RubyGems - r509 - Versions diffs - 0.10.0 → 1.0 - Mend

r509 0.10.0 → 1.0

Files changed (168) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/README.mdown +2 -2
data/Rakefile +2 -3
data/bin/r509 +77 -80
data/bin/r509-parse +4 -4
data/doc/R509.html +60 -60
data/doc/R509/ASN1.html +158 -48
data/doc/R509/ASN1/GeneralName.html +157 -154
data/doc/R509/ASN1/GeneralNames.html +246 -237
data/doc/R509/CRL.html +41 -39
data/doc/R509/CRL/Administrator.html +105 -100
data/doc/R509/CRL/FileReaderWriter.html +146 -98
data/doc/R509/CRL/ReaderWriter.html +57 -54
data/doc/R509/CRL/SQLiteReaderWriter.html +727 -0
data/doc/R509/CRL/SignedList.html +83 -80
data/doc/R509/CSR.html +184 -162
data/doc/R509/Cert.html +271 -269
data/doc/R509/Cert/Extensions.html +62 -63
data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +138 -108
data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +100 -84
data/doc/R509/Cert/Extensions/BasicConstraints.html +89 -88
data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +87 -83
data/doc/R509/Cert/Extensions/CertificatePolicies.html +78 -76
data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +128 -125
data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +83 -78
data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +69 -67
data/doc/R509/Cert/Extensions/KeyUsage.html +138 -135
data/doc/R509/Cert/Extensions/NameConstraints.html +82 -81
data/doc/R509/Cert/Extensions/NoticeReference.html +59 -56
data/doc/R509/Cert/Extensions/OCSPNoCheck.html +70 -69
data/doc/R509/Cert/Extensions/PolicyConstraints.html +71 -69
data/doc/R509/Cert/Extensions/PolicyInformation.html +63 -60
data/doc/R509/Cert/Extensions/PolicyQualifiers.html +60 -57
data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +91 -87
data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +72 -71
data/doc/R509/Cert/Extensions/UserNotice.html +60 -57
data/doc/R509/Cert/Extensions/ValidationMixin.html +43 -40
data/doc/R509/CertificateAuthority.html +39 -37
data/doc/R509/CertificateAuthority/OptionsBuilder.html +58 -55
data/doc/R509/CertificateAuthority/Signer.html +277 -60
data/doc/R509/Config.html +40 -38
data/doc/R509/Config/CAConfig.html +255 -188
data/doc/R509/Config/CAConfigPool.html +64 -61
data/doc/R509/Config/CertProfile.html +119 -116
data/doc/R509/Config/SubjectItemPolicy.html +94 -93
data/doc/R509/Engine.html +60 -56
data/doc/R509/Helpers.html +99 -96
data/doc/R509/MessageDigest.html +69 -68
data/doc/R509/NameSanitizer.html +51 -48
data/doc/R509/OCSP.html +39 -37
data/doc/R509/OCSP/Request.html +39 -37
data/doc/R509/OCSP/Request/Nonce.html +67 -67
data/doc/R509/OCSP/Response.html +93 -90
data/doc/R509/OIDMapper.html +48 -46
data/doc/R509/PrivateKey.html +170 -169
data/doc/R509/R509Error.html +45 -42
data/doc/R509/SPKI.html +99 -89
data/doc/R509/Subject.html +86 -83
data/doc/R509/Validity.html +57 -57
data/doc/R509/Validity/Checker.html +63 -93
data/doc/R509/Validity/DefaultChecker.html +58 -55
data/doc/R509/Validity/DefaultWriter.html +62 -59
data/doc/R509/Validity/Status.html +77 -74
data/doc/R509/Validity/Writer.html +75 -123
data/doc/_index.html +37 -31
data/doc/class_list.html +25 -27
data/doc/css/full_list.css +32 -31
data/doc/css/style.css +221 -78
data/doc/file.CONTRIBUTING.html +29 -30
data/doc/file.LICENSE.html +29 -30
data/doc/file.README.html +31 -32
data/doc/file.YAML.html +33 -34
data/doc/file.r509.html +39 -48
data/doc/file_list.html +39 -30
data/doc/frames.html +10 -21
data/doc/index.html +31 -32
data/doc/js/app.js +100 -71
data/doc/js/full_list.js +168 -130
data/doc/method_list.html +1788 -1119
data/doc/top-level-namespace.html +45 -49
data/lib/r509.rb +21 -7
data/lib/r509/asn1.rb +45 -32
data/lib/r509/cert.rb +45 -51
