kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* test/openssl/*: added some tests from jruby-openssl.

Browse source 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@26073 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nahi 2009-12-13 14:09:20 +00:00
parent 07e95b9493
commit c2e8a9ca94
13 changed files with 430 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -1,3 +1,7 @@
Sun Dec 13 23:07:05 2009 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
* test/openssl/*: added some tests from jruby-openssl.
Mon Dec 7 07:05:05 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca> Mon Dec 7 07:05:05 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca>
* lib/bigdecimal.rb: fix comparison operators [ruby-core:26646] * lib/bigdecimal.rb: fix comparison operators [ruby-core:26646]

105
test/openssl/test_cipher.rb
View file

@ -1,3 +1,10 @@
if defined?(JRUBY_VERSION)
require "java"
base = File.join(File.dirname(__FILE__), '..', '..')
$CLASSPATH << File.join(base, 'pkg', 'classes')
$CLASSPATH << File.join(base, 'lib', 'bcprov-jdk15-144.jar')
end
begin begin
require "openssl" require "openssl"
rescue LoadError rescue LoadError
@ -12,6 +19,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
@c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC") @c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
@key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" @key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
@iv = "\0\0\0\0\0\0\0\0" @iv = "\0\0\0\0\0\0\0\0"
@iv1 = "\1\1\1\1\1\1\1\1"
@hexkey = "0000000000000000000000000000000000000000000000" @hexkey = "0000000000000000000000000000000000000000000000"
@hexiv = "0000000000000000" @hexiv = "0000000000000000"
@data = "DATA" @data = "DATA"
@ -63,9 +71,80 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
assert_equal(s1, s2, "encrypt reset") assert_equal(s1, s2, "encrypt reset")
end end
def test_set_iv
@c1.encrypt
@c1.key = @key
@c1.iv = @iv
s1 = @c1.update(@data) + @c1.final
@c1.iv = @iv1
s1 += @c1.update(@data) + @c1.final
@c1.reset
@c1.iv = @iv
s2 = @c1.update(@data) + @c1.final
@c1.iv = @iv1
s2 += @c1.update(@data) + @c1.final
assert_equal(s1, s2, "encrypt reset")
end
def test_empty_data def test_empty_data
@c1.encrypt @c1.encrypt
assert_raises(ArgumentError){ @c1.update("") } assert_raise(ArgumentError){ @c1.update("") }
end
def test_disable_padding(padding=0)
# assume a padding size of 8
# encrypt the data with padding
@c1.encrypt
@c1.key = @key
@c1.iv = @iv
encrypted_data = @c1.update(@data) + @c1.final
assert_equal(8, encrypted_data.size)
# decrypt with padding disabled
@c1.decrypt
@c1.padding = padding
decrypted_data = @c1.update(encrypted_data) + @c1.final
# check that the result contains the padding
assert_equal(8, decrypted_data.size)
assert_equal(@data, decrypted_data[0...@data.size])
end
if PLATFORM =~ /java/
# JRuby extension - using Java padding types
def test_disable_padding_javastyle
test_disable_padding('NoPadding')
end
def test_iso10126_padding
@c1.encrypt
@c1.key = @key
@c1.iv = @iv
@c1.padding = 'ISO10126Padding'
encrypted_data = @c1.update(@data) + @c1.final
# decrypt with padding disabled to see the padding
@c1.decrypt
@c1.padding = 0
decrypted_data = @c1.update(encrypted_data) + @c1.final
assert_equal(@data, decrypted_data[0...@data.size])
# last byte should be the amount of padding
assert_equal(4, decrypted_data[-1])
end
def test_iso10126_padding_boundry
@data = 'HELODATA' # 8 bytes, same as padding size
@c1.encrypt
@c1.key = @key
@c1.iv = @iv
@c1.padding = 'ISO10126Padding'
encrypted_data = @c1.update(@data) + @c1.final
# decrypt with padding disabled to see the padding
@c1.decrypt
@c1.padding = 0
decrypted_data = @c1.update(encrypted_data) + @c1.final
assert_equal(@data, decrypted_data[0...@data.size])
# padding should be one whole block
assert_equal(8, decrypted_data[-1])
end
end end
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000 if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
@ -90,6 +169,30 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
} }
end end
end end
# JRUBY-4028
def test_jruby_4028
key = "0599E113A7EE32A9"
data = "1234567890~5J96LC303C1D22DD~20090930005944~http%3A%2F%2Flocalhost%3A8080%2Flogin%3B0%3B1~http%3A%2F%2Fmix-stage.oracle.com%2F~00"
c1 = OpenSSL::Cipher::Cipher.new("DES-CBC")
c1.padding = 0
c1.iv = "0" * 8
c1.encrypt
c1.key = key
e = c1.update data
e << c1.final
c2 = OpenSSL::Cipher::Cipher.new("DES-CBC")
c2.padding = 0
c2.iv = "0" * 8
c2.decrypt
c2.key = key
d = c2.update e
d << c2.final
assert_equal "\342\320B.\300&X\310\344\253\025\215\017*\22015\344\024D\342\213\361\336\311\271\326\016\243\214\026\2545\002\237,\017s\202\316&Ew\323\221H\376\200\304\201\365\332Im\240\361\037\246\3536\001A2\341\324o0\350\364%=\325\330\240\324u\225\304h\277\272\361f\024\324\352\336\353N\002/]C\370!\003)\212oa\225\207\333\340\245\207\024\351\037\327[\212\001{\216\f\315\345\372\v\226\r\233?\002\vJK", e
assert_equal data, d
end
end end
end end

