100% code coverage.

lib/localhost/authority.rb

@@ -42,7 +42,7 @@ def self.path(env = ENV, old_root: nil)
 
 		# List all certificate authorities in the given directory:
 		def self.list(root = self.path)
-			return to_enum(:list) unless block_given?
+			return to_enum(:list, root) unless block_given?
 
 			Dir.glob("*.crt", base: root) do |path|
 				name = File.basename(path, ".crt")
@@ -85,10 +85,6 @@ def initialize(hostname = "localhost", root: self.class.path)
 
 		BITS = 1024*2
 
-		def ecdh_key
-			@ecdh_key ||= OpenSSL::PKey::EC.new "prime256v1"
-		end
-
 		def dh_key
 			@dh_key ||= OpenSSL::PKey::DH.new(BITS)
 		end
@@ -176,8 +172,6 @@ def server_context(*arguments)
 
 				if context.respond_to? :ecdh_curves=
 					context.ecdh_curves = 'P-256:P-384:P-521'
-				elsif context.respond_to? :tmp_ecdh_callback=
-					context.tmp_ecdh_callback = proc {self.ecdh_key}
 				end
 
 				context.set_params(

test/localhost/authority.rb

@@ -21,14 +21,25 @@ def around
 		Dir.mktmpdir do |path|
 			@root = path
 
-			yield
+			super
 		ensure
 			@root = nil
 		end
 	end
 
 	let(:authority) {subject.new("localhost", root: @root)}
 
+	it "have correct key and certificate path" do
+		authority.save
+
+		expect(File).to be(:exist?, authority.certificate_path)
+		expect(File).to be(:exist?, authority.key_path)
+
+		expect(File).to be(:exist?, File.expand_path("localhost.lock", @root))
+		expect(File).to be(:exist?, File.expand_path("localhost.crt", @root))
+		expect(File).to be(:exist?, File.expand_path("localhost.key", @root))
+	end
+
 	with ".path" do
 		it "uses XDG_STATE_HOME" do
 			env = {'XDG_STATE_HOME' => @root}
@@ -64,15 +75,36 @@ def around
 		end
 	end
 
-	it "have correct key and certificate path" do
-		authority.save
+	with "#dh_key" do
+		it "is a DH key" do
+			expect(authority.dh_key).to be_a OpenSSL::PKey::DH
+		end
+	end
+
+	with '#name' do
+		it "can get name" do
+			expect(authority.name.to_s).to be == "/O=Development/CN=localhost"
+		end
 
-		expect(File).to be(:exist?, authority.certificate_path)
-		expect(File).to be(:exist?, authority.key_path)
+		it "can set name" do
+			authority.name = OpenSSL::X509::Name.parse("/CN=example.localhost")
+			expect(authority.name.to_s).to be == "/CN=example.localhost"
+		end
+	end
+
+	with '#key' do
+		it "is an RSA key" do
+			expect(authority.key).to be_a OpenSSL::PKey::RSA
+		end
 
-		expect(File).to be(:exist?, File.expand_path("localhost.lock", @root))
-		expect(File).to be(:exist?, File.expand_path("localhost.crt", @root))
-		expect(File).to be(:exist?, File.expand_path("localhost.key", @root))
+		it "can set key" do
+			# Avoid generating a key, it's slow...
+			# key = OpenSSL::PKey::RSA.new(1024)
+			key = authority.key
+
+			authority.key = key
+			expect(authority.key).to be_equal(key)
+		end
 	end
 
 	with '#store' do
@@ -86,4 +118,47 @@ def around
 			expect(authority.server_context).to be_a OpenSSL::SSL::SSLContext
 		end
 	end
+
+	with '.list' do
+		def before
+			super
+
+			authority.save
+		end
+
+		it "can list all authorities" do
+			authorities = Localhost::Authority.list(@root).to_a
+
+			expect(authorities.size).to be == 1
+			expect(authorities.first).to be_a Localhost::Authority
+			expect(authorities.first).to have_attributes(
+				hostname: be == "localhost",
+			)
+		end
+	end
+
+	with '.fetch' do
+		def before
+			super
+
+			authority.save
+		end
+
+		it "can fetch existing authority" do
+			fetched_authority = Localhost::Authority.fetch("localhost", root: @root)
+			expect(fetched_authority).to have_attributes(
+				hostname: be == "localhost",
+			)
+		end
+
+		it "can create new authority" do
+			fetched_authority = Localhost::Authority.fetch("example.com", root: @root)
+			expect(fetched_authority).to have_attributes(
+				hostname: be == "example.com",
+			)
+
+			expect(File).to be(:exist?, fetched_authority.certificate_path)
+			expect(File).to be(:exist?, fetched_authority.key_path)
+		end
+	end
 end

test/localhost/protocol.rb

@@ -27,6 +27,7 @@
 end
 
 describe Localhost::Authority do
+	# We test the actual authority:
 	let(:authority) {subject.new}
 
 	include Sus::Fixtures::Async::HTTP::ServerContext