jruby-jruby-openssl 0.5.0.4

data/test/openssl/ssl_server.rb

@@ -0,0 +1,99 @@
+require "socket"
+require "thread"
+require "openssl"
+require File.join(File.dirname(__FILE__), "utils.rb")
+
+def get_pem(io=$stdin)
+  buf = ""
+  while line = io.gets
+    if /^-----BEGIN / =~ line
+      buf << line
+      break
+    end
+  end
+  while line = io.gets
+    buf << line
+    if /^-----END / =~ line
+      break
+    end
+  end
+  return buf
+end
+
+def make_key(pem)
+  begin
+    return OpenSSL::PKey::RSA.new(pem)
+  rescue
+    return OpenSSL::PKey::DSA.new(pem)
+  end
+end
+
+if $DEBUG
+  def log(s); File.open("ssl-server-debug", "a") {|f| f.puts s}; end
+  File.open("ssl-server-debug", "w") {|f| f << ""}
+  log "server starting"
+else
+  def log(s) end
+end
+
+begin
+ca_cert  = OpenSSL::X509::Certificate.new(get_pem)
+log "got ca cert #{ca_cert.inspect}"
+ssl_cert = OpenSSL::X509::Certificate.new(get_pem)
+log "got ssl cert #{ssl_cert.inspect}"
+ssl_key  = make_key(get_pem)
+port = Integer(ARGV.shift)
+verify_mode = Integer(ARGV.shift)
+start_immediately = (/yes/ =~ ARGV.shift)
+
+store = OpenSSL::X509::Store.new
+store.add_cert(ca_cert)
+store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
+ctx = OpenSSL::SSL::SSLContext.new
+ctx.cert_store = store
+#ctx.extra_chain_cert = [ ca_cert ]
+ctx.cert = ssl_cert
+ctx.key = ssl_key
+ctx.verify_mode = verify_mode
+
+Socket.do_not_reverse_lookup = true
+tcps = nil
+100.times{|i|
+  begin
+    log "starting server on #{port+i}"
+    tcps = TCPServer.new("0.0.0.0", port+i)
+    port = port + i
+    break
+  rescue Errno::EADDRINUSE
+    next 
+  end
+}
+log "starting ssl server"
+ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
+ssls.start_immediately = start_immediately
+
+log("sending pid #{Process.pid}")
+$stdout.sync = true
+$stdout.puts Process.pid
+$stdout.puts port
+
+loop do
+  ssl = ssls.accept rescue next
+  Thread.start{
+    q = Queue.new
+    th = Thread.start{ ssl.write(q.shift) while true }
+    while line = ssl.gets
+      if line =~ /^STARTTLS$/
+        ssl.accept
+        next
+      end
+      q.push(line)
+    end
+    th.kill if q.empty?
+    ssl.close
+  }
+end
+rescue
+  log $!
+  log $!.backtrace.join("\n")
+end

data/test/openssl/test_asn1.rb

@@ -0,0 +1,199 @@
+begin
+  require "openssl"
+  require File.join(File.dirname(__FILE__), "utils.rb")
+rescue LoadError
+end
+require 'test/unit'
+
+class  OpenSSL::TestASN1 < Test::Unit::TestCase
+  def test_decode
+    subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
+    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    now = Time.at(Time.now.to_i) # suppress usec
+#    now = Time.utc(2006,04,03,22,15,13)
+    s = 0xdeadbeafdeadbeafdeadbeafdeadbeaf
+    exts = [
+      ["basicConstraints","CA:TRUE,pathlen:1",true],
+      ["keyUsage","keyCertSign, cRLSign",true],
+      ["subjectKeyIdentifier","hash",false],
+    ]
+    dgst = OpenSSL::Digest::SHA1.new
+    cert = OpenSSL::TestUtils.issue_cert(
+      subj, key, s, now, now+3600, exts, nil, nil, dgst)
+
+    asn1 = OpenSSL::ASN1.decode(cert)
+    assert_equal(OpenSSL::ASN1::Sequence, asn1.class)
+    assert_equal(3, asn1.value.size)
+    tbs_cert, sig_alg, sig_val = *asn1.value
+
+    assert_equal(OpenSSL::ASN1::Sequence, tbs_cert.class)
+    assert_equal(8, tbs_cert.value.size)
+
+    version = tbs_cert.value[0]
+    assert_equal(:CONTEXT_SPECIFIC, version.tag_class)
+    assert_equal(0, version.tag)
+
+    assert_equal(1, version.value.size)
+    assert_equal(OpenSSL::ASN1::Integer, version.value[0].class)
+    assert_equal(2, version.value[0].value)
+
+    serial = tbs_cert.value[1]
+    assert_equal(OpenSSL::ASN1::Integer, serial.class)
+    assert_equal(0xdeadbeafdeadbeafdeadbeafdeadbeaf, serial.value)
+
+    sig = tbs_cert.value[2]
+    assert_equal(OpenSSL::ASN1::Sequence, sig.class)
+    assert_equal(2, sig.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, sig.value[0].class)
