r509 0.10.0 → 1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.mdown +2 -2
- data/Rakefile +2 -3
- data/bin/r509 +77 -80
- data/bin/r509-parse +4 -4
- data/doc/R509.html +60 -60
- data/doc/R509/ASN1.html +158 -48
- data/doc/R509/ASN1/GeneralName.html +157 -154
- data/doc/R509/ASN1/GeneralNames.html +246 -237
- data/doc/R509/CRL.html +41 -39
- data/doc/R509/CRL/Administrator.html +105 -100
- data/doc/R509/CRL/FileReaderWriter.html +146 -98
- data/doc/R509/CRL/ReaderWriter.html +57 -54
- data/doc/R509/CRL/SQLiteReaderWriter.html +727 -0
- data/doc/R509/CRL/SignedList.html +83 -80
- data/doc/R509/CSR.html +184 -162
- data/doc/R509/Cert.html +271 -269
- data/doc/R509/Cert/Extensions.html +62 -63
- data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +138 -108
- data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +100 -84
- data/doc/R509/Cert/Extensions/BasicConstraints.html +89 -88
- data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +87 -83
- data/doc/R509/Cert/Extensions/CertificatePolicies.html +78 -76
- data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +128 -125
- data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +83 -78
- data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +69 -67
- data/doc/R509/Cert/Extensions/KeyUsage.html +138 -135
- data/doc/R509/Cert/Extensions/NameConstraints.html +82 -81
- data/doc/R509/Cert/Extensions/NoticeReference.html +59 -56
- data/doc/R509/Cert/Extensions/OCSPNoCheck.html +70 -69
- data/doc/R509/Cert/Extensions/PolicyConstraints.html +71 -69
- data/doc/R509/Cert/Extensions/PolicyInformation.html +63 -60
- data/doc/R509/Cert/Extensions/PolicyQualifiers.html +60 -57
- data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +91 -87
- data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +72 -71
- data/doc/R509/Cert/Extensions/UserNotice.html +60 -57
- data/doc/R509/Cert/Extensions/ValidationMixin.html +43 -40
- data/doc/R509/CertificateAuthority.html +39 -37
- data/doc/R509/CertificateAuthority/OptionsBuilder.html +58 -55
- data/doc/R509/CertificateAuthority/Signer.html +277 -60
- data/doc/R509/Config.html +40 -38
- data/doc/R509/Config/CAConfig.html +255 -188
- data/doc/R509/Config/CAConfigPool.html +64 -61
- data/doc/R509/Config/CertProfile.html +119 -116
- data/doc/R509/Config/SubjectItemPolicy.html +94 -93
- data/doc/R509/Engine.html +60 -56
- data/doc/R509/Helpers.html +99 -96
- data/doc/R509/MessageDigest.html +69 -68
- data/doc/R509/NameSanitizer.html +51 -48
- data/doc/R509/OCSP.html +39 -37
- data/doc/R509/OCSP/Request.html +39 -37
- data/doc/R509/OCSP/Request/Nonce.html +67 -67
- data/doc/R509/OCSP/Response.html +93 -90
- data/doc/R509/OIDMapper.html +48 -46
- data/doc/R509/PrivateKey.html +170 -169
- data/doc/R509/R509Error.html +45 -42
- data/doc/R509/SPKI.html +99 -89
- data/doc/R509/Subject.html +86 -83
- data/doc/R509/Validity.html +57 -57
- data/doc/R509/Validity/Checker.html +63 -93
- data/doc/R509/Validity/DefaultChecker.html +58 -55
- data/doc/R509/Validity/DefaultWriter.html +62 -59
- data/doc/R509/Validity/Status.html +77 -74
- data/doc/R509/Validity/Writer.html +75 -123
- data/doc/_index.html +37 -31
- data/doc/class_list.html +25 -27
- data/doc/css/full_list.css +32 -31
- data/doc/css/style.css +221 -78
- data/doc/file.CONTRIBUTING.html +29 -30
- data/doc/file.LICENSE.html +29 -30
- data/doc/file.README.html +31 -32
- data/doc/file.YAML.html +33 -34
- data/doc/file.r509.html +39 -48
- data/doc/file_list.html +39 -30
- data/doc/frames.html +10 -21
- data/doc/index.html +31 -32
- data/doc/js/app.js +100 -71
- data/doc/js/full_list.js +168 -130
- data/doc/method_list.html +1788 -1119
- data/doc/top-level-namespace.html +45 -49
- data/lib/r509.rb +21 -7
- data/lib/r509/asn1.rb +45 -32
- data/lib/r509/cert.rb +45 -51
- data/lib/r509/cert/extensions/authority_info_access.rb +49 -23
- data/lib/r509/cert/extensions/authority_key_identifier.rb +16 -11
- data/lib/r509/cert/extensions/base.rb +22 -23
- data/lib/r509/cert/extensions/basic_constraints.rb +11 -12
- data/lib/r509/cert/extensions/certificate_policies.rb +26 -26
- data/lib/r509/cert/extensions/crl_distribution_points.rb +5 -7
- data/lib/r509/cert/extensions/extended_key_usage.rb +5 -5
- data/lib/r509/cert/extensions/inhibit_any_policy.rb +4 -3
- data/lib/r509/cert/extensions/key_usage.rb +5 -5
- data/lib/r509/cert/extensions/name_constraints.rb +16 -16
- data/lib/r509/cert/extensions/ocsp_no_check.rb +3 -3
- data/lib/r509/cert/extensions/policy_constraints.rb +8 -8
- data/lib/r509/cert/extensions/subject_alternative_name.rb +5 -4
- data/lib/r509/cert/extensions/subject_key_identifier.rb +5 -5
- data/lib/r509/cert/extensions/validation_mixin.rb +11 -10
- data/lib/r509/certificate_authority/options_builder.rb +19 -21
- data/lib/r509/certificate_authority/signer.rb +26 -27
- data/lib/r509/config.rb +1 -0
