jruby-openssl-maven 0.7.4.1

data/test/java/test_java_smime.rb

@@ -0,0 +1,177 @@
+module PKCS7Test
+  class TestJavaSMIME < Test::Unit::TestCase
+    def test_read_pkcs7_should_raise_error_when_parsing_headers_fails
+      bio = BIO.new
+      mime = Mime.new
+      mime.stubs(:parseHeaders).returns(nil)
+
+      begin
+        SMIME.new(mime).readPKCS7(bio, nil)
+        assert false
+      rescue PKCS7Exception => e
+        assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
+        assert_equal PKCS7::R_MIME_PARSE_ERROR, e.cause.get_reason
+      end
+    end
+
+    def test_read_pkcs7_should_raise_error_when_content_type_is_not_there
+      bio = BIO.new
+      mime = Mime.new
+
+      headers = ArrayList.new
+      mime.expects(:parseHeaders).with(bio).returns(headers)
+      mime.expects(:findHeader).with(headers, "content-type").returns(nil)
+
+      begin
+        SMIME.new(mime).readPKCS7(bio, nil)
+        assert false
+      rescue PKCS7Exception => e
+        assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
+        assert_equal PKCS7::R_NO_CONTENT_TYPE, e.cause.get_reason
+      end
+
+
+      
+      
+      mime = Mime.new
+      mime.expects(:parseHeaders).with(bio).returns(headers)
+      mime.expects(:findHeader).with(headers, "content-type").returns(MimeHeader.new("content-type", nil))
+
+      begin
+        SMIME.new(mime).readPKCS7(bio, nil)
+        assert false
+      rescue PKCS7Exception => e
+        assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
+        assert_equal PKCS7::R_NO_CONTENT_TYPE, e.cause.get_reason
+      end
+    end
+    
+    def test_read_pkcs7_should_set_the_second_arguments_contents_to_null_if_its_there
+      mime = Mime.new
+      mime.stubs(:parseHeaders).raises("getOutOfJailForFree")
+      
+      bio2 = BIO.new
+      arr = [bio2].to_java BIO
+      
+      begin
+        SMIME.new(mime).readPKCS7(nil, arr)
+      rescue
+      end
+
+      assert_nil arr[0]
+
+
+      arr = [bio2, bio2].to_java BIO
+      begin
+        SMIME.new(mime).readPKCS7(nil, arr)
+      rescue
+      end
+
+      assert_nil arr[0]
+      assert_equal bio2, arr[1]
+    end
+    
+    def test_read_pkcs7_should_call_methods_on_mime
+      bio = BIO.new
+      mime = Mime.new
+
+      headers = ArrayList.new
+      mime.expects(:parseHeaders).with(bio).returns(headers)
+      mime.expects(:findHeader).with(headers, "content-type").returns(MimeHeader.new("content-type", "application/pkcs7-mime"))
+
+      begin
+        SMIME.new(mime).readPKCS7(bio, nil)
+      rescue java.lang.UnsupportedOperationException
+        # This error is expected, since the bio used is not a real one
+      end
+    end
+
+    def test_read_pkcs7_throws_correct_exception_if_wrong_content_type
+      bio = BIO.new
+      mime = Mime.new
+
+      headers = ArrayList.new
+      mime.expects(:parseHeaders).with(bio).returns(headers)
+      mime.expects(:findHeader).with(headers, "content-type").returns(MimeHeader.new("content-type", "foo"))
+
+      begin
+        SMIME.new(mime).readPKCS7(bio, nil)
+        assert false
+      rescue PKCS7Exception => e
+        assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
+        assert_equal PKCS7::R_INVALID_MIME_TYPE, e.cause.get_reason
+        assert_equal "type: foo", e.cause.error_data
+      end
+    end
+    
+    def test_read_pkcs7_with_multipart_should_fail_if_no_boundary_found
+      bio = BIO.new
+      mime = Mime.new
+
+      headers = ArrayList.new
+      hdr = MimeHeader.new("content-type", "multipart/signed")
+      mime.expects(:parseHeaders).with(bio).returns(headers)
+      mime.expects(:findHeader).with(headers, "content-type").returns(hdr)
+
+      mime.expects(:findParam).with(hdr, "boundary").returns(nil)
+      
+      begin
+        SMIME.new(mime).readPKCS7(bio, nil)
+        assert false
+      rescue PKCS7Exception => e
+        assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
