RubyGems - r509 - Versions diffs - 0.9.2 → 0.10.0 - Mend

r509 0.9.2 → 0.10.0

Files changed (177) hide show

checksums.yaml +7 -0
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +2 -0
data/CONTRIBUTING.mdown +21 -0
data/LICENSE +13 -0
data/README.mdown +548 -0
data/Rakefile +5 -0
data/bin/r509 +16 -17
data/doc/R509.html +42 -26
data/doc/R509/ASN1.html +22 -16
data/doc/R509/ASN1/GeneralName.html +180 -173
data/doc/R509/ASN1/GeneralNames.html +390 -62
data/doc/R509/CRL.html +9 -7
data/doc/R509/CRL/Administrator.html +208 -623
data/doc/R509/CRL/FileReaderWriter.html +856 -0
data/doc/R509/CRL/ReaderWriter.html +524 -0
data/doc/R509/CRL/SignedList.html +29 -42
data/doc/R509/CSR.html +248 -333
data/doc/R509/Cert.html +364 -491
data/doc/R509/Cert/Extensions.html +134 -43
data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +335 -65
data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +201 -102
data/doc/R509/Cert/Extensions/BasicConstraints.html +297 -68
data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +690 -77
data/doc/R509/Cert/Extensions/CertificatePolicies.html +293 -43
data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +321 -173
data/doc/R509/Cert/Extensions/GeneralNamesMixin.html +656 -0
data/doc/R509/Cert/Extensions/InhibitAnyPolicy.html +270 -42
data/doc/R509/Cert/Extensions/KeyUsage.html +334 -184
data/doc/R509/Cert/Extensions/NameConstraints.html +363 -93
data/doc/R509/{ASN1 → Cert/Extensions}/NoticeReference.html +209 -48
data/doc/R509/Cert/Extensions/OCSPNoCheck.html +244 -17
data/doc/R509/Cert/Extensions/PolicyConstraints.html +322 -71
data/doc/R509/{ASN1 → Cert/Extensions}/PolicyInformation.html +204 -43
data/doc/R509/{ASN1 → Cert/Extensions}/PolicyQualifiers.html +205 -48
data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +348 -143
data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +165 -13
data/doc/R509/{ASN1 → Cert/Extensions}/UserNotice.html +204 -43
data/doc/R509/Cert/Extensions/ValidationMixin.html +120 -0
data/doc/R509/CertificateAuthority.html +9 -7
data/doc/R509/CertificateAuthority/OptionsBuilder.html +475 -0
data/doc/R509/CertificateAuthority/Signer.html +149 -198
data/doc/R509/Config.html +10 -8
data/doc/R509/Config/CAConfig.html +708 -625
data/doc/R509/Config/CAConfigPool.html +179 -31
data/doc/R509/Config/CertProfile.html +1544 -0
data/doc/R509/Config/SubjectItemPolicy.html +437 -99
data/doc/R509/Engine.html +14 -28
data/doc/R509/Helpers.html +1014 -0
data/doc/R509/MessageDigest.html +73 -25
data/doc/R509/NameSanitizer.html +39 -39
data/doc/R509/OCSP.html +5 -5
data/doc/R509/OCSP/Request.html +5 -5
data/doc/R509/OCSP/Request/Nonce.html +5 -5
data/doc/R509/OCSP/Response.html +7 -7
data/doc/R509/OIDMapper.html +121 -6
data/doc/R509/PrivateKey.html +226 -227
data/doc/R509/R509Error.html +5 -5
data/doc/R509/SPKI.html +244 -342
data/doc/R509/Subject.html +241 -70
data/doc/R509/Validity.html +5 -5
data/doc/R509/Validity/Checker.html +5 -5
data/doc/R509/Validity/DefaultChecker.html +5 -9
data/doc/R509/Validity/DefaultWriter.html +5 -9
data/doc/R509/Validity/Status.html +5 -5
data/doc/R509/Validity/Writer.html +5 -5
data/doc/_index.html +92 -30
data/doc/class_list.html +2 -2
data/doc/file.CONTRIBUTING.html +96 -0
data/doc/file.LICENSE.html +87 -0
data/doc/file.README.html +279 -389
data/doc/file.YAML.html +243 -0
data/doc/file.r509.html +298 -105
data/doc/file_list.html +11 -2
data/doc/frames.html +1 -1
data/doc/index.html +279 -389
data/doc/js/full_list.js +6 -1
data/doc/method_list.html +869 -1139
data/doc/top-level-namespace.html +103 -5
data/lib/r509.rb +7 -2
data/lib/r509/asn1.rb +97 -135
data/lib/r509/cert.rb +17 -106
data/lib/r509/cert/extensions.rb +13 -676
data/lib/r509/cert/extensions/authority_info_access.rb +128 -0
data/lib/r509/cert/extensions/authority_key_identifier.rb +100 -0
data/lib/r509/cert/extensions/base.rb +142 -0
data/lib/r509/cert/extensions/basic_constraints.rb +119 -0
data/lib/r509/cert/extensions/certificate_policies.rb +262 -0
