RubyGems - r509 - Versions diffs - 0.10.0 → 1.0 - Mend

r509 0.10.0 → 1.0

Files changed (168) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/README.mdown +2 -2
data/Rakefile +2 -3
data/bin/r509 +77 -80
data/bin/r509-parse +4 -4
data/doc/R509.html +60 -60
data/doc/R509/ASN1.html +158 -48
data/doc/R509/ASN1/GeneralName.html +157 -154
data/doc/R509/ASN1/GeneralNames.html +246 -237
data/doc/R509/CRL.html +41 -39
data/doc/R509/CRL/Administrator.html +105 -100
data/doc/R509/CRL/FileReaderWriter.html +146 -98
data/doc/R509/CRL/ReaderWriter.html +57 -54
data/doc/R509/CRL/SQLiteReaderWriter.html +727 -0
data/doc/R509/CRL/SignedList.html +83 -80
data/doc/R509/CSR.html +184 -162
data/doc/R509/Cert.html +271 -269
data/doc/R509/Cert/Extensions.html +62 -63
data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +138 -108
data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +100 -84
data/doc/R509/Cert/Extensions/BasicConstraints.html +89 -88
data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +87 -83
data/doc/R509/Cert/Extensions/CertificatePolicies.html +78 -76
data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +128 -125
data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +83 -78
data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +69 -67
data/doc/R509/Cert/Extensions/KeyUsage.html +138 -135
data/doc/R509/Cert/Extensions/NameConstraints.html +82 -81
data/doc/R509/Cert/Extensions/NoticeReference.html +59 -56
data/doc/R509/Cert/Extensions/OCSPNoCheck.html +70 -69
data/doc/R509/Cert/Extensions/PolicyConstraints.html +71 -69
data/doc/R509/Cert/Extensions/PolicyInformation.html +63 -60
data/doc/R509/Cert/Extensions/PolicyQualifiers.html +60 -57
data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +91 -87
data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +72 -71
data/doc/R509/Cert/Extensions/UserNotice.html +60 -57
data/doc/R509/Cert/Extensions/ValidationMixin.html +43 -40
data/doc/R509/CertificateAuthority.html +39 -37
data/doc/R509/CertificateAuthority/OptionsBuilder.html +58 -55
data/doc/R509/CertificateAuthority/Signer.html +277 -60
data/doc/R509/Config.html +40 -38
data/doc/R509/Config/CAConfig.html +255 -188
data/doc/R509/Config/CAConfigPool.html +64 -61
data/doc/R509/Config/CertProfile.html +119 -116
data/doc/R509/Config/SubjectItemPolicy.html +94 -93
data/doc/R509/Engine.html +60 -56
data/doc/R509/Helpers.html +99 -96
data/doc/R509/MessageDigest.html +69 -68
data/doc/R509/NameSanitizer.html +51 -48
data/doc/R509/OCSP.html +39 -37
data/doc/R509/OCSP/Request.html +39 -37
data/doc/R509/OCSP/Request/Nonce.html +67 -67
data/doc/R509/OCSP/Response.html +93 -90
data/doc/R509/OIDMapper.html +48 -46
data/doc/R509/PrivateKey.html +170 -169
data/doc/R509/R509Error.html +45 -42
data/doc/R509/SPKI.html +99 -89
data/doc/R509/Subject.html +86 -83
data/doc/R509/Validity.html +57 -57
data/doc/R509/Validity/Checker.html +63 -93
data/doc/R509/Validity/DefaultChecker.html +58 -55
data/doc/R509/Validity/DefaultWriter.html +62 -59
data/doc/R509/Validity/Status.html +77 -74
data/doc/R509/Validity/Writer.html +75 -123
data/doc/_index.html +37 -31
data/doc/class_list.html +25 -27
data/doc/css/full_list.css +32 -31
data/doc/css/style.css +221 -78
data/doc/file.CONTRIBUTING.html +29 -30
data/doc/file.LICENSE.html +29 -30
data/doc/file.README.html +31 -32
data/doc/file.YAML.html +33 -34
data/doc/file.r509.html +39 -48
data/doc/file_list.html +39 -30
data/doc/frames.html +10 -21
data/doc/index.html +31 -32
data/doc/js/app.js +100 -71
data/doc/js/full_list.js +168 -130
data/doc/method_list.html +1788 -1119
data/doc/top-level-namespace.html +45 -49
data/lib/r509.rb +21 -7
data/lib/r509/asn1.rb +45 -32
data/lib/r509/cert.rb +45 -51
data/lib/r509/cert/extensions/authority_info_access.rb +49 -23
data/lib/r509/cert/extensions/authority_key_identifier.rb +16 -11
data/lib/r509/cert/extensions/base.rb +22 -23
data/lib/r509/cert/extensions/basic_constraints.rb +11 -12
data/lib/r509/cert/extensions/certificate_policies.rb +26 -26
data/lib/r509/cert/extensions/crl_distribution_points.rb +5 -7
data/lib/r509/cert/extensions/extended_key_usage.rb +5 -5
data/lib/r509/cert/extensions/inhibit_any_policy.rb +4 -3
data/lib/r509/cert/extensions/key_usage.rb +5 -5
data/lib/r509/cert/extensions/name_constraints.rb +16 -16
data/lib/r509/cert/extensions/ocsp_no_check.rb +3 -3
data/lib/r509/cert/extensions/policy_constraints.rb +8 -8
data/lib/r509/cert/extensions/subject_alternative_name.rb +5 -4
data/lib/r509/cert/extensions/subject_key_identifier.rb +5 -5
data/lib/r509/cert/extensions/validation_mixin.rb +11 -10
data/lib/r509/certificate_authority/options_builder.rb +19 -21
data/lib/r509/certificate_authority/signer.rb +26 -27
data/lib/r509/config.rb +1 -0
data/lib/r509/config/ca_config.rb +70 -75
data/lib/r509/config/cert_profile.rb +9 -8
data/lib/r509/config/subject_item_policy.rb +25 -28
data/lib/r509/crl/administrator.rb +19 -20
data/lib/r509/crl/reader_writer.rb +10 -8
data/lib/r509/crl/signed_list.rb +4 -4
data/lib/r509/crl/sqlite_reader_writer.rb +75 -0
data/lib/r509/csr.rb +54 -60
data/lib/r509/ec-hack.rb +3 -2