data/lib/r509/cert/extensions/authority_info_access.rb +49 -23
data/lib/r509/cert/extensions/authority_key_identifier.rb +16 -11
data/lib/r509/cert/extensions/base.rb +22 -23
data/lib/r509/cert/extensions/basic_constraints.rb +11 -12
data/lib/r509/cert/extensions/certificate_policies.rb +26 -26
data/lib/r509/cert/extensions/crl_distribution_points.rb +5 -7
data/lib/r509/cert/extensions/extended_key_usage.rb +5 -5
data/lib/r509/cert/extensions/inhibit_any_policy.rb +4 -3
data/lib/r509/cert/extensions/key_usage.rb +5 -5
data/lib/r509/cert/extensions/name_constraints.rb +16 -16
data/lib/r509/cert/extensions/ocsp_no_check.rb +3 -3
data/lib/r509/cert/extensions/policy_constraints.rb +8 -8
data/lib/r509/cert/extensions/subject_alternative_name.rb +5 -4
data/lib/r509/cert/extensions/subject_key_identifier.rb +5 -5
data/lib/r509/cert/extensions/validation_mixin.rb +11 -10
data/lib/r509/certificate_authority/options_builder.rb +19 -21
data/lib/r509/certificate_authority/signer.rb +26 -27
data/lib/r509/config.rb +1 -0
data/lib/r509/config/ca_config.rb +70 -75
data/lib/r509/config/cert_profile.rb +9 -8
data/lib/r509/config/subject_item_policy.rb +25 -28
data/lib/r509/crl/administrator.rb +19 -20
data/lib/r509/crl/reader_writer.rb +10 -8
data/lib/r509/crl/signed_list.rb +4 -4
data/lib/r509/crl/sqlite_reader_writer.rb +75 -0
data/lib/r509/csr.rb +54 -60
data/lib/r509/ec-hack.rb +3 -2
data/lib/r509/engine.rb +5 -6
data/lib/r509/exceptions.rb +1 -1
data/lib/r509/helpers.rb +11 -14
data/lib/r509/io_helpers.rb +7 -7
data/lib/r509/message_digest.rb +5 -6
data/lib/r509/ocsp.rb +11 -13
data/lib/r509/oid_mapper.rb +2 -2
data/lib/r509/private_key.rb +28 -32
data/lib/r509/spki.rb +17 -20
data/lib/r509/subject.rb +26 -27
data/lib/r509/trollop.rb +1 -0
data/lib/r509/validity.rb +30 -21
data/lib/r509/version.rb +4 -2
data/r509.yaml +9 -17
data/spec/asn1_spec.rb +145 -146
data/spec/cert/extensions/authority_info_access_spec.rb +41 -41
data/spec/cert/extensions/authority_key_identifier_spec.rb +29 -23
data/spec/cert/extensions/base_spec.rb +38 -34
data/spec/cert/extensions/basic_constraints_spec.rb +21 -21
data/spec/cert/extensions/certificate_policies_spec.rb +99 -87
data/spec/cert/extensions/crl_distribution_points_spec.rb +24 -25
data/spec/cert/extensions/extended_key_usage_spec.rb +40 -36
data/spec/cert/extensions/inhibit_any_policy_spec.rb +12 -12
data/spec/cert/extensions/key_usage_spec.rb +44 -39
data/spec/cert/extensions/name_constraints_spec.rb +83 -83
data/spec/cert/extensions/ocsp_no_check_spec.rb +10 -10
data/spec/cert/extensions/policy_constraints_spec.rb +19 -19
data/spec/cert/extensions/subject_alternative_name_spec.rb +46 -47
data/spec/cert/extensions/subject_key_identifier_spec.rb +10 -10
data/spec/cert_spec.rb +105 -101
data/spec/certificate_authority/options_builder_spec.rb +90 -90
data/spec/certificate_authority/signer_spec.rb +41 -41
data/spec/config/ca_config_spec.rb +169 -119
data/spec/config/cert_profile_spec.rb +33 -33
data/spec/config/subject_item_policy_spec.rb +22 -22
data/spec/crl/administrator_spec.rb +65 -65
data/spec/crl/reader_writer_spec.rb +20 -19
data/spec/crl/signed_list_spec.rb +26 -26
data/spec/crl/sqlite_reader_writer_spec.rb +42 -0
data/spec/csr_spec.rb +149 -145
data/spec/engine_spec.rb +14 -14
data/spec/fixtures.rb +56 -39
data/spec/fixtures/crl_list.sql +13 -0
data/spec/fixtures/csr1.der +0 -0
data/spec/fixtures/csr1.pem +6 -6
data/spec/message_digest_spec.rb +43 -43
data/spec/ocsp_spec.rb +25 -25
data/spec/oid_mapper_spec.rb +18 -19
data/spec/private_key_spec.rb +79 -81
data/spec/r509_spec.rb +16 -16
data/spec/spec_helper.rb +3 -3
data/spec/spki_spec.rb +94 -94
data/spec/subject_spec.rb +107 -107
data/spec/validity_spec.rb +25 -25
metadata +113 -111
metadata.gz.sig +0 -0

