jruby-openssl-maven 0.7.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +171 -0
- data/License.txt +30 -0
- data/Manifest.txt +115 -0
- data/README.txt +13 -0
- data/Rakefile +79 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/version.rb +5 -0
- data/lib/openssl.rb +76 -0
- data/lib/openssl/bn.rb +35 -0
- data/lib/openssl/buffering.rb +239 -0
- data/lib/openssl/cipher.rb +65 -0
- data/lib/openssl/config.rb +316 -0
- data/lib/openssl/digest.rb +61 -0
- data/lib/openssl/dummy.rb +33 -0
- data/lib/openssl/dummyssl.rb +14 -0
- data/lib/openssl/pkcs7.rb +25 -0
- data/lib/openssl/ssl.rb +179 -0
- data/lib/openssl/x509.rb +154 -0
- data/test/cert_with_ec_pk.cer +27 -0
- data/test/fixture/ca-bundle.crt +2794 -0
- data/test/fixture/ca_path/72fa7371.0 +19 -0
- data/test/fixture/ca_path/verisign.pem +19 -0
- data/test/fixture/cacert.pem +23 -0
- data/test/fixture/cert_localhost.pem +19 -0
- data/test/fixture/common.pem +48 -0
- data/test/fixture/imaps/cacert.pem +60 -0
- data/test/fixture/imaps/server.crt +61 -0
- data/test/fixture/imaps/server.key +15 -0
- data/test/fixture/key_then_cert.pem +34 -0
- data/test/fixture/keypair.pem +27 -0
- data/test/fixture/localhost_keypair.pem +18 -0
- data/test/fixture/max.pem +29 -0
- data/test/fixture/purpose/b70a5bc1.0 +24 -0
- data/test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +0 -0
- data/test/fixture/purpose/ca/ca_config.rb +37 -0
- data/test/fixture/purpose/ca/cacert.pem +24 -0
- data/test/fixture/purpose/ca/newcerts/2_cert.pem +19 -0
- data/test/fixture/purpose/ca/newcerts/3_cert.pem +19 -0
- data/test/fixture/purpose/ca/private/cakeypair.pem +30 -0
- data/test/fixture/purpose/ca/serial +1 -0
- data/test/fixture/purpose/cacert.pem +24 -0
- data/test/fixture/purpose/scripts/gen_cert.rb +127 -0
- data/test/fixture/purpose/scripts/gen_csr.rb +50 -0
- data/test/fixture/purpose/scripts/init_ca.rb +66 -0
- data/test/fixture/purpose/sslclient.pem +19 -0
- data/test/fixture/purpose/sslclient/csr.pem +10 -0
- data/test/fixture/purpose/sslclient/keypair.pem +15 -0
- data/test/fixture/purpose/sslclient/sslclient.pem +19 -0
- data/test/fixture/purpose/sslserver.pem +19 -0
- data/test/fixture/purpose/sslserver/csr.pem +10 -0
- data/test/fixture/purpose/sslserver/keypair.pem +15 -0
- data/test/fixture/purpose/sslserver/sslserver.pem +19 -0
- data/test/fixture/selfcert.pem +23 -0
- data/test/fixture/verisign.pem +19 -0
- data/test/fixture/verisign_c3.pem +14 -0
- data/test/java/pkcs7_mime_enveloped.message +19 -0
- data/test/java/pkcs7_mime_signed.message +30 -0
- data/test/java/pkcs7_multipart_signed.message +45 -0
- data/test/java/test_java_attribute.rb +25 -0
- data/test/java/test_java_bio.rb +42 -0
- data/test/java/test_java_mime.rb +173 -0
- data/test/java/test_java_pkcs7.rb +772 -0
