jruby-openssl-maven 0.7.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +171 -0
- data/License.txt +30 -0
- data/Manifest.txt +115 -0
- data/README.txt +13 -0
- data/Rakefile +79 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/version.rb +5 -0
- data/lib/openssl.rb +76 -0
- data/lib/openssl/bn.rb +35 -0
- data/lib/openssl/buffering.rb +239 -0
- data/lib/openssl/cipher.rb +65 -0
- data/lib/openssl/config.rb +316 -0
- data/lib/openssl/digest.rb +61 -0
- data/lib/openssl/dummy.rb +33 -0
- data/lib/openssl/dummyssl.rb +14 -0
- data/lib/openssl/pkcs7.rb +25 -0
- data/lib/openssl/ssl.rb +179 -0
- data/lib/openssl/x509.rb +154 -0
- data/test/cert_with_ec_pk.cer +27 -0
- data/test/fixture/ca-bundle.crt +2794 -0
- data/test/fixture/ca_path/72fa7371.0 +19 -0
- data/test/fixture/ca_path/verisign.pem +19 -0
- data/test/fixture/cacert.pem +23 -0
- data/test/fixture/cert_localhost.pem +19 -0
- data/test/fixture/common.pem +48 -0
- data/test/fixture/imaps/cacert.pem +60 -0
- data/test/fixture/imaps/server.crt +61 -0
- data/test/fixture/imaps/server.key +15 -0
- data/test/fixture/key_then_cert.pem +34 -0
- data/test/fixture/keypair.pem +27 -0
- data/test/fixture/localhost_keypair.pem +18 -0
- data/test/fixture/max.pem +29 -0
- data/test/fixture/purpose/b70a5bc1.0 +24 -0
- data/test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +0 -0
- data/test/fixture/purpose/ca/ca_config.rb +37 -0
- data/test/fixture/purpose/ca/cacert.pem +24 -0
- data/test/fixture/purpose/ca/newcerts/2_cert.pem +19 -0
- data/test/fixture/purpose/ca/newcerts/3_cert.pem +19 -0
- data/test/fixture/purpose/ca/private/cakeypair.pem +30 -0
- data/test/fixture/purpose/ca/serial +1 -0
- data/test/fixture/purpose/cacert.pem +24 -0
- data/test/fixture/purpose/scripts/gen_cert.rb +127 -0
- data/test/fixture/purpose/scripts/gen_csr.rb +50 -0
- data/test/fixture/purpose/scripts/init_ca.rb +66 -0
- data/test/fixture/purpose/sslclient.pem +19 -0
- data/test/fixture/purpose/sslclient/csr.pem +10 -0
- data/test/fixture/purpose/sslclient/keypair.pem +15 -0
- data/test/fixture/purpose/sslclient/sslclient.pem +19 -0
- data/test/fixture/purpose/sslserver.pem +19 -0
- data/test/fixture/purpose/sslserver/csr.pem +10 -0
- data/test/fixture/purpose/sslserver/keypair.pem +15 -0
- data/test/fixture/purpose/sslserver/sslserver.pem +19 -0
- data/test/fixture/selfcert.pem +23 -0
- data/test/fixture/verisign.pem +19 -0
- data/test/fixture/verisign_c3.pem +14 -0
- data/test/java/pkcs7_mime_enveloped.message +19 -0
- data/test/java/pkcs7_mime_signed.message +30 -0
- data/test/java/pkcs7_multipart_signed.message +45 -0
- data/test/java/test_java_attribute.rb +25 -0
