r509 0.9.2 → 0.10.0

data/spec/cert/extensions/crl_distribution_points_spec.rb

@@ -0,0 +1,149 @@
+require 'spec_helper'
+
+include R509::Cert::Extensions
+
+shared_examples_for "a correct R509 CRLDistributionPoints object" do |critical|
+  before :all do
+    extension_name = "crlDistributionPoints"
+    klass = CRLDistributionPoints
+    ef = OpenSSL::X509::ExtensionFactory.new
+    openssl_ext = ef.create_extension( extension_name, @extension_value , critical )
+    @r509_ext = klass.new( openssl_ext )
+  end
+
+  it "crl_uri should be correct critical:#{critical}" do
+    @r509_ext.uris.should == @crl_uris
+  end
+
+  it "reports #critical? properly" do
+    @r509_ext.critical?.should == critical
+  end
+end
+
+describe R509::Cert::Extensions::CRLDistributionPoints do
+  include R509::Cert::Extensions
+
+  context "validation" do
+    it "raises an error if you pass a non-hash" do
+      expect { CRLDistributionPoints.new( "test" ) }.to raise_error(ArgumentError, 'You must pass a hash with a :value key')
+    end
+
+    it "raises an error if you pass a value that is not an array" do
+      expect { CRLDistributionPoints.new( :value => "some-url" ) }.to raise_error(ArgumentError, 'crl_distribution_points must contain an array or R509::ASN1::GeneralNames object if provided')
+    end
+
+    it "raises an error if you pass an array that does not contain hashes" do
+      expect { CRLDistributionPoints.new( :value => [{},"string"] ) }.to raise_error(ArgumentError, 'All elements of the array must be hashes with a :type and :value')
+    end
+
+    it "raises an error if you pass an array that does not contain both :type and :value" do
+      expect { CRLDistributionPoints.new( :value => [{:type => 'URI'}] ) }.to raise_error(ArgumentError, 'All elements of the array must be hashes with a :type and :value')
+      expect { CRLDistributionPoints.new( :value => [{:value => 'value'}] ) }.to raise_error(ArgumentError, 'All elements of the array must be hashes with a :type and :value')
+    end
+  end
+
+
+  context "CRLDistributionPoints" do
+    context "creation & yaml generation" do
+      context "GeneralNames object" do
+        before :all do
+          gns = R509::ASN1::GeneralNames.new
+          gns.create_item(:type => "rfc822Name", :value => "random string")
+          args = { :value => gns, :critical => false }
+          @cdp = R509::Cert::Extensions::CRLDistributionPoints.new(args)
+        end
+
+        it "creates extension" do
+          @cdp.rfc_822_names.should == ['random string']
+        end
+
+        it "builds yaml" do
+          YAML.load(@cdp.to_yaml).should == {:critical=>false, :value=>[{:type=>"email", :value=>"random string"}]}
+        end
+      end
+
+      context "one CDP" do
+        before :all do
+          @args = { :value => [{ :type => 'URI', :value => 'http://crl.r509.org/ca.crl'}], :critical => false }
+          @cdp = R509::Cert::Extensions::CRLDistributionPoints.new(@args)
+        end
+
+        it "creates extension" do
+          @cdp.uris.should == ['http://crl.r509.org/ca.crl']
+        end
+
+        it "builds yaml" do
+          YAML.load(@cdp.to_yaml).should == @args
+        end
+      end
+
+      context "multiple CDP" do
+        before :all do
+          @args = { :value => [{ :type => 'URI', :value => 'http://crl.r509.org/ca.crl' },{ :type => 'dirName', :value => {:CN => 'myCN'}}], :critical => false }
+          @cdp = R509::Cert::Extensions::CRLDistributionPoints.new(@args)
+        end
+
+        it "creates extension" do
+          @cdp.uris.should == ['http://crl.r509.org/ca.crl']