- data/test/java/test_java_smime.rb +177 -0
- data/test/openssl/ssl_server.rb +99 -0
- data/test/openssl/test_asn1.rb +197 -0
- data/test/openssl/test_cipher.rb +193 -0
- data/test/openssl/test_config.rb +290 -0
- data/test/openssl/test_digest.rb +88 -0
- data/test/openssl/test_ec.rb +128 -0
- data/test/openssl/test_hmac.rb +46 -0
- data/test/openssl/test_ns_spki.rb +59 -0
- data/test/openssl/test_pair.rb +141 -0
- data/test/openssl/test_pkcs7.rb +489 -0
- data/test/openssl/test_pkey_rsa.rb +49 -0
- data/test/openssl/test_ssl.rb +1035 -0
- data/test/openssl/test_x509cert.rb +277 -0
- data/test/openssl/test_x509crl.rb +253 -0
- data/test/openssl/test_x509ext.rb +99 -0
- data/test/openssl/test_x509name.rb +290 -0
- data/test/openssl/test_x509req.rb +195 -0
- data/test/openssl/test_x509store.rb +246 -0
- data/test/openssl/utils.rb +144 -0
- data/test/ref/a.out +0 -0
- data/test/ref/compile.rb +8 -0
- data/test/ref/pkcs1 +0 -0
- data/test/ref/pkcs1.c +21 -0
- data/test/test_all.rb +1 -0
- data/test/test_certificate.rb +123 -0
- data/test/test_cipher.rb +197 -0
- data/test/test_imaps.rb +107 -0
- data/test/test_integration.rb +144 -0
- data/test/test_java.rb +98 -0
- data/test/test_openssl.rb +4 -0
- data/test/test_parse_certificate.rb +27 -0
- data/test/test_pkcs7.rb +40 -0
- data/test/test_pkey.rb +204 -0
- data/test/test_ssl.rb +97 -0
- data/test/test_x509store.rb +160 -0
- data/test/ut_eof.rb +128 -0
- metadata +161 -0
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require "test/unit"
|
3
|
+
|
4
|
+
class TestParseCertificate < Test::Unit::TestCase
|
5
|
+
CERT = File.dirname(__FILE__) + '/cert_with_ec_pk.cer'
|
6
|
+
|
7
|
+
def test_certificate_parse_works_with_ec_pk_cert
|
8
|
+
cer = OpenSSL::X509::Certificate.new(File.read(CERT))
|
9
|
+
assert cer.to_s != nil
|
10
|
+
assert cer.issuer.to_s != nil
|
11
|
+
assert cer.subject.to_s != nil
|
12
|
+
assert cer.extensions.to_s != nil
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_certificate_with_ec_pk_cert_fails_requesting_pk
|
16
|
+
cer = OpenSSL::X509::Certificate.new(File.read(CERT))
|
17
|
+
assert_raise(OpenSSL::X509::CertificateError) { cer.public_key }
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_loading_key_raise_certificate_error
|
21
|
+
key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
|
22
|
+
assert_raises(OpenSSL::X509::CertificateError) do
|
23
|
+
OpenSSL::X509::Certificate.new(File.read(key_file))
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
data/test/test_pkcs7.rb
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require "test/unit"
|
3
|
+
|
4
|
+
class TestPkcs7 < Test::Unit::TestCase
|
5
|
+
|
6
|
+
CERT_PEM = <<END
|
7
|
+
-----BEGIN CERTIFICATE-----
|
8
|
+
MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQQFADA9MRMwEQYKCZImiZPyLGQB