+        assert_equal PKCS7::R_NO_MULTIPART_BOUNDARY, e.cause.get_reason
+      end
+    end
+    
+    def test_read_pkcs7_with_multipart_should_fail_if_null_boundary_value
+      bio = BIO.new
+      mime = Mime.new
+
+      headers = ArrayList.new
+      hdr = MimeHeader.new("content-type", "multipart/signed")
+      mime.expects(:parseHeaders).with(bio).returns(headers)
+      mime.expects(:findHeader).with(headers, "content-type").returns(hdr)
+
+      mime.expects(:findParam).with(hdr, "boundary").returns(MimeParam.new("boundary", nil))
+      
+      begin
+        SMIME.new(mime).readPKCS7(bio, nil)
+        assert false
+      rescue PKCS7Exception => e
+        assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
+        assert_equal PKCS7::R_NO_MULTIPART_BOUNDARY, e.cause.get_reason
+      end
+    end
+
+    # TODO: redo this test to be an integration test
+    def _test_read_pkcs7_happy_path_without_multipart
+      bio = BIO.new
+      mime = Mime.new
+
+      headers = ArrayList.new
+      mime.expects(:parseHeaders).with(bio).returns(headers)
+      mime.expects(:findHeader).with(headers, "content-type").returns(MimeHeader.new("content-type", "application/pkcs7-mime"))
+
+      SMIME.new(mime).readPKCS7(bio, nil)
+    end
+    
+    def test_read_pkcs7_happy_path_multipart
+      bio = BIO::from_string(MultipartSignedString)
+      mime = Mime::DEFAULT
+      p7 = SMIME.new(mime).readPKCS7(bio, nil)
+    end
+
+    def test_read_pkcs7_happy_path_without_multipart_enveloped
+      bio = BIO::from_string(MimeEnvelopedString)
+      mime = Mime::DEFAULT
+      p7 = SMIME.new(mime).readPKCS7(bio, nil)
+    end
+
+    def test_read_pkcs7_happy_path_without_multipart_signed
+      bio = BIO::from_string(MimeSignedString)
+      mime = Mime::DEFAULT
+      p7 = SMIME.new(mime).readPKCS7(bio, nil)
+    end
+  end
+end

data/test/openssl/ssl_server.rb

@@ -0,0 +1,99 @@
+require "socket"
+require "thread"
+require "openssl"
+require File.join(File.dirname(__FILE__), "utils.rb")
+
+def get_pem(io=$stdin)
+  buf = ""
+  while line = io.gets
+    if /^-----BEGIN / =~ line
+      buf << line
+      break
+    end
+  end
+  while line = io.gets
+    buf << line
+    if /^-----END / =~ line
+      break
+    end
+  end
+  return buf
+end
+
+def make_key(pem)
+  begin
+    return OpenSSL::PKey::RSA.new(pem)
+  rescue
+    return OpenSSL::PKey::DSA.new(pem)
+  end
+end
+
+if $DEBUG
+  def log(s); File.open("ssl-server-debug", "a") {|f| f.puts s}; end
+  File.open("ssl-server-debug", "w") {|f| f << ""}
+  log "server starting"
+else
+  def log(s) end
+end
+
+begin
+ca_cert  = OpenSSL::X509::Certificate.new(get_pem)
+log "got ca cert #{ca_cert.inspect}"
+ssl_cert = OpenSSL::X509::Certificate.new(get_pem)
+log "got ssl cert #{ssl_cert.inspect}"
+ssl_key  = make_key(get_pem)
+port = Integer(ARGV.shift)
+verify_mode = Integer(ARGV.shift)
+start_immediately = (/yes/ =~ ARGV.shift)
+
+store = OpenSSL::X509::Store.new
+store.add_cert(ca_cert)
+store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
+ctx = OpenSSL::SSL::SSLContext.new
+ctx.cert_store = store
+#ctx.extra_chain_cert = [ ca_cert ]
+ctx.cert = ssl_cert
+ctx.key = ssl_key
+ctx.verify_mode = verify_mode
+
+Socket.do_not_reverse_lookup = true
+tcps = nil
+100.times{|i|
+  begin
+    log "starting server on #{port+i}"
+    tcps = TCPServer.new("0.0.0.0", port+i)
+    port = port + i
+    break
+  rescue Errno::EADDRINUSE
+    next 
+  end
+}
+log "starting ssl server"
+ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
+ssls.start_immediately = start_immediately
+
+log("sending pid #{Process.pid}")
+$stdout.sync = true
+$stdout.puts Process.pid
+$stdout.puts port
+
+loop do
+  ssl = ssls.accept rescue next
+  Thread.start{
+    q = Queue.new
+    th = Thread.start{ ssl.write(q.shift) while true }
+    while line = ssl.gets
+      if line =~ /^STARTTLS$/
+        ssl.accept
+        next
+      end
+      q.push(line)
+    end
+    th.kill if q.empty?
+    ssl.close
+  }
+end
+rescue
+  log $!