+          @cdp.directory_names[0].to_s.should == '/CN=myCN'
+        end
+
+        it "builds yaml" do
+          YAML.load(@cdp.to_yaml).should == @args
+        end
+      end
+
+      context "default criticality" do
+        before :all do
+          @args = { :value => [{:type => "URI", :value => 'http://crl.r509.org/ca.crl'}] }
+          @cdp = R509::Cert::Extensions::CRLDistributionPoints.new(@args)
+        end
+
+        it "creates extension" do
+          @cdp.critical?.should be_false
+        end
+
+        it "builds yaml" do
+          YAML.load(@cdp.to_yaml).should == @args.merge(:critical => false)
+        end
+      end
+
+      context "non-default criticality" do
+        before :all do
+          @args = { :value => [{:type => "URI", :value => 'http://crl.r509.org/ca.crl'}], :critical => true }
+          @cdp = R509::Cert::Extensions::CRLDistributionPoints.new(@args)
+        end
+
+        it "creates extension" do
+          @cdp.critical?.should be_true
+        end
+
+        it "builds yaml" do
+          YAML.load(@cdp.to_yaml).should == @args
+        end
+      end
+
+    end
+
+    context "with a single CRL URI" do
+      before :all do
+        @crl_uris = ["http://www.test.local/ca.crl"]
+        @extension_value = "URI:#{@crl_uris.join(",URI:")}"
+      end
+
+      it_should_behave_like "a correct R509 CRLDistributionPoints object", false
+      it_should_behave_like "a correct R509 CRLDistributionPoints object", true
+    end
+
+    context "with multiple CRL URIs" do
+      before :all do
+        @crl_uris = ["http://www.test.local/ca.crl", "http://www.test.local/subca.crl"]
+        @extension_value = "URI:#{@crl_uris.join(",URI:")}"
+      end
+
+      it_should_behave_like "a correct R509 CRLDistributionPoints object", false
+      it_should_behave_like "a correct R509 CRLDistributionPoints object", true
+    end
+  end
+
+end

data/spec/cert/extensions/extended_key_usage_spec.rb

@@ -0,0 +1,174 @@
+require 'spec_helper'
+
+include R509::Cert::Extensions
+
+shared_examples_for "a correct R509 ExtendedKeyUsage object" do |critical|
+  before :all do
+    extension_name = "extendedKeyUsage"
+    klass = ExtendedKeyUsage
+    ef = OpenSSL::X509::ExtensionFactory.new
+    openssl_ext = ef.create_extension( extension_name, @extension_value , critical )
+    @r509_ext = klass.new( openssl_ext )
+  end
+
+  it "allowed_uses should be non-nil critical:#{critical}" do
+    @r509_ext.allowed_uses.should_not == nil
+  end
+
+  it "allowed_uses should be correct critical:#{critical}" do
+    @r509_ext.allowed_uses.should == @allowed_uses
+  end
+
+  it "the individual allowed-use functions should be correct critical:#{critical}" do
+    @r509_ext.web_server_authentication?.should == @allowed_uses.include?( ExtendedKeyUsage::AU_WEB_SERVER_AUTH )
+    @r509_ext.web_client_authentication?.should == @allowed_uses.include?( ExtendedKeyUsage::AU_WEB_CLIENT_AUTH )
+    @r509_ext.code_signing?.should == @allowed_uses.include?( ExtendedKeyUsage::AU_CODE_SIGNING )
+    @r509_ext.email_protection?.should == @allowed_uses.include?( ExtendedKeyUsage::AU_EMAIL_PROTECTION )
+    @r509_ext.ocsp_signing?.should == @allowed_uses.include?( ExtendedKeyUsage::AU_OCSP_SIGNING )
+    @r509_ext.time_stamping?.should == @allowed_uses.include?( ExtendedKeyUsage::AU_TIME_STAMPING )
+    @r509_ext.any_extended_key_usage?.should == @allowed_uses.include?( ExtendedKeyUsage::AU_ANY_EXTENDED_KEY_USAGE )
+  end
+
+  it "the #allows? method should work critical:#{critical}" do
+    @allowed_uses.each do |au|
