require 'spec_helper' shared_examples_for "a correct R509 KeyUsage object" do |critical| before :each do extension_name = "keyUsage" klass = R509::Cert::Extensions::KeyUsage ef = OpenSSL::X509::ExtensionFactory.new openssl_ext = ef.create_extension( extension_name, @extension_value, critical ) @r509_ext = klass.new( openssl_ext ) end it "allowed_uses should be non-nil critical:#{critical}" do @r509_ext.allowed_uses.should_not == nil end it "allowed_uses should be correct critical:#{critical}" do @r509_ext.allowed_uses.should == @allowed_uses end it "the individual allowed-use functions should be correct critical:#{critical}" do @r509_ext.digital_signature?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_DIGITAL_SIGNATURE ) @r509_ext.non_repudiation?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_NON_REPUDIATION ) @r509_ext.key_encipherment?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_KEY_ENCIPHERMENT ) @r509_ext.data_encipherment?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_DATA_ENCIPHERMENT ) @r509_ext.key_agreement?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_KEY_AGREEMENT ) @r509_ext.key_cert_sign?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_KEY_CERT_SIGN ) @r509_ext.crl_sign?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_CRL_SIGN ) @r509_ext.encipher_only?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_ENCIPHER_ONLY ) @r509_ext.decipher_only?.should == @allowed_uses.include?( R509::Cert::Extensions::KeyUsage::AU_DECIPHER_ONLY ) end it "the #allows? method should work critical:#{critical}" do @allowed_uses.each do |au| @r509_ext.allows?(au).should == true end end it "reports #critical? properly" do @r509_ext.critical?.should == critical end end describe R509::Cert::Extensions::KeyUsage do context "validate key usage" do it "errors with non-array" do expect { R509::Cert::Extensions::KeyUsage.new( 'not an array' ) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)') end it "errors with nil" do expect { R509::Cert::Extensions::KeyUsage.new(nil) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)') end it "errors with hash with no :value" do expect { R509::Cert::Extensions::KeyUsage.new({}) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)') end it "errors with hash with non-array :value" do expect { R509::Cert::Extensions::KeyUsage.new({:value => "string"}) }.to raise_error(ArgumentError, 'You must pass a hash with a key :value that contains an array of strings (see README)') end end context "KeyUsage" do context "creation & yaml generation" do context "single KU" do before :all do @args = { :value => ['digitalSignature'] } @ku = R509::Cert::Extensions::KeyUsage.new(@args) end it "creates extension" do @ku.allowed_uses.should == ['digitalSignature'] end it "builds yaml" do YAML.load(@ku.to_yaml).should == @args.merge(:critical => false) end end context "multiple KU" do before :all do @args = { :value => ['digitalSignature','keyAgreement'] } @ku = R509::Cert::Extensions::KeyUsage.new(@args) end it "creates extension" do @ku.allowed_uses.should == ['digitalSignature','keyAgreement'] end it "builds_yaml" do YAML.load(@ku.to_yaml).should == @args.merge(:critical => false) end end context "default criticality" do before :all do @args = { :value => ['keyAgreement'] } @ku = R509::Cert::Extensions::KeyUsage.new(@args) end it "creates extension" do @ku.critical?.should be_false end it "builds yaml" do YAML.load(@ku.to_yaml).should == @args.merge(:critical => false) end end context "non-default criticality" do before :all do @args = { :value => ['keyAgreement'], :critical => true } @ku = R509::Cert::Extensions::KeyUsage.new(@args) end it "creates extension" do @ku.critical?.should be_true end it "builds yaml" do YAML.load(@ku.to_yaml).should == @args end end end context "with one allowed use" do before :all do @allowed_uses = [ R509::Cert::Extensions::KeyUsage::AU_DIGITAL_SIGNATURE ] @extension_value = @allowed_uses.join( ", " ) end it_should_behave_like "a correct R509 KeyUsage object", false it_should_behave_like "a correct R509 KeyUsage object", true end context "with some allowed uses" do before :all do # this spec and the one below alternate the uses @allowed_uses = [ R509::Cert::Extensions::KeyUsage::AU_DIGITAL_SIGNATURE, R509::Cert::Extensions::KeyUsage::AU_KEY_ENCIPHERMENT, R509::Cert::Extensions::KeyUsage::AU_KEY_AGREEMENT, R509::Cert::Extensions::KeyUsage::AU_CRL_SIGN, R509::Cert::Extensions::KeyUsage::AU_DECIPHER_ONLY ] @extension_value = @allowed_uses.join( ", " ) end it_should_behave_like "a correct R509 KeyUsage object", false it_should_behave_like "a correct R509 KeyUsage object", true end context "with some different allowed uses" do before :all do @allowed_uses = [ R509::Cert::Extensions::KeyUsage::AU_NON_REPUDIATION, R509::Cert::Extensions::KeyUsage::AU_DATA_ENCIPHERMENT, R509::Cert::Extensions::KeyUsage::AU_KEY_CERT_SIGN, R509::Cert::Extensions::KeyUsage::AU_ENCIPHER_ONLY ] @extension_value = @allowed_uses.join( ", " ) end it_should_behave_like "a correct R509 KeyUsage object", false it_should_behave_like "a correct R509 KeyUsage object", true end context "with all allowed uses" do before :all do @allowed_uses = [ R509::Cert::Extensions::KeyUsage::AU_DIGITAL_SIGNATURE, R509::Cert::Extensions::KeyUsage::AU_NON_REPUDIATION, R509::Cert::Extensions::KeyUsage::AU_KEY_ENCIPHERMENT, R509::Cert::Extensions::KeyUsage::AU_DATA_ENCIPHERMENT, R509::Cert::Extensions::KeyUsage::AU_KEY_AGREEMENT, R509::Cert::Extensions::KeyUsage::AU_KEY_CERT_SIGN, R509::Cert::Extensions::KeyUsage::AU_CRL_SIGN, R509::Cert::Extensions::KeyUsage::AU_ENCIPHER_ONLY, R509::Cert::Extensions::KeyUsage::AU_DECIPHER_ONLY ] @extension_value = @allowed_uses.join( ", " ) end it_should_behave_like "a correct R509 KeyUsage object", false it_should_behave_like "a correct R509 KeyUsage object", true end end end