data/lib/r509/engine.rb +5 -6
data/lib/r509/exceptions.rb +1 -1
data/lib/r509/helpers.rb +11 -14
data/lib/r509/io_helpers.rb +7 -7
data/lib/r509/message_digest.rb +5 -6
data/lib/r509/ocsp.rb +11 -13
data/lib/r509/oid_mapper.rb +2 -2
data/lib/r509/private_key.rb +28 -32
data/lib/r509/spki.rb +17 -20
data/lib/r509/subject.rb +26 -27
data/lib/r509/trollop.rb +1 -0
data/lib/r509/validity.rb +30 -21
data/lib/r509/version.rb +4 -2
data/r509.yaml +9 -17
data/spec/asn1_spec.rb +145 -146
data/spec/cert/extensions/authority_info_access_spec.rb +41 -41
data/spec/cert/extensions/authority_key_identifier_spec.rb +29 -23
data/spec/cert/extensions/base_spec.rb +38 -34
data/spec/cert/extensions/basic_constraints_spec.rb +21 -21
data/spec/cert/extensions/certificate_policies_spec.rb +99 -87
data/spec/cert/extensions/crl_distribution_points_spec.rb +24 -25
data/spec/cert/extensions/extended_key_usage_spec.rb +40 -36
data/spec/cert/extensions/inhibit_any_policy_spec.rb +12 -12
data/spec/cert/extensions/key_usage_spec.rb +44 -39
data/spec/cert/extensions/name_constraints_spec.rb +83 -83
data/spec/cert/extensions/ocsp_no_check_spec.rb +10 -10
data/spec/cert/extensions/policy_constraints_spec.rb +19 -19
data/spec/cert/extensions/subject_alternative_name_spec.rb +46 -47
data/spec/cert/extensions/subject_key_identifier_spec.rb +10 -10
data/spec/cert_spec.rb +105 -101
data/spec/certificate_authority/options_builder_spec.rb +90 -90
data/spec/certificate_authority/signer_spec.rb +41 -41
data/spec/config/ca_config_spec.rb +169 -119
data/spec/config/cert_profile_spec.rb +33 -33
data/spec/config/subject_item_policy_spec.rb +22 -22
data/spec/crl/administrator_spec.rb +65 -65
data/spec/crl/reader_writer_spec.rb +20 -19
data/spec/crl/signed_list_spec.rb +26 -26
data/spec/crl/sqlite_reader_writer_spec.rb +42 -0
data/spec/csr_spec.rb +149 -145
data/spec/engine_spec.rb +14 -14
data/spec/fixtures.rb +56 -39
data/spec/fixtures/crl_list.sql +13 -0
data/spec/fixtures/csr1.der +0 -0
data/spec/fixtures/csr1.pem +6 -6
data/spec/message_digest_spec.rb +43 -43
data/spec/ocsp_spec.rb +25 -25
data/spec/oid_mapper_spec.rb +18 -19
data/spec/private_key_spec.rb +79 -81
data/spec/r509_spec.rb +16 -16
data/spec/spec_helper.rb +3 -3
data/spec/spki_spec.rb +94 -94
data/spec/subject_spec.rb +107 -107
data/spec/validity_spec.rb +25 -25
metadata +113 -111
metadata.gz.sig +0 -0

data/spec/cert/extensions/subject_alternative_name_spec.rb CHANGED

@@ -8,54 +8,53 @@ shared_examples_for "a correct R509 SubjectAlternativeName object" do |critical|
     klass = SubjectAlternativeName
     ef = OpenSSL::X509::ExtensionFactory.new
     ef.config = OpenSSL::Config.parse(@conf)
-    openssl_ext = ef.create_extension( extension_name, @extension_value , critical )
-    @r509_ext = klass.new( openssl_ext )
+    openssl_ext = ef.create_extension(extension_name, @extension_value, critical)
+    @r509_ext = klass.new(openssl_ext)
   end
   it "dns_names should be correct critical:#{critical}" do
-    @r509_ext.dns_names.should == @dns_names
+    expect(@r509_ext.dns_names).to eq(@dns_names)
   end
   it "ip_addresses should be correct critical:#{critical}" do
-    @r509_ext.ip_addresses.should == @ip_addresses
+    expect(@r509_ext.ip_addresses).to eq(@ip_addresses)
   end
   it "rfc_822names should be correct critical:#{critical}" do
-    @r509_ext.rfc_822_names.should == @rfc_822_names
+    expect(@r509_ext.rfc_822_names).to eq(@rfc_822_names)
   end
   it "uris should be correct critical:#{critical}" do
-    @r509_ext.uris.should == @uris
+    expect(@r509_ext.uris).to eq(@uris)
   end
   it "dirNames should be correct critical:#{critical}" do
-    @r509_ext.directory_names.size.should == @directory_names.size
+    expect(@r509_ext.directory_names.size).to eq(@directory_names.size)
   end
   it "ordered should be correct critical:#{critical}" do
-    @r509_ext.names.size.should == @dns_names.size + @ip_addresses.size + @rfc_822_names.size + @uris.size + @directory_names.size
+    expect(@r509_ext.names.size).to eq(@dns_names.size + @ip_addresses.size + @rfc_822_names.size + @uris.size + @directory_names.size)
   end
   it "reports #critical? properly" do
-    @r509_ext.critical?.should == critical
+    expect(@r509_ext.critical?).to eq(critical)
   end
 end
 describe R509::Cert::Extensions::SubjectAlternativeName do
   include R509::Cert::Extensions
   context "validation" do
     it "errors when not supplying a hash" do
-      expect {
+      expect do
         R509::Cert::Extensions::SubjectAlternativeName.new("create")
-      }.to raise_error(ArgumentError,"You must supply a hash with a :value")
+      end.to raise_error(ArgumentError, "You must supply a hash with a :value")
     end
     it "errors when not supplying :value" do
-      expect {
+      expect do
         R509::Cert::Extensions::SubjectAlternativeName.new({})
-      }.to raise_error(ArgumentError,"You must supply a hash with a :value")
+      end.to raise_error(ArgumentError, "You must supply a hash with a :value")
     end
   end
   context "SubjectAlternativeName" do