data/lib/r509/cert/extensions/crl_distribution_points.rb +98 -0
data/lib/r509/cert/extensions/extended_key_usage.rb +189 -0
data/lib/r509/cert/extensions/inhibit_any_policy.rb +70 -0
data/lib/r509/cert/extensions/key_usage.rb +209 -0
data/lib/r509/cert/extensions/name_constraints.rb +179 -0
data/lib/r509/cert/extensions/ocsp_no_check.rb +56 -0
data/lib/r509/cert/extensions/policy_constraints.rb +122 -0
data/lib/r509/cert/extensions/subject_alternative_name.rb +88 -0
data/lib/r509/cert/extensions/subject_key_identifier.rb +56 -0
data/lib/r509/cert/extensions/validation_mixin.rb +42 -0
data/lib/r509/certificate_authority/options_builder.rb +142 -0
data/lib/r509/certificate_authority/signer.rb +189 -0
data/lib/r509/config.rb +3 -600
data/lib/r509/config/ca_config.rb +414 -0
data/lib/r509/config/cert_profile.rb +110 -0
data/lib/r509/config/subject_item_policy.rb +118 -0
data/lib/r509/crl/administrator.rb +169 -0
data/lib/r509/crl/reader_writer.rb +109 -0
data/lib/r509/crl/signed_list.rb +135 -0
data/lib/r509/csr.rb +35 -116
data/lib/r509/engine.rb +21 -11
data/lib/r509/helpers.rb +110 -0
data/lib/r509/io_helpers.rb +18 -13
data/lib/r509/message_digest.rb +13 -3
data/lib/r509/oid_mapper.rb +14 -0
data/lib/r509/private_key.rb +74 -50
data/lib/r509/spki.rb +50 -113
data/lib/r509/subject.rb +24 -2
data/lib/r509/trollop.rb +788 -0
data/lib/r509/version.rb +1 -1
data/r509.yaml +289 -96
data/spec/asn1_spec.rb +171 -98
data/spec/cert/extensions/authority_info_access_spec.rb +247 -0
data/spec/cert/extensions/authority_key_identifier_spec.rb +85 -0
data/spec/cert/extensions/base_spec.rb +172 -0
data/spec/cert/extensions/basic_constraints_spec.rb +185 -0
data/spec/cert/extensions/certificate_policies_spec.rb +288 -0
data/spec/cert/extensions/crl_distribution_points_spec.rb +149 -0
data/spec/cert/extensions/extended_key_usage_spec.rb +174 -0
data/spec/cert/extensions/inhibit_any_policy_spec.rb +92 -0
data/spec/cert/extensions/key_usage_spec.rb +172 -0
data/spec/cert/extensions/name_constraints_spec.rb +335 -0
data/spec/cert/extensions/ocsp_no_check_spec.rb +76 -0
data/spec/cert/extensions/policy_constraints_spec.rb +155 -0
data/spec/cert/extensions/subject_alternative_name_spec.rb +354 -0
data/spec/cert/extensions/subject_key_identifier_spec.rb +64 -0
data/spec/cert_spec.rb +11 -9
data/spec/certificate_authority/options_builder_spec.rb +307 -0
data/spec/certificate_authority/signer_spec.rb +278 -0
data/spec/config/ca_config_spec.rb +405 -0
data/spec/config/cert_profile_spec.rb +88 -0
data/spec/config/subject_item_policy_spec.rb +81 -0
data/spec/crl/administrator_spec.rb +199 -0
data/spec/crl/reader_writer_spec.rb +97 -0
data/spec/crl/signed_list_spec.rb +84 -0
data/spec/csr_spec.rb +43 -36
data/spec/engine_spec.rb +51 -0
data/spec/fixtures.rb +40 -40
data/spec/fixtures/cert1.pem +1 -1
data/spec/fixtures/config_pool_test_minimal.yaml +11 -15
data/spec/fixtures/config_test.yaml +96 -59
data/spec/fixtures/config_test_dsa.yaml +29 -35
data/spec/fixtures/config_test_ec.yaml +29 -35
data/spec/fixtures/config_test_engine_key.yaml +7 -7
data/spec/fixtures/config_test_engine_no_key_name.yaml +6 -6
data/spec/fixtures/config_test_minimal.yaml +3 -5
data/spec/fixtures/config_test_password.yaml +4 -6
data/spec/fixtures/config_test_various.yaml +147 -137
data/spec/fixtures/crl_list_file.txt +1 -1
data/spec/fixtures/test_ca_crl.cer +20 -0
data/spec/fixtures/test_ca_crl.key +28 -0
data/spec/fixtures/test_ca_crl.p12 +0 -0
data/spec/message_digest_spec.rb +6 -0
data/spec/oid_mapper_spec.rb +11 -0
data/spec/private_key_spec.rb +19 -18
data/spec/spec_helper.rb +10 -6
data/spec/spki_spec.rb +38 -19
data/spec/subject_spec.rb +16 -0
metadata +108 -59
metadata.gz.sig +0 -0
data/README.md +0 -638
data/doc/R509/Config/CAProfile.html +0 -1015
data/doc/R509/IOHelpers.html +0 -564
data/lib/r509/certificate_authority.rb +0 -407
data/lib/r509/crl.rb +0 -351
data/spec/cert/extensions_spec.rb +0 -1095
data/spec/certificate_authority_spec.rb +0 -681
data/spec/config_spec.rb +0 -562
data/spec/crl_spec.rb +0 -226