- data/lib/r509/config/ca_config.rb +70 -75
- data/lib/r509/config/cert_profile.rb +9 -8
- data/lib/r509/config/subject_item_policy.rb +25 -28
- data/lib/r509/crl/administrator.rb +19 -20
- data/lib/r509/crl/reader_writer.rb +10 -8
- data/lib/r509/crl/signed_list.rb +4 -4
- data/lib/r509/crl/sqlite_reader_writer.rb +75 -0
- data/lib/r509/csr.rb +54 -60
- data/lib/r509/ec-hack.rb +3 -2
- data/lib/r509/engine.rb +5 -6
- data/lib/r509/exceptions.rb +1 -1
- data/lib/r509/helpers.rb +11 -14
- data/lib/r509/io_helpers.rb +7 -7
- data/lib/r509/message_digest.rb +5 -6
- data/lib/r509/ocsp.rb +11 -13
- data/lib/r509/oid_mapper.rb +2 -2
- data/lib/r509/private_key.rb +28 -32
- data/lib/r509/spki.rb +17 -20
- data/lib/r509/subject.rb +26 -27
- data/lib/r509/trollop.rb +1 -0
- data/lib/r509/validity.rb +30 -21
- data/lib/r509/version.rb +4 -2
- data/r509.yaml +9 -17
- data/spec/asn1_spec.rb +145 -146
- data/spec/cert/extensions/authority_info_access_spec.rb +41 -41
- data/spec/cert/extensions/authority_key_identifier_spec.rb +29 -23
- data/spec/cert/extensions/base_spec.rb +38 -34
- data/spec/cert/extensions/basic_constraints_spec.rb +21 -21
- data/spec/cert/extensions/certificate_policies_spec.rb +99 -87
- data/spec/cert/extensions/crl_distribution_points_spec.rb +24 -25
- data/spec/cert/extensions/extended_key_usage_spec.rb +40 -36
- data/spec/cert/extensions/inhibit_any_policy_spec.rb +12 -12
- data/spec/cert/extensions/key_usage_spec.rb +44 -39
- data/spec/cert/extensions/name_constraints_spec.rb +83 -83
- data/spec/cert/extensions/ocsp_no_check_spec.rb +10 -10
- data/spec/cert/extensions/policy_constraints_spec.rb +19 -19
- data/spec/cert/extensions/subject_alternative_name_spec.rb +46 -47
- data/spec/cert/extensions/subject_key_identifier_spec.rb +10 -10
- data/spec/cert_spec.rb +105 -101
- data/spec/certificate_authority/options_builder_spec.rb +90 -90
- data/spec/certificate_authority/signer_spec.rb +41 -41
- data/spec/config/ca_config_spec.rb +169 -119
- data/spec/config/cert_profile_spec.rb +33 -33
- data/spec/config/subject_item_policy_spec.rb +22 -22
- data/spec/crl/administrator_spec.rb +65 -65
- data/spec/crl/reader_writer_spec.rb +20 -19
- data/spec/crl/signed_list_spec.rb +26 -26
- data/spec/crl/sqlite_reader_writer_spec.rb +42 -0
- data/spec/csr_spec.rb +149 -145
- data/spec/engine_spec.rb +14 -14
- data/spec/fixtures.rb +56 -39
- data/spec/fixtures/crl_list.sql +13 -0
- data/spec/fixtures/csr1.der +0 -0
- data/spec/fixtures/csr1.pem +6 -6
- data/spec/message_digest_spec.rb +43 -43
- data/spec/ocsp_spec.rb +25 -25
- data/spec/oid_mapper_spec.rb +18 -19
- data/spec/private_key_spec.rb +79 -81
- data/spec/r509_spec.rb +16 -16
- data/spec/spec_helper.rb +3 -3
- data/spec/spki_spec.rb +94 -94
- data/spec/subject_spec.rb +107 -107
- data/spec/validity_spec.rb +25 -25
- metadata +113 -111
- metadata.gz.sig +0 -0
@@ -4,39 +4,38 @@ require 'r509/config'
|
|
4
4
|
describe R509::CertificateAuthority::OptionsBuilder do
|
5
5
|
|
6
6
|
it "errors when the object passed is not a CAConfig" do
|
7
|
-
expect { R509::CertificateAuthority::OptionsBuilder.new("string") }.to raise_error(ArgumentError,"You must supply a R509::Config::CAConfig object to this class at instantiation")
|
7
|
+
expect { R509::CertificateAuthority::OptionsBuilder.new("string") }.to raise_error(ArgumentError, "You must supply a R509::Config::CAConfig object to this class at instantiation")
|
8
8
|
end
|
9
9
|
|
10
10
|
context "enforces subject item policies" do
|
11
11
|
before :all do
|
12
|
-
config = R509::Config::CAConfig.new(
|
13
|
-
subject_item_policy = R509::Config::SubjectItemPolicy.new("CN" => {:policy => "required"}
|
12
|
+
config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
13
|
+
subject_item_policy = R509::Config::SubjectItemPolicy.new("CN" => { :policy => "required" }, "O" => { :policy => "required" }, "OU" => { :policy => "optional" }, "L" => { :policy => "required" })
|
14
14
|
profile = R509::Config::CertProfile.new(
|
15
15
|
:default_md => "SHA512",
|
16
16
|
:subject_item_policy => subject_item_policy
|
17
17
|
)
|
18
|
-
config.set_profile("profile",profile)
|
18
|
+
config.set_profile("profile", profile)
|
19
19
|
@builder = R509::CertificateAuthority::OptionsBuilder.new(config)
|
20
20
|
end
|
21
21
|
it "removes disallowed and keeps required/optional items" do
|
22
|
-
csr = R509::CSR.new(:subject => [['C','US'],['ST','Illinois'],['L','Chicago'],['O','Paul Kehrer'],['OU','Enginerding'],['CN','langui.sh']], :bit_strength => 1024)
|
22
|
+
csr = R509::CSR.new(:subject => [['C', 'US'], ['ST', 'Illinois'], ['L', 'Chicago'], ['O', 'Paul Kehrer'], ['OU', 'Enginerding'], ['CN', 'langui.sh']], :bit_strength => 1024)
|
23
23
|
data = @builder.build_and_enforce(:csr => csr, :profile_name => 'profile')
|
24
|
-
data[:subject].to_s.
