r509 0.10.0 → 1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.mdown +2 -2
- data/Rakefile +2 -3
- data/bin/r509 +77 -80
- data/bin/r509-parse +4 -4
- data/doc/R509.html +60 -60
- data/doc/R509/ASN1.html +158 -48
- data/doc/R509/ASN1/GeneralName.html +157 -154
- data/doc/R509/ASN1/GeneralNames.html +246 -237
- data/doc/R509/CRL.html +41 -39
- data/doc/R509/CRL/Administrator.html +105 -100
- data/doc/R509/CRL/FileReaderWriter.html +146 -98
- data/doc/R509/CRL/ReaderWriter.html +57 -54
- data/doc/R509/CRL/SQLiteReaderWriter.html +727 -0
- data/doc/R509/CRL/SignedList.html +83 -80
- data/doc/R509/CSR.html +184 -162
- data/doc/R509/Cert.html +271 -269
- data/doc/R509/Cert/Extensions.html +62 -63
- data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +138 -108
- data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +100 -84
- data/doc/R509/Cert/Extensions/BasicConstraints.html +89 -88
- data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +87 -83
- data/doc/R509/Cert/Extensions/CertificatePolicies.html +78 -76
- data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +128 -125
- data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +83 -78
- data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +69 -67
- data/doc/R509/Cert/Extensions/KeyUsage.html +138 -135
- data/doc/R509/Cert/Extensions/NameConstraints.html +82 -81
- data/doc/R509/Cert/Extensions/NoticeReference.html +59 -56
- data/doc/R509/Cert/Extensions/OCSPNoCheck.html +70 -69
- data/doc/R509/Cert/Extensions/PolicyConstraints.html +71 -69
- data/doc/R509/Cert/Extensions/PolicyInformation.html +63 -60
- data/doc/R509/Cert/Extensions/PolicyQualifiers.html +60 -57
- data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +91 -87
- data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +72 -71
- data/doc/R509/Cert/Extensions/UserNotice.html +60 -57
- data/doc/R509/Cert/Extensions/ValidationMixin.html +43 -40
- data/doc/R509/CertificateAuthority.html +39 -37
- data/doc/R509/CertificateAuthority/OptionsBuilder.html +58 -55
- data/doc/R509/CertificateAuthority/Signer.html +277 -60
- data/doc/R509/Config.html +40 -38
- data/doc/R509/Config/CAConfig.html +255 -188
- data/doc/R509/Config/CAConfigPool.html +64 -61
- data/doc/R509/Config/CertProfile.html +119 -116
- data/doc/R509/Config/SubjectItemPolicy.html +94 -93
- data/doc/R509/Engine.html +60 -56
- data/doc/R509/Helpers.html +99 -96
- data/doc/R509/MessageDigest.html +69 -68
- data/doc/R509/NameSanitizer.html +51 -48
- data/doc/R509/OCSP.html +39 -37
- data/doc/R509/OCSP/Request.html +39 -37
- data/doc/R509/OCSP/Request/Nonce.html +67 -67
- data/doc/R509/OCSP/Response.html +93 -90
- data/doc/R509/OIDMapper.html +48 -46
- data/doc/R509/PrivateKey.html +170 -169
- data/doc/R509/R509Error.html +45 -42
- data/doc/R509/SPKI.html +99 -89
- data/doc/R509/Subject.html +86 -83
- data/doc/R509/Validity.html +57 -57
- data/doc/R509/Validity/Checker.html +63 -93
- data/doc/R509/Validity/DefaultChecker.html +58 -55
- data/doc/R509/Validity/DefaultWriter.html +62 -59
- data/doc/R509/Validity/Status.html +77 -74
- data/doc/R509/Validity/Writer.html +75 -123
- data/doc/_index.html +37 -31
- data/doc/class_list.html +25 -27
- data/doc/css/full_list.css +32 -31
- data/doc/css/style.css +221 -78
- data/doc/file.CONTRIBUTING.html +29 -30
- data/doc/file.LICENSE.html +29 -30
- data/doc/file.README.html +31 -32
- data/doc/file.YAML.html +33 -34
- data/doc/file.r509.html +39 -48
- data/doc/file_list.html +39 -30
- data/doc/frames.html +10 -21
- data/doc/index.html +31 -32
- data/doc/js/app.js +100 -71
- data/doc/js/full_list.js +168 -130
- data/doc/method_list.html +1788 -1119
- data/doc/top-level-namespace.html +45 -49
- data/lib/r509.rb +21 -7
- data/lib/r509/asn1.rb +45 -32
- data/lib/r509/cert.rb +45 -51
- data/lib/r509/cert/extensions/authority_info_access.rb +49 -23
- data/lib/r509/cert/extensions/authority_key_identifier.rb +16 -11
- data/lib/r509/cert/extensions/base.rb +22 -23
- data/lib/r509/cert/extensions/basic_constraints.rb +11 -12
- data/lib/r509/cert/extensions/certificate_policies.rb +26 -26
- data/lib/r509/cert/extensions/crl_distribution_points.rb +5 -7