data/spec/fixtures/crl_list_file.txt CHANGED

@@ -1,2 +1,2 @@
 12345,1323983885,0
-12346,1323983885,
+12346,1323983885,

data/spec/fixtures/test_ca_crl.cer ADDED

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgITBia3x8B+RLAeUWfUrgVQDQb+wjANBgkqhkiG9w0BAQUF
+ADBeMQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0No
+aWNhZ28xGDAWBgNVBAoMD1J1YnkgQ0EgUHJvamVjdDEQMA4GA1UEAwwHVGVzdCBD
+QTAeFw0xMzA2MjAxNzU5MTJaFw0zMzA2MTUyMzU5MTJaMGExCzAJBgNVBAYTAlVT
+MREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzERMA8GA1UECgwI
+cjUwOSBMTEMxGjAYBgNVBAMMEXI1MDkgQ1JMIERlbGVnYXRlMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29HVdc8ULnpkyEUqBpvcInXgXKOJfH2MpQo0
+gUE37t2/LFQvNw0tyXXkV7PIfUD+4RM4KkwcL8LuC161JH8WyW0V2SVjX56O/GPK
+8qqtoXTwfY2A/kUEU3n9qYnyjAC36Oxq8OFE1zf26seAQxw0s73rw/iD4HevFE14
+YUXh2OMvnGGhP0wMVEssU+RC+9qPpttLvYUogTtpE2gWbmYKIBZwQHH92T9HpCjK
+yreZM40aL5vxZziRHqF9WQGjADzVxUjvYLjkgHWdMX5x5feK5UhKAK5t3Zi7MaYq
+rcSsy0GdNBy9Io2ZljFr2VJnBeMYa168wsnOPMAb8ghX8Tl9LwIDAQABow8wDTAL
+BgNVHQ8EBAMCAQIwDQYJKoZIhvcNAQEFBQADggEBAKW0dl4RxI/0Zfswma+qMt3Q
+6G7BGv4iW3mGmN0nFFbIaf2VzdrXdA67hqgF00doeddRYM1LJquJkkZrn1OMYth9
+5iBsYylUVruoZ7Jr+/VN5yaMm4Md4JdpH2q61nUk2Jfmi1zV0snkvlQnc8/XrBlD
+ZQQd4B2YCBKwrZaqGRD8w5DhEjdw+flsZkfCqZZQYynHwxHCm77w42rPZY8jUkYX
+9VqJvBQgEoLABhVp248PucnRX9ltmT0R/VwS6v/RiicxECxYlT8KQrASNg8do5RC
+EERjhGBKhiHE8y0N54fstYhCfdte5hcIlsSMIJKhaCbVww68OoGQKv+B/AcSa8U=
+-----END CERTIFICATE-----

data/spec/fixtures/test_ca_crl.key ADDED

@@ -0,0 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA29HVdc8ULnpkyEUqBpvcInXgXKOJfH2MpQo0gUE37t2/LFQv
+Nw0tyXXkV7PIfUD+4RM4KkwcL8LuC161JH8WyW0V2SVjX56O/GPK8qqtoXTwfY2A
+/kUEU3n9qYnyjAC36Oxq8OFE1zf26seAQxw0s73rw/iD4HevFE14YUXh2OMvnGGh
+P0wMVEssU+RC+9qPpttLvYUogTtpE2gWbmYKIBZwQHH92T9HpCjKyreZM40aL5vx
+ZziRHqF9WQGjADzVxUjvYLjkgHWdMX5x5feK5UhKAK5t3Zi7MaYqrcSsy0GdNBy9
+Io2ZljFr2VJnBeMYa168wsnOPMAb8ghX8Tl9LwIDAQABAoIBAGx/2fjYSYHXb79a
+RDAW5kUsIZ4YKliEL9OWgev6oP0J/r6GnvdxTdROmHKhjqgkWKoHroVSI+d/M7fw
++0AUas7pRQt1ZONhg/oX16iHjkRPUBTor27R6hy57fas3Ec2Y5BYgUB8MFp6iSnB
+ZxG47lp5t9F27MDy0jwXMP/yWlOOhUJmtO+4YBTreLbuQ8OEUh0M0FlqrrhxOVwP
+UWsibVx1es8nFydxCIv+XQsMkyobnMMlv68exxf0I+8T5wEGWAXelRCkqWQ7OqUv
+Fh4JtYVePcH9VwQbJ3wOug3/bJtMWeHuDI75t7j8+jGvURhNAUdmy15Bj/ncvrtr
+4MLRbeECgYEA85NJt/xjJduYLKHeVWyBjskNJiz7uayxuAbPCV5U0A1Im/yFgAqZ
+uiZpNzKewchxuIfLlDZbM6sEbsRRHalNnIy84J+20uNST5HDG16RUhNseUSFCBNe
+jToFbMEUF2vaF6C/TTfeJtggrr9PEMkhOjgRzJo7h7/bLoLHranq4CUCgYEA5whV
+fKGdBeU3+L5om/gQb34OHKbUhO7QBDLdQeiP6MI3uTHVVTRa6JabUo/iqTYf+wF5
+iqRDFs5YTTO6spF8pzD19FvzBCcvBlT6l3pDd6npNnFt/Nb3pHYDBCm12XFQX0EP
+g0ATFEKiVHVT8SnftPMiPoecUBWIVGjOSqANbcMCgYEAh3DNOytyjmiPM7JGiUWu
+vRD66NF2oAZxRB01HsZ/brkUOPiv20UJukMFmpXhRWwKIEwSXbXj/NUJv/YWDOJJ
+r9VqaZUl+hpBeNFapmttbzAxzzTUrGro1qr+vTyXyXZFbYILHgsE0qC3e7QRaQoO
+Get3qkfQ9mkunaxHEEA9xKkCgYAVur7vnfO63jhJeP81zDsfgWeqYjaS2jNOccpF
+rK38YmgDTyCVhvsV7TRmq4nSCHkxjo3z8EcvGfFMMZVZvj1PLFe1yAAvX9AYdF2t
+aZ523tBEgp6prT5VhZP7DEFCVloM232uBpTEzw+dift/L0UPK98IqpCVJ7FO3xyo
+AC3DKQKBgQCdeoNVNSDpldkG4euQ/yOxduu+kGur4+DHtMVhNbuPkRpitw7smz/w
+eqN7MfbHnDiM28RgQomNQIELTQh7nu9mQoPkSeFuuV6VuWzF+a0UgIJ4jqW54LRQ
+JT/k43tBz6+2uV+hWTTZG7864flenuXg0W4v/uHoVI0LW8SXS8728Q==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/test_ca_crl.p12 ADDED