- data/test/java/test_java_bio.rb +42 -0
- data/test/java/test_java_mime.rb +173 -0
- data/test/java/test_java_pkcs7.rb +772 -0
- data/test/java/test_java_smime.rb +177 -0
- data/test/openssl/ssl_server.rb +99 -0
- data/test/openssl/test_asn1.rb +197 -0
- data/test/openssl/test_cipher.rb +193 -0
- data/test/openssl/test_config.rb +290 -0
- data/test/openssl/test_digest.rb +88 -0
- data/test/openssl/test_ec.rb +128 -0
- data/test/openssl/test_hmac.rb +46 -0
- data/test/openssl/test_ns_spki.rb +59 -0
- data/test/openssl/test_pair.rb +141 -0
- data/test/openssl/test_pkcs7.rb +489 -0
- data/test/openssl/test_pkey_rsa.rb +49 -0
- data/test/openssl/test_ssl.rb +1035 -0
- data/test/openssl/test_x509cert.rb +277 -0
- data/test/openssl/test_x509crl.rb +253 -0
- data/test/openssl/test_x509ext.rb +99 -0
- data/test/openssl/test_x509name.rb +290 -0
- data/test/openssl/test_x509req.rb +195 -0
- data/test/openssl/test_x509store.rb +246 -0
- data/test/openssl/utils.rb +144 -0
- data/test/ref/a.out +0 -0
- data/test/ref/compile.rb +8 -0
- data/test/ref/pkcs1 +0 -0
- data/test/ref/pkcs1.c +21 -0
- data/test/test_all.rb +1 -0
- data/test/test_certificate.rb +123 -0
- data/test/test_cipher.rb +197 -0
- data/test/test_imaps.rb +107 -0
- data/test/test_integration.rb +144 -0
- data/test/test_java.rb +98 -0
- data/test/test_openssl.rb +4 -0
- data/test/test_parse_certificate.rb +27 -0
- data/test/test_pkcs7.rb +40 -0
- data/test/test_pkey.rb +204 -0
- data/test/test_ssl.rb +97 -0
- data/test/test_x509store.rb +160 -0
- data/test/ut_eof.rb +128 -0
- metadata +161 -0
@@ -0,0 +1,177 @@
|
|
1
|
+
module PKCS7Test
|
2
|
+
class TestJavaSMIME < Test::Unit::TestCase
|
3
|
+
def test_read_pkcs7_should_raise_error_when_parsing_headers_fails
|
4
|
+
bio = BIO.new
|
5
|
+
mime = Mime.new
|
6
|
+
mime.stubs(:parseHeaders).returns(nil)
|
7
|
+
|
8
|
+
begin
|
9
|
+
SMIME.new(mime).readPKCS7(bio, nil)
|
10
|
+
assert false
|
11
|
+
rescue PKCS7Exception => e
|
12
|
+
assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
|
13
|
+
assert_equal PKCS7::R_MIME_PARSE_ERROR, e.cause.get_reason
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_read_pkcs7_should_raise_error_when_content_type_is_not_there
|
18
|
+
bio = BIO.new
|
19
|
+
mime = Mime.new
|
20
|
+
|
21
|
+
headers = ArrayList.new
|
22
|
+
mime.expects(:parseHeaders).with(bio).returns(headers)
|
23
|
+
mime.expects(:findHeader).with(headers, "content-type").returns(nil)
|
24
|
+
|
25
|
+
begin
|
26
|
+
SMIME.new(mime).readPKCS7(bio, nil)
|
27
|
+
assert false
|
28
|
+
rescue PKCS7Exception => e
|
29
|
+
assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
|
30
|
+
assert_equal PKCS7::R_NO_CONTENT_TYPE, e.cause.get_reason
