r509 0.8.1 → 0.9

data/spec/r509_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+def capture_stdout(&block)
+  original_stdout = $stdout
+    $stdout = fake = StringIO.new
+    begin
+      yield
+    ensure
+      $stdout = original_stdout
+    end
+    fake.string
+end
+
+describe R509 do
+  it "prints version and feature info with ::print_debug" do
+    output = capture_stdout { R509.print_debug }
+    output.should match /^r509 v/
+    output.should match /^OpenSSL/
+    output.should match /^Ruby/
+    output.should match /^Elliptic/
+  end
+  it "checks if ec is supported", :ec => true do
+    R509.ec_supported?.should == true
+  end
+  it "checks if EC is unsupported" do
+    ec = OpenSSL::PKey.send(:remove_const,:EC) # remove EC support for test!
+    load('r509/ec-hack.rb')
+    R509.ec_supported?.should == false
+    expect { OpenSSL::PKey::EC.new }.to raise_error(R509::R509Error)
+    OpenSSL::PKey.send(:remove_const,:EC) # remove stubbed EC
+    OpenSSL::PKey::EC = ec # add the real one back
+    # this pretty fragile. if the expectation fails then we don't fix the EC class assignment
+    # so any spec called after this will fail improperly.
+  end
+end

data/spec/spec_helper.rb

@@ -1,9 +1,9 @@
-if (RUBY_VERSION.split('.')[1].to_i > 8)
-    begin
-        require 'simplecov'
-        SimpleCov.start
-    rescue LoadError
-    end
+if (RUBY_VERSION.split('.')[1].to_i > 8 or RUBY_VERSION.split('.')[0].to_i > 1)
+  begin
+    require 'simplecov'
+    SimpleCov.start
+  rescue LoadError
+  end
 end
 
 $:.unshift File.expand_path("../../lib", __FILE__)
@@ -12,3 +12,12 @@ require 'rubygems'
 require 'fixtures'
 require 'rspec'
 require 'r509'
+
+# exclude EC specific tests if it's unsupported
+if not R509.ec_supported?
+  puts "\e[#{31}mWARNING: NOT RUNNING EC TESTS BECAUSE EC IS UNSUPPORTED ON YOUR RUBY INSTALLATION\e[0m"
+  R509.print_debug
+  RSpec.configure do |c|
+    c.filter_run_excluding :ec => true
+  end
+end

data/spec/spki_spec.rb

@@ -2,156 +2,235 @@ require 'spec_helper'
 require 'stringio'
 require 'r509/spki'
 
+shared_examples_for "create spki with private key" do
+    it "generates a spki with default digest" do
+      spki = R509::SPKI.new(:key => @key)
+      spki.to_pem.should_not be_nil
+      spki.verify_signature
+    end
 