Binary file

data/spec/message_digest_spec.rb CHANGED

@@ -103,6 +103,12 @@ describe R509::MessageDigest do
     md.name.should == "dss1"
     md.digest.kind_of?(OpenSSL::Digest::DSS1).should == true
   end
+  it "creates a default digest with no params or nil" do
+    md = R509::MessageDigest.new
+    md.name.should == R509::MessageDigest::DEFAULT_MD.downcase
+    md = R509::MessageDigest.new(nil)
+    md.name.should == R509::MessageDigest::DEFAULT_MD.downcase
+  end
   it "exception on unknown digest -> name" do
     expect{ R509::MessageDigest.new(12345) }.to raise_error(ArgumentError)
   end

data/spec/oid_mapper_spec.rb CHANGED

@@ -17,6 +17,7 @@ describe R509::OIDMapper do
     subject_new = R509::Subject.new [['myOIDName','random_oid']]
     subject_new['myOIDName'].should == 'random_oid'
   end
   it "registers a batch of new oids" do
     expect { R509::Subject.new [['testOIDName','random_oid']] }.to raise_error(OpenSSL::X509::NameError,'invalid field name')
     expect { R509::Subject.new [['anotherOIDName','second_random']] }.to raise_error(OpenSSL::X509::NameError,'invalid field name')
@@ -28,4 +29,14 @@ describe R509::OIDMapper do
     subject_new['testOIDName'].should == 'random_oid'
     subject_new['anotherOIDName'].should == 'second_random'
   end
+  it "registers a batch of oids from YAML" do
+    expect { R509::Subject.new [['thirdOIDName','random_oid']] }.to raise_error(OpenSSL::X509::NameError,'invalid field name')
+    expect { R509::Subject.new [['fourthOIDName','second_random']] }.to raise_error(OpenSSL::X509::NameError,'invalid field name')
+    yaml_data = "---\ncustom_oids:\n- :oid: 1.4.3.2.1.2.3.4.4.4.5\n  :short_name: thirdOIDName\n- :oid: 1.4.3.2.1.2.5.4.4.4.5\n  :short_name: fourthOIDName\n"
+    R509::OIDMapper.register_from_yaml("custom_oids", yaml_data)
+    subject_new = R509::Subject.new [['thirdOIDName','random_oid'],['fourthOIDName','second_random']]
+    subject_new['thirdOIDName'].should == 'random_oid'
+    subject_new['fourthOIDName'].should == 'second_random'
+  end
 end

data/spec/private_key_spec.rb CHANGED

@@ -34,10 +34,11 @@ describe R509::PrivateKey do
   it "generates a default 2048-bit RSA key when nothing is passed to the constructor" do
     private_key = R509::PrivateKey.new
     private_key.rsa?.should == true
+    private_key.bit_length.should == 2048
     private_key.bit_strength.should == 2048
   end
   it "defaults to RSA" do
-    private_key = R509::PrivateKey.new(:bit_strength=>1024)
+    private_key = R509::PrivateKey.new(:bit_length=>1024)
     private_key.key.kind_of?(OpenSSL::PKey::RSA).should == true
   end
   it "loads a pre-existing RSA key" do
@@ -45,14 +46,14 @@ describe R509::PrivateKey do
     private_key.to_pem.should == @key_csr
     @key_csr.should_not == nil
   end
-  it "generates an RSA key at the default bit strength (2048)" do
-    private_key = R509::PrivateKey.new(:type => :rsa)
-    private_key.bit_strength.should == 2048
+  it "generates an RSA key at the default bit length (2048)" do
+    private_key = R509::PrivateKey.new(:type => "rsa")
+    private_key.bit_length.should == 2048
     private_key.key.n.to_i.to_s(2).size.should == 2048
   end
-  it "generates an RSA key at a custom bit strength" do
-    private_key = R509::PrivateKey.new(:type => :rsa, :bit_strength => 512)
-    private_key.bit_strength.should == 512
+  it "generates an RSA key at a custom bit length" do
+    private_key = R509::PrivateKey.new(:type => "rsa", :bit_length => 512)
+    private_key.bit_length.should == 512
     private_key.key.n.to_i.to_s(2).size.should == 512
   end
   it "loads a pre-existing DSA key" do
@@ -61,21 +62,21 @@ describe R509::PrivateKey do
     private_key.key.to_pem.should == @dsa_key
     @dsa_key.should_not == nil
   end
-  it "generates a DSA key at the default bit strength (2048)" do
-    private_key = R509::PrivateKey.new(:type => :dsa)
+  it "generates a DSA key at the default bit length (2048)" do
+    private_key = R509::PrivateKey.new(:type => "dsa")
     private_key.dsa?.should == true
-    private_key.bit_strength.should == 2048
+    private_key.bit_length.should == 2048
     private_key.key.p.to_i.to_s(2).size.should == 2048
   end
-  it "generates a DSA key at a custom bit strength" do
-    private_key = R509::PrivateKey.new(:type => :dsa, :bit_strength => 512)
-    private_key.bit_strength.should == 512
+  it "generates a DSA key at a custom bit length" do
+    private_key = R509::PrivateKey.new(:type => "dsa", :bit_length => 512)
+    private_key.bit_length.should == 512
     private_key.key.p.to_i.to_s(2).size.should == 512
   end
   it "has an exponent of 65537 for new RSA keys" do
     #this test actually checks ruby's underlying libs to make sure they're
     #doing what they're supposed to be doing.
-    private_key = R509::PrivateKey.new(:type => :rsa, :bit_strength => 512)
+    private_key = R509::PrivateKey.new(:type => "rsa", :bit_length => 512)
     private_key.key.e.should == 65537
   end
   it "returns the public key" do
@@ -238,12 +239,12 @@ describe R509::PrivateKey do
     end
     it "generates an elliptic curve key using the default curve (secp384r1)" do
-      private_key = R509::PrivateKey.new(:type => :ec)
+      private_key = R509::PrivateKey.new(:type => "ec")
       private_key.curve_name.should == 'secp384r1'
     end
     it "generates an elliptic curve key using a specified curve" do
-      private_key = R509::PrivateKey.new(:type => :ec, :curve_name => 'sect283r1')
+      private_key = R509::PrivateKey.new(:type => "ec", :curve_name => 'sect283r1')
       private_key.curve_name.should == 'sect283r1'
     end
@@ -264,9 +265,9 @@ describe R509::PrivateKey do
       private_key.to_der.should == @ec_key_der
     end
-    it "returns error for bit_strength" do
+    it "returns error for bit_length" do
       private_key = R509::PrivateKey.new(:key => @ec_key_pem)
-      expect { private_key.bit_strength }.to raise_error(R509::R509Error,'Bit strength is not available for EC at this time.')
+      expect { private_key.bit_length }.to raise_error(R509::R509Error,'Bit length is not available for EC at this time.')
     end