|
9
|
+
GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe
|
10
|
+
Fw0wOTA1MjMxNTAzNDNaFw0wOTA1MjMxNjAzNDNaMD0xEzARBgoJkiaJk/IsZAEZ
|
11
|
+
FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB
|
12
|
+
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9
|
13
|
+
gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen
|
14
|
+
fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm
|
15
|
+
qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6
|
16
|
+
8JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX
|
17
|
+
9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID
|
18
|
+
AQABMA0GCSqGSIb3DQEBBAUAA4IBAQB8UTw1agA9wdXxHMUACduYu6oNL7pdF0dr
|
19
|
+
w7a4QPJyj62h4+Umxvp13q0PBw0E+mSjhXMcqUhDLjrmMcvvNGhuh5Sdjbe3GI/M
|
20
|
+
3lCC9OwYYIzzul7omvGC3JEIGfzzdNnPPCPKEWp5X9f0MKLMR79qOf+sjHTjN2BY
|
21
|
+
SY3YGsEFxyTXDdqrlaYaOtTAdi/C+g1WxR8fkPLefymVwIFwvyc9/bnp7iBn7Hcw
|
22
|
+
mbxtLPbtQ9mURT0GHewZRTGJ1aiTq9Ag3xXME2FPF04eFRd3mclOQZNXKQ+LDxYf
|
23
|
+
k0X5FeZvsWf4srFxoVxlcDdJtHh91ZRpDDJYGQlsUm9CPTnO+e4E
|
24
|
+
-----END CERTIFICATE-----
|
25
|
+
END
|
26
|
+
|
27
|
+
def test_pkcs7_des3_key_generation_for_encrypt
|
28
|
+
# SunJCE requires DES/DES3 keybits = 21/168 for key generation.
|
29
|
+
# BC allows 24/192 keybits and treats it as 21/168.
|
30
|
+
msg = "Hello World"
|
31
|
+
password = "password"
|
32
|
+
cert = OpenSSL::X509::Certificate.new(CERT_PEM)
|
33
|
+
certs = [cert]
|
34
|
+
cipher = OpenSSL::Cipher.new("des-ede3-cbc")
|
35
|
+
cipher.encrypt
|
36
|
+
cipher.pkcs5_keyivgen(password)
|
37
|
+
p7 = OpenSSL::PKCS7.encrypt(certs, msg, cipher, OpenSSL::PKCS7::BINARY)
|
38
|
+
assert_equal(msg, p7.data)
|
39
|
+
end
|
40
|
+
end
|
data/test/test_pkey.rb
ADDED
@@ -0,0 +1,204 @@
|
|
1
|
+
begin
|
2
|
+
require "openssl"
|
3
|
+
rescue LoadError
|
4
|
+
end
|
5
|
+
|
6
|
+
require "test/unit"
|
7
|
+
|
8
|
+
class TestPKey < Test::Unit::TestCase
|
9
|
+
def test_has_correct_methods
|
10
|
+
pkey_methods = OpenSSL::PKey::PKey.instance_methods(false).sort - ["initialize"]
|
11
|
+
assert_equal ["sign", "verify"], pkey_methods
|
12
|
+
|
13
|
+
rsa_methods = OpenSSL::PKey::RSA.instance_methods(false).sort - ["initialize"]
|
14
|
+
assert_equal ["d", "d=", "dmp1", "dmp1=", "dmq1", "dmq1=", "e", "e=", "export", "iqmp", "iqmp=", "n", "n=", "p", "p=", "params", "private?", "private_decrypt", "private_encrypt", "public?", "public_decrypt", "public_encrypt", "public_key", "q", "q=", "to_der", "to_pem", "to_s", "to_text"], rsa_methods
|
15
|
+
|
16
|
+
assert_equal ["generate"], OpenSSL::PKey::RSA.methods(false)
|
17
|
+
|
18
|
+
# dsa_methods = OpenSSL::PKey::DSA.instance_methods(false).sort - ["initialize"]
|
19
|
+
# assert_equal ["export", "g", "g=", "p", "p=", "params", "priv_key", "priv_key=", "private?", "pub_key", "pub_key=", "public?", "public_key", "q", "q=", "syssign", "sysverify", "to_der", "to_pem", "to_s", "to_text"], dsa_methods
|
20
|
+
|
21
|
+
# assert_equal ["generate"], OpenSSL::PKey::DSA.methods(false)
|
22
|
+
end
|
23
|
+
|
24
|
+
#iqmp == coefficient
|
25
|
+
#e == public exponent
|
26
|
+
#n == modulus
|
27
|
+
#d == private exponent
|
28
|
+
#p == prime1
|
29
|
+
#q == prime2
|
30
|
+
#dmq1 == exponent2
|
31
|
+
#dmp1 == exponent1
|
32
|
+
|
33
|
+
def test_can_generate_rsa_key
|
34
|
+
OpenSSL::PKey::RSA.generate(512)
|
35
|
+
end
|
36
|
+
|
37
|
+
def test_can_generate_dsa_key
|
38
|
+