|
24
|
+
expect(data[:subject].to_s).to eq('/L=Chicago/O=Paul Kehrer/OU=Enginerding/CN=langui.sh')
|
25
25
|
end
|
26
26
|
|
27
27
|
it "raises error when required item is missing" do
|
28
|
-
csr = R509::CSR.new(:subject => [['ST','Illinois'],['L','Chicago'],['O','Paul Kehrer']], :bit_strength => 1024)
|
28
|
+
csr = R509::CSR.new(:subject => [['ST', 'Illinois'], ['L', 'Chicago'], ['O', 'Paul Kehrer']], :bit_strength => 1024)
|
29
29
|
expect { @builder.build_and_enforce(:csr => csr, :profile_name => 'profile') }.to raise_error(R509::R509Error, /This profile requires you supply/)
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
|
-
|
34
33
|
it "raises error on invalid signature" do
|
35
|
-
config = R509::Config::CAConfig.new(
|
34
|
+
config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
36
35
|
profile = R509::Config::CertProfile.new(
|
37
36
|
:default_md => "SHA512"
|
38
37
|
)
|
39
|
-
config.set_profile("profile",profile)
|
38
|
+
config.set_profile("profile", profile)
|
40
39
|
builder = R509::CertificateAuthority::OptionsBuilder.new(config)
|
41
40
|
csr = R509::CSR.new(:csr => TestFixtures::CSR_INVALID_SIGNATURE)
|
42
41
|
expect { builder.build_and_enforce(:csr => csr, :profile_name => 'profile') }.to raise_error(R509::R509Error, 'Request signature is invalid.')
|
@@ -46,81 +45,81 @@ describe R509::CertificateAuthority::OptionsBuilder do
|
|
46
45
|
|
47
46
|
context "extension builder" do
|
48
47
|
before :all do
|
49
|
-
@config = R509::Config::CAConfig.new(
|
48
|
+
@config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
50
49
|
@csr = R509::CSR.new(:csr => TestFixtures::CSR)
|
51
50
|
end
|
52
51
|
|
53
52
|
it "adds basic constraints" do
|
54
53
|
profile = R509::Config::CertProfile.new(
|
55
|
-
:basic_constraints => {:ca => false}
|
54
|
+
:basic_constraints => { :ca => false }
|
56
55
|
)
|
57
|
-
@config.set_profile("profile",profile)
|
56
|
+
@config.set_profile("profile", profile)
|
58
57
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
59
58
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
60
|
-
ext = data[:extensions].select{ |el| el.
|
61
|
-
ext.size.
|
62
|
-
ext[0].is_ca
|
59
|
+
ext = data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::BasicConstraints) }
|
60
|
+
expect(ext.size).to eq(1)
|
61
|
+
expect(ext[0].is_ca?).to be false
|
63
62
|
end
|
64
63
|
|
65
64
|
it "creates subject key identifier" do
|
66
65
|
profile = R509::Config::CertProfile.new
|
67
|
-
@config.set_profile("profile",profile)
|
66
|
+
@config.set_profile("profile", profile)
|
68
67
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
69
68
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
70
|
-
data[:extensions].select{ |el| el.
|
69
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::SubjectKeyIdentifier) }.size).to eq(1)
|
71
70
|
end
|
72
71
|
|
73
72
|
it "creates authority key identifier" do
|
74
73
|
profile = R509::Config::CertProfile.new
|
75
|
-
@config.set_profile("profile",profile)
|
74
|
+
@config.set_profile("profile", profile)
|
76
75
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
77
76
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
78
|
-
data[:extensions].select{ |el| el.
|
77
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::AuthorityKeyIdentifier) }.size).to eq(1)
|
79
78
|
end
|
80
79
|
|
81
80
|
it "adds key usage" do
|
82
81
|
profile = R509::Config::CertProfile.new(
|
83
82
|
:key_usage => { :value => ['keyEncipherment'] }
|
84
83
|
)
|
85
|
-
@config.set_profile("profile",profile)
|
84
|
+
@config.set_profile("profile", profile)
|
86
85
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
87
86
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
88
|
-
ext = data[:extensions].select{ |el| el.
|
89
|
-
ext.size.
|
90
|
-
ext[0].allowed_uses.
|
87
|
+
ext = data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::KeyUsage) }
|
88
|
+
expect(ext.size).to eq(1)
|
89
|
+
expect(ext[0].allowed_uses).to eq(['keyEncipherment'])
|
91
90
|
end
|
92
91
|
|
93
92
|
it "adds extended key usage" do
|
94
93
|
profile = R509::Config::CertProfile.new(
|
95
|
-
:extended_key_usage => {:value => ['serverAuth'] }
|
94
|
+
:extended_key_usage => { :value => ['serverAuth'] }
|
96
95
|
)
|
97
|
-
@config.set_profile("profile",profile)
|
96
|
+
@config.set_profile("profile", profile)
|
98
97
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
99
98
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
100
|
-
ext = data[:extensions].select{ |el| el.
|
101
|
-
ext.size.
|
102
|
-
ext[0].allowed_uses.
