RubyGems - r509 - Versions diffs - 0.9.2 → 0.10.0 - Mend

r509 0.9.2 → 0.10.0

Files changed (177) hide show

checksums.yaml +7 -0
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +2 -0
data/CONTRIBUTING.mdown +21 -0
data/LICENSE +13 -0
data/README.mdown +548 -0
data/Rakefile +5 -0
data/bin/r509 +16 -17
data/doc/R509.html +42 -26
data/doc/R509/ASN1.html +22 -16
data/doc/R509/ASN1/GeneralName.html +180 -173
data/doc/R509/ASN1/GeneralNames.html +390 -62
data/doc/R509/CRL.html +9 -7
data/doc/R509/CRL/Administrator.html +208 -623
data/doc/R509/CRL/FileReaderWriter.html +856 -0
data/doc/R509/CRL/ReaderWriter.html +524 -0
data/doc/R509/CRL/SignedList.html +29 -42
data/doc/R509/CSR.html +248 -333
data/doc/R509/Cert.html +364 -491
data/doc/R509/Cert/Extensions.html +134 -43
data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +335 -65
data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +201 -102
data/doc/R509/Cert/Extensions/BasicConstraints.html +297 -68
data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +690 -77
data/doc/R509/Cert/Extensions/CertificatePolicies.html +293 -43
data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +321 -173
data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +656 -0
data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +270 -42
data/doc/R509/Cert/Extensions/KeyUsage.html +334 -184
data/doc/R509/Cert/Extensions/NameConstraints.html +363 -93
data/doc/R509/{ASN1 → Cert/Extensions}/NoticeReference.html +209 -48
data/doc/R509/Cert/Extensions/OCSPNoCheck.html +244 -17
data/doc/R509/Cert/Extensions/PolicyConstraints.html +322 -71
data/doc/R509/{ASN1 → Cert/Extensions}/PolicyInformation.html +204 -43
data/doc/R509/{ASN1 → Cert/Extensions}/PolicyQualifiers.html +205 -48
data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +348 -143
data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +165 -13
data/doc/R509/{ASN1 → Cert/Extensions}/UserNotice.html +204 -43
data/doc/R509/Cert/Extensions/ValidationMixin.html +120 -0
data/doc/R509/CertificateAuthority.html +9 -7
data/doc/R509/CertificateAuthority/OptionsBuilder.html +475 -0
data/doc/R509/CertificateAuthority/Signer.html +149 -198
data/doc/R509/Config.html +10 -8
data/doc/R509/Config/CAConfig.html +708 -625
data/doc/R509/Config/CAConfigPool.html +179 -31
data/doc/R509/Config/CertProfile.html +1544 -0
data/doc/R509/Config/SubjectItemPolicy.html +437 -99
data/doc/R509/Engine.html +14 -28
data/doc/R509/Helpers.html +1014 -0
data/doc/R509/MessageDigest.html +73 -25
data/doc/R509/NameSanitizer.html +39 -39
data/doc/R509/OCSP.html +5 -5
data/doc/R509/OCSP/Request.html +5 -5
data/doc/R509/OCSP/Request/Nonce.html +5 -5
data/doc/R509/OCSP/Response.html +7 -7
data/doc/R509/OIDMapper.html +121 -6
data/doc/R509/PrivateKey.html +226 -227
data/doc/R509/R509Error.html +5 -5
data/doc/R509/SPKI.html +244 -342
data/doc/R509/Subject.html +241 -70
data/doc/R509/Validity.html +5 -5
data/doc/R509/Validity/Checker.html +5 -5
data/doc/R509/Validity/DefaultChecker.html +5 -9
data/doc/R509/Validity/DefaultWriter.html +5 -9
data/doc/R509/Validity/Status.html +5 -5
data/doc/R509/Validity/Writer.html +5 -5
data/doc/_index.html +92 -30
data/doc/class_list.html +2 -2
data/doc/file.CONTRIBUTING.html +96 -0
data/doc/file.LICENSE.html +87 -0
data/doc/file.README.html +279 -389
data/doc/file.YAML.html +243 -0
data/doc/file.r509.html +298 -105
data/doc/file_list.html +11 -2
data/doc/frames.html +1 -1
data/doc/index.html +279 -389
data/doc/js/full_list.js +6 -1
data/doc/method_list.html +869 -1139
data/doc/top-level-namespace.html +103 -5
data/lib/r509.rb +7 -2
data/lib/r509/asn1.rb +97 -135
