r509 0.10.0 → 1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.mdown +2 -2
- data/Rakefile +2 -3
- data/bin/r509 +77 -80
- data/bin/r509-parse +4 -4
- data/doc/R509.html +60 -60
- data/doc/R509/ASN1.html +158 -48
- data/doc/R509/ASN1/GeneralName.html +157 -154
- data/doc/R509/ASN1/GeneralNames.html +246 -237
- data/doc/R509/CRL.html +41 -39
- data/doc/R509/CRL/Administrator.html +105 -100
- data/doc/R509/CRL/FileReaderWriter.html +146 -98
- data/doc/R509/CRL/ReaderWriter.html +57 -54
- data/doc/R509/CRL/SQLiteReaderWriter.html +727 -0
- data/doc/R509/CRL/SignedList.html +83 -80
- data/doc/R509/CSR.html +184 -162
- data/doc/R509/Cert.html +271 -269
- data/doc/R509/Cert/Extensions.html +62 -63
- data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +138 -108
- data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +100 -84
- data/doc/R509/Cert/Extensions/BasicConstraints.html +89 -88
- data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +87 -83
- data/doc/R509/Cert/Extensions/CertificatePolicies.html +78 -76
- data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +128 -125
- data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +83 -78
- data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +69 -67
- data/doc/R509/Cert/Extensions/KeyUsage.html +138 -135
- data/doc/R509/Cert/Extensions/NameConstraints.html +82 -81
- data/doc/R509/Cert/Extensions/NoticeReference.html +59 -56
- data/doc/R509/Cert/Extensions/OCSPNoCheck.html +70 -69
- data/doc/R509/Cert/Extensions/PolicyConstraints.html +71 -69
- data/doc/R509/Cert/Extensions/PolicyInformation.html +63 -60
- data/doc/R509/Cert/Extensions/PolicyQualifiers.html +60 -57
- data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +91 -87
- data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +72 -71
- data/doc/R509/Cert/Extensions/UserNotice.html +60 -57
- data/doc/R509/Cert/Extensions/ValidationMixin.html +43 -40
- data/doc/R509/CertificateAuthority.html +39 -37
- data/doc/R509/CertificateAuthority/OptionsBuilder.html +58 -55
- data/doc/R509/CertificateAuthority/Signer.html +277 -60
- data/doc/R509/Config.html +40 -38
- data/doc/R509/Config/CAConfig.html +255 -188
- data/doc/R509/Config/CAConfigPool.html +64 -61
- data/doc/R509/Config/CertProfile.html +119 -116
- data/doc/R509/Config/SubjectItemPolicy.html +94 -93
- data/doc/R509/Engine.html +60 -56
- data/doc/R509/Helpers.html +99 -96
- data/doc/R509/MessageDigest.html +69 -68
- data/doc/R509/NameSanitizer.html +51 -48
- data/doc/R509/OCSP.html +39 -37
- data/doc/R509/OCSP/Request.html +39 -37
- data/doc/R509/OCSP/Request/Nonce.html +67 -67
- data/doc/R509/OCSP/Response.html +93 -90
- data/doc/R509/OIDMapper.html +48 -46
- data/doc/R509/PrivateKey.html +170 -169
- data/doc/R509/R509Error.html +45 -42
- data/doc/R509/SPKI.html +99 -89
- data/doc/R509/Subject.html +86 -83
- data/doc/R509/Validity.html +57 -57
- data/doc/R509/Validity/Checker.html +63 -93
- data/doc/R509/Validity/DefaultChecker.html +58 -55
- data/doc/R509/Validity/DefaultWriter.html +62 -59
- data/doc/R509/Validity/Status.html +77 -74
- data/doc/R509/Validity/Writer.html +75 -123
- data/doc/_index.html +37 -31
- data/doc/class_list.html +25 -27
- data/doc/css/full_list.css +32 -31
- data/doc/css/style.css +221 -78
- data/doc/file.CONTRIBUTING.html +29 -30
- data/doc/file.LICENSE.html +29 -30
- data/doc/file.README.html +31 -32
- data/doc/file.YAML.html +33 -34
- data/doc/file.r509.html +39 -48
- data/doc/file_list.html +39 -30
- data/doc/frames.html +10 -21
- data/doc/index.html +31 -32
- data/doc/js/app.js +100 -71
- data/doc/js/full_list.js +168 -130
- data/doc/method_list.html +1788 -1119
- data/doc/top-level-namespace.html +45 -49
- data/lib/r509.rb +21 -7
- data/lib/r509/asn1.rb +45 -32
- data/lib/r509/cert.rb +45 -51
- data/lib/r509/cert/extensions/authority_info_access.rb +49 -23
- data/lib/r509/cert/extensions/authority_key_identifier.rb +16 -11
- data/lib/r509/cert/extensions/base.rb +22 -23
- data/lib/r509/cert/extensions/basic_constraints.rb +11 -12
- data/lib/r509/cert/extensions/certificate_policies.rb +26 -26
- data/lib/r509/cert/extensions/crl_distribution_points.rb +5 -7
- data/lib/r509/cert/extensions/extended_key_usage.rb +5 -5
- data/lib/r509/cert/extensions/inhibit_any_policy.rb +4 -3
- data/lib/r509/cert/extensions/key_usage.rb +5 -5
- data/lib/r509/cert/extensions/name_constraints.rb +16 -16
- data/lib/r509/cert/extensions/ocsp_no_check.rb +3 -3
- data/lib/r509/cert/extensions/policy_constraints.rb +8 -8
- data/lib/r509/cert/extensions/subject_alternative_name.rb +5 -4
- data/lib/r509/cert/extensions/subject_key_identifier.rb +5 -5
- data/lib/r509/cert/extensions/validation_mixin.rb +11 -10
- data/lib/r509/certificate_authority/options_builder.rb +19 -21
- data/lib/r509/certificate_authority/signer.rb +26 -27
- data/lib/r509/config.rb +1 -0
- data/lib/r509/config/ca_config.rb +70 -75
- data/lib/r509/config/cert_profile.rb +9 -8
- data/lib/r509/config/subject_item_policy.rb +25 -28
- data/lib/r509/crl/administrator.rb +19 -20
- data/lib/r509/crl/reader_writer.rb +10 -8
- data/lib/r509/crl/signed_list.rb +4 -4
- data/lib/r509/crl/sqlite_reader_writer.rb +75 -0
- data/lib/r509/csr.rb +54 -60
- data/lib/r509/ec-hack.rb +3 -2
- data/lib/r509/engine.rb +5 -6
- data/lib/r509/exceptions.rb +1 -1