|
99
|
+
ext = data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::ExtendedKeyUsage) }
|
100
|
+
expect(ext.size).to eq(1)
|
101
|
+
expect(ext[0].allowed_uses).to eq(['serverAuth'])
|
103
102
|
end
|
104
103
|
|
105
104
|
it "adds certificate policies" do
|
106
105
|
profile = R509::Config::CertProfile.new(
|
107
|
-
:certificate_policies => {:value => [{:policy_identifier => "2.16.840.1.99999.21.234"}] }
|
106
|
+
:certificate_policies => { :value => [{ :policy_identifier => "2.16.840.1.99999.21.234" }] }
|
108
107
|
)
|
109
|
-
@config.set_profile("profile",profile)
|
108
|
+
@config.set_profile("profile", profile)
|
110
109
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
111
110
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
112
|
-
data[:extensions].select{ |el| el.
|
111
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::CertificatePolicies) }.size).to eq(1)
|
113
112
|
end
|
114
113
|
|
115
114
|
it "adds CRL distribution points" do
|
116
|
-
cdp = R509::Cert::Extensions::CRLDistributionPoints.new(:value => [{ :type => 'URI', :value => 'http://crl.domain.com/crl.crl'}])
|
115
|
+
cdp = R509::Cert::Extensions::CRLDistributionPoints.new(:value => [{ :type => 'URI', :value => 'http://crl.domain.com/crl.crl' }])
|
117
116
|
profile = R509::Config::CertProfile.new(
|
118
117
|
:crl_distribution_points => cdp
|
119
118
|
)
|
120
|
-
@config.set_profile("profile",profile)
|
119
|
+
@config.set_profile("profile", profile)
|
121
120
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
122
121
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
123
|
-
data[:extensions].select{ |el| el.
|
122
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::CRLDistributionPoints) }.size).to eq(1)
|
124
123
|
end
|
125
124
|
|
126
125
|
it "adds authority info access" do
|
@@ -129,91 +128,91 @@ describe R509::CertificateAuthority::OptionsBuilder do
|
|
129
128
|
profile = R509::Config::CertProfile.new(
|
130
129
|
:authority_info_access => aia
|
131
130
|
)
|
132
|
-
@config.set_profile("profile",profile)
|
131
|
+
@config.set_profile("profile", profile)
|
133
132
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
134
133
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
135
|
-
data[:extensions].select{ |el| el.
|
134
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::AuthorityInfoAccess) }.size).to eq(1)
|
136
135
|
end
|
137
136
|
|
138
137
|
it "adds inhibit any policy" do
|
139
138
|
profile = R509::Config::CertProfile.new(
|
140
139
|
:inhibit_any_policy => { :value => 1 }
|
141
140
|
)
|
142
|
-
@config.set_profile("profile",profile)
|
141
|
+
@config.set_profile("profile", profile)
|
143
142
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
144
143
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
145
|
-
data[:extensions].select{ |el| el.
|
144
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::InhibitAnyPolicy) }.size).to eq(1)
|
146
145
|
end
|
147
146
|
|
148
147
|
it "adds policy constraints" do
|
149
148
|
profile = R509::Config::CertProfile.new(
|
150
|
-
:policy_constraints => {:inhibit_policy_mapping => 1}
|
149
|
+
:policy_constraints => { :inhibit_policy_mapping => 1 }
|
151
150
|
)
|
152
|
-
@config.set_profile("profile",profile)
|
151
|
+
@config.set_profile("profile", profile)
|
153
152
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
154
153
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
155
|
-
data[:extensions].select{ |el| el.
|
154
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::PolicyConstraints) }.size).to eq(1)
|
156
155
|
end
|
157
156
|
|
158
157
|
it "adds name constraints" do
|
159
158
|
profile = R509::Config::CertProfile.new(
|
160
|
-
:name_constraints => { :permitted => [{:type => "URI", :value => "domain.com"}] }
|
159
|
+
:name_constraints => { :permitted => [{ :type => "URI", :value => "domain.com" }] }
|
161
160
|
)
|
162
|
-
@config.set_profile("profile",profile)
|
161
|
+
@config.set_profile("profile", profile)
|
163
162
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
164
163
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
165
|
-
data[:extensions].select{ |el| el.
|
164
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::NameConstraints) }.size).to eq(1)
|
166
165
|
end
|
167
166
|
|
168
167
|
it "adds OCSP no check" do
|
169
168
|
profile = R509::Config::CertProfile.new(
|
170
|
-
:ocsp_no_check => {:value => true }
|
169
|
+
:ocsp_no_check => { :value => true }
|
171
170
|
)
|
172
|
-
@config.set_profile("profile",profile)
|
171
|
+
@config.set_profile("profile", profile)
|
173
172
|
builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
174
173
|
data = builder.build_and_enforce(:csr => @csr, :profile_name => 'profile')
|
175
|
-
data[:extensions].select{ |el| el.
|
174
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::OCSPNoCheck) }.size).to eq(1)
|
176
175
|
end
|
177
176
|
|
178
177
|
end
|
179
178
|
context "extension merging" do
|
180
179
|
before :all do
|
181
|
-
@config = R509::Config::CAConfig.new(
|
180
|
+
@config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
182
181
|
@csr = R509::CSR.new(:csr => TestFixtures::CSR)
|
183
182
|
profile = R509::Config::CertProfile.new(
|
184
|
-
:ocsp_no_check => {:value => true },
|
183
|
+
:ocsp_no_check => { :value => true },
|
185
184
|
:key_usage => { :value => ['digitalSignature'] }
|
186
185
|
)
|
187
|
-
@config.set_profile("profile",profile)
|
186
|
+
@config.set_profile("profile", profile)
|
188
187
|
@builder = R509::CertificateAuthority::OptionsBuilder.new(@config)
|
189
188
|
end
|
190
189
|
|
191
190
|
it "adds extensions that don't exist in the profile" do
|
192
191
|
exts = [R509::Cert::Extensions::ExtendedKeyUsage.new(:value => ['timeStamping']), R509::Cert::Extensions::InhibitAnyPolicy.new(:value => 1)]
|
193
192
|
data = @builder.build_and_enforce(:csr => @csr, :extensions => exts, :profile_name => 'profile')
|
194
|
-
data[:extensions].size.