+  log $!.backtrace.join("\n")
+end

data/test/openssl/test_asn1.rb

@@ -0,0 +1,197 @@
+begin
+  require "openssl"
+  require File.join(File.dirname(__FILE__), "utils.rb")
+rescue LoadError
+end
+require 'test/unit'
+
+class  OpenSSL::TestASN1 < Test::Unit::TestCase
+  def test_decode
+    subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
+    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    now = Time.at(Time.now.to_i) # suppress usec
+    s = 0xdeadbeafdeadbeafdeadbeafdeadbeaf
+    exts = [
+      ["basicConstraints","CA:TRUE,pathlen:1",true],
+      ["keyUsage","keyCertSign, cRLSign",true],
+      ["subjectKeyIdentifier","hash",false],
+    ]
+    dgst = OpenSSL::Digest::SHA1.new
+    cert = OpenSSL::TestUtils.issue_cert(
+      subj, key, s, now, now+3600, exts, nil, nil, dgst)
+
+
+    asn1 = OpenSSL::ASN1.decode(cert)
+    assert_equal(OpenSSL::ASN1::Sequence, asn1.class)
+    assert_equal(3, asn1.value.size)
+    tbs_cert, sig_alg, sig_val = *asn1.value
+
+    assert_equal(OpenSSL::ASN1::Sequence, tbs_cert.class)
+    assert_equal(8, tbs_cert.value.size)
+
+    version = tbs_cert.value[0]
+    assert_equal(:CONTEXT_SPECIFIC, version.tag_class)
+    assert_equal(0, version.tag)
+    assert_equal(1, version.value.size)
+    assert_equal(OpenSSL::ASN1::Integer, version.value[0].class)
+    assert_equal(2, version.value[0].value)
+
+    serial = tbs_cert.value[1]
+    assert_equal(OpenSSL::ASN1::Integer, serial.class)
+    assert_equal(0xdeadbeafdeadbeafdeadbeafdeadbeaf, serial.value)
+
+    sig = tbs_cert.value[2]
+    assert_equal(OpenSSL::ASN1::Sequence, sig.class)
+    assert_equal(2, sig.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, sig.value[0].class)
+    assert_equal("1.2.840.113549.1.1.5", sig.value[0].oid)
+    assert_equal(OpenSSL::ASN1::Null, sig.value[1].class)
+
+    dn = tbs_cert.value[3] # issuer
+    assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.class)
+    assert_equal(3, dn.value.size)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[0].class)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[1].class)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[2].class)
+    assert_equal(1, dn.value[0].value.size)
+    assert_equal(1, dn.value[1].value.size)
+    assert_equal(1, dn.value[2].value.size)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class)
+    assert_equal(2, dn.value[0].value[0].value.size)
+    assert_equal(2, dn.value[1].value[0].value.size)
+    assert_equal(2, dn.value[2].value[0].value.size)
+    oid, value = *dn.value[0].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
+    assert_equal(OpenSSL::ASN1::IA5String, value.class)
+    assert_equal("org", value.value)
+    oid, value = *dn.value[1].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
+    assert_equal(OpenSSL::ASN1::IA5String, value.class)
+    assert_equal("ruby-lang", value.value)
+    oid, value = *dn.value[2].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("2.5.4.3", oid.oid)
+    assert_equal(OpenSSL::ASN1::UTF8String, value.class)
+    assert_equal("TestCA", value.value)
+
+    validity = tbs_cert.value[4]
+    assert_equal(OpenSSL::ASN1::Sequence, validity.class)
+    assert_equal(2, validity.value.size)
+    assert_equal(OpenSSL::ASN1::UTCTime, validity.value[0].class)
+    assert_equal(now, validity.value[0].value)
+    assert_equal(OpenSSL::ASN1::UTCTime, validity.value[1].class)
+    assert_equal(now+3600, validity.value[1].value)
+
+    dn = tbs_cert.value[5] # subject
+    assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.class)
+    assert_equal(3, dn.value.size)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[0].class)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[1].class)
+    assert_equal(OpenSSL::ASN1::Set, dn.value[2].class)
+    assert_equal(1, dn.value[0].value.size)
+    assert_equal(1, dn.value[1].value.size)
+    assert_equal(1, dn.value[2].value.size)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class)
+    assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class)
+    assert_equal(2, dn.value[0].value[0].value.size)
+    assert_equal(2, dn.value[1].value[0].value.size)
+    assert_equal(2, dn.value[2].value[0].value.size)
+    oid, value = *dn.value[0].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
+    assert_equal(OpenSSL::ASN1::IA5String, value.class)