- data/lib/r509/helpers.rb +11 -14
- data/lib/r509/io_helpers.rb +7 -7
- data/lib/r509/message_digest.rb +5 -6
- data/lib/r509/ocsp.rb +11 -13
- data/lib/r509/oid_mapper.rb +2 -2
- data/lib/r509/private_key.rb +28 -32
- data/lib/r509/spki.rb +17 -20
- data/lib/r509/subject.rb +26 -27
- data/lib/r509/trollop.rb +1 -0
- data/lib/r509/validity.rb +30 -21
- data/lib/r509/version.rb +4 -2
- data/r509.yaml +9 -17
- data/spec/asn1_spec.rb +145 -146
- data/spec/cert/extensions/authority_info_access_spec.rb +41 -41
- data/spec/cert/extensions/authority_key_identifier_spec.rb +29 -23
- data/spec/cert/extensions/base_spec.rb +38 -34
- data/spec/cert/extensions/basic_constraints_spec.rb +21 -21
- data/spec/cert/extensions/certificate_policies_spec.rb +99 -87
- data/spec/cert/extensions/crl_distribution_points_spec.rb +24 -25
- data/spec/cert/extensions/extended_key_usage_spec.rb +40 -36
- data/spec/cert/extensions/inhibit_any_policy_spec.rb +12 -12
- data/spec/cert/extensions/key_usage_spec.rb +44 -39
- data/spec/cert/extensions/name_constraints_spec.rb +83 -83
- data/spec/cert/extensions/ocsp_no_check_spec.rb +10 -10
- data/spec/cert/extensions/policy_constraints_spec.rb +19 -19
- data/spec/cert/extensions/subject_alternative_name_spec.rb +46 -47
- data/spec/cert/extensions/subject_key_identifier_spec.rb +10 -10
- data/spec/cert_spec.rb +105 -101
- data/spec/certificate_authority/options_builder_spec.rb +90 -90
- data/spec/certificate_authority/signer_spec.rb +41 -41
- data/spec/config/ca_config_spec.rb +169 -119
- data/spec/config/cert_profile_spec.rb +33 -33
- data/spec/config/subject_item_policy_spec.rb +22 -22
- data/spec/crl/administrator_spec.rb +65 -65
- data/spec/crl/reader_writer_spec.rb +20 -19
- data/spec/crl/signed_list_spec.rb +26 -26
- data/spec/crl/sqlite_reader_writer_spec.rb +42 -0
- data/spec/csr_spec.rb +149 -145
- data/spec/engine_spec.rb +14 -14
- data/spec/fixtures.rb +56 -39
- data/spec/fixtures/crl_list.sql +13 -0
- data/spec/fixtures/csr1.der +0 -0
- data/spec/fixtures/csr1.pem +6 -6
- data/spec/message_digest_spec.rb +43 -43
- data/spec/ocsp_spec.rb +25 -25
- data/spec/oid_mapper_spec.rb +18 -19
- data/spec/private_key_spec.rb +79 -81
- data/spec/r509_spec.rb +16 -16
- data/spec/spec_helper.rb +3 -3
- data/spec/spki_spec.rb +94 -94
- data/spec/subject_spec.rb +107 -107
- data/spec/validity_spec.rb +25 -25
- metadata +113 -111
- metadata.gz.sig +0 -0
@@ -8,54 +8,53 @@ shared_examples_for "a correct R509 SubjectAlternativeName object" do |critical|
|
|
8
8
|
klass = SubjectAlternativeName
|
9
9
|
ef = OpenSSL::X509::ExtensionFactory.new
|
10
10
|
ef.config = OpenSSL::Config.parse(@conf)
|
11
|
-
openssl_ext = ef.create_extension(
|
12
|
-
@r509_ext = klass.new(
|
11
|
+
openssl_ext = ef.create_extension(extension_name, @extension_value, critical)
|
12
|
+
@r509_ext = klass.new(openssl_ext)
|
13
13
|
end
|
14
14
|
|
15
15
|
it "dns_names should be correct critical:#{critical}" do
|
16
|
-
@r509_ext.dns_names.
|
16
|
+
expect(@r509_ext.dns_names).to eq(@dns_names)
|
17
17
|
end
|
18
18
|
|
19
19
|
it "ip_addresses should be correct critical:#{critical}" do
|
20
|
-
@r509_ext.ip_addresses.
|
20
|
+
expect(@r509_ext.ip_addresses).to eq(@ip_addresses)
|
21
21
|
end
|
22
22
|
|
23
23
|
it "rfc_822names should be correct critical:#{critical}" do
|
24
|
-
@r509_ext.rfc_822_names.
|
24
|
+
expect(@r509_ext.rfc_822_names).to eq(@rfc_822_names)
|
25
25
|
end
|
26
26
|
|
27
27
|
it "uris should be correct critical:#{critical}" do
|
28
|
-
@r509_ext.uris.
|
28
|
+
expect(@r509_ext.uris).to eq(@uris)
|
29
29
|
end
|
30
30
|
|
31
31
|
it "dirNames should be correct critical:#{critical}" do
|
32
|
-
@r509_ext.directory_names.size.
|
32
|
+
expect(@r509_ext.directory_names.size).to eq(@directory_names.size)
|
33
33
|
end
|
34
34
|
|
35
35
|
it "ordered should be correct critical:#{critical}" do
|
36
|
-
@r509_ext.names.size.
|
36
|
+
expect(@r509_ext.names.size).to eq(@dns_names.size + @ip_addresses.size + @rfc_822_names.size + @uris.size + @directory_names.size)
|
37
37
|
end
|
38
38
|
|
39
39
|
it "reports #critical? properly" do
|
40
|
-
@r509_ext.critical
|
40
|
+
expect(@r509_ext.critical?).to eq(critical)
|
41
41
|
end
|
42
42
|
end
|
43
43
|
|
44
44
|
describe R509::Cert::Extensions::SubjectAlternativeName do
|
45
45
|
include R509::Cert::Extensions
|
46
46
|
|
47
|
-
|
48
47
|
context "validation" do
|
49
48
|
it "errors when not supplying a hash" do
|
50
|
-
expect
|
49
|
+
expect do
|
51
50
|
R509::Cert::Extensions::SubjectAlternativeName.new("create")
|
52
|
-
|
51
|
+
end.to raise_error(ArgumentError, "You must supply a hash with a :value")
|
53
52
|
end
|
54
53
|
|
55
54
|
it "errors when not supplying :value" do
|
56
|
-
expect
|
55
|
+
expect do
|
57
56
|
R509::Cert::Extensions::SubjectAlternativeName.new({})
|
58
|
-
|
57
|
+
end.to raise_error(ArgumentError, "You must supply a hash with a :value")
|
59
58
|
end
|
60
59
|
end
|
61
60
|
context "SubjectAlternativeName" do
|
@@ -69,71 +68,71 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
69
68
|
end
|
70
69
|
|
71
70
|
it "creates extension" do
|
72
|
-
@san.rfc_822_names.
|
71
|
+
expect(@san.rfc_822_names).to eq(['random string'])
|
73
72
|
end
|
74
73
|
|
75
74
|
it "builds yaml" do
|
76
|
-
YAML.load(@san.to_yaml).