OpenSSL::PKey::DSA.generate(512)
|
39
|
+
end
|
40
|
+
|
41
|
+
def test_malformed_rsa_handling
|
42
|
+
pem = <<__EOP__
|
43
|
+
-----BEGIN PUBLIC KEY-----
|
44
|
+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiU1/UMzIQ1On9OlZGoV
|
45
|
+
S0yySFYWoXLH12nmP69fg9jwdRbQlb0rxLn7zATbwfqcvGpCcW+8SmdwW74elNrc
|
46
|
+
wRtbKjJKfbJCsVfDssbbj6BF+Bcq3ihi8+CGNXFdJOYhZZ+5Adg2Qc9Qp3Ubw9wu
|
47
|
+
/3Ai87+1aQxoZPMFwdX2BRiZvxch9dwHVyL8EuFGUOYId/8JQepHyZMbTqp/8wlA
|
48
|
+
UAbMcPW+IKp3N0WMgred3CjXKHAqqM0Ira9RLSXdlO2uFV4OrM0ak8rnTN5w1DsI
|
49
|
+
McjvVvOck0aIxfHEEmeadt3YMn4PCW33/j8geulZLvt0ci60/OWMSCcIqByITlvY
|
50
|
+
DwIDAQAB
|
51
|
+
-----END PUBLIC KEY-----
|
52
|
+
__EOP__
|
53
|
+
pkey = OpenSSL::PKey::RSA.new(pem)
|
54
|
+
# jruby-openssl/0.6 raises NativeException
|
55
|
+
assert_raise(OpenSSL::PKey::RSAError, 'JRUBY-4492') do
|
56
|
+
pkey.public_decrypt("rah")
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
# http://github.com/jruby/jruby-openssl/issues#issue/1
|
61
|
+
def test_load_pkey_rsa
|
62
|
+
pem = <<__EOP__
|
63
|
+
-----BEGIN PRIVATE KEY-----
|
64
|
+
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
|
65
|
+
A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
|
66
|
+
7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
|
67
|
+
hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
|
68
|
+
X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
|
69
|
+
uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
|
70
|
+
rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
|
71
|
+
zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
|
72
|
+
qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
|
73
|
+
WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
|
74
|
+
cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
|
75
|
+
3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
|
76
|
+
AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
|
77
|
+
Lw03eHTNQghS0A==
|
78
|
+
-----END PRIVATE KEY-----
|
79
|
+
__EOP__
|
80
|
+
assert_nothing_raised do
|
81
|
+
pkey = OpenSSL::PKey::RSA.new(pem)
|
82
|
+
pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
|
83
|
+
assert_equal(pkey.n, pkey2.n)
|
84
|
+
assert_equal(pkey.e, pkey2.e)
|
85
|
+
assert_equal(pkey.d, pkey2.d)
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
def test_load_pkey_rsa_enc
|
90
|
+
# password is '1234'
|
91
|
+
pem = <<__EOP__
|
92
|
+
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
93
|
+
MIICoTAbBgkqhkiG9w0BBQMwDgQIfvehP6JEg2wCAggABIICgD7kzSr+xWgdAuzG
|
94
|
+
cYNkCEWyKF6V0cJ58AKSoL4FQ59OQvQP/hMnSZEMiUpeGNRE6efC7O02RUjNarIk
|
95
|
+
ciCYIBqd5EFG3OSypK5l777AbCChIkzZHbyE/pIbadr8ZX9C4pkwzPqS0Avzavxi
|
96
|
+
5s1WDX2GggJkBcQUijqG9QuOZcOvoYbojHPT4tdJq+J6s+0LFas9Jp3a6dYkxtgv
|
97
|
+
u8Z6EFDZoLGOSVy/jCSMuZAnhoOxUCYqd9FFo2jryV7tQ/CaYAUApAQFTLgBA9qk
|
98
|
+
4WmyKRpwzIx6EG1pkqulvPXJCcTat9YwllEDVuQ2rKVwDepSl9O7X170Kx1sBecz
|
99
|
+
mGcfqviU9xwP5mkXO/TLoTZExkHF08Y3d/PTMdxGEDZH37/yRqCIb3Uyqv/jLibM
|
100
|
+
/s9fm52aWsfO1ndHEhciovlMJvGXq3+e+9gmq1w2TyNQahRc5fwfhwWKhPKfYDBk
|
101
|
+
7AtjPGfELDX61WZ5m+4Kb70BcGSAEgXCaBydVsMROy0B8jkYgtAnVBb4EMrGOsCG
|
102
|
+
jmNeW9MRIhrhDcifdyq1DMNg7IONMF+5mDdQ3FhK6WzlFU+8cTN517qA8L3A3+ZX
|
103
|
+
asiS+rx5/50InINknjuvVkmTGMzjl89nMNrZCjhx9sIDfXQ3ZKFmh1mvnXq/fLan
|
104
|
+
CgXn/UtLoykrSlobgqIxZslhj3p01kMCgGe62S3kokYrDTQEc57rlKWWR3Xyjy/T
|
105
|
+
LsecXAKEROj95IHSMMnT4jl+TJnbvGKQ2U9tOOB3W+OOOlDEFE59pQlcmQPAwdzr