@@ -19,33 +19,33 @@ describe R509::Engine do
   it "raises an error if you don't supply an :so_path and :id" do
     expect { R509::Engine.instance.load("not even a hash") }.to raise_error(ArgumentError, "You must supply a hash with both :so_path and :id")
-    expect { R509::Engine.instance.load({:so_path => "path"}) }.to raise_error(ArgumentError, "You must supply a hash with both :so_path and :id")
+    expect { R509::Engine.instance.load(:so_path => "path") }.to raise_error(ArgumentError, "You must supply a hash with both :so_path and :id")
   end
   it "load returns a new engine" do
-    OpenSSL::Engine.should_receive(:load)
+    expect(OpenSSL::Engine).to receive(:load)
     engine_double = double('engine')
-    OpenSSL::Engine.should_receive(:by_id).and_yield(engine_double).and_return(engine_double)
-    engine_double.should_receive(:ctrl_cmd).with("SO_PATH", "/some/path")
-    engine_double.should_receive(:ctrl_cmd).with("ID", "mocked")
-    engine_double.should_receive(:ctrl_cmd).with("LOAD")
+    expect(OpenSSL::Engine).to receive(:by_id).and_yield(engine_double).and_return(engine_double)
+    expect(engine_double).to receive(:ctrl_cmd).with("SO_PATH", "/some/path")
+    expect(engine_double).to receive(:ctrl_cmd).with("ID", "mocked")
+    expect(engine_double).to receive(:ctrl_cmd).with("LOAD")
     engine = R509::Engine.instance.load(:so_path => "/some/path", :id => "mocked")
-    engine.should == engine_double
+    expect(engine).to eq(engine_double)
   end
   it "load returns pre-existing engine" do
-    OpenSSL::Engine.should_receive(:load)
-    OpenSSL::Engine.should_receive(:by_id).and_return("mocked_engine")
+    expect(OpenSSL::Engine).to receive(:load)
+    expect(OpenSSL::Engine).to receive(:by_id).and_return("mocked_engine")
     R509::Engine.instance.load(:so_path => "/some/path", :id => "mocked")
     engine = R509::Engine.instance.load(:so_path => "/some/path", :id => "mocked")
-    engine.should == 'mocked_engine'
+    expect(engine).to eq('mocked_engine')
   end
   it "returns an engine with []" do
-    OpenSSL::Engine.should_receive(:load)
-    OpenSSL::Engine.should_receive(:by_id).and_return("mocked_engine")
+    expect(OpenSSL::Engine).to receive(:load)
+    expect(OpenSSL::Engine).to receive(:by_id).and_return("mocked_engine")
     R509::Engine.instance.load(:so_path => "/some/path", :id => "mocked")
-    R509::Engine.instance["mocked"].should == "mocked_engine"
-    R509::Engine.instance["other"].should be_nil
+    expect(R509::Engine.instance["mocked"]).to eq("mocked_engine")
+    expect(R509::Engine.instance["other"]).to be_nil
   end
 end