|
195
|
-
data[:extensions].select{ |el| el.
|
196
|
-
data[:extensions].select{ |el| el.
|
197
|
-
data[:extensions].select{ |el| el.
|
198
|
-
data[:extensions].select{ |el| el.
|
193
|
+
expect(data[:extensions].size).to eq(6)
|
194
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::InhibitAnyPolicy) }.size).to eq(1)
|
195
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::ExtendedKeyUsage) }.size).to eq(1)
|
196
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::KeyUsage) }.size).to eq(1)
|
197
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::OCSPNoCheck) }.size).to eq(1)
|
199
198
|
end
|
200
199
|
it "replaces extensions that already exist in the profile" do
|
201
200
|
exts = [R509::Cert::Extensions::KeyUsage.new(:value => ['digitalSignature'])]
|
202
201
|
data = @builder.build_and_enforce(:csr => @csr, :extensions => exts, :profile_name => 'profile')
|
203
|
-
data[:extensions].size.
|
204
|
-
data[:extensions].select{ |el| el.
|
205
|
-
ku = data[:extensions].select{ |el| el.
|
206
|
-
ku[0].allowed_uses.
|
202
|
+
expect(data[:extensions].size).to eq(4)
|
203
|
+
expect(data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::OCSPNoCheck) }.size).to eq(1)
|
204
|
+
ku = data[:extensions].select { |el| el.is_a?(R509::Cert::Extensions::KeyUsage) }
|
205
|
+
expect(ku[0].allowed_uses).to eq(['digitalSignature'])
|
207
206
|
end
|
208
207
|
end
|
209
208
|
|
210
209
|
context "enforces message_digest without an allowed_message_digests array in the profile" do
|
211
210
|
before :all do
|
212
|
-
config = R509::Config::CAConfig.new(
|
211
|
+
config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
213
212
|
profile = R509::Config::CertProfile.new(
|
214
213
|
:default_md => "SHA512"
|
215
214
|
)
|
216
|
-
config.set_profile("profile",profile)
|
215
|
+
config.set_profile("profile", profile)
|
217
216
|
@builder = R509::CertificateAuthority::OptionsBuilder.new(config)
|
218
217
|
@csr = R509::CSR.new(:csr => TestFixtures::CSR)
|
219
218
|
end
|
@@ -225,46 +224,46 @@ describe R509::CertificateAuthority::OptionsBuilder do
|
|
225
224
|
:profile_name => 'profile'
|
226
225
|
}
|
227
226
|
enforced = @builder.build_and_enforce(options)
|
228
|
-
enforced[:message_digest].upcase.
|
227
|
+
expect(enforced[:message_digest].upcase).to eq(md)
|
229
228
|
end
|
230
229
|
end
|
231
230
|
end
|
232
231
|
context "enforces message_digest with an allowed_message_digests array in the profile" do
|
233
232
|
before :all do
|
234
|
-
config = R509::Config::CAConfig.new(
|
233
|
+
config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
235
234
|
profile = R509::Config::CertProfile.new(
|
236
|
-
:basic_constraints => {:ca => false},
|
237
|
-
:key_usage => {:value => ["digitalSignature"] },
|
238
|
-
:allowed_mds => ['sha256','sha1','sha384'],
|
239
|
-
:default_md => '
|
235
|
+
:basic_constraints => { :ca => false },
|
236
|
+
:key_usage => { :value => ["digitalSignature"] },
|
237
|
+
:allowed_mds => ['sha256', 'sha1', 'sha384'],
|
238
|
+
:default_md => 'sha256'
|
240
239
|
)
|
241
|
-
config.set_profile("profile",profile)
|
240
|
+
config.set_profile("profile", profile)
|
242
241
|
@builder = R509::CertificateAuthority::OptionsBuilder.new(config)
|
243
242
|
@csr = R509::CSR.new(:csr => TestFixtures::CSR)
|
244
243
|
end
|
245
244
|
it "passes a disallowed hash" do
|
246
|
-
expect { @builder.build_and_enforce(
|
245
|
+
expect { @builder.build_and_enforce(:csr => @csr, :message_digest => 'md5', :profile_name => "profile") }.to raise_error(R509::R509Error, 'The message digest passed is not allowed by this configuration. Allowed digests: SHA256, SHA1, SHA384')
|
247
246
|
end
|
248
247
|
it "permits an allowed hash (not default)" do
|
249
|
-
data = @builder.build_and_enforce(:csr => @csr, :message_digest => "sha384"
|
250
|
-
data[:message_digest].
|
248
|
+
data = @builder.build_and_enforce(:csr => @csr, :message_digest => "sha384", :profile_name => "profile")
|
249
|
+
expect(data[:message_digest]).to eq('sha384')
|
251
250
|
end
|
252
251
|
it "returns the default hash if no hash is passed" do
|
253
252
|
data = @builder.build_and_enforce(:csr => @csr, :profile_name => "profile")
|
254
|
-
data[:message_digest].
|
253
|
+
expect(data[:message_digest]).to eq('sha256')
|
255
254
|
end
|
256
255
|
end
|
257
256
|
|
258
257
|
context "enforces not_after" do
|
259
258
|
before :all do
|
260
|
-
config = R509::Config::CAConfig.new(
|
259
|
+
config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
261
260
|
profile = R509::Config::CertProfile.new(
|
262
|
-
:basic_constraints => {:ca => false},
|
263
|
-
:key_usage => {:value => ["digitalSignature"] },
|
264
|
-
:allowed_mds => ['sha256','sha1','sha384'],
|
265
|
-
:default_md => '
|
261
|
+
:basic_constraints => { :ca => false },
|
262
|
+
:key_usage => { :value => ["digitalSignature"] },
|
263
|
+
:allowed_mds => ['sha256', 'sha1', 'sha384'],
|
264
|
+
:default_md => 'sha256'
|
266
265
|
)
|
267
|
-
config.set_profile("profile",profile)
|
266
|
+
config.set_profile("profile", profile)
|
268
267
|
@builder = R509::CertificateAuthority::OptionsBuilder.new(config)
|
269
268
|
@csr = R509::CSR.new(:csr => TestFixtures::CSR)
|
270
269
|
end
|
@@ -279,8 +278,8 @@ describe R509::CertificateAuthority::OptionsBuilder do
|
|
279
278
|
:not_before => not_before,
|
280
279
|
:not_after => not_after
|
281
280
|
)
|
282
|
-
hash[:not_before].