- data/lib/r509/cert/extensions/extended_key_usage.rb +5 -5
- data/lib/r509/cert/extensions/inhibit_any_policy.rb +4 -3
- data/lib/r509/cert/extensions/key_usage.rb +5 -5
- data/lib/r509/cert/extensions/name_constraints.rb +16 -16
- data/lib/r509/cert/extensions/ocsp_no_check.rb +3 -3
- data/lib/r509/cert/extensions/policy_constraints.rb +8 -8
- data/lib/r509/cert/extensions/subject_alternative_name.rb +5 -4
- data/lib/r509/cert/extensions/subject_key_identifier.rb +5 -5
- data/lib/r509/cert/extensions/validation_mixin.rb +11 -10
- data/lib/r509/certificate_authority/options_builder.rb +19 -21
- data/lib/r509/certificate_authority/signer.rb +26 -27
- data/lib/r509/config.rb +1 -0
- data/lib/r509/config/ca_config.rb +70 -75
- data/lib/r509/config/cert_profile.rb +9 -8
- data/lib/r509/config/subject_item_policy.rb +25 -28
- data/lib/r509/crl/administrator.rb +19 -20
- data/lib/r509/crl/reader_writer.rb +10 -8
- data/lib/r509/crl/signed_list.rb +4 -4
- data/lib/r509/crl/sqlite_reader_writer.rb +75 -0
- data/lib/r509/csr.rb +54 -60
- data/lib/r509/ec-hack.rb +3 -2
- data/lib/r509/engine.rb +5 -6
- data/lib/r509/exceptions.rb +1 -1
- data/lib/r509/helpers.rb +11 -14
- data/lib/r509/io_helpers.rb +7 -7
- data/lib/r509/message_digest.rb +5 -6
- data/lib/r509/ocsp.rb +11 -13
- data/lib/r509/oid_mapper.rb +2 -2
- data/lib/r509/private_key.rb +28 -32
- data/lib/r509/spki.rb +17 -20
- data/lib/r509/subject.rb +26 -27
- data/lib/r509/trollop.rb +1 -0
- data/lib/r509/validity.rb +30 -21
- data/lib/r509/version.rb +4 -2
- data/r509.yaml +9 -17
- data/spec/asn1_spec.rb +145 -146
- data/spec/cert/extensions/authority_info_access_spec.rb +41 -41
- data/spec/cert/extensions/authority_key_identifier_spec.rb +29 -23
- data/spec/cert/extensions/base_spec.rb +38 -34
- data/spec/cert/extensions/basic_constraints_spec.rb +21 -21
- data/spec/cert/extensions/certificate_policies_spec.rb +99 -87
- data/spec/cert/extensions/crl_distribution_points_spec.rb +24 -25
- data/spec/cert/extensions/extended_key_usage_spec.rb +40 -36
- data/spec/cert/extensions/inhibit_any_policy_spec.rb +12 -12
- data/spec/cert/extensions/key_usage_spec.rb +44 -39
- data/spec/cert/extensions/name_constraints_spec.rb +83 -83
- data/spec/cert/extensions/ocsp_no_check_spec.rb +10 -10
- data/spec/cert/extensions/policy_constraints_spec.rb +19 -19
- data/spec/cert/extensions/subject_alternative_name_spec.rb +46 -47
- data/spec/cert/extensions/subject_key_identifier_spec.rb +10 -10
- data/spec/cert_spec.rb +105 -101
- data/spec/certificate_authority/options_builder_spec.rb +90 -90
- data/spec/certificate_authority/signer_spec.rb +41 -41
- data/spec/config/ca_config_spec.rb +169 -119
- data/spec/config/cert_profile_spec.rb +33 -33
- data/spec/config/subject_item_policy_spec.rb +22 -22
- data/spec/crl/administrator_spec.rb +65 -65
- data/spec/crl/reader_writer_spec.rb +20 -19
- data/spec/crl/signed_list_spec.rb +26 -26
- data/spec/crl/sqlite_reader_writer_spec.rb +42 -0
- data/spec/csr_spec.rb +149 -145
- data/spec/engine_spec.rb +14 -14
- data/spec/fixtures.rb +56 -39
- data/spec/fixtures/crl_list.sql +13 -0
- data/spec/fixtures/csr1.der +0 -0
- data/spec/fixtures/csr1.pem +6 -6
- data/spec/message_digest_spec.rb +43 -43
- data/spec/ocsp_spec.rb +25 -25
- data/spec/oid_mapper_spec.rb +18 -19
- data/spec/private_key_spec.rb +79 -81
- data/spec/r509_spec.rb +16 -16
- data/spec/spec_helper.rb +3 -3
- data/spec/spki_spec.rb +94 -94
- data/spec/subject_spec.rb +107 -107
- data/spec/validity_spec.rb +25 -25
- metadata +113 -111
- metadata.gz.sig +0 -0
@@ -7,7 +7,7 @@ describe R509::Config::CAConfigPool do
|
|
7
7
|
it "has no configs" do
|
8
8
|
pool = R509::Config::CAConfigPool.new({})
|
9
9
|
|
10
|
-
pool["first"].
|
10
|
+
expect(pool["first"]).to be_nil
|
11
11
|
end
|
12
12
|
|
13
13
|
it "has one config" do
|
@@ -16,11 +16,11 @@ describe R509::Config::CAConfigPool do
|
|
16
16
|
:profiles => { "first_profile" => R509::Config::CertProfile.new }
|
17
17
|
)
|
18
18
|
|
19
|
-
pool = R509::Config::CAConfigPool.new(
|
19
|
+
pool = R509::Config::CAConfigPool.new(
|
20
20
|
"first" => config
|
21
|
-
|
21
|
+
)
|
22
22
|
|
23
|
-
pool["first"].