data/spec/fixtures.rb CHANGED

@@ -2,6 +2,7 @@ require 'spec_helper'
 require 'pathname'
 require 'r509/io_helpers'
+# Contains constants and other values for testing purposes
 module TestFixtures
   extend R509::IOHelpers
@@ -11,14 +12,14 @@ module TestFixtures
     read_data((FIXTURES_PATH + filename).to_s)
   end
-  #Trustwave cert for langui.sh
+  # Trustwave cert for langui.sh
   CERT = read_fixture('cert1.pem')
   CERT_INHIBIT = read_fixture('cert_inhibit.pem')
   CERT_POLICY_CONSTRAINTS = read_fixture('cert_policy_constraints.pem')
   CERT_NAME_CONSTRAINTS = read_fixture('cert_name_constraints.pem')
-  #Trustwave root cert
+  # Trustwave root cert
   STCA_CERT = read_fixture('stca.pem')
   CERT_PUBLIC_KEY_MODULUS = read_fixture('cert1_public_key_modulus.txt')
@@ -41,11 +42,10 @@ module TestFixtures
   # this CSR has unknown OIDs, which we should successfully parse out into Subject
   CSR_UNKNOWN_OID = read_fixture('unknown_oid.csr')
-  #san cert from self-signed CA for langui.sh
+  # san cert from self-signed CA for langui.sh
   CERT_SAN = read_fixture('cert_san.pem')
-  #Another san cert for langui.sh, but differentiating between the CN and
+  # Another san cert for langui.sh, but differentiating between the CN and
   # SANs.
   CERT_SAN2 = read_fixture('cert_san2.pem')
@@ -136,10 +136,10 @@ module TestFixtures
   TEST_CA_SUBROOT_CERT = read_fixture('test_ca_subroot.cer')
   TEST_CA_SUBROOT_KEY  = read_fixture('test_ca_subroot.key')
-  #this chain contains 2 certs. root and OCSP delegate
-  #in a prod environment you'd really only need the delegate
-  #since the root would be present in the root store of the
-  #client, but I wanted to test > 1
+  # this chain contains 2 certs. root and OCSP delegate
+  # in a prod environment you'd really only need the delegate
+  # since the root would be present in the root store of the
+  # client, but I wanted to test > 1
   TEST_CA_OCSP_CHAIN  = read_fixture('test_ca_ocsp_chain.txt')
   TEST_CA_OCSP_RESPONSE = read_fixture('test_ca_ocsp_response.der')
@@ -155,13 +155,14 @@ module TestFixtures
   STCA_OCSP_REQUEST  = read_fixture('stca_ocsp_request.der')
   STCA_OCSP_RESPONSE  = read_fixture('stca_ocsp_response.der')
-  CRL_LIST_FILE = (FIXTURES_PATH+'crl_list_file.txt').to_s
+  CRL_LIST_FILE = (FIXTURES_PATH + 'crl_list_file.txt').to_s
   CRL_REASON = read_fixture("crl_with_reason.pem")
   HMACSHA512_SIG = read_fixture("hmacsha512.sig")
   HMACSHA1_SIG = read_fixture("hmacsha1.sig")
+  CRL_LIST_SQLITE = read_fixture("crl_list.sql")
   def self.test_ca_cert
     R509::Cert.new(:cert => TEST_CA_CERT, :key => TEST_CA_KEY)
   end
@@ -184,53 +185,69 @@ module TestFixtures
   def self.test_ca_server_profile
     R509::Config::CertProfile.new(
-      :basic_constraints => R509::Cert::Extensions::BasicConstraints.new({:ca => false }),
-      :key_usage => R509::Cert::Extensions::KeyUsage.new(:value => ["digitalSignature","keyEncipherment"]),
+      :basic_constraints => R509::Cert::Extensions::BasicConstraints.new(:ca => false),
+      :key_usage => R509::Cert::Extensions::KeyUsage.new(:value => ["digitalSignature", "keyEncipherment"]),
       :extended_key_usage => R509::Cert::Extensions::ExtendedKeyUsage.new(:value => ["serverAuth"]),
-      :certificate_policies => R509::Cert::Extensions::CertificatePolicies.new(:value => [
+      :certificate_policies => R509::Cert::Extensions::CertificatePolicies.new(
+        :value => [
           { :policy_identifier => "2.16.840.1.12345.1.2.3.4.1",
-  :cps_uris => ["http://example.com/cps","http://other.com/cps"],
-  :user_notices => [ {:explicit_text => "thing", :organization => "my org", :notice_numbers => [1,2,3,4]} ]
-        }
-      ])
+            :cps_uris => ["http://example.com/cps", "http://other.com/cps"],
+            :user_notices => [
+              {
+                :explicit_text => "thing",
+                :organization => "my org",
+                :notice_numbers => [1, 2, 3, 4]
+              }
+            ]
+          }
+        ]
+      )
     )
