require 'spec_helper' require 'pathname' require 'r509/io_helpers' module TestFixtures extend R509::IOHelpers FIXTURES_PATH = Pathname.new(__FILE__).dirname + "fixtures" def self.read_fixture(filename) read_data((FIXTURES_PATH + filename).to_s) end #Trustwave cert for langui.sh CERT = read_fixture('cert1.pem') #Trustwave root cert STCA_CERT = read_fixture('stca.pem') CERT_PUBLIC_KEY_MODULUS = read_fixture('cert1_public_key_modulus.txt') # cert without key usage CERT4 = read_fixture('cert4.pem') # cert with multiple EKU CERT5 = read_fixture('cert5.pem') # cert with DSA public key CERT6 = read_fixture('cert6.pem') CERT_EXPIRED = read_fixture("cert_expired.pem") CERT_NOT_YET_VALID = read_fixture("cert_not_yet_valid.pem") DSA_KEY = read_fixture('dsa_key.pem') # this CSR has unknown OIDs, which we should successfully parse out into Subject CSR_UNKNOWN_OID = read_fixture('unknown_oid.csr') #san cert from self-signed CA for langui.sh CERT_SAN = read_fixture('cert_san.pem') #Another san cert for langui.sh, but differentiating between the CN and # SANs. CERT_SAN2 = read_fixture('cert_san2.pem') CERT_DER = read_fixture('cert1.der') SPKI = read_fixture('spkac.txt') SPKI_DER = read_fixture('spkac.der') SPKI_DSA = read_fixture('spkac_dsa.txt') CSR = read_fixture('csr1.pem') CSR_PUBLIC_KEY_MODULUS = read_fixture('csr1_public_key_modulus.txt') CSR_INVALID_SIGNATURE = read_fixture('csr_invalid_signature.pem') CSR_DER = read_fixture('csr1.der') CSR_NEWLINES = read_fixture('csr1_newlines.pem') CSR_NO_BEGIN_END = read_fixture('csr1_no_begin_end.pem') CSR_DSA = read_fixture('csr_dsa.pem') KEY_CSR = read_fixture('csr1_key.pem') KEY_CSR_DER = read_fixture('csr1_key.der') KEY_CSR_ENCRYPTED = read_fixture('csr1_key_encrypted_des3.pem') CSR2 = read_fixture('csr2.pem') KEY_CSR2 = read_fixture('csr2_key.pem') CSR3 = read_fixture('csr3.pem') CERT3 = read_fixture('cert3.pem') KEY3 = read_fixture('cert3_key.pem') KEY3_ENCRYPTED = read_fixture('cert3_key_des3.pem') CERT3_P12 = read_fixture('cert3.p12') CSR4_MULTIPLE_ATTRS = read_fixture('csr4.pem') KEY4_ENCRYPTED_DES3 = read_fixture('key4_encrypted_des3.pem') KEY4 = read_fixture('key4.pem') TEST_CA_CERT = read_fixture('test_ca.cer') TEST_CA_KEY = read_fixture('test_ca.key') TEST_CA_OCSP_CERT = read_fixture('test_ca_ocsp.cer') TEST_CA_OCSP_KEY = read_fixture('test_ca_ocsp.key') TEST_CA_SUBROOT_CERT = read_fixture('test_ca_subroot.cer') TEST_CA_SUBROOT_KEY = read_fixture('test_ca_subroot.key') #this chain contains 2 certs. root and OCSP delegate #in a prod environment you'd really only need the delegate #since the root would be present in the root store of the #client, but I wanted to test > 1 TEST_CA_OCSP_CHAIN = read_fixture('test_ca_ocsp_chain.txt') TEST_CA_OCSP_RESPONSE = read_fixture('test_ca_ocsp_response.der') TEST_CA_SUBROOT_OCSP_RESPONSE = read_fixture('test_ca_subroot_ocsp_response.der') SECOND_CA_CERT = read_fixture('second_ca.cer') SECOND_CA_KEY = read_fixture('second_ca.key') OCSP_TEST_CERT = read_fixture('ocsptest.r509.local.pem') OCSP_TEST_CERT2 = read_fixture('ocsptest2.r509.local.pem') STCA_OCSP_REQUEST = read_fixture('stca_ocsp_request.der') STCA_OCSP_RESPONSE = read_fixture('stca_ocsp_response.der') CRL_LIST_FILE = (FIXTURES_PATH+'crl_list_file.txt').to_s CRL_REASON = read_fixture("crl_with_reason.pem") def self.test_ca_cert R509::Cert.new(:cert => TEST_CA_CERT, :key => TEST_CA_KEY) end def self.test_ca_subroot_cert R509::Cert.new(:cert => TEST_CA_SUBROOT_CERT, :key => TEST_CA_SUBROOT_KEY) end def self.test_ca_server_profile R509::Config::CaProfile.new( :basic_constraints => "CA:FALSE", :key_usage => ["digitalSignature","keyEncipherment"], :extended_key_usage => ["serverAuth"], :certificate_policies => [ [ "policyIdentifier=2.16.840.1.12345.1.2.3.4.1", "CPS.1=http://example.com/cps" ] ] ) end def self.test_ca_server_profile_with_subject_item_policy subject_item_policy = R509::Config::SubjectItemPolicy.new( "CN" => "required", "O" => "optional", "ST" => "required", "C" => "required", "OU" => "optional" ) R509::Config::CaProfile.new( :basic_constraints => "CA:FALSE", :key_usage => ["digitalSignature","keyEncipherment"], :extended_key_usage => ["serverAuth"], :certificate_policies => [ [ "policyIdentifier=2.16.840.1.12345.1.2.3.4.1", "CPS.1=http://example.com/cps" ] ], :subject_item_policy => subject_item_policy ) end def self.test_ca_subroot_profile R509::Config::CaProfile.new( :basic_constraints => "CA:TRUE,pathlen:0", :key_usage => ["keyCertSign","cRLSign"], :extended_key_usage => [], :certificate_policies => nil) end def self.test_ca_ocspsigner_profile R509::Config::CaProfile.new( :basic_constraints => "CA:FALSE", :key_usage => ["digitalSignature"], :extended_key_usage => ["OCSPSigning"], :certificate_policies => nil) end # @return [R509::Config::CaConfig] def self.test_ca_config crl_list_sio = StringIO.new crl_list_sio.set_encoding("BINARY") if crl_list_sio.respond_to?(:set_encoding) crl_number_sio = StringIO.new crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding) opts = { :ca_cert => test_ca_cert(), :cdp_location => 'URI:http://crl.domain.com/test_ca.crl', :ocsp_location => 'URI:http://ocsp.domain.com', :ocsp_start_skew_seconds => 3600, :ocsp_validity_hours => 48, :crl_list_file => crl_list_sio, :crl_number_file => crl_number_sio } ret = R509::Config::CaConfig.new(opts) ret.set_profile("server", self.test_ca_server_profile) ret.set_profile("subroot", self.test_ca_subroot_profile) ret.set_profile("ocspsigner", self.test_ca_ocspsigner_profile) ret.set_profile("server_with_subject_item_policy", self.test_ca_server_profile_with_subject_item_policy) ret end # @return [R509::Config::CaConfig] def self.test_ca_no_profile_config crl_list_sio = StringIO.new crl_list_sio.set_encoding("BINARY") if crl_list_sio.respond_to?(:set_encoding) crl_number_sio = StringIO.new crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding) opts = { :ca_cert => test_ca_cert(), :cdp_location => 'URI:http://crl.domain.com/test_ca.crl', :ocsp_location => 'URI:http://ocsp.domain.com', :ocsp_start_skew_seconds => 3600, :ocsp_validity_hours => 48, :crl_list_file => crl_list_sio, :crl_number_file => crl_number_sio } R509::Config::CaConfig.new(opts) end end