kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity
ruby--ruby/test/openssl/test_ocsp.rb

298 lines
12 KiB
Ruby
Raw Normal View History

Add frozen_string_literal: false for all files When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16 00:07:31 -05:00
# frozen_string_literal: false
drying up the requires in the openssl tests git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-12-15 14:50:00 -05:00
require_relative "utils"
* test/openssl/test_ocsp.rb: adding test for r29699. Thanks Elise Huard! [ruby-core:32460] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:00 -04:00
test/openssl: skip old OpenSSL * test/openssl/utils.rb (OpenSSL::TestUtils): ignore out-of-date OpenSSL before 1.0. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-12 22:05:43 -05:00
if defined?(OpenSSL::TestUtils)
* test/openssl/test_ocsp.rb: adding test for r29699. Thanks Elise Huard! [ruby-core:32460] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:00 -04:00
openssl: clear OpenSSL error queue before return to Ruby * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18 00:07:47 -04:00
class OpenSSL::TestOCSP < OpenSSL::TestCase
revert r48819 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-12 22:05:31 -05:00
def setup
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
# @ca_cert
# |
# @cert
# |----------|
# @cert2 @ocsp_cert
revert r48819 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-12 22:05:31 -05:00
ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
@ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
ca_exts = [
["basicConstraints", "CA:TRUE", true],
["keyUsage", "cRLSign,keyCertSign", true],
]
revert r48819 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-12 22:05:31 -05:00
@ca_cert = OpenSSL::TestUtils.issue_cert(
openssl: import v2.0.0 Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30 09:41:46 -05:00
ca_subj, @ca_key, 1, ca_exts, nil, nil)
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
cert_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA2")
@cert_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
cert_exts = [
["basicConstraints", "CA:TRUE", true],
["keyUsage", "cRLSign,keyCertSign", true],
]
revert r48819 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-12 22:05:31 -05:00
@cert = OpenSSL::TestUtils.issue_cert(
openssl: import v2.0.0 Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30 09:41:46 -05:00
cert_subj, @cert_key, 5, cert_exts, @ca_cert, @ca_key)
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
cert2_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
@cert2_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
cert2_exts = [
]
@cert2 = OpenSSL::TestUtils.issue_cert(
openssl: import v2.0.0 Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30 09:41:46 -05:00
cert2_subj, @cert2_key, 10, cert2_exts, @cert, @cert_key)
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
ocsp_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCAOCSP")
@ocsp_key = OpenSSL::TestUtils::TEST_KEY_RSA2048
ocsp_exts = [
["extendedKeyUsage", "OCSPSigning", true],
]
@ocsp_cert = OpenSSL::TestUtils.issue_cert(
openssl: import v2.0.0 Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30 09:41:46 -05:00
ocsp_subj, @ocsp_key, 100, ocsp_exts, @cert, @cert_key)
revert r48819 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-12 22:05:31 -05:00
end
* test/openssl/test_ocsp.rb: adding test for r29699. Thanks Elise Huard! [ruby-core:32460] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:00 -04:00
def test_new_certificate_id
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
removing empty teardown, cleaning up whitespace errors git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29709 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:11 -04:00
assert_kind_of OpenSSL::OCSP::CertificateId, cid
* test/openssl/test_ocsp.rb: adding test for r29699. Thanks Elise Huard! [ruby-core:32460] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:00 -04:00
assert_equal @cert.serial, cid.serial
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA256.new)
removing empty teardown, cleaning up whitespace errors git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29709 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:11 -04:00
assert_kind_of OpenSSL::OCSP::CertificateId, cid
* test/openssl/test_ocsp.rb: adding test for r29699. Thanks Elise Huard! [ruby-core:32460] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:00 -04:00
