kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* test/openssl: backport cosmetic changes from 1.9.

Browse source 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@26836 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nahi 2010-03-06 21:41:32 +00:00
parent ef5c7c951a
commit 0322d30623
11 changed files with 203 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -1,3 +1,7 @@
Sun Mar 7 06:37:27 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
* test/openssl: backport cosmetic changes from 1.9.
Sun Mar 7 06:27:24 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
* ext/openssl: backport fixes in 1.9.

7
test/openssl/test_cipher.rb
View file

@ -1,10 +1,3 @@
if defined?(JRUBY_VERSION)
require "java"
base = File.join(File.dirname(__FILE__), '..', '..')
$CLASSPATH << File.join(base, 'pkg', 'classes')
$CLASSPATH << File.join(base, 'lib', 'bcprov-jdk15-144.jar')
end
begin
require "openssl"
rescue LoadError

16
test/openssl/test_config.rb Normal file
View file

@ -0,0 +1,16 @@
require 'openssl'
require "test/unit"
class OpenSSL::TestConfig < Test::Unit::TestCase
def test_freeze
c = OpenSSL::Config.new
c['foo'] = [['key', 'value']]
c.freeze
# [ruby-core:18377]
# RuntimeError for 1.9, TypeError for 1.8
assert_raise(TypeError, /frozen/) do
c['foo'] = [['key', 'wrong']]
end
end
end

20
test/openssl/test_hmac.rb
View file

@ -4,15 +4,13 @@ rescue LoadError
end
require "test/unit"
if defined?(OpenSSL)
class OpenSSL::TestHMAC < Test::Unit::TestCase
def setup
@digest = OpenSSL::Digest::MD5.new
@digest = OpenSSL::Digest::MD5
@key = "KEY"
@data = "DATA"
@h1 = OpenSSL::HMAC.new(@key, @digest)
@h2 = OpenSSL::HMAC.new(@key, @digest)
@h1 = OpenSSL::HMAC.new(@key, @digest.new)
@h2 = OpenSSL::HMAC.new(@key, "MD5")
end
def teardown
@ -20,8 +18,14 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
def test_hmac
@h1.update(@data)
assert_equal(OpenSSL::HMAC.digest(@digest, @key, @data), @h1.digest, "digest")
assert_equal(OpenSSL::HMAC.hexdigest(@digest, @key, @data), @h1.hexdigest, "hexdigest")
@h2.update(@data)
assert_equal(@h1.digest, @h2.digest)
assert_equal(OpenSSL::HMAC.digest(@digest.new, @key, @data), @h1.digest, "digest")
assert_equal(OpenSSL::HMAC.hexdigest(@digest.new, @key, @data), @h1.hexdigest, "hexdigest")
assert_equal(OpenSSL::HMAC.digest("MD5", @key, @data), @h2.digest, "digest")
assert_equal(OpenSSL::HMAC.hexdigest("MD5", @key, @data), @h2.hexdigest, "hexdigest")
end
def test_dup
@ -40,5 +44,3 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
OpenSSL::HMAC.hexdigest(digest256, 'blah', "blah"))
end
end
end