data/lib/r509/cert.rb +17 -106
data/lib/r509/cert/extensions.rb +13 -676
data/lib/r509/cert/extensions/authority_info_access.rb +128 -0
data/lib/r509/cert/extensions/authority_key_identifier.rb +100 -0
data/lib/r509/cert/extensions/base.rb +142 -0
data/lib/r509/cert/extensions/basic_constraints.rb +119 -0
data/lib/r509/cert/extensions/certificate_policies.rb +262 -0
data/lib/r509/cert/extensions/crl_distribution_points.rb +98 -0
data/lib/r509/cert/extensions/extended_key_usage.rb +189 -0
data/lib/r509/cert/extensions/inhibit_any_policy.rb +70 -0
data/lib/r509/cert/extensions/key_usage.rb +209 -0
data/lib/r509/cert/extensions/name_constraints.rb +179 -0
data/lib/r509/cert/extensions/ocsp_no_check.rb +56 -0
data/lib/r509/cert/extensions/policy_constraints.rb +122 -0
data/lib/r509/cert/extensions/subject_alternative_name.rb +88 -0
data/lib/r509/cert/extensions/subject_key_identifier.rb +56 -0
data/lib/r509/cert/extensions/validation_mixin.rb +42 -0
data/lib/r509/certificate_authority/options_builder.rb +142 -0
data/lib/r509/certificate_authority/signer.rb +189 -0
data/lib/r509/config.rb +3 -600
data/lib/r509/config/ca_config.rb +414 -0
data/lib/r509/config/cert_profile.rb +110 -0
data/lib/r509/config/subject_item_policy.rb +118 -0
data/lib/r509/crl/administrator.rb +169 -0
data/lib/r509/crl/reader_writer.rb +109 -0
data/lib/r509/crl/signed_list.rb +135 -0
data/lib/r509/csr.rb +35 -116
data/lib/r509/engine.rb +21 -11
data/lib/r509/helpers.rb +110 -0
data/lib/r509/io_helpers.rb +18 -13
data/lib/r509/message_digest.rb +13 -3
data/lib/r509/oid_mapper.rb +14 -0
data/lib/r509/private_key.rb +74 -50
data/lib/r509/spki.rb +50 -113
data/lib/r509/subject.rb +24 -2
data/lib/r509/trollop.rb +788 -0
data/lib/r509/version.rb +1 -1
data/r509.yaml +289 -96
data/spec/asn1_spec.rb +171 -98
data/spec/cert/extensions/authority_info_access_spec.rb +247 -0
data/spec/cert/extensions/authority_key_identifier_spec.rb +85 -0
data/spec/cert/extensions/base_spec.rb +172 -0
data/spec/cert/extensions/basic_constraints_spec.rb +185 -0
data/spec/cert/extensions/certificate_policies_spec.rb +288 -0
data/spec/cert/extensions/crl_distribution_points_spec.rb +149 -0
data/spec/cert/extensions/extended_key_usage_spec.rb +174 -0
data/spec/cert/extensions/inhibit_any_policy_spec.rb +92 -0
data/spec/cert/extensions/key_usage_spec.rb +172 -0
data/spec/cert/extensions/name_constraints_spec.rb +335 -0
data/spec/cert/extensions/ocsp_no_check_spec.rb +76 -0
data/spec/cert/extensions/policy_constraints_spec.rb +155 -0
data/spec/cert/extensions/subject_alternative_name_spec.rb +354 -0
data/spec/cert/extensions/subject_key_identifier_spec.rb +64 -0
data/spec/cert_spec.rb +11 -9
data/spec/certificate_authority/options_builder_spec.rb +307 -0
data/spec/certificate_authority/signer_spec.rb +278 -0
data/spec/config/ca_config_spec.rb +405 -0
data/spec/config/cert_profile_spec.rb +88 -0
data/spec/config/subject_item_policy_spec.rb +81 -0
data/spec/crl/administrator_spec.rb +199 -0
data/spec/crl/reader_writer_spec.rb +97 -0
data/spec/crl/signed_list_spec.rb +84 -0
data/spec/csr_spec.rb +43 -36
data/spec/engine_spec.rb +51 -0
data/spec/fixtures.rb +40 -40
data/spec/fixtures/cert1.pem +1 -1
data/spec/fixtures/config_pool_test_minimal.yaml +11 -15
data/spec/fixtures/config_test.yaml +96 -59
data/spec/fixtures/config_test_dsa.yaml +29 -35
data/spec/fixtures/config_test_ec.yaml +29 -35
data/spec/fixtures/config_test_engine_key.yaml +7 -7
data/spec/fixtures/config_test_engine_no_key_name.yaml +6 -6
data/spec/fixtures/config_test_minimal.yaml +3 -5
data/spec/fixtures/config_test_password.yaml +4 -6