   end
   def self.test_ca_server_profile_with_subject_item_policy
     subject_item_policy = R509::Config::SubjectItemPolicy.new(
-      "CN" => { :policy => "required"},
-      "O" => { :policy => "optional"},
-      "ST" => { :policy => "required"},
-      "C" => { :policy => "required"},
-      "OU" => { :policy => "optional"}
+      "CN" => { :policy => "required" },
+      "O" => { :policy => "optional" },
+      "ST" => { :policy => "required" },
+      "C" => { :policy => "required" },
+      "OU" => { :policy => "optional" }
     )
     R509::Config::CertProfile.new(
-      :basic_constraints => R509::Cert::Extensions::BasicConstraints.new({:ca => false }),
-      :key_usage => R509::Cert::Extensions::KeyUsage.new(:value => ["digitalSignature","keyEncipherment"]),
+      :basic_constraints => R509::Cert::Extensions::BasicConstraints.new(:ca => false),
+      :key_usage => R509::Cert::Extensions::KeyUsage.new(:value => ["digitalSignature", "keyEncipherment"]),
       :extended_key_usage => R509::Cert::Extensions::ExtendedKeyUsage.new(:value => ["serverAuth"]),
-      :certificate_policies => R509::Cert::Extensions::CertificatePolicies.new(:value => [
-          { :policy_identifier => "2.16.840.1.12345.1.2.3.4.1",
-  :cps_uris => ["http://example.com/cps","http://other.com/cps"],
-  :user_notices => [ {:explicit_text => "thing", :organization => "my org", :notice_numbers => [1,2,3,4]} ]
-        }
-      ]),
+      :certificate_policies => R509::Cert::Extensions::CertificatePolicies.new(
+        :value => [
+          {
+            :policy_identifier => "2.16.840.1.12345.1.2.3.4.1",
+            :cps_uris => ["http://example.com/cps", "http://other.com/cps"],
+            :user_notices => [
+              {
+                :explicit_text => "thing",
+                :organization => "my org",
+                :notice_numbers => [1, 2, 3, 4]
+              }
+            ]
+          }
+        ]
+      ),
       :subject_item_policy => subject_item_policy
     )
   end
   def self.test_ca_subroot_profile
     R509::Config::CertProfile.new(
-          :basic_constraints => {:ca => true, :path_length => 0 },
-          :key_usage => {:value => ["keyCertSign","cRLSign"]},
+          :basic_constraints => { :ca => true, :path_length => 0 },
+          :key_usage => { :value => ["keyCertSign", "cRLSign"] },
           :certificate_policies => nil)
   end
   def self.test_ca_ocspsigner_profile
     R509::Config::CertProfile.new(
           :basic_constraints => { :ca => false },
-          :key_usage => {:value => ["digitalSignature"]},
-          :extended_key_usage => {:value => ["OCSPSigning"]},
+          :key_usage => { :value => ["digitalSignature"] },
+          :extended_key_usage => { :value => ["OCSPSigning"] },
           :certificate_policies => nil)
   end
@@ -242,7 +259,7 @@ module TestFixtures
     crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
     opts = {
-      :ca_cert => test_ca_cert(),
+      :ca_cert => test_ca_cert,
       :ocsp_start_skew_seconds => 3600,
       :ocsp_validity_hours => 48,
       :crl_list_file => crl_list_sio,
@@ -266,7 +283,7 @@ module TestFixtures
     crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
     opts = {
-      :ca_cert => test_ca_cert(),
+      :ca_cert => test_ca_cert,
       :ocsp_start_skew_seconds => 3600,
       :ocsp_validity_hours => 48,
       :crl_list_file => crl_list_sio,
@@ -282,7 +299,7 @@ module TestFixtures
     crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
     opts = {
-      :ca_cert => test_ca_ec_cert(),
+      :ca_cert => test_ca_ec_cert,
       :ocsp_start_skew_seconds => 3600,
       :ocsp_validity_hours => 48,
       :crl_list_file => crl_list_sio,
@@ -298,7 +315,7 @@ module TestFixtures
     crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
     opts = {
-      :ca_cert => test_ca_dsa_cert(),
+      :ca_cert => test_ca_dsa_cert,
       :ocsp_start_skew_seconds => 3600,
       :ocsp_validity_hours => 48,
       :crl_list_file => crl_list_sio,