130
test/openssl/test_pkcs7.rb
View file

@ -45,6 +45,127 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
store.add_cert(@ca_cert)
ca_certs = [@ca_cert]
data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
p7 = OpenSSL::PKCS7.new(tmp.to_der)
certs = p7.certificates
signers = p7.signers
assert(p7.verify([], store))
assert_equal(data, p7.data)
assert_equal(2, certs.size)
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
assert_equal(1, signers.size)
assert_equal(@ee1_cert.serial, signers[0].serial)
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
# Normaly OpenSSL tries to translate the supplied content into canonical
# MIME format (e.g. a newline character is converted into CR+LF).
# If the content is a binary, PKCS7::BINARY flag should be used.
data = "aaaaa\nbbbbb\nccccc\n"
flag = OpenSSL::PKCS7::BINARY
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
p7 = OpenSSL::PKCS7.new(tmp.to_der)
certs = p7.certificates
signers = p7.signers
assert(p7.verify([], store))
assert_equal(data, p7.data)
assert_equal(2, certs.size)
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
assert_equal(1, signers.size)
assert_equal(@ee1_cert.serial, signers[0].serial)
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
# A signed-data which have multiple signatures can be created
# through the following steps.
# 1. create two signed-data
# 2. copy signerInfo and certificate from one to another
tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
tmp1.add_signer(tmp2.signers[0])
tmp1.add_certificate(@ee2_cert)
p7 = OpenSSL::PKCS7.new(tmp1.to_der)
certs = p7.certificates
signers = p7.signers
assert(p7.verify([], store))
assert_equal(data, p7.data)
assert_equal(2, certs.size)
assert_equal(2, signers.size)
assert_equal(@ee1_cert.serial, signers[0].serial)
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
assert_equal(@ee2_cert.serial, signers[1].serial)
assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
end
def test_detached_sign
store = OpenSSL::X509::Store.new
store.add_cert(@ca_cert)
ca_certs = [@ca_cert]
data = "aaaaa\nbbbbb\nccccc\n"
flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
p7 = OpenSSL::PKCS7.new(tmp.to_der)
a1 = OpenSSL::ASN1.decode(p7)
certs = p7.certificates
signers = p7.signers
assert(!p7.verify([], store))
assert(p7.verify([], store, data))
assert_equal(data, p7.data)
assert_equal(2, certs.size)
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
assert_equal(1, signers.size)
assert_equal(@ee1_cert.serial, signers[0].serial)
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
end
def test_enveloped
if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
# PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
# http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
return
end
certs = [@ee1_cert, @ee2_cert]
cipher = OpenSSL::Cipher::AES.new("128-CBC")
data = "aaaaa\nbbbbb\nccccc\n"
tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
p7 = OpenSSL::PKCS7.new(tmp.to_der)
recip = p7.recipients
assert_equal(:enveloped, p7.type)
assert_equal(2, recip.size)
assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s)
assert_equal(2, recip[0].serial)
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
assert_equal(3, recip[1].serial)
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
end
def silent
begin
back, $VERBOSE = $VERBOSE, nil
yield
ensure
$VERBOSE = back if back
end
end
def test_signed_pkcs7_pkcs7
silent do
store = OpenSSL::X509::Store.new
store.add_cert(@ca_cert)
ca_certs = [@ca_cert]
data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
p7 = OpenSSL::PKCS7::PKCS7.new(tmp.to_der)
@ -100,8 +221,10 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
assert_equal(@ee2_cert.serial, signers[1].serial)
assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
end
end
def test_detached_sign
def test_detached_sign_pkcs7_pkcs7
silent do
store = OpenSSL::X509::Store.new
store.add_cert(@ca_cert)
ca_certs = [@ca_cert]
@ -124,8 +247,10 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
assert_equal(@ee1_cert.serial, signers[0].serial)
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
end
end
def test_enveloped
def test_enveloped_pkcs7_pkcs7
silent do
if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
# PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
# http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
@ -151,5 +276,6 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
end
end
end
end

19
test/openssl/test_ssl.rb
View file

@ -102,7 +102,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
server_proc.call(ctx, ssl)
end
end
rescue Errno::EBADF, IOError
rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED
end
def start_server(port0, verify_mode, start_immediately, args = {}, &block)
@ -143,15 +143,26 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
block.call(server, port.to_i)
ensure
tcps.close if (tcps)
begin
begin
tcps.shutdown
rescue Errno::ENOTCONN
# when `Errno::ENOTCONN: Socket is not connected' on some platforms,
# call #close instead of #shutdown.
tcps.close
tcps = nil
end if (tcps)
if (server)
server.join(5)
if server.alive?
server.kill
server.join(5)
server.join
flunk("TCPServer was closed and SSLServer is still alive") unless $!
end
end
ensure
tcps.close if (tcps)
end
end
end
@ -639,7 +650,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
ctx_proc = Proc.new do |ctx, ssl|
foo_ctx = ctx.dup
ctx.servername_cb = Proc.new do |ssl, hostname|
ctx.servername_cb = Proc.new do |ssl2, hostname|
case hostname
when 'foo.example.com'
foo_ctx

4
test/openssl/utils.rb
View file

@ -103,9 +103,9 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
crl.version = 1
crl.last_update = lastup
crl.next_update = nextup
revoke_info.each{|serial, time, reason_code|
revoke_info.each{|rserial, time, reason_code|
revoked = OpenSSL::X509::Revoked.new
revoked.serial = serial
revoked.serial = rserial
revoked.time = time
enum = OpenSSL::ASN1::Enumerated(reason_code)
ext = OpenSSL::X509::Extension.new("CRLReason", enum)