|
23
|
+
expect(pool["first"]).to eq(config)
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
@@ -31,11 +31,11 @@ describe R509::Config::CAConfigPool do
|
|
31
31
|
end
|
32
32
|
|
33
33
|
it "creates" do
|
34
|
-
@pool.all.
|
34
|
+
expect(@pool.all).to eq([])
|
35
35
|
end
|
36
36
|
|
37
37
|
it "builds yaml" do
|
38
|
-
YAML.load(@pool.to_yaml).
|
38
|
+
expect(YAML.load(@pool.to_yaml)).to eq({})
|
39
39
|
end
|
40
40
|
end
|
41
41
|
|
@@ -45,17 +45,17 @@ describe R509::Config::CAConfigPool do
|
|
45
45
|
:ca_cert => TestFixtures.test_ca_cert,
|
46
46
|
:profiles => { "first_profile" => R509::Config::CertProfile.new }
|
47
47
|
)
|
48
|
-
@pool = R509::Config::CAConfigPool.new(
|
48
|
+
@pool = R509::Config::CAConfigPool.new(
|
49
49
|
"first" => @config
|
50
|
-
|
50
|
+
)
|
51
51
|
end
|
52
52
|
|
53
53
|
it "creates" do
|
54
|
-
@pool.all.
|
54
|
+
expect(@pool.all).to eq([@config])
|
55
55
|
end
|
56
56
|
|
57
57
|
it "builds yaml" do
|
58
|
-
YAML.load(@pool.to_yaml).
|
58
|
+
expect(YAML.load(@pool.to_yaml)).to eq("first" => { "ca_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_md" => "SHA256", "profiles" => { "first_profile" => { "default_md" => "SHA256" } } })
|
59
59
|
end
|
60
60
|
end
|
61
61
|
|
@@ -69,34 +69,67 @@ describe R509::Config::CAConfigPool do
|
|
69
69
|
:ca_cert => TestFixtures.test_ca_cert,
|
70
70
|
:profiles => { "first_profile" => R509::Config::CertProfile.new }
|
71
71
|
)
|
72
|
-
@pool = R509::Config::CAConfigPool.new(
|
72
|
+
@pool = R509::Config::CAConfigPool.new(
|
73
73
|
"first" => @config1,
|
74
74
|
"second" => @config2
|
75
|
-
|
75
|
+
)
|
76
76
|
end
|
77
77
|
|
78
78
|
it "creates" do
|
79
|
-
@pool.all.size.
|
80
|
-
@pool.all.include?(@config1).
|
81
|
-
@pool.all.include?(@config2).
|
79
|
+
expect(@pool.all.size).to eq(2)
|
80
|
+
expect(@pool.all.include?(@config1)).to eq(true)
|
81
|
+
expect(@pool.all.include?(@config2)).to eq(true)
|
82
82
|
end
|
83
83
|
|
84
84
|
it "builds yaml" do
|
85
|
-
YAML.load(@pool.to_yaml).
|
85
|
+
expect(YAML.load(@pool.to_yaml)).to eq(
|
86
|
+
"first" => {
|
87
|
+
"ca_cert" => {
|
88
|
+
"cert" => "<add_path>",
|
89
|
+
"key" => "<add_path>"
|
90
|
+
},
|
91
|
+
"ocsp_start_skew_seconds" => 3600,
|
92
|
+
"ocsp_validity_hours" => 168,
|
93
|
+
"crl_start_skew_seconds" => 3600,
|
94
|
+
"crl_validity_hours" => 168,
|
95
|
+
"crl_md" => "SHA256",
|
96
|
+
"profiles" => {
|
97
|
+
"first_profile" => {
|
98
|
+
"default_md" => "SHA256"
|
99
|
+
}
|
100
|
+
}
|
101
|
+
},
|
102
|
+
"second" => {
|
103
|
+
"ca_cert" => {
|
104
|
+
"cert" => "<add_path>",
|
105
|
+
"key" => "<add_path>"
|
106
|
+
},
|
107
|
+
"ocsp_start_skew_seconds" => 3600,
|
108
|
+
"ocsp_validity_hours" => 168,
|
109
|
+
"crl_start_skew_seconds" => 3600,
|
110
|
+
"crl_validity_hours" => 168,
|
111
|
+
"crl_md" => "SHA256",
|
112
|
+
"profiles" => {
|
113
|
+
"first_profile" => {
|
114
|
+
"default_md" => "SHA256"
|
115
|
+
}
|
116
|
+
}
|
117
|
+
}
|
118
|
+
)
|
86
119
|
end
|
87
120
|
end
|
88
121
|
end
|
89
122
|
|
90
123
|
context "loaded from YAML" do
|
91
124
|
it "should load two configs" do
|
92
|
-
pool = R509::Config::CAConfigPool.from_yaml("certificate_authorities", File.read("#{File.dirname(__FILE__)}/../fixtures/config_pool_test_minimal.yaml"),
|
125
|
+
pool = R509::Config::CAConfigPool.from_yaml("certificate_authorities", File.read("#{File.dirname(__FILE__)}/../fixtures/config_pool_test_minimal.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
93
126
|
|
94
|
-
pool.names.
|
127
|
+
expect(pool.names).to include("test_ca", "second_ca")
|
95
128
|
|
96
|
-
pool["test_ca"].
|
97
|
-
pool["test_ca"].num_profiles.