data/spec/fixtures/crl_list.sql ADDED

@@ -0,0 +1,13 @@
+-- CREATE SCHEMA
+CREATE TABLE revoked_serials(
+   serial TEXT NOT NULL PRIMARY KEY,
+   reason INTEGER,
+   revoked_at INTEGER NOT NULL
+);
+CREATE TABLE crl_number(
+  number INTEGER NOT NULL DEFAULT 0
+);
+INSERT INTO crl_number DEFAULT VALUES;
+-- LOAD DATA
+INSERT INTO revoked_serials (serial, reason, revoked_at) VALUES ('12345',0,1323983885);
+INSERT INTO revoked_serials (serial, reason, revoked_at) VALUES ('12346',null,1323983885);

data/spec/fixtures/csr1.der CHANGED

Binary file

data/spec/fixtures/csr1.pem CHANGED

@@ -8,10 +8,10 @@ C9eMVvImjd3jGROT7FoqNz/TgQR5c09O8z0uwlaZsQqsD2SaiFOZj/jS+bxkxAjk
 UEM60RjBkX82LdLmvRBGRhGVGMgs9DJESGIF9wt3MmDQPoLzsB1uuDaaOhWBCGse
 IrxVunIcZHANAgMBAAGgSzBJBgkqhkiG9w0BCQ4xPDA6MDgGA1UdEQQxMC+CCnRl
 c3QubG9jYWyCFWFkZGl0aW9uYWxkb21haW5zLmNvbYIKc2FuaWFtLmNvbTANBgkq
-hkiG9w0BAQUFAAOCAQEAUseamjf2WOfSPIHr1AfCQ2tSOJzVU1jYH1h2w4ycP33U
-Tcn2wjA4JFEsUdhlJtV1PQfcioZqT4cZO0HcRazkIJ9hkGHjIb3nQFp8v2C3FrHe
-LHJcX5eStEF/KH/Qx/Z6juwkuR9YmZ31a9j8NO2CXxeWR+NydTjuilYoA25AA7HH
-xRkRtkwsH5iexOV9/4qA0LeKjR2E0Ej4twOFkZzbVKEcAJPC4Z5YgKW2t8upJ/zO
-GkacSo6qbcH6+FBeYk7CD5y3QgCHosqxanxj9BOEXs0WfssCGKV7cpNIfz3xC7Di
-xmxtYH3tiPQIGGkzRUwGLhDk3wNj5MLfY7NeF7Du3w==
+hkiG9w0BAQsFAAOCAQEAIbw5ZthNbw7zldPXzDKzj6YmxKRXt/qg2bzGUW25kX24
+Lwsc9Ph42QU9vWP8CRZKMP4GxyH/BIRFRq7GD3mCihKet2I02SE9qIeMM3U1dFFX
+08XS1WT9eQk4CUhyqBymk2q5gI4Y//dLpnvhcBNB1GBo6Q1/7PSEXgazp0uqJbo6
+1fu4HbZEfQXqneG4KbKNYpGm2MceLhaYYZgU3FdMlKXJcRSKjif/86EabDAwh195
+S4mR6hFXg5g/FtO/hzam3oxOBoJVU6W8X/VGxZ8yqtY9E0t7gwTqAw0RlBjwSoTu
+zk5+RJ6mVDahjhLZsZY9Q+YAppNP8aP1UQe2U0+otQ==
 -----END CERTIFICATE REQUEST-----