|
31
|
+
end
|
32
|
+
|
33
|
+
|
34
|
+
|
35
|
+
|
36
|
+
mime = Mime.new
|
37
|
+
mime.expects(:parseHeaders).with(bio).returns(headers)
|
38
|
+
mime.expects(:findHeader).with(headers, "content-type").returns(MimeHeader.new("content-type", nil))
|
39
|
+
|
40
|
+
begin
|
41
|
+
SMIME.new(mime).readPKCS7(bio, nil)
|
42
|
+
assert false
|
43
|
+
rescue PKCS7Exception => e
|
44
|
+
assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
|
45
|
+
assert_equal PKCS7::R_NO_CONTENT_TYPE, e.cause.get_reason
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def test_read_pkcs7_should_set_the_second_arguments_contents_to_null_if_its_there
|
50
|
+
mime = Mime.new
|
51
|
+
mime.stubs(:parseHeaders).raises("getOutOfJailForFree")
|
52
|
+
|
53
|
+
bio2 = BIO.new
|
54
|
+
arr = [bio2].to_java BIO
|
55
|
+
|
56
|
+
begin
|
57
|
+
SMIME.new(mime).readPKCS7(nil, arr)
|
58
|
+
rescue
|
59
|
+
end
|
60
|
+
|
61
|
+
assert_nil arr[0]
|
62
|
+
|
63
|
+
|
64
|
+
arr = [bio2, bio2].to_java BIO
|
65
|
+
begin
|
66
|
+
SMIME.new(mime).readPKCS7(nil, arr)
|
67
|
+
rescue
|
68
|
+
end
|
69
|
+
|
70
|
+
assert_nil arr[0]
|
71
|
+
assert_equal bio2, arr[1]
|
72
|
+
end
|
73
|
+
|
74
|
+
def test_read_pkcs7_should_call_methods_on_mime
|
75
|
+
bio = BIO.new
|
76
|
+
mime = Mime.new
|
77
|
+
|
78
|
+
headers = ArrayList.new
|
79
|
+
mime.expects(:parseHeaders).with(bio).returns(headers)
|
80
|
+
mime.expects(:findHeader).with(headers, "content-type").returns(MimeHeader.new("content-type", "application/pkcs7-mime"))
|
81
|
+
|
82
|
+
begin
|
83
|
+
SMIME.new(mime).readPKCS7(bio, nil)
|
84
|
+
rescue java.lang.UnsupportedOperationException
|
85
|
+
# This error is expected, since the bio used is not a real one
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
def test_read_pkcs7_throws_correct_exception_if_wrong_content_type
|
90
|
+
bio = BIO.new
|
91
|
+
mime = Mime.new
|
92
|
+
|
93
|
+
headers = ArrayList.new
|
94
|
+
mime.expects(:parseHeaders).with(bio).returns(headers)
|
95
|
+
mime.expects(:findHeader).with(headers, "content-type").returns(MimeHeader.new("content-type", "foo"))
|
96
|
+
|
97
|
+
begin
|
98
|
+
SMIME.new(mime).readPKCS7(bio, nil)
|
99
|
+
assert false
|
100
|
+
rescue PKCS7Exception => e
|
101
|
+
assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
|
102
|
+
assert_equal PKCS7::R_INVALID_MIME_TYPE, e.cause.get_reason
|
103
|
+
assert_equal "type: foo", e.cause.error_data
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
def test_read_pkcs7_with_multipart_should_fail_if_no_boundary_found
|
108
|
+
bio = BIO.new
|
109
|
+
mime = Mime.new
|
110
|
+
|
111
|
+
headers = ArrayList.new
|
112
|
+