+      @r509_ext.allows?(au).should == true
+    end
+  end
+
+  it "reports #critical? properly" do
+    @r509_ext.critical?.should == critical
+  end
+end
+
+
+describe R509::Cert::Extensions::ExtendedKeyUsage do
+  include R509::Cert::Extensions
+
+  context "validate extended key usage" do
+    it "errors with non-array" do
+      expect { R509::Cert::Extensions::ExtendedKeyUsage.new( 'not an array' ) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)')
+    end
+
+    it "errors with nil" do
+      expect { R509::Cert::Extensions::ExtendedKeyUsage.new(nil) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)')
+    end
+
+    it "errors with hash with no :value" do
+      expect { R509::Cert::Extensions::ExtendedKeyUsage.new({}) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)')
+    end
+
+    it "errors with hash with non-array :value" do
+      expect { R509::Cert::Extensions::KeyUsage.new({:value => "string"}) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)')
+    end
+  end
+
+  context "ExtendedKeyUsage" do
+    context "creation & yaml generation" do
+      context "single EKU" do
+        before :all do
+          @args = { :value => ['serverAuth'], :critical => false }
+          @eku = R509::Cert::Extensions::ExtendedKeyUsage.new(@args)
+        end
+
+        it "creates extension" do
+          @eku.allowed_uses.should == ['serverAuth']
+        end
+
+        it "builds yaml" do
+          YAML.load(@eku.to_yaml).should == @args
+        end
+      end
+
+      context "multiple EKU" do
+        before :all do
+          @args = { :value => ['serverAuth','codeSigning'], :critical => false }
+          @eku = R509::Cert::Extensions::ExtendedKeyUsage.new(@args)
+        end
+
+        it "creates extension" do
+          @eku.allowed_uses.should == ['serverAuth','codeSigning']
+        end
+
+        it "builds yaml" do
+          YAML.load(@eku.to_yaml).should == @args
+        end
+      end
+
+      context "default criticality" do
+        before :all do
+          @args = { :value => ['serverAuth'] }
+          @eku = R509::Cert::Extensions::ExtendedKeyUsage.new(@args)
+        end
+
+        it "creates extension" do
+          @eku.critical?.should be_false
+        end
+
+        it "builds yaml" do
+          YAML.load(@eku.to_yaml).should == @args.merge(:critical => false)
+        end
+      end
+
+      context "non-default criticality" do
+        before :all do
+          @args = { :value => ['serverAuth'], :critical => true }
+          @eku = R509::Cert::Extensions::ExtendedKeyUsage.new(@args)
+        end
+
+        it "creates extension" do
+          @eku.critical?.should be_true
+        end
+
+        it "builds yaml" do
+          YAML.load(@eku.to_yaml).should == @args
+        end
+      end
+
+    end
+
+    context "with one allowed use" do
+      before :all do
+        @allowed_uses = [ ExtendedKeyUsage::AU_WEB_SERVER_AUTH ]
+        @extension_value = @allowed_uses.join( ", " )
+      end
+
+      it_should_behave_like "a correct R509 ExtendedKeyUsage object", false
+      it_should_behave_like "a correct R509 ExtendedKeyUsage object", true
+    end
+
+    context "with some allowed uses" do
+      before :all do
+        # this spec and the one below alternate the uses
+        @allowed_uses = [ ExtendedKeyUsage::AU_WEB_SERVER_AUTH, ExtendedKeyUsage::AU_CODE_SIGNING ]
+        @extension_value = @allowed_uses.join( ", " )
+      end
+
+      it_should_behave_like "a correct R509 ExtendedKeyUsage object", false
+      it_should_behave_like "a correct R509 ExtendedKeyUsage object", true
