* test/openssl: backport cosmetic changes from 1.9.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@26836 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2010-03-06 21:41:32 +00:00 · 2010-03-06 21:41:32 +00:00 · 0322d30623
commit 0322d30623
parent ef5c7c951a
11 changed files with 203 additions and 51 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
 Sun Mar  7 06:37:27 2010  NAKAMURA, Hiroshi  <nahi@ruby-lang.org>
 	* test/openssl: backport cosmetic changes from 1.9.
 Sun Mar  7 06:27:24 2010  NAKAMURA, Hiroshi  <nahi@ruby-lang.org>
 	* ext/openssl: backport fixes in 1.9.
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@ -1,10 +1,3 @@
 if defined?(JRUBY_VERSION)
  require "java"
  base = File.join(File.dirname(__FILE__), '..', '..')
  $CLASSPATH << File.join(base, 'pkg', 'classes')
  $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk15-144.jar')
 end
 begin
  require "openssl"
 rescue LoadError
--- a/test/openssl/test_config.rb
+++ b/test/openssl/test_config.rb
@ -0,0 +1,16 @@
 require 'openssl'
 require "test/unit"
 class OpenSSL::TestConfig < Test::Unit::TestCase
  def test_freeze
    c = OpenSSL::Config.new
    c['foo'] = [['key', 'value']]
    c.freeze
    # [ruby-core:18377]
    # RuntimeError for 1.9, TypeError for 1.8
    assert_raise(TypeError, /frozen/) do
      c['foo'] = [['key', 'wrong']]
    end
  end
 end
--- a/test/openssl/test_hmac.rb
+++ b/test/openssl/test_hmac.rb
@ -4,15 +4,13 @@ rescue LoadError
 end
 require "test/unit"
 if defined?(OpenSSL)
 class OpenSSL::TestHMAC < Test::Unit::TestCase
  def setup
-    @digest = OpenSSL::Digest::MD5.new
+    @digest = OpenSSL::Digest::MD5
    @key = "KEY"
    @data = "DATA"
-    @h1 = OpenSSL::HMAC.new(@key, @digest)
+    @h1 = OpenSSL::HMAC.new(@key, @digest.new)
-    @h2 = OpenSSL::HMAC.new(@key, @digest)
+    @h2 = OpenSSL::HMAC.new(@key, "MD5")
  end
  def teardown
@ -20,8 +18,14 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
  def test_hmac
    @h1.update(@data)
-    assert_equal(OpenSSL::HMAC.digest(@digest, @key, @data), @h1.digest, "digest")
+    @h2.update(@data)
-    assert_equal(OpenSSL::HMAC.hexdigest(@digest, @key, @data), @h1.hexdigest, "hexdigest")
+    assert_equal(@h1.digest, @h2.digest)
    assert_equal(OpenSSL::HMAC.digest(@digest.new, @key, @data), @h1.digest, "digest")
    assert_equal(OpenSSL::HMAC.hexdigest(@digest.new, @key, @data), @h1.hexdigest, "hexdigest")
    assert_equal(OpenSSL::HMAC.digest("MD5", @key, @data), @h2.digest, "digest")
    assert_equal(OpenSSL::HMAC.hexdigest("MD5", @key, @data), @h2.hexdigest, "hexdigest")
  end
  def test_dup
@ -40,5 +44,3 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
      OpenSSL::HMAC.hexdigest(digest256, 'blah', "blah"))
  end
 end
 end
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@ -45,6 +45,127 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
    store.add_cert(@ca_cert)
    ca_certs = [@ca_cert]
    data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
    tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
    p7 = OpenSSL::PKCS7.new(tmp.to_der)
    certs = p7.certificates
    signers = p7.signers
    assert(p7.verify([], store))
    assert_equal(data, p7.data)
    assert_equal(2, certs.size)
    assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
    assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
    assert_equal(1, signers.size)
    assert_equal(@ee1_cert.serial, signers[0].serial)
    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
    # Normaly OpenSSL tries to translate the supplied content into canonical
    # MIME format (e.g. a newline character is converted into CR+LF).
    # If the content is a binary, PKCS7::BINARY flag should be used.
    data = "aaaaa\nbbbbb\nccccc\n"
    flag = OpenSSL::PKCS7::BINARY
    tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
    p7 = OpenSSL::PKCS7.new(tmp.to_der)
    certs = p7.certificates
    signers = p7.signers
    assert(p7.verify([], store))
    assert_equal(data, p7.data)
    assert_equal(2, certs.size)
    assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
    assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
    assert_equal(1, signers.size)
    assert_equal(@ee1_cert.serial, signers[0].serial)