hdr = MimeHeader.new("content-type", "multipart/signed")
|
113
|
+
mime.expects(:parseHeaders).with(bio).returns(headers)
|
114
|
+
mime.expects(:findHeader).with(headers, "content-type").returns(hdr)
|
115
|
+
|
116
|
+
mime.expects(:findParam).with(hdr, "boundary").returns(nil)
|
117
|
+
|
118
|
+
begin
|
119
|
+
SMIME.new(mime).readPKCS7(bio, nil)
|
120
|
+
assert false
|
121
|
+
rescue PKCS7Exception => e
|
122
|
+
assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
|
123
|
+
assert_equal PKCS7::R_NO_MULTIPART_BOUNDARY, e.cause.get_reason
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
def test_read_pkcs7_with_multipart_should_fail_if_null_boundary_value
|
128
|
+
bio = BIO.new
|
129
|
+
mime = Mime.new
|
130
|
+
|
131
|
+
headers = ArrayList.new
|
132
|
+
hdr = MimeHeader.new("content-type", "multipart/signed")
|
133
|
+
mime.expects(:parseHeaders).with(bio).returns(headers)
|
134
|
+
mime.expects(:findHeader).with(headers, "content-type").returns(hdr)
|
135
|
+
|
136
|
+
mime.expects(:findParam).with(hdr, "boundary").returns(MimeParam.new("boundary", nil))
|
137
|
+
|
138
|
+
begin
|
139
|
+
SMIME.new(mime).readPKCS7(bio, nil)
|
140
|
+
assert false
|
141
|
+
rescue PKCS7Exception => e
|
142
|
+
assert_equal PKCS7::F_SMIME_READ_PKCS7, e.cause.get_method
|
143
|
+
assert_equal PKCS7::R_NO_MULTIPART_BOUNDARY, e.cause.get_reason
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
147
|
+
# TODO: redo this test to be an integration test
|
148
|
+
def _test_read_pkcs7_happy_path_without_multipart
|
149
|
+
bio = BIO.new
|
150
|
+
mime = Mime.new
|
151
|
+
|
152
|
+
headers = ArrayList.new
|
153
|
+
mime.expects(:parseHeaders).with(bio).returns(headers)
|
154
|
+
mime.expects(:findHeader).with(headers, "content-type").returns(MimeHeader.new("content-type", "application/pkcs7-mime"))
|
155
|
+
|
156
|
+
SMIME.new(mime).readPKCS7(bio, nil)
|
157
|
+
end
|
158
|
+
|
159
|
+
def test_read_pkcs7_happy_path_multipart
|
160
|
+
bio = BIO::from_string(MultipartSignedString)
|
161
|
+
mime = Mime::DEFAULT
|
162
|
+
p7 = SMIME.new(mime).readPKCS7(bio, nil)
|
163
|
+
end
|
164
|
+
|
165
|
+
def test_read_pkcs7_happy_path_without_multipart_enveloped
|
166
|
+
bio = BIO::from_string(MimeEnvelopedString)
|
167
|
+
mime = Mime::DEFAULT
|
168
|
+
p7 = SMIME.new(mime).readPKCS7(bio, nil)
|
169
|
+
end
|
170
|
+
|
171
|
+
def test_read_pkcs7_happy_path_without_multipart_signed
|
172
|
+
bio = BIO::from_string(MimeSignedString)
|
173
|
+
mime = Mime::DEFAULT
|
174
|
+
p7 = SMIME.new(mime).readPKCS7(bio, nil)
|
175
|
+
end
|
176
|
+
end
|
177
|
+
end
|
@@ -0,0 +1,99 @@
|
|
1
|
+
require "socket"
|
2
|
+
require "thread"
|
3
