|
-
un.notice_reference.
|
237
|
-
un.explicit_text.
|
248
|
+
expect(un.notice_reference).not_to be_nil
|
249
|
+
expect(un.explicit_text).to eq('thing')
|
238
250
|
end
|
239
251
|
|
240
252
|
it "loads data with a notice reference" do
|
241
253
|
data = OpenSSL::ASN1.decode "0\u00180\u0016\u0016\u0006my org0\f\u0002\u0001\u0001\u0002\u0001\u0002\u0002\u0001\u0003\u0002\u0001\u0004"
|
242
254
|
un = R509::Cert::Extensions::CertificatePolicies::UserNotice.new(data)
|
243
|
-
un.notice_reference.
|
244
|
-
un.explicit_text.
|
255
|
+
expect(un.notice_reference).not_to be_nil
|
256
|
+
expect(un.explicit_text).to be_nil
|
245
257
|
end
|
246
258
|
|
247
259
|
it "loads data with an explicit text" do
|
248
260
|
data = OpenSSL::ASN1.decode "0\a\u001A\u0005thing"
|
249
261
|
un = R509::Cert::Extensions::CertificatePolicies::UserNotice.new(data)
|
250
|
-
un.notice_reference.
|
251
|
-
un.explicit_text.
|
262
|
+
expect(un.notice_reference).to be_nil
|
263
|
+
expect(un.explicit_text).to eq('thing')
|
252
264
|
end
|
253
265
|
|
254
266
|
it "builds yaml" do
|
255
267
|
data = OpenSSL::ASN1.decode "0\a\u001A\u0005thing"
|
256
268
|
un = R509::Cert::Extensions::CertificatePolicies::UserNotice.new(data)
|
257
|
-
YAML.load(un.to_yaml).
|
269
|
+
expect(YAML.load(un.to_yaml)).to eq(:explicit_text => "thing")
|
258
270
|
end
|
259
271
|
end
|
260
272
|
|
@@ -262,27 +274,27 @@ describe R509::Cert::Extensions::CertificatePolicies::NoticeReference do
|
|
262
274
|
it "loads data with an org and no notice numbers" do
|
263
275
|
data = OpenSSL::ASN1.decode "0\n\u0016\u0006my org0\u0000"
|
264
276
|
nr = R509::Cert::Extensions::CertificatePolicies::NoticeReference.new(data)
|
265
|
-
nr.organization.
|
266
|
-
nr.notice_numbers.
|
277
|
+
expect(nr.organization).to eq('my org')
|
278
|
+
expect(nr.notice_numbers).to eq([])
|
267
279
|
end
|
268
280
|
|
269
281
|
it "loads data with an org and 1 notice number" do
|
270
282
|
data = OpenSSL::ASN1.decode "0\r\u0016\u0006my org0\u0003\u0002\u0001\u0001"
|
271
283
|
nr = R509::Cert::Extensions::CertificatePolicies::NoticeReference.new(data)
|
272
|
-
nr.organization.
|
273
|
-
nr.notice_numbers.
|
284
|
+
expect(nr.organization).to eq('my org')
|
285
|
+
expect(nr.notice_numbers).to eq([1])
|
274
286
|
end
|
275
287
|
|
276
288
|
it "loads data with an org and more than 1 notice number" do
|
277
289
|
data = OpenSSL::ASN1.decode "0\u0016\u0016\u0006my org0\f\u0002\u0001\u0001\u0002\u0001\u0002\u0002\u0001\u0003\u0002\u0001\u0004"
|
278
290
|
nr = R509::Cert::Extensions::CertificatePolicies::NoticeReference.new(data)
|
279
|
-
nr.organization.
|
280
|
-
nr.notice_numbers.
|
291
|
+
expect(nr.organization).to eq('my org')
|
292
|
+
expect(nr.notice_numbers).to eq([1, 2, 3, 4])
|
281
293
|
end
|
282
294
|
|
283
295
|
it "builds yaml" do
|
284
296
|
data = OpenSSL::ASN1.decode "0\u0016\u0016\u0006my org0\f\u0002\u0001\u0001\u0002\u0001\u0002\u0002\u0001\u0003\u0002\u0001\u0004"
|
285
297
|
nr = R509::Cert::Extensions::CertificatePolicies::NoticeReference.new(data)
|
286
|
-
YAML.load(nr.to_yaml).
|
298
|
+
expect(YAML.load(nr.to_yaml)).to eq(:organization => "my org", :notice_numbers => [1, 2, 3, 4])
|
287
299
|
end
|
288
300
|
end
|