|
98
|
-
pool["second_ca"].
|
99
|
-
pool["second_ca"].num_profiles.
|
129
|
+
expect(pool["test_ca"]).not_to be_nil
|
130
|
+
expect(pool["test_ca"].num_profiles).to eq(0)
|
131
|
+
expect(pool["second_ca"]).not_to be_nil
|
132
|
+
expect(pool["second_ca"].num_profiles).to eq(0)
|
100
133
|
end
|
101
134
|
end
|
102
135
|
|
@@ -109,59 +142,74 @@ describe R509::Config::CAConfig do
|
|
109
142
|
)
|
110
143
|
end
|
111
144
|
|
112
|
-
subject {@config}
|
145
|
+
subject { @config }
|
113
146
|
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
147
|
+
describe '#crl_validity_hours' do
|
148
|
+
subject { super().crl_validity_hours }
|
149
|
+
it { is_expected.to eq(168) }
|
150
|
+
end
|
151
|
+
|
152
|
+
describe '#ocsp_validity_hours' do
|
153
|
+
subject { super().ocsp_validity_hours }
|
154
|
+
it { is_expected.to eq(168) }
|
155
|
+
end
|
156
|
+
|
157
|
+
describe '#ocsp_start_skew_seconds' do
|
158
|
+
subject { super().ocsp_start_skew_seconds }
|
159
|
+
it { is_expected.to eq(3600) }
|
160
|
+
end
|
161
|
+
|
162
|
+
describe '#num_profiles' do
|
163
|
+
subject { super().num_profiles }
|
164
|
+
it { is_expected.to eq(0) }
|
165
|
+
end
|
118
166
|
|
119
167
|
it "should have the proper CA cert" do
|
120
|
-
@config.ca_cert.to_pem.
|
168
|
+
expect(@config.ca_cert.to_pem).to eq(TestFixtures.test_ca_cert.to_pem)
|
121
169
|
end
|
122
170
|
|
123
171
|
it "should have the proper CA key" do
|
124
|
-
@config.ca_cert.key.to_pem.
|
172
|
+
expect(@config.ca_cert.key.to_pem).to eq(TestFixtures.test_ca_cert.key.to_pem)
|
125
173
|
end
|
126
174
|
|
127
175
|
context "to_yaml" do
|
128
176
|
it "includes engine stub if in hardware" do
|
129
177
|
config = R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert)
|
130
|
-
config.ca_cert.key.
|
131
|
-
YAML.load(config.to_yaml).
|
178
|
+
expect(config.ca_cert.key).to receive(:in_hardware?).and_return(true)
|
179
|
+
expect(YAML.load(config.to_yaml)).to eq("ca_cert" => { "cert" => "<add_path>", "engine" => { :so_path => "<add_path>", :id => "<add_name>" } }, "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_md" => "SHA256")
|
132
180
|
end
|
133
181
|
it "includes ocsp_cert stub if not nil" do
|
134
182
|
config = R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :ocsp_cert => TestFixtures.test_ca_cert)
|
135
|
-
YAML.load(config.to_yaml).
|
183
|
+
expect(YAML.load(config.to_yaml)).to eq("ca_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_md" => "SHA256")
|
136
184
|
end
|
137
185
|
it "includes crl_cert stub if not nil" do
|
138
186
|
config = R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :crl_cert => TestFixtures.test_ca_cert)
|
139
|
-
YAML.load(config.to_yaml).
|
187
|
+
expect(YAML.load(config.to_yaml)).to eq("ca_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "crl_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_md" => "SHA256")
|
140
188
|
end
|
141
189
|
it "includes ocsp_chain if not nil" do
|
142
190
|
config = R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :ocsp_chain => [OpenSSL::X509::Certificate.new])
|
143
|
-
YAML.load(config.to_yaml).
|
191
|
+
expect(YAML.load(config.to_yaml)).to eq("ca_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_chain" => "<add_path>", "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_md" => "SHA256")
|
144
192
|
end
|
145
193
|
it "includes crl_list_file if not nil" do
|
146
194
|
config = R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :crl_list_file => '/some/path')
|
147
|
-
YAML.load(config.to_yaml).
|
195
|
+
expect(YAML.load(config.to_yaml)).to eq("ca_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_list_file" => "/some/path", "crl_md" => "SHA256")
|
148
196
|
end
|
149
197
|
it "includes crl_number_file if not nil" do
|
150
198
|
config = R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :crl_number_file => '/some/path')
|
151
|
-
YAML.load(config.to_yaml).
|
199
|
+
expect(YAML.load(config.to_yaml)).to eq("ca_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_number_file" => "/some/path", "crl_md" => "SHA256")
|
152
200
|
end
|
153
201
|
it "includes profiles" do
|
154
202
|
config = R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert)
|
155
203
|
profile = R509::Config::CertProfile.new(
|
156
|
-
:basic_constraints => {:ca => true}
|
204
|
+
:basic_constraints => { :ca => true }
|
157
205
|
)
|
158
|
-
config.set_profile("subroot",profile)
|
159
|
-
config.set_profile("subroot_also",profile)
|
160
|
-
YAML.load(config.to_yaml).