@@ -69,71 +68,71 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         end
         it "creates extension" do
-          @san.rfc_822_names.should == ['random string']
+          expect(@san.rfc_822_names).to eq(['random string'])
         end
         it "builds yaml" do
-          YAML.load(@san.to_yaml).should == {:critical=>false, :value=>[{:type=>"email", :value=>"random string"}]}
+          expect(YAML.load(@san.to_yaml)).to eq(:critical => false, :value => [{ :type => "email", :value => "random string" }])
         end
       end
       context "single name" do
         before :all do
-          @args = { :value => [{:type => "DNS", :value => 'domain.com' }], :critical => false }
+          @args = { :value => [{ :type => "DNS", :value => 'domain.com' }], :critical => false }
           @san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
         end
         it "creates extension" do
-          @san.dns_names.should == ['domain.com']
+          expect(@san.dns_names).to eq(['domain.com'])
         end
         it "builds yaml" do
-          @san.to_h.should == @args
+          expect(@san.to_h).to eq(@args)
         end
       end
       context "multiple names" do
         before :all do
-          @args = { :value => [{:type => 'DNS', :value => 'domain.com' },{ :type => 'IP', :value => '127.0.0.1' }], :critical => false }
+          @args = { :value => [{ :type => 'DNS', :value => 'domain.com' }, { :type => 'IP', :value => '127.0.0.1' }], :critical => false }
           @san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
         end
         it "creates extension" do
-          @san.dns_names.should == ['domain.com']
-          @san.ip_addresses.should == ['127.0.0.1']
+          expect(@san.dns_names).to eq(['domain.com'])
+          expect(@san.ip_addresses).to eq(['127.0.0.1'])
         end
         it "builds yaml" do
-          @san.to_h.should == @args
+          expect(@san.to_h).to eq(@args)
         end
       end
       context "default criticality" do
         before :all do
-          @args = { :value => [{:type => "DNS", :value => 'domain.com' }] }
+          @args = { :value => [{ :type => "DNS", :value => 'domain.com' }] }
           @san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
         end
         it "creates extension" do
-          @san.critical?.should be_false
+          expect(@san.critical?).to be false
         end
         it "builds yaml" do
-          @san.to_h.should == @args.merge(:critical => false)
+          expect(@san.to_h).to eq(@args.merge(:critical => false))
         end
       end
       context "creates with non-default criticality" do
         before :all do
-          @args = { :value => [{:type => "DNS", :value => 'domain.com' }], :critical => true }
+          @args = { :value => [{ :type => "DNS", :value => 'domain.com' }], :critical => true }
           @san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
         end
         it "creates extension" do
-          @san.critical?.should be_true
+          expect(@san.critical?).to be true
         end
         it "builds yaml" do
-          @san.to_h.should == @args
+          expect(@san.to_h).to eq(@args)
         end
       end
@@ -142,7 +141,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
     context "with an unimplemented GeneralName type" do
       it "errors as expected" do
         ef = OpenSSL::X509::ExtensionFactory.new
-        ext = ef.create_extension("subjectAltName","otherName:1.2.3.4;IA5STRING:Hello World")
+        ext = ef.create_extension("subjectAltName", "otherName:1.2.3.4;IA5STRING:Hello World")
         expect { R509::Cert::Extensions::SubjectAlternativeName.new ext }.to raise_error(R509::R509Error, 'Unimplemented GeneralName tag: 0. At this time R509 does not support GeneralName types other than rfc822Name, dNSName, uniformResourceIdentifier, iPAddress, and directoryName')
       end
     end
@@ -153,7 +152,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @uris = []
         @rfc_822_names = []
         @directory_names = []
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -171,7 +170,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @uris = []
         @rfc_822_names = []
         @directory_names = []
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -189,7 +188,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @rfc_822_names = []
         @uris = []
         @directory_names = []
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -207,7 +206,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @uris = []
         @rfc_822_names = []
         @directory_names = []
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -225,7 +224,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @rfc_822_names = ["some@guy.com"]
         @uris = []
         @directory_names = []
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -240,10 +239,10 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
       before :all do
         @dns_names = []
         @ip_addresses = []
-        @rfc_822_names = ["some@guy.com","other@guy.com"]