|
+
require "openssl"
|
4
|
+
require File.join(File.dirname(__FILE__), "utils.rb")
|
5
|
+
|
6
|
+
def get_pem(io=$stdin)
|
7
|
+
buf = ""
|
8
|
+
while line = io.gets
|
9
|
+
if /^-----BEGIN / =~ line
|
10
|
+
buf << line
|
11
|
+
break
|
12
|
+
end
|
13
|
+
end
|
14
|
+
while line = io.gets
|
15
|
+
buf << line
|
16
|
+
if /^-----END / =~ line
|
17
|
+
break
|
18
|
+
end
|
19
|
+
end
|
20
|
+
return buf
|
21
|
+
end
|
22
|
+
|
23
|
+
def make_key(pem)
|
24
|
+
begin
|
25
|
+
return OpenSSL::PKey::RSA.new(pem)
|
26
|
+
rescue
|
27
|
+
return OpenSSL::PKey::DSA.new(pem)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
if $DEBUG
|
32
|
+
def log(s); File.open("ssl-server-debug", "a") {|f| f.puts s}; end
|
33
|
+
File.open("ssl-server-debug", "w") {|f| f << ""}
|
34
|
+
log "server starting"
|
35
|
+
else
|
36
|
+
def log(s) end
|
37
|
+
end
|
38
|
+
|
39
|
+
begin
|
40
|
+
ca_cert = OpenSSL::X509::Certificate.new(get_pem)
|
41
|
+
log "got ca cert #{ca_cert.inspect}"
|
42
|
+
ssl_cert = OpenSSL::X509::Certificate.new(get_pem)
|
43
|
+
log "got ssl cert #{ssl_cert.inspect}"
|
44
|
+
ssl_key = make_key(get_pem)
|
45
|
+
port = Integer(ARGV.shift)
|
46
|
+
verify_mode = Integer(ARGV.shift)
|
47
|
+
start_immediately = (/yes/ =~ ARGV.shift)
|
48
|
+
|
49
|
+
store = OpenSSL::X509::Store.new
|
50
|
+
store.add_cert(ca_cert)
|
51
|
+
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
52
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
53
|
+
ctx.cert_store = store
|
54
|
+
#ctx.extra_chain_cert = [ ca_cert ]
|
55
|
+
ctx.cert = ssl_cert
|
56
|
+
ctx.key = ssl_key
|
57
|
+
ctx.verify_mode = verify_mode
|
58
|
+
|
59
|
+
Socket.do_not_reverse_lookup = true
|
60
|
+
tcps = nil
|
61
|
+
100.times{|i|
|
62
|
+
begin
|
63
|
+
log "starting server on #{port+i}"
|
64
|
+
tcps = TCPServer.new("0.0.0.0", port+i)
|
65
|
+
port = port + i
|
66
|
+
break
|
67
|
+
rescue Errno::EADDRINUSE
|
68
|
+
next
|
69
|
+
end
|
70
|
+
}
|
71
|
+
log "starting ssl server"
|
72
|
+
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
|
73
|
+
ssls.start_immediately = start_immediately
|
74
|
+
|
75
|
+
log("sending pid #{Process.pid}")
|
76
|
+
$stdout.sync = true
|
77
|
+
$stdout.puts Process.pid
|
78
|
+
$stdout.puts port
|
79
|
+
|
80
|
+
loop do
|
81
|
+
ssl = ssls.accept rescue next
|
82
|
+
Thread.start{
|
83
|
+
q = Queue.new
|
84
|
+
th = Thread.start{ ssl.write(q.shift) while true }
|
85
|
+
while line = ssl.gets
|
86
|
+
if line =~ /^STARTTLS$/
|
87
|
+
ssl.accept
|
88
|
+
next
|
89
|
+
end
|
90
|
+
q.push(line)
|
91
|
+
end
|
92
|
+
th.kill if q.empty?
|
93
|
+
ssl.close
|
94
|
+
}
|
95
|
+
end
|
96
|
+
rescue
|
97
|
+
log $!