|
106
|
+
mzI4kupi3QRTFjOgvX29leII9sPtpr4dKMKVIRxKnvMZhUAkS/n3+Szfa6zKexLa
|
107
|
+
4CHVgDo=
|
108
|
+
-----END ENCRYPTED PRIVATE KEY-----
|
109
|
+
__EOP__
|
110
|
+
assert_nothing_raised do
|
111
|
+
pkey = OpenSSL::PKey::RSA.new(pem, '1234')
|
112
|
+
pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
|
113
|
+
assert_equal(pkey.n, pkey2.n)
|
114
|
+
assert_equal(pkey.e, pkey2.e)
|
115
|
+
assert_equal(pkey.d, pkey2.d)
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
# jruby-openssl/0.6 causes NPE
|
120
|
+
def test_generate_pkey_rsa_empty
|
121
|
+
assert_nothing_raised do
|
122
|
+
OpenSSL::PKey::RSA.new.to_pem
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
def test_generate_pkey_rsa_length
|
127
|
+
assert_nothing_raised do
|
128
|
+
OpenSSL::PKey::RSA.new(512).to_pem
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
def test_generate_pkey_rsa_to_text
|
133
|
+
assert_match(
|
134
|
+
/Private-Key: \(512 bit\)/,
|
135
|
+
OpenSSL::PKey::RSA.new(512).to_text
|
136
|
+
)
|
137
|
+
end
|
138
|
+
|
139
|
+
def test_load_pkey_rsa
|
140
|
+
pkey = OpenSSL::PKey::RSA.new(512)
|
141
|
+
assert_equal(pkey.to_pem, OpenSSL::PKey::RSA.new(pkey.to_pem).to_pem)
|
142
|
+
end
|
143
|
+
|
144
|
+
def test_load_pkey_rsa_public
|
145
|
+
pkey = OpenSSL::PKey::RSA.new(512).public_key
|
146
|
+
assert_equal(pkey.to_pem, OpenSSL::PKey::RSA.new(pkey.to_pem).to_pem)
|
147
|
+
end
|
148
|
+
|
149
|
+
def test_load_pkey_rsa_der
|
150
|
+
pkey = OpenSSL::PKey::RSA.new(512)
|
151
|
+
assert_equal(pkey.to_der, OpenSSL::PKey::RSA.new(pkey.to_der).to_der)
|
152
|
+
end
|
153
|
+
|
154
|
+
def test_load_pkey_rsa_public_der
|
155
|
+
pkey = OpenSSL::PKey::RSA.new(512).public_key
|
156
|
+
assert_equal(pkey.to_der, OpenSSL::PKey::RSA.new(pkey.to_der).to_der)
|
157
|
+
end
|
158
|
+
|
159
|
+
# jruby-openssl/0.6 causes NPE
|
160
|
+
def test_generate_pkey_dsa_empty
|
161
|
+
assert_nothing_raised do
|
162
|
+
OpenSSL::PKey::DSA.new.to_pem
|
163
|
+
end
|
164
|
+
end
|
165
|
+
|
166
|
+
# jruby-openssl/0.6 ignores fixnum arg => to_pem returned 65 bytes with 'MAA='
|
167
|
+
def test_generate_pkey_dsa_length
|
168
|
+
assert(OpenSSL::PKey::DSA.new(512).to_pem.size > 100)
|
169
|
+
end
|
170
|
+
|
171
|
+
# jruby-openssl/0.6 returns nil for DSA#to_text
|
172
|
+
def test_generate_pkey_dsa_to_text
|
173
|
+
assert_match(
|
174
|
+
/Private-Key: \(512 bit\)/,
|
175
|
+
OpenSSL::PKey::DSA.new(512).to_text
|
176
|
+
)
|
177
|
+
end
|
178
|
+
|
179
|
+
def test_load_pkey_dsa
|
180
|
+
pkey = OpenSSL::PKey::DSA.new(512)
|
181
|
+
assert_equal(pkey.to_pem, OpenSSL::PKey::DSA.new(pkey.to_pem).to_pem)
|
182
|
+
end
|
183
|
+
|
184
|
+
def test_load_pkey_dsa_public
|
185
|
+
pkey = OpenSSL::PKey::DSA.new(512).public_key
|
186
|
+
assert_equal(pkey.to_pem, OpenSSL::PKey::DSA.new(pkey.to_pem).to_pem)
|
187
|
+
end
|
188
|
+
|
189
|
+
def test_load_pkey_dsa_der
|
190
|
+
pkey = OpenSSL::PKey::DSA.new(512)
|
191
|
+
assert_equal(pkey.to_der, OpenSSL::PKey::DSA.new(pkey.to_der).to_der)
|
192
|
+
end
|
193
|
+
|
194
|
+
def test_load_pkey_dsa_public_der
|
195
|
+
pkey = OpenSSL::PKey::DSA.new(512).public_key
|
196
|
+
assert_equal(pkey.to_der, OpenSSL::PKey::DSA.new(pkey.to_der).to_der)
|
197
|
+
end
|
198
|
+
|
199
|
+
def test_load_pkey_dsa_net_ssh
|
200
|
+