+        @rfc_822_names = ["some@guy.com", "other@guy.com"]
         @uris = []
         @directory_names = []
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -261,7 +260,7 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @rfc_822_names = []
         @uris = ["http://www.test.local"]
         @directory_names = []
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -277,9 +276,9 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @dns_names = []
         @ip_addresses = []
         @rfc_822_names = []
-        @uris = ["http://www.test.local","http://www2.test.local"]
+        @uris = ["http://www.test.local", "http://www2.test.local"]
         @directory_names = []
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -297,9 +296,9 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @rfc_822_names = []
         @uris = []
         @directory_names = [
-          [['CN','langui.sh'],['O','org'],['L','locality']]
+          [['CN', 'langui.sh'], ['O', 'org'], ['L', 'locality']]
         ]
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -317,10 +316,10 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @rfc_822_names = []
         @uris = []
         @directory_names = [
-          [['CN','langui.sh'],['O','org'],['L','locality']],
-          [['CN','otherdomain.com'],['O','org-like']]
+          [['CN', 'langui.sh'], ['O', 'org'], ['L', 'locality']],
+          [['CN', 'otherdomain.com'], ['O', 'org-like']]
         ]
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]
@@ -338,9 +337,9 @@ describe R509::Cert::Extensions::SubjectAlternativeName do
         @rfc_822_names = ["myemail@email.com"]
         @uris = ["http://www.test.local"]
         @directory_names = [
-          [['CN','langui.sh'],['O','org'],['L','locality']]
+          [['CN', 'langui.sh'], ['O', 'org'], ['L', 'locality']]
         ]
-        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        total = [@dns_names, @ip_addresses, @uris, @rfc_822_names, @directory_names].flatten(1)
         gns = R509::ASN1.general_name_parser(total)
         serialized = gns.serialize_names
         @conf = serialized[:conf]

data/spec/cert/extensions/subject_key_identifier_spec.rb CHANGED

@@ -6,12 +6,12 @@ shared_examples_for "a correct R509 SubjectKeyIdentifier object" do
   before :all do
     extension_name = "subjectKeyIdentifier"
     klass = SubjectKeyIdentifier
-    openssl_ext = OpenSSL::X509::Extension.new( extension_name, @extension_value )
-    @r509_ext = klass.new( openssl_ext )
+    openssl_ext = OpenSSL::X509::Extension.new(extension_name, @extension_value)
+    @r509_ext = klass.new(openssl_ext)
   end
   it "key should be correct" do
-    @r509_ext.key.should == @key
+    expect(@r509_ext.key).to eq(@key)
   end
 end
@@ -30,30 +30,30 @@ describe R509::Cert::Extensions::SubjectKeyIdentifier do
       end
       it "errors when not supplying a public key" do
-        expect {
+        expect do
           R509::Cert::Extensions::SubjectKeyIdentifier.new({})
-        }.to raise_error(ArgumentError,"You must supply a hash with a :public_key")
+        end.to raise_error(ArgumentError, "You must supply a hash with a :public_key")
       end
       it "errors when supplying a non-hash" do
-        expect {
+        expect do
           R509::Cert::Extensions::SubjectKeyIdentifier.new("junk!!!")
-        }.to raise_error(ArgumentError,"You must supply a hash with a :public_key")
+        end.to raise_error(ArgumentError, "You must supply a hash with a :public_key")
       end
       it "creates successfully" do
         ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key)
-        ski.key.should_not be_nil
+        expect(ski.key).not_to be_nil
       end
       it "creates with default criticality" do
         ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key)
-        ski.critical?.should be_false
+        expect(ski.critical?).to be false
       end
       it "creates with non-default criticality" do
         ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key, :critical => true)
-        ski.critical?.should be_true
+        expect(ski.critical?).to be true
       end
     end

data/spec/cert_spec.rb CHANGED

@@ -23,106 +23,110 @@ describe R509::Cert do
     @cert_name_constraints = TestFixtures::CERT_NAME_CONSTRAINTS
   end
   it "raises error when no hash supplied" do
-    expect { R509::Cert.new('no hash')}.to raise_error(ArgumentError, 'Must provide a hash of options')
+    expect { R509::Cert.new('no hash') }.to raise_error(ArgumentError, 'Must provide a hash of options')
   end
   it "raises error when no :cert supplied" do
-    expect { R509::Cert.new(:key => "random")}.to raise_error(ArgumentError, 'Must provide :cert or :pkcs12')
+    expect { R509::Cert.new(:key => "random") }.to raise_error(ArgumentError, 'Must provide :cert or :pkcs12')
   end
   it "raises error when a csr is supplied to :cert" do
-    expect { R509::Cert.new(:cert => TestFixtures::CSR)}.to raise_error(ArgumentError, "Cert provided is actually a certificate signing request.")