|
206
|
+
config.set_profile("subroot", profile)
|
207
|
+
config.set_profile("subroot_also", profile)
|
208
|
+
expect(YAML.load(config.to_yaml)).to eq("ca_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_md" => "SHA256", "profiles" => { "subroot" => { "basic_constraints" => { :ca => true, :critical => true }, "default_md" => "SHA256" }, "subroot_also" => { "basic_constraints" => { :ca => true, :critical => true }, "default_md" => "SHA256" } })
|
161
209
|
end
|
162
210
|
it "includes defaults" do
|
163
211
|
config = R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert)
|
164
|
-
YAML.load(config.to_yaml).
|
212
|
+
expect(YAML.load(config.to_yaml)).to eq("ca_cert" => { "cert" => "<add_path>", "key" => "<add_path>" }, "ocsp_start_skew_seconds" => 3600, "ocsp_validity_hours" => 168, "crl_start_skew_seconds" => 3600, "crl_validity_hours" => 168, "crl_md" => "SHA256")
|
165
213
|
end
|
166
214
|
end
|
167
215
|
|
@@ -176,22 +224,22 @@ describe R509::Config::CAConfig do
|
|
176
224
|
expect { R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :ocsp_cert => "not a cert") }.to raise_error ArgumentError, ':ocsp_cert, if provided, must be of type R509::Cert'
|
177
225
|
end
|
178
226
|
it "raises an error if :ocsp_cert does not contain a private key" do
|
179
|
-
expect { R509::Config::CAConfig.new(
|
227
|
+
expect { R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :ocsp_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT)) }.to raise_error ArgumentError, ':ocsp_cert must contain a private key, not just a certificate'
|
180
228
|
end
|
181
229
|
it "raises an error if :crl_cert that is not R509::Cert" do
|
182
230
|
expect { R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :crl_cert => "not a cert") }.to raise_error ArgumentError, ':crl_cert, if provided, must be of type R509::Cert'
|
183
231
|
end
|
184
232
|
it "raises an error if :crl_cert does not contain a private key" do
|
185
|
-
expect { R509::Config::CAConfig.new(
|
233
|
+
expect { R509::Config::CAConfig.new(:ca_cert => TestFixtures.test_ca_cert, :crl_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT)) }.to raise_error ArgumentError, ':crl_cert must contain a private key, not just a certificate'
|
186
234
|
end
|
187
235
|
end
|
188
236
|
|
189
237
|
it "loads the config even if :ca_cert does not contain a private key" do
|
190
|
-
config = R509::Config::CAConfig.new(
|
191
|
-
config.ca_cert.subject.to_s.
|
238
|
+
config = R509::Config::CAConfig.new(:ca_cert => R509::Cert.new(:cert => TestFixtures::TEST_CA_CERT))
|
239
|
+
expect(config.ca_cert.subject.to_s).not_to be_nil
|
192
240
|
end
|
193
241
|
it "returns the correct cert object on #ocsp_cert if none is specified" do
|
194
|
-
@config.ocsp_cert.
|
242
|
+
expect(@config.ocsp_cert).to eq(@config.ca_cert)
|
195
243
|
end
|
196
244
|
it "returns the correct cert object on #ocsp_cert if an ocsp_cert was specified" do
|
197
245
|
ocsp_cert = R509::Cert.new(
|
@@ -203,10 +251,10 @@ describe R509::Config::CAConfig do
|
|
203
251
|
:ocsp_cert => ocsp_cert
|
204
252
|
)
|
205
253
|
|
206
|
-
config.ocsp_cert.
|
254
|
+
expect(config.ocsp_cert).to eq(ocsp_cert)
|
207
255
|
end
|
208
256
|
it "returns the correct cert object on #crl_cert if none is specified" do
|
209
|
-
@config.crl_cert.
|
257
|
+
expect(@config.crl_cert).to eq(@config.ca_cert)
|
210
258
|
end
|
211
259
|
it "returns the correct cert object on #crl_cert if an crl_cert was specified" do
|
212
260
|
crl_cert = R509::Cert.new(
|
@@ -218,21 +266,23 @@ describe R509::Config::CAConfig do
|
|
218
266
|
:crl_cert => crl_cert
|
219
267
|
)
|
220
268
|
|
221
|
-
config.crl_cert.
|
269
|
+
expect(config.crl_cert).to eq(crl_cert)
|
222
270
|
end
|
223
271
|
it "fails to specify a non-Config::CertProfile as the profile" do
|
224
272
|
config = R509::Config::CAConfig.new(
|
225
273
|
:ca_cert => TestFixtures.test_ca_cert
|
226
274
|
)
|
227
275
|
|
228
|
-
expect{ config.set_profile("bogus", "not a Config::CertProfile")}.to raise_error TypeError
|
276
|
+
expect { config.set_profile("bogus", "not a Config::CertProfile") }.to raise_error TypeError
|
229
277
|
end
|
230
278
|
|
231
279
|
it "shouldn't let you specify a profile that's not a Config::CertProfile, on instantiation" do
|
232
|
-
expect
|
233
|
-
|
234
|
-
|
235
|
-
|
280
|
+
expect do
|
281
|
+
R509::Config::CAConfig.new(
|
282
|
+
:ca_cert => TestFixtures.test_ca_cert,
|
283
|
+
:profiles => { "first_profile" => "not a Config::CertProfile" }
|
284
|
+
)
|
285
|
+
end.to raise_error TypeError
|
236
286
|
end
|
237
287
|
|
238
288
|
it "can specify a single profile" do
|
@@ -243,7 +293,7 @@ describe R509::Config::CAConfig do
|
|
243
293
|
:profiles => { "first_profile" => first_profile }
|
244
294
|
)
|
245
295
|
|
246
|
-
config.profile("first_profile").