    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
    # A signed-data which have multiple signatures can be created
    # through the following steps.
    #   1. create two signed-data
    #   2. copy signerInfo and certificate from one to another
    tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
    tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
    tmp1.add_signer(tmp2.signers[0])
    tmp1.add_certificate(@ee2_cert)
    p7 = OpenSSL::PKCS7.new(tmp1.to_der)
    certs = p7.certificates
    signers = p7.signers
    assert(p7.verify([], store))
    assert_equal(data, p7.data)
    assert_equal(2, certs.size)
    assert_equal(2, signers.size)
    assert_equal(@ee1_cert.serial, signers[0].serial)
    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
    assert_equal(@ee2_cert.serial, signers[1].serial)
    assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
  end
  def test_detached_sign
    store = OpenSSL::X509::Store.new
    store.add_cert(@ca_cert)
    ca_certs = [@ca_cert]
    data = "aaaaa\nbbbbb\nccccc\n"
    flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
    tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
    p7 = OpenSSL::PKCS7.new(tmp.to_der)
    a1 = OpenSSL::ASN1.decode(p7)
    certs = p7.certificates
    signers = p7.signers
    assert(!p7.verify([], store))
    assert(p7.verify([], store, data))
    assert_equal(data, p7.data)
    assert_equal(2, certs.size)
    assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
    assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
    assert_equal(1, signers.size)
    assert_equal(@ee1_cert.serial, signers[0].serial)
    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
  end
  def test_enveloped
    if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
      # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
      # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
      return
    end
    certs = [@ee1_cert, @ee2_cert]
    cipher = OpenSSL::Cipher::AES.new("128-CBC")
    data = "aaaaa\nbbbbb\nccccc\n"
    tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
    p7 = OpenSSL::PKCS7.new(tmp.to_der)
    recip = p7.recipients
    assert_equal(:enveloped, p7.type)
    assert_equal(2, recip.size)
    assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s)
    assert_equal(2, recip[0].serial)
    assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
    assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
    assert_equal(3, recip[1].serial)
    assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
  end
  def silent
    begin
      back, $VERBOSE = $VERBOSE, nil
      yield
    ensure
      $VERBOSE = back if back
    end
  end
  def test_signed_pkcs7_pkcs7
  silent do
    store = OpenSSL::X509::Store.new
    store.add_cert(@ca_cert)
    ca_certs = [@ca_cert]
    data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
    tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
    p7 = OpenSSL::PKCS7::PKCS7.new(tmp.to_der)
@ -100,8 +221,10 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
    assert_equal(@ee2_cert.serial, signers[1].serial)
    assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
  end
  end
-  def test_detached_sign
+  def test_detached_sign_pkcs7_pkcs7
  silent do
    store = OpenSSL::X509::Store.new
    store.add_cert(@ca_cert)
    ca_certs = [@ca_cert]
@ -124,8 +247,10 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
    assert_equal(@ee1_cert.serial, signers[0].serial)
    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
  end
  end
-  def test_enveloped
+  def test_enveloped_pkcs7_pkcs7
  silent do
    if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
      # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
      # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
@ -151,5 +276,6 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
    assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
  end
  end
 end
 end
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@ -102,7 +102,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
        server_proc.call(ctx, ssl)
      end
    end
-  rescue Errno::EBADF, IOError
+  rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED
  end
  def start_server(port0, verify_mode, start_immediately, args = {}, &block)
@ -143,15 +143,26 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
      block.call(server, port.to_i)
    ensure
-      tcps.close if (tcps)
+      begin
        begin
          tcps.shutdown
        rescue Errno::ENOTCONN
          # when `Errno::ENOTCONN: Socket is not connected' on some platforms,
          # call #close instead of #shutdown.
          tcps.close
          tcps = nil
        end if (tcps)
        if (server)
          server.join(5)
          if server.alive?
            server.kill
-          server.join(5)
+            server.join
            flunk("TCPServer was closed and SSLServer is still alive") unless $!
          end
        end
      ensure
        tcps.close if (tcps)
      end
    end
  end
@ -639,7 +650,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
    ctx_proc = Proc.new do |ctx, ssl|
      foo_ctx = ctx.dup
-      ctx.servername_cb = Proc.new do |ssl, hostname|
+      ctx.servername_cb = Proc.new do |ssl2, hostname|
        case hostname
        when 'foo.example.com'
          foo_ctx
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@ -103,9 +103,9 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
    crl.version = 1
    crl.last_update = lastup
    crl.next_update = nextup
-    revoke_info.each{|serial, time, reason_code|
+    revoke_info.each{|rserial, time, reason_code|
      revoked = OpenSSL::X509::Revoked.new
-      revoked.serial = serial
+      revoked.serial = rserial
      revoked.time = time
      enum = OpenSSL::ASN1::Enumerated(reason_code)
      ext = OpenSSL::X509::Extension.new("CRLReason", enum)