+    expect { R509::Cert.new(:cert => TestFixtures::CSR) }.to raise_error(ArgumentError, "Cert provided is actually a certificate signing request.")
   end
   it "raises error when :cert and :pkcs12 are both provided" do
-    expect { R509::Cert.new(
-      :key => @key3,
-      :pkcs12 => @cert3_p12,
-      :password => 'whatever'
-    ) }.to raise_error(ArgumentError, 'When providing pkcs12, do not pass cert or key')
+    expect do
+      R509::Cert.new(
+        :key => @key3,
+        :pkcs12 => @cert3_p12,
+        :password => 'whatever'
+      )
+    end.to raise_error(ArgumentError, 'When providing pkcs12, do not pass cert or key')
   end
   it "raises error when :key and :pkcs12 are both provided" do
-    expect { R509::Cert.new(
-      :cert => @cert,
-      :pkcs12 => @cert3_p12,
-      :password => 'whatever'
-    ) }.to raise_error(ArgumentError, 'When providing pkcs12, do not pass cert or key')
+    expect do
+      R509::Cert.new(
+        :cert => @cert,
+        :pkcs12 => @cert3_p12,
+        :password => 'whatever'
+      )
+    end.to raise_error(ArgumentError, 'When providing pkcs12, do not pass cert or key')
   end
   it "has a public_key" do
     cert = R509::Cert.new(:cert => @cert)
-    #this is more complex than it should have to be. diff versions of openssl
-    #return subtly diff PEM encodings so we need to look at the modulus (n)
-    #but beware, because n is not present for DSA certificates
-    cert.public_key.n.to_i.should == @cert_public_key_modulus.to_i
+    # this is more complex than it should have to be. diff versions of openssl
+    # return subtly diff PEM encodings so we need to look at the modulus (n)
+    # but beware, because n is not present for DSA certificates
+    expect(cert.public_key.n.to_i).to eq(@cert_public_key_modulus.to_i)
   end
   it "returns bit strength" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.bit_strength.should == 2048
+    expect(cert.bit_strength).to eq(2048)
   end
   it "has the right issuer" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.issuer.to_s.should == "/C=US/O=SecureTrust Corporation/CN=SecureTrust CA"
+    expect(cert.issuer.to_s).to eq("/C=US/O=SecureTrust Corporation/CN=SecureTrust CA")
   end
   it "generates certificate fingerprints" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.fingerprint.should == '863bbb58877b426eb10ccfd34d3056b8c961f627'
-    cert.fingerprint('sha256').should == '65d624f5a6937c3005d78b3f4ff09164649dd5aeb3fd8a93d6fd420e8b587fa2'
-    cert.fingerprint('sha512').should == 'a07d87f04161f52ef671c9d616530d07ebadef9c93c0470091617363c9ce8618dcb7931414e599d25cb032d68597111719e76d7de4bb7a92bf5ca7c08c36cf12'
-    cert.fingerprint('md5').should == 'aa78501c41b19252dfbe8ba509cc21f4'
+    expect(cert.fingerprint).to eq('65d624f5a6937c3005d78b3f4ff09164649dd5aeb3fd8a93d6fd420e8b587fa2')
+    expect(cert.fingerprint('sha1')).to eq('863bbb58877b426eb10ccfd34d3056b8c961f627')
+    expect(cert.fingerprint('sha512')).to eq('a07d87f04161f52ef671c9d616530d07ebadef9c93c0470091617363c9ce8618dcb7931414e599d25cb032d68597111719e76d7de4bb7a92bf5ca7c08c36cf12')
+    expect(cert.fingerprint('md5')).to eq('aa78501c41b19252dfbe8ba509cc21f4')
   end
   it "returns true from has_private_key? when a key is present" do
     cert = R509::Cert.new(:cert => @cert3, :key => @key3)
-    cert.has_private_key?.should == true
+    expect(cert.has_private_key?).to eq(true)
   end
   it "returns false from has_private_key? when a key is not present" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.has_private_key?.should == false
+    expect(cert.has_private_key?).to eq(false)
   end
   it "loads encrypted private key with cert" do
     expect { R509::Cert.new(:cert => @cert3, :key => @key3_encrypted, :password => "r509") }.to_not raise_error
   end
   it "loads pkcs12" do
     cert = R509::Cert.new(:pkcs12 => @cert3_p12, :password => "r509")
-    cert.has_private_key?.should == true
-    cert.subject.to_s.should == '/CN=futurama.com/O=Farnsworth Enterprises'
+    expect(cert.has_private_key?).to eq(true)
+    expect(cert.subject.to_s).to eq('/CN=futurama.com/O=Farnsworth Enterprises')
   end
   it "has the right not_before" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.not_before.to_i.should == 1282659002
+    expect(cert.not_before.to_i).to eq(1282659002)
   end
   it "has the right not_after" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.not_after.to_i.should == 1377267002
+    expect(cert.not_after.to_i).to eq(1377267002)
   end
   it "returns signature algorithm" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.signature_algorithm.should == 'sha1WithRSAEncryption'
+    expect(cert.signature_algorithm).to eq('sha1WithRSAEncryption')
   end
   it "returns the RSA key algorithm" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.key_algorithm.should == "RSA"
+    expect(cert.key_algorithm).to eq("RSA")
   end
   it "returns the DSA key algorithm" do
     cert = R509::Cert.new(:cert => @cert6)