|
296
|
+
expect(config.profile("first_profile")).to eq(first_profile)
|
247
297
|
end
|
248
298
|
|
249
299
|
it "raises an error if you specify an invalid profile" do
|
@@ -258,132 +308,132 @@ describe R509::Config::CAConfig do
|
|
258
308
|
end
|
259
309
|
|
260
310
|
it "should load YAML" do
|
261
|
-
config = R509::Config::CAConfig.from_yaml("test_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"),
|
262
|
-
config.crl_validity_hours.
|
263
|
-
config.ocsp_validity_hours.
|
264
|
-
config.crl_list_file.
|
265
|
-
config.crl_number_file.
|
266
|
-
config.num_profiles.
|
267
|
-
config.profile("mds").default_md.
|
268
|
-
config.profile("mds").allowed_mds.
|
311
|
+
config = R509::Config::CAConfig.from_yaml("test_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
312
|
+
expect(config.crl_validity_hours).to eq(72)
|
313
|
+
expect(config.ocsp_validity_hours).to eq(96)
|
314
|
+
expect(config.crl_list_file).to match(/list_file$/)
|
315
|
+
expect(config.crl_number_file).to match(/number_file$/)
|
316
|
+
expect(config.num_profiles).to eq(9)
|
317
|
+
expect(config.profile("mds").default_md).to eq("SHA512")
|
318
|
+
expect(config.profile("mds").allowed_mds).to eq(['SHA512', 'SHA1'])
|
269
319
|
aia = config.profile("aia_cdp").authority_info_access
|
270
|
-
aia.ocsp.uris.
|
271
|
-
aia.ca_issuers.uris.
|
320
|
+
expect(aia.ocsp.uris).to eq(['http://ocsp.domain.com'])
|
321
|
+
expect(aia.ca_issuers.uris).to eq(['http://www.domain.com/cert.cer'])
|
272
322
|
cdp = config.profile("aia_cdp").crl_distribution_points
|
273
|
-
cdp.uris.
|
274
|
-
config.profile("ocsp_delegate_with_no_check").ocsp_no_check.
|
275
|
-
config.profile("inhibit_policy").inhibit_any_policy.value.
|
276
|
-
config.profile("policy_constraints").policy_constraints.require_explicit_policy.
|
277
|
-
config.profile("policy_constraints").policy_constraints.inhibit_policy_mapping.
|
278
|
-
config.profile("name_constraints").name_constraints.
|
323
|
+
expect(cdp.uris).to eq(['http://crl.domain.com/something.crl'])
|
324
|
+
expect(config.profile("ocsp_delegate_with_no_check").ocsp_no_check).not_to be_nil
|
325
|
+
expect(config.profile("inhibit_policy").inhibit_any_policy.value).to eq(2)
|
326
|
+
expect(config.profile("policy_constraints").policy_constraints.require_explicit_policy).to eq(1)
|
327
|
+
expect(config.profile("policy_constraints").policy_constraints.inhibit_policy_mapping).to eq(0)
|
328
|
+
expect(config.profile("name_constraints").name_constraints).not_to be_nil
|
279
329
|
end
|
280
330
|
it "loads CRL cert/key from yaml" do
|
281
|
-
config = R509::Config::CAConfig.from_yaml("crl_delegate_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
282
|
-
config.crl_cert.has_private_key
|
283
|
-
config.crl_cert.subject.to_s.
|
331
|
+
config = R509::Config::CAConfig.from_yaml("crl_delegate_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
332
|
+
expect(config.crl_cert.has_private_key?).to eq(true)
|
333
|
+
expect(config.crl_cert.subject.to_s).to eq("/C=US/ST=Illinois/L=Chicago/O=r509 LLC/CN=r509 CRL Delegate")
|
284
334
|
end
|
285
335
|
it "loads CRL pkcs12 from yaml" do
|
286
|
-
config = R509::Config::CAConfig.from_yaml("crl_pkcs12_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
287
|
-
config.crl_cert.has_private_key
|
288
|
-
config.crl_cert.subject.to_s.
|
336
|
+
config = R509::Config::CAConfig.from_yaml("crl_pkcs12_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
337
|
+
expect(config.crl_cert.has_private_key?).to eq(true)
|
338
|
+
expect(config.crl_cert.subject.to_s).to eq("/C=US/ST=Illinois/L=Chicago/O=r509 LLC/CN=r509 CRL Delegate")
|
289
339
|
end
|
290
340
|
it "loads CRL cert/key in engine from yaml" do
|
291
|
-
expect { R509::Config::CAConfig.from_yaml("crl_engine_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
341
|
+
expect { R509::Config::CAConfig.from_yaml("crl_engine_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError, "You must supply a key_name with an engine")
|
292
342
|
end
|
293
343
|
it "loads OCSP cert/key from yaml" do
|
294
|
-
config = R509::Config::CAConfig.from_yaml("ocsp_delegate_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
295
|
-
config.ocsp_cert.has_private_key
|
296
|
-
config.ocsp_cert.subject.to_s.
