2010-12-12 23:17:42 -05:00
|
|
|
require_relative "utils"
|
|
|
|
|
2014-12-12 22:05:43 -05:00
|
|
|
if defined?(OpenSSL::TestUtils)
|
2010-12-12 23:17:42 -05:00
|
|
|
|
|
|
|
module OpenSSL
|
2011-06-22 01:48:44 -04:00
|
|
|
class TestPKCS12 < Test::Unit::TestCase
|
2010-12-12 23:17:42 -05:00
|
|
|
include OpenSSL::TestUtils
|
|
|
|
|
|
|
|
def setup
|
2011-07-26 20:31:43 -04:00
|
|
|
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
|
|
|
|
|
|
|
|
now = Time.now
|
|
|
|
ca_exts = [
|
|
|
|
["basicConstraints","CA:TRUE",true],
|
|
|
|
["keyUsage","keyCertSign, cRLSign",true],
|
|
|
|
["subjectKeyIdentifier","hash",false],
|
|
|
|
["authorityKeyIdentifier","keyid:always",false],
|
|
|
|
]
|
2012-08-21 00:50:18 -04:00
|
|
|
|
2011-07-26 20:31:43 -04:00
|
|
|
@cacert = issue_cert(ca, TEST_KEY_RSA2048, 1, now, now+3600, ca_exts,
|
|
|
|
nil, nil, OpenSSL::Digest::SHA1.new)
|
|
|
|
|
|
|
|
inter_ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Intermediate CA")
|
|
|
|
inter_ca_key = OpenSSL::PKey.read <<-_EOS_
|
|
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
|
|
MIICXAIBAAKBgQDp7hIG0SFMG/VWv1dBUWziAPrNmkMXJgTCAoB7jffzRtyyN04K
|
|
|
|
oq/89HAszTMStZoMigQURfokzKsjpUp8OYCAEsBtt9d5zPndWMz/gHN73GrXk3LT
|
|
|
|
ZsxEn7Xv5Da+Y9F/Hx2QZUHarV5cdZixq2NbzWGwrToogOQMh2pxN3Z/0wIDAQAB
|
|
|
|
AoGBAJysUyx3olpsGzv3OMRJeahASbmsSKTXVLZvoIefxOINosBFpCIhZccAG6UV
|
|
|
|
5c/xCvS89xBw8aD15uUfziw3AuT8QPEtHCgfSjeT7aWzBfYswEgOW4XPuWr7EeI9
|
|
|
|
iNHGD6z+hCN/IQr7FiEBgTp6A+i/hffcSdR83fHWKyb4M7TRAkEA+y4BNd668HmC
|
|
|
|
G5MPRx25n6LixuBxrNp1umfjEI6UZgEFVpYOg4agNuimN6NqM253kcTR94QNTUs5
|
|
|
|
Kj3EhG1YWwJBAO5rUjiOyCNVX2WUQrOMYK/c1lU7fvrkdygXkvIGkhsPoNRzLPeA
|
|
|
|
HGJszKtrKD8bNihWpWNIyqKRHfKVD7yXT+kCQGCAhVCIGTRoypcDghwljHqLnysf
|
|
|
|
ci0h5ZdPcIqc7ODfxYhFsJ/Rql5ONgYsT5Ig/+lOQAkjf+TRYM4c2xKx2/8CQBvG
|
|
|
|
jv6dy70qDgIUgqzONtlmHeYyFzn9cdBO5sShdVYHvRHjFSMEXsosqK9zvW2UqvuK
|
|
|
|
FJx7d3f29gkzynCLJDkCQGQZlEZJC4vWmWJGRKJ24P6MyQn3VsPfErSKOg4lvyM3
|
|
|
|
Li8JsX5yIiuVYaBg/6ha3tOg4TCa5K/3r3tVliRZ2Es=
|
|
|
|
-----END RSA PRIVATE KEY-----
|
|
|
|
_EOS_
|
|
|
|
|
|
|
|
@inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, now, now+3600, ca_exts,
|
2013-04-01 22:02:33 -04:00
|
|
|
@cacert, TEST_KEY_RSA2048, OpenSSL::Digest::SHA1.new)
|
2011-07-26 20:31:43 -04:00
|
|
|
|
|
|
|
exts = [
|
|
|
|