data/spec/spec_helper.rb CHANGED

@@ -1,9 +1,9 @@
-if (RUBY_VERSION.split('.')[1].to_i > 8 or RUBY_VERSION.split('.')[0].to_i > 1)
-  begin
-    require 'simplecov'
-    SimpleCov.start
-  rescue LoadError
-  end
+require 'simplecov'
+SimpleCov.start
+begin
+  require 'coveralls'
+  Coveralls.wear!
+rescue LoadError
 end
 $:.unshift File.expand_path("../../lib", __FILE__)
@@ -21,3 +21,7 @@ if not R509.ec_supported?
     c.filter_run_excluding :ec => true
   end
 end
+RSpec.configure do |config|
+  config.alias_it_should_behave_like_to :it_validates, "it validates"
+end

data/spec/spki_spec.rb CHANGED

@@ -18,6 +18,12 @@ shared_examples_for "create spki with private key" do
     it "generates a spki with custom digest" do
       spki = R509::SPKI.new(:key => @key, :message_digest => "sha256")
       spki.to_pem.should_not be_nil
+      case
+      when @key.rsa?
+        spki.signature_algorithm.should(match(/sha256/i))
+      when @key.dsa?
+        spki.signature_algorithm.should(match(/sha1/i))
+      end
       spki.verify_signature
     end
@@ -37,6 +43,18 @@ shared_examples_for "spki + private key" do
       expect { R509::SPKI.new(:key => @key, :spki => @spki) }.to_not raise_error
   end
+  it "returns the correct signature_algorithm" do
+    spki = R509::SPKI.new( :spki => @spki, :key => @key )
+    case
+    when @key.rsa?
+      spki.signature_algorithm.should(match(/RSA/i))
+    when @key.dsa?
+      spki.signature_algorithm.should(match(/DSA/i))
+    when @key.ec?
+      spki.signature_algorithm.should(match(/ecdsa/i))
+    end
+  end
   it "errors if they don't match" do
       expect { R509::SPKI.new(:key => @key, :spki => @spki2) }.to raise_error(R509::R509Error,'Key does not match SPKI.')
   end
@@ -61,14 +79,14 @@ describe R509::SPKI do
   context "rsa" do
     context "no existing spki" do
       before :all do
-        @key = R509::PrivateKey.new(:type => :rsa, :bit_strength => 1024)
+        @key = R509::PrivateKey.new(:type => "rsa", :bit_length => 1024)
       end
       include_examples "create spki with private key"
     end
     context "existing spki + private key" do
       before :all do
-        @key = R509::PrivateKey.new(:type => :rsa, :bit_strength => 512)
-        @key2 = R509::PrivateKey.new(:type => :rsa, :bit_strength => 512)
+        @key = R509::PrivateKey.new(:type => "rsa", :bit_length => 512)
+        @key2 = R509::PrivateKey.new(:type => "rsa", :bit_length => 512)
         @spki = R509::SPKI.new(:key => @key).to_pem
         @spki2 = R509::SPKI.new(:key => @key2).to_pem
       end
@@ -78,14 +96,14 @@ describe R509::SPKI do
   context "dsa" do
     context "no existing spki" do
       before :all do
-        @key = R509::PrivateKey.new(:type => :dsa, :bit_strength => 1024)
+        @key = R509::PrivateKey.new(:type => "dsa", :bit_length => 1024)
       end
       include_examples "create spki with private key"
     end
     context "existing spki + private key" do
       before :all do
-        @key = R509::PrivateKey.new(:type => :dsa, :bit_strength => 512)
-        @key2 = R509::PrivateKey.new(:type => :dsa, :bit_strength => 512)
+        @key = R509::PrivateKey.new(:type => "dsa", :bit_length => 512)
+        @key2 = R509::PrivateKey.new(:type => "dsa", :bit_length => 512)
         @spki = R509::SPKI.new(:key => @key).to_pem
         @spki2 = R509::SPKI.new(:key => @key2).to_pem
       end
@@ -95,14 +113,14 @@ describe R509::SPKI do
   context "elliptic curve", :ec => true do
     context "no existing spki" do
       before :all do
-        @key = R509::PrivateKey.new(:type => :ec)
+        @key = R509::PrivateKey.new(:type => "EC")
       end
       include_examples "create spki with private key"
     end
     context "existing spki + private key" do
       before :all do
-        @key = R509::PrivateKey.new(:type => :ec)
-        @key2 = R509::PrivateKey.new(:type => :ec)
+        @key = R509::PrivateKey.new(:type => "ec")