-describe R509::Spki do
-    before :all do
-        #also known as SPKAC (signed public key and challenge)
-        @spki_dsa = TestFixtures::SPKI_DSA.strip
-        @spki = TestFixtures::SPKI.strip
-        @spki_der = TestFixtures::SPKI_DER
+    it "generates a spki from a pem key" do
+      spki = R509::SPKI.new(:key => @key.to_pem)
+      spki.to_pem.should_not be_nil
+      spki.verify_signature
     end
-    it "raises an error if you don't provide a hash" do
-        expect { R509::Spki.new("junk") }.to raise_error(ArgumentError,'Must provide a hash of options')
+
+    it "generates a spki with custom digest" do
+      spki = R509::SPKI.new(:key => @key, :message_digest => "sha256")
+      spki.to_pem.should_not be_nil
+      spki.verify_signature
     end
-    it "raises an error if you don't provide spki and subject" do
-        expect { R509::Spki.new(:spki => @spki) }.to raise_error(ArgumentError,'Must provide both spki and subject')
+
+    it "stores the key" do
+      spki = R509::SPKI.new(:key => @key)
+      spki.key.should == @key
     end
-    it "raises an error if you don't provide an Array for san_names" do
-        expect { R509::Spki.new(:spki => @spki, :subject => [['CN','test']], :san_names => "hello.com") }.to raise_error(ArgumentError,'if san_names are provided they must be in an Array')
+
+    it "verifies signature" do
+      spki = R509::SPKI.new(:key => @key)
+      spki.verify_signature
     end
-    it "loads an RSA spkac" do
-        spki = R509::Spki.new( :spki => @spki, :subject => [['CN','spkitest.com']] )
-        spki.to_pem.should == @spki
+end
+
+shared_examples_for "spki + private key" do
+  it "verifies they match" do
+      expect { R509::SPKI.new(:key => @key, :spki => @spki) }.to_not raise_error
+  end
+
+  it "errors if they don't match" do
+      expect { R509::SPKI.new(:key => @key, :spki => @spki2) }.to raise_error(R509::R509Error,'Key does not match SPKI.')
+  end
+end
+
+describe R509::SPKI do
+  before :all do
+    #also known as SPKAC (signed public key and challenge)
+    @spki_dsa = TestFixtures::SPKI_DSA
+    @spki_dsa_no_verify = TestFixtures::SPKI_DSA_NO_VERIFY
+    @spki = TestFixtures::SPKI
+    @spki_rsa_newlines = TestFixtures::SPKI_RSA_NEWLINES
+    @spki_ec = TestFixtures::SPKI_EC
+    @spki_der = TestFixtures::SPKI_DER
+  end
+  it "raises an error if you don't provide a hash" do
+    expect { R509::SPKI.new("junk") }.to raise_error(ArgumentError,'Must provide a hash of options')
+  end
+  it "raises an error if you provide an empty hash" do
+    expect { R509::SPKI.new({}) }.to raise_error(ArgumentError,'Must provide either :spki or :key')
+  end
+  context "rsa" do
+    context "no existing spki" do
+      before :all do
+        @key = R509::PrivateKey.new(:type => :rsa, :bit_strength => 1024)
+      end
+      include_examples "create spki with private key"
+    end
+    context "existing spki + private key" do
+      before :all do
+        @key = R509::PrivateKey.new(:type => :rsa, :bit_strength => 512)
+        @key2 = R509::PrivateKey.new(:type => :rsa, :bit_strength => 512)
+        @spki = R509::SPKI.new(:key => @key).to_pem
+        @spki2 = R509::SPKI.new(:key => @key2).to_pem
+      end
+      include_examples "spki + private key"
+    end
+  end
+  context "dsa" do
+    context "no existing spki" do
+      before :all do
+        @key = R509::PrivateKey.new(:type => :dsa, :bit_strength => 1024)
+      end
+      include_examples "create spki with private key"
+    end
+    context "existing spki + private key" do
+      before :all do
+        @key = R509::PrivateKey.new(:type => :dsa, :bit_strength => 512)
+        @key2 = R509::PrivateKey.new(:type => :dsa, :bit_strength => 512)
+        @spki = R509::SPKI.new(:key => @key).to_pem
+        @spki2 = R509::SPKI.new(:key => @key2).to_pem
+      end
+      include_examples "spki + private key"
+    end
+  end
+  context "elliptic curve", :ec => true do
+    context "no existing spki" do
+      before :all do
+        @key = R509::PrivateKey.new(:type => :ec)
+      end
+      include_examples "create spki with private key"
+    end
+    context "existing spki + private key" do
+      before :all do
+        @key = R509::PrivateKey.new(:type => :ec)
+        @key2 = R509::PrivateKey.new(:type => :ec)
+        @spki = R509::SPKI.new(:key => @key).to_pem
+        @spki2 = R509::SPKI.new(:key => @key2).to_pem
+      end
+      include_examples "spki + private key"
+    end
+  end
+  context "with existing spki" do
+    it "loads an RSA spki" do
+      spki = R509::SPKI.new( :spki => @spki )
+      spki.to_pem.should == @spki
+    end
+    it "loads an spkac with newlines" do
+      spki = R509::SPKI.new( :spki => @spki_rsa_newlines )
+      spki.to_pem.should == @spki_rsa_newlines.gsub("\n","")
     end
     it "properly strips SPKAC= prefix and loads" do
-        spki = R509::Spki.new(
-            :spki => "SPKAC="+@spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.to_pem.should == @spki
+      spki = R509::SPKI.new( :spki => "SPKAC="+@spki )
+      spki.to_pem.should == @spki
+    end
+  end
+  it "returns the public key" do
+    spki = R509::SPKI.new( :spki => @spki )
+    spki.public_key.should_not == nil
+  end
+  it "returns pem" do
+    spki = R509::SPKI.new( :spki => @spki )
+    spki.to_pem.should == @spki
+  end
+  it "returns der" do
+    spki = R509::SPKI.new( :spki => @spki )
+    spki.to_der.should == @spki_der
+  end
+  it "writes to pem" do
+    spki = R509::SPKI.new( :spki => @spki )
+    sio = StringIO.new
+    sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
+    spki.write_pem(sio)
+    sio.string.should == @spki
+  end
+  it "writes to der" do
+    spki = R509::SPKI.new( :spki => @spki )
+    sio = StringIO.new
+    sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