-    cert.key_algorithm.should == "DSA"
+    expect(cert.key_algorithm).to eq("DSA")
   end
   it "returns list of san names when it is a san cert" do
     cert = R509::Cert.new(:cert => @cert_san)
-    cert.san.dns_names.should == ['langui.sh']
+    expect(cert.san.dns_names).to eq(['langui.sh'])
   end
   it "#san returns nil when it is not a san cert" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.san.should be_nil
+    expect(cert.san).to be_nil
   end
   it "#all_names should return a list of san names in addition to the CN" do
     cert = R509::Cert.new(:cert => @cert_san2)
-    cert.all_names.should == ["cn.langui.sh", "san1.langui.sh",
-                    "san2.langui.sh", "san3.langui.sh"]
+    expect(cert.all_names).to eq(["cn.langui.sh", "san1.langui.sh",
+                                  "san2.langui.sh", "san3.langui.sh"])
   end
   it "#all_names should not have duplicates" do
     cert = R509::Cert.new(:cert => @cert_san)
-    cert.all_names.should == ["langui.sh"]
+    expect(cert.all_names).to eq(["langui.sh"])
   end
   it "#all_names should return the CN in the array even if there are no SANs" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.all_names.should == ["langui.sh"]
+    expect(cert.all_names).to eq(["langui.sh"])
   end
   it "raises exception when providing invalid cert" do
     expect { R509::Cert.new(:cert => "invalid cert") }.to raise_error(OpenSSL::X509::CertificateError)
@@ -138,134 +142,134 @@ describe R509::Cert do
   end
   it "loads properly when an R509::PrivateKey is provided" do
     key = R509::PrivateKey.new(:key => @key3)
-    expect { R509::Cert.new(:key => key, :cert => @cert3)}.to_not raise_error
+    expect { R509::Cert.new(:key => key, :cert => @cert3) }.to_not raise_error
   end
   it "writes to pem" do
     cert = R509::Cert.new(:cert => @cert)
     sio = StringIO.new
     sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
     cert.write_pem(sio)
-    sio.string.should == @cert
+    expect(sio.string).to eq(@cert)
   end
   it "writes to der" do
     cert = R509::Cert.new(:cert => @cert)
     sio = StringIO.new
     sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
     cert.write_der(sio)
-    sio.string.should == @cert_der
+    expect(sio.string).to eq(@cert_der)
   end
   it "writes to pkcs12 when key/cert are present" do
     cert = R509::Cert.new(:cert => @cert3, :key => @key3)
     sio = StringIO.new
     sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
-    cert.write_pkcs12(sio,'r509_password')
+    cert.write_pkcs12(sio, 'r509_password')
     expect { R509::Cert.new(:pkcs12 => sio.string, :password => 'r509_password') }.to_not raise_error
   end
   it "raises error when writing to pkcs12 if key is not present" do
     cert = R509::Cert.new(:cert => @cert3)
-    expect { cert.write_pkcs12('/dev/null','password') }.to raise_error(R509::R509Error, "Writing a PKCS12 requires both key and cert")
+    expect { cert.write_pkcs12('/dev/null', 'password') }.to raise_error(R509::R509Error, "Writing a PKCS12 requires both key and cert")
   end
   it "parses san extension" do
     cert = R509::Cert.new(:cert => @cert_san)
-    cert.san.dns_names.should == ["langui.sh"]
+    expect(cert.san.dns_names).to eq(["langui.sh"])
   end
   context "when initialized with an OpenSSL::X509::Certificate" do
     it "returns pem on to_pem" do
       test_cert = OpenSSL::X509::Certificate.new(@cert)
       cert = R509::Cert.new(:cert => test_cert)
-      cert.to_pem.should == @cert
+      expect(cert.to_pem).to eq(@cert)
     end
     it "returns der on to_der" do
       test_cert = OpenSSL::X509::Certificate.new(@cert)
       cert = R509::Cert.new(:cert => test_cert)
-      cert.to_der.should == @cert_der
+      expect(cert.to_der).to eq(@cert_der)
     end
     it "returns pem on to_s" do
       test_cert = OpenSSL::X509::Certificate.new(@cert)
       cert = R509::Cert.new(:cert => test_cert)
-      cert.to_s.should == @cert
+      expect(cert.to_s).to eq(@cert)
     end
   end
   context "when initialized with a pem" do
     it "returns on to_pem" do
       cert = R509::Cert.new(:cert => @cert)
-      cert.to_pem.should == @cert
+      expect(cert.to_pem).to eq(@cert)
     end
     it "returns der on to_der" do
       cert = R509::Cert.new(:cert => @cert)
-      cert.to_der.should == @cert_der
+      expect(cert.to_der).to eq(@cert_der)
     end
     it "returns pem on to_s" do
       cert = R509::Cert.new(:cert => @cert)
-      cert.to_s.should == @cert
-     end
+      expect(cert.to_s).to eq(@cert)
+    end
   end
   it "gets the right object from #basic_constraints" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.basic_constraints.class.should == R509::Cert::Extensions::BasicConstraints
+    expect(cert.basic_constraints.class).to eq(R509::Cert::Extensions::BasicConstraints)
   end
   it "gets the right object from #key_usage" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.key_usage.class.should == R509::Cert::Extensions::KeyUsage