+        @key2 = R509::PrivateKey.new(:type => "ec")
         @spki = R509::SPKI.new(:key => @key).to_pem
         @spki2 = R509::SPKI.new(:key => @key2).to_pem
       end
@@ -156,23 +174,24 @@ describe R509::SPKI do
   end
   it "returns error when asking for curve_name on non-ec" do
     spki = R509::SPKI.new( :spki => @spki )
-    expect { spki.curve_name }.to raise_error(R509::R509Error,'Curve name is only available with EC SPKIs')
+    expect { spki.curve_name }.to raise_error(R509::R509Error,'Curve name is only available with EC')
   end
   it "returns RSA key algorithm for RSA" do
     spki = R509::SPKI.new( :spki => @spki )
-    spki.key_algorithm.should == :rsa
+    spki.key_algorithm.should == "RSA"
   end
-  it "gets RSA bit strength" do
+  it "gets RSA bit length" do
     spki = R509::SPKI.new( :spki => @spki )
+    spki.bit_length.should == 2048
     spki.bit_strength.should == 2048
   end
   it "loads a DSA spkac" do
     spki = R509::SPKI.new( :spki => @spki_dsa )
     spki.to_pem.should == @spki_dsa
   end
-  it "gets DSA bit strength" do
+  it "gets DSA bit length" do
     spki = R509::SPKI.new( :spki => @spki_dsa )
-    spki.bit_strength.should == 2048
+    spki.bit_length.should == 2048
   end
   it "dsa?" do
     spki = R509::SPKI.new( :spki => @spki_dsa )
@@ -181,7 +200,7 @@ describe R509::SPKI do
   end
   it "returns DSA key algorithm for DSA" do
     spki = R509::SPKI.new( :spki => @spki_dsa )
-    spki.key_algorithm.should == :dsa
+    spki.key_algorithm.should == "DSA"
   end
   context "elliptic curve", :ec => true do
@@ -193,13 +212,13 @@ describe R509::SPKI do
       spki = R509::SPKI.new( :spki => @spki_ec )
       spki.curve_name.should == 'secp384r1'
     end
-    it "raises error on bit strength" do
+    it "raises error on bit length" do
       spki = R509::SPKI.new( :spki => @spki_ec )
-      expect { spki.bit_strength }.to raise_error(R509::R509Error,'Bit strength is not available for EC at this time.')
+      expect { spki.bit_length }.to raise_error(R509::R509Error,'Bit length is not available for EC at this time.')
     end
     it "returns the key algorithm" do
       spki = R509::SPKI.new( :spki => @spki_ec )
-      spki.key_algorithm.should == :ec
+      spki.key_algorithm.should == "EC"
     end
     it "returns the public key" do
       spki = R509::SPKI.new( :spki => @spki_ec )
@@ -230,7 +249,7 @@ describe R509::SPKI do
     end
     it "returns RSA key algorithm for RSA CSR" do
       spki = R509::SPKI.new( :spki => @spki )
-      spki.key_algorithm.should == :rsa
+      spki.key_algorithm.should == "RSA"
     end
   end
 end

data/spec/subject_spec.rb CHANGED

@@ -20,6 +20,10 @@ describe R509::Subject do
     subject = R509::Subject.new([["CN", "domain.com"], ["O", "my org"]])
     subject.name.to_s.should == "/CN=domain.com/O=my org"
   end
+  it "initializes with a subject hash, and gets the name" do
+    subject = R509::Subject.new(:CN => "domain.com", :O => "my org", :"1.2.3.4.4.5.6.7" => "what")
+    subject.name.to_s.should == "/CN=domain.com/O=my org/1.2.3.4.4.5.6.7=what"
+  end
   it "initializes with a name, gets the name" do
     name = OpenSSL::X509::Name.new([["CN", "domain.com"], ["O", "my org"], ["OU", "my unit"]])
     subject = R509::Subject.new(name)
@@ -110,6 +114,18 @@ describe R509::Subject do
     subject["CN"].should == 'normaldomain.com'
   end
+  it "builds a hash" do
+    args = { :CN => "domain.com", :O => "my org", :"1.2.3.4.4.5.6.7" => "what" }
+    subject = R509::Subject.new(args)
+    subject.to_h.should == args
+  end
+  it "builds yaml" do
+    args = { :CN => "domain.com", :O => "my org", :"1.2.3.4.4.5.6.7" => "what" }
+    subject = R509::Subject.new(args)
+    YAML.load(subject.to_yaml).should == args
+  end
   context "dynamic getter/setter behaviors" do
     it "recognizes getters for a standard subject oid" do
       subject = R509::Subject.new [['CN','testCN']]