+    spki.write_der(sio)
+    sio.string.should ==  @spki_der
+  end
+  it "rsa?" do
+    spki = R509::SPKI.new( :spki => @spki )
+    spki.rsa?.should == true
+    spki.dsa?.should == false
+  end
+  it "returns error when asking for curve_name on non-ec" do
+    spki = R509::SPKI.new( :spki => @spki )
+    expect { spki.curve_name }.to raise_error(R509::R509Error,'Curve name is only available with EC SPKIs')
+  end
+  it "returns RSA key algorithm for RSA" do
+    spki = R509::SPKI.new( :spki => @spki )
+    spki.key_algorithm.should == :rsa
+  end
+  it "gets RSA bit strength" do
+    spki = R509::SPKI.new( :spki => @spki )
+    spki.bit_strength.should == 2048
+  end
+  it "loads a DSA spkac" do
+    spki = R509::SPKI.new( :spki => @spki_dsa )
+    spki.to_pem.should == @spki_dsa
+  end
+  it "gets DSA bit strength" do
+    spki = R509::SPKI.new( :spki => @spki_dsa )
+    spki.bit_strength.should == 2048
+  end
+  it "dsa?" do
+    spki = R509::SPKI.new( :spki => @spki_dsa )
+    spki.dsa?.should == true
+    spki.rsa?.should == false
+  end
+  it "returns DSA key algorithm for DSA" do
+    spki = R509::SPKI.new( :spki => @spki_dsa )
+    spki.key_algorithm.should == :dsa
+  end
+
+  context "elliptic curve", :ec => true do
+    it "loads an spkac" do
+      spki = R509::SPKI.new( :spki => @spki_ec )
+      spki.to_pem.should == @spki_ec
+    end
+    it "returns the curve name" do
+      spki = R509::SPKI.new( :spki => @spki_ec )
+      spki.curve_name.should == 'secp384r1'
+    end
+    it "raises error on bit strength" do
+      spki = R509::SPKI.new( :spki => @spki_ec )
+      expect { spki.bit_strength }.to raise_error(R509::R509Error,'Bit strength is not available for EC at this time.')
+    end
+    it "returns the key algorithm" do
+      spki = R509::SPKI.new( :spki => @spki_ec )
+      spki.key_algorithm.should == :ec
     end
     it "returns the public key" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.public_key.should_not == nil
-    end
-    it "returns pem" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.to_pem.should == @spki
-    end
-    it "returns der" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.to_der.should == @spki_der
-    end
-    it "writes to pem" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        sio = StringIO.new
-        sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
-        spki.write_pem(sio)
-        sio.string.should == @spki
-    end
-    it "writes to der" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        sio = StringIO.new
-        sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
-        spki.write_der(sio)
-        sio.string.should ==  @spki_der
-    end
-    it "rsa?" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.rsa?.should == true
-        spki.dsa?.should == false
-    end
-    it "returns RSA key algorithm for RSA" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.key_algorithm.should == "RSA"
-    end
-    it "gets RSA bit strength" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.bit_strength.should == 2048
-    end
-    it "loads a DSA spkac" do
-        spki = R509::Spki.new(
-            :spki => @spki_dsa,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.to_pem.should == @spki_dsa
-    end
-    it "gets DSA bit strength" do
-        spki = R509::Spki.new(
-            :spki => @spki_dsa,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.bit_strength.should == 2048
-    end
-    it "dsa?" do
-        spki = R509::Spki.new(
-            :spki => @spki_dsa,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.dsa?.should == true
-        spki.rsa?.should == false
-    end
-    it "returns DSA key algorithm for DSA" do
-        spki = R509::Spki.new(
-            :spki => @spki_dsa,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.key_algorithm.should == "DSA"
-    end
-    it "returns expected value for subject" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.subject.to_s.should == '/CN=spkitest.com'
-    end
-    it "returns expected value for san names" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']],
-            :san_names => ['domain1.com','domain2.com']
-        )
-        spki.san_names.should == ['domain1.com','domain2.com']
-    end
-    it "returns empty array when passed no san_names" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']]
-        )
-        spki.san_names.empty?.should == true
-    end
-    it "creates a valid hash object with to_hash" do
-        spki = R509::Spki.new(
-            :spki => @spki,
-            :subject => [['CN','spkitest.com']],
-            :san_names => ["test.local"]
-        )
-        spki.to_hash[:subject].kind_of?(R509::Subject).should == true
-        spki.to_hash[:subject].to_s.should == '/CN=spkitest.com'
-        spki.to_hash[:san_names].should == ["test.local"]
+      spki = R509::SPKI.new( :spki => @spki_ec )
+      spki.public_key.should_not == nil
+    end
+    it "ec?" do
+      spki = R509::SPKI.new( :spki => @spki_ec )
+      spki.ec?.should == true
+      spki.dsa?.should == false
+      spki.rsa?.should == false
+    end
+  end
+
+  context "when elliptic curve support is unavailable" do
+    before :all do
+      @ec = OpenSSL::PKey.send(:remove_const,:EC) # remove EC support for test!
+      load('r509/ec-hack.rb')
+    end
+    after :all do
+      OpenSSL::PKey.send(:remove_const,:EC) # remove stubbed EC
+      OpenSSL::PKey::EC = @ec # add the real one back
+    end
+    it "checks rsa?" do
+      spki = R509::SPKI.new( :spki => @spki )
+      spki.rsa?.should == true
+      spki.ec?.should == false
+      spki.dsa?.should == false
+    end
+    it "returns RSA key algorithm for RSA CSR" do
+      spki = R509::SPKI.new( :spki => @spki )
+      spki.key_algorithm.should == :rsa
     end
+  end
 end