2
test/openssl/test_ec.rb
View file

@ -89,7 +89,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase
sig = key.dsa_sign_asn1(@data1) sig = key.dsa_sign_asn1(@data1)
assert_equal(key.dsa_verify_asn1(@data1, sig), true) assert_equal(key.dsa_verify_asn1(@data1, sig), true)
assert_raises(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) } assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) }
end end
end end

10
test/openssl/test_hmac.rb
View file

@ -29,6 +29,16 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
h = @h1.dup h = @h1.dup
assert_equal(@h1.digest, h.digest, "dup digest") assert_equal(@h1.digest, h.digest, "dup digest")
end end
def test_sha256
digest256 = OpenSSL::Digest::Digest.new("sha256")
assert_equal(
"\210\236-\3270\331Yq\265\177sE\266\231hXa\332\250\026\235O&c*\307\001\227~\260n\362",
OpenSSL::HMAC.digest(digest256, 'blah', "blah"))
assert_equal(
"889e2dd730d95971b57f7345b699685861daa8169d4f26632ac701977eb06ef2",
OpenSSL::HMAC.hexdigest(digest256, 'blah', "blah"))
end
end end
end end

10
test/openssl/test_ns_spki.rb
View file

@ -22,6 +22,16 @@ class OpenSSL::TestNSSPI < Test::Unit::TestCase
def teardown def teardown
end end
def pr(obj, ind=0)
if obj.respond_to?(:value)
puts((" "*ind) + obj.class.to_s + ":")
pr(obj.value,(ind+1))
elsif obj.respond_to?(:each) && !(String===obj)
obj.each {|v| pr(v,ind+1) }
else
puts((" "*ind) + obj.inspect)
end
end
def test_build_data def test_build_data
key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024 key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024

1
test/openssl/test_pkcs7.rb
View file

@ -28,6 +28,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
["keyUsage","Non Repudiation, Digital Signature, Key Encipherment",true], ["keyUsage","Non Repudiation, Digital Signature, Key Encipherment",true],
["authorityKeyIdentifier","keyid:always",false], ["authorityKeyIdentifier","keyid:always",false],
["extendedKeyUsage","clientAuth, emailProtection, codeSigning",false], ["extendedKeyUsage","clientAuth, emailProtection, codeSigning",false],
["nsCertType","client,email",false],
] ]
@ee1_cert = issue_cert(ee1, @rsa1024, 2, Time.now, Time.now+1800, ee_exts, @ee1_cert = issue_cert(ee1, @rsa1024, 2, Time.now, Time.now+1800, ee_exts,
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)