|
98
|
+
log $!.backtrace.join("\n")
|
99
|
+
end
|
@@ -0,0 +1,197 @@
|
|
1
|
+
begin
|
2
|
+
require "openssl"
|
3
|
+
require File.join(File.dirname(__FILE__), "utils.rb")
|
4
|
+
rescue LoadError
|
5
|
+
end
|
6
|
+
require 'test/unit'
|
7
|
+
|
8
|
+
class OpenSSL::TestASN1 < Test::Unit::TestCase
|
9
|
+
def test_decode
|
10
|
+
subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
|
11
|
+
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
12
|
+
now = Time.at(Time.now.to_i) # suppress usec
|
13
|
+
s = 0xdeadbeafdeadbeafdeadbeafdeadbeaf
|
14
|
+
exts = [
|
15
|
+
["basicConstraints","CA:TRUE,pathlen:1",true],
|
16
|
+
["keyUsage","keyCertSign, cRLSign",true],
|
17
|
+
["subjectKeyIdentifier","hash",false],
|
18
|
+
]
|
19
|
+
dgst = OpenSSL::Digest::SHA1.new
|
20
|
+
cert = OpenSSL::TestUtils.issue_cert(
|
21
|
+
subj, key, s, now, now+3600, exts, nil, nil, dgst)
|
22
|
+
|
23
|
+
|
24
|
+
asn1 = OpenSSL::ASN1.decode(cert)
|
25
|
+
assert_equal(OpenSSL::ASN1::Sequence, asn1.class)
|
26
|
+
assert_equal(3, asn1.value.size)
|
27
|
+
tbs_cert, sig_alg, sig_val = *asn1.value
|
28
|
+
|
29
|
+
assert_equal(OpenSSL::ASN1::Sequence, tbs_cert.class)
|
30
|
+
assert_equal(8, tbs_cert.value.size)
|
31
|
+
|
32
|
+
version = tbs_cert.value[0]
|
33
|
+
assert_equal(:CONTEXT_SPECIFIC, version.tag_class)
|
34
|
+
assert_equal(0, version.tag)
|
35
|
+
assert_equal(1, version.value.size)
|
36
|
+
assert_equal(OpenSSL::ASN1::Integer, version.value[0].class)
|
37
|
+
assert_equal(2, version.value[0].value)
|
38
|
+
|
39
|
+
serial = tbs_cert.value[1]
|
40
|
+
assert_equal(OpenSSL::ASN1::Integer, serial.class)
|
41
|
+
assert_equal(0xdeadbeafdeadbeafdeadbeafdeadbeaf, serial.value)
|
42
|
+
|
43
|
+
sig = tbs_cert.value[2]
|
44
|
+
assert_equal(OpenSSL::ASN1::Sequence, sig.class)
|
45
|
+
assert_equal(2, sig.value.size)
|
46
|
+
assert_equal(OpenSSL::ASN1::ObjectId, sig.value[0].class)
|
47
|
+
assert_equal("1.2.840.113549.1.1.5", sig.value[0].oid)
|
48
|
+
assert_equal(OpenSSL::ASN1::Null, sig.value[1].class)
|
49
|
+
|
50
|
+
dn = tbs_cert.value[3] # issuer
|
51
|
+
assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash)
|
52
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.class)
|
53
|
+
assert_equal(3, dn.value.size)
|
54
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[0].class)
|
55
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[1].class)
|
56
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[2].class)
|
57
|
+
assert_equal(1, dn.value[0].value.size)
|
58
|
+
assert_equal(1, dn.value[1].value.size)
|
59
|
+
assert_equal(1, dn.value[2].value.size)
|
60
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class)
|
61
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class)
|
62
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class)
|
63
|
+
assert_equal(2, dn.value[0].value[0].value.size)
|
64
|
+
assert_equal(2, dn.value[1].value[0].value.size)
|
65
|
+
assert_equal(2, dn.value[2].value[0].value.size)
|
66
|
+
oid, value = *dn.value[0].value[0].value
|
67
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
68
|
+
assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
|
69
|
+
assert_equal(OpenSSL::ASN1::IA5String, value.class)
|
70
|
+
assert_equal("org", value.value)
|
71
|
+
oid, value = *dn.value[1].value[0].value
|
72
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
73
|
+
assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
|
74
|
+