metadata CHANGED

@@ -1,78 +1,77 @@
 --- !ruby/object:Gem::Specification
 name: r509
 version: !ruby/object:Gem::Version
-  version: 0.9.2
-  prerelease:
+  version: 0.10.0
 platform: ruby
 authors:
 - Paul Kehrer
 autorequire:
 bindir: bin
-cert_chain: []
-date: 2013-04-23 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRYwFAYDVQQDDA1wYXVs
+  Lmwua2VocmVyMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZ
+  FgNjb20wHhcNMTMxMjA2MDAzNTU0WhcNMTQxMjA2MDAzNTU0WjBEMRYwFAYDVQQD
+  DA1wYXVsLmwua2VocmVyMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJ
+  k/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLVC6U
+  0ZyX4C4HllJxHW0Uq39bvRvfNXc0RXMSvIRklxjupx3EICVATpAJzg4qBxbpxRTe
+  XcsmuYfaZAriSH2M97C2sBJnVEAr63ws2vmBQKw9cXHV3RjQTeqQUTQudE790DTI
+  7pc1ObprB4pM2j3O6JtPVzmJ/PGACjtyg4bys6bx7JQJW5liunK26mS6w6mAAcAV
+  scAz7oh6fmOI0OSS45l3ycOEh5sb42cZzs7TNzcvVmEppTRa4wBP4/eDTuohxlPH
+  skuIPWcdU6YTo2LWwqEaGgUItj8lRqXGDcEZ1FhKyZ6HUD3l1zPGxojW8BKr0Svj
+  /cMP+y0YH5OeoD+vAgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
+  BgNVHQ4EFgQURv1xuy9aKzcxwxkGiL/e4UYCWGowIgYDVR0RBBswGYEXcGF1bC5s
+  LmtlaHJlckBnbWFpbC5jb20wIgYDVR0SBBswGYEXcGF1bC5sLmtlaHJlckBnbWFp
+  bC5jb20wDQYJKoZIhvcNAQEFBQADggEBADsnINhvXWJ8r7U02fzbmOitcDZOlCnN
+  jtyYfzDbYtEnQCpBCHhpNC8SVI3OUgGJbrb5Debs0f1UxrYsGn0u8LsLu6xmst+D
+  zZdxtzvnsqowLw2dCzXow0CGwBGcWq38Wqn0v/ez3otQBj2GGGV0jyLUoRWfMwTK
+  dqbGuJ0s/ZORipbl4jdfucPbrGPQHmf8/H8w0/kH7tBnhcyGI1exBSQexiu2qRqP
+  wQ9nsK5DoJSWf5vG8Xu/TEnv2Gu8z6T4wBrbIr20EYu6lb0i5ekGhrHOcaPRI6X9
+  lYMLMTFSyjE66v5QiUlZ9V4oV6O/MPS9fXPxog3TCsYpgfsgA+RlO8I=
+  -----END CERTIFICATE-----
+date: 2014-01-26 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: trollop
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: A module that allows you to create CSRs, issue certs off a CA, view the
@@ -84,19 +83,43 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- README.md
+- README.mdown
+- CONTRIBUTING.mdown
+- LICENSE
 - r509.yaml
 - Rakefile
 - lib/r509/asn1.rb
+- lib/r509/cert/extensions/authority_info_access.rb
+- lib/r509/cert/extensions/authority_key_identifier.rb
+- lib/r509/cert/extensions/base.rb
+- lib/r509/cert/extensions/basic_constraints.rb
+- lib/r509/cert/extensions/certificate_policies.rb
+- lib/r509/cert/extensions/crl_distribution_points.rb
+- lib/r509/cert/extensions/extended_key_usage.rb
+- lib/r509/cert/extensions/inhibit_any_policy.rb
+- lib/r509/cert/extensions/key_usage.rb
+- lib/r509/cert/extensions/name_constraints.rb
+- lib/r509/cert/extensions/ocsp_no_check.rb
+- lib/r509/cert/extensions/policy_constraints.rb
+- lib/r509/cert/extensions/subject_alternative_name.rb
+- lib/r509/cert/extensions/subject_key_identifier.rb
+- lib/r509/cert/extensions/validation_mixin.rb
 - lib/r509/cert/extensions.rb
 - lib/r509/cert.rb
-- lib/r509/certificate_authority.rb
+- lib/r509/certificate_authority/options_builder.rb
+- lib/r509/certificate_authority/signer.rb
+- lib/r509/config/ca_config.rb
+- lib/r509/config/cert_profile.rb
+- lib/r509/config/subject_item_policy.rb
 - lib/r509/config.rb
-- lib/r509/crl.rb
+- lib/r509/crl/administrator.rb
+- lib/r509/crl/reader_writer.rb
+- lib/r509/crl/signed_list.rb
 - lib/r509/csr.rb
 - lib/r509/ec-hack.rb
 - lib/r509/engine.rb
 - lib/r509/exceptions.rb
+- lib/r509/helpers.rb
 - lib/r509/io_helpers.rb
 - lib/r509/message_digest.rb
 - lib/r509/ocsp.rb
@@ -104,18 +127,38 @@ files:
 - lib/r509/private_key.rb
 - lib/r509/spki.rb
 - lib/r509/subject.rb
+- lib/r509/trollop.rb
 - lib/r509/validity.rb
 - lib/r509/version.rb
 - lib/r509.rb
 - bin/r509
 - bin/r509-parse
 - spec/asn1_spec.rb
-- spec/cert/extensions_spec.rb
+- spec/cert/extensions/authority_info_access_spec.rb
+- spec/cert/extensions/authority_key_identifier_spec.rb
+- spec/cert/extensions/base_spec.rb
+- spec/cert/extensions/basic_constraints_spec.rb
+- spec/cert/extensions/certificate_policies_spec.rb
+- spec/cert/extensions/crl_distribution_points_spec.rb
+- spec/cert/extensions/extended_key_usage_spec.rb
+- spec/cert/extensions/inhibit_any_policy_spec.rb
+- spec/cert/extensions/key_usage_spec.rb
+- spec/cert/extensions/name_constraints_spec.rb