|
75
|
+
expect(YAML.load(@san.to_yaml)).to eq(:critical => false, :value => [{ :type => "email", :value => "random string" }])
|
77
76
|
end
|
78
77
|
end
|
79
78
|
|
80
79
|
context "single name" do
|
81
80
|
before :all do
|
82
|
-
@args = { :value => [{:type => "DNS", :value => 'domain.com' }], :critical => false }
|
81
|
+
@args = { :value => [{ :type => "DNS", :value => 'domain.com' }], :critical => false }
|
83
82
|
@san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
|
84
83
|
end
|
85
84
|
|
86
85
|
it "creates extension" do
|
87
|
-
@san.dns_names.
|
86
|
+
expect(@san.dns_names).to eq(['domain.com'])
|
88
87
|
end
|
89
88
|
|
90
89
|
it "builds yaml" do
|
91
|
-
@san.to_h.
|
90
|
+
expect(@san.to_h).to eq(@args)
|
92
91
|
end
|
93
92
|
end
|
94
93
|
|
95
94
|
context "multiple names" do
|
96
95
|
before :all do
|
97
|
-
@args = { :value => [{:type => 'DNS', :value => 'domain.com' },{ :type => 'IP', :value => '127.0.0.1' }], :critical => false }
|
96
|
+
@args = { :value => [{ :type => 'DNS', :value => 'domain.com' }, { :type => 'IP', :value => '127.0.0.1' }], :critical => false }
|
98
97
|
@san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
|
99
98
|
end
|
100
99
|
it "creates extension" do
|
101
|
-
@san.dns_names.
|
102
|
-
@san.ip_addresses.
|
100
|
+
expect(@san.dns_names).to eq(['domain.com'])
|
101
|
+
expect(@san.ip_addresses).to eq(['127.0.0.1'])
|
103
102
|
end
|
104
103
|
|
105
104
|
it "builds yaml" do
|
106
|
-
@san.to_h.
|
105
|
+
expect(@san.to_h).to eq(@args)
|
107
106
|
end
|
108
107
|
end
|
109
108
|
|
110
109
|
context "default criticality" do
|
111
110
|
before :all do
|
112
|
-
@args = { :value => [{:type => "DNS", :value => 'domain.com' }] }
|
111
|
+
@args = { :value => [{ :type => "DNS", :value => 'domain.com' }] }
|
113
112
|
@san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
|
114
113
|
end
|
115
114
|
|
116
115
|
it "creates extension" do
|
117
|
-
@san.critical
|
116
|
+
expect(@san.critical?).to be false
|
118
117
|
end
|
119
118
|
|
120
119
|
it "builds yaml" do
|
121
|
-
@san.to_h.
|
120
|
+
expect(@san.to_h).to eq(@args.merge(:critical => false))
|
122
121
|
end
|
123
122
|
end
|
124
123
|
|
125
124
|
context "creates with non-default criticality" do
|
126
125
|
before :all do
|
127
|
-
@args = { :value => [{:type => "DNS", :value => 'domain.com' }], :critical => true }
|
126
|
+
@args = { :value => [{ :type => "DNS", :value => 'domain.com' }], :critical => true }
|
128
127
|
@san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
|
129
128
|
end
|
130
129
|
|
131
130
|
it "creates extension" do
|
132
|
-
@san.critical
|
131
|
+
expect(@san.critical?).to be true
|
133
132
|
end
|
134
133
|
|
135
134
|
it "builds yaml" do
|
136
|
-
@san.to_h.
|
135
|
+
expect(@san.to_h).to eq(@args)
|
137
136
|
end
|
138
137
|
end
|
139
138
|
|
@@ -142,7 +141,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
142
141
|
context "with an unimplemented GeneralName type" do
|
143
142
|
it "errors as expected" do
|
144
143
|
ef = OpenSSL::X509::ExtensionFactory.new
|
145
|
-
ext = ef.create_extension("subjectAltName","otherName:1.2.3.4;IA5STRING:Hello World")
|
144
|
+
ext = ef.create_extension("subjectAltName", "otherName:1.2.3.4;IA5STRING:Hello World")
|
146
145
|
expect { R509::Cert::Extensions::SubjectAlternativeName.new ext }.to raise_error(R509::R509Error, 'Unimplemented GeneralName tag: 0. At this time R509 does not support GeneralName types other than rfc822Name, dNSName, uniformResourceIdentifier, iPAddress, and directoryName')
|
147
146
|
end
|
148
147
|
end
|
@@ -153,7 +152,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
153
152
|
@uris = []
|
154
153
|
@rfc_822_names = []
|
155
154
|
@directory_names = []
|
156
|
-
total = [@dns_names
|
155
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
157
156
|
gns = R509::ASN1.general_name_parser(total)
|
158
157
|
serialized = gns.serialize_names
|
159
158
|
@conf = serialized[:conf]
|
@@ -171,7 +170,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
171
170
|
@uris = []
|
172
171
|
@rfc_822_names = []
|
173
172
|
@directory_names = []
|
174
|
-
total = [@dns_names
|
173
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
175
174
|
gns = R509::ASN1.general_name_parser(total)
|
176
175
|
serialized = gns.serialize_names
|
177
176
|
@conf = serialized[:conf]
|
@@ -189,7 +188,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
189
188
|
@rfc_822_names = []
|
190
189
|
@uris = []
|
191
190
|
@directory_names = []
|
192
|
-
total = [@dns_names
|
191
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
193
192
|
gns = R509::ASN1.general_name_parser(total)
|
194
193
|
serialized = gns.serialize_names
|
195
194
|
@conf = serialized[:conf]
|
@@ -207,7 +206,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
207
206
|
@uris = []
|
208
207
|
@rfc_822_names = []
|
209
208
|
@directory_names = []
|
210
|
-
total = [@dns_names
|
209
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
211
210
|
gns = R509::ASN1.general_name_parser(total)
|
212
211
|
serialized = gns.serialize_names
|
213
212
|
@conf = serialized[:conf]
|
@@ -225,7 +224,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
225
224
|
@rfc_822_names = ["some@guy.com"]
|
226
225
|
@uris = []
|
227
226
|
@directory_names = []
|
228
|
-
total = [@dns_names
|
227
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
229
228
|
gns = R509::ASN1.general_name_parser(total)
|
230
229
|
serialized = gns.serialize_names
|
231
230
|
@conf = serialized[:conf]
|
@@ -240,10 +239,10 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
240
239
|
before :all do
|
241
240
|
@dns_names = []
|
242
241
|
@ip_addresses = []
|
243
|
-
@rfc_822_names = ["some@guy.com","other@guy.com"]
|
242
|
+
@rfc_822_names = ["some@guy.com", "other@guy.com"]
|
244
243
|
@uris = []
|