+    end
+
+    context "with some different allowed uses" do
+      before :all do
+        @allowed_uses = [ ExtendedKeyUsage::AU_WEB_CLIENT_AUTH, ExtendedKeyUsage::AU_EMAIL_PROTECTION ]
+        @extension_value = @allowed_uses.join( ", " )
+      end
+
+      it_should_behave_like "a correct R509 ExtendedKeyUsage object", false
+      it_should_behave_like "a correct R509 ExtendedKeyUsage object", true
+    end
+
+    context "with all allowed uses" do
+      before :all do
+        @allowed_uses = [ ExtendedKeyUsage::AU_WEB_SERVER_AUTH, ExtendedKeyUsage::AU_CODE_SIGNING,
+                  ExtendedKeyUsage::AU_WEB_CLIENT_AUTH, ExtendedKeyUsage::AU_EMAIL_PROTECTION,
+                  ExtendedKeyUsage::AU_TIME_STAMPING, ExtendedKeyUsage::AU_OCSP_SIGNING,
+                  ExtendedKeyUsage::AU_ANY_EXTENDED_KEY_USAGE]
+        @extension_value = @allowed_uses.join( ", " )
+      end
+
+      it_should_behave_like "a correct R509 ExtendedKeyUsage object", false
+      it_should_behave_like "a correct R509 ExtendedKeyUsage object", true
+    end
+  end
+
+end

data/spec/cert/extensions/inhibit_any_policy_spec.rb

@@ -0,0 +1,92 @@
+require 'spec_helper'
+
+include R509::Cert::Extensions
+
+shared_examples_for "a correct R509 InhibitAnyPolicy object" do |critical|
+  before :all do
+    extension_name = "inhibitAnyPolicy"
+    klass = InhibitAnyPolicy
+    ef = OpenSSL::X509::ExtensionFactory.new
+    openssl_ext = ef.create_extension( extension_name, @value.to_s,critical)
+    @r509_ext = klass.new( openssl_ext )
+  end
+
+  it "should parse the integer value out of the extension" do
+    @r509_ext.value.should == @value
+  end
+
+  it "reports #critical? properly" do
+    @r509_ext.critical?.should == critical
+  end
+end
+
+describe R509::Cert::Extensions::InhibitAnyPolicy do
+  include R509::Cert::Extensions
+
+  context "validate inhibit any policy" do
+    it "raises an error when not a number" do
+      expect { R509::Cert::Extensions::InhibitAnyPolicy.new( :value => "string" ) }.to raise_error(ArgumentError,'Inhibit any policy must be a non-negative integer')
+    end
+    it "raises an error when not >= 0" do
+      expect { R509::Cert::Extensions::InhibitAnyPolicy.new( :value => -5 ) }.to raise_error(ArgumentError,'Inhibit any policy must be a non-negative integer')
+    end
+  end
+
+  context "InhibitAnyPolicy" do
+    before :all do
+      @value = 3
+    end
+
+    context "creation & yaml generation" do
+      context "creates with a positive skip #" do
+        before :all do
+          @args = { :value => 1, :critical => true }
+          @iap = R509::Cert::Extensions::InhibitAnyPolicy.new(@args)
+        end
+
+        it "creates extension" do
+          @iap.value.should == 1
+        end
+
+        it "builds yaml" do
+          YAML.load(@iap.to_yaml).should == @args
+        end
+      end
+
+      context "creates with default criticality" do
+        before :all do
+          @args = { :value => 1 }
+          @iap = R509::Cert::Extensions::InhibitAnyPolicy.new(@args)
+        end
+
+        it "creates extension" do
+          @iap.critical?.should == true
+        end
+
+        it "builds yaml" do
+          YAML.load(@iap.to_yaml).should == @args.merge(:critical => true)
+        end
+      end
+
+      context "creates with non-default criticality" do
+        before :all do
+          @args = { :value => 1, :critical => false }
+          @iap = R509::Cert::Extensions::InhibitAnyPolicy.new(@args)
+        end
+
+        it "creates extension" do
+          @iap.critical?.should == false
