From f31f1f1adf4b6c573d2620ee2bf72f3bc1fb854c Mon Sep 17 00:00:00 2001 From: rhe Date: Sun, 19 Jun 2016 09:42:29 +0000 Subject: [PATCH] openssl: implement initialize_copy for OpenSSL::OCSP::* * ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 8 ++++ ext/openssl/ossl_ocsp.c | 80 +++++++++++++++++++++++++++++++++++++++ test/openssl/test_ocsp.rb | 28 ++++++++++++++ 3 files changed, 116 insertions(+) diff --git a/ChangeLog b/ChangeLog index f64801b7bc..1357e30125 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +Sun Jun 19 18:39:38 2016 Kazuki Yamaguchi + + * ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, + BasicResponse,Response}#initialize_copy. + [ruby-core:75504] [Bug #12381] + + * test/openssl/test_ocsp.rb: Test them. + Sun Jun 19 18:29:50 2016 Kazuki Yamaguchi * ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index b63361d040..39f1eb043e 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -163,6 +163,25 @@ ossl_ocspreq_alloc(VALUE klass) return obj; } +static VALUE +ossl_ocspreq_initialize_copy(VALUE self, VALUE other) +{ + OCSP_REQUEST *req, *req_old, *req_new; + + rb_check_frozen(self); + GetOCSPReq(self, req_old); + SafeGetOCSPReq(other, req); + + req_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_REQUEST), req); + if (!req_new) + ossl_raise(eOCSPError, "ASN1_item_dup"); + + SetOCSPReq(self, req_new); + OCSP_REQUEST_free(req_old); + + return self; +} + /* * call-seq: * OpenSSL::OCSP::Request.new -> request @@ -455,6 +474,25 @@ ossl_ocspres_alloc(VALUE klass) return obj; } +static VALUE +ossl_ocspres_initialize_copy(VALUE self, VALUE other) +{ + OCSP_RESPONSE *res, *res_old, *res_new; + + rb_check_frozen(self); + GetOCSPRes(self, res_old); + SafeGetOCSPRes(other, res); + + res_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_RESPONSE), res); + if (!res_new) + ossl_raise(eOCSPError, "ASN1_item_dup"); + + SetOCSPRes(self, res_new); + OCSP_RESPONSE_free(res_old); + + return self; +} + /* * call-seq: * OpenSSL::OCSP::Response.new -> response @@ -589,6 +627,25 @@ ossl_ocspbres_alloc(VALUE klass) return obj; } +static VALUE +ossl_ocspbres_initialize_copy(VALUE self, VALUE other) +{ + OCSP_BASICRESP *bs, *bs_old, *bs_new; + + rb_check_frozen(self); + GetOCSPBasicRes(self, bs_old); + SafeGetOCSPBasicRes(other, bs); + + bs_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs); + if (!bs_new) + ossl_raise(eOCSPError, "ASN1_item_dup"); + + SetOCSPBasicRes(self, bs_new); + OCSP_BASICRESP_free(bs_old); + + return self; +} + /* * call-seq: * OpenSSL::OCSP::BasicResponse.new(der_string = nil) -> basic_response @@ -927,6 +984,25 @@ ossl_ocspcid_alloc(VALUE klass) return obj; } +static VALUE +ossl_ocspcid_initialize_copy(VALUE self, VALUE other) +{ + OCSP_CERTID *cid, *cid_old, *cid_new; + + rb_check_frozen(self); + GetOCSPCertId(self, cid_old); + SafeGetOCSPCertId(other, cid); + + cid_new = OCSP_CERTID_dup(cid); + if (!cid_new) + ossl_raise(eOCSPError, "OCSP_CERTID_dup"); + + SetOCSPCertId(self, cid_new); + OCSP_CERTID_free(cid_old); + + return self; +} + /* * call-seq: * OpenSSL::OCSP::CertificateId.new(subject, issuer, digest = nil) -> certificate_id @@ -1267,6 +1343,7 @@ Init_ossl_ocsp(void) cOCSPReq = rb_define_class_under(mOCSP, "Request", rb_cObject); rb_define_alloc_func(cOCSPReq, ossl_ocspreq_alloc); + rb_define_copy_func(cOCSPReq, ossl_ocspreq_initialize_copy); rb_define_method(cOCSPReq, "initialize", ossl_ocspreq_initialize, -1); rb_define_method(cOCSPReq, "add_nonce", ossl_ocspreq_add_nonce, -1); rb_define_method(cOCSPReq, "check_nonce", ossl_ocspreq_check_nonce, 