245
244
|
@directory_names = []
|
246
|
-
total = [@dns_names
|
245
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
247
246
|
gns = R509::ASN1.general_name_parser(total)
|
248
247
|
serialized = gns.serialize_names
|
249
248
|
@conf = serialized[:conf]
|
@@ -261,7 +260,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
261
260
|
@rfc_822_names = []
|
262
261
|
@uris = ["http://www.test.local"]
|
263
262
|
@directory_names = []
|
264
|
-
total = [@dns_names
|
263
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
265
264
|
gns = R509::ASN1.general_name_parser(total)
|
266
265
|
serialized = gns.serialize_names
|
267
266
|
@conf = serialized[:conf]
|
@@ -277,9 +276,9 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
277
276
|
@dns_names = []
|
278
277
|
@ip_addresses = []
|
279
278
|
@rfc_822_names = []
|
280
|
-
@uris = ["http://www.test.local","http://www2.test.local"]
|
279
|
+
@uris = ["http://www.test.local", "http://www2.test.local"]
|
281
280
|
@directory_names = []
|
282
|
-
total = [@dns_names
|
281
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
283
282
|
gns = R509::ASN1.general_name_parser(total)
|
284
283
|
serialized = gns.serialize_names
|
285
284
|
@conf = serialized[:conf]
|
@@ -297,9 +296,9 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
297
296
|
@rfc_822_names = []
|
298
297
|
@uris = []
|
299
298
|
@directory_names = [
|
300
|
-
[['CN','langui.sh'],['O','org'],['L','locality']]
|
299
|
+
[['CN', 'langui.sh'], ['O', 'org'], ['L', 'locality']]
|
301
300
|
]
|
302
|
-
total = [@dns_names
|
301
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
303
302
|
gns = R509::ASN1.general_name_parser(total)
|
304
303
|
serialized = gns.serialize_names
|
305
304
|
@conf = serialized[:conf]
|
@@ -317,10 +316,10 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
317
316
|
@rfc_822_names = []
|
318
317
|
@uris = []
|
319
318
|
@directory_names = [
|
320
|
-
[['CN','langui.sh'],['O','org'],['L','locality']],
|
321
|
-
[['CN','otherdomain.com'],['O','org-like']]
|
319
|
+
[['CN', 'langui.sh'], ['O', 'org'], ['L', 'locality']],
|
320
|
+
[['CN', 'otherdomain.com'], ['O', 'org-like']]
|
322
321
|
]
|
323
|
-
total = [@dns_names
|
322
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
324
323
|
gns = R509::ASN1.general_name_parser(total)
|
325
324
|
serialized = gns.serialize_names
|
326
325
|
@conf = serialized[:conf]
|
@@ -338,9 +337,9 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
|
|
338
337
|
@rfc_822_names = ["myemail@email.com"]
|
339
338
|
@uris = ["http://www.test.local"]
|
340
339
|
@directory_names = [
|
341
|
-
[['CN','langui.sh'],['O','org'],['L','locality']]
|
340
|
+
[['CN', 'langui.sh'], ['O', 'org'], ['L', 'locality']]
|
342
341
|
]
|
343
|
-
total = [@dns_names
|
342
|
+
total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
|
344
343
|
gns = R509::ASN1.general_name_parser(total)
|
345
344
|
serialized = gns.serialize_names
|
346
345
|
@conf = serialized[:conf]
|
@@ -6,12 +6,12 @@ shared_examples_for "a correct R509 SubjectKeyIdentifier object" do
|
|
6
6
|
before :all do
|
7
7
|
extension_name = "subjectKeyIdentifier"
|
8
8
|
klass = SubjectKeyIdentifier
|
9
|
-
openssl_ext = OpenSSL::X509::Extension.new(
|
10
|
-
@r509_ext = klass.new(
|
9
|
+
openssl_ext = OpenSSL::X509::Extension.new(extension_name, @extension_value)
|
10
|
+
@r509_ext = klass.new(openssl_ext)
|
11
11
|
end
|
12
12
|
|
13
13
|
it "key should be correct" do
|
14
|
-
@r509_ext.key.
|
14
|
+
expect(@r509_ext.key).to eq(@key)
|
15
15
|
end
|
16
16
|
end
|
17
17
|
|
@@ -30,30 +30,30 @@ describe R509::Cert::Extensions::SubjectKeyIdentifier do
|
|
30
30
|
end
|
31
31
|
|
32
32
|
it "errors when not supplying a public key" do
|
33
|
-
expect
|
33
|
+
expect do
|
34
34
|
R509::Cert::Extensions::SubjectKeyIdentifier.new({})
|
35
|
-
|
35
|
+
end.to raise_error(ArgumentError, "You must supply a hash with a :public_key")
|
36
36
|
end
|
37
37
|
|
38
38
|
it "errors when supplying a non-hash" do
|
39
|
-
expect
|
39
|
+
expect do
|
40
40
|
R509::Cert::Extensions::SubjectKeyIdentifier.new("junk!!!")
|
41
|
-
|
41
|
+
end.to raise_error(ArgumentError, "You must supply a hash with a :public_key")
|
42
42
|
end
|
43
43
|
|
44
44
|
it "creates successfully" do
|
45
45
|
ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key)
|
46
|
-
ski.key.
|
46
|
+
expect(ski.key).not_to be_nil
|
47
47
|
end
|
48
48
|
|
49
49
|
it "creates with default criticality" do
|
50
50
|
ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key)
|
51
|
-
ski.critical
|
51
|
+
expect(ski.critical?).to be false
|
52
52
|
end
|
53
53
|
|
54
54
|
it "creates with non-default criticality" do
|
55
55
|
ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key, :critical => true)
|
56
|
-
ski.critical
|
56
|
+
expect(ski.critical?).to be true
|
57
57
|
end
|
58
58
|
|
59
59
|
end
|
data/spec/cert_spec.rb
CHANGED
@@ -23,106 +23,110 @@ describe R509::Cert do
|
|
23
23
|
@cert_name_constraints = TestFixtures::CERT_NAME_CONSTRAINTS
|
24
24
|
end
|
25
25
|
it "raises error when no hash supplied" do
|
26
|
-
expect { R509::Cert.new('no hash')}.to raise_error(ArgumentError, 'Must provide a hash of options')
|
26
|
+
expect { R509::Cert.new('no hash') }.to raise_error(ArgumentError, 'Must provide a hash of options')
|
27
27
|
end
|
28
28
|
it "raises error when no :cert supplied" do
|
29
|
-
expect { R509::Cert.new(:key => "random")}.to raise_error(ArgumentError, 'Must provide :cert or :pkcs12')
|
29
|
+
expect { R509::Cert.new(:key => "random") }.to raise_error(ArgumentError, 'Must provide :cert or :pkcs12')
|
30
30
|
end
|
31
31
|
it "raises error when a csr is supplied to :cert" do
|
32
|
-
expect { R509::Cert.new(:cert => TestFixtures::CSR)}.to raise_error(ArgumentError, "Cert provided is actually a certificate signing request.")