data/spec/fixtures/config_test_various.yaml +147 -137
data/spec/fixtures/crl_list_file.txt +1 -1
data/spec/fixtures/test_ca_crl.cer +20 -0
data/spec/fixtures/test_ca_crl.key +28 -0
data/spec/fixtures/test_ca_crl.p12 +0 -0
data/spec/message_digest_spec.rb +6 -0
data/spec/oid_mapper_spec.rb +11 -0
data/spec/private_key_spec.rb +19 -18
data/spec/spec_helper.rb +10 -6
data/spec/spki_spec.rb +38 -19
data/spec/subject_spec.rb +16 -0
metadata +108 -59
metadata.gz.sig +0 -0
data/README.md +0 -638
data/doc/R509/Config/CAProfile.html +0 -1015
data/doc/R509/IOHelpers.html +0 -564
data/lib/r509/certificate_authority.rb +0 -407
data/lib/r509/crl.rb +0 -351
data/spec/cert/extensions_spec.rb +0 -1095
data/spec/certificate_authority_spec.rb +0 -681
data/spec/config_spec.rb +0 -562
data/spec/crl_spec.rb +0 -226

data/spec/cert/extensions/subject_alternative_name_spec.rb ADDED

@@ -0,0 +1,354 @@
+require 'spec_helper'
+include R509::Cert::Extensions
+shared_examples_for "a correct R509 SubjectAlternativeName object" do |critical|
+  before :all do
+    extension_name = "subjectAltName"
+    klass = SubjectAlternativeName
+    ef = OpenSSL::X509::ExtensionFactory.new
+    ef.config = OpenSSL::Config.parse(@conf)
+    openssl_ext = ef.create_extension( extension_name, @extension_value , critical )
+    @r509_ext = klass.new( openssl_ext )
+  end
+  it "dns_names should be correct critical:#{critical}" do
+    @r509_ext.dns_names.should == @dns_names
+  end
+  it "ip_addresses should be correct critical:#{critical}" do
+    @r509_ext.ip_addresses.should == @ip_addresses
+  end
+  it "rfc_822names should be correct critical:#{critical}" do
+    @r509_ext.rfc_822_names.should == @rfc_822_names
+  end
+  it "uris should be correct critical:#{critical}" do
+    @r509_ext.uris.should == @uris
+  end
+  it "dirNames should be correct critical:#{critical}" do
+    @r509_ext.directory_names.size.should == @directory_names.size
+  end
+  it "ordered should be correct critical:#{critical}" do
+    @r509_ext.names.size.should == @dns_names.size + @ip_addresses.size + @rfc_822_names.size + @uris.size + @directory_names.size
+  end
+  it "reports #critical? properly" do
+    @r509_ext.critical?.should == critical
+  end
+end
+describe R509::Cert::Extensions::SubjectAlternativeName do
+  include R509::Cert::Extensions
+  context "validation" do
+    it "errors when not supplying a hash" do
+      expect {
+        R509::Cert::Extensions::SubjectAlternativeName.new("create")
+      }.to raise_error(ArgumentError,"You must supply a hash with a :value")
+    end
+    it "errors when not supplying :value" do
+      expect {
+        R509::Cert::Extensions::SubjectAlternativeName.new({})
+      }.to raise_error(ArgumentError,"You must supply a hash with a :value")
+    end
+  end
+  context "SubjectAlternativeName" do
+    context "creation & yaml generation" do
+      context "GeneralNames object" do
+        before :all do
+          gns = R509::ASN1::GeneralNames.new
+          gns.create_item(:type => "rfc822Name", :value => "random string")
+          @san = R509::Cert::Extensions::SubjectAlternativeName.new(:value => gns)
+        end
+        it "creates extension" do
+          @san.rfc_822_names.should == ['random string']
+        end
+        it "builds yaml" do
+          YAML.load(@san.to_yaml).should == {:critical=>false, :value=>[{:type=>"email", :value=>"random string"}]}
+        end
+      end
+      context "single name" do
+        before :all do
+          @args = { :value => [{:type => "DNS", :value => 'domain.com' }], :critical => false }