data/spec/subject_spec.rb

@@ -3,201 +3,269 @@ require 'r509/subject'
 require 'openssl'
 
 describe R509::Subject do
-    before :all do
-        @csr_unknown_oid = TestFixtures::CSR_UNKNOWN_OID
-    end
+  before :all do
+    @csr_unknown_oid = TestFixtures::CSR_UNKNOWN_OID
+  end
 
-    it "initializes an empty subject and gets the name" do
-        subject = R509::Subject.new
-        subject.name.to_s.should == ""
-    end
-    it "initializes an empty subject, adds a field, and gets the name" do
-        subject = R509::Subject.new
-        subject["CN"] = "domain.com"
-        subject.name.to_s.should == "/CN=domain.com"
-    end
-    it "initializes with a subject array, and gets the name" do
-        subject = R509::Subject.new([["CN", "domain.com"], ["O", "my org"]])
-        subject.name.to_s.should == "/CN=domain.com/O=my org"
-    end
-    it "initializes with a name, gets the name" do
-        name = OpenSSL::X509::Name.new([["CN", "domain.com"], ["O", "my org"], ["OU", "my unit"]])
-        subject = R509::Subject.new(name)
-        subject.name.to_s.should == "/CN=domain.com/O=my org/OU=my unit"
-    end
-    it "initializes with a subject" do
-        s1 = R509::Subject.new
-        s1["CN"] = "domain.com"
-        s1["O"] = "my org"
+  it "initializes an empty subject and gets the name" do
+    subject = R509::Subject.new
+    subject.name.to_s.should == ""
+  end
+  it "initializes an empty subject, adds a field, and gets the name" do
+    subject = R509::Subject.new
+    subject["CN"] = "domain.com"
+    subject.name.to_s.should == "/CN=domain.com"
+  end
+  it "initializes with a subject array, and gets the name" do
+    subject = R509::Subject.new([["CN", "domain.com"], ["O", "my org"]])
+    subject.name.to_s.should == "/CN=domain.com/O=my org"
+  end
+  it "initializes with a name, gets the name" do
+    name = OpenSSL::X509::Name.new([["CN", "domain.com"], ["O", "my org"], ["OU", "my unit"]])
+    subject = R509::Subject.new(name)
+    subject.name.to_s.should == "/CN=domain.com/O=my org/OU=my unit"
+  end
+  it "initializes with a subject" do
+    s1 = R509::Subject.new
+    s1["CN"] = "domain.com"
+    s1["O"] = "my org"
 
