lib/async/rspec/ssl.rb in async-rspec-1.3.1 vs lib/async/rspec/ssl.rb in async-rspec-1.4.0

@@ -32,10 +32,13 @@
 			module InvalidCertificate
 			end
 			
 			module VerifiedContexts
 			end
+			
+			module HostCertificates
+			end
 		end
 		
 		RSpec.shared_context SSL::CertificateAuthority do
 			# This key size is generally considered insecure, but it's fine for testing.
 			let(:certificate_authority_key) {OpenSSL::PKey::RSA.new(1024)}
@@ -55,11 +58,11 @@
 				certificate.version = 2
 				
 				certificate.not_before = Time.now
 				certificate.not_after = Time.now + 3600
 				
-				extension_factory = OpenSSL::X509::ExtensionFactory.new()
+				extension_factory = OpenSSL::X509::ExtensionFactory.new
 				extension_factory.subject_certificate = certificate
 				extension_factory.issuer_certificate = certificate
 				certificate.add_extension extension_factory.create_extension("basicConstraints", "CA:TRUE", true)
 				certificate.add_extension extension_factory.create_extension("keyUsage", "keyCertSign, cRLSign", true)
 				certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
@@ -102,9 +105,72 @@
 				extension_factory.issuer_certificate = certificate_authority
 				certificate.add_extension extension_factory.create_extension("keyUsage", "digitalSignature", true)
 				certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
 				
 				certificate.sign certificate_authority_key, OpenSSL::Digest::SHA256.new
+			end
+		end
+		
+		RSpec.shared_context SSL::HostCertificates do
+			include_context SSL::CertificateAuthority
+			
+			let(:keys) do
+				Hash[
+					hosts.collect{|name| [name, OpenSSL::PKey::RSA.new(1024)]}
+				]
+			end
+			
+			# The certificate used for actual communication:
+			let(:certificates) do
+				Hash[
+					hosts.collect do |name|
+						certificate_name = OpenSSL::X509::Name.parse("O=Test/CN=#{name}")
+						
+						certificate = OpenSSL::X509::Certificate.new
+						certificate.subject = certificate_name
+						certificate.issuer = certificate_authority.subject
+						
+						certificate.public_key = keys[name].public_key
+						
+						certificate.serial = 2
+						certificate.version = 2
+						
+						certificate.not_before = Time.now
+						certificate.not_after = Time.now + 3600
+						
+						extension_factory = OpenSSL::X509::ExtensionFactory.new
+						extension_factory.subject_certificate = certificate
+						extension_factory.issuer_certificate = certificate_authority
+						certificate.add_extension extension_factory.create_extension("keyUsage", "digitalSignature", true)
+						certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
+						
+						certificate.sign certificate_authority_key, OpenSSL::Digest::SHA256.new
+						
+						[name, certificate]
+					end
+				]
+			end
+			
+			let(:server_context) do
+				OpenSSL::SSL::SSLContext.new.tap do |context|
+					context.servername_cb = Proc.new do |socket, name|
+						if hosts.include? name
+							socket.hostname = name
+							
+							OpenSSL::SSL::SSLContext.new.tap do |context|
+								context.cert = certificates[name]
+								context.key = keys[name]
+							end
+						end
+					end
+				end
+			end
+			
+			let(:client_context) do
+				OpenSSL::SSL::SSLContext.new.tap do |context|
+					context.cert_store = certificate_store
+					context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+				end
 			end
 		end
 		
 		RSpec.shared_context SSL::InvalidCertificate do
 			include_context SSL::CertificateAuthority