["keyUsage","digitalSignature",true],
|
|
|
|
["subjectKeyIdentifier","hash",false],
|
|
|
|
]
|
|
|
|
ee = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby PKCS12 Test Certificate")
|
|
|
|
@mycert = issue_cert(ee, TEST_KEY_RSA1024, 3, now, now+3600, exts,
|
|
|
|
@inter_cacert, inter_ca_key, OpenSSL::Digest::SHA1.new)
|
2010-12-12 23:17:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_create
|
|
|
|
pkcs12 = OpenSSL::PKCS12.create(
|
|
|
|
"omg",
|
|
|
|
"hello",
|
2011-07-26 20:31:43 -04:00
|
|
|
TEST_KEY_RSA1024,
|
2010-12-12 23:17:42 -05:00
|
|
|
@mycert
|
|
|
|
)
|
|
|
|
assert_equal @mycert, pkcs12.certificate
|
2011-07-26 20:31:43 -04:00
|
|
|
assert_equal TEST_KEY_RSA1024, pkcs12.key
|
2010-12-12 23:17:42 -05:00
|
|
|
assert_nil pkcs12.ca_certs
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_create_no_pass
|
|
|
|
pkcs12 = OpenSSL::PKCS12.create(
|
|
|
|
nil,
|
|
|
|
"hello",
|
2011-07-26 20:31:43 -04:00
|
|
|
TEST_KEY_RSA1024,
|
2010-12-12 23:17:42 -05:00
|
|
|
@mycert
|
|
|
|
)
|
|
|
|
assert_equal @mycert, pkcs12.certificate
|
2011-07-26 20:31:43 -04:00
|
|
|
assert_equal TEST_KEY_RSA1024, pkcs12.key
|
2010-12-12 23:17:42 -05:00
|
|
|
assert_nil pkcs12.ca_certs
|
|
|
|
|
|
|
|
decoded = OpenSSL::PKCS12.new(pkcs12.to_der)
|
|
|
|
assert_cert @mycert, decoded.certificate
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_create_with_chain
|
2011-07-26 20:31:43 -04:00
|
|
|
chain = [@inter_cacert, @cacert]
|
2010-12-12 23:17:42 -05:00
|
|
|
|
|
|
|
pkcs12 = OpenSSL::PKCS12.create(
|
|
|
|
"omg",
|
|
|
|
"hello",
|
2011-07-26 20:31:43 -04:00
|
|
|
TEST_KEY_RSA1024,
|
2010-12-12 23:17:42 -05:00
|
|
|
@mycert,
|
|
|
|
chain
|
|
|
|
)
|
|
|
|
assert_equal chain, pkcs12.ca_certs
|
|
|
|
end
|
|
|
|
|
2011-07-26 20:31:43 -04:00
|
|
|
def test_create_with_chain_decode
|
|
|
|
chain = [@cacert, @inter_cacert]
|
|
|
|
|
|
|
|
passwd = "omg"
|
|
|
|
|
|
|
|
pkcs12 = OpenSSL::PKCS12.create(
|
|
|
|
passwd,
|
|
|
|
"hello",
|
|
|
|
TEST_KEY_RSA1024,
|
|
|
|
@mycert,
|
|
|
|
chain
|
|
|
|
)
|
|
|
|
|
|
|
|
decoded = OpenSSL::PKCS12.new(pkcs12.to_der, passwd)
|
|
|
|
assert_equal chain.size, decoded.ca_certs.size
|
|
|
|
assert_include_cert @cacert, decoded.ca_certs
|
|
|
|
assert_include_cert @inter_cacert, decoded.ca_certs
|
2012-08-21 00:50:18 -04:00
|
|
|
assert_cert @mycert, decoded.certificate