+    expect(cert.key_usage.class).to eq(R509::Cert::Extensions::KeyUsage)
   end
   it "gets the right object from #key_usage" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.extended_key_usage.class.should == R509::Cert::Extensions::ExtendedKeyUsage
+    expect(cert.extended_key_usage.class).to eq(R509::Cert::Extensions::ExtendedKeyUsage)
   end
   it "gets the right object from #subject_key_identifier" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.subject_key_identifier.class.should == R509::Cert::Extensions::SubjectKeyIdentifier
+    expect(cert.subject_key_identifier.class).to eq(R509::Cert::Extensions::SubjectKeyIdentifier)
   end
   it "gets the right object from #authority_key_identifier" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.authority_key_identifier.class.should == R509::Cert::Extensions::AuthorityKeyIdentifier
+    expect(cert.authority_key_identifier.class).to eq(R509::Cert::Extensions::AuthorityKeyIdentifier)
   end
   it "gets the right object from #subject_alternative_name" do
     cert = R509::Cert.new(:cert => @cert5)
-    cert.subject_alternative_name.class.should == R509::Cert::Extensions::SubjectAlternativeName
+    expect(cert.subject_alternative_name.class).to eq(R509::Cert::Extensions::SubjectAlternativeName)
   end
   it "gets the right object from #authority_info_access" do
     cert = R509::Cert.new(:cert => @cert5)
-    cert.authority_info_access.class.should == R509::Cert::Extensions::AuthorityInfoAccess
+    expect(cert.authority_info_access.class).to eq(R509::Cert::Extensions::AuthorityInfoAccess)
   end
   it "gets the right object from #crl_distribution_points" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.crl_distribution_points.class.should == R509::Cert::Extensions::CRLDistributionPoints
+    expect(cert.crl_distribution_points.class).to eq(R509::Cert::Extensions::CRLDistributionPoints)
   end
   it "gets the right object from #certificate_policies" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.certificate_policies.class.should == R509::Cert::Extensions::CertificatePolicies
+    expect(cert.certificate_policies.class).to eq(R509::Cert::Extensions::CertificatePolicies)
   end
   it "gets the right object from #inhibit_any_policy" do
     cert = R509::Cert.new(:cert => @cert_inhibit)
-    cert.inhibit_any_policy.class.should == R509::Cert::Extensions::InhibitAnyPolicy
+    expect(cert.inhibit_any_policy.class).to eq(R509::Cert::Extensions::InhibitAnyPolicy)
   end
   it "gets the right object from #policy_constraints" do
     cert = R509::Cert.new(:cert => @cert_policy_constraints)
-    cert.policy_constraints.class.should == R509::Cert::Extensions::PolicyConstraints
+    expect(cert.policy_constraints.class).to eq(R509::Cert::Extensions::PolicyConstraints)
   end
   it "gets the right object from #name_constraints" do
     cert = R509::Cert.new(:cert => @cert_name_constraints)
-    cert.name_constraints.class.should == R509::Cert::Extensions::NameConstraints
+    expect(cert.name_constraints.class).to eq(R509::Cert::Extensions::NameConstraints)
   end
   it "returns true from #ocsp_no_check? when the extension is present" do
     cert = R509::Cert.new(:cert => @cert_ocsp_no_check)
-    cert.ocsp_no_check?.should == true
+    expect(cert.ocsp_no_check?).to eq(true)
   end
   it "returns false from #ocsp_no_check? when the extension is not present" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.ocsp_no_check?.should == false
+    expect(cert.ocsp_no_check?).to eq(false)
   end
   it "checks rsa?" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.rsa?.should == true
-    cert.ec?.should == false
-    cert.dsa?.should == false
+    expect(cert.rsa?).to eq(true)
+    expect(cert.ec?).to eq(false)
+    expect(cert.dsa?).to eq(false)
   end
   it "gets RSA bit strength" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.bit_strength.should == 2048
+    expect(cert.bit_strength).to eq(2048)
   end
   it "returns an error for curve_name for DSA/RSA" do
     cert = R509::Cert.new(:cert => @cert)
@@ -273,66 +277,66 @@ describe R509::Cert do
   end
   it "checks dsa?" do
     cert = R509::Cert.new(:cert => @cert6)
-    cert.rsa?.should == false
-    cert.ec?.should == false
-    cert.dsa?.should == true
+    expect(cert.rsa?).to eq(false)
+    expect(cert.ec?).to eq(false)
+    expect(cert.dsa?).to eq(true)
   end
   it "gets DSA bit strength" do
     cert = R509::Cert.new(:cert => @cert6)
-    cert.bit_strength.should == 1024
+    expect(cert.bit_strength).to eq(1024)
   end
   it "gets serial of cert" do
     cert = R509::Cert.new(:cert => @cert6)
-    cert.serial.should == 951504
+    expect(cert.serial).to eq(951504)
   end
   it "gets hexserial of cert" do
     cert = R509::Cert.new(:cert => @cert6)
-    cert.hexserial.should == "0E84D0"
+    expect(cert.hexserial).to eq("0E84D0")
   end
   it "checks a cert that is not yet valid" do
     cert = R509::Cert.new(:cert => @cert_not_yet_valid)
-    cert.valid?.should == false