blob = "0\201\367\002\001\000\002A\000\203\316/\037u\272&J\265\003l3\315d\324h\372{\t8\252#\331_\026\006\035\270\266\255\343\353Z\302\276\335\336\306\220\375\202L\244\244J\206>\346\b\315\211\302L\246x\247u\a\376\366\345\302\016#\002\025\000\244\274\302\221Og\275/\302+\356\346\360\024\373wI\2573\361\002@\027\215\270r*\f\213\350C\245\021:\350 \006\\\376\345\022`\210b\262\3643\023XLKS\320\370\002\276\347A\nU\204\276\324\256`=\026\240\330\306J\316V\213\024\e\030\215\355\006\037q\337\356ln\002@\017\257\034\f\260\333'S\271#\237\230E\321\312\027\021\226\331\251Vj\220\305\316\036\v\266+\000\230\270\177B\003?t\a\305]e\344\261\334\023\253\323\251\223M\2175)a(\004\"lI8\312\303\307\a\002\024_\aznW\345\343\203V\326\246ua\203\376\201o\350\302\002"
|
201
|
+
pkey = OpenSSL::PKey::DSA.new(blob)
|
202
|
+
assert_equal(blob, pkey.to_der)
|
203
|
+
end
|
204
|
+
end
|
data/test/test_ssl.rb
ADDED
@@ -0,0 +1,97 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require 'test/unit'
|
3
|
+
require 'webrick/https'
|
4
|
+
require 'net/https'
|
5
|
+
require 'logger'
|
6
|
+
require File.join(File.dirname(__FILE__), "openssl/utils.rb")
|
7
|
+
|
8
|
+
|
9
|
+
class TestSSL < Test::Unit::TestCase
|
10
|
+
PORT = 17171
|
11
|
+
DIR = File.dirname(File.expand_path(__FILE__))
|
12
|
+
|
13
|
+
def setup
|
14
|
+
@server = @server_thread = nil
|
15
|
+
@verbose, $VERBOSE = $VERBOSE, nil
|
16
|
+
setup_server
|
17
|
+
end
|
18
|
+
|
19
|
+
def teardown
|
20
|
+
$VERBOSE = @verbose
|
21
|
+
teardown_server
|
22
|
+
end
|
23
|
+
|
24
|
+
def test_jruby_4826
|
25
|
+
assert_nothing_raised do
|
26
|
+
100.times do
|
27
|
+
http = Net::HTTP.new('localhost', PORT)
|
28
|
+
http.use_ssl = true
|
29
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
30
|
+
req = Net::HTTP::Post.new('/post')
|
31
|
+
http.request(req).body
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
37
|
+
|
38
|
+
def make_certificate(key, cn)
|
39
|
+
subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=#{cn}")
|
40
|
+
exts = [
|
41
|
+
["keyUsage", "keyEncipherment,digitalSignature", true],
|
42
|
+
]
|
43
|
+
OpenSSL::TestUtils.issue_cert(
|
44
|
+
subject, key, 1, Time.now, Time.now + 3600, exts,
|
45
|
+
nil, nil, OpenSSL::Digest::SHA1.new
|
46
|
+
)
|
47
|
+
end
|
48
|
+
|
49
|
+
def setup_server
|
50
|
+
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
51
|
+
cert = make_certificate(key, "localhost")
|
52
|
+
logger = Logger.new(STDERR)
|
53
|
+
logger.level = Logger::Severity::FATAL # avoid logging SSLError (ERROR level)
|
54
|
+
@server = WEBrick::HTTPServer.new(
|
55
|
+
:Logger => logger,
|
56
|
+
:Port => PORT,
|
57
|
+
:AccessLog => [],
|
58
|
+
:SSLEnable => true,
|
59
|
+
:ServerName => "localhost",
|
60
|
+
:SSLCertificate => cert,
|
61
|
+
:SSLPrivateKey => key
|
62
|
+
)
|
63
|
+
@server.mount(
|
64
|
+
"/post",
|
65
|
+
WEBrick::HTTPServlet::ProcHandler.new(method("do_post").to_proc)
|
66
|
+
)
|
67
|
+
@server_thread = start_server_thread(@server)
|
68
|
+
end
|
69
|
+
|
70
|
+
def do_post(req, res)
|
71
|
+
res.chunked = true
|
72
|
+
res['content-type'] = 'text/plain'
|
73
|
+
piper, pipew = IO.pipe
|
74
|
+
res.body = piper
|
75
|
+
10.times { pipew << "A" * 10 }
|
76
|
+
pipew.close
|
77
|
+
end
|
78
|
+
|
79
|
+
def start_server_thread(server)
|
80
|
+
t = Thread.new {
|
81
|
+
Thread.current.abort_on_exception = true
|
82
|
+
server.start
|
83
|
+
}
|
84
|
+
while server.status != :Running
|
85
|
+
Thread.pass
|
86
|
+
unless t.alive?