assert_equal @cert.serial, cid.serial
openssl: add some accessor methods for OCSP::CertificateId * ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash, ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm): Add accessor methods OCSP::CertificateId#issuer_name_hash, #issuer_key_hash, #hash_algorithm. Based on a patch provided by Paul Kehrer <paul.l.kehrer@gmail.com>. [ruby-core:48062] [Feature #7181] * test/openssl/test_ocsp.rb: Test these new methods. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55411 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 09:12:20 -04:00
end
def test_certificate_id_issuer_name_hash
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
assert_equal OpenSSL::Digest::SHA1.hexdigest(@cert.issuer.to_der), cid.issuer_name_hash
assert_equal "d91f736ac4dc3242f0fb9b77a3149bd83c5c43d0", cid.issuer_name_hash
end
def test_certificate_id_issuer_key_hash
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
assert_equal OpenSSL::Digest::SHA1.hexdigest(OpenSSL::ASN1.decode(@ca_cert.to_der).value[0].value[6].value[1].value), cid.issuer_key_hash
assert_equal "d1fef9fbf8ae1bc160cbfa03e2596dd873089213", cid.issuer_key_hash
end
def test_certificate_id_hash_algorithm
cid_sha1 = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
cid_sha256 = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA256.new)
assert_equal "sha1", cid_sha1.hash_algorithm
assert_equal "sha256", cid_sha256.hash_algorithm
end
* test/openssl/test_ocsp.rb: adding test for r29699. Thanks Elise Huard! [ruby-core:32460] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:00 -04:00
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
def test_certificate_id_der
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
der = cid.to_der
asn1 = OpenSSL::ASN1.decode(der)
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
# hash algorithm defaults to SHA-1
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
assert_equal OpenSSL::ASN1.ObjectId("SHA1").to_der, asn1.value[0].value[0].to_der
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
assert_equal [cid.issuer_name_hash].pack("H*"), asn1.value[1].value
assert_equal [cid.issuer_key_hash].pack("H*"), asn1.value[2].value
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
assert_equal @cert.serial, asn1.value[3].value
assert_equal der, OpenSSL::OCSP::CertificateId.new(der).to_der
end
openssl: implement initialize_copy for OpenSSL::OCSP::* * ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 05:42:29 -04:00
def test_certificate_id_dup
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
assert_equal cid.to_der, cid.dup.to_der
end
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
def test_request_der
request = OpenSSL::OCSP::Request.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
request.add_certid(cid)
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
request.sign(@cert, @cert_key, [@ca_cert], 0)
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
asn1 = OpenSSL::ASN1.decode(request.to_der)
assert_equal cid.to_der, asn1.value[0].value.find { |a| a.tag_class == :UNIVERSAL }.value[0].value[0].to_der
assert_equal OpenSSL::ASN1.ObjectId("sha1WithRSAEncryption").to_der, asn1.value[1].value[0].value[0].value[0].to_der
assert_equal @cert.to_der, asn1.value[1].value[0].value[2].value[0].value[0].to_der
assert_equal @ca_cert.to_der, asn1.value[1].value[0].value[2].value[0].value[1].to_der
assert_equal asn1.to_der, OpenSSL::OCSP::Request.new(asn1.to_der).to_der
end
openssl: allow specifying hash algorithm in OCSP::*#sign * ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15 06:52:37 -04:00
def test_request_sign_verify
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
store = OpenSSL::X509::Store.new.add_cert(@ca_cert)
# with signer cert
req = OpenSSL::OCSP::Request.new.add_certid(cid)
req.sign(@cert, @cert_key, [])
assert_equal true, req.verify([], store)
# without signer cert
req = OpenSSL::OCSP::Request.new.add_certid(cid)
req.sign(@cert, @cert_key, nil)
assert_equal false, req.verify([@cert2], store)
assert_equal false, req.verify([], store) # no signer
assert_equal false, req.verify([], store, OpenSSL::OCSP::NOVERIFY)
assert_equal true, req.verify([@cert], store, OpenSSL::OCSP::NOINTERN)
ret = req.verify([@cert], store)
if ret || OpenSSL::OPENSSL_VERSION =~ /OpenSSL/ && OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10002000
