[DRE-commits] [ruby-certificate-authority] 04/07: refresh 001_upgrade-spec-to-rspec3.patch
Micah Anderson
micah at moszumanska.debian.org
Mon Dec 5 16:01:58 UTC 2016
This is an automated email from the git hooks/post-receive script.
micah pushed a commit to branch master
in repository ruby-certificate-authority.
commit c6b66c642be9d216d2e130e7845fef9f0cee0a37
Author: Micah Anderson <micah at riseup.net>
Date: Thu Dec 1 23:20:07 2016 -0500
refresh 001_upgrade-spec-to-rspec3.patch
---
debian/changelog | 1 +
debian/patches/001_upgrade-spec-to-rspec3.patch | 918 +++++++++++++++++++-----
2 files changed, 730 insertions(+), 189 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index aa3a60b..3203604 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
ruby-certificate-authority (0.2.0~6dd483b.1) unstable; urgency=medium
* Update to latest git commit
+ * Refresh 001_upgrade-spec-to-rspec3.patch
* Bump standards version
-- Micah Anderson <micah at debian.org> Thu, 01 Dec 2016 23:00:00 -0500
diff --git a/debian/patches/001_upgrade-spec-to-rspec3.patch b/debian/patches/001_upgrade-spec-to-rspec3.patch
index ecb258f..efce7b6 100644
--- a/debian/patches/001_upgrade-spec-to-rspec3.patch
+++ b/debian/patches/001_upgrade-spec-to-rspec3.patch
@@ -1,30 +1,80 @@
Description: Convert spec tests to RSpec 3.x
Author: Sebastien Badia <seb at sebian.fr>
Forwarded: https://github.com/cchandler/certificate_authority/pull/45
-Last-Update: 2016-03-02
-
+Last-Update: 2016-12-01
+
+--- a/Gemfile.lock
++++ b/Gemfile.lock
+@@ -7,7 +7,7 @@ GEM
+ simplecov (>= 0.7)
+ term-ansicolor
+ thor
+- diff-lcs (1.2.4)
++ diff-lcs (1.2.5)
+ docile (1.1.2)
+ git (1.2.5)
+ jeweler (1.8.4)
+@@ -15,7 +15,7 @@ GEM
+ git (>= 1.2.5)
+ rake
+ rdoc
+- json (1.8.0)
++ json (1.8.1)
+ mime-types (2.0)
+ multi_json (1.7.4)
+ rake (10.0.4)
+@@ -23,14 +23,19 @@ GEM
+ json (~> 1.4)
+ rest-client (1.6.7)
+ mime-types (>= 1.16)
+- rspec (2.13.0)
+- rspec-core (~> 2.13.0)
+- rspec-expectations (~> 2.13.0)
+- rspec-mocks (~> 2.13.0)
+- rspec-core (2.13.1)
+- rspec-expectations (2.13.0)
+- diff-lcs (>= 1.1.3, < 2.0)
+- rspec-mocks (2.13.1)
++ rspec (3.4.0)
++ rspec-core (~> 3.4.0)
++ rspec-expectations (~> 3.4.0)
++ rspec-mocks (~> 3.4.0)
++ rspec-core (3.4.3)
++ rspec-support (~> 3.4.0)
++ rspec-expectations (3.4.0)
++ diff-lcs (>= 1.2.0, < 2.0)
++ rspec-support (~> 3.4.0)
++ rspec-mocks (3.4.1)
++ diff-lcs (>= 1.2.0, < 2.0)
++ rspec-support (~> 3.4.0)
++ rspec-support (3.4.1)
+ simplecov (0.8.2)
+ docile (~> 1.1.0)
+ multi_json
+diff --git a/spec/units/certificate_revocation_list_spec.rb b/spec/units/certificate_revocation_list_spec.rb
+index af69b38..0fb3742 100644
--- a/spec/units/certificate_revocation_list_spec.rb
+++ b/spec/units/certificate_revocation_list_spec.rb
-@@ -28,38 +28,38 @@ describe CertificateAuthority::Certifica
-
+@@ -32,26 +32,26 @@
+
it "should complain if you add a certificate without a revocation time" do
@certificate.revoked_at = nil
- lambda{ @crl << @certificate}.should raise_error
+ expect{ @crl << @certificate}.to raise_error
end
-
+
it "should have a 'parent' that will be responsible for signing" do
@crl.parent = @root_certificate
- @crl.parent.should_not be_nil
+ expect(@crl.parent).not_to be_nil
end
-
+
it "should raise an error if you try and sign a CRL without attaching a parent" do
@crl.parent = nil
- lambda { @crl.sign! }.should raise_error
+ expect { @crl.sign! }.to raise_error
end
-
+
it "should be able to generate a proper CRL" do
@crl << @certificate
- lambda {@crl.to_pem}.should raise_error
@@ -36,32 +86,95 @@ Last-Update: 2016-03-02
+ expect(@crl.to_pem).not_to be_nil
+ expect(OpenSSL::X509::CRL.new(@crl.to_pem)).not_to be_nil
end
-
+
+ it "should be able to mix Certificates and SerialNumbers for convenience" do
+@@ -60,7 +60,7 @@
+ @crl.parent = @root_certificate
+ @crl.sign!
+ openssl_csr = OpenSSL::X509::CRL.new(@crl.to_pem)
+- openssl_csr.revoked.size.should == 2
++ expect(openssl_csr.revoked.size).to eq(2)
+ end
+
+ it "should have the correct number of entities" do
+@@ -68,8 +68,8 @@
+ @crl.parent = @root_certificate
+ @crl.sign!
+ openssl_clr = OpenSSL::X509::CRL.new(@crl.to_pem)
+- openssl_clr.revoked.should be_a(Array)
+- openssl_clr.revoked.size.should == 1
++ expect(openssl_clr.revoked).to be_a(Array)
++ expect(openssl_clr.revoked.size).to eq(1)
+ end
+
+ it "should have the serial numbers of revoked entities" do
+@@ -78,9 +78,9 @@
+ @crl.parent = @root_certificate
+ @crl.sign!
+ openssl_clr = OpenSSL::X509::CRL.new(@crl.to_pem)
+- openssl_clr.revoked.should be_a(Array)
+- openssl_clr.revoked.first.serial.should == @certificate.serial_number.number
+- openssl_clr.revoked.last.serial.should == @serial_number.number
++ expect(openssl_clr.revoked).to be_a(Array)
++ expect(openssl_clr.revoked.first.serial).to eq(@certificate.serial_number.number)
++ expect(openssl_clr.revoked.last.serial).to eq(@serial_number.number)
+ end
+
+ it "should be valid according to OpenSSL and signer" do
+@@ -89,7 +89,7 @@
+ @crl.sign!
+ openssl_clr = OpenSSL::X509::CRL.new(@crl.to_pem)
+ openssl_root = OpenSSL::X509::Certificate.new(@root_certificate.to_pem)
+- openssl_clr.verify(openssl_root.public_key).should be_true
++ expect(openssl_clr.verify(openssl_root.public_key)).to be_truthy
+ end
+
+ describe "Digests" do
+@@ -98,7 +98,7 @@
+ @crl.parent = @root_certificate
+ @crl.sign!
+ openssl_clr = OpenSSL::X509::CRL.new(@crl.to_pem)
+- openssl_clr.signature_algorithm.should == "sha512WithRSAEncryption"
++ expect(openssl_clr.signature_algorithm).to eq("sha512WithRSAEncryption")
+ end
+
+ it "should support alternate digests supported by OpenSSL" do
+@@ -106,20 +106,20 @@
+ @crl.parent = @root_certificate
+ @crl.sign!({"digest" => "SHA1"})
+ openssl_clr = OpenSSL::X509::CRL.new(@crl.to_pem)
+- openssl_clr.signature_algorithm.should == "sha1WithRSAEncryption"
++ expect(openssl_clr.signature_algorithm).to eq("sha1WithRSAEncryption")
+ end
+ end
+
describe "Next update" do
it "should be able to set a 'next_update' value" do
@crl.next_update = (60 * 60 * 10) # 10 Hours
- @crl.next_update.should_not be_nil
+ expect(@crl.next_update).not_to be_nil
end
-
+
it "should throw an error if we try and sign up with a negative next_update" do
@crl.sign!