+    assert_equal("1.2.840.113549.1.1.5", sig.value[0].oid)
+    assert_equal(OpenSSL::ASN1::Null, sig.value[1].class)
+
+    dn = tbs_cert.value[3] # issuer
+    assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.class)
+    assert_equal(3, dn.value.size)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[0].class)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[1].class)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[2].class)
+    assert_equal(1, dn.value[0].value.size)
+    assert_equal(1, dn.value[1].value.size)
+    assert_equal(1, dn.value[2].value.size)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class)
+    assert_equal(2, dn.value[0].value[0].value.size)
+    assert_equal(2, dn.value[1].value[0].value.size)
+    assert_equal(2, dn.value[2].value[0].value.size)
+    oid, value = *dn.value[0].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
+    assert_equal(OpenSSL::ASN1::IA5String, value.class)
+    assert_equal("org", value.value)
+    oid, value = *dn.value[1].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
+    assert_equal(OpenSSL::ASN1::IA5String, value.class)
+    assert_equal("ruby-lang", value.value)
+    oid, value = *dn.value[2].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("2.5.4.3", oid.oid)
+    assert_equal(OpenSSL::ASN1::UTF8String, value.class)
+    assert_equal("TestCA", value.value)
+
+    validity = tbs_cert.value[4]
+    assert_equal(OpenSSL::ASN1::Sequence, validity.class)
+    assert_equal(2, validity.value.size)
+    assert_equal(OpenSSL::ASN1::UTCTime, validity.value[0].class)
+    assert_equal(now, validity.value[0].value)
+    assert_equal(OpenSSL::ASN1::UTCTime, validity.value[1].class)
+    assert_equal(now+3600, validity.value[1].value)
+
+    dn = tbs_cert.value[5] # subject
+    assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.class)
+    assert_equal(3, dn.value.size)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[0].class)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[1].class)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[2].class)
+    assert_equal(1, dn.value[0].value.size)
+    assert_equal(1, dn.value[1].value.size)
+    assert_equal(1, dn.value[2].value.size)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class)
+    assert_equal(2, dn.value[0].value[0].value.size)
+    assert_equal(2, dn.value[1].value[0].value.size)
+    assert_equal(2, dn.value[2].value[0].value.size)
+    oid, value = *dn.value[0].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
+    assert_equal(OpenSSL::ASN1::IA5String, value.class)
+    assert_equal("org", value.value)
+    oid, value = *dn.value[1].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
+    assert_equal(OpenSSL::ASN1::IA5String, value.class)
+    assert_equal("ruby-lang", value.value)
+    oid, value = *dn.value[2].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("2.5.4.3", oid.oid)
+    assert_equal(OpenSSL::ASN1::UTF8String, value.class)
+    assert_equal("TestCA", value.value)
+
+    pkey = tbs_cert.value[6]
+    assert_equal(OpenSSL::ASN1::Sequence, pkey.class)
+    assert_equal(2, pkey.value.size)
+    assert_equal(OpenSSL::ASN1::Sequence, pkey.value[0].class)
+    assert_equal(2, pkey.value[0].value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class)
+    assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid)
+    assert_equal(OpenSSL::ASN1::BitString, pkey.value[1].class)
+    assert_equal(0, pkey.value[1].unused_bits)
+    spkey = OpenSSL::ASN1.decode(pkey.value[1].value)
+    assert_equal(OpenSSL::ASN1::Sequence, spkey.class)
+    assert_equal(2, spkey.value.size)
+    assert_equal(OpenSSL::ASN1::Integer, spkey.value[0].class)
+    assert_equal(143085709396403084580358323862163416700436550432664688288860593156058579474547937626086626045206357324274536445865308750491138538454154232826011964045825759324933943290377903384882276841880081931690695505836279972214003660451338124170055999155993192881685495391496854691199517389593073052473319331505702779271, spkey.value[0].value)