|
344
|
+
config = R509::Config::CAConfig.from_yaml("ocsp_delegate_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
345
|
+
expect(config.ocsp_cert.has_private_key?).to eq(true)
|
346
|
+
expect(config.ocsp_cert.subject.to_s).to eq("/C=US/ST=Illinois/L=Chicago/O=r509 LLC/CN=r509 OCSP Signer")
|
297
347
|
end
|
298
348
|
it "loads OCSP pkcs12 from yaml" do
|
299
|
-
config = R509::Config::CAConfig.from_yaml("ocsp_pkcs12_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
300
|
-
config.ocsp_cert.has_private_key
|
301
|
-
config.ocsp_cert.subject.to_s.
|
349
|
+
config = R509::Config::CAConfig.from_yaml("ocsp_pkcs12_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
350
|
+
expect(config.ocsp_cert.has_private_key?).to eq(true)
|
351
|
+
expect(config.ocsp_cert.subject.to_s).to eq("/C=US/ST=Illinois/L=Chicago/O=r509 LLC/CN=r509 OCSP Signer")
|
302
352
|
end
|
303
353
|
it "loads OCSP cert/key in engine from yaml" do
|
304
|
-
#most of this code path is tested by loading ca_cert engine.
|
305
|
-
expect { R509::Config::CAConfig.from_yaml("ocsp_engine_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
354
|
+
# most of this code path is tested by loading ca_cert engine.
|
355
|
+
expect { R509::Config::CAConfig.from_yaml("ocsp_engine_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError, "You must supply a key_name with an engine")
|
306
356
|
end
|
307
357
|
it "loads OCSP chain from yaml" do
|
308
|
-
config = R509::Config::CAConfig.from_yaml("ocsp_chain_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
309
|
-
config.ocsp_chain.size.
|
310
|
-
config.ocsp_chain[0].
|
311
|
-
config.ocsp_chain[1].
|
358
|
+
config = R509::Config::CAConfig.from_yaml("ocsp_chain_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
359
|
+
expect(config.ocsp_chain.size).to eq(2)
|
360
|
+
expect(config.ocsp_chain[0].is_a?(OpenSSL::X509::Certificate)).to eq(true)
|
361
|
+
expect(config.ocsp_chain[1].is_a?(OpenSSL::X509::Certificate)).to eq(true)
|
312
362
|
end
|
313
363
|
it "should load subject_item_policy from yaml (if present)" do
|
314
|
-
config = R509::Config::CAConfig.from_yaml("test_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"),
|
315
|
-
config.profile("server").subject_item_policy.
|
316
|
-
config.profile("server_with_subject_item_policy").subject_item_policy.optional.
|
317
|
-
config.profile("server_with_subject_item_policy").subject_item_policy.required.
|
364
|
+
config = R509::Config::CAConfig.from_yaml("test_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
365
|
+
expect(config.profile("server").subject_item_policy).to be_nil
|
366
|
+
expect(config.profile("server_with_subject_item_policy").subject_item_policy.optional).to include("O", "OU")
|
367
|
+
expect(config.profile("server_with_subject_item_policy").subject_item_policy.required).to include("CN", "ST", "C")
|
318
368
|
end
|
319
369
|
|
320
370
|
it "should load YAML which only has a CA Cert and Key defined" do
|
321
|
-
config = R509::Config::CAConfig.from_yaml("test_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_minimal.yaml"),
|
322
|
-
config.num_profiles.
|
371
|
+
config = R509::Config::CAConfig.from_yaml("test_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_minimal.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
372
|
+
expect(config.num_profiles).to eq(0)
|
323
373
|
end
|
324
374
|
|
325
375
|
it "should load YAML which has CA cert and key with password" do
|
326
|
-
expect { R509::Config::CAConfig.from_yaml("password_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_password.yaml"),
|
376
|
+
expect { R509::Config::CAConfig.from_yaml("password_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_password.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to_not raise_error
|
327
377
|
end
|
328
378
|
|
329
379
|
it "should load YAML which has a PKCS12 with password" do
|
330
|
-
expect { R509::Config::CAConfig.from_yaml("pkcs12_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
380
|
+
expect { R509::Config::CAConfig.from_yaml("pkcs12_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to_not raise_error
|
331
381
|
end
|
332
382
|
|
333
383
|
it "raises error on YAML with pkcs12 and key" do
|
334
|
-
expect { R509::Config::CAConfig.from_yaml("pkcs12_key_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
384
|
+
expect { R509::Config::CAConfig.from_yaml("pkcs12_key_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError, "You can't specify both pkcs12 and key")
|
335
385
|
end
|
336
386
|
|
337
387
|
it "raises error on YAML with pkcs12 and cert" do
|
338
|
-
expect { R509::Config::CAConfig.from_yaml("pkcs12_cert_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
388
|
+
expect { R509::Config::CAConfig.from_yaml("pkcs12_cert_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError, "You can't specify both pkcs12 and cert")
|
339
389
|
end
|
340
390
|
|
341
391
|
it "raises error on YAML with pkcs12 and engine" do
|
342
|
-
expect { R509::Config::CAConfig.from_yaml("pkcs12_engine_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
392
|
+
expect { R509::Config::CAConfig.from_yaml("pkcs12_engine_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError, "You can't specify both engine and pkcs12")
|
343
393
|
end
|
344
394
|
|
345
395
|
it "loads config with cert and no key (useful in certain cases)" do
|
346
|
-
config = R509::Config::CAConfig.from_yaml("cert_no_key_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"),
|
347
|
-
config.ca_cert.subject.to_s.