|
283
|
-
hash[:not_after].
|
281
|
+
expect(hash[:not_before]).to eq(not_before)
|
282
|
+
expect(hash[:not_after]).to eq(not_after)
|
284
283
|
end
|
285
284
|
|
286
285
|
it "does not add a not_before or not_after key if not passed" do
|
@@ -289,19 +288,20 @@ describe R509::CertificateAuthority::OptionsBuilder do
|
|
289
288
|
:message_digest => 'sha256',
|
290
289
|
:profile_name => 'profile'
|
291
290
|
)
|
292
|
-
hash.
|
293
|
-
hash.
|
291
|
+
expect(hash.key?(:not_before)).to be false
|
292
|
+
expect(hash.key?(:not_after)).to be false
|
294
293
|
end
|
295
294
|
|
296
295
|
it "raises error when not_after is after the issuing CA's expiry" do
|
297
|
-
expect
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
296
|
+
expect do
|
297
|
+
@builder.build_and_enforce(
|
298
|
+
:csr => @csr,
|
299
|
+
:message_digest => 'sha256',
|
300
|
+
:profile_name => 'profile',
|
301
|
+
:not_after => Time.now + 86400 * 7300 * 25
|
302
|
+
)
|
303
|
+
end.to raise_error(R509::R509Error, 'The requested certificate lifetime would exceed the issuing CA.')
|
303
304
|
end
|
304
305
|
end
|
305
306
|
|
306
|
-
|
307
307
|
end
|
@@ -5,8 +5,8 @@ shared_examples_for "signing" do |selfsign|
|
|
5
5
|
@options = {}
|
6
6
|
@options[:csr] = @csr unless @csr.nil?
|
7
7
|
@options[:spki] = @spki unless @spki.nil?
|
8
|
-
if @options.
|
9
|
-
@options[:subject] = R509::Subject.new([['CN','test']])
|
8
|
+
if @options.key?(:spki)
|
9
|
+
@options[:subject] = R509::Subject.new([['CN', 'test']])
|
10
10
|
end
|
11
11
|
end
|
12
12
|
|
@@ -16,8 +16,8 @@ shared_examples_for "signing" do |selfsign|
|
|
16
16
|
else
|
17
17
|
cert = @ca.sign(@options)
|
18
18
|
end
|
19
|
-
subject = (@options[:csr].nil?)
|
20
|
-
cert.subject.to_s.
|
19
|
+
subject = (@options[:csr].nil?) ? @options[:subject] : @options[:csr].subject
|
20
|
+
expect(cert.subject.to_s).to eq(subject.to_s)
|
21
21
|
end
|
22
22
|
|
23
23
|
it "with specified subject (selfsign:#{selfsign})" do
|
@@ -30,13 +30,13 @@ shared_examples_for "signing" do |selfsign|
|
|
30
30
|
else
|
31
31
|
cert = @ca.sign(@options)
|
32
32
|
end
|
33
|
-
cert.subject.to_s.
|
33
|
+
expect(cert.subject.to_s).to eq('/CN=myCN/O=Org')
|
34
34
|
end
|
35
35
|
|
36
36
|
it "with default md (selfsign:#{selfsign})" do
|
37
37
|
cert = @ca.sign(@options)
|
38
|
-
regex = Regexp.new(R509::MessageDigest::DEFAULT_MD,Regexp::IGNORECASE)
|
39
|
-
cert.signature_algorithm.
|
38
|
+
regex = Regexp.new(R509::MessageDigest::DEFAULT_MD, Regexp::IGNORECASE)
|
39
|
+
expect(cert.signature_algorithm).to match(regex)
|
40
40
|
end
|
41
41
|
|
42
42
|
it "with specified md (selfsign:#{selfsign})" do
|
@@ -46,7 +46,7 @@ shared_examples_for "signing" do |selfsign|
|
|
46
46
|
else
|
47
47
|
cert = @ca.sign(@options)
|
48
48
|
end
|
49
|
-
cert.signature_algorithm.
|
49
|
+
expect(cert.signature_algorithm).to match(/sha256/i)
|
50
50
|
end
|
51
51
|
|
52
52
|
it "with no :extensions in options hash (selfsign:#{selfsign})" do
|
@@ -57,7 +57,7 @@ shared_examples_for "signing" do |selfsign|
|
|
57
57
|
cert = @ca.sign(@options)
|
58
58
|
size = 2
|
59
59
|
end
|
60
|
-
cert.extensions.size.
|
60
|
+
expect(cert.extensions.size).to eq(size)
|
61
61
|
end
|
62
62
|
|
63
63
|
it "with empty extensions array (selfsign:#{selfsign})" do
|
@@ -67,7 +67,7 @@ shared_examples_for "signing" do |selfsign|
|
|
67
67
|
else
|
68
68
|
cert = @ca.sign(@options)
|
69
69
|
end
|
70
|
-
cert.extensions.size.
|
70
|
+
expect(cert.extensions.size).to eq(0)
|
71
71
|
end
|
72
72
|
|
73
73
|
it "with multiple extensions (selfsign:#{selfsign})" do
|
@@ -80,22 +80,22 @@ shared_examples_for "signing" do |selfsign|
|
|
80
80
|
else
|
81
81
|
cert = @ca.sign(@options)
|
82
82
|
end
|
83
|
-
cert.extensions.size.