data/spec/message_digest_spec.rb CHANGED

@@ -5,111 +5,111 @@ require 'openssl'
 describe R509::MessageDigest do
   it "translates sha1 name -> digest" do
     md = R509::MessageDigest.new("sha1")
-    md.name.should == "sha1"
-    md.digest.kind_of?(OpenSSL::Digest::SHA1).should == true
+    expect(md.name).to eq("sha1")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA1)).to eq(true)
   end
   it "translates SHA1 name -> digest" do
     md = R509::MessageDigest.new("SHA1")
-    md.name.should == "sha1"
-    md.digest.kind_of?(OpenSSL::Digest::SHA1).should == true
+    expect(md.name).to eq("sha1")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA1)).to eq(true)
   end
   it "translates sha224 name -> digest" do
     md = R509::MessageDigest.new("sha224")
-    md.name.should == "sha224"
-    md.digest.kind_of?(OpenSSL::Digest::SHA224).should == true
+    expect(md.name).to eq("sha224")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA224)).to eq(true)
   end
   it "translates sha256 name -> digest" do
     md = R509::MessageDigest.new("sha256")
-    md.name.should == "sha256"
-    md.digest.kind_of?(OpenSSL::Digest::SHA256).should == true
+    expect(md.name).to eq("sha256")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA256)).to eq(true)
   end
   it "translates SHA256 name -> digest" do
     md = R509::MessageDigest.new("SHA256")
-    md.name.should == "sha256"
-    md.digest.kind_of?(OpenSSL::Digest::SHA256).should == true
+    expect(md.name).to eq("sha256")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA256)).to eq(true)
   end
   it "translates SHA384 name -> digest" do
     md = R509::MessageDigest.new("SHA384")
-    md.name.should == "sha384"
-    md.digest.kind_of?(OpenSSL::Digest::SHA384).should == true
+    expect(md.name).to eq("sha384")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA384)).to eq(true)
   end
   it "translates sha512 name -> digest" do
     md = R509::MessageDigest.new("sha512")
-    md.name.should == "sha512"
-    md.digest.kind_of?(OpenSSL::Digest::SHA512).should == true
+    expect(md.name).to eq("sha512")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA512)).to eq(true)
   end
   it "translates SHA512 name -> digest" do
     md = R509::MessageDigest.new("SHA512")
-    md.name.should == "sha512"
-    md.digest.kind_of?(OpenSSL::Digest::SHA512).should == true
+    expect(md.name).to eq("sha512")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA512)).to eq(true)
   end
   it "translates md5 name -> digest" do
     md = R509::MessageDigest.new("md5")
-    md.name.should == "md5"
-    md.digest.kind_of?(OpenSSL::Digest::MD5).should == true
+    expect(md.name).to eq("md5")
+    expect(md.digest.is_a?(OpenSSL::Digest::MD5)).to eq(true)
   end
   it "translates MD5 name -> digest" do
     md = R509::MessageDigest.new("MD5")
-    md.name.should == "md5"
-    md.digest.kind_of?(OpenSSL::Digest::MD5).should == true
+    expect(md.name).to eq("md5")
+    expect(md.digest.is_a?(OpenSSL::Digest::MD5)).to eq(true)
   end
   it "translates dss1 name -> digest" do
     md = R509::MessageDigest.new("dss1")
-    md.name.should == "dss1"
-    md.digest.kind_of?(OpenSSL::Digest::DSS1).should == true
+    expect(md.name).to eq("dss1")
+    expect(md.digest.is_a?(OpenSSL::Digest::DSS1)).to eq(true)
   end
   it "translates DSS1 name -> digest" do
     md = R509::MessageDigest.new("DSS1")
-    md.name.should == "dss1"
-    md.digest.kind_of?(OpenSSL::Digest::DSS1).should == true
+    expect(md.name).to eq("dss1")
+    expect(md.digest.is_a?(OpenSSL::Digest::DSS1)).to eq(true)
   end
   it "translates unknown name -> digest" do
     md = R509::MessageDigest.new("unknown")
-    md.name.should == "sha1"
-    md.digest.kind_of?(OpenSSL::Digest::SHA1).should == true
+    expect(md.name).to eq("sha256")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA256)).to eq(true)
   end
   it "translates sha1 digest -> name" do
     md = R509::MessageDigest.new(OpenSSL::Digest::SHA1.new)
-    md.name.should == "sha1"
-    md.digest.kind_of?(OpenSSL::Digest::SHA1).should == true
+    expect(md.name).to eq("sha1")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA1)).to eq(true)
   end
   it "translates sha224 digest -> name" do
     md = R509::MessageDigest.new(OpenSSL::Digest::SHA224.new)
-    md.name.should == "sha224"
-    md.digest.kind_of?(OpenSSL::Digest::SHA224).should == true
+    expect(md.name).to eq("sha224")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA224)).to eq(true)
   end
   it "translates sha256 digest -> name" do
     md = R509::MessageDigest.new(OpenSSL::Digest::SHA256.new)
-    md.name.should == "sha256"
-    md.digest.kind_of?(OpenSSL::Digest::SHA256).should == true
+    expect(md.name).to eq("sha256")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA256)).to eq(true)
   end
   it "translates sha384 digest -> name" do
     md = R509::MessageDigest.new(OpenSSL::Digest::SHA384.new)
-    md.name.should == "sha384"
-    md.digest.kind_of?(OpenSSL::Digest::SHA384).should == true
+    expect(md.name).to eq("sha384")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA384)).to eq(true)
   end
   it "translates sha512 digest -> name" do
     md = R509::MessageDigest.new(OpenSSL::Digest::SHA512.new)
-    md.name.should == "sha512"
-    md.digest.kind_of?(OpenSSL::Digest::SHA512).should == true
+    expect(md.name).to eq("sha512")
+    expect(md.digest.is_a?(OpenSSL::Digest::SHA512)).to eq(true)
   end
   it "translates md5 digest -> name" do
     md = R509::MessageDigest.new(OpenSSL::Digest::MD5.new)
-    md.name.should == "md5"
-    md.digest.kind_of?(OpenSSL::Digest::MD5).should == true
+    expect(md.name).to eq("md5")
+    expect(md.digest.is_a?(OpenSSL::Digest::MD5)).to eq(true)
   end
   it "translates dss1 digest -> name" do
     md = R509::MessageDigest.new(OpenSSL::Digest::DSS1.new)
-    md.name.should == "dss1"
-    md.digest.kind_of?(OpenSSL::Digest::DSS1).should == true
+    expect(md.name).to eq("dss1")
+    expect(md.digest.is_a?(OpenSSL::Digest::DSS1)).to eq(true)
   end
   it "creates a default digest with no params or nil" do
     md = R509::MessageDigest.new
-    md.name.should == R509::MessageDigest::DEFAULT_MD.downcase
+    expect(md.name).to eq(R509::MessageDigest::DEFAULT_MD.downcase)
     md = R509::MessageDigest.new(nil)
-    md.name.should == R509::MessageDigest::DEFAULT_MD.downcase
+    expect(md.name).to eq(R509::MessageDigest::DEFAULT_MD.downcase)
   end
   it "exception on unknown digest -> name" do
-    expect{ R509::MessageDigest.new(12345) }.to raise_error(ArgumentError)
+    expect { R509::MessageDigest.new(12345) }.to raise_error(ArgumentError)
   end
 end