@crl.next_update = - (60 * 60 * 10)
- lambda{@crl.sign!}.should raise_error
+ expect{@crl.sign!}.to raise_error
end
-
end
+ end
+diff --git a/spec/units/certificate_spec.rb b/spec/units/certificate_spec.rb
+index d07abd6..b2b737f 100644
--- a/spec/units/certificate_spec.rb
+++ b/spec/units/certificate_spec.rb
-@@ -7,13 +7,13 @@ describe CertificateAuthority::Certifica
-
+@@ -7,13 +7,13 @@
+
describe CertificateAuthority::SigningEntity do
it "should behave as a signing entity" do
- @certificate.respond_to?(:is_signing_entity?).should be_true
+ expect(@certificate.respond_to?(:is_signing_entity?)).to be_truthy
end
-
+
it "should only be a signing entity if it's identified as a CA", :rfc3280 => true do
- @certificate.is_signing_entity?.should be_false
+ expect(@certificate.is_signing_entity?).to be_falsey
@@ -69,99 +182,99 @@ Last-Update: 2016-03-02
- @certificate.is_signing_entity?.should be_true
+ expect(@certificate.is_signing_entity?).to be_truthy
end
-
+
describe "Root certificates" do
-@@ -22,15 +22,15 @@ describe CertificateAuthority::Certifica
+@@ -22,15 +22,15 @@
end
-
+
it "should be able to be identified as a root certificate" do
- @certificate.is_root_entity?.should be_true
+ expect(@certificate.is_root_entity?).to be_truthy
end
-
+
it "should only be a root certificate if the parent entity is itself", :rfc3280 => true do
- @certificate.parent.should == @certificate
+ expect(@certificate.parent).to eq(@certificate)
end
-
+
it "should be a root certificate by default" do
- @certificate.is_root_entity?.should be_true
+ expect(@certificate.is_root_entity?).to be_truthy
end
-
+
it "should be able to self-sign" do
-@@ -39,7 +39,7 @@ describe CertificateAuthority::Certifica
- @certificate.key_material.generate_key(1024)
+@@ -39,7 +39,7 @@
+ @certificate.key_material.generate_key(768)
@certificate.sign!
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.subject.to_s.should == cert.issuer.to_s
+ expect(cert.subject.to_s).to eq(cert.issuer.to_s)
end
-
+
it "should have the basicContraint CA:TRUE" do
-@@ -48,7 +48,7 @@ describe CertificateAuthority::Certifica
- @certificate.key_material.generate_key(1024)
+@@ -48,7 +48,7 @@
+ @certificate.key_material.generate_key(768)
@certificate.sign!
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map{|i| [i.oid,i.value] }.select{|i| i.first == "basicConstraints"}.first[1].should == "CA:TRUE"
+ expect(cert.extensions.map{|i| [i.oid,i.value] }.select{|i| i.first == "basicConstraints"}.first[1]).to eq("CA:TRUE")
end
end
-
-@@ -65,16 +65,16 @@ describe CertificateAuthority::Certifica
+
+@@ -65,16 +65,16 @@
end
-
+
it "should be able to be identified as an intermediate certificate" do
- @certificate.is_intermediate_entity?.should be_true
+ expect(@certificate.is_intermediate_entity?).to be_truthy
end
-
+
it "should not be identified as a root" do
- @certificate.is_root_entity?.should be_false
+ expect(@certificate.is_root_entity?).to be_falsey
end
-
+
it "should only be an intermediate certificate if the parent is a different entity" do
- @certificate.parent.should_not == @certificate
- @certificate.parent.should_not be_nil
+ expect(@certificate.parent).not_to eq(@certificate)
+ expect(@certificate.parent).not_to be_nil
end
-
+
it "should correctly be signed by a parent certificate" do
-@@ -84,7 +84,7 @@ describe CertificateAuthority::Certifica
+@@ -84,7 +84,7 @@
@certificate.serial_number.number = 1
@certificate.sign!
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.subject.to_s.should_not == cert.issuer.to_s
+ expect(cert.subject.to_s).not_to eq(cert.issuer.to_s)
end
-
+
it "should have the basicContraint CA:TRUE" do
-@@ -94,7 +94,7 @@ describe CertificateAuthority::Certifica
+@@ -94,7 +94,7 @@
@certificate.serial_number.number = 3
@certificate.sign!
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map{|i| [i.oid,i.value] }.select{|i| i.first == "basicConstraints"}.first[1].should == "CA:TRUE"
+ expect(cert.extensions.map{|i| [i.oid,i.value] }.select{|i| i.first == "basicConstraints"}.first[1]).to eq("CA:TRUE")
end
-
+
end
-@@ -111,11 +111,11 @@ describe CertificateAuthority::Certifica
+@@ -111,11 +111,11 @@
end
-
+
it "should not be identified as an intermediate certificate" do
- @certificate.is_intermediate_entity?.should be_false
+ expect(@certificate.is_intermediate_entity?).to be_falsey
end
-
+
it "should not be identified as a root" do
- @certificate.is_root_entity?.should be_false
+ expect(@certificate.is_root_entity?).to be_falsey
end
-
+
it "should have the basicContraint CA:FALSE" do
-@@ -125,13 +125,13 @@ describe CertificateAuthority::Certifica
+@@ -125,13 +125,13 @@
@certificate.serial_number.number = 1
@certificate.sign!
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
@@ -169,17 +282,17 @@ Last-Update: 2016-03-02
+ expect(cert.extensions.map{|i| [i.oid,i.value] }.select{|i| i.first == "basicConstraints"}.first[1]).to eq("CA:FALSE")
end
end
-
-
+
+
it "should be able to be identified as a root certificate" do
- @certificate.respond_to?(:is_root_entity?).should be_true
+ expect(@certificate.respond_to?(:is_root_entity?)).to be_truthy
end
end #End of SigningEntity
-
-@@ -145,8 +145,8 @@ describe CertificateAuthority::Certifica
+
+@@ -145,8 +145,8 @@
end
-
+
it "should have a PEM encoded certificate body available" do
- @certificate.to_pem.should_not be_nil
- OpenSSL::X509::Certificate.new(@certificate.to_pem).should_not be_nil
@@ -187,24 +300,33 @@ Last-Update: 2016-03-02
+ expect(OpenSSL::X509::Certificate.new(@certificate.to_pem)).not_to be_nil
end
end
-
-@@ -182,13 +182,13 @@ describe CertificateAuthority::Certifica
+
+@@ -182,13 +182,13 @@
it "should have a subjectAltName if specified" do
@certificate.sign!({"extensions" => {"subjectAltName" => {"uris" => ["www.chrischandler.name"]}}})
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("subjectAltName").should be_true
+ expect(cert.extensions.map(&:oid).include?("subjectAltName")).to be_truthy
end
-
+
it "should NOT have a subjectAltName if one was not specified" do
@certificate.sign!
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("subjectAltName").should be_false
+ expect(cert.extensions.map(&:oid).include?("subjectAltName")).to be_falsey
end
+
+ it 'should replace email:copy with email address' do
+@@ -198,7 +198,7 @@
+ )
+ cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
+ alt = cert.extensions.select { |e| e.oid == 'subjectAltName' }.first
+- alt.value.should == 'email:foo at bar.com, email:fubar at bar.com'
++ expect(alt.value).to eq('email:foo at bar.com, email:fubar at bar.com')
+ end
end
-
-@@ -203,7 +203,7 @@ describe CertificateAuthority::Certifica
+
+@@ -213,7 +213,7 @@
it "should have an authority info access if specified" do
@certificate.sign!({"extensions" => {"authorityInfoAccess" => {"ocsp" => ["www.chrischandler.name"]}}})
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
@@ -212,15 +334,15 @@ Last-Update: 2016-03-02
+ expect(cert.extensions.map(&:oid).include?("authorityInfoAccess")).to be_truthy
end
end
-
-@@ -218,13 +218,13 @@ describe CertificateAuthority::Certifica
+
+@@ -228,13 +228,13 @@
it "should have a crlDistributionPoint if specified" do
- @certificate.sign!({"extensions" => {"crlDistributionPoints" => {"uri" => ["http://crlThingy.com"]}}})
+ @certificate.sign!({"extensions" => {"crlDistributionPoints" => {"uris" => ["http://crlThingy.com"]}}})
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("crlDistributionPoints").should be_true
+ expect(cert.extensions.map(&:oid).include?("crlDistributionPoints")).to be_truthy
end
-
+
it "should NOT have a crlDistributionPoint if one was not specified" do
@certificate.sign!