|
84
|
-
cert.basic_constraints.is_ca
|
85
|
-
cert.inhibit_any_policy.value.
|
83
|
+
expect(cert.extensions.size).to eq(2)
|
84
|
+
expect(cert.basic_constraints.is_ca?).to eq(false)
|
85
|
+
expect(cert.inhibit_any_policy.value).to eq(4)
|
86
86
|
end
|
87
87
|
|
88
88
|
it "with random serial when serial is not specified and uses microtime as part of the serial to prevent collision (selfsign:#{selfsign})" do
|
89
89
|
now = Time.now
|
90
|
-
Time.
|
90
|
+
allow(Time).to receive(:now).and_return(now)
|
91
91
|
time = now.to_i.to_s
|
92
92
|
if selfsign
|
93
93
|
cert = R509::CertificateAuthority::Signer.selfsign(@options)
|
94
94
|
else
|
95
95
|
cert = @ca.sign(@options)
|
96
96
|
end
|
97
|
-
cert.serial.to_s.size.
|
98
|
-
cert.serial.to_s.index(time).
|
97
|
+
expect(cert.serial.to_s.size).to be >= 45
|
98
|
+
expect(cert.serial.to_s.index(time)).not_to be_nil
|
99
99
|
end
|
100
100
|
|
101
101
|
it "with specified serial number (selfsign:#{selfsign})" do
|
@@ -105,7 +105,7 @@ shared_examples_for "signing" do |selfsign|
|
|
105
105
|
else
|
106
106
|
cert = @ca.sign(@options)
|
107
107
|
end
|
108
|
-
cert.serial.
|
108
|
+
expect(cert.serial).to eq(11223344)
|
109
109
|
end
|
110
110
|
|
111
111
|
it "with default notBefore/notAfter dates (selfsign:#{selfsign})" do
|
@@ -116,8 +116,8 @@ shared_examples_for "signing" do |selfsign|
|
|
116
116
|
else
|
117
117
|
cert = @ca.sign(@options)
|
118
118
|
end
|
119
|
-
cert.not_before.ctime.
|
120
|
-
cert.not_after.ctime.
|
119
|
+
expect(cert.not_before.ctime).to eq(@options[:not_before].utc.ctime)
|
120
|
+
expect(cert.not_after.ctime).to eq(@options[:not_after].utc.ctime)
|
121
121
|
end
|
122
122
|
|
123
123
|
it "with specified notBefore/notAfter dates (selfsign:#{selfsign})" do
|
@@ -128,8 +128,8 @@ shared_examples_for "signing" do |selfsign|
|
|
128
128
|
else
|
129
129
|
cert = @ca.sign(@options)
|
130
130
|
end
|
131
|
-
cert.not_before.ctime.
|
132
|
-
cert.not_after.ctime.
|
131
|
+
expect(cert.not_before.ctime).to eq(@options[:not_before].utc.ctime)
|
132
|
+
expect(cert.not_after.ctime).to eq(@options[:not_after].utc.ctime)
|
133
133
|
end
|
134
134
|
|
135
135
|
end
|
@@ -150,34 +150,34 @@ describe R509::CertificateAuthority::Signer do
|
|
150
150
|
end
|
151
151
|
|
152
152
|
it "raises an error if you pass a config that has no private key for ca_cert" do
|
153
|
-
config = R509::Config::CAConfig.new(
|
153
|
+
config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
154
154
|
expect { R509::CertificateAuthority::Signer.new(config) }.to raise_error(R509::R509Error, "You must have a private key associated with your CA certificate to issue")
|
155
155
|
end
|
156
156
|
|
157
157
|
it "raises an error if you pass both csr and spki" do
|
158
158
|
csr = R509::CSR.new(:csr => TestFixtures::CSR)
|
159
|
-
spki = R509::SPKI.new(:spki => TestFixtures::SPKI, :subject=>[['CN','test']])
|
160
|
-
expect { @ca.sign(
|
159
|
+
spki = R509::SPKI.new(:spki => TestFixtures::SPKI, :subject => [['CN', 'test']])
|
160
|
+
expect { @ca.sign(:spki => spki, :csr => csr) }.to raise_error(ArgumentError, "You can't pass both :csr and :spki")
|
161
161
|
end
|
162
162
|
|
163
163
|
it "raise an error if you don't pass an R509::SPKI in :spki" do
|
164
164
|
spki = OpenSSL::Netscape::SPKI.new(TestFixtures::SPKI)
|
165
|
-
expect { @ca.sign(
|
165
|
+
expect { @ca.sign(:spki => spki) }.to raise_error(ArgumentError, 'You must pass an R509::SPKI object for :spki')
|
166
166
|
end
|
167
167
|
|
168
168
|
it "raise an error if you pass :spki without :subject" do
|
169
169
|
spki = R509::SPKI.new(:spki => TestFixtures::SPKI)
|
170
|
-
expect { @ca.sign(
|
170
|
+
expect { @ca.sign(:spki => spki) }.to raise_error(ArgumentError, 'You must supply :subject when passing :spki')
|
171
171
|
end
|
172
172
|
|
173
173
|
it "raise an error if you don't pass an R509::CSR in :csr" do
|
174
174
|
csr = OpenSSL::X509::Request.new(TestFixtures::CSR)
|
175
|
-
expect { @ca.sign(
|
175
|
+
expect { @ca.sign(:csr => csr) }.to raise_error(ArgumentError, 'You must pass an R509::CSR object for :csr')
|
176
176
|
end
|
177
177
|
|
178
178
|
it "raises an error if attempting to self-sign without a key" do
|
179
179
|
csr = R509::CSR.new(:csr => TestFixtures::CSR)
|
180
|
-
expect { R509::CertificateAuthority::Signer.selfsign(
|
180
|
+
expect { R509::CertificateAuthority::Signer.selfsign(:csr => csr) }.to raise_error(ArgumentError, "CSR must also have a private key to self sign")
|
181
181
|
end
|
182
182
|
|
183
183
|
it "raises error when passing non-hash to selfsign method" do
|
@@ -190,7 +190,7 @@ describe R509::CertificateAuthority::Signer do
|
|
190
190
|
before :all do
|
191
191
|
test_ca_config = TestFixtures.test_ca_config
|
192
192
|
@ca = R509::CertificateAuthority::Signer.new(test_ca_config)
|
193
|
-
@csr = R509::CSR.new(:subject => [['C','US'],['ST','Illinois'],['L','Chicago'],['O','Paul Kehrer'],['CN','langui.sh']], :bit_strength => 1024)
|
193
|
+
@csr = R509::CSR.new(:subject => [['C', 'US'], ['ST', 'Illinois'], ['L', 'Chicago'], ['O', 'Paul Kehrer'], ['CN', 'langui.sh']], :bit_strength => 1024)
|
194
194
|
end
|
195
195
|
|
196
196
|
it_validates "signing", false
|
@@ -199,16 +199,16 @@ describe R509::CertificateAuthority::Signer do
|
|
199
199
|
context "key in signed cert" do
|
200
200
|
it "returns key when CSR contains key" do
|
201
201
|
cert = R509::CertificateAuthority::Signer.selfsign(:csr => @csr)
|
202
|
-
cert.key.