+        end
+
+        it "builds yaml" do
+          YAML.load(@iap.to_yaml).should == @args
+        end
+      end
+
+    end
+
+    it_should_behave_like "a correct R509 InhibitAnyPolicy object", false
+    it_should_behave_like "a correct R509 InhibitAnyPolicy object", true
+  end
+
+end

data/spec/cert/extensions/key_usage_spec.rb

@@ -0,0 +1,172 @@
+require 'spec_helper'
+
+shared_examples_for "a correct R509 KeyUsage object" do |critical|
+  before :each do
+    extension_name = "keyUsage"
+    klass = R509::Cert::Extensions::KeyUsage
+    ef = OpenSSL::X509::ExtensionFactory.new
+    openssl_ext = ef.create_extension( extension_name, @extension_value, critical )
+    @r509_ext = klass.new( openssl_ext )
+  end
+
+  it "allowed_uses should be non-nil critical:#{critical}" do
+    @r509_ext.allowed_uses.should_not == nil
+  end
+
+  it "allowed_uses should be correct critical:#{critical}" do
+    @r509_ext.allowed_uses.should == @allowed_uses
+  end
+
+  it "the individual allowed-use functions should be correct critical:#{critical}" do
+    @r509_ext.digital_signature?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_DIGITAL_SIGNATURE )
+    @r509_ext.non_repudiation?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_NON_REPUDIATION )
+    @r509_ext.key_encipherment?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_KEY_ENCIPHERMENT )
+    @r509_ext.data_encipherment?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_DATA_ENCIPHERMENT )
+    @r509_ext.key_agreement?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_KEY_AGREEMENT )
+    @r509_ext.key_cert_sign?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_KEY_CERT_SIGN )
+    @r509_ext.crl_sign?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_CRL_SIGN )
+    @r509_ext.encipher_only?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_ENCIPHER_ONLY )
+    @r509_ext.decipher_only?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_DECIPHER_ONLY )
+  end
+
+  it "the #allows? method should work critical:#{critical}" do
+    @allowed_uses.each do |au|
+      @r509_ext.allows?(au).should == true
+    end
+  end
+
+  it "reports #critical? properly" do
+    @r509_ext.critical?.should == critical
+  end
+end
+
+describe R509::Cert::Extensions::KeyUsage do
+  context "validate key usage" do
+    it "errors with non-array" do
+      expect { R509::Cert::Extensions::KeyUsage.new( 'not an array' ) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)')
+    end
+
+    it "errors with nil" do
+      expect { R509::Cert::Extensions::KeyUsage.new(nil) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)')
+    end
+
+    it "errors with hash with no :value" do
+      expect { R509::Cert::Extensions::KeyUsage.new({}) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)')
+    end
+
+    it "errors with hash with non-array :value" do
+      expect { R509::Cert::Extensions::KeyUsage.new({:value => "string"}) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)')
+    end
+  end
+
+  context "KeyUsage" do
+    context "creation & yaml generation" do
+      context "single KU" do
+        before :all do
+          @args = { :value => ['digitalSignature'] }
+          @ku = R509::Cert::Extensions::KeyUsage.new(@args)
+        end
+
+        it "creates extension" do
+          @ku.allowed_uses.should == ['digitalSignature']
+        end
+
+        it "builds yaml" do
+          YAML.load(@ku.to_yaml).should == @args.merge(:critical => false)
+        end
+      end
+
+
+      context "multiple KU" do
+        before :all do