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
@@ -228,21 +350,32 @@ Last-Update: 2016-03-02
+ expect(cert.extensions.map(&:oid).include?("crlDistributionPoints")).to be_falsey
end
end
-
-@@ -247,10 +247,10 @@ describe CertificateAuthority::Certifica
+
+@@ -257,7 +257,7 @@
}
})
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("certificatePolicies").should be_true
+ expect(cert.extensions.map(&:oid).include?("certificatePolicies")).to be_truthy
end
-
-- it "should contain a nested userNotice if specified" do
-+ xit "should contain a nested userNotice if specified" do
- pending
- # @certificate.sign!({
- # "extensions" => {
-@@ -270,41 +270,41 @@ describe CertificateAuthority::Certifica
+
+ pending "should contain a nested userNotice if specified" do
+@@ -274,12 +274,12 @@
+ }
+ })
+ cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
+- cert.extensions.map(&:oid).include?("certificatePolicies").should be_true
++ expect(cert.extensions.map(&:oid).include?("certificatePolicies")).to be_truthy
+ ## Checking OIDs after they've run through OpenSSL is a pain...
+ ## The nicely structured data will be flattened to a single String
+ cert.extensions.each do |ext|
+ if ext.oid == "certificatePolicies"
+- ext.to_a[1].should include("Testing explicit text!")
++ expect(ext.to_a[1]).to include("Testing explicit text!")
+ end
+ end
+ end
+@@ -287,41 +287,41 @@
it "should NOT include a certificatePolicy if not specified" do
@certificate.sign!
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
@@ -250,26 +383,26 @@ Last-Update: 2016-03-02
+ expect(cert.extensions.map(&:oid).include?("certificatePolicies")).to be_falsey
end
end
-
-
- it "should support BasicContraints" do
+
+
+ it "should support BasicConstraints" do
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("basicConstraints").should be_true
+ expect(cert.extensions.map(&:oid).include?("basicConstraints")).to be_truthy
end
-
+
it "should support subjectKeyIdentifier" do
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("subjectKeyIdentifier").should be_true
+ expect(cert.extensions.map(&:oid).include?("subjectKeyIdentifier")).to be_truthy
end
-
+
it "should support authorityKeyIdentifier" do
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("authorityKeyIdentifier").should be_true
+ expect(cert.extensions.map(&:oid).include?("authorityKeyIdentifier")).to be_truthy
end
-
+
it "should order subjectKeyIdentifier before authorityKeyIdentifier" do
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).select do |oid|
@@ -278,28 +411,28 @@ Last-Update: 2016-03-02
- end.should == ["subjectKeyIdentifier", "authorityKeyIdentifier"]
+ end).to eq(["subjectKeyIdentifier", "authorityKeyIdentifier"])
end
-
+
it "should support keyUsage" do
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("keyUsage").should be_true
+ expect(cert.extensions.map(&:oid).include?("keyUsage")).to be_truthy
end
-
+
it "should support extendedKeyUsage" do
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.extensions.map(&:oid).include?("extendedKeyUsage").should be_true
+ expect(cert.extensions.map(&:oid).include?("extendedKeyUsage")).to be_truthy
end
end
-
-@@ -341,14 +341,14 @@ describe CertificateAuthority::Certifica
+
+@@ -358,14 +358,14 @@
it "should support a default signing digest of SHA512" do
@certificate.sign!(@signing_profile)
cert = OpenSSL::X509::Certificate.new(@certificate.to_pem)
- cert.signature_algorithm.should == "sha512WithRSAEncryption"
+ expect(cert.signature_algorithm).to eq("sha512WithRSAEncryption")
end
-
+
it "should support a configurable digest algorithm" do
@signing_profile.merge!({"digest" => "SHA1"})
@certificate.sign!(@signing_profile)
@@ -307,16 +440,16 @@ Last-Update: 2016-03-02
- cert.signature_algorithm.should == "sha1WithRSAEncryption"
+ expect(cert.signature_algorithm).to eq("sha1WithRSAEncryption")
end
-
+
end
-@@ -376,53 +376,53 @@ CERT
+@@ -393,13 +393,13 @@
end
-
+
it "should reject non-Certificate arguments" do
- lambda { CertificateAuthority::Certificate.from_openssl "a string" }.should raise_error
+ expect { CertificateAuthority::Certificate.from_openssl "a string" }.to raise_error
end
-
+
it "should only be missing a private key" do
- @small_cert.should_not be_valid
+ expect(@small_cert).not_to be_valid
@@ -324,64 +457,118 @@ Last-Update: 2016-03-02
- @small_cert.should be_valid
+ expect(@small_cert).to be_valid
end
+
+ it "should check to make sure that if a certificate had extensions they were imported" do
+@@ -410,28 +410,28 @@
+ expected_basicConstraints = CertificateAuthority::Extensions::BasicConstraints.new
+ expected_basicConstraints.critical = true
+ expected_basicConstraints.ca = false
+- @cert_with_extensions.extensions["basicConstraints"].should == expected_basicConstraints
++ expect(@cert_with_extensions.extensions["basicConstraints"]).to eq(expected_basicConstraints)
+
+ expected_crlDistributionPoints = CertificateAuthority::Extensions::CrlDistributionPoints.new
+ expected_crlDistributionPoints.uris = ["http://crl3.digicert.com/ev2009a.crl","http://crl4.digicert.com/ev2009a.crl"]
+- @cert_with_extensions.extensions["crlDistributionPoints"].should == expected_crlDistributionPoints
++ expect(@cert_with_extensions.extensions["crlDistributionPoints"]).to eq(expected_crlDistributionPoints)
+
+ expected_subjectAlt = CertificateAuthority::Extensions::SubjectAlternativeName.new
+ expected_subjectAlt.dns_names =["github.com", "www.github.com"]
+- @cert_with_extensions.extensions["subjectAltName"].should == expected_subjectAlt
++ expect(@cert_with_extensions.extensions["subjectAltName"]).to eq(expected_subjectAlt)
+
+ expected_subjectKeyIdentifier = CertificateAuthority::Extensions::SubjectKeyIdentifier.new
+ expected_subjectKeyIdentifier.identifier = "87:D1:8F:19:6E:E4:87:6F:53:8C:77:91:07:50:DF:A3:BF:55:47:20"
+- @cert_with_extensions.extensions["subjectKeyIdentifier"].should == expected_subjectKeyIdentifier
++ expect(@cert_with_extensions.extensions["subjectKeyIdentifier"]).to eq(expected_subjectKeyIdentifier)
+
+ expected_authorityKeyIdentifier = CertificateAuthority::Extensions::AuthorityKeyIdentifier.new
+ expected_authorityKeyIdentifier.identifier = "keyid:4C:58:CB:25:F0:41:4F:52:F4:28:C8:81:43:9B:A6:A8:A0:E6:92:E5"
+- @cert_with_extensions.extensions["authorityKeyIdentifier"].should == expected_authorityKeyIdentifier
++ expect(@cert_with_extensions.extensions["authorityKeyIdentifier"]).to eq(expected_authorityKeyIdentifier)
+
+ expected_authorityInfoAccess = CertificateAuthority::Extensions::AuthorityInfoAccess.new
+ expected_authorityInfoAccess.ocsp << "URI:http://ocsp.digicert.com"
+ expected_authorityInfoAccess.ca_issuers << "URI:http://www.digicert.com/CACerts/DigiCertHighAssuranceEVCA-1.crt"
+- @cert_with_extensions.extensions["authorityInfoAccess"].should == expected_authorityInfoAccess
++ expect(@cert_with_extensions.extensions["authorityInfoAccess"]).to eq(expected_authorityInfoAccess)
+
+ expected_keyUsage = CertificateAuthority::Extensions::KeyUsage.new
+ expected_keyUsage.critical = true
+@@ -439,54 +439,54 @@
+ # it will parse and return 'Digital Signature' even though those should
+ # be identical.