assert_equal true, ret
else
# RT2560; OCSP_request_verify() does not find signer cert from 'certs' when
# OCSP_NOINTERN is not specified.
# fixed by OpenSSL 1.0.1j, 1.0.2 and LibreSSL 2.4.2
pend "RT2560: ocsp_req_find_signer"
end
openssl: allow specifying hash algorithm in OCSP::*#sign * ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15 06:52:37 -04:00
end
def test_request_nonce
req0 = OpenSSL::OCSP::Request.new
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
req1 = OpenSSL::OCSP::Request.new.add_nonce("NONCE")
req2 = OpenSSL::OCSP::Request.new.add_nonce("ABCDE")
openssl: allow specifying hash algorithm in OCSP::*#sign * ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15 06:52:37 -04:00
bres = OpenSSL::OCSP::BasicResponse.new
assert_equal 2, req0.check_nonce(bres)
bres.copy_nonce(req1)
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
assert_equal 3, req0.check_nonce(bres)
openssl: allow specifying hash algorithm in OCSP::*#sign * ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15 06:52:37 -04:00
assert_equal 1, req1.check_nonce(bres)
bres.add_nonce("NONCE")
assert_equal 1, req1.check_nonce(bres)
assert_equal 0, req2.check_nonce(bres)
* test/openssl/test_ocsp.rb: adding test for r29699. Thanks Elise Huard! [ruby-core:32460] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:00 -04:00
end
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
openssl: implement initialize_copy for OpenSSL::OCSP::* * ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 05:42:29 -04:00
def test_request_dup
request = OpenSSL::OCSP::Request.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
request.add_certid(cid)
assert_equal request.to_der, request.dup.to_der
end
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
def test_basic_response_der
bres = OpenSSL::OCSP::BasicResponse.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0, nil, -300, 500, [])
bres.add_nonce("NONCE")
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert], 0)
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
der = bres.to_der
asn1 = OpenSSL::ASN1.decode(der)
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
assert_equal OpenSSL::ASN1.Sequence([@ocsp_cert, @ca_cert]).to_der, asn1.value[3].value[0].to_der
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
assert_equal der, OpenSSL::OCSP::BasicResponse.new(der).to_der
openssl: ignore test failure caused by LibreSSL bug * test/openssl/test_ocsp.rb: Ignore errors caused by bugs that exist in LibreSSL >= 2.3.1. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55502 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-24 21:08:15 -04:00
rescue TypeError
if /GENERALIZEDTIME/ =~ $!.message
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
pend "OCSP_basic_sign() is broken"
openssl: ignore test failure caused by LibreSSL bug * test/openssl/test_ocsp.rb: Ignore errors caused by bugs that exist in LibreSSL >= 2.3.1. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55502 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-24 21:08:15 -04:00
else
raise
end
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
end
openssl: allow specifying hash algorithm in OCSP::*#sign * ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15 06:52:37 -04:00
def test_basic_response_sign_verify
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
store = OpenSSL::X509::Store.new.add_cert(@ca_cert)
# signed by CA
bres = OpenSSL::OCSP::BasicResponse.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, "SHA256")
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, nil, -400, -300, 500, [])
bres.sign(@ca_cert, @ca_key, nil, 0, "SHA256")
assert_equal false, bres.verify([], store) # signer not found
assert_equal true, bres.verify([@ca_cert], store)
bres.sign(@ca_cert, @ca_key, [], 0, "SHA256")
assert_equal true, bres.verify([], store)
# signed by OCSP signer
openssl: allow specifying hash algorithm in OCSP::*#sign * ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15 06:52:37 -04:00
bres = OpenSSL::OCSP::BasicResponse.new
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
cid = OpenSSL::OCSP::CertificateId.new(@cert2, @cert)
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, nil, -400, -300, 500, [])
bres.sign(@ocsp_cert, @ocsp_key, [@cert])
assert_equal true, bres.verify([], store)
assert_equal false, bres.verify([], store, OpenSSL::OCSP::NOCHAIN)
# OpenSSL had a bug on this; test that our workaround works
bres.sign(@ocsp_cert, @ocsp_key, [])
assert_equal true, bres.verify([@cert], store)
openssl: allow specifying hash algorithm in OCSP::*#sign * ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15 06:52:37 -04:00
end
openssl: implement initialize_copy for OpenSSL::OCSP::* * ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 05:42:29 -04:00
def test_basic_response_dup
bres = OpenSSL::OCSP::BasicResponse.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0, nil, -300, 500, [])
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert], 0)
openssl: implement initialize_copy for OpenSSL::OCSP::* * ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 05:42:29 -04:00
assert_equal bres.to_der, bres.dup.to_der
end