1); @@ -1284,6 +1361,7 @@ Init_ossl_ocsp(void) cOCSPRes = rb_define_class_under(mOCSP, "Response", rb_cObject); rb_define_singleton_method(cOCSPRes, "create", ossl_ocspres_s_create, 2); rb_define_alloc_func(cOCSPRes, ossl_ocspres_alloc); + rb_define_copy_func(cOCSPRes, ossl_ocspres_initialize_copy); rb_define_method(cOCSPRes, "initialize", ossl_ocspres_initialize, -1); rb_define_method(cOCSPRes, "status", ossl_ocspres_status, 0); rb_define_method(cOCSPRes, "status_string", ossl_ocspres_status_string, 0); @@ -1298,6 +1376,7 @@ Init_ossl_ocsp(void) cOCSPBasicRes = rb_define_class_under(mOCSP, "BasicResponse", rb_cObject); rb_define_alloc_func(cOCSPBasicRes, ossl_ocspbres_alloc); + rb_define_copy_func(cOCSPBasicRes, ossl_ocspbres_initialize_copy); rb_define_method(cOCSPBasicRes, "initialize", ossl_ocspbres_initialize, -1); rb_define_method(cOCSPBasicRes, "copy_nonce", ossl_ocspbres_copy_nonce, 1); rb_define_method(cOCSPBasicRes, "add_nonce", ossl_ocspbres_add_nonce, -1); @@ -1314,6 +1393,7 @@ Init_ossl_ocsp(void) cOCSPCertId = rb_define_class_under(mOCSP, "CertificateId", rb_cObject); rb_define_alloc_func(cOCSPCertId, ossl_ocspcid_alloc); + rb_define_copy_func(cOCSPCertId, ossl_ocspcid_initialize_copy); rb_define_method(cOCSPCertId, "initialize", ossl_ocspcid_initialize, -1); rb_define_method(cOCSPCertId, "cmp", ossl_ocspcid_cmp, 1); rb_define_method(cOCSPCertId, "cmp_issuer", ossl_ocspcid_cmp_issuer, 1); diff --git a/test/openssl/test_ocsp.rb b/test/openssl/test_ocsp.rb index ad8e10a0ea..0f9a5acd90 100644 --- a/test/openssl/test_ocsp.rb +++ b/test/openssl/test_ocsp.rb @@ -73,6 +73,11 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase assert_equal der, OpenSSL::OCSP::CertificateId.new(der).to_der end + def test_certificate_id_dup + cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert) + assert_equal cid.to_der, cid.dup.to_der + end + def test_request_der request = OpenSSL::OCSP::Request.new cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new) @@ -116,6 +121,14 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase assert_equal 3, req0.check_nonce(bres) end + def test_request_dup + request = OpenSSL::OCSP::Request.new + cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new) + request.add_certid(cid) + request.sign(@cert, @key, nil, 0, "SHA1") + assert_equal request.to_der, request.dup.to_der + end + def test_basic_response_der bres = OpenSSL::OCSP::BasicResponse.new cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new) @@ -141,6 +154,14 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase assert_equal true, bres.verify([], store2, OpenSSL::OCSP::NOVERIFY) end + def test_basic_response_dup + bres = OpenSSL::OCSP::BasicResponse.new + cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new) + bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0, nil, -300, 500, []) + bres.sign(@cert2, @key2, [@ca_cert], 0) + assert_equal bres.to_der, bres.dup.to_der + end + def test_response_der bres = OpenSSL::OCSP::BasicResponse.new cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new) @@ -154,6 +175,13 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase assert_equal bres.to_der, asn1.value[1].value[0].value[1].value assert_equal der, OpenSSL::OCSP::Response.new(der).to_der end + + def test_response_dup + bres = OpenSSL::OCSP::BasicResponse.new + bres.sign(@cert2, @key2, [@ca_cert], 0) + res = OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, bres) + assert_equal res.to_der, res.dup.to_der + end end end