|
32
|
+
expect { R509::Cert.new(:cert => TestFixtures::CSR) }.to raise_error(ArgumentError, "Cert provided is actually a certificate signing request.")
|
33
33
|
end
|
34
34
|
it "raises error when :cert and :pkcs12 are both provided" do
|
35
|
-
expect
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
35
|
+
expect do
|
36
|
+
R509::Cert.new(
|
37
|
+
:key => @key3,
|
38
|
+
:pkcs12 => @cert3_p12,
|
39
|
+
:password => 'whatever'
|
40
|
+
)
|
41
|
+
end.to raise_error(ArgumentError, 'When providing pkcs12, do not pass cert or key')
|
40
42
|
end
|
41
43
|
it "raises error when :key and :pkcs12 are both provided" do
|
42
|
-
expect
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
44
|
+
expect do
|
45
|
+
R509::Cert.new(
|
46
|
+
:cert => @cert,
|
47
|
+
:pkcs12 => @cert3_p12,
|
48
|
+
:password => 'whatever'
|
49
|
+
)
|
50
|
+
end.to raise_error(ArgumentError, 'When providing pkcs12, do not pass cert or key')
|
47
51
|
end
|
48
52
|
it "has a public_key" do
|
49
53
|
cert = R509::Cert.new(:cert => @cert)
|
50
|
-
#this is more complex than it should have to be. diff versions of openssl
|
51
|
-
#return subtly diff PEM encodings so we need to look at the modulus (n)
|
52
|
-
#but beware, because n is not present for DSA certificates
|
53
|
-
cert.public_key.n.to_i.
|
54
|
+
# this is more complex than it should have to be. diff versions of openssl
|
55
|
+
# return subtly diff PEM encodings so we need to look at the modulus (n)
|
56
|
+
# but beware, because n is not present for DSA certificates
|
57
|
+
expect(cert.public_key.n.to_i).to eq(@cert_public_key_modulus.to_i)
|
54
58
|
end
|
55
59
|
it "returns bit strength" do
|
56
60
|
cert = R509::Cert.new(:cert => @cert)
|
57
|
-
cert.bit_strength.
|
61
|
+
expect(cert.bit_strength).to eq(2048)
|
58
62
|
end
|
59
63
|
it "has the right issuer" do
|
60
64
|
cert = R509::Cert.new(:cert => @cert)
|
61
|
-
cert.issuer.to_s.
|
65
|
+
expect(cert.issuer.to_s).to eq("/C=US/O=SecureTrust Corporation/CN=SecureTrust CA")
|
62
66
|
end
|
63
67
|
it "generates certificate fingerprints" do
|
64
68
|
cert = R509::Cert.new(:cert => @cert)
|
65
|
-
cert.fingerprint.
|
66
|
-
cert.fingerprint('
|
67
|
-
cert.fingerprint('sha512').
|
68
|
-
cert.fingerprint('md5').
|
69
|
+
expect(cert.fingerprint).to eq('65d624f5a6937c3005d78b3f4ff09164649dd5aeb3fd8a93d6fd420e8b587fa2')
|
70
|
+
expect(cert.fingerprint('sha1')).to eq('863bbb58877b426eb10ccfd34d3056b8c961f627')
|
71
|
+
expect(cert.fingerprint('sha512')).to eq('a07d87f04161f52ef671c9d616530d07ebadef9c93c0470091617363c9ce8618dcb7931414e599d25cb032d68597111719e76d7de4bb7a92bf5ca7c08c36cf12')
|
72
|
+
expect(cert.fingerprint('md5')).to eq('aa78501c41b19252dfbe8ba509cc21f4')
|
69
73
|
end
|
70
74
|
it "returns true from has_private_key? when a key is present" do
|
71
75
|
cert = R509::Cert.new(:cert => @cert3, :key => @key3)
|
72
|
-
cert.has_private_key
|
76
|
+
expect(cert.has_private_key?).to eq(true)
|
73
77
|
end
|
74
78
|
it "returns false from has_private_key? when a key is not present" do
|
75
79
|
cert = R509::Cert.new(:cert => @cert)
|
76
|
-
cert.has_private_key
|
80
|
+
expect(cert.has_private_key?).to eq(false)
|
77
81
|
end
|
78
82
|
it "loads encrypted private key with cert" do
|
79
83
|
expect { R509::Cert.new(:cert => @cert3, :key => @key3_encrypted, :password => "r509") }.to_not raise_error
|
80
84
|
end
|
81
85
|
it "loads pkcs12" do
|
82
86
|
cert = R509::Cert.new(:pkcs12 => @cert3_p12, :password => "r509")
|
83
|
-
cert.has_private_key
|
84
|
-
cert.subject.to_s.
|
87
|
+
expect(cert.has_private_key?).to eq(true)
|
88
|
+
expect(cert.subject.to_s).to eq('/CN=futurama.com/O=Farnsworth Enterprises')
|
85
89
|
end
|
86
90
|
it "has the right not_before" do
|
87
91
|
cert = R509::Cert.new(:cert => @cert)
|
88
|
-
cert.not_before.to_i.
|
92
|
+
expect(cert.not_before.to_i).to eq(1282659002)
|
89
93
|
end
|
90
94
|
it "has the right not_after" do
|
91
95
|
cert = R509::Cert.new(:cert => @cert)
|
92
|
-
cert.not_after.to_i.
|
96
|
+
expect(cert.not_after.to_i).to eq(1377267002)
|
93
97
|
end
|
94
98
|
it "returns signature algorithm" do
|
95
99
|
cert = R509::Cert.new(:cert => @cert)
|
96
|
-
cert.signature_algorithm.
|
100
|
+
expect(cert.signature_algorithm).to eq('sha1WithRSAEncryption')
|
97
101
|
end
|
98
102
|
it "returns the RSA key algorithm" do
|
99
103
|
cert = R509::Cert.new(:cert => @cert)
|
100
|
-
cert.key_algorithm.
|
104
|
+
expect(cert.key_algorithm).to eq("RSA")
|
101
105
|
end
|
102
106
|
it "returns the DSA key algorithm" do
|
103
107
|
cert = R509::Cert.new(:cert => @cert6)
|
104
|
-
cert.key_algorithm.
|
108
|
+
expect(cert.key_algorithm).to eq("DSA")
|
105
109
|
end
|
106
110
|
it "returns list of san names when it is a san cert" do
|
107
111
|
cert = R509::Cert.new(:cert => @cert_san)
|
108
|
-
cert.san.dns_names.
|
112
|
+
expect(cert.san.dns_names).to eq(['langui.sh'])
|
109
113
|
end
|
110
114
|
it "#san returns nil when it is not a san cert" do
|
111
115
|
cert = R509::Cert.new(:cert => @cert)
|
112
|
-
cert.san.
