spec/fixtures.rb in r509-0.9.2 vs spec/fixtures.rb in r509-0.10.0

@@ -67,10 +67,12 @@
 
   CSR_PUBLIC_KEY_MODULUS = read_fixture('csr1_public_key_modulus.txt')
 
   CSR_INVALID_SIGNATURE = read_fixture('csr_invalid_signature.pem')
 
+  SPKI_INVALID_SIGNATURE = "MIIBOjCBpDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnk0rEYEFZS0KaOq1xb4pJbWMuTFbji9a5GDjgw8jDQh3YS5968sXqmTZS9Vm0ctOmicUka0MOfSwlVEzvLLh/5Na7A8dreOrGI3Qck9AsAEfCBWACZ4hTOfm23rBQYsR9FkEhDAVUXZm2JBPZM38c5QVV37NNr2zCD+CIoXhCjMCAwEAARYAMA0GCSqGSIb3DQEBBQUAA4GBAENx9YXoEYTCOkC9SX4qQFmRgCTFhZVB6E+aAW20KIndAchIctegOR4mzCHAgizmvgmboevG9meKOVZJRWLucElIOnXBFV7BORsn9HP8Bhc1ct3wip2Bwp9wFPM8MS7FyA/Csyze8eKh5wedXWTmPqHMcoUz2QP0lSu1iRZGLRps"
+
   CSR_DER = read_fixture('csr1.der')
 
   CSR_NEWLINES = read_fixture('csr1_newlines.pem')
 
   CSR_NO_BEGIN_END = read_fixture('csr1_no_begin_end.pem')
@@ -126,10 +128,13 @@
   TEST_CA_KEY  = read_fixture('test_ca.key')
 
   TEST_CA_OCSP_CERT = read_fixture('test_ca_ocsp.cer')
   TEST_CA_OCSP_KEY  = read_fixture('test_ca_ocsp.key')
 
+  TEST_CA_CRL_CERT = read_fixture('test_ca_crl.cer')
+  TEST_CA_CRL_KEY  = read_fixture('test_ca_crl.key')
+
   TEST_CA_SUBROOT_CERT = read_fixture('test_ca_subroot.cer')
   TEST_CA_SUBROOT_KEY  = read_fixture('test_ca_subroot.key')
 
   #this chain contains 2 certs. root and OCSP delegate
   #in a prod environment you'd really only need the delegate
@@ -159,10 +164,14 @@
 
   def self.test_ca_cert
     R509::Cert.new(:cert => TEST_CA_CERT, :key => TEST_CA_KEY)
   end
 
+  def self.test_ca_crl_delegate
+    R509::Cert.new(:cert => TEST_CA_CRL_CERT, :key => TEST_CA_CRL_KEY)
+  end
+
   def self.test_ca_ec_cert
     R509::Cert.new(:cert => TEST_CA_EC_CERT, :key => TEST_CA_EC_KEY)
   end
 
   def self.test_ca_dsa_cert
@@ -172,59 +181,58 @@
   def self.test_ca_subroot_cert
     R509::Cert.new(:cert => TEST_CA_SUBROOT_CERT, :key => TEST_CA_SUBROOT_KEY)
   end
 
   def self.test_ca_server_profile
-    R509::Config::CAProfile.new(
-        :basic_constraints => {"ca" => false },
-        :key_usage => ["digitalSignature","keyEncipherment"],
-        :extended_key_usage => ["serverAuth"],
-        :certificate_policies => [
-          { "policy_identifier" => "2.16.840.1.12345.1.2.3.4.1",
-  "cps_uris" => ["http://example.com/cps","http://other.com/cps"],
-  "user_notices" => [ {"explicit_text" => "thing", "organization" => "my org", "notice_numbers" => "1,2,3,4"} ]
-          }
-        ]
+    R509::Config::CertProfile.new(
+      :basic_constraints => R509::Cert::Extensions::BasicConstraints.new({:ca => false }),
+      :key_usage => R509::Cert::Extensions::KeyUsage.new(:value => ["digitalSignature","keyEncipherment"]),
+      :extended_key_usage => R509::Cert::Extensions::ExtendedKeyUsage.new(:value => ["serverAuth"]),
+      :certificate_policies => R509::Cert::Extensions::CertificatePolicies.new(:value => [
+          { :policy_identifier => "2.16.840.1.12345.1.2.3.4.1",
+  :cps_uris => ["http://example.com/cps","http://other.com/cps"],
+  :user_notices => [ {:explicit_text => "thing", :organization => "my org", :notice_numbers => [1,2,3,4]} ]
+        }
+      ])
     )
 