126
test/openssl/test_ssl.rb
View file

@ -6,6 +6,8 @@ end
require "rbconfig" require "rbconfig"
require "socket" require "socket"
require "test/unit" require "test/unit"
require 'tempfile'
begin begin
loadpath = $:.dup loadpath = $:.dup
$:.replace($: | [File.expand_path("../ruby", File.dirname(__FILE__))]) $:.replace($: | [File.expand_path("../ruby", File.dirname(__FILE__))])
@ -58,6 +60,20 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
OpenSSL::TestUtils.issue_crl(*arg) OpenSSL::TestUtils.issue_crl(*arg)
end end
def choose_port(port)
tcps = nil
100.times{ |i|
begin
tcps = TCPServer.new("127.0.0.1", port+i)
port = port + i
break
rescue Errno::EADDRINUSE
next
end
}
return tcps, port
end
def readwrite_loop(ctx, ssl) def readwrite_loop(ctx, ssl)
while line = ssl.gets while line = ssl.gets
if line =~ /^STARTTLS$/ if line =~ /^STARTTLS$/
@ -106,8 +122,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
ctx_proc.call(ctx) if ctx_proc ctx_proc.call(ctx) if ctx_proc
Socket.do_not_reverse_lookup = true Socket.do_not_reverse_lookup = true
tcps = nil tcps, port = choose_port(port0)
port = port0
begin begin
tcps = TCPServer.new("127.0.0.1", port) tcps = TCPServer.new("127.0.0.1", port)
rescue Errno::EADDRINUSE rescue Errno::EADDRINUSE
@ -124,7 +139,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
server_loop(ctx, ssls, server_proc) server_loop(ctx, ssls, server_proc)
end end
$stderr.printf("%s started: pid=%d port=%d\n", SSL_SERVER, pid, port) if $DEBUG $stderr.printf("%s started: pid=%d port=%d\n", SSL_SERVER, $$, port) if $DEBUG
block.call(server, port.to_i) block.call(server, port.to_i)
ensure ensure
@ -133,7 +148,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
server.join(5) server.join(5)
if server.alive? if server.alive?
server.kill server.kill
server.join server.join(5)
flunk("TCPServer was closed and SSLServer is still alive") unless $! flunk("TCPServer was closed and SSLServer is still alive") unless $!
end end
end end
@ -180,6 +195,8 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
ssl.sync_close = true ssl.sync_close = true
ssl.connect ssl.connect
assert_raise(ArgumentError) { ssl.sysread(-1) }
# syswrite and sysread # syswrite and sysread
ITERATIONS.times{|i| ITERATIONS.times{|i|
str = "x" * 100 + "\n" str = "x" * 100 + "\n"
@ -193,6 +210,13 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
assert_equal(str, buf) assert_equal(str, buf)
} }
# puts and gets
ITERATIONS.times{
str = "x" * 100 + "\n"
ssl.puts(str)
assert_equal(str, ssl.gets)
}
# read and write # read and write
ITERATIONS.times{|i| ITERATIONS.times{|i|
str = "x" * 100 + "\n" str = "x" * 100 + "\n"
@ -213,7 +237,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
def test_client_auth def test_client_auth
vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
start_server(PORT, vflag, true){|server, port| start_server(PORT, vflag, true){|server, port|
assert_raises(OpenSSL::SSL::SSLError){ assert_raise(OpenSSL::SSL::SSLError){
sock = TCPSocket.new("127.0.0.1", port) sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect ssl.connect
@ -247,6 +271,82 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
} }
end end
def test_client_auth_with_server_store
vflag = OpenSSL::SSL::VERIFY_PEER
localcacert_file = Tempfile.open("cafile")
localcacert_file << @ca_cert.to_pem
localcacert_file.close
localcacert_path = localcacert_file.path
ssl_store = OpenSSL::X509::Store.new
ssl_store.purpose = OpenSSL::X509::PURPOSE_ANY
ssl_store.add_file(localcacert_path)
args = {}
args[:ctx_proc] = proc { |server_ctx|
server_ctx.cert = @svr_cert
server_ctx.key = @svr_key
server_ctx.verify_mode = vflag
server_ctx.cert_store = ssl_store
}
start_server(PORT, vflag, true, args){|server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = @cli_cert
ctx.key = @cli_key