|
116
|
+
expect(cert.san).to be_nil
|
113
117
|
end
|
114
118
|
it "#all_names should return a list of san names in addition to the CN" do
|
115
119
|
cert = R509::Cert.new(:cert => @cert_san2)
|
116
|
-
cert.all_names.
|
117
|
-
|
120
|
+
expect(cert.all_names).to eq(["cn.langui.sh", "san1.langui.sh",
|
121
|
+
"san2.langui.sh", "san3.langui.sh"])
|
118
122
|
end
|
119
123
|
it "#all_names should not have duplicates" do
|
120
124
|
cert = R509::Cert.new(:cert => @cert_san)
|
121
|
-
cert.all_names.
|
125
|
+
expect(cert.all_names).to eq(["langui.sh"])
|
122
126
|
end
|
123
127
|
it "#all_names should return the CN in the array even if there are no SANs" do
|
124
128
|
cert = R509::Cert.new(:cert => @cert)
|
125
|
-
cert.all_names.
|
129
|
+
expect(cert.all_names).to eq(["langui.sh"])
|
126
130
|
end
|
127
131
|
it "raises exception when providing invalid cert" do
|
128
132
|
expect { R509::Cert.new(:cert => "invalid cert") }.to raise_error(OpenSSL::X509::CertificateError)
|
@@ -138,134 +142,134 @@ describe R509::Cert do
|
|
138
142
|
end
|
139
143
|
it "loads properly when an R509::PrivateKey is provided" do
|
140
144
|
key = R509::PrivateKey.new(:key => @key3)
|
141
|
-
expect { R509::Cert.new(:key => key, :cert => @cert3)}.to_not raise_error
|
145
|
+
expect { R509::Cert.new(:key => key, :cert => @cert3) }.to_not raise_error
|
142
146
|
end
|
143
147
|
it "writes to pem" do
|
144
148
|
cert = R509::Cert.new(:cert => @cert)
|
145
149
|
sio = StringIO.new
|
146
150
|
sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
|
147
151
|
cert.write_pem(sio)
|
148
|
-
sio.string.
|
152
|
+
expect(sio.string).to eq(@cert)
|
149
153
|
end
|
150
154
|
it "writes to der" do
|
151
155
|
cert = R509::Cert.new(:cert => @cert)
|
152
156
|
sio = StringIO.new
|
153
157
|
sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
|
154
158
|
cert.write_der(sio)
|
155
|
-
sio.string.
|
159
|
+
expect(sio.string).to eq(@cert_der)
|
156
160
|
end
|
157
161
|
it "writes to pkcs12 when key/cert are present" do
|
158
162
|
cert = R509::Cert.new(:cert => @cert3, :key => @key3)
|
159
163
|
sio = StringIO.new
|
160
164
|
sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
|
161
|
-
cert.write_pkcs12(sio,'r509_password')
|
165
|
+
cert.write_pkcs12(sio, 'r509_password')
|
162
166
|
expect { R509::Cert.new(:pkcs12 => sio.string, :password => 'r509_password') }.to_not raise_error
|
163
167
|
end
|
164
168
|
it "raises error when writing to pkcs12 if key is not present" do
|
165
169
|
cert = R509::Cert.new(:cert => @cert3)
|
166
|
-
expect { cert.write_pkcs12('/dev/null','password') }.to raise_error(R509::R509Error, "Writing a PKCS12 requires both key and cert")
|
170
|
+
expect { cert.write_pkcs12('/dev/null', 'password') }.to raise_error(R509::R509Error, "Writing a PKCS12 requires both key and cert")
|
167
171
|
end
|
168
172
|
it "parses san extension" do
|
169
173
|
cert = R509::Cert.new(:cert => @cert_san)
|
170
|
-
cert.san.dns_names.
|
174
|
+
expect(cert.san.dns_names).to eq(["langui.sh"])
|
171
175
|
end
|
172
176
|
context "when initialized with an OpenSSL::X509::Certificate" do
|
173
177
|
it "returns pem on to_pem" do
|
174
178
|
test_cert = OpenSSL::X509::Certificate.new(@cert)
|
175
179
|
cert = R509::Cert.new(:cert => test_cert)
|
176
|
-
cert.to_pem.
|
180
|
+
expect(cert.to_pem).to eq(@cert)
|
177
181
|
end
|
178
182
|
it "returns der on to_der" do
|
179
183
|
test_cert = OpenSSL::X509::Certificate.new(@cert)
|
180
184
|
cert = R509::Cert.new(:cert => test_cert)
|
181
|
-
cert.to_der.
|
185
|
+
expect(cert.to_der).to eq(@cert_der)
|
182
186
|
end
|
183
187
|
it "returns pem on to_s" do
|
184
188
|
test_cert = OpenSSL::X509::Certificate.new(@cert)
|
185
189
|
cert = R509::Cert.new(:cert => test_cert)
|
186
|
-
cert.to_s.
|
190
|
+
expect(cert.to_s).to eq(@cert)
|
187
191
|
end
|
188
192
|
end
|
189
193
|
context "when initialized with a pem" do
|
190
194
|
it "returns on to_pem" do
|
191
195
|
cert = R509::Cert.new(:cert => @cert)
|
192
|
-
cert.to_pem.
|
196
|
+
expect(cert.to_pem).to eq(@cert)
|
193
197
|
end
|
194
198
|
it "returns der on to_der" do
|
195
199
|
cert = R509::Cert.new(:cert => @cert)
|
196
|
-
cert.to_der.
|
200
|
+
expect(cert.to_der).to eq(@cert_der)
|
197
201
|
end
|
198
202
|
it "returns pem on to_s" do
|
199
203
|
cert = R509::Cert.new(:cert => @cert)
|
200
|
-
cert.to_s.
|
201
|
-
|
204
|
+
expect(cert.to_s).to eq(@cert)
|
205
|
+
end
|
202
206
|
end
|
203
207
|
it "gets the right object from #basic_constraints" do
|
204
208
|
cert = R509::Cert.new(:cert => @cert)
|
205
|
-
cert.basic_constraints.class.
|
209
|
+
expect(cert.basic_constraints.class).to eq(R509::Cert::Extensions::BasicConstraints)
|
206
210
|
end
|
207
211
|
it "gets the right object from #key_usage" do
|
208
212
|
cert = R509::Cert.new(:cert => @cert)
|
209
|
-
cert.key_usage.class.
|
213
|
+
expect(cert.key_usage.class).to eq(R509::Cert::Extensions::KeyUsage)
|
210
214
|
end
|
211
215
|
it "gets the right object from #key_usage" do
|
212
216
|
cert = R509::Cert.new(:cert => @cert)
|
213
|
-
cert.extended_key_usage.class.