|
396
|
+
config = R509::Config::CAConfig.from_yaml("cert_no_key_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_various.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
397
|
+
expect(config.ca_cert.subject.to_s).not_to be_nil
|
348
398
|
end
|
349
399
|
|
350
400
|
it "should load YAML which has an engine" do
|
351
401
|
fake_engine = double("fake_engine")
|
352
|
-
fake_engine.
|
402
|
+
expect(fake_engine).to receive(:is_a?).with(OpenSSL::Engine).and_return(true)
|
353
403
|
faux_key = OpenSSL::PKey::RSA.new(TestFixtures::TEST_CA_KEY)
|
354
|
-
fake_engine.
|
355
|
-
engine = {"SO_PATH" => "path", "ID" => "id"}
|
404
|
+
expect(fake_engine).to receive(:load_private_key).twice.with("key").and_return(faux_key)
|
405
|
+
engine = { "SO_PATH" => "path", "ID" => "id" }
|
356
406
|
|
357
|
-
R509::Engine.instance.
|
407
|
+
expect(R509::Engine.instance).to receive(:load).with(engine).and_return(fake_engine)
|
358
408
|
|
359
|
-
R509::Config::CAConfig.load_from_hash(
|
409
|
+
R509::Config::CAConfig.load_from_hash("ca_cert" => { "cert" => "#{File.dirname(__FILE__)}/../fixtures/test_ca.cer", "engine" => engine, "key_name" => "key" }, "default_md" => "SHA512", "profiles" => {})
|
360
410
|
end
|
361
411
|
|
362
412
|
it "should fail if YAML for ca_cert contains engine and key" do
|
363
|
-
expect { R509::Config::CAConfig.from_yaml("engine_and_key", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_engine_key.yaml"),
|
413
|
+
expect { R509::Config::CAConfig.from_yaml("engine_and_key", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_engine_key.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError, "You can't specify both key and engine")
|
364
414
|
end
|
365
415
|
|
366
416
|
it "should fail if YAML for ca_cert contains engine but no key_name" do
|
367
|
-
expect { R509::Config::CAConfig.from_yaml("engine_no_key_name", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_engine_no_key_name.yaml"),
|
417
|
+
expect { R509::Config::CAConfig.from_yaml("engine_no_key_name", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test_engine_no_key_name.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError, 'You must supply a key_name with an engine')
|
368
418
|
end
|
369
419
|
|
370
420
|
it "should fail if YAML config is null" do
|
371
|
-
expect{ R509::Config::CAConfig.from_yaml("no_config_here", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"),
|
421
|
+
expect { R509::Config::CAConfig.from_yaml("no_config_here", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError)
|
372
422
|
end
|
373
423
|
|
374
424
|
it "should fail if YAML config isn't a hash" do
|
375
|
-
expect{ R509::Config::CAConfig.from_yaml("config_is_string", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"),
|
425
|
+
expect { R509::Config::CAConfig.from_yaml("config_is_string", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures") }.to raise_error(ArgumentError)
|
376
426
|
end
|
377
427
|
|
378
428
|
it "should fail if YAML config doesn't give a root CA directory that's a directory" do
|
379
|
-
expect{ R509::Config::CAConfig.from_yaml("test_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"),
|
429
|
+
expect { R509::Config::CAConfig.from_yaml("test_ca", File.read("#{File.dirname(__FILE__)}/../fixtures/config_test.yaml"), :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures/no_directory_here") }.to raise_error(R509::R509Error)
|
380
430
|
end
|
381
431
|
|
382
432
|
it "should load YAML from filename" do
|
383
|
-
config = R509::Config::CAConfig.load_yaml("test_ca", "#{File.dirname(__FILE__)}/../fixtures/config_test.yaml",
|
384
|
-
config.crl_validity_hours.
|
385
|
-
config.ocsp_validity_hours.
|
386
|
-
config.num_profiles.
|
433
|
+
config = R509::Config::CAConfig.load_yaml("test_ca", "#{File.dirname(__FILE__)}/../fixtures/config_test.yaml", :ca_root_path => "#{File.dirname(__FILE__)}/../fixtures")
|
434
|
+
expect(config.crl_validity_hours).to eq(72)
|
435
|
+
expect(config.ocsp_validity_hours).to eq(96)
|
436
|
+
expect(config.num_profiles).to eq(9)
|
387
437
|
end
|
388
438
|
|
389
439
|
it "can specify crl_number_file" do
|
@@ -391,7 +441,7 @@ describe R509::Config::CAConfig do
|
|
391
441
|
:ca_cert => TestFixtures.test_ca_cert,
|
392
442
|
:crl_number_file => "crl_number_file.txt"
|
393
443
|
)
|
394
|
-
config.crl_number_file.
|
444
|
+
expect(config.crl_number_file).to eq('crl_number_file.txt')
|
395
445
|
end
|
396
446
|
|
397
447
|
it "can specify crl_list_file" do
|
@@ -399,7 +449,7 @@ describe R509::Config::CAConfig do
|
|
399
449
|
:ca_cert => TestFixtures.test_ca_cert,
|
400
450
|
:crl_list_file => "crl_list_file.txt"
|
401
451
|
)
|
402
|
-
config.crl_list_file.
|
452
|
+
expect(config.crl_list_file).to eq('crl_list_file.txt')
|
403
453
|
end
|
404
454
|
|
405
455
|
end
|