+          @san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
+        end
+        it "creates extension" do
+          @san.dns_names.should == ['domain.com']
+        end
+        it "builds yaml" do
+          @san.to_h.should == @args
+        end
+      end
+      context "multiple names" do
+        before :all do
+          @args = { :value => [{:type => 'DNS', :value => 'domain.com' },{ :type => 'IP', :value => '127.0.0.1' }], :critical => false }
+          @san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
+        end
+        it "creates extension" do
+          @san.dns_names.should == ['domain.com']
+          @san.ip_addresses.should == ['127.0.0.1']
+        end
+        it "builds yaml" do
+          @san.to_h.should == @args
+        end
+      end
+      context "default criticality" do
+        before :all do
+          @args = { :value => [{:type => "DNS", :value => 'domain.com' }] }
+          @san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
+        end
+        it "creates extension" do
+          @san.critical?.should be_false
+        end
+        it "builds yaml" do
+          @san.to_h.should == @args.merge(:critical => false)
+        end
+      end
+      context "creates with non-default criticality" do
+        before :all do
+          @args = { :value => [{:type => "DNS", :value => 'domain.com' }], :critical => true }
+          @san = R509::Cert::Extensions::SubjectAlternativeName.new(@args)
+        end
+        it "creates extension" do
+          @san.critical?.should be_true
+        end
+        it "builds yaml" do
+          @san.to_h.should == @args
+        end
+      end
+    end
+    context "with an unimplemented GeneralName type" do
+      it "errors as expected" do
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ext = ef.create_extension("subjectAltName","otherName:1.2.3.4;IA5STRING:Hello World")
+        expect { R509::Cert::Extensions::SubjectAlternativeName.new ext }.to raise_error(R509::R509Error, 'Unimplemented GeneralName tag: 0. At this time R509 does not support GeneralName types other than rfc822Name, dNSName, uniformResourceIdentifier, iPAddress, and directoryName')
+      end
+    end
+    context "with a DNS alternative name only" do
+      before :all do
+        @dns_names = ["www.test.local"]
+        @ip_addresses = []
+        @uris = []
+        @rfc_822_names = []
+        @directory_names = []
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with multiple DNS alternative names only" do
+      before :all do
+        @dns_names = ["www.test.local", "www2.test.local"]
+        @ip_addresses = []
+        @uris = []
+        @rfc_822_names = []
+        @directory_names = []
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with an IP address alternative name only" do
+      before :all do
+        @dns_names = []
+        @ip_addresses = ["203.1.2.3"]
+        @rfc_822_names = []
+        @uris = []
+        @directory_names = []
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with multiple IP address alternative names only" do
+      before :all do
+        @dns_names = []
+        @ip_addresses = ["10.1.2.3", "10.1.2.4"]
+        @uris = []
+        @rfc_822_names = []
+        @directory_names = []
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with an rfc822Name alternative name only" do
+      before :all do
+        @dns_names = []
+        @ip_addresses = []
+        @rfc_822_names = ["some@guy.com"]
+        @uris = []
+        @directory_names = []
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with multiple rfc822Name alternative names only" do