|
87
|
+
t.join
|
88
|
+
raise
|
89
|
+
end
|
90
|
+
end
|
91
|
+
t
|
92
|
+
end
|
93
|
+
|
94
|
+
def teardown_server
|
95
|
+
@server.shutdown if @server
|
96
|
+
end
|
97
|
+
end
|
@@ -0,0 +1,160 @@
|
|
1
|
+
begin
|
2
|
+
require "openssl"
|
3
|
+
rescue LoadError
|
4
|
+
end
|
5
|
+
|
6
|
+
require "test/unit"
|
7
|
+
require "tempfile"
|
8
|
+
|
9
|
+
class TestX509Store < Test::Unit::TestCase
|
10
|
+
def setup
|
11
|
+
@store = OpenSSL::X509::Store.new
|
12
|
+
end
|
13
|
+
|
14
|
+
def path(file)
|
15
|
+
File.expand_path(file, File.dirname(__FILE__))
|
16
|
+
end
|
17
|
+
|
18
|
+
def teardown
|
19
|
+
end
|
20
|
+
|
21
|
+
def test_ns_cert_type
|
22
|
+
f = Tempfile.new("globalsign-root.pem")
|
23
|
+
f << GLOBALSIGN_ROOT_CA
|
24
|
+
f.close
|
25
|
+
@store.add_file(f.path)
|
26
|
+
f.unlink
|
27
|
+
|
28
|
+
# CAUTION !
|
29
|
+
#
|
30
|
+
# sgc is an issuing CA certificate so we should not verify it for the
|
31
|
+
# purpose 'PURPOSE_SSL_SERVER'. It's not a SSL server certificate.
|
32
|
+
# We're just checking the code for 'PURPOSE_SSL_SERVER'.
|
33
|
+
# jruby-openssl/0.5.2 raises the following exception around ASN.1
|
34
|
+
# nsCertType handling.
|
35
|
+
# Purpose.java:344:in `call': java.lang.ClassCastException: org.bouncycastle.asn1.DEROctetString cannot be cast to org.bouncycastle.asn1.DERBitString
|
36
|
+
sgc = OpenSSL::X509::Certificate.new(GLOBALSIGN_ORGANIZATION_VALIDATION_CA)
|
37
|
+
|
38
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
39
|
+
assert_nothing_raised do
|
40
|
+
@store.verify(sgc) # => should be false
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_purpose_ssl_client
|
45
|
+
@store.add_file(path("fixture/purpose/cacert.pem"))
|
46
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslclient.pem")))
|
47
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
48
|
+
assert_equal(true, @store.verify(cert))
|
49
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
50
|
+
assert_equal(false, @store.verify(cert))
|
51
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
52
|
+
assert_equal(true, @store.verify(cert))
|
53
|
+
end
|
54
|
+
|
55
|
+
def test_purpose_ssl_server
|
56
|
+
@store.add_file(path("fixture/purpose/cacert.pem"))
|
57
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
58
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
59
|
+
assert_equal(true, @store.verify(cert))
|
60
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
61
|
+
assert_equal(false, @store.verify(cert))
|
62
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
63
|
+
assert_equal(true, @store.verify(cert))
|
64
|
+
end
|
65
|
+
|
66
|
+
def test_add_file_multiple
|
67
|
+
f = Tempfile.new("globalsign-root.pem")
|
68
|
+
f << GLOBALSIGN_ROOT_CA
|
69
|
+
f << "junk junk\n"
|
70
|
+
f << "junk junk\n"
|
71
|
+
f << "junk junk\n"
|
72
|
+
f << File.read(path("fixture/purpose/cacert.pem"))
|
73
|
+
f.close
|
74
|
+
@store.add_file(f.path)
|
75
|
+
f.unlink
|
76
|
+
|
77
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
78
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
79
|
+
assert_equal(true, @store.verify(cert))
|
80
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
81
|
+
assert_equal(false, @store.verify(cert))
|
82
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
83
|
+
assert_equal(true, @store.verify(cert))