+    assert_equal(OpenSSL::ASN1::Integer, spkey.value[1].class)
+    assert_equal(65537, spkey.value[1].value)
+
+    extensions = tbs_cert.value[7]
+    assert_equal(:CONTEXT_SPECIFIC, extensions.tag_class)
+    assert_equal(3, extensions.tag)
+    assert_equal(1, extensions.value.size)
+    assert_equal(OpenSSL::ASN1::Sequence, extensions.value[0].class)
+    assert_equal(3, extensions.value[0].value.size)
+
+    ext = extensions.value[0].value[0]  # basicConstraints
+    assert_equal(OpenSSL::ASN1::Sequence, ext.class)
+    assert_equal(3, ext.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
+    assert_equal("2.5.29.19",  ext.value[0].oid)
+    assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class)
+    assert_equal(true, ext.value[1].value)
+    assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class)
+    extv = OpenSSL::ASN1.decode(ext.value[2].value)
+    assert_equal(OpenSSL::ASN1::Sequence, extv.class)
+    assert_equal(2, extv.value.size)
+    assert_equal(OpenSSL::ASN1::Boolean, extv.value[0].class)
+    assert_equal(true, extv.value[0].value)
+    assert_equal(OpenSSL::ASN1::Integer, extv.value[1].class)
+    assert_equal(1, extv.value[1].value)
+
+    ext = extensions.value[0].value[1]  # keyUsage
+    assert_equal(OpenSSL::ASN1::Sequence, ext.class)
+    assert_equal(3, ext.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
+    assert_equal("2.5.29.15",  ext.value[0].oid)
+    assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class)
+    assert_equal(true, ext.value[1].value)
+    assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class)
+    extv = OpenSSL::ASN1.decode(ext.value[2].value)
+    assert_equal(OpenSSL::ASN1::BitString, extv.class)
+    str = "\000"; str[0] = 0b00000110
+    assert_equal(str, extv.value)
+
+    ext = extensions.value[0].value[2]  # subjetKeyIdentifier
+    assert_equal(OpenSSL::ASN1::Sequence, ext.class)
+    assert_equal(2, ext.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
+    assert_equal("2.5.29.14",  ext.value[0].oid)
+    assert_equal(OpenSSL::ASN1::OctetString, ext.value[1].class)
+    extv = OpenSSL::ASN1.decode(ext.value[1].value)
+    assert_equal(OpenSSL::ASN1::OctetString, extv.class)
+    sha1 = OpenSSL::Digest::SHA1.new
+    sha1.update(pkey.value[1].value)
+    assert_equal(sha1.digest, extv.value)
+
+    assert_equal(OpenSSL::ASN1::Sequence, sig_alg.class)
+    assert_equal(2, sig_alg.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class)
+    assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid)
+    assert_equal(OpenSSL::ASN1::Null, pkey.value[0].value[1].class)
+
+    assert_equal(OpenSSL::ASN1::BitString, sig_val.class)
+
+    cululated_sig = key.sign(OpenSSL::Digest::SHA1.new, tbs_cert.to_der)
+    assert_equal(cululated_sig, sig_val.value)
+  end
+end if defined?(OpenSSL)

data/test/openssl/test_cipher.rb

@@ -0,0 +1,174 @@
+if defined?(JRUBY_VERSION)
+  require "java"
+  base = File.join(File.dirname(__FILE__), '..', '..')
+  $CLASSPATH << File.join(base, 'pkg', 'classes')
+  $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
+end
+
+begin
+  require "openssl"
+rescue LoadError
+end
+require "test/unit"
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestCipher < Test::Unit::TestCase
+  def setup
+    @c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC")
+    @c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
+    @key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+    @iv = "\0\0\0\0\0\0\0\0"
+    @iv1 = "\1\1\1\1\1\1\1\1"
+    @hexkey = "0000000000000000000000000000000000000000000000"
+    @hexiv = "0000000000000000"
+    @data = "DATA"
+  end
+
+  def teardown
+    @c1 = @c2 = nil
+  end
+
+  def test_crypt
+    @c1.encrypt.pkcs5_keyivgen(@key, @iv)
+    @c2.encrypt.pkcs5_keyivgen(@key, @iv)
+    s1 = @c1.update(@data) + @c1.final
+    s2 = @c2.update(@data) + @c2.final