openssl: add OpenSSL::OCSP::SingleResponse * ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an OCSP SingleResponse structure. Also add two new methods #responses and #find_response to OCSP::BasicResponse. A BasicResponse has one or more SingleResponse. We have OCSP::BasicResponse#status that returns them as an array of arrays, each containing the content of a SingleResponse, but this is not useful. When validating an OCSP response, we need to look into the each SingleResponse and check their validity but it is not simple. For example, when validating for a certificate 'cert', the code would be like: # certid_target is an OpenSSL::OCSP::CertificateId for cert basic = res.basic result = basic.status.any? do |ary| ary[0].cmp(certid_target) && ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5]) end Adding OCSP::SingleResponse at the same time allows exposing OCSP_check_validity(). With this, the code above can be rewritten as: basic = res.basic single = basic.find_response(certid_target) result = single.check_validity * test/openssl/test_ocsp.rb: Test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 08:26:27 -04:00
def test_basic_response_response_operations
bres = OpenSSL::OCSP::BasicResponse.new
now = Time.at(Time.now.to_i)
cid1 = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
cid2 = OpenSSL::OCSP::CertificateId.new(@ocsp_cert, @ca_cert, OpenSSL::Digest::SHA1.new)
openssl: add OpenSSL::OCSP::SingleResponse * ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an OCSP SingleResponse structure. Also add two new methods #responses and #find_response to OCSP::BasicResponse. A BasicResponse has one or more SingleResponse. We have OCSP::BasicResponse#status that returns them as an array of arrays, each containing the content of a SingleResponse, but this is not useful. When validating an OCSP response, we need to look into the each SingleResponse and check their validity but it is not simple. For example, when validating for a certificate 'cert', the code would be like: # certid_target is an OpenSSL::OCSP::CertificateId for cert basic = res.basic result = basic.status.any? do |ary| ary[0].cmp(certid_target) && ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5]) end Adding OCSP::SingleResponse at the same time allows exposing OCSP_check_validity(). With this, the code above can be rewritten as: basic = res.basic single = basic.find_response(certid_target) result = single.check_validity * test/openssl/test_ocsp.rb: Test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 08:26:27 -04:00
cid3 = OpenSSL::OCSP::CertificateId.new(@ca_cert, @ca_cert, OpenSSL::Digest::SHA1.new)
bres.add_status(cid1, OpenSSL::OCSP::V_CERTSTATUS_REVOKED, OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED, now - 400, -300, nil, nil)
bres.add_status(cid2, OpenSSL::OCSP::V_CERTSTATUS_GOOD, nil, nil, -300, 500, [])
assert_equal 2, bres.responses.size
single = bres.responses.first
assert_equal cid1.to_der, single.certid.to_der
assert_equal OpenSSL::OCSP::V_CERTSTATUS_REVOKED, single.cert_status
assert_equal OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED, single.revocation_reason
assert_equal now - 400, single.revocation_time
Refine assertion * test/openssl/test_ocsp.rb: assert_in_delta for better message. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55503 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-24 22:32:06 -04:00
assert_in_delta (now - 301), single.this_update, 1
openssl: add OpenSSL::OCSP::SingleResponse * ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an OCSP SingleResponse structure. Also add two new methods #responses and #find_response to OCSP::BasicResponse. A BasicResponse has one or more SingleResponse. We have OCSP::BasicResponse#status that returns them as an array of arrays, each containing the content of a SingleResponse, but this is not useful. When validating an OCSP response, we need to look into the each SingleResponse and check their validity but it is not simple. For example, when validating for a certificate 'cert', the code would be like: # certid_target is an OpenSSL::OCSP::CertificateId for cert basic = res.basic result = basic.status.any? do |ary| ary[0].cmp(certid_target) && ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5]) end Adding OCSP::SingleResponse at the same time allows exposing OCSP_check_validity(). With this, the code above can be rewritten as: basic = res.basic single = basic.find_response(certid_target) result = single.check_validity * test/openssl/test_ocsp.rb: Test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 08:26:27 -04:00
assert_equal nil, single.next_update
assert_equal [], single.extensions
assert_equal cid2.to_der, bres.find_response(cid2).certid.to_der
assert_equal nil, bres.find_response(cid3)
end
def test_single_response_der
bres = OpenSSL::OCSP::BasicResponse.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, nil, nil, -300, 500, nil)
single = bres.responses[0]
der = single.to_der
asn1 = OpenSSL::ASN1.decode(der)
assert_equal :CONTEXT_SPECIFIC, asn1.value[1].tag_class
assert_equal 0, asn1.value[1].tag # good
assert_equal der, OpenSSL::OCSP::SingleResponse.new(der).to_der
end
def test_single_response_check_validity
bres = OpenSSL::OCSP::BasicResponse.new
cid1 = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
cid2 = OpenSSL::OCSP::CertificateId.new(@ocsp_cert, @ca_cert, OpenSSL::Digest::SHA1.new)