-        s2 = R509::Subject.new(s1)
-        s2.name.to_s.should == s1.name.to_s
-    end
-    it "preserves order of a full subject line" do
-        subject = R509::Subject.new([['CN','langui.sh'],['ST','Illinois'],['L','Chicago'],['C','US'],['emailAddress','ca@langui.sh']])
-        subject.name.to_s.should == '/CN=langui.sh/ST=Illinois/L=Chicago/C=US/emailAddress=ca@langui.sh'
-    end
-    it "preserves order of a full subject line and uses to_s directly" do
-        subject = R509::Subject.new([['CN','langui.sh'],['ST','Illinois'],['L','Chicago'],['C','US'],['emailAddress','ca@langui.sh']])
-        subject.to_s.should == '/CN=langui.sh/ST=Illinois/L=Chicago/C=US/emailAddress=ca@langui.sh'
-    end
-    it "preserves order with raw OIDs, and potentially fills in known OID names" do
-        subject = R509::Subject.new([['2.5.4.3','common name'],['2.5.4.15','business category'],['2.5.4.7','locality'],['1.3.6.1.4.1.311.60.2.1.3','jurisdiction oid openssl typically does not know']])
-        subject.to_s.should == "/CN=common name/businessCategory=business category/L=locality/jurisdictionOfIncorporationCountryName=jurisdiction oid openssl typically does not know"
-    end
+    s2 = R509::Subject.new(s1)
+    s2.name.to_s.should == s1.name.to_s
+  end
+  it "preserves order of a full subject line" do
+    subject = R509::Subject.new([['CN','langui.sh'],['ST','Illinois'],['L','Chicago'],['C','US'],['emailAddress','ca@langui.sh']])
+    subject.name.to_s.should == '/CN=langui.sh/ST=Illinois/L=Chicago/C=US/emailAddress=ca@langui.sh'
+  end
+  it "preserves order of a full subject line and uses to_s directly" do
+    subject = R509::Subject.new([['CN','langui.sh'],['ST','Illinois'],['L','Chicago'],['C','US'],['emailAddress','ca@langui.sh']])
+    subject.to_s.should == '/CN=langui.sh/ST=Illinois/L=Chicago/C=US/emailAddress=ca@langui.sh'
+  end
+  it "preserves order with raw OIDs, and potentially fills in known OID names" do
+    subject = R509::Subject.new([['2.5.4.3','common name'],['2.5.4.15','business category'],['2.5.4.7','locality'],['1.3.6.1.4.1.311.60.2.1.3','jurisdiction oid openssl typically does not know']])
+    subject.to_s.should == "/CN=common name/businessCategory=business category/L=locality/jurisdictionOfIncorporationCountryName=jurisdiction oid openssl typically does not know"
+  end
 
-    it "edits an existing subject entry" do
-        subject = R509::Subject.new([["CN", "domain1.com"], ["O", "my org"]])
-        subject.to_s.should == "/CN=domain1.com/O=my org"
+  it "edits an existing subject entry" do
+    subject = R509::Subject.new([["CN", "domain1.com"], ["O", "my org"]])
+    subject.to_s.should == "/CN=domain1.com/O=my org"
 
-        subject["CN"] = "domain2.com"
-        subject.to_s.should == "/CN=domain2.com/O=my org"
-    end
+    subject["CN"] = "domain2.com"
+    subject.to_s.should == "/CN=domain2.com/O=my org"
+  end
 
-    it "deletes an existing subject entry" do
-        subject = R509::Subject.new([["CN", "domain1.com"], ["O", "my org"]])
-        subject.to_s.should == "/CN=domain1.com/O=my org"
+  it "deletes an existing subject entry" do
+    subject = R509::Subject.new([["CN", "domain1.com"], ["O", "my org"]])
+    subject.to_s.should == "/CN=domain1.com/O=my org"
 
-        subject.delete("CN")
-        subject.to_s.should == "/O=my org"
-    end
+    subject.delete("CN")
+    subject.to_s.should == "/O=my org"
+  end
 
-    it "is empty when initialized" do
-        subject = R509::Subject.new
-        subject.empty?.should == true
-        subject["CN"] = "domain.com"
-        subject.empty?.should == false
-    end
+  it "is empty when initialized" do
+    subject = R509::Subject.new
+    subject.empty?.should == true
+    subject["CN"] = "domain.com"
+    subject.empty?.should == false
+  end
+
+  it "is not empty" do
+    subject = R509::Subject.new([["CN", "domain1.com"]])
+    subject.empty?.should == false
+  end
+
+  it "can get a component out of the subject" do
+    subject = R509::Subject.new([["CN", "domain.com"]])
+    subject["CN"].should == "domain.com"
+    subject["O"].should == nil
+  end
+
+  it "adds an OID" do
+    subject = R509::Subject.new
+    subject['1.3.6.1.4.1.311.60.2.1.3'] = 'jurisdiction oid openssl typically does not know'
+    subject['1.3.6.1.4.1.311.60.2.1.3'].should == 'jurisdiction oid openssl typically does not know'
+  end
 