+    assert_equal(s1, s2, "encrypt")
+
+    @c1.decrypt.pkcs5_keyivgen(@key, @iv)
+    @c2.decrypt.pkcs5_keyivgen(@key, @iv)
+    assert_equal(@data, @c1.update(s1)+@c1.final, "decrypt")
+    assert_equal(@data, @c2.update(s2)+@c2.final, "decrypt")
+  end
+
+  def test_info
+    assert_equal("DES-EDE3-CBC", @c1.name, "name")
+    assert_equal("DES-EDE3-CBC", @c2.name, "name")
+    assert_kind_of(Fixnum, @c1.key_len, "key_len")
+    assert_kind_of(Fixnum, @c1.iv_len, "iv_len")
+  end
+
+  def test_dup
+    assert_equal(@c1.name, @c1.dup.name, "dup")
+    assert_equal(@c1.name, @c1.clone.name, "clone")
+    @c1.encrypt
+    @c1.key = @key
+    @c1.iv = @iv
+    tmpc = @c1.dup
+    s1 = @c1.update(@data) + @c1.final
+    s2 = tmpc.update(@data) + tmpc.final
+    assert_equal(s1, s2, "encrypt dup")
+  end
+
+  def test_reset
+    @c1.encrypt
+    @c1.key = @key
+    @c1.iv = @iv
+    s1 = @c1.update(@data) + @c1.final
+    @c1.reset
+    s2 = @c1.update(@data) + @c1.final
+    assert_equal(s1, s2, "encrypt reset")
+  end
+
+  def test_set_iv
+    @c1.encrypt
+    @c1.key = @key
+    @c1.iv = @iv
+    s1 = @c1.update(@data) + @c1.final
+    @c1.iv = @iv1
+    s1 += @c1.update(@data) + @c1.final
+    @c1.reset
+    @c1.iv = @iv
+    s2 = @c1.update(@data) + @c1.final
+    @c1.iv = @iv1
+    s2 += @c1.update(@data) + @c1.final
+    assert_equal(s1, s2, "encrypt reset")
+  end
+
+  def test_empty_data
+    @c1.encrypt
+    assert_raises(ArgumentError){ @c1.update("") }
+  end
+
+  def test_disable_padding(padding=0)
+    # assume a padding size of 8
+    # encrypt the data with padding
+    @c1.encrypt
+    @c1.key = @key
+    @c1.iv = @iv
+    encrypted_data = @c1.update(@data) + @c1.final
+    assert_equal(8, encrypted_data.size)
+    # decrypt with padding disabled
+    @c1.decrypt
+    @c1.padding = padding
+    decrypted_data = @c1.update(encrypted_data) + @c1.final
+    # check that the result contains the padding
+    assert_equal(8, decrypted_data.size)
+    assert_equal(@data, decrypted_data[0...@data.size])
+  end
+
+  if PLATFORM =~ /java/
+    # JRuby extension - using Java padding types
+    
+    def test_disable_padding_javastyle
+      test_disable_padding('NoPadding')
+    end
+  
+    def test_iso10126_padding
+      @c1.encrypt
+      @c1.key = @key
+      @c1.iv = @iv
+      @c1.padding = 'ISO10126Padding'
+      encrypted_data = @c1.update(@data) + @c1.final
+      # decrypt with padding disabled to see the padding
+      @c1.decrypt
+      @c1.padding = 0
+      decrypted_data = @c1.update(encrypted_data) + @c1.final
+      assert_equal(@data, decrypted_data[0...@data.size])
+      # last byte should be the amount of padding
+      assert_equal(4, decrypted_data[-1])
+    end
+
+    def test_iso10126_padding_boundry
+      @data = 'HELODATA' # 8 bytes, same as padding size
+      @c1.encrypt
+      @c1.key = @key
+      @c1.iv = @iv
+      @c1.padding = 'ISO10126Padding'
+      encrypted_data = @c1.update(@data) + @c1.final
+      # decrypt with padding disabled to see the padding
+      @c1.decrypt
+      @c1.padding = 0
+      decrypted_data = @c1.update(encrypted_data) + @c1.final
+      assert_equal(@data, decrypted_data[0...@data.size])
+      # padding should be one whole block
+      assert_equal(8, decrypted_data[-1])
+    end
+  end
+
+  if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
+    def test_ciphers
+      OpenSSL::Cipher.ciphers.each{|name|
+        assert(OpenSSL::Cipher::Cipher.new(name).is_a?(OpenSSL::Cipher::Cipher))
+      }
+    end
+
+    def test_AES
+      pt = File.read(__FILE__)
+      %w(ECB CBC CFB OFB).each{|mode|
+        c1 = OpenSSL::Cipher::AES256.new(mode)
+        c1.encrypt
+        c1.pkcs5_keyivgen("passwd")
+        ct = c1.update(pt) + c1.final
+
+        c2 = OpenSSL::Cipher::AES256.new(mode)
+        c2.decrypt
+        c2.pkcs5_keyivgen("passwd")
+        assert_equal(pt, c2.update(ct) + c2.final)
+      }
+    end
+  end
+end
+
+end