data/spec/ocsp_spec.rb CHANGED

@@ -19,37 +19,37 @@ describe R509::OCSP::Response do
   end
   it "parses a response der and returns the right object on #parse" do
     ocsp_response = R509::OCSP::Response.parse(@ocsp_response_der)
-    ocsp_response.kind_of?(R509::OCSP::Response).should == true
-    ocsp_response.status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
+    expect(ocsp_response.is_a?(R509::OCSP::Response)).to eq(true)
+    expect(ocsp_response.status).to eq(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL)
   end
   it "returns data on to_der" do
     ocsp_response = R509::OCSP::Response.parse(@ocsp_response_der)
-    ocsp_response.to_der.should_not == nil
+    expect(ocsp_response.to_der).not_to be_nil
   end
   it "returns a BasicResponse object on #basic" do
     ocsp_response = R509::OCSP::Response.parse(@ocsp_response_der)
-    ocsp_response.basic.kind_of?(OpenSSL::OCSP::BasicResponse).should == true
+    expect(ocsp_response.basic.is_a?(OpenSSL::OCSP::BasicResponse)).to eq(true)
   end
   it "returns true if response verifies (in validity period, chain builds to trusted root that's provided)" do
     ocsp_response = R509::OCSP::Response.parse(@test_ca_ocsp_response)
-    ocsp_response.verify(TestFixtures.test_ca_config.ca_cert.cert).should == true
+    expect(ocsp_response.verify(TestFixtures.test_ca_config.ca_cert.cert)).to eq(true)
   end
   it "verify supports an single certificate and uses it to validate" do
     ocsp_response = R509::OCSP::Response.parse(@test_ca_ocsp_response)
-    ocsp_response.verify(TestFixtures.test_ca_config.ca_cert.cert).should == true
+    expect(ocsp_response.verify(TestFixtures.test_ca_config.ca_cert.cert)).to eq(true)
   end
   it "verify supports an array of certificates and uses all of them to validate a chain" do
     ocsp_response = R509::OCSP::Response.parse(@test_ca_subroot_ocsp_response)
-    ocsp_response.verify([TestFixtures.test_ca_config.ca_cert.cert,TestFixtures.test_ca_subroot_cert.cert]).should == true
+    expect(ocsp_response.verify([TestFixtures.test_ca_config.ca_cert.cert, TestFixtures.test_ca_subroot_cert.cert])).to eq(true)
   end
   it "verify returns false if you don't give it enough certs to build a chain to a trusted root" do
     ocsp_response = R509::OCSP::Response.parse(@test_ca_subroot_ocsp_response)
-    ocsp_response.verify([TestFixtures.test_ca_config.ca_cert.cert]).should == false
+    expect(ocsp_response.verify([TestFixtures.test_ca_config.ca_cert.cert])).to eq(false)
   end
   it "returns false if response does not verify" do
-    #expired response
+    # expired response
     ocsp_response = R509::OCSP::Response.parse(@ocsp_response_der)
-    ocsp_response.verify(OpenSSL::X509::Certificate.new(@stca_cert)).should == false
+    expect(ocsp_response.verify(OpenSSL::X509::Certificate.new(@stca_cert))).to eq(false)
   end
   it "nonce is present and equal" do
     ocsp_request = OpenSSL::OCSP::Request.new
@@ -57,20 +57,20 @@ describe R509::OCSP::Response do
     basic_response = OpenSSL::OCSP::BasicResponse.new
     basic_response.copy_nonce(ocsp_request)
     response_double = double("ocsp_response")
-    response_double.should_receive(:kind_of?).and_return('OpenSSL::OCSP::Response')
-    response_double.should_receive(:basic).and_return(basic_response)
+    expect(response_double).to receive(:is_a?).and_return('OpenSSL::OCSP::Response')
+    expect(response_double).to receive(:basic).and_return(basic_response)
     ocsp_response = R509::OCSP::Response.new(response_double)
-    ocsp_response.check_nonce(ocsp_request).should == R509::OCSP::Request::Nonce::PRESENT_AND_EQUAL
+    expect(ocsp_response.check_nonce(ocsp_request)).to eq(R509::OCSP::Request::Nonce::PRESENT_AND_EQUAL)
   end
   it "no nonce" do
     ocsp_request = OpenSSL::OCSP::Request.new
     basic_response = OpenSSL::OCSP::BasicResponse.new
     basic_response.copy_nonce(ocsp_request)
     response_double = double("ocsp_response")
-    response_double.should_receive(:kind_of?).and_return('OpenSSL::OCSP::Response')
-    response_double.should_receive(:basic).and_return(basic_response)
+    expect(response_double).to receive(:is_a?).and_return('OpenSSL::OCSP::Response')
+    expect(response_double).to receive(:basic).and_return(basic_response)
     ocsp_response = R509::OCSP::Response.new(response_double)
-    ocsp_response.check_nonce(ocsp_request).should == R509::OCSP::Request::Nonce::BOTH_ABSENT
+    expect(ocsp_response.check_nonce(ocsp_request)).to eq(R509::OCSP::Request::Nonce::BOTH_ABSENT)
   end
   it "has a nonce in the response only" do
     ocsp_request = OpenSSL::OCSP::Request.new
@@ -79,10 +79,10 @@ describe R509::OCSP::Response do
     basic_response = OpenSSL::OCSP::BasicResponse.new
     basic_response.copy_nonce(nonce_request)
     response_double = double("ocsp_response")
-    response_double.should_receive(:kind_of?).and_return('OpenSSL::OCSP::Response')
-    response_double.should_receive(:basic).and_return(basic_response)
+    expect(response_double).to receive(:is_a?).and_return('OpenSSL::OCSP::Response')
+    expect(response_double).to receive(:basic).and_return(basic_response)
     ocsp_response = R509::OCSP::Response.new(response_double)
-    ocsp_response.check_nonce(ocsp_request).should == R509::OCSP::Request::Nonce::RESPONSE_ONLY
+    expect(ocsp_response.check_nonce(ocsp_request)).to eq(R509::OCSP::Request::Nonce::RESPONSE_ONLY)
   end
   it "nonce in request and response is not equal" do
     ocsp_request = OpenSSL::OCSP::Request.new
@@ -92,20 +92,20 @@ describe R509::OCSP::Response do
     basic_response = OpenSSL::OCSP::BasicResponse.new
     basic_response.copy_nonce(ocsp_request)
     response_double = double("ocsp_response")
-    response_double.should_receive(:kind_of?).and_return('OpenSSL::OCSP::Response')
-    response_double.should_receive(:basic).and_return(basic_response)
+    expect(response_double).to receive(:is_a?).and_return('OpenSSL::OCSP::Response')
+    expect(response_double).to receive(:basic).and_return(basic_response)
     ocsp_response = R509::OCSP::Response.new(response_double)
-    ocsp_response.check_nonce(second_request).should == R509::OCSP::Request::Nonce::NOT_EQUAL
+    expect(ocsp_response.check_nonce(second_request)).to eq(R509::OCSP::Request::Nonce::NOT_EQUAL)
   end
   it "nonce in request only" do
     ocsp_request = OpenSSL::OCSP::Request.new
     ocsp_request.add_nonce
     basic_response = OpenSSL::OCSP::BasicResponse.new
     response_double = double("ocsp_response")
-    response_double.should_receive(:kind_of?).and_return('OpenSSL::OCSP::Response')
-    response_double.should_receive(:basic).and_return(basic_response)
+    expect(response_double).to receive(:is_a?).and_return('OpenSSL::OCSP::Response')
+    expect(response_double).to receive(:basic).and_return(basic_response)
     ocsp_response = R509::OCSP::Response.new(response_double)
-    ocsp_response.check_nonce(ocsp_request).should == R509::OCSP::Request::Nonce::REQUEST_ONLY
+    expect(ocsp_response.check_nonce(ocsp_request)).to eq(R509::OCSP::Request::Nonce::REQUEST_ONLY)
   end
 end