-    it "is not empty" do
-        subject = R509::Subject.new([["CN", "domain1.com"]])
-        subject.empty?.should == false
+  it "deletes an OID" do
+    subject = R509::Subject.new([["CN", "domain.com"], ['1.3.6.1.4.1.38383.60.2.1.0.0', 'random oid']])
+    subject.to_s.should == "/CN=domain.com/1.3.6.1.4.1.38383.60.2.1.0.0=random oid"
+    subject.delete("1.3.6.1.4.1.38383.60.2.1.0.0")
+    subject.to_s.should == "/CN=domain.com"
+  end
+
+  it "fails when you instantiate with an unknown shortname" do
+    expect { R509::Subject.new([["NOTRIGHT", "foo"]]) }.to raise_error(OpenSSL::X509::NameError)
+  end
+
+  it "fails when you add an unknown shortname" do
+    subject = R509::Subject.new
+    expect { subject["WRONG"] = "bar" }.to raise_error(OpenSSL::X509::NameError)
+  end
+
+  it "parses unknown OIDs out of a CSR" do
+    csr = R509::CSR.new(:csr => @csr_unknown_oid)
+    subject = R509::Subject.new(csr.subject)
+    subject["1.2.3.4.5.6.7.8.9.8.7.6.5.4.3.2.1.0.0"].should == "random oid!"
+    subject["1.3.3.543.567.32.43.335.1.1.1"].should == "another random oid!"
+    subject["CN"].should == 'normaldomain.com'
+  end
+
+  context "dynamic getter/setter behaviors" do
+    it "recognizes getters for a standard subject oid" do
+      subject = R509::Subject.new [['CN','testCN']]
+      subject.CN.should == 'testCN'
+      subject.common_name.should == 'testCN'
+      subject.commonName.should == 'testCN'
     end
 
-    it "can get a component out of the subject" do
-        subject = R509::Subject.new([["CN", "domain.com"]])
-        subject["CN"].should == "domain.com"
-        subject["O"].should == nil
+    it "recognizes setters for a standard subject oid" do
+      subject = R509::Subject.new
+      subject.CN= 'testCN'
+      subject.CN.should == 'testCN'
+      subject.common_name= 'testCN2'
+      subject.common_name.should == 'testCN2'
+      subject.commonName= 'testCN3'
+      subject.commonName.should == 'testCN3'
+      subject.CN.should == 'testCN3'
+      subject.common_name.should == 'testCN3'
     end
 
-    it "adds an OID" do
-        subject = R509::Subject.new
-        subject['1.3.6.1.4.1.311.60.2.1.3'] = 'jurisdiction oid openssl typically does not know'
-        subject['1.3.6.1.4.1.311.60.2.1.3'].should == 'jurisdiction oid openssl typically does not know'
+    it "returns properly for respond_to? with a standard subject oid" do
+      subject = R509::Subject.new
+      subject.respond_to?("CN").should == true
+      subject.respond_to?("CN=").should == true
+      subject.respond_to?("commonName").should == true
+      subject.respond_to?("commonName=").should == true
+      subject.respond_to?("common_name").should == true
+      subject.respond_to?("common_name=").should == true
     end
 
-    it "deletes an OID" do
-        subject = R509::Subject.new([["CN", "domain.com"], ['1.3.6.1.4.1.38383.60.2.1.0.0', 'random oid']])
-        subject.to_s.should == "/CN=domain.com/1.3.6.1.4.1.38383.60.2.1.0.0=random oid"
-        subject.delete("1.3.6.1.4.1.38383.60.2.1.0.0")
-        subject.to_s.should == "/CN=domain.com"
+    it "returns properly for respond_to? for an invalid method name" do
+      subject = R509::Subject.new
+      subject.respond_to?("not_a_real_method=").should == false
+      subject.respond_to?("not_a_real_method").should == false
     end
 
-    it "fails when you instantiate with an unknown shortname" do
-        expect { R509::Subject.new([["NOTRIGHT", "foo"]]) }.to raise_error(OpenSSL::X509::NameError)
+    it "errors on invalid method names" do
+      subject = R509::Subject.new
+      expect { subject.random_value="assign" }.to raise_error(NoMethodError)
+      expect { subject.random_value }.to raise_error(NoMethodError)
     end
 