+ expected_keyUsage.usage = ["Digital Signature", "Key Encipherment"]
+- @cert_with_extensions.extensions["keyUsage"].should == expected_keyUsage
++ expect(@cert_with_extensions.extensions["keyUsage"]).to eq(expected_keyUsage)
+
+ expected_extendedKeyUsage = CertificateAuthority::Extensions::ExtendedKeyUsage.new
+ # Same asymmetric specify vs parse as above
+ expected_extendedKeyUsage.usage = ["TLS Web Server Authentication", "TLS Web Client Authentication"]
+- @cert_with_extensions.extensions["extendedKeyUsage"].should == expected_extendedKeyUsage
++ expect(@cert_with_extensions.extensions["extendedKeyUsage"]).to eq(expected_extendedKeyUsage)
+ end
end
-
+
it "should have a distinguished name" do
- @certificate.distinguished_name.should_not be_nil
+ expect(@certificate.distinguished_name).not_to be_nil
end
-
+
it "should have a serial number" do
- @certificate.serial_number.should_not be_nil
+ expect(@certificate.serial_number).not_to be_nil
end
-
+
it "should have a subject" do
- @certificate.subject.should_not be_nil
+ expect(@certificate.subject).not_to be_nil
end
-
+
it "should be able to have a parent entity" do
- @certificate.respond_to?(:parent).should be_true
+ expect(@certificate.respond_to?(:parent)).to be_truthy
end
-
+
it "should have key material" do
- @certificate.key_material.should_not be_nil
+ expect(@certificate.key_material).not_to be_nil
end
-
+
it "should have a not_before field" do
- @certificate.not_before.should_not be_nil
+ expect(@certificate.not_before).not_to be_nil
end
-
+
it "should have a not_after field" do
- @certificate.not_after.should_not be_nil
+ expect(@certificate.not_after).not_to be_nil
end
-
+
it "should default to one year validity" do
-- @certificate.not_after.should < Time.now + 65 * 60 * 24 * 365 and
-- @certificate.not_after.should > Time.now + 55 * 60 * 24 * 365
-+ expect(@certificate.not_after).to be < Time.now + 65 * 60 * 24 * 365 and
-+ expect(@certificate.not_after).to be > Time.now + 55 * 60 * 24 * 365
+ day = 60 * 60 * 24
+ year = day * 365
+- @certificate.not_after.should < Time.now + year + day and
+- @certificate.not_after.should > Time.now + year - day
++ expect(@certificate.not_after).to be < Time.now + year + day and
++ expect(@certificate.not_after).to be > Time.now + year - day
end
-
+
it "should be able to have a revoked at time" do
- @certificate.revoked?.should be_false
+ expect(@certificate.revoked?).to be_falsey
- @certificate.revoked_at = Time.now
+ @certificate.revoked_at = Time.now.utc
- @certificate.revoked?.should be_true
+ expect(@certificate.revoked?).to be_truthy
end
-
+
end
+diff --git a/spec/units/distinguished_name_spec.rb b/spec/units/distinguished_name_spec.rb
+index 0ea5706..00d30bb 100644
--- a/spec/units/distinguished_name_spec.rb
+++ b/spec/units/distinguished_name_spec.rb
-@@ -6,28 +6,28 @@ describe CertificateAuthority::Distingui
+@@ -6,32 +6,32 @@
end
-
+
it "should provide the standard x.509 distinguished name common attributes" do
- @distinguished_name.respond_to?(:cn).should be_true
- @distinguished_name.respond_to?(:l).should be_true
@@ -389,14 +576,18 @@ Last-Update: 2016-03-02
- @distinguished_name.respond_to?(:o).should be_true
- @distinguished_name.respond_to?(:ou).should be_true
- @distinguished_name.respond_to?(:c).should be_true
+- @distinguished_name.respond_to?(:emailAddress).should be_true
+- @distinguished_name.respond_to?(:serialNumber).should be_true
+ expect(@distinguished_name.respond_to?(:cn)).to be_truthy
+ expect(@distinguished_name.respond_to?(:l)).to be_truthy
+ expect(@distinguished_name.respond_to?(:s)).to be_truthy
+ expect(@distinguished_name.respond_to?(:o)).to be_truthy
+ expect(@distinguished_name.respond_to?(:ou)).to be_truthy
+ expect(@distinguished_name.respond_to?(:c)).to be_truthy
++ expect(@distinguished_name.respond_to?(:emailAddress)).to be_truthy
++ expect(@distinguished_name.respond_to?(:serialNumber)).to be_truthy
end
-
+
it "should provide human-readable equivalents to the distinguished name common attributes" do
- @distinguished_name.respond_to?(:common_name).should be_true
- @distinguished_name.respond_to?(:locality).should be_true
@@ -404,14 +595,18 @@ Last-Update: 2016-03-02
- @distinguished_name.respond_to?(:organization).should be_true
- @distinguished_name.respond_to?(:organizational_unit).should be_true
- @distinguished_name.respond_to?(:country).should be_true
+- @distinguished_name.respond_to?(:email_address).should be_true
+- @distinguished_name.respond_to?(:serial_number).should be_true
+ expect(@distinguished_name.respond_to?(:common_name)).to be_truthy
+ expect(@distinguished_name.respond_to?(:locality)).to be_truthy
+ expect(@distinguished_name.respond_to?(:state)).to be_truthy
+ expect(@distinguished_name.respond_to?(:organization)).to be_truthy
+ expect(@distinguished_name.respond_to?(:organizational_unit)).to be_truthy
+ expect(@distinguished_name.respond_to?(:country)).to be_truthy
++ expect(@distinguished_name.respond_to?(:email_address)).to be_truthy
++ expect(@distinguished_name.respond_to?(:serial_number)).to be_truthy
end
-
+
it "should require a common name" do
- @distinguished_name.valid?.should be_false
- @distinguished_name.errors.size.should == 1
@@ -421,51 +616,61 @@ Last-Update: 2016-03-02
- @distinguished_name.valid?.should be_true
+ expect(@distinguished_name.valid?).to be_truthy
end
-
+
it "should be convertible to an OpenSSL::X509::Name" do
-@@ -43,17 +43,17 @@ describe CertificateAuthority::Distingui
+@@ -47,17 +47,17 @@
end
-
+
it "should reject non Name objects" do
- lambda { CertificateAuthority::DistinguishedName.from_openssl "Not a OpenSSL::X509::Name" }.should raise_error
+ expect { CertificateAuthority::DistinguishedName.from_openssl "Not a OpenSSL::X509::Name" }.to raise_error
end
-
+
[:common_name, :locality, :state, :country, :organization, :organizational_unit].each do |field|
it "should set the #{field} attribute" do
- @dn.send(field).should_not be_nil
+ expect(@dn.send(field)).not_to be_nil
end
end
-
+
it "should create an equivalent object" do
- @dn.to_x509_name.to_s.split('/').should =~ @name.to_s.split('/')
+ expect(@dn.to_x509_name.to_s.split('/')).to match_array(@name.to_s.split('/'))
end
+
+ end
+@@ -68,7 +68,7 @@
+ subject = "/testingCustomOIDs=custom/CN=justincummins.name/L=on my laptop/ST=relaxed/C=as/O=programmer/OU=using this code"
+ @name = OpenSSL::X509::Name.parse subject
+ @dn = CertificateAuthority::DistinguishedName.from_openssl @name
+- @dn.custom_oids?.should be_true
++ expect(@dn.custom_oids?).to be_truthy
+ end
end
end
-\ No newline at end of file
+diff --git a/spec/units/extensions_spec.rb b/spec/units/extensions_spec.rb
+index a4618ec..6ec17a0 100644
--- a/spec/units/extensions_spec.rb
+++ b/spec/units/extensions_spec.rb
-@@ -4,109 +4,109 @@ describe CertificateAuthority::Extension
- describe CertificateAuthority::Extensions::BasicContraints do
+@@ -4,118 +4,118 @@
+ describe CertificateAuthority::Extensions::BasicConstraints do
it "should only allow true/false" do
- basic_constraints = CertificateAuthority::Extensions::BasicContraints.new
+ basic_constraints = CertificateAuthority::Extensions::BasicConstraints.new
- basic_constraints.valid?.should be_true
+ expect(basic_constraints.valid?).to be_truthy
basic_constraints.ca = "moo"
- basic_constraints.valid?.should be_false