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.sync_close = true
ssl.connect
ssl.puts("foo")
assert_equal("foo\n", ssl.gets)
ssl.close
localcacert_file.unlink
}
end
def test_client_crl_with_server_store
vflag = OpenSSL::SSL::VERIFY_PEER
localcacert_file = Tempfile.open("cafile")
localcacert_file << @ca_cert.to_pem
localcacert_file.close
localcacert_path = localcacert_file.path
ssl_store = OpenSSL::X509::Store.new
ssl_store.purpose = OpenSSL::X509::PURPOSE_ANY
ssl_store.add_file(localcacert_path)
ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK
crl = issue_crl([], 1, Time.now, Time.now+1600, [],
@cli_cert, @ca_key, OpenSSL::Digest::SHA1.new)
ssl_store.add_crl(OpenSSL::X509::CRL.new(crl.to_pem))
args = {}
args[:ctx_proc] = proc { |server_ctx|
server_ctx.cert = @svr_cert
server_ctx.key = @svr_key
server_ctx.verify_mode = vflag
server_ctx.cert_store = ssl_store
}
start_server(PORT, vflag, true, args){|s, p|
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = @cli_cert
ctx.key = @cli_key
assert_raise(OpenSSL::SSL::SSLError){
sock = TCPSocket.new("127.0.0.1", p)
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.sync_close = true
ssl.connect
ssl.close
}
localcacert_file.unlink
}
end
def test_starttls def test_starttls
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|server, port| start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|server, port|
sock = TCPSocket.new("127.0.0.1", port) sock = TCPSocket.new("127.0.0.1", port)
@ -352,10 +452,10 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
sock = TCPSocket.new("127.0.0.1", port) sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect ssl.connect
assert_raises(sslerr){ssl.post_connection_check("localhost.localdomain")} assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
assert_raises(sslerr){ssl.post_connection_check("127.0.0.1")} assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert(ssl.post_connection_check("localhost")) assert(ssl.post_connection_check("localhost"))
assert_raises(sslerr){ssl.post_connection_check("foo.example.com")} assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
cert = ssl.peer_cert cert = ssl.peer_cert
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain")) assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
@ -378,8 +478,8 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
ssl.connect ssl.connect
assert(ssl.post_connection_check("localhost.localdomain")) assert(ssl.post_connection_check("localhost.localdomain"))
assert(ssl.post_connection_check("127.0.0.1")) assert(ssl.post_connection_check("127.0.0.1"))
assert_raises(sslerr){ssl.post_connection_check("localhost")} assert_raise(sslerr){ssl.post_connection_check("localhost")}
assert_raises(sslerr){ssl.post_connection_check("foo.example.com")} assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
cert = ssl.peer_cert cert = ssl.peer_cert
assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain")) assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
@ -400,9 +500,9 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect ssl.connect
assert(ssl.post_connection_check("localhost.localdomain")) assert(ssl.post_connection_check("localhost.localdomain"))
assert_raises(sslerr){ssl.post_connection_check("127.0.0.1")} assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert_raises(sslerr){ssl.post_connection_check("localhost")} assert_raise(sslerr){ssl.post_connection_check("localhost")}
assert_raises(sslerr){ssl.post_connection_check("foo.example.com")} assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
cert = ssl.peer_cert cert = ssl.peer_cert
assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain")) assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1")) assert(!OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))