-    it "fails when you add an unknown shortname" do
-        subject = R509::Subject.new
-        expect { subject["WRONG"] = "bar" }.to raise_error(OpenSSL::X509::NameError)
+    it "works with an arbitrarily defined OID" do
+      R509::OIDMapper.register("1.4.3.2.1.2.3.6.6.6.6", "AOI", "arbitraryName")
+      subject = R509::Subject.new
+      subject.AOI= "test"
+      subject.AOI.should == "test"
+      subject.arbitrary_name = "test2"
+      subject.arbitrary_name.should == "test2"
+      subject.arbitraryName= "test3"
+      subject.arbitraryName.should == "test3"
+      subject.AOI.should == "test3"
+      subject.arbitrary_name.should == "test3"
     end
 
-    it "parses unknown OIDs out of a CSR" do
-        csr = R509::Csr.new(:csr => @csr_unknown_oid)
-        subject = R509::Subject.new(csr.subject)
-        subject["1.2.3.4.5.6.7.8.9.8.7.6.5.4.3.2.1.0.0"].should == "random oid!"
-        subject["1.3.3.543.567.32.43.335.1.1.1"].should == "another random oid!"
-        subject["CN"].should == 'normaldomain.com'
+    it "returns properly for respond_to? with a custom subject oid" do
+      R509::OIDMapper.register("1.4.3.2.1.2.3.7.7.7.7", "IOS", "iOperatingSystem")
+      subject = R509::Subject.new
+      subject.respond_to?("IOS").should == true
+      subject.respond_to?("IOS=").should == true
+      subject.respond_to?("iOperatingSystem").should == true
+      subject.respond_to?("iOperatingSystem=").should == true
+      subject.respond_to?("i_operating_system").should == true
+      subject.respond_to?("i_operating_system=").should == true
     end
 
+  end
+
 end
 
 describe R509::NameSanitizer do
-    before :all do
-        @sanitizer = R509::NameSanitizer.new
-    end
+  before :all do
+    @sanitizer = R509::NameSanitizer.new
+  end
 
-    it "when it has only known OIDs" do
-        name = OpenSSL::X509::Name.new [["C", "US"], ["ST", "Illinois"]]
-        array = @sanitizer.sanitize(name)
-        array.size.should == 2
-        array[0][0].should == "C"
-        array[0][1].should == "US"
-        array[1][0].should == "ST"
-        array[1][1].should == "Illinois"
-    end
+  it "when it has only known OIDs" do
+    name = OpenSSL::X509::Name.new [["C", "US"], ["ST", "Illinois"]]
+    array = @sanitizer.sanitize(name)
+    array.size.should == 2
+    array[0][0].should == "C"
+    array[0][1].should == "US"
+    array[1][0].should == "ST"
+    array[1][1].should == "Illinois"
+  end
 
-    it "when it has only unknown OIDs" do
-        name = OpenSSL::X509::Name.new [["1.2.3.4", "US"], ["1.2.3.5", "Illinois"]]
-        array = @sanitizer.sanitize(name)
-        array.size.should == 2
-        array[0][0].should == "1.2.3.4"
-        array[0][1].should == "US"
-        array[1][0].should == "1.2.3.5"
-        array[1][1].should == "Illinois"
-    end
+  it "when it has only unknown OIDs" do
+    name = OpenSSL::X509::Name.new [["1.2.3.4", "US"], ["1.2.3.5", "Illinois"]]
+    array = @sanitizer.sanitize(name)
+    array.size.should == 2
+    array[0][0].should == "1.2.3.4"
+    array[0][1].should == "US"
+    array[1][0].should == "1.2.3.5"
+    array[1][1].should == "Illinois"
+  end
 
-    it "when it has an unknown between two knowns" do
-        name = OpenSSL::X509::Name.new [["CN", "domain.com"], ["1.2.3.4", "US"], ["ST", "Illinois"]]
-        array = @sanitizer.sanitize(name)
-        array.size.should == 3
-        array[0][0].should == "CN"
-        array[0][1].should == "domain.com"
-        array[1][0].should == "1.2.3.4"
-        array[1][1].should == "US"
-        array[2][0].should == "ST"
-        array[2][1].should == "Illinois"
-    end
+  it "when it has an unknown between two knowns" do
+    name = OpenSSL::X509::Name.new [["CN", "domain.com"], ["1.2.3.4", "US"], ["ST", "Illinois"]]
+    array = @sanitizer.sanitize(name)
+    array.size.should == 3
+    array[0][0].should == "CN"
+    array[0][1].should == "domain.com"
+    array[1][0].should == "1.2.3.4"
+    array[1][1].should == "US"
+    array[2][0].should == "ST"
+    array[2][1].should == "Illinois"
+  end
 