+    assert_equal("org", value.value)
+    oid, value = *dn.value[1].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
+    assert_equal(OpenSSL::ASN1::IA5String, value.class)
+    assert_equal("ruby-lang", value.value)
+    oid, value = *dn.value[2].value[0].value
+    assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
+    assert_equal("2.5.4.3", oid.oid)
+    assert_equal(OpenSSL::ASN1::UTF8String, value.class)
+    assert_equal("TestCA", value.value)
+
+    pkey = tbs_cert.value[6]
+    assert_equal(OpenSSL::ASN1::Sequence, pkey.class)
+    assert_equal(2, pkey.value.size)
+    assert_equal(OpenSSL::ASN1::Sequence, pkey.value[0].class)
+    assert_equal(2, pkey.value[0].value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class)
+    assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid)
+    assert_equal(OpenSSL::ASN1::BitString, pkey.value[1].class)
+    assert_equal(0, pkey.value[1].unused_bits)
+    spkey = OpenSSL::ASN1.decode(pkey.value[1].value)
+    assert_equal(OpenSSL::ASN1::Sequence, spkey.class)
+    assert_equal(2, spkey.value.size)
+    assert_equal(OpenSSL::ASN1::Integer, spkey.value[0].class)
+    assert_equal(143085709396403084580358323862163416700436550432664688288860593156058579474547937626086626045206357324274536445865308750491138538454154232826011964045825759324933943290377903384882276841880081931690695505836279972214003660451338124170055999155993192881685495391496854691199517389593073052473319331505702779271, spkey.value[0].value)
+    assert_equal(OpenSSL::ASN1::Integer, spkey.value[1].class)
+    assert_equal(65537, spkey.value[1].value)
+
+    extensions = tbs_cert.value[7]
+    assert_equal(:CONTEXT_SPECIFIC, extensions.tag_class)
+    assert_equal(3, extensions.tag)
+    assert_equal(1, extensions.value.size)
+    assert_equal(OpenSSL::ASN1::Sequence, extensions.value[0].class)
+    assert_equal(3, extensions.value[0].value.size)
+
+    ext = extensions.value[0].value[0]  # basicConstraints
+    assert_equal(OpenSSL::ASN1::Sequence, ext.class)
+    assert_equal(3, ext.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
+    assert_equal("2.5.29.19",  ext.value[0].oid)
+    assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class)
+    assert_equal(true, ext.value[1].value)
+    assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class)
+    extv = OpenSSL::ASN1.decode(ext.value[2].value)
+    assert_equal(OpenSSL::ASN1::Sequence, extv.class)
+    assert_equal(2, extv.value.size)
+    assert_equal(OpenSSL::ASN1::Boolean, extv.value[0].class)
+    assert_equal(true, extv.value[0].value)
+    assert_equal(OpenSSL::ASN1::Integer, extv.value[1].class)
+    assert_equal(1, extv.value[1].value)
+
+    ext = extensions.value[0].value[1]  # keyUsage
+    assert_equal(OpenSSL::ASN1::Sequence, ext.class)
+    assert_equal(3, ext.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
+    assert_equal("2.5.29.15",  ext.value[0].oid)
+    assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class)
+    assert_equal(true, ext.value[1].value)
+    assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class)
+    extv = OpenSSL::ASN1.decode(ext.value[2].value)
+    assert_equal(OpenSSL::ASN1::BitString, extv.class)
+    str = "\000"; str[0] = 0b00000110
+    assert_equal(str, extv.value)
+
+    ext = extensions.value[0].value[2]  # subjetKeyIdentifier
+    assert_equal(OpenSSL::ASN1::Sequence, ext.class)
+    assert_equal(2, ext.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
+    assert_equal("2.5.29.14",  ext.value[0].oid)
+    assert_equal(OpenSSL::ASN1::OctetString, ext.value[1].class)
+    extv = OpenSSL::ASN1.decode(ext.value[1].value)
+    assert_equal(OpenSSL::ASN1::OctetString, extv.class)
+    sha1 = OpenSSL::Digest::SHA1.new
+    sha1.update(pkey.value[1].value)
+    assert_equal(sha1.digest, extv.value)
+
+    assert_equal(OpenSSL::ASN1::Sequence, sig_alg.class)
+    assert_equal(2, sig_alg.value.size)
+    assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class)
+    assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid)
+    assert_equal(OpenSSL::ASN1::Null, pkey.value[0].value[1].class)
+
+    assert_equal(OpenSSL::ASN1::BitString, sig_val.class)
+    cululated_sig = key.sign(OpenSSL::Digest::SHA1.new, tbs_cert.to_der)
+    assert_equal(cululated_sig, sig_val.value)
+  end
+end if defined?(OpenSSL)