   end
 
   def self.test_ca_server_profile_with_subject_item_policy
     subject_item_policy = R509::Config::SubjectItemPolicy.new(
-      "CN" => "required",
-      "O" => "optional",
-      "ST" => "required",
-      "C" => "required",
-      "OU" => "optional"
+      "CN" => { :policy => "required"},
+      "O" => { :policy => "optional"},
+      "ST" => { :policy => "required"},
+      "C" => { :policy => "required"},
+      "OU" => { :policy => "optional"}
     )
-    R509::Config::CAProfile.new(
-      :basic_constraints => {"ca" => false },
-      :key_usage => ["digitalSignature","keyEncipherment"],
-      :extended_key_usage => ["serverAuth"],
-      :certificate_policies => [
-        { "policy_identifier" => "2.16.840.1.12345.1.2.3.4.1",
-"cps_uris" => ["http://example.com/cps","http://other.com/cps"],
-"user_notices" => [ {"explicit_text" => "thing", "organization" => "my org", "notice_numbers" => "1,2,3,4"} ]
+    R509::Config::CertProfile.new(
+      :basic_constraints => R509::Cert::Extensions::BasicConstraints.new({:ca => false }),
+      :key_usage => R509::Cert::Extensions::KeyUsage.new(:value => ["digitalSignature","keyEncipherment"]),
+      :extended_key_usage => R509::Cert::Extensions::ExtendedKeyUsage.new(:value => ["serverAuth"]),
+      :certificate_policies => R509::Cert::Extensions::CertificatePolicies.new(:value => [
+          { :policy_identifier => "2.16.840.1.12345.1.2.3.4.1",
+  :cps_uris => ["http://example.com/cps","http://other.com/cps"],
+  :user_notices => [ {:explicit_text => "thing", :organization => "my org", :notice_numbers => [1,2,3,4]} ]
         }
-      ],
+      ]),
       :subject_item_policy => subject_item_policy
     )
   end
 
   def self.test_ca_subroot_profile
-    R509::Config::CAProfile.new(
-          :basic_constraints => {"ca" => true, "path_length" => 0 },
-          :key_usage => ["keyCertSign","cRLSign"],
-          :extended_key_usage => [],
+    R509::Config::CertProfile.new(
+          :basic_constraints => {:ca => true, :path_length => 0 },
+          :key_usage => {:value => ["keyCertSign","cRLSign"]},
           :certificate_policies => nil)
   end
 
   def self.test_ca_ocspsigner_profile
-    R509::Config::CAProfile.new(
-          :basic_constraints => { "ca" => false },
-          :key_usage => ["digitalSignature"],
-          :extended_key_usage => ["OCSPSigning"],
+    R509::Config::CertProfile.new(
+          :basic_constraints => { :ca => false },
+          :key_usage => {:value => ["digitalSignature"]},
+          :extended_key_usage => {:value => ["OCSPSigning"]},
           :certificate_policies => nil)
   end
 
   # @return [R509::Config::CAConfig]
   def self.test_ca_config
@@ -233,12 +241,10 @@
     crl_number_sio = StringIO.new
     crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
 
     opts = {
       :ca_cert => test_ca_cert(),
-      :cdp_location => ['http://crl.domain.com/test_ca.crl'],
-      :ocsp_location => ['http://ocsp.domain.com'],
       :ocsp_start_skew_seconds => 3600,
       :ocsp_validity_hours => 48,
       :crl_list_file => crl_list_sio,
       :crl_number_file => crl_number_sio
     }
@@ -259,12 +265,10 @@
     crl_number_sio = StringIO.new
     crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
 
     opts = {
       :ca_cert => test_ca_cert(),
-      :cdp_location => ['http://crl.domain.com/test_ca.crl'],
-      :ocsp_location => ['http://ocsp.domain.com'],
       :ocsp_start_skew_seconds => 3600,
       :ocsp_validity_hours => 48,
       :crl_list_file => crl_list_sio,
       :crl_number_file => crl_number_sio
     }
@@ -277,12 +281,10 @@
     crl_number_sio = StringIO.new
     crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
 
     opts = {
       :ca_cert => test_ca_ec_cert(),
-      :cdp_location => ['http://crl.domain.com/test_ca.crl'],
-      :ocsp_location => ['http://ocsp.domain.com'],
       :ocsp_start_skew_seconds => 3600,
       :ocsp_validity_hours => 48,
       :crl_list_file => crl_list_sio,
       :crl_number_file => crl_number_sio
     }
@@ -295,11 +297,9 @@
     crl_number_sio = StringIO.new
     crl_number_sio.set_encoding("BINARY") if crl_number_sio.respond_to?(:set_encoding)
 
     opts = {
       :ca_cert => test_ca_dsa_cert(),
-      :cdp_location => ['http://crl.domain.com/test_ca.crl'],
-      :ocsp_location => ['http://ocsp.domain.com'],
       :ocsp_start_skew_seconds => 3600,
       :ocsp_validity_hours => 48,
       :crl_list_file => crl_list_sio,
       :crl_number_file => crl_number_sio
     }