|
203
|
-
cert.key.
|
202
|
+
expect(cert.key).not_to be_nil
|
203
|
+
expect(cert.key).to eq(@csr.key)
|
204
204
|
cert = @ca.sign(:csr => @csr)
|
205
|
-
cert.key.
|
206
|
-
cert.key.
|
205
|
+
expect(cert.key).not_to be_nil
|
206
|
+
expect(cert.key).to eq(@csr.key)
|
207
207
|
end
|
208
208
|
it "does not return key when CSR has no key" do
|
209
209
|
csr = R509::CSR.new(:csr => TestFixtures::CSR)
|
210
210
|
cert = @ca.sign(:csr => csr)
|
211
|
-
cert.key.
|
211
|
+
expect(cert.key).to be_nil
|
212
212
|
end
|
213
213
|
end
|
214
214
|
end
|
@@ -226,16 +226,16 @@ describe R509::CertificateAuthority::Signer do
|
|
226
226
|
context "key in signed cert" do
|
227
227
|
it "does not return key with SPKI" do
|
228
228
|
cert = @ca.sign(:spki => @spki, :subject => R509::Subject.new(:CN => 'test'))
|
229
|
-
cert.key.
|
229
|
+
expect(cert.key).to be_nil
|
230
230
|
end
|
231
231
|
end
|
232
232
|
end
|
233
233
|
|
234
234
|
context "Elliptic Curve CSR + CA", :ec => true do
|
235
235
|
before :all do
|
236
|
-
test_ca_ec = R509::Config::CAConfig.from_yaml("test_ca_ec", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_ec.yaml"),
|
236
|
+
test_ca_ec = R509::Config::CAConfig.from_yaml("test_ca_ec", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_ec.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
237
237
|
@ca = R509::CertificateAuthority::Signer.new(test_ca_ec)
|
238
|
-
@csr = R509::CSR.new(:subject => [['CN','elliptic curves']], :type => "ec")
|
238
|
+
@csr = R509::CSR.new(:subject => [['CN', 'elliptic curves']], :type => "ec")
|
239
239
|
end
|
240
240
|
|
241
241
|
it_validates "signing", false
|
@@ -244,7 +244,7 @@ describe R509::CertificateAuthority::Signer do
|
|
244
244
|
|
245
245
|
context "Elliptic Curve SPKI + CA", :ec => true do
|
246
246
|
before :all do
|
247
|
-
test_ca_ec = R509::Config::CAConfig.from_yaml("test_ca_ec", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_ec.yaml"),
|
247
|
+
test_ca_ec = R509::Config::CAConfig.from_yaml("test_ca_ec", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_ec.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
248
248
|
@ca = R509::CertificateAuthority::Signer.new(test_ca_ec)
|
249
249
|
private_key = R509::PrivateKey.new(:type => "ec")
|
250
250
|
@spki = R509::SPKI.new(:key => private_key)
|
@@ -255,10 +255,10 @@ describe R509::CertificateAuthority::Signer do
|
|
255
255
|
|
256
256
|
context "DSA CSR + CA", :ec => true do
|
257
257
|
before :all do
|
258
|
-
test_ca_dsa = R509::Config::CAConfig.from_yaml("test_ca_dsa", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_dsa.yaml"),
|
258
|
+
test_ca_dsa = R509::Config::CAConfig.from_yaml("test_ca_dsa", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_dsa.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
259
259
|
|
260
260
|
@ca = R509::CertificateAuthority::Signer.new(test_ca_dsa)
|
261
|
-
@csr = R509::CSR.new(:subject => [['CN','elliptic curves']], :type => "dsa", :bit_strength => 512)
|
261
|
+
@csr = R509::CSR.new(:subject => [['CN', 'elliptic curves']], :type => "dsa", :bit_strength => 512)
|
262
262
|
end
|
263
263
|
|
264
264
|
it_validates "signing", false
|
@@ -267,7 +267,7 @@ describe R509::CertificateAuthority::Signer do
|
|
267
267
|
|
268
268
|
context "DSA SPKI + CA", :ec => true do
|
269
269
|
before :all do
|
270
|
-
test_ca_dsa = R509::Config::CAConfig.from_yaml("test_ca_dsa", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_dsa.yaml"),
|
270
|
+
test_ca_dsa = R509::Config::CAConfig.from_yaml("test_ca_dsa", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_dsa.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
271
271
|
@ca = R509::CertificateAuthority::Signer.new(test_ca_dsa)
|
272
272
|
private_key = R509::PrivateKey.new(:type => "dsa", :bit_strength => 512)
|
273
273
|
@spki = R509::SPKI.new(:key => private_key)
|