|
217
|
+
expect(cert.extended_key_usage.class).to eq(R509::Cert::Extensions::ExtendedKeyUsage)
|
214
218
|
end
|
215
219
|
it "gets the right object from #subject_key_identifier" do
|
216
220
|
cert = R509::Cert.new(:cert => @cert)
|
217
|
-
cert.subject_key_identifier.class.
|
221
|
+
expect(cert.subject_key_identifier.class).to eq(R509::Cert::Extensions::SubjectKeyIdentifier)
|
218
222
|
end
|
219
223
|
it "gets the right object from #authority_key_identifier" do
|
220
224
|
cert = R509::Cert.new(:cert => @cert)
|
221
|
-
cert.authority_key_identifier.class.
|
225
|
+
expect(cert.authority_key_identifier.class).to eq(R509::Cert::Extensions::AuthorityKeyIdentifier)
|
222
226
|
end
|
223
227
|
it "gets the right object from #subject_alternative_name" do
|
224
228
|
cert = R509::Cert.new(:cert => @cert5)
|
225
|
-
cert.subject_alternative_name.class.
|
229
|
+
expect(cert.subject_alternative_name.class).to eq(R509::Cert::Extensions::SubjectAlternativeName)
|
226
230
|
end
|
227
231
|
it "gets the right object from #authority_info_access" do
|
228
232
|
cert = R509::Cert.new(:cert => @cert5)
|
229
|
-
cert.authority_info_access.class.
|
233
|
+
expect(cert.authority_info_access.class).to eq(R509::Cert::Extensions::AuthorityInfoAccess)
|
230
234
|
end
|
231
235
|
it "gets the right object from #crl_distribution_points" do
|
232
236
|
cert = R509::Cert.new(:cert => @cert)
|
233
|
-
cert.crl_distribution_points.class.
|
237
|
+
expect(cert.crl_distribution_points.class).to eq(R509::Cert::Extensions::CRLDistributionPoints)
|
234
238
|
end
|
235
239
|
it "gets the right object from #certificate_policies" do
|
236
240
|
cert = R509::Cert.new(:cert => @cert)
|
237
|
-
cert.certificate_policies.class.
|
241
|
+
expect(cert.certificate_policies.class).to eq(R509::Cert::Extensions::CertificatePolicies)
|
238
242
|
end
|
239
243
|
it "gets the right object from #inhibit_any_policy" do
|
240
244
|
cert = R509::Cert.new(:cert => @cert_inhibit)
|
241
|
-
cert.inhibit_any_policy.class.
|
245
|
+
expect(cert.inhibit_any_policy.class).to eq(R509::Cert::Extensions::InhibitAnyPolicy)
|
242
246
|
end
|
243
247
|
it "gets the right object from #policy_constraints" do
|
244
248
|
cert = R509::Cert.new(:cert => @cert_policy_constraints)
|
245
|
-
cert.policy_constraints.class.
|
249
|
+
expect(cert.policy_constraints.class).to eq(R509::Cert::Extensions::PolicyConstraints)
|
246
250
|
end
|
247
251
|
it "gets the right object from #name_constraints" do
|
248
252
|
cert = R509::Cert.new(:cert => @cert_name_constraints)
|
249
|
-
cert.name_constraints.class.
|
253
|
+
expect(cert.name_constraints.class).to eq(R509::Cert::Extensions::NameConstraints)
|
250
254
|
end
|
251
255
|
it "returns true from #ocsp_no_check? when the extension is present" do
|
252
256
|
cert = R509::Cert.new(:cert => @cert_ocsp_no_check)
|
253
|
-
cert.ocsp_no_check
|
257
|
+
expect(cert.ocsp_no_check?).to eq(true)
|
254
258
|
end
|
255
259
|
it "returns false from #ocsp_no_check? when the extension is not present" do
|
256
260
|
cert = R509::Cert.new(:cert => @cert)
|
257
|
-
cert.ocsp_no_check
|
261
|
+
expect(cert.ocsp_no_check?).to eq(false)
|
258
262
|
end
|
259
263
|
|
260
264
|
it "checks rsa?" do
|
261
265
|
cert = R509::Cert.new(:cert => @cert)
|
262
|
-
cert.rsa
|
263
|
-
cert.ec
|
264
|
-
cert.dsa
|
266
|
+
expect(cert.rsa?).to eq(true)
|
267
|
+
expect(cert.ec?).to eq(false)
|
268
|
+
expect(cert.dsa?).to eq(false)
|
265
269
|
end
|
266
270
|
it "gets RSA bit strength" do
|
267
271
|
cert = R509::Cert.new(:cert => @cert)
|
268
|
-
cert.bit_strength.
|
272
|
+
expect(cert.bit_strength).to eq(2048)
|
269
273
|
end
|
270
274
|
it "returns an error for curve_name for DSA/RSA" do
|
271
275
|
cert = R509::Cert.new(:cert => @cert)
|
@@ -273,66 +277,66 @@ describe R509::Cert do
|
|
273
277
|
end
|
274
278
|
it "checks dsa?" do
|
275
279
|
cert = R509::Cert.new(:cert => @cert6)
|
276
|
-
cert.rsa
|
277
|
-
cert.ec
|
278
|
-
cert.dsa
|
280
|
+
expect(cert.rsa?).to eq(false)
|
281
|
+
expect(cert.ec?).to eq(false)
|
282
|
+
expect(cert.dsa?).to eq(true)
|
279
283
|
end
|
280
284
|
it "gets DSA bit strength" do
|
281
285
|
cert = R509::Cert.new(:cert => @cert6)
|
282
|
-
cert.bit_strength.
|
286
|
+
expect(cert.bit_strength).to eq(1024)
|
283
287
|
end
|
284
288
|
it "gets serial of cert" do
|
285
289
|
cert = R509::Cert.new(:cert => @cert6)
|
286
|
-
cert.serial.
|
290
|
+
expect(cert.serial).to eq(951504)
|
287
291
|
end
|
288
292
|
it "gets hexserial of cert" do
|
289
293
|
cert = R509::Cert.new(:cert => @cert6)
|
290
|
-
cert.hexserial.
|
294
|
+
expect(cert.hexserial).to eq("0E84D0")
|
291
295
|
end
|
292
296
|
it "checks a cert that is not yet valid" do
|
293
297
|
cert = R509::Cert.new(:cert => @cert_not_yet_valid)
|
294
|
-
cert.valid
|
298
|
+
expect(cert.valid?).to eq(false)
|
295
299
|
end
|
296
300
|
it "checks a cert that is in validity range" do
|
297
301
|
cert = R509::Cert.new(:cert => @test_ca_cert)
|
298
|
-
cert.valid
|
302
|
+
expect(cert.valid?).to eq(true)
|
299
303
|
end
|
300
304
|
it "checks a cert that is expired" do
|
301
305
|
cert = R509::Cert.new(:cert => @cert_expired)
|
302
|
-
cert.valid
|
306
|
+
expect(cert.valid?).to eq(false)
|
303
307
|
end
|
304
308
|
it "checks expired_at?" do
|
305
309
|
cert = R509::Cert.new(:cert => @cert_expired)
|
306
|
-
cert.valid_at?(Time.utc(2009,1,1)).