+    expect(cert.valid?).to eq(false)
   end
   it "checks a cert that is in validity range" do
     cert = R509::Cert.new(:cert => @test_ca_cert)
-    cert.valid?.should == true
+    expect(cert.valid?).to eq(true)
   end
   it "checks a cert that is expired" do
     cert = R509::Cert.new(:cert => @cert_expired)
-    cert.valid?.should == false
+    expect(cert.valid?).to eq(false)
   end
   it "checks expired_at?" do
     cert = R509::Cert.new(:cert => @cert_expired)
-    cert.valid_at?(Time.utc(2009,1,1)).should == false
-    cert.valid_at?(Time.utc(2011,3,1)).should == true
-    cert.valid_at?(1298959200).should == true
-    cert.valid_at?(Time.utc(2012,1,1)).should == false
+    expect(cert.valid_at?(Time.utc(2009, 1, 1))).to eq(false)
+    expect(cert.valid_at?(Time.utc(2011, 3, 1))).to eq(true)
+    expect(cert.valid_at?(1298959200)).to eq(true)
+    expect(cert.valid_at?(Time.utc(2012, 1, 1))).to eq(false)
   end
   it "is revoked by crl" do
     cert = R509::Cert.new(:cert => @cert3)
     crl_admin = R509::CRL::Administrator.new(TestFixtures.test_ca_config)
     crl_admin.revoke_cert(1425751142578902223005775172931960716533532010870)
     crl = crl_admin.generate_crl
-    cert.is_revoked_by_crl?(crl).should == true
+    expect(cert.is_revoked_by_crl?(crl)).to eq(true)
   end
   it "is not revoked by crl" do
     cert = R509::Cert.new(:cert => @cert3)
     crl_admin = R509::CRL::Administrator.new(TestFixtures.test_ca_config)
     crl = crl_admin.generate_crl
-    cert.is_revoked_by_crl?(crl).should == false
+    expect(cert.is_revoked_by_crl?(crl)).to eq(false)
   end
   it "loads a cert with load_from_file" do
     path = File.dirname(__FILE__) + '/fixtures/cert1.pem'
     cert = R509::Cert.load_from_file path
-    cert.serial.to_i.should == 211653423715
+    expect(cert.serial.to_i).to eq(211653423715)
   end
   it "returns a hash for #extensions" do
     cert = R509::Cert.new(:cert => @cert3)
-    cert.extensions.kind_of?(Hash).should == true
+    expect(cert.extensions.is_a?(Hash)).to eq(true)
   end
   it "returns an array for #unknown_extensions" do
     cert = R509::Cert.new(:cert => @cert3)
-    cert.unknown_extensions.should == []
+    expect(cert.unknown_extensions).to eq([])
   end
   context "elliptic curve certs", :ec => true do
@@ -347,52 +351,52 @@ describe R509::Cert do
       cert = R509::Cert.new(:cert => @cert_ec, :key => @key_ec)
       sio = StringIO.new
       sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
-      cert.write_pkcs12(sio,'r509_password')
+      cert.write_pkcs12(sio, 'r509_password')
       expect { R509::Cert.new(:pkcs12 => sio.string, :password => 'r509_password') }.to_not raise_error
     end
     it "raises error on bit strength" do
       cert = R509::Cert.new(:cert => @cert_ec)
-      expect { cert.bit_strength }.to raise_error(R509::R509Error,'Bit length is not available for EC at this time.')
+      expect { cert.bit_strength }.to raise_error(R509::R509Error, 'Bit length is not available for EC at this time.')
     end
     it "returns curve name" do
       cert = R509::Cert.new(:cert => @cert_ec)
-      cert.curve_name.should == 'secp384r1'
+      expect(cert.curve_name).to eq('secp384r1')
     end
     it "checks ec?" do
       cert = R509::Cert.new(:cert => @cert_ec)
-      cert.rsa?.should == false
-      cert.dsa?.should == false
-      cert.ec?.should == true
+      expect(cert.rsa?).to eq(false)
+      expect(cert.dsa?).to eq(false)
+      expect(cert.ec?).to eq(true)
     end
     it "returns the public key" do
       cert = R509::Cert.new(:cert => @cert_ec)
       private_key = R509::PrivateKey.new(:key => @key_ec)
-      cert.public_key.to_der.should == private_key.public_key.to_der
+      expect(cert.public_key.to_der).to eq(private_key.public_key.to_der)
     end
     it "returns the key algorithm" do
       cert = R509::Cert.new(:cert => @cert_ec)
-      cert.key_algorithm.should == "EC"
+      expect(cert.key_algorithm).to eq("EC")
     end
   end
   context "when elliptic curve support is unavailable" do
     before :all do
-      @ec = OpenSSL::PKey.send(:remove_const,:EC) # remove EC support for test!
+      @ec = OpenSSL::PKey.send(:remove_const, :EC) # remove EC support for test!
       load('r509/ec-hack.rb')
     end
     after :all do
-      OpenSSL::PKey.send(:remove_const,:EC) # remove stubbed EC
+      OpenSSL::PKey.send(:remove_const, :EC) # remove stubbed EC
       OpenSSL::PKey::EC = @ec # add the real one back
     end
     it "checks rsa?" do
       cert = R509::Cert.new(:cert => @cert)
-      cert.rsa?.should == true
-      cert.ec?.should == false
-      cert.dsa?.should == false
+      expect(cert.rsa?).to eq(true)
+      expect(cert.ec?).to eq(false)
+      expect(cert.dsa?).to eq(false)
     end
     it "returns RSA key algorithm for RSA CSR" do
       cert = R509::Cert.new(:cert => @cert)
-      cert.key_algorithm.should == "RSA"
+      expect(cert.key_algorithm).to eq("RSA")
     end
   end
 end