+ expect(basic_constraints.valid?).to be_falsey
end
-
+
it "should respond to :path_len" do
- basic_constraints = CertificateAuthority::Extensions::BasicContraints.new
+ basic_constraints = CertificateAuthority::Extensions::BasicConstraints.new
- basic_constraints.respond_to?(:path_len).should be_true
+ expect(basic_constraints.respond_to?(:path_len)).to be_truthy
end
-
+
it "should raise an error if :path_len isn't a non-negative integer" do
- basic_constraints = CertificateAuthority::Extensions::BasicContraints.new
+ basic_constraints = CertificateAuthority::Extensions::BasicConstraints.new
- lambda {basic_constraints.path_len = "moo"}.should raise_error
- lambda {basic_constraints.path_len = -1}.should raise_error
- lambda {basic_constraints.path_len = 1.5}.should raise_error
@@ -473,170 +678,298 @@ Last-Update: 2016-03-02
+ expect {basic_constraints.path_len = -1}.to raise_error
+ expect {basic_constraints.path_len = 1.5}.to raise_error
end
-
+
it "should generate a proper OpenSSL extension string" do
- basic_constraints = CertificateAuthority::Extensions::BasicContraints.new
+ basic_constraints = CertificateAuthority::Extensions::BasicConstraints.new
basic_constraints.ca = true
basic_constraints.path_len = 2
- basic_constraints.to_s.should == "CA:true,pathlen:2"
+ expect(basic_constraints.to_s).to eq("CA:true,pathlen:2")
end
+
+ it "should parse values from a proper OpenSSL extension string" do
+ basic_constraints = CertificateAuthority::Extensions::BasicConstraints.parse("CA:true,pathlen:2", true)
+- basic_constraints.critical.should be_true
+- basic_constraints.ca.should be_true
+- basic_constraints.path_len.should == 2
++ expect(basic_constraints.critical).to be_truthy
++ expect(basic_constraints.ca).to be_truthy
++ expect(basic_constraints.path_len).to eq(2)
+ end
end
-
+
describe CertificateAuthority::Extensions::SubjectAlternativeName do
it "should respond to :uris" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
- subjectAltName.respond_to?(:uris).should be_true
+ expect(subjectAltName.respond_to?(:uris)).to be_truthy
end
-
+
it "should require 'uris' to be an Array" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
- lambda {subjectAltName.uris = "not an array"}.should raise_error
+ expect {subjectAltName.uris = "not an array"}.to raise_error
end
-
+
it "should generate a proper OpenSSL extension string for URIs" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
subjectAltName.uris = ["http://localhost.altname.example.com"]
- subjectAltName.to_s.should == "URI:http://localhost.altname.example.com"
+ expect(subjectAltName.to_s).to eq("URI:http://localhost.altname.example.com")
-
+
subjectAltName.uris = ["http://localhost.altname.example.com", "http://other.example.com"]
- subjectAltName.to_s.should == "URI:http://localhost.altname.example.com,URI:http://other.example.com"
+ expect(subjectAltName.to_s).to eq("URI:http://localhost.altname.example.com,URI:http://other.example.com")
end
-
-
+
+ it "should parse URIs from a proper OpenSSL extension string" do
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("URI:http://localhost.altname.example.com", false)
+- subjectAltName.uris.should == ["http://localhost.altname.example.com"]
++ expect(subjectAltName.uris).to eq(["http://localhost.altname.example.com"])
+
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("URI:http://localhost.altname.example.com,URI:http://other.example.com", false)
+- subjectAltName.uris.should == ["http://localhost.altname.example.com", "http://other.example.com"]
++ expect(subjectAltName.uris).to eq(["http://localhost.altname.example.com", "http://other.example.com"])
+ end
+
it "should respond to :dns_names" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
- subjectAltName.respond_to?(:dns_names).should be_true
+ expect(subjectAltName.respond_to?(:dns_names)).to be_truthy
end
-
+
it "should require 'dns_names' to be an Array" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
- lambda {subjectAltName.dns_names = "not an array"}.should raise_error
+ expect {subjectAltName.dns_names = "not an array"}.to raise_error
end
-
+
it "should generate a proper OpenSSL extension string for DNS names" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
subjectAltName.dns_names = ["localhost.altname.example.com"]
- subjectAltName.to_s.should == "DNS:localhost.altname.example.com"
+ expect(subjectAltName.to_s).to eq("DNS:localhost.altname.example.com")
-
+
subjectAltName.dns_names = ["localhost.altname.example.com", "other.example.com"]
- subjectAltName.to_s.should == "DNS:localhost.altname.example.com,DNS:other.example.com"
+ expect(subjectAltName.to_s).to eq("DNS:localhost.altname.example.com,DNS:other.example.com")
end
-
+
+ it "should parse DNS names from a proper OpenSSL extension string" do
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("DNS:localhost.altname.example.com", false)
+- subjectAltName.dns_names.should == ["localhost.altname.example.com"]
++ expect(subjectAltName.dns_names).to eq(["localhost.altname.example.com"])
+
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("DNS:localhost.altname.example.com,DNS:other.example.com", false)
+- subjectAltName.dns_names.should == ["localhost.altname.example.com", "other.example.com"]
++ expect(subjectAltName.dns_names).to eq(["localhost.altname.example.com", "other.example.com"])
+ end
+
it "should respond to :ips" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
- subjectAltName.respond_to?(:ips).should be_true
+ expect(subjectAltName.respond_to?(:ips)).to be_truthy
end
-
+
it "should require 'ips' to be an Array" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
- lambda {subjectAltName.ips = "not an array"}.should raise_error
+ expect {subjectAltName.ips = "not an array"}.to raise_error
end
-
+
it "should generate a proper OpenSSL extension string for IPs" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
subjectAltName.ips = ["1.2.3.4"]
- subjectAltName.to_s.should == "IP:1.2.3.4"
+ expect(subjectAltName.to_s).to eq("IP:1.2.3.4")
-
+
subjectAltName.ips = ["1.2.3.4", "5.6.7.8"]
- subjectAltName.to_s.should == "IP:1.2.3.4,IP:5.6.7.8"
+ expect(subjectAltName.to_s).to eq("IP:1.2.3.4,IP:5.6.7.8")
end
-
+
+ it "should parse IPs from a proper OpenSSL extension string" do
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("IP:1.2.3.4", false)
+- subjectAltName.ips.should == ["1.2.3.4"]
++ expect(subjectAltName.ips).to eq(["1.2.3.4"])
+
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("IP:1.2.3.4,IP:5.6.7.8", false)
+- subjectAltName.ips.should == ["1.2.3.4", "5.6.7.8"]
++ expect(subjectAltName.ips).to eq(["1.2.3.4", "5.6.7.8"])
+ end
+
+ describe 'emails' do
+@@ -129,55 +129,55 @@
+
+ it "should generate a proper OpenSSL extension string for emails" do
+ subject.emails = ["copy"]
+- subject.to_s.should == "email:copy"
++ expect(subject.to_s).to eq("email:copy")
+
+ subject.emails = ["copy", "foo at bar.com"]
+- subject.to_s.should == "email:copy,email:foo at bar.com"
++ expect(subject.to_s).to eq("email:copy,email:foo at bar.com")
+ end
+ end
+
it "should generate a proper OpenSSL extension string for URIs IPs and DNS names together" do
subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.new
subjectAltName.ips = ["1.2.3.4"]
- subjectAltName.to_s.should == "IP:1.2.3.4"
+ expect(subjectAltName.to_s).to eq("IP:1.2.3.4")