67
test/openssl/test_x509cert.rb
View file

@ -157,19 +157,80 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
cert.not_after = Time.now cert.not_after = Time.now
assert_equal(false, cert.verify(@dsa512)) assert_equal(false, cert.verify(@dsa512))
assert_raises(OpenSSL::X509::CertificateError){ assert_raise(OpenSSL::X509::CertificateError){
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::DSS1.new) nil, nil, OpenSSL::Digest::DSS1.new)
} }
assert_raises(OpenSSL::X509::CertificateError){ assert_raise(OpenSSL::X509::CertificateError){
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::MD5.new) nil, nil, OpenSSL::Digest::MD5.new)
} }
assert_raises(OpenSSL::X509::CertificateError){ assert_raise(OpenSSL::X509::CertificateError){
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::SHA1.new) nil, nil, OpenSSL::Digest::SHA1.new)
} }
end end
def test_check_private_key
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::SHA1.new)
assert_equal(true, cert.check_private_key(@rsa2048))
end
def test_to_text
cert_pem = <<END
-----BEGIN CERTIFICATE-----
MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQQFADA9MRMwEQYKCZImiZPyLGQB
GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe
Fw0wOTA1MjMxNTAzNDNaFw0wOTA1MjMxNjAzNDNaMD0xEzARBgoJkiaJk/IsZAEZ
FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9
gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen
fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm
qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6
8JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX
9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID
AQABMA0GCSqGSIb3DQEBBAUAA4IBAQB8UTw1agA9wdXxHMUACduYu6oNL7pdF0dr
w7a4QPJyj62h4+Umxvp13q0PBw0E+mSjhXMcqUhDLjrmMcvvNGhuh5Sdjbe3GI/M
3lCC9OwYYIzzul7omvGC3JEIGfzzdNnPPCPKEWp5X9f0MKLMR79qOf+sjHTjN2BY
SY3YGsEFxyTXDdqrlaYaOtTAdi/C+g1WxR8fkPLefymVwIFwvyc9/bnp7iBn7Hcw
mbxtLPbtQ9mURT0GHewZRTGJ1aiTq9Ag3xXME2FPF04eFRd3mclOQZNXKQ+LDxYf
k0X5FeZvsWf4srFxoVxlcDdJtHh91ZRpDDJYGQlsUm9CPTnO+e4E
-----END CERTIFICATE-----
END
cert = OpenSSL::X509::Certificate.new(cert_pem)
cert_text = <<END
[0] Version: 3
SerialNumber: 1
IssuerDN: DC=org,DC=ruby-lang,CN=CA
Start Date: Sat May 23 17:03:43 CEST 2009
Final Date: Sat May 23 18:03:43 CEST 2009
SubjectDN: DC=org,DC=ruby-lang,CN=CA
Public Key: RSA Public Key
modulus: b95f61b7d27b938341b37f23397bef4ca63d816f272c80929e8e4411347572e17b8b8a4db3d2354091801405f40443b829bcd79ae3af7c2a43dc253e4a5a757a77a77f3abfb7f7bfd48456d30909509505422827e02b6b9092fe3f4ef2c75f148f23e50576fcd40a449800799ab2554ab5a6a9b8ecd3b25bb92e104061972dcf92bbde839182a648d5630622f15554a9c997c0637843dfb77ad2e1be5fcc5d5b9bfaf0991114885d1a56fa24bf1f9657ff03f6e53707493a156bf661121e1c068f07d27930cf7ddf192c4d36ec4e65c80557f4a658714d3498e5fe7ddc4e4a71aa4bff090d187410f1c32f5e517098d5d89eaf6633dbd2b398183a0c707fbde3
public exponent: 10001
Signature Algorithm: MD5withRSA
Signature: 7c513c356a003dc1d5f11cc50009db98bbaa0d2f
ba5d17476bc3b6b840f2728fada1e3e526c6fa75
dead0f070d04fa64a385731ca948432e3ae631cb
ef34686e87949d8db7b7188fccde5082f4ec1860
8cf3ba5ee89af182dc910819fcf374d9cf3c23ca
116a795fd7f430a2cc47bf6a39ffac8c74e33760
58498dd81ac105c724d70ddaab95a61a3ad4c076
2fc2fa0d56c51f1f90f2de7f2995c08170bf273d
fdb9e9ee2067ec773099bc6d2cf6ed43d994453d
061dec19453189d5a893abd020df15cc13614f17
4e1e15177799c94e419357290f8b0f161f9345f9
15e66fb167f8b2b171a15c65703749b4787dd594
690c325819096c526f423d39cef9ee04
END
assert_not_nil(cert.to_text)
# This is commented out because it doesn't take timezone into consideration; FIXME
#assert_equal(cert_text, cert.to_text)
end
end end
end end

15
test/openssl/test_x509crl.rb
View file

@ -213,6 +213,21 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
crl.version = 0 crl.version = 0
assert_equal(false, crl.verify(@dsa512)) assert_equal(false, crl.verify(@dsa512))
end end
def test_create_from_pem
crl = <<END
-----BEGIN X509 CRL-----
MIHkME8CAQEwDQYJKoZIhvcNAQEFBQAwDTELMAkGA1UEAwwCY2EXDTA5MDUyMzEw
MTkyM1oXDTE0MDUyMjEwMTkyM1qgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEB
BQUAA4GBAGrGXN03TQdoluA5Xjv64We9EOvmE0EviKMeaZ/n8krEwFhUK7Yq3GVD
BFrb40cdFX1433buCZHG7Tq7eGv8cG1eO5RasuiedurMQXmVRDTDjGor/58Dk/Wy
owO/GR8ASm6Fx6AUKEgLAaoaaptpaWtEB+N4uaGvc0LFO9WY+ZMq
-----END X509 CRL-----
END
crl = OpenSSL::X509::CRL.new(crl)
assert_equal(1, crl.version)
assert_equal(OpenSSL::X509::Name.parse("/CN=ca").to_der, crl.issuer.to_der)
end
end end
end end