assert_equal(OpenSSL::ASN1::IA5String, value.class)
|
75
|
+
assert_equal("ruby-lang", value.value)
|
76
|
+
oid, value = *dn.value[2].value[0].value
|
77
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
78
|
+
assert_equal("2.5.4.3", oid.oid)
|
79
|
+
assert_equal(OpenSSL::ASN1::UTF8String, value.class)
|
80
|
+
assert_equal("TestCA", value.value)
|
81
|
+
|
82
|
+
validity = tbs_cert.value[4]
|
83
|
+
assert_equal(OpenSSL::ASN1::Sequence, validity.class)
|
84
|
+
assert_equal(2, validity.value.size)
|
85
|
+
assert_equal(OpenSSL::ASN1::UTCTime, validity.value[0].class)
|
86
|
+
assert_equal(now, validity.value[0].value)
|
87
|
+
assert_equal(OpenSSL::ASN1::UTCTime, validity.value[1].class)
|
88
|
+
assert_equal(now+3600, validity.value[1].value)
|
89
|
+
|
90
|
+
dn = tbs_cert.value[5] # subject
|
91
|
+
assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash)
|
92
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.class)
|
93
|
+
assert_equal(3, dn.value.size)
|
94
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[0].class)
|
95
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[1].class)
|
96
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[2].class)
|
97
|
+
assert_equal(1, dn.value[0].value.size)
|
98
|
+
assert_equal(1, dn.value[1].value.size)
|
99
|
+
assert_equal(1, dn.value[2].value.size)
|
100
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class)
|
101
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class)
|
102
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class)
|
103
|
+
assert_equal(2, dn.value[0].value[0].value.size)
|
104
|
+
assert_equal(2, dn.value[1].value[0].value.size)
|
105
|
+
assert_equal(2, dn.value[2].value[0].value.size)
|
106
|
+
oid, value = *dn.value[0].value[0].value
|
107
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
108
|
+
assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
|
109
|
+
assert_equal(OpenSSL::ASN1::IA5String, value.class)
|
110
|
+
assert_equal("org", value.value)
|
111
|
+
oid, value = *dn.value[1].value[0].value
|
112
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
113
|
+
assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
|
114
|
+
assert_equal(OpenSSL::ASN1::IA5String, value.class)
|
115
|
+
assert_equal("ruby-lang", value.value)
|
116
|
+
oid, value = *dn.value[2].value[0].value
|
117
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
118
|
+
assert_equal("2.5.4.3", oid.oid)
|
119
|
+
assert_equal(OpenSSL::ASN1::UTF8String, value.class)
|
120
|
+
assert_equal("TestCA", value.value)
|
121
|
+
|
122
|
+
pkey = tbs_cert.value[6]
|
123
|
+
assert_equal(OpenSSL::ASN1::Sequence, pkey.class)
|
124
|
+
assert_equal(2, pkey.value.size)
|
125
|
+
assert_equal(OpenSSL::ASN1::Sequence, pkey.value[0].class)
|
126
|
+
assert_equal(2, pkey.value[0].value.size)
|
127
|
+
assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class)
|
128
|
+
assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid)
|
129
|
+
assert_equal(OpenSSL::ASN1::BitString, pkey.value[1].class)
|
130
|
+
assert_equal(0, pkey.value[1].unused_bits)
|
131
|
+
spkey = OpenSSL::ASN1.decode(pkey.value[1].value)
|
132
|
+
assert_equal(OpenSSL::ASN1::Sequence, spkey.class)
|
133
|
+
assert_equal(2, spkey.value.size)
|
134
|
+
assert_equal(OpenSSL::ASN1::Integer, spkey.value[0].class)
|
135
|
+