+      before :all do
+        @dns_names = []
+        @ip_addresses = []
+        @rfc_822_names = ["some@guy.com","other@guy.com"]
+        @uris = []
+        @directory_names = []
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with a URI alternative name only" do
+      before :all do
+        @dns_names = []
+        @ip_addresses = []
+        @rfc_822_names = []
+        @uris = ["http://www.test.local"]
+        @directory_names = []
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with multiple URI alternative names only" do
+      before :all do
+        @dns_names = []
+        @ip_addresses = []
+        @rfc_822_names = []
+        @uris = ["http://www.test.local","http://www2.test.local"]
+        @directory_names = []
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with a directoryName alternative name only" do
+      before :all do
+        @dns_names = []
+        @ip_addresses = []
+        @rfc_822_names = []
+        @uris = []
+        @directory_names = [
+          [['CN','langui.sh'],['O','org'],['L','locality']]
+        ]
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with multiple directoryName alternative names only" do
+      before :all do
+        @dns_names = []
+        @ip_addresses = []
+        @rfc_822_names = []
+        @uris = []
+        @directory_names = [
+          [['CN','langui.sh'],['O','org'],['L','locality']],
+          [['CN','otherdomain.com'],['O','org-like']]
+        ]
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+    context "with multiple different alternative names" do
+      before :all do
+        @dns_names = ["www.test.local"]
+        @ip_addresses = ["10.1.2.3"]
+        @rfc_822_names = ["myemail@email.com"]
+        @uris = ["http://www.test.local"]
+        @directory_names = [
+          [['CN','langui.sh'],['O','org'],['L','locality']]
+        ]
+        total = [@dns_names,@ip_addresses,@uris,@rfc_822_names,@directory_names].flatten(1)
+        gns = R509::ASN1.general_name_parser(total)
+        serialized = gns.serialize_names
+        @conf = serialized[:conf]
+        @extension_value = serialized[:extension_string]
+      end
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", false
+      it_should_behave_like "a correct R509 SubjectAlternativeName object", true
+    end
+  end
+end

data/spec/cert/extensions/subject_key_identifier_spec.rb ADDED

@@ -0,0 +1,64 @@
+require 'spec_helper'
+include R509::Cert::Extensions
+shared_examples_for "a correct R509 SubjectKeyIdentifier object" do
+  before :all do
+    extension_name = "subjectKeyIdentifier"
+    klass = SubjectKeyIdentifier
+    openssl_ext = OpenSSL::X509::Extension.new( extension_name, @extension_value )
+    @r509_ext = klass.new( openssl_ext )
+  end
+  it "key should be correct" do
+    @r509_ext.key.should == @key
+  end
+end
+describe R509::Cert::Extensions::SubjectKeyIdentifier do
+  include R509::Cert::Extensions
+  context "SubjectKeyIdentifier" do
+    before :all do
+      @extension_value = "00:11:22:33:44:55:66:77:88:99:00:AA:BB:CC:DD:EE:FF:00:11:22"
+      @key = @extension_value
+    end
+    context "creation" do
+      before :all do
+        @pk = R509::PrivateKey.new(:bit_strength => 768)
+      end
+      it "errors when not supplying a public key" do
+        expect {
+          R509::Cert::Extensions::SubjectKeyIdentifier.new({})
+        }.to raise_error(ArgumentError,"You must supply a hash with a :public_key")
+      end
+      it "errors when supplying a non-hash" do
+        expect {
+          R509::Cert::Extensions::SubjectKeyIdentifier.new("junk!!!")