21
test/openssl/test_x509ext.rb
View file

@ -69,6 +69,27 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
%r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary}, %r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
cdp.value) cdp.value)
end end
# JRUBY-3888
# Problems with subjectKeyIdentifier with non 20-bytes sha1 digested keys
def test_certificate_with_rare_extension
cert_file = File.expand_path('max.pem', File.dirname(__FILE__))
cer = OpenSSL::X509::Certificate.new(File.read(cert_file))
exts = Hash.new
cer.extensions.each{|ext| exts[ext.oid] = ext.value}
assert exts["subjectKeyIdentifier"] == "4C:B9:E1:DC:7A:AC:35:CF"
end
def test_extension_from_20_byte_sha1_digests
cert_file = File.expand_path('common.pem', File.dirname(__FILE__))
cer = OpenSSL::X509::Certificate.new(File.read(cert_file))
exts = Hash.new
cer.extensions.each{|ext| exts[ext.oid] = ext.value}
assert exts["subjectKeyIdentifier"] == "B4:AC:83:5D:21:FB:D6:8A:56:7E:B2:49:6D:69:BB:E4:6F:D8:5A:AC"
end
end end
end end

16
test/openssl/test_x509name.rb
View file

@ -6,6 +6,8 @@ require "test/unit"
if defined?(OpenSSL) if defined?(OpenSSL)
require 'digest/md5'
class OpenSSL::TestX509Name < Test::Unit::TestCase class OpenSSL::TestX509Name < Test::Unit::TestCase
OpenSSL::ASN1::ObjectId.register( OpenSSL::ASN1::ObjectId.register(
"1.2.840.113549.1.9.1", "emailAddress", "emailAddress") "1.2.840.113549.1.9.1", "emailAddress", "emailAddress")
@ -261,6 +263,20 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
assert_equal(OpenSSL::ASN1::IA5STRING, ary[3][2]) assert_equal(OpenSSL::ASN1::IA5STRING, ary[3][2])
assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[4][2]) assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[4][2])
end end
def test_hash
dn = "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org"
name = OpenSSL::X509::Name.parse(dn)
d = Digest::MD5.digest(name.to_der)
expected = (d[0] & 0xff) | (d[1] & 0xff) << 8 | (d[2] & 0xff) << 16 | (d[3] & 0xff) << 24
assert_equal(expected, name.hash)
#
dn = "/DC=org/DC=ruby-lang/CN=baz.ruby-lang.org"
name = OpenSSL::X509::Name.parse(dn)
d = Digest::MD5.digest(name.to_der)
expected = (d[0] & 0xff) | (d[1] & 0xff) << 8 | (d[2] & 0xff) << 16 | (d[3] & 0xff) << 24
assert_equal(expected, name.hash)
end
end end
end end