|
2011-07-26 20:31:43 -04:00
|
|
|
assert_equal TEST_KEY_RSA1024.to_der, decoded.key.to_der
|
|
|
|
end
|
|
|
|
|
2010-12-12 23:17:42 -05:00
|
|
|
def test_create_with_bad_nid
|
|
|
|
assert_raises(ArgumentError) do
|
|
|
|
OpenSSL::PKCS12.create(
|
|
|
|
"omg",
|
|
|
|
"hello",
|
2011-07-26 20:31:43 -04:00
|
|
|
TEST_KEY_RSA1024,
|
2010-12-12 23:17:42 -05:00
|
|
|
@mycert,
|
|
|
|
[],
|
|
|
|
"foo"
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_create_with_itr
|
|
|
|
OpenSSL::PKCS12.create(
|
|
|
|
"omg",
|
|
|
|
"hello",
|
2011-07-26 20:31:43 -04:00
|
|
|
TEST_KEY_RSA1024,
|
2010-12-12 23:17:42 -05:00
|
|
|
@mycert,
|
|
|
|
[],
|
|
|
|
nil,
|
|
|
|
nil,
|
|
|
|
2048
|
|
|
|
)
|
|
|
|
|
|
|
|
assert_raises(TypeError) do
|
|
|
|
OpenSSL::PKCS12.create(
|
|
|
|
"omg",
|
|
|
|
"hello",
|
2011-07-26 20:31:43 -04:00
|
|
|
TEST_KEY_RSA1024,
|
2010-12-12 23:17:42 -05:00
|
|
|
@mycert,
|
|
|
|
[],
|
|
|
|
nil,
|
|
|
|
nil,
|
|
|
|
"omg"
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_create_with_mac_itr
|
|
|
|
OpenSSL::PKCS12.create(
|
|
|
|
"omg",
|
|
|
|
"hello",
|
2011-07-26 20:31:43 -04:00
|
|
|
TEST_KEY_RSA1024,
|
2010-12-12 23:17:42 -05:00
|
|
|
@mycert,
|
|
|
|
[],
|
|
|
|
nil,
|
|
|
|
nil,
|
|
|
|
nil,
|
|
|
|
2048
|
|
|
|
)
|
|
|
|
|
|
|
|
assert_raises(TypeError) do
|
|
|
|
OpenSSL::PKCS12.create(
|
|
|
|
"omg",
|
|
|
|
"hello",
|
2011-07-26 20:31:43 -04:00
|
|
|
TEST_KEY_RSA1024,
|
2010-12-12 23:17:42 -05:00
|
|
|
@mycert,
|
|
|
|
[],
|
|
|
|
nil,
|
|
|
|
nil,
|
|
|
|
nil,
|
|
|
|
"omg"
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
def assert_cert expected, actual
|
|
|
|
[
|
|
|
|
:subject,
|
|
|
|
:issuer,
|
|
|
|
:serial,
|
|
|
|
:not_before,
|
|
|
|
:not_after,
|
|
|
|
].each do |attribute|
|
|
|
|
assert_equal expected.send(attribute), actual.send(attribute)
|
|
|
|
end
|
2011-07-26 20:31:43 -04:00
|
|
|
assert_equal expected.to_der, actual.to_der
|
2010-12-12 23:17:42 -05:00
|
|
|
end
|
|
|
|
|
2011-07-26 20:31:43 -04:00
|
|
|
def assert_include_cert cert, ary
|
|
|
|
der = cert.to_der
|
|
|
|
ary.each do |candidate|
|
|
|
|
if candidate.to_der == der
|
|
|
|
return true
|
|
|
|
end
|
|
|
|
end
|
|
|
|
false
|
2010-12-12 23:17:42 -05:00
|
|
|
end
|
2011-07-26 20:31:43 -04:00
|
|
|
|
2010-12-12 23:17:42 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|