-
+
subjectAltName.dns_names = ["localhost.altname.example.com"]
- subjectAltName.to_s.should == "DNS:localhost.altname.example.com,IP:1.2.3.4"
+ expect(subjectAltName.to_s).to eq("DNS:localhost.altname.example.com,IP:1.2.3.4")
-
+
subjectAltName.dns_names = ["localhost.altname.example.com", "other.example.com"]
- subjectAltName.to_s.should == "DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4"
+ expect(subjectAltName.to_s).to eq("DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4")
-
+
subjectAltName.ips = ["1.2.3.4", "5.6.7.8"]
- subjectAltName.to_s.should == "DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8"
+ expect(subjectAltName.to_s).to eq("DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8")
-
+
subjectAltName.uris = ["http://localhost.altname.example.com"]
- subjectAltName.to_s.should == "URI:http://localhost.altname.example.com,DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8"
+ expect(subjectAltName.to_s).to eq("URI:http://localhost.altname.example.com,DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8")
-
+
subjectAltName.uris = ["http://localhost.altname.example.com", "http://other.altname.example.com"]
- subjectAltName.to_s.should == "URI:http://localhost.altname.example.com,URI:http://other.altname.example.com,DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8"
+ expect(subjectAltName.to_s).to eq("URI:http://localhost.altname.example.com,URI:http://other.altname.example.com,DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8")
-
end
-
+
+ it "should parse URIs IPs and DNS names together from a proper OpenSSL extension string" do
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("IP:1.2.3.4", false)
+- subjectAltName.ips.should == ["1.2.3.4"]
++ expect(subjectAltName.ips).to eq(["1.2.3.4"])
+
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("DNS:localhost.altname.example.com,IP:1.2.3.4", false)
+- subjectAltName.dns_names.should == ["localhost.altname.example.com"]
++ expect(subjectAltName.dns_names).to eq(["localhost.altname.example.com"])
+
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4", false)
+- subjectAltName.dns_names.should == ["localhost.altname.example.com", "other.example.com"]
++ expect(subjectAltName.dns_names).to eq(["localhost.altname.example.com", "other.example.com"])
+
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8", false)
+- subjectAltName.ips.should == ["1.2.3.4", "5.6.7.8"]
++ expect(subjectAltName.ips).to eq(["1.2.3.4", "5.6.7.8"])
+
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("URI:http://localhost.altname.example.com,DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8", false)
+- subjectAltName.uris.should == ["http://localhost.altname.example.com"]
++ expect(subjectAltName.uris).to eq(["http://localhost.altname.example.com"])
+
+ subjectAltName = CertificateAuthority::Extensions::SubjectAlternativeName.parse("URI:http://localhost.altname.example.com,URI:http://other.altname.example.com,DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8", false)
+- subjectAltName.uris.should == ["http://localhost.altname.example.com", "http://other.altname.example.com"]
++ expect(subjectAltName.uris).to eq(["http://localhost.altname.example.com", "http://other.altname.example.com"])
+
+ subjectAltName.emails= ["copy", "foo at bar.com"]
+- subjectAltName.to_s.should == "URI:http://localhost.altname.example.com,URI:http://other.altname.example.com,DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8,email:copy,email:foo@bar.com"
++ expect(subjectAltName.to_s).to eq("URI:http://localhost.altname.example.com,URI:http://other.altname.example.com,DNS:localhost.altname.example.com,DNS:other.example.com,IP:1.2.3.4,IP:5.6.7.8,email:copy,email:foo@bar.com")
+ end
+ end
+ end
+diff --git a/spec/units/key_material_spec.rb b/spec/units/key_material_spec.rb
+index 8398f03..68495fd 100644
--- a/spec/units/key_material_spec.rb
+++ b/spec/units/key_material_spec.rb
-@@ -7,12 +7,12 @@ describe CertificateAuthority::KeyMateri
+@@ -7,12 +7,12 @@
end
-
+
it "#{key_material_class} should know if a key is in memory or hardware" do
- @key_material.is_in_hardware?.should_not be_nil
- @key_material.is_in_memory?.should_not be_nil
+ expect(@key_material.is_in_hardware?).not_to be_nil
+ expect(@key_material.is_in_memory?).not_to be_nil
end
-
+
it "should use memory by default" do
- @key_material.is_in_memory?.should be_true
+ expect(@key_material.is_in_memory?).to be_truthy
end
end
+
+@@ -68,30 +68,30 @@
+
+ it "should include a means of reading an RSA keypair" do
+ key = CertificateAuthority::KeyMaterial.from_x509_key_pair(@key_pair)
+- key.public_key.should_not be_nil
+- key.public_key.should be_a(OpenSSL::PKey::RSA)
+- key.private_key.should_not be_nil
+- key.private_key.should be_a(OpenSSL::PKey::RSA)
++ expect(key.public_key).not_to be_nil
++ expect(key.public_key).to be_a(OpenSSL::PKey::RSA)
++ expect(key.private_key).not_to be_nil
++ expect(key.private_key).to be_a(OpenSSL::PKey::RSA)
+ end
+
+ it "should include a means of reading encrypted RSA keypairs" do
+ key = CertificateAuthority::KeyMaterial.from_x509_key_pair(@encrypted_key_pair,"meow")
+- key.public_key.should_not be_nil
+- key.public_key.should be_a(OpenSSL::PKey::RSA)
+- key.private_key.should_not be_nil
+- key.private_key.should be_a(OpenSSL::PKey::RSA)
++ expect(key.public_key).not_to be_nil
++ expect(key.public_key).to be_a(OpenSSL::PKey::RSA)
++ expect(key.private_key).not_to be_nil
++ expect(key.private_key).to be_a(OpenSSL::PKey::RSA)
+ end
+
+ it "should raise an exception if you read an encrypted keypair w/ bad password" do
+- lambda {
++ expect {
+ key = CertificateAuthority::KeyMaterial.from_x509_key_pair(@encrypted_key_pair,"wrong")
+- }.should raise_error
++ }.to raise_error
+ end
+
+ it "should include a means of reading a public-only PEM formatted key" do
+ key = CertificateAuthority::KeyMaterial.from_x509_public_key(@public_key)
+- key.public_key.should_not be_nil
+- key.public_key.should be_a(OpenSSL::PKey::RSA)
++ expect(key.public_key).not_to be_nil
++ expect(key.public_key).to be_a(OpenSSL::PKey::RSA)
+ end
+ end
end
-@@ -23,15 +23,15 @@ describe CertificateAuthority::MemoryKey
+@@ -102,15 +102,15 @@
end
-
+
it "should be able to generate an RSA key" do
-- @key_material.generate_key(1024).should_not be_nil
-+ expect(@key_material.generate_key(1024)).not_to be_nil
+- @key_material.generate_key(768).should_not be_nil
++ expect(@key_material.generate_key(768)).not_to be_nil
end
-
+
it "should generate a proper OpenSSL::PKey::RSA" do
-- @key_material.generate_key(1024).class.should == OpenSSL::PKey::RSA
-+ expect(@key_material.generate_key(1024).class).to eq(OpenSSL::PKey::RSA)
+- @key_material.generate_key(768).class.should == OpenSSL::PKey::RSA
++ expect(@key_material.generate_key(768).class).to eq(OpenSSL::PKey::RSA)
end
-
+
it "should be able to specify the size of the modulus to generate" do
-- @key_material.generate_key(1024).should_not be_nil
-+ expect(@key_material.generate_key(1024)).not_to be_nil
+- @key_material.generate_key(768).should_not be_nil
++ expect(@key_material.generate_key(768)).not_to be_nil
end
-
+
describe "with generated key" do
-@@ -41,24 +41,24 @@ describe CertificateAuthority::MemoryKey
+@@ -120,24 +120,24 @@
end
-
+
it "should be able to retrieve the private key" do