37
test/openssl/test_x509req.rb
View file

@ -135,6 +135,43 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
assert_raise(OpenSSL::X509::RequestError){ assert_raise(OpenSSL::X509::RequestError){
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) } issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
end end
def test_create_from_pem
req = <<END
-----BEGIN CERTIFICATE REQUEST-----
MIIBVTCBvwIBADAWMRQwEgYDVQQDDAsxOTIuMTY4LjAuNDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA0oTTzFLydOTVtBpNdYl4S0356AysVkHlqD/tNEMxQT0l
dXdNoDKb/3TfM5WMciNxBb8rImJ51vEIf6WaWvPbaawcmhNWA9JmhMIeFCdeXyu/
XEjiiEOL4MkWf6qfsu6VoPr2YSnR0iiWLgWcnRPuy84+PE1XPPl1qGDA0apWJ9kC
AwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAKdlyDzVrXRLkPdukQUTTy6uwhv35SKL
FfiKDrHtnFYd7VbynQ1sRre5CknuRrm+E7aEJEwpz6MS+6nqmQ6JwGcm/hlZM/m7
DVD201pI3p6LIxaRyXE20RYTp0Jj6jv+tNFd0wjVlzgStmcplNo8hu6Dtp1gKETW
qL7M4i48FXHn
-----END CERTIFICATE REQUEST-----
END
req = OpenSSL::X509::Request.new(req)
assert_equal(0, req.version)
assert_equal(OpenSSL::X509::Name.parse("/CN=192.168.0.4").to_der, req.subject.to_der)
end
def test_create_to_pem
req_s = <<END
-----BEGIN CERTIFICATE REQUEST-----
MIIBVTCBvwIBADAWMRQwEgYDVQQDDAsxOTIuMTY4LjAuNDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA0oTTzFLydOTVtBpNdYl4S0356AysVkHlqD/tNEMxQT0l
dXdNoDKb/3TfM5WMciNxBb8rImJ51vEIf6WaWvPbaawcmhNWA9JmhMIeFCdeXyu/
XEjiiEOL4MkWf6qfsu6VoPr2YSnR0iiWLgWcnRPuy84+PE1XPPl1qGDA0apWJ9kC
AwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAKdlyDzVrXRLkPdukQUTTy6uwhv35SKL
FfiKDrHtnFYd7VbynQ1sRre5CknuRrm+E7aEJEwpz6MS+6nqmQ6JwGcm/hlZM/m7
DVD201pI3p6LIxaRyXE20RYTp0Jj6jv+tNFd0wjVlzgStmcplNo8hu6Dtp1gKETW
qL7M4i48FXHn
-----END CERTIFICATE REQUEST-----
END
req = OpenSSL::X509::Request.new(req_s)
assert_equal(req_s, req.to_pem)
end
end end
end end

32
test/openssl/test_x509store.rb
View file

@ -4,6 +4,7 @@ begin
rescue LoadError rescue LoadError
end end
require "test/unit" require "test/unit"
require "tempfile"
if defined?(OpenSSL) if defined?(OpenSSL)
@ -198,7 +199,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
nil, nil, OpenSSL::Digest::SHA1.new) nil, nil, OpenSSL::Digest::SHA1.new)
store = OpenSSL::X509::Store.new store = OpenSSL::X509::Store.new
store.add_cert(ca1_cert) store.add_cert(ca1_cert)
assert_raises(OpenSSL::X509::StoreError){ assert_raise(OpenSSL::X509::StoreError){
store.add_cert(ca1_cert) # add same certificate twice store.add_cert(ca1_cert) # add same certificate twice
} }
@ -209,10 +210,37 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [], crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new) ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
store.add_crl(crl1) store.add_crl(crl1)
assert_raises(OpenSSL::X509::StoreError){ assert_raise(OpenSSL::X509::StoreError){
store.add_crl(crl2) # add CRL issued by same CA twice. store.add_crl(crl2) # add CRL issued by same CA twice.
} }
end end
def test_add_file
ca1_cert = <<END
-----BEGIN CERTIFICATE-----
MIIBzzCCATigAwIBAgIBATANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDDAJjYTAe
Fw0wOTA1MjIxMDE5MjNaFw0xNDA1MjExMDE5MjNaMA0xCzAJBgNVBAMMAmNhMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcTL520vsbXHXPfkHKrcgWbk2zVf0y
oK7bPg06kjCghs8KYsi9b/tT9KpkpejD0KucDBSmDILD3PvIWrNFcBRWf6ZC5vA5
YuF6ueATuFhsXjUFuNLqyPcIX+XrOQmXgjiyO9nc5vzQwWRRhdyyT8DgCRUD/yHW
pjD2ZEGIAVLY/wIDAQABoz8wPTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQf
923P/SgiCcbiN20bbmuFM6SLxzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQAD
gYEAE0CpCo8MxhfUNWMHF5GsGEG2+1LdE+aUX7gSb6d4vn1WjusrM2FoOFTomt32
YPqJwMEbcqILq2v9Kkao4QNJRlK+z1xpRDnt1iBrHdXrYJFvYnfMqv3z7XAFPfQZ
yMP+P2sR0jPzy4UNZfDIMmMUqQdhkz7onKWOGjXwLEtkCMs=
-----END CERTIFICATE-----
END
f = Tempfile.new("ca1_cert")
f << ca1_cert
f.close
store = OpenSSL::X509::Store.new
store.add_file(f.path)
assert_equal(true, store.verify(OpenSSL::X509::Certificate.new(ca1_cert)))
f.unlink
end
end end
end end