|
84
|
+
end
|
85
|
+
|
86
|
+
# jruby-openssl/0.6 raises "can't store certificate" because of duplicated
|
87
|
+
# subject. ruby-openssl just ignores the second certificate.
|
88
|
+
def test_add_file_JRUBY_4409
|
89
|
+
assert_nothing_raised do
|
90
|
+
@store.add_file(path("fixture/ca-bundle.crt"))
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
def test_set_default_paths
|
95
|
+
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
96
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
97
|
+
assert_equal(false, @store.verify(cert))
|
98
|
+
begin
|
99
|
+
backup = ENV['SSL_CERT_DIR']
|
100
|
+
ENV['SSL_CERT_DIR'] = path('fixture/purpose/')
|
101
|
+
@store.set_default_paths
|
102
|
+
assert_equal(true, @store.verify(cert))
|
103
|
+
ensure
|
104
|
+
ENV['SSL_CERT_DIR'] = backup if backup
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
GLOBALSIGN_ROOT_CA = <<__EOS__
|
109
|
+
-----BEGIN CERTIFICATE-----
|
110
|
+
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
|
111
|
+
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
|
112
|
+
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
|
113
|
+
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
|
114
|
+
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
|
115
|
+
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
|
116
|
+
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
|
117
|
+
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
|
118
|
+
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
|
119
|
+
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
|
120
|
+
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
|
121
|
+
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
|
122
|
+
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
|
123
|
+
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
|
124
|
+
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
|
125
|
+
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
|
126
|
+
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
|
127
|
+
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
|
128
|
+
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
|
129
|
+
-----END CERTIFICATE-----
|
130
|
+
__EOS__
|
131
|
+
|
132
|
+
GLOBALSIGN_ORGANIZATION_VALIDATION_CA = <<__EOS__
|
133
|
+
-----BEGIN CERTIFICATE-----
|
134
|
+
MIIEZzCCA0+gAwIBAgILBAAAAAABHkSl9SowDQYJKoZIhvcNAQEFBQAwVzELMAkG
|
135
|
+
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
|
136
|
+
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNzA0MTExMjAw
|
137
|
+
MDBaFw0xNzA0MTExMjAwMDBaMGoxIzAhBgNVBAsTGk9yZ2FuaXphdGlvbiBWYWxp
|
138
|
+
ZGF0aW9uIENBMRMwEQYDVQQKEwpHbG9iYWxTaWduMS4wLAYDVQQDEyVHbG9iYWxT
|
139
|
+
aWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBMIIBIjANBgkqhkiG9w0BAQEF
|
140
|
+
AAOCAQ8AMIIBCgKCAQEAoS/EvM6HA+lnwYnI5ZP8fbStnvZjTmronCxziaIB9I8h
|
141
|
+
+P0lnVgWbYb27klXdX516iIRfj37x0JB3PzFDJFVgHvrZDMdm/nKOOmrxiVDUSVA
|
142
|
+
9OR+GFVqqY8QOkAe1leD738vNC8t0vZTwhkNt+3JgfVGLLQjQl6dEwN17Opq/Fd8
|
143
|
+
yTaXO5jcExPs7EH6XTTquZPnEBZlzJyS/fXFnT5KuQn85F8eaV9N9FZyRLEdIwPI
|
144
|
+
NvZliMi/ORZFjh4mbFEWxSoAOMWkE2mVfasBO6jEFLSA2qwaRCDV/qkGexQnr+Aw
|
145
|
+
Id2Q9KnVIxkuHgPmwd+VKeTBlEPdPpCqy0vJvorTOQIDAQABo4IBHzCCARswDgYD
|
146
|
+
VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFH1tKuxm
|
147
|
+
q6dRNqsCafFwj8RZC5ofMEsGA1UdIAREMEIwQAYJKwYBBAGgMgEUMDMwMQYIKwYB
|
148
|
+
BQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQvcmVwb3NpdG9yeS8wMwYD
|
149
|
+
VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNy
|
150
|
+
bDARBglghkgBhvhCAQEEBAMCAgQwIAYDVR0lBBkwFwYKKwYBBAGCNwoDAwYJYIZI
|
151
|
+
AYb4QgQBMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3
|
152
|
+
DQEBBQUAA4IBAQB5R/wV10x53w96ns7UfEtjyYm1ez+ZEuicjJpJL+BOlUrtx7y+
|
153
|
+
8aLbjpMdunFUqkvZiSIkh8UEqKyCUqBS+LjhT6EnZmMhSjnnx8VOX7LWHRNtMOnO
|
154
|
+
16IcvCkKczxbI0n+1v/KsE/18meYwEcR+LdIppAJ1kK+6rG5U0LDnCDJ+6FbtVZt
|
155
|
+
h4HIYKzEuXInCo4eqLEuzTKieFewnPiVu0OOjDGGblMNxhIFukFuqDUwCRgdAmH/
|
156
|
+
/e413mrDO9BNS05QslY2DERd2hplKuaYVqljMy4E567o9I63stp9wMjirqYoL+PJ
|
157
|
+
c738B0E0t6pu7qfb0ZM87ZDsMpKI2cgjbHQh
|
158
|
+
-----END CERTIFICATE-----
|
159
|
+
__EOS__
|
160
|
+
end
|