- @key_material_in_memory.private_key.should_not be_nil
+ expect(@key_material_in_memory.private_key).not_to be_nil
end
-
+
it "should be able to retrieve the public key" do
- @key_material_in_memory.public_key.should_not be_nil
+ expect(@key_material_in_memory.public_key).not_to be_nil
end
end
-
+
it "should not validate without public and private keys" do
- @key_material.valid?.should be_false
+ expect(@key_material.valid?).to be_falsey
- @key_material.generate_key(1024)
+ @key_material.generate_key(768)
- @key_material.valid?.should be_true
+ expect(@key_material.valid?).to be_truthy
pub = @key_material.public_key
@@ -649,25 +982,25 @@ Last-Update: 2016-03-02
+ expect(@key_material.valid?).to be_falsey
end
end
-
-@@ -81,20 +81,20 @@ CSR
+
+@@ -160,20 +160,20 @@
end
-
+
it "should generate from a CSR" do
- @key_material.should_not be_nil
+ expect(@key_material).not_to be_nil
end
-
+
it "should be able to expose a public key" do
- @key_material.public_key.should_not be_nil
+ expect(@key_material.public_key).not_to be_nil
end
-
+
it "should not have a private key" do
- @key_material.private_key.should be_nil
+ expect(@key_material.private_key).to be_nil
end
-
+
it "should raise when signature does not verify" do
invalid = @request
invalid.public_key = OpenSSL::PKey::RSA.new 512
@@ -675,38 +1008,107 @@ Last-Update: 2016-03-02
+ expect { CertificateAuthority::SigningRequestKeyMaterial.new invalid }.to raise_error
end
end
+diff --git a/spec/units/ocsp_handler_spec.rb b/spec/units/ocsp_handler_spec.rb
+index fd6663d..b3465c3 100644
--- a/spec/units/ocsp_handler_spec.rb
+++ b/spec/units/ocsp_handler_spec.rb
-@@ -29,18 +29,18 @@ describe CertificateAuthority::OCSPHandl
-
+@@ -26,11 +26,11 @@
+ end
+
+ it "should read in the DER encoded body" do
+- @ocsp_request_reader.should_not be_nil
++ expect(@ocsp_request_reader).not_to be_nil
+ end
+
+ it "should read out certificate serial numbers" do
+- @ocsp_request_reader.serial_numbers.should == [2]
++ expect(@ocsp_request_reader.serial_numbers).to eq([2])
+ end
+ end
+
+@@ -64,13 +64,13 @@
+ end
+
+ it "should build from a OCSPRequestReader" do
+- @response_builder.should_not be_nil
+- @response_builder.should be_a(CertificateAuthority::OCSPResponseBuilder)
++ expect(@response_builder).not_to be_nil
++ expect(@response_builder).to be_a(CertificateAuthority::OCSPResponseBuilder)
+ end
+
+ it "should build a response" do
+ response = @response_builder.build_response
+- response.should be_a(OpenSSL::OCSP::Response)
++ expect(response).to be_a(OpenSSL::OCSP::Response)
+ end
+
+ it "should verify against the root" do
+@@ -78,7 +78,7 @@
+ root_cert = OpenSSL::X509::Certificate.new(@root_certificate.to_pem)
+ store = OpenSSL::X509::Store.new
+ store.add_cert(root_cert)
+- response.basic.verify([root_cert],store).should be_true
++ expect(response.basic.verify([root_cert],store)).to be_truthy
+ end
+
+ it "should have a configurable nextUpdate" do
+@@ -87,7 +87,7 @@
+ response = @response_builder.build_response
+ response.basic.status.each do |status|
+ ## 3 seconds of wabble is OK
+- status[5].should be_within(3).of(status[4] + time)
++ expect(status[5]).to be_within(3).of(status[4] + time)
+ end
+ end
+
+@@ -95,7 +95,7 @@
+ it "should support an everything's OK default (though somewhat useless)" do
+ response = @response_builder.build_response
+ response.basic.status.each do |status|
+- status[1].should == OpenSSL::OCSP::V_CERTSTATUS_GOOD
++ expect(status[1]).to eq(OpenSSL::OCSP::V_CERTSTATUS_GOOD)
+ end
+ end
+
+@@ -107,7 +107,7 @@
+ response = @response_builder.build_response
+
+ response.basic.status.each do |status|
+- status[1].should == OpenSSL::OCSP::V_CERTSTATUS_REVOKED
++ expect(status[1]).to eq(OpenSSL::OCSP::V_CERTSTATUS_REVOKED)
+ end
+ end
+ end
+@@ -144,18 +144,18 @@
+
it "should be able to accept an OCSP Request" do
@ocsp_handler.ocsp_request = @ocsp_request
- @ocsp_handler.ocsp_request.should_not be_nil
+ expect(@ocsp_handler.ocsp_request).not_to be_nil
end
-
+
it "should raise an error if you try and extract certificates without a raw request" do
@ocsp_handler.extract_certificate_serials
@ocsp_handler.ocsp_request = nil
- lambda {@ocsp_handler.extract_certificate_serials}.should raise_error
+ expect {@ocsp_handler.extract_certificate_serials}.to raise_error
end
-
+
it "should return a hash of extracted certificates from OCSP requests" do
result = @ocsp_handler.extract_certificate_serials
- result.size.should == 1
+ expect(result.size).to eq(1)
end
-
+
it "should be able to generate an OCSP response" do
-@@ -52,28 +52,28 @@ describe CertificateAuthority::OCSPHandl
-
+@@ -167,28 +167,28 @@
+
it "should require a 'parent' entity for signing" do
@ocsp_handler.parent = @root_certificate
- @ocsp_handler.parent.should_not be_nil
+ expect(@ocsp_handler.parent).not_to be_nil
end
-
+
it "should raise an error if you ask for the signed OCSP response without generating it" do
@ocsp_handler.extract_certificate_serials
@ocsp_handler << @certificate
@@ -717,38 +1119,38 @@ Last-Update: 2016-03-02
- @ocsp_handler.to_der.should_not be_nil
+ expect(@ocsp_handler.to_der).not_to be_nil
end
-
+
it "should raise an error if you generate a response without adding all certificates in request" do
@ocsp_handler.extract_certificate_serials
@ocsp_handler.parent = @root_certificate
- lambda { @ocsp_handler.response }.should raise_error
+ expect { @ocsp_handler.response }.to raise_error
end
-
+
it "should raise an error if you generate a response without adding a parent signing entity" do
@ocsp_handler.extract_certificate_serials
@ocsp_handler << @certificate
- lambda { @ocsp_handler.response }.should raise_error
+ expect { @ocsp_handler.response }.to raise_error
end
-
+
describe "Response" do
-@@ -87,18 +87,18 @@ describe CertificateAuthority::OCSPHandl
+@@ -202,18 +202,18 @@
end
-
+
it "should have a correct status/status string" do
- @openssl_ocsp_response.status_string.should == "successful"
- @openssl_ocsp_response.status.should == 0
+ expect(@openssl_ocsp_response.status_string).to eq("successful")
+ expect(@openssl_ocsp_response.status).to eq(0)
end
-
+
it "should have an embedded BasicResponse with certificate statuses" do
# [#<OpenSSL::OCSP::CertificateId:0x000001020ecad8>, 0, 1, nil, 2011-04-15 23:29:47 UTC, 2011-04-15 23:30:17 UTC, []]
- @openssl_ocsp_response.basic.status.first[1].should == 0 # Everything is OK
+ expect(@openssl_ocsp_response.basic.status.first[1]).to eq(0) # Everything is OK
end
-
+
it "should have a next_update time" do
- @openssl_ocsp_response.basic.status.first[5].should_not be_nil
- @openssl_ocsp_response.basic.status.first[5].class.should == Time
@@ -757,53 +1159,55 @@ Last-Update: 2016-03-02
end
end
end
+diff --git a/spec/units/pkcs11_key_material_spec.rb b/spec/units/pkcs11_key_material_spec.rb
+index 962f943..d4f4e1f 100644
--- a/spec/units/pkcs11_key_material_spec.rb
+++ b/spec/units/pkcs11_key_material_spec.rb
-@@ -11,31 +11,31 @@ describe CertificateAuthority::Pkcs11Key
+@@ -11,31 +11,31 @@
end
-
+
it "should identify as being in hardware", :pkcs11 => true do
- @key_material_in_hardware.is_in_hardware?.should be_true
+ expect(@key_material_in_hardware.is_in_hardware?).to be_truthy
end
-
-- it "should return a Pkey ref if the private key is requested", :pkcs11 => true do
+
+ it "should return a Pkey ref if the private key is requested", :pkcs11 => true do