-    it "when it has a known between two unknowns" do
-        name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["C", "US"], ["1.2.3.5", "Illinois"]]
-        array = @sanitizer.sanitize(name)
-        array.size.should == 3
-        array[0][0].should == "1.2.3.4"
-        array[0][1].should == "domain.com"
-        array[1][0].should == "C"
-        array[1][1].should == "US"
-        array[2][0].should == "1.2.3.5"
-        array[2][1].should == "Illinois"
-    end
+  it "when it has a known between two unknowns" do
+    name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["C", "US"], ["1.2.3.5", "Illinois"]]
+    array = @sanitizer.sanitize(name)
+    array.size.should == 3
+    array[0][0].should == "1.2.3.4"
+    array[0][1].should == "domain.com"
+    array[1][0].should == "C"
+    array[1][1].should == "US"
+    array[2][0].should == "1.2.3.5"
+    array[2][1].should == "Illinois"
+  end
 
-    it "when a known has the same value as an unknown defined before it" do
-        name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["CN", "domain.com"]]
-        array = @sanitizer.sanitize(name)
-        array.size.should == 2
-        array[0][0].should == "1.2.3.4"
-        array[0][1].should == "domain.com"
-        array[1][0].should == "CN"
-        array[1][1].should == "domain.com"
-    end
+  it "when a known has the same value as an unknown defined before it" do
+    name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["CN", "domain.com"]]
+    array = @sanitizer.sanitize(name)
+    array.size.should == 2
+    array[0][0].should == "1.2.3.4"
+    array[0][1].should == "domain.com"
+    array[1][0].should == "CN"
+    array[1][1].should == "domain.com"
+  end
 
-    it "when two unknowns have the same value" do
-        name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["1.2.3.5", "domain.com"]]
-        array = @sanitizer.sanitize(name)
-        array.size.should == 2
-        array[0][0].should == "1.2.3.4"
-        array[0][1].should == "domain.com"
-        array[1][0].should == "1.2.3.5"
-        array[1][1].should == "domain.com"
-    end
+  it "when two unknowns have the same value" do
+    name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["1.2.3.5", "domain.com"]]
+    array = @sanitizer.sanitize(name)
+    array.size.should == 2
+    array[0][0].should == "1.2.3.4"
+    array[0][1].should == "domain.com"
+    array[1][0].should == "1.2.3.5"
+    array[1][1].should == "domain.com"
+  end
 
-    it "when two unknowns have the same oid and different values" do
-        name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["1.2.3.4", "other"]]
-        array = @sanitizer.sanitize(name)
-        array.size.should == 2
-        array[0][0].should == "1.2.3.4"
-        array[0][1].should == "domain.com"
-        array[1][0].should == "1.2.3.4"
-        array[1][1].should == "other"
-    end
+  it "when two unknowns have the same oid and different values" do
+    name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["1.2.3.4", "other"]]
+    array = @sanitizer.sanitize(name)
+    array.size.should == 2
+    array[0][0].should == "1.2.3.4"
+    array[0][1].should == "domain.com"
+    array[1][0].should == "1.2.3.4"
+    array[1][1].should == "other"
+  end
 
-    it "when two unknowns have the same oid and the same value" do
-        name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["1.2.3.4", "domain.com"]]
-        array = @sanitizer.sanitize(name)
-        array.size.should == 2
-        array[0][0].should == "1.2.3.4"
-        array[0][1].should == "domain.com"
-        array[1][0].should == "1.2.3.4"
-        array[1][1].should == "domain.com"
-    end
+  it "when two unknowns have the same oid and the same value" do
+    name = OpenSSL::X509::Name.new [["1.2.3.4", "domain.com"], ["1.2.3.4", "domain.com"]]
+    array = @sanitizer.sanitize(name)
+    array.size.should == 2
+    array[0][0].should == "1.2.3.4"
+    array[0][1].should == "domain.com"
+    array[1][0].should == "1.2.3.4"
+    array[1][1].should == "domain.com"
+  end
 end