|
307
|
-
cert.valid_at?(Time.utc(2011,3,1)).
|
308
|
-
cert.valid_at?(1298959200).
|
309
|
-
cert.valid_at?(Time.utc(2012,1,1)).
|
310
|
+
expect(cert.valid_at?(Time.utc(2009, 1, 1))).to eq(false)
|
311
|
+
expect(cert.valid_at?(Time.utc(2011, 3, 1))).to eq(true)
|
312
|
+
expect(cert.valid_at?(1298959200)).to eq(true)
|
313
|
+
expect(cert.valid_at?(Time.utc(2012, 1, 1))).to eq(false)
|
310
314
|
end
|
311
315
|
it "is revoked by crl" do
|
312
316
|
cert = R509::Cert.new(:cert => @cert3)
|
313
317
|
crl_admin = R509::CRL::Administrator.new(TestFixtures.test_ca_config)
|
314
318
|
crl_admin.revoke_cert(1425751142578902223005775172931960716533532010870)
|
315
319
|
crl = crl_admin.generate_crl
|
316
|
-
cert.is_revoked_by_crl?(crl).
|
320
|
+
expect(cert.is_revoked_by_crl?(crl)).to eq(true)
|
317
321
|
end
|
318
322
|
it "is not revoked by crl" do
|
319
323
|
cert = R509::Cert.new(:cert => @cert3)
|
320
324
|
crl_admin = R509::CRL::Administrator.new(TestFixtures.test_ca_config)
|
321
325
|
crl = crl_admin.generate_crl
|
322
|
-
cert.is_revoked_by_crl?(crl).
|
326
|
+
expect(cert.is_revoked_by_crl?(crl)).to eq(false)
|
323
327
|
end
|
324
328
|
it "loads a cert with load_from_file" do
|
325
329
|
path = File.dirname(__FILE__) + '/fixtures/cert1.pem'
|
326
330
|
cert = R509::Cert.load_from_file path
|
327
|
-
cert.serial.to_i.
|
331
|
+
expect(cert.serial.to_i).to eq(211653423715)
|
328
332
|
end
|
329
333
|
it "returns a hash for #extensions" do
|
330
334
|
cert = R509::Cert.new(:cert => @cert3)
|
331
|
-
cert.extensions.
|
335
|
+
expect(cert.extensions.is_a?(Hash)).to eq(true)
|
332
336
|
end
|
333
337
|
it "returns an array for #unknown_extensions" do
|
334
338
|
cert = R509::Cert.new(:cert => @cert3)
|
335
|
-
cert.unknown_extensions.
|
339
|
+
expect(cert.unknown_extensions).to eq([])
|
336
340
|
end
|
337
341
|
|
338
342
|
context "elliptic curve certs", :ec => true do
|
@@ -347,52 +351,52 @@ describe R509::Cert do
|
|
347
351
|
cert = R509::Cert.new(:cert => @cert_ec, :key => @key_ec)
|
348
352
|
sio = StringIO.new
|
349
353
|
sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
|
350
|
-
cert.write_pkcs12(sio,'r509_password')
|
354
|
+
cert.write_pkcs12(sio, 'r509_password')
|
351
355
|
expect { R509::Cert.new(:pkcs12 => sio.string, :password => 'r509_password') }.to_not raise_error
|
352
356
|
end
|
353
357
|
it "raises error on bit strength" do
|
354
358
|
cert = R509::Cert.new(:cert => @cert_ec)
|
355
|
-
expect { cert.bit_strength }.to raise_error(R509::R509Error,'Bit length is not available for EC at this time.')
|
359
|
+
expect { cert.bit_strength }.to raise_error(R509::R509Error, 'Bit length is not available for EC at this time.')
|
356
360
|
end
|
357
361
|
it "returns curve name" do
|
358
362
|
cert = R509::Cert.new(:cert => @cert_ec)
|
359
|
-
cert.curve_name.
|
363
|
+
expect(cert.curve_name).to eq('secp384r1')
|
360
364
|
end
|
361
365
|
it "checks ec?" do
|
362
366
|
cert = R509::Cert.new(:cert => @cert_ec)
|
363
|
-
cert.rsa
|
364
|
-
cert.dsa
|
365
|
-
cert.ec
|
367
|
+
expect(cert.rsa?).to eq(false)
|
368
|
+
expect(cert.dsa?).to eq(false)
|
369
|
+
expect(cert.ec?).to eq(true)
|
366
370
|
end
|
367
371
|
it "returns the public key" do
|
368
372
|
cert = R509::Cert.new(:cert => @cert_ec)
|
369
373
|
private_key = R509::PrivateKey.new(:key => @key_ec)
|
370
|
-
cert.public_key.to_der.
|
374
|
+
expect(cert.public_key.to_der).to eq(private_key.public_key.to_der)
|
371
375
|
end
|
372
376
|
it "returns the key algorithm" do
|
373
377
|
cert = R509::Cert.new(:cert => @cert_ec)
|
374
|
-
cert.key_algorithm.
|
378
|
+
expect(cert.key_algorithm).to eq("EC")
|
375
379
|
end
|
376
380
|
end
|
377
381
|
|
378
382
|
context "when elliptic curve support is unavailable" do
|
379
383
|
before :all do
|
380
|
-
@ec = OpenSSL::PKey.send(:remove_const
|
384
|
+
@ec = OpenSSL::PKey.send(:remove_const, :EC) # remove EC support for test!
|
381
385
|
load('r509/ec-hack.rb')
|
382
386
|
end
|
383
387
|
after :all do
|
384
|
-
OpenSSL::PKey.send(:remove_const
|
388
|
+
OpenSSL::PKey.send(:remove_const, :EC) # remove stubbed EC
|
385
389
|
OpenSSL::PKey::EC = @ec # add the real one back
|
386
390
|
end
|
387
391
|
it "checks rsa?" do
|
388
392
|
cert = R509::Cert.new(:cert => @cert)
|
389
|
-
cert.rsa
|
390
|
-
cert.ec
|
391
|
-
cert.dsa
|
393
|
+
expect(cert.rsa?).to eq(true)
|
394
|
+
expect(cert.ec?).to eq(false)
|
395
|
+
expect(cert.dsa?).to eq(false)
|
392
396
|
end
|
393
397
|
it "returns RSA key algorithm for RSA CSR" do
|
394
398
|
cert = R509::Cert.new(:cert => @cert)
|
395
|
-
cert.key_algorithm.
|
399
|
+
expect(cert.key_algorithm).to eq("RSA")
|
396
400
|
end
|
397
401
|
end
|
398
402
|
end
|