- @key_material_in_hardware.private_key.class.should == OpenSSL::PKey::RSA
-+ xit "should return a Pkey ref if the private key is requested", :pkcs11 => true do
+ expect(@key_material_in_hardware.private_key.class).to eq(OpenSSL::PKey::RSA)
end
-
-- it "should return a Pkey ref if the public key is requested", :pkcs11 => true do
+
+ it "should return a Pkey ref if the public key is requested", :pkcs11 => true do
- @key_material_in_hardware.public_key.class.should == OpenSSL::PKey::RSA
-+ xit "should return a Pkey ref if the public key is requested", :pkcs11 => true do
+ expect(@key_material_in_hardware.public_key.class).to eq(OpenSSL::PKey::RSA)
end
-
+
it "should accept an ID for on-token objects", :pkcs11 => true do
- @key_material_in_hardware.respond_to?(:token_id).should be_true
+ expect(@key_material_in_hardware.respond_to?(:token_id)).to be_truthy
end
-
+
it "should accept a path to a shared library for a PKCS11 driver", :pkcs11 => true do
- @key_material_in_hardware.respond_to?(:pkcs11_lib).should be_true
+ expect(@key_material_in_hardware.respond_to?(:pkcs11_lib)).to be_truthy
end
-
+
it "should accept a path to OpenSSL's dynamic PKCS11 engine (provided by libengine-pkcs11-openssl)", :pkcs11 => true do
- @key_material_in_hardware.respond_to?(:openssl_pkcs11_engine_lib).should be_true
+ expect(@key_material_in_hardware.respond_to?(:openssl_pkcs11_engine_lib)).to be_truthy
end
-
+
it "should accept an optional PIN to authenticate to the token", :pkcs11 => true do
- @key_material_in_hardware.respond_to?(:pin).should be_true
+ expect(@key_material_in_hardware.respond_to?(:pin)).to be_truthy
end
-
+
end
+diff --git a/spec/units/serial_number_spec.rb b/spec/units/serial_number_spec.rb
+index 93494ed..57a491c 100644
--- a/spec/units/serial_number_spec.rb
+++ b/spec/units/serial_number_spec.rb
-@@ -7,14 +7,14 @@ describe CertificateAuthority::SerialNum
-
+@@ -7,14 +7,14 @@
+
it "should support basic integer serial numbers", :rfc3280 => true do
@serial_number.number = 25
- @serial_number.should be_valid
@@ -812,11 +1216,147 @@ Last-Update: 2016-03-02
- @serial_number.should_not be_valid
+ expect(@serial_number).not_to be_valid
end
-
+
it "should not allow negative serial numbers", :rfc3280 => true do
@serial_number.number = -5
- @serial_number.should_not be_valid
+ expect(@serial_number).not_to be_valid
end
-
+
end
+diff --git a/spec/units/signing_request_spec.rb b/spec/units/signing_request_spec.rb
+index 4b770c7..8a5e965 100644
+--- a/spec/units/signing_request_spec.rb
++++ b/spec/units/signing_request_spec.rb
+@@ -25,8 +25,8 @@
+
+ it "should generate from a PEM CSR" do
+ csr = CertificateAuthority::SigningRequest.from_x509_csr(@pem_csr)
+- csr.should_not be_nil
+- csr.should be_a(CertificateAuthority::SigningRequest)
++ expect(csr).not_to be_nil
++ expect(csr).to be_a(CertificateAuthority::SigningRequest)
+ end
+
+ it "should generate a proper DN from the CSR" do
+@@ -37,18 +37,18 @@
+ expected_dn.common_name = "www.chrischandler.name"
+ expected_dn.locality = "San Francisco"
+ expected_dn.state = "California"
+- csr.distinguished_name.should == expected_dn
++ expect(csr.distinguished_name).to eq(expected_dn)
+ end
+
+ it "should expose the underlying OpenSSL CSR" do
+ csr = CertificateAuthority::SigningRequest.from_x509_csr(@pem_csr)
+- csr.openssl_csr.should be_a(OpenSSL::X509::Request)
++ expect(csr.openssl_csr).to be_a(OpenSSL::X509::Request)
+ end
+
+ it "should expose the PEM encoded original CSR" do
+ csr = CertificateAuthority::SigningRequest.from_x509_csr(@pem_csr)
+- csr.raw_body.should == @pem_csr
+- csr.raw_body.should be_a(String)
++ expect(csr.raw_body).to eq(@pem_csr)
++ expect(csr.raw_body).to be_a(String)
+ end
+
+ describe "transforming to a certificate" do
+@@ -59,8 +59,8 @@
+
+ it "should allow transformation to a certificate" do
+ cert = @csr.to_cert
+- cert.should_not be_nil
+- cert.should be_a(CertificateAuthority::Certificate)
++ expect(cert).not_to be_nil
++ expect(cert).to be_a(CertificateAuthority::Certificate)
+ end
+
+ it "should be signable w/ a serial number" do
+@@ -73,10 +73,10 @@
+ @cert.serial_number.number = 5
+ @cert.parent = root
+ result_cert = @cert.sign!
+- result_cert.should be_a(OpenSSL::X509::Certificate)
++ expect(result_cert).to be_a(OpenSSL::X509::Certificate)
+ ## Verify the subjects and public key match
+- @csr.distinguished_name.to_x509_name.should == result_cert.subject
+- @csr.key_material.public_key.to_pem.should == result_cert.public_key.to_pem
++ expect(@csr.distinguished_name.to_x509_name).to eq(result_cert.subject)
++ expect(@csr.key_material.public_key.to_pem).to eq(result_cert.public_key.to_pem)
+ end
+ end
+
+@@ -89,7 +89,7 @@
+
+ it "should process a netscape SPKAC" do
+ @csr = CertificateAuthority::SigningRequest.from_netscape_spkac(@spkac)
+- @csr.should be_a(CertificateAuthority::SigningRequest)
++ expect(@csr).to be_a(CertificateAuthority::SigningRequest)
+ end
+ end
+
+@@ -134,12 +134,12 @@
+ YK3KbQ==
+ -----END CERTIFICATE REQUEST-----
+ EOF
+- @csr.to_pem.should == expected
++ expect(@csr.to_pem).to eq(expected)
+ end
+
+ it "should generate a signed CSR" do
+ @csr.digest = "SHA256"
+- @csr.to_x509_csr.signature_algorithm.should == "sha256WithRSAEncryption"
++ expect(@csr.to_x509_csr.signature_algorithm).to eq("sha256WithRSAEncryption")
+ end
+
+ it "should generate a CSR w/ a subjectAlternativeName extension" do
+diff --git a/spec/units/working_with_openssl_spec.rb b/spec/units/working_with_openssl_spec.rb
+index 3af4fbf..577c4ed 100644
+--- a/spec/units/working_with_openssl_spec.rb
++++ b/spec/units/working_with_openssl_spec.rb
+@@ -4,15 +4,15 @@
+
+ shared_examples_for "an ossl issuer and its signed cert" do
+ it "should issue a certificate verified by the issuer" do
+- @signed.verify(@issuer.public_key ).should be_true
++ expect(@signed.verify(@issuer.public_key )).to be_truthy
+ end
+
+ it "should issue a certificate with a matching issuer subject string" do
+- @signed.issuer.to_s.should == @issuer.subject.to_s
++ expect(@signed.issuer.to_s).to eq(@issuer.subject.to_s)
+ end
+
+ it "should issue a certificate with a matching issuer subject openssl name" do
+- @signed.issuer.should == @issuer.subject
++ expect(@signed.issuer).to eq(@issuer.subject)
+ end
+
+ end
+@@ -78,21 +78,21 @@
+ end
+
+ it "should match the original ca's distinguished name" do
+- @our_ca.distinguished_name.to_x509_name.should == @ca.subject
++ expect(@our_ca.distinguished_name.to_x509_name).to eq(@ca.subject)
+ end
+
+ it "should match the original openssl ca" do
+ back = OpenSSL::X509::Certificate.new(@our_ca.to_pem)
+- back.subject.should == @ca.subject
++ expect(back.subject).to eq(@ca.subject)
+ end
+
+ it "should match the original cert's distinguished name" do
+- @our_cert.distinguished_name.to_x509_name.should == @cert.subject
++ expect(@our_cert.distinguished_name.to_x509_name).to eq(@cert.subject)
+ end
+
+ it "should match the original openssl cert" do
+ back = OpenSSL::X509::Certificate.new(@our_cert.to_pem)
+- back.subject.should == @cert.subject
++ expect(back.subject).to eq(@cert.subject)
+ end
+
+ it_should_behave_like "an ossl issuer and its signed cert"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-certificate-authority.git
More information about the Pkg-ruby-extras-commits
mailing list