+          @args = { :value => ['digitalSignature','keyAgreement'] }
+          @ku = R509::Cert::Extensions::KeyUsage.new(@args)
+        end
+
+        it "creates extension" do
+          @ku.allowed_uses.should == ['digitalSignature','keyAgreement']
+        end
+
+        it "builds_yaml" do
+          YAML.load(@ku.to_yaml).should == @args.merge(:critical => false)
+        end
+      end
+
+      context "default criticality" do
+        before :all do
+          @args = { :value => ['keyAgreement'] }
+          @ku = R509::Cert::Extensions::KeyUsage.new(@args)
+        end
+
+        it "creates extension" do
+          @ku.critical?.should be_false
+        end
+
+        it "builds yaml" do
+          YAML.load(@ku.to_yaml).should == @args.merge(:critical => false)
+        end
+      end
+
+      context "non-default criticality" do
+        before :all do
+          @args = { :value => ['keyAgreement'], :critical => true }
+          @ku = R509::Cert::Extensions::KeyUsage.new(@args)
+        end
+
+        it "creates extension" do
+          @ku.critical?.should be_true
+        end
+
+        it "builds yaml" do
+          YAML.load(@ku.to_yaml).should == @args
+        end
+      end
+
+    end
+
+    context "with one allowed use" do
+      before :all do
+        @allowed_uses = [ R509::Cert::Extensions::KeyUsage::AU_DIGITAL_SIGNATURE ]
+        @extension_value = @allowed_uses.join( ", " )
+      end
+
+      it_should_behave_like "a correct R509 KeyUsage object", false
+      it_should_behave_like "a correct R509 KeyUsage object", true
+    end
+
+    context "with some allowed uses" do
+      before :all do
+        # this spec and the one below alternate the uses
+        @allowed_uses = [ R509::Cert::Extensions::KeyUsage::AU_DIGITAL_SIGNATURE, R509::Cert::Extensions::KeyUsage::AU_KEY_ENCIPHERMENT, R509::Cert::Extensions::KeyUsage::AU_KEY_AGREEMENT, R509::Cert::Extensions::KeyUsage::AU_CRL_SIGN, R509::Cert::Extensions::KeyUsage::AU_DECIPHER_ONLY ]
+        @extension_value = @allowed_uses.join( ", " )
+      end
+
+      it_should_behave_like "a correct R509 KeyUsage object", false
+      it_should_behave_like "a correct R509 KeyUsage object", true
+    end
+
+    context "with some different allowed uses" do
+      before :all do
+        @allowed_uses = [ R509::Cert::Extensions::KeyUsage::AU_NON_REPUDIATION, R509::Cert::Extensions::KeyUsage::AU_DATA_ENCIPHERMENT, R509::Cert::Extensions::KeyUsage::AU_KEY_CERT_SIGN, R509::Cert::Extensions::KeyUsage::AU_ENCIPHER_ONLY ]
+        @extension_value = @allowed_uses.join( ", " )
+      end
+
+      it_should_behave_like "a correct R509 KeyUsage object", false
+      it_should_behave_like "a correct R509 KeyUsage object", true
+    end
+
+    context "with all allowed uses" do
+      before :all do
+        @allowed_uses = [ R509::Cert::Extensions::KeyUsage::AU_DIGITAL_SIGNATURE, R509::Cert::Extensions::KeyUsage::AU_NON_REPUDIATION,
+                 R509::Cert::Extensions::KeyUsage::AU_KEY_ENCIPHERMENT, R509::Cert::Extensions::KeyUsage::AU_DATA_ENCIPHERMENT,
+                 R509::Cert::Extensions::KeyUsage::AU_KEY_AGREEMENT, R509::Cert::Extensions::KeyUsage::AU_KEY_CERT_SIGN,
+                 R509::Cert::Extensions::KeyUsage::AU_CRL_SIGN, R509::Cert::Extensions::KeyUsage::AU_ENCIPHER_ONLY,
+                 R509::Cert::Extensions::KeyUsage::AU_DECIPHER_ONLY ]
+        @extension_value = @allowed_uses.join( ", " )
+      end
+
+      it_should_behave_like "a correct R509 KeyUsage object", false
+      it_should_behave_like "a correct R509 KeyUsage object", true
+    end
+  end
+end