+        }.to raise_error(ArgumentError,"You must supply a hash with a :public_key")
+      end
+      it "creates successfully" do
+        ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key)
+        ski.key.should_not be_nil
+      end
+      it "creates with default criticality" do
+        ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key)
+        ski.critical?.should be_false
+      end
+      it "creates with non-default criticality" do
+        ski = R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => @pk.public_key, :critical => true)
+        ski.critical?.should be_true
+      end
+    end
+    it_should_behave_like "a correct R509 SubjectKeyIdentifier object"
+  end
+end

data/spec/cert_spec.rb CHANGED

@@ -97,11 +97,11 @@ describe R509::Cert do
   end
   it "returns the RSA key algorithm" do
     cert = R509::Cert.new(:cert => @cert)
-    cert.key_algorithm.should == :rsa
+    cert.key_algorithm.should == "RSA"
   end
   it "returns the DSA key algorithm" do
     cert = R509::Cert.new(:cert => @cert6)
-    cert.key_algorithm.should == :dsa
+    cert.key_algorithm.should == "DSA"
   end
   it "returns list of san names when it is a san cert" do
     cert = R509::Cert.new(:cert => @cert_san)
@@ -145,7 +145,7 @@ describe R509::Cert do
     sio = StringIO.new
     sio.set_encoding("BINARY") if sio.respond_to?(:set_encoding)
     cert.write_pem(sio)
-    sio.string.should == @cert + "\n"
+    sio.string.should == @cert
   end
   it "writes to der" do
     cert = R509::Cert.new(:cert => @cert)
@@ -269,7 +269,7 @@ describe R509::Cert do
   end
   it "returns an error for curve_name for DSA/RSA" do
     cert = R509::Cert.new(:cert => @cert)
-    expect { cert.curve_name }.to raise_error(R509::R509Error, 'Curve name is only available with EC certs')
+    expect { cert.curve_name }.to raise_error(R509::R509Error, 'Curve name is only available with EC')
   end
   it "checks dsa?" do
     cert = R509::Cert.new(:cert => @cert6)
@@ -312,12 +312,14 @@ describe R509::Cert do
     cert = R509::Cert.new(:cert => @cert3)
     crl_admin = R509::CRL::Administrator.new(TestFixtures.test_ca_config)
     crl_admin.revoke_cert(1425751142578902223005775172931960716533532010870)
-    cert.is_revoked_by_crl?(crl_admin.crl).should == true
+    crl = crl_admin.generate_crl
+    cert.is_revoked_by_crl?(crl).should == true
   end
   it "is not revoked by crl" do
     cert = R509::Cert.new(:cert => @cert3)
     crl_admin = R509::CRL::Administrator.new(TestFixtures.test_ca_config)
-    cert.is_revoked_by_crl?(crl_admin.crl).should == false
+    crl = crl_admin.generate_crl
+    cert.is_revoked_by_crl?(crl).should == false
   end
   it "loads a cert with load_from_file" do
     path = File.dirname(__FILE__) + '/fixtures/cert1.pem'
@@ -350,7 +352,7 @@ describe R509::Cert do
     end
     it "raises error on bit strength" do
       cert = R509::Cert.new(:cert => @cert_ec)
-      expect { cert.bit_strength }.to raise_error(R509::R509Error,'Bit strength is not available for EC at this time.')
+      expect { cert.bit_strength }.to raise_error(R509::R509Error,'Bit length is not available for EC at this time.')
     end
     it "returns curve name" do
       cert = R509::Cert.new(:cert => @cert_ec)
@@ -369,7 +371,7 @@ describe R509::Cert do
     end
     it "returns the key algorithm" do
       cert = R509::Cert.new(:cert => @cert_ec)
-      cert.key_algorithm.should == :ec
+      cert.key_algorithm.should == "EC"
     end
   end
@@ -390,7 +392,7 @@ describe R509::Cert do
     end
     it "returns RSA key algorithm for RSA CSR" do
       cert = R509::Cert.new(:cert => @cert)
-      cert.key_algorithm.should == :rsa
+      cert.key_algorithm.should == "RSA"
     end
   end
 end