+- spec/cert/extensions/ocsp_no_check_spec.rb
+- spec/cert/extensions/policy_constraints_spec.rb
+- spec/cert/extensions/subject_alternative_name_spec.rb
+- spec/cert/extensions/subject_key_identifier_spec.rb
 - spec/cert_spec.rb
-- spec/certificate_authority_spec.rb
-- spec/config_spec.rb
-- spec/crl_spec.rb
+- spec/certificate_authority/options_builder_spec.rb
+- spec/certificate_authority/signer_spec.rb
+- spec/config/ca_config_spec.rb
+- spec/config/cert_profile_spec.rb
+- spec/config/subject_item_policy_spec.rb
+- spec/crl/administrator_spec.rb
+- spec/crl/reader_writer_spec.rb
+- spec/crl/signed_list_spec.rb
 - spec/csr_spec.rb
+- spec/engine_spec.rb
 - spec/fixtures/cert1.der
 - spec/fixtures/cert1.pem
 - spec/fixtures/cert1_public_key_modulus.txt
@@ -193,6 +236,9 @@ files:
 - spec/fixtures/test_ca.cer
 - spec/fixtures/test_ca.key
 - spec/fixtures/test_ca.p12
+- spec/fixtures/test_ca_crl.cer
+- spec/fixtures/test_ca_crl.key
+- spec/fixtures/test_ca_crl.p12
 - spec/fixtures/test_ca_des3.key
 - spec/fixtures/test_ca_ec.cer
 - spec/fixtures/test_ca_ec.key
@@ -224,8 +270,11 @@ files:
 - doc/css/common.css
 - doc/css/full_list.css
 - doc/css/style.css
+- doc/file.CONTRIBUTING.html
+- doc/file.LICENSE.html
 - doc/file.r509.html
 - doc/file.README.html
+- doc/file.YAML.html
 - doc/file_list.html
 - doc/frames.html
 - doc/index.html
@@ -235,10 +284,6 @@ files:
 - doc/method_list.html
 - doc/R509/ASN1/GeneralName.html
 - doc/R509/ASN1/GeneralNames.html
-- doc/R509/ASN1/NoticeReference.html
-- doc/R509/ASN1/PolicyInformation.html
-- doc/R509/ASN1/PolicyQualifiers.html
-- doc/R509/ASN1/UserNotice.html
 - doc/R509/ASN1.html
 - doc/R509/Cert/Extensions/AuthorityInfoAccess.html
 - doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html
@@ -246,28 +291,37 @@ files:
 - doc/R509/Cert/Extensions/CertificatePolicies.html
 - doc/R509/Cert/Extensions/CRLDistributionPoints.html
 - doc/R509/Cert/Extensions/ExtendedKeyUsage.html
+- doc/R509/Cert/Extensions/GeneralNamesMixin.html
 - doc/R509/Cert/Extensions/InhibitAnyPolicy.html
 - doc/R509/Cert/Extensions/KeyUsage.html
 - doc/R509/Cert/Extensions/NameConstraints.html
+- doc/R509/Cert/Extensions/NoticeReference.html
 - doc/R509/Cert/Extensions/OCSPNoCheck.html
 - doc/R509/Cert/Extensions/PolicyConstraints.html
+- doc/R509/Cert/Extensions/PolicyInformation.html
+- doc/R509/Cert/Extensions/PolicyQualifiers.html
 - doc/R509/Cert/Extensions/SubjectAlternativeName.html
 - doc/R509/Cert/Extensions/SubjectKeyIdentifier.html
+- doc/R509/Cert/Extensions/UserNotice.html
+- doc/R509/Cert/Extensions/ValidationMixin.html
 - doc/R509/Cert/Extensions.html
 - doc/R509/Cert.html
+- doc/R509/CertificateAuthority/OptionsBuilder.html
 - doc/R509/CertificateAuthority/Signer.html
 - doc/R509/CertificateAuthority.html
 - doc/R509/Config/CAConfig.html
 - doc/R509/Config/CAConfigPool.html
-- doc/R509/Config/CAProfile.html
+- doc/R509/Config/CertProfile.html
 - doc/R509/Config/SubjectItemPolicy.html
 - doc/R509/Config.html
 - doc/R509/CRL/Administrator.html
+- doc/R509/CRL/FileReaderWriter.html
+- doc/R509/CRL/ReaderWriter.html
 - doc/R509/CRL/SignedList.html
 - doc/R509/CRL.html
 - doc/R509/CSR.html
 - doc/R509/Engine.html
-- doc/R509/IOHelpers.html
+- doc/R509/Helpers.html
 - doc/R509/MessageDigest.html
 - doc/R509/NameSanitizer.html
 - doc/R509/OCSP/Request/Nonce.html
@@ -288,39 +342,34 @@ files:
 - doc/R509.html
 - doc/top-level-namespace.html
 homepage: http://r509.org
-licenses: []
+licenses:
+- Apache 2.0
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -4196809951687890655
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.23
+rubygems_version: 2.0.3
 signing_key:
-specification_version: 3
-summary: A (relatively) simple X.509 certification authority
+specification_version: 4
+summary: A (relatively) simple X.509 certification authority API
 test_files:
 - spec/asn1_spec.rb
 - spec/cert_spec.rb
-- spec/certificate_authority_spec.rb
-- spec/config_spec.rb
-- spec/crl_spec.rb
 - spec/csr_spec.rb
+- spec/engine_spec.rb
 - spec/message_digest_spec.rb
 - spec/ocsp_spec.rb
 - spec/oid_mapper_spec.rb