openssl: add OpenSSL::OCSP::SingleResponse * ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an OCSP SingleResponse structure. Also add two new methods #responses and #find_response to OCSP::BasicResponse. A BasicResponse has one or more SingleResponse. We have OCSP::BasicResponse#status that returns them as an array of arrays, each containing the content of a SingleResponse, but this is not useful. When validating an OCSP response, we need to look into the each SingleResponse and check their validity but it is not simple. For example, when validating for a certificate 'cert', the code would be like: # certid_target is an OpenSSL::OCSP::CertificateId for cert basic = res.basic result = basic.status.any? do |ary| ary[0].cmp(certid_target) && ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5]) end Adding OCSP::SingleResponse at the same time allows exposing OCSP_check_validity(). With this, the code above can be rewritten as: basic = res.basic single = basic.find_response(certid_target) result = single.check_validity * test/openssl/test_ocsp.rb: Test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 08:26:27 -04:00
bres.add_status(cid1, OpenSSL::OCSP::V_CERTSTATUS_REVOKED, OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED, -400, -300, -50, [])
bres.add_status(cid2, OpenSSL::OCSP::V_CERTSTATUS_REVOKED, OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED, -400, -300, nil, [])
openssl: ignore test failure caused by LibreSSL bug * test/openssl/test_ocsp.rb: Ignore errors caused by bugs that exist in LibreSSL >= 2.3.1. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55502 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-24 21:08:15 -04:00
bres.add_status(cid2, OpenSSL::OCSP::V_CERTSTATUS_GOOD, nil, nil, Time.now + 100, nil, nil)
if bres.responses[2].check_validity # thisUpdate is in future; must fail
# LibreSSL bug; skip for now
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
pend "OCSP_check_validity() is broken"
openssl: ignore test failure caused by LibreSSL bug * test/openssl/test_ocsp.rb: Ignore errors caused by bugs that exist in LibreSSL >= 2.3.1. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55502 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-24 21:08:15 -04:00
end
openssl: add OpenSSL::OCSP::SingleResponse * ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an OCSP SingleResponse structure. Also add two new methods #responses and #find_response to OCSP::BasicResponse. A BasicResponse has one or more SingleResponse. We have OCSP::BasicResponse#status that returns them as an array of arrays, each containing the content of a SingleResponse, but this is not useful. When validating an OCSP response, we need to look into the each SingleResponse and check their validity but it is not simple. For example, when validating for a certificate 'cert', the code would be like: # certid_target is an OpenSSL::OCSP::CertificateId for cert basic = res.basic result = basic.status.any? do |ary| ary[0].cmp(certid_target) && ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5]) end Adding OCSP::SingleResponse at the same time allows exposing OCSP_check_validity(). With this, the code above can be rewritten as: basic = res.basic single = basic.find_response(certid_target) result = single.check_validity * test/openssl/test_ocsp.rb: Test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 08:26:27 -04:00
single1 = bres.responses[0]
assert_equal false, single1.check_validity
assert_equal false, single1.check_validity(30)
assert_equal true, single1.check_validity(60)
single2 = bres.responses[1]
assert_equal true, single2.check_validity
assert_equal true, single2.check_validity(0, 500)
assert_equal false, single2.check_validity(0, 200)
end
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
def test_response
bres = OpenSSL::OCSP::BasicResponse.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0, nil, -300, 500, [])
bres.sign(@ocsp_cert, @ocsp_key, [])
res = OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, bres)
assert_equal bres.to_der, res.basic.to_der
assert_equal OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, res.status
end
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
def test_response_der
bres = OpenSSL::OCSP::BasicResponse.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0, nil, -300, 500, [])
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert], 0)
openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse} * ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 08:40:55 -04:00
res = OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, bres)
der = res.to_der
asn1 = OpenSSL::ASN1.decode(der)
assert_equal OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, asn1.value[0].value
assert_equal OpenSSL::ASN1.ObjectId("basicOCSPResponse").to_der, asn1.value[1].value[0].value[0].to_der
assert_equal bres.to_der, asn1.value[1].value[0].value[1].value
assert_equal der, OpenSSL::OCSP::Response.new(der).to_der
end
openssl: implement initialize_copy for OpenSSL::OCSP::* * ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 05:42:29 -04:00
def test_response_dup
bres = OpenSSL::OCSP::BasicResponse.new
import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 01:47:09 -04:00
bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert], 0)
openssl: implement initialize_copy for OpenSSL::OCSP::* * ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 05:42:29 -04:00
res = OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, bres)
assert_equal res.to_der, res.dup.to_der
end
* test/openssl/test_ocsp.rb: adding test for r29699. Thanks Elise Huard! [ruby-core:32460] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-06 17:19:00 -04:00
end
end
Copy permalink