assert_equal(143085709396403084580358323862163416700436550432664688288860593156058579474547937626086626045206357324274536445865308750491138538454154232826011964045825759324933943290377903384882276841880081931690695505836279972214003660451338124170055999155993192881685495391496854691199517389593073052473319331505702779271, spkey.value[0].value)
|
136
|
+
assert_equal(OpenSSL::ASN1::Integer, spkey.value[1].class)
|
137
|
+
assert_equal(65537, spkey.value[1].value)
|
138
|
+
|
139
|
+
extensions = tbs_cert.value[7]
|
140
|
+
assert_equal(:CONTEXT_SPECIFIC, extensions.tag_class)
|
141
|
+
assert_equal(3, extensions.tag)
|
142
|
+
assert_equal(1, extensions.value.size)
|
143
|
+
assert_equal(OpenSSL::ASN1::Sequence, extensions.value[0].class)
|
144
|
+
assert_equal(3, extensions.value[0].value.size)
|
145
|
+
|
146
|
+
ext = extensions.value[0].value[0] # basicConstraints
|
147
|
+
assert_equal(OpenSSL::ASN1::Sequence, ext.class)
|
148
|
+
assert_equal(3, ext.value.size)
|
149
|
+
assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
|
150
|
+
assert_equal("2.5.29.19", ext.value[0].oid)
|
151
|
+
assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class)
|
152
|
+
assert_equal(true, ext.value[1].value)
|
153
|
+
assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class)
|
154
|
+
extv = OpenSSL::ASN1.decode(ext.value[2].value)
|
155
|
+
assert_equal(OpenSSL::ASN1::Sequence, extv.class)
|
156
|
+
assert_equal(2, extv.value.size)
|
157
|
+
assert_equal(OpenSSL::ASN1::Boolean, extv.value[0].class)
|
158
|
+
assert_equal(true, extv.value[0].value)
|
159
|
+
assert_equal(OpenSSL::ASN1::Integer, extv.value[1].class)
|
160
|
+
assert_equal(1, extv.value[1].value)
|
161
|
+
|
162
|
+
ext = extensions.value[0].value[1] # keyUsage
|
163
|
+
assert_equal(OpenSSL::ASN1::Sequence, ext.class)
|
164
|
+
assert_equal(3, ext.value.size)
|
165
|
+
assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
|
166
|
+
assert_equal("2.5.29.15", ext.value[0].oid)
|
167
|
+
assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class)
|
168
|
+
assert_equal(true, ext.value[1].value)
|
169
|
+
assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class)
|
170
|
+
extv = OpenSSL::ASN1.decode(ext.value[2].value)
|
171
|
+
assert_equal(OpenSSL::ASN1::BitString, extv.class)
|
172
|
+
str = "\000"; str[0] = 0b00000110
|
173
|
+
assert_equal(str, extv.value)
|
174
|
+
|
175
|
+
ext = extensions.value[0].value[2] # subjetKeyIdentifier
|
176
|
+
assert_equal(OpenSSL::ASN1::Sequence, ext.class)
|
177
|
+
assert_equal(2, ext.value.size)
|
178
|
+
assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
|
179
|
+
assert_equal("2.5.29.14", ext.value[0].oid)
|
180
|
+
assert_equal(OpenSSL::ASN1::OctetString, ext.value[1].class)
|
181
|
+
extv = OpenSSL::ASN1.decode(ext.value[1].value)
|
182
|
+
assert_equal(OpenSSL::ASN1::OctetString, extv.class)
|
183
|
+
sha1 = OpenSSL::Digest::SHA1.new
|
184
|
+
sha1.update(pkey.value[1].value)
|
185
|
+
assert_equal(sha1.digest, extv.value)
|
186
|
+
|
187
|
+
assert_equal(OpenSSL::ASN1::Sequence, sig_alg.class)
|
188
|
+
assert_equal(2, sig_alg.value.size)
|
189
|
+
assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class)
|
190
|
+
assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid)
|
191
|
+
assert_equal(OpenSSL::ASN1::Null, pkey.value[0].value[1].class)
|
192
|
+
|
193
|
+
assert_equal(OpenSSL::ASN1::BitString, sig_val.class)
|
194
|
+
cululated_sig = key.sign(OpenSSL::Digest::SHA1.new, tbs_cert.to_der)
|
195
|
+
assert_equal(cululated_sig, sig_val.value)
|
196
|
+
end
|
197
|
+
end if defined?(OpenSSL)
|