jruby-openssl 0.0.4 → 0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of jruby-openssl might be problematic. Click here for more details.
- data/History.txt +12 -0
- data/License.txt +30 -0
- data/README.txt +18 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/version.rb +5 -0
- data/lib/openssl/dummy.rb +34 -0
- data/lib/openssl/dummyssl.rb +13 -0
- data/test/openssl/ssl_server.rb +81 -0
- data/test/openssl/test_asn1.rb +199 -0
- data/test/openssl/test_cipher.rb +151 -0
- data/test/openssl/test_digest.rb +88 -0
- data/test/openssl/test_hmac.rb +34 -0
- data/test/openssl/test_ns_spki.rb +69 -0
- data/test/openssl/test_pair.rb +149 -0
- data/test/openssl/test_pkey_rsa.rb +49 -0
- data/test/openssl/test_ssl.rb +284 -0
- data/test/openssl/test_x509cert.rb +174 -0
- data/test/openssl/test_x509crl.rb +218 -0
- data/test/openssl/test_x509ext.rb +74 -0
- data/test/openssl/test_x509name.rb +265 -0
- data/test/openssl/test_x509req.rb +140 -0
- data/test/openssl/test_x509store.rb +217 -0
- data/test/openssl/utils.rb +135 -0
- data/test/test_openssl.rb +21 -0
- data/test/ut_eof.rb +128 -0
- metadata +69 -33
data/History.txt
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
== 0.1
|
2
|
+
|
3
|
+
- PLEASE NOTE: This release is not compatible with JRuby releases earlier than
|
4
|
+
1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
|
5
|
+
0.6 release.
|
6
|
+
- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
|
7
|
+
- Simultaneous support for JRuby trunk and 1.0 branch
|
8
|
+
- Start of support for OpenSSL::BN
|
9
|
+
|
10
|
+
== 0.0.5 and prior
|
11
|
+
|
12
|
+
- Initial versions with maintenance updates
|
data/License.txt
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
JRuby-OpenSSL is distributed under the same license as JRuby (http://www.jruby.org/).
|
2
|
+
|
3
|
+
Version: CPL 1.0/GPL 2.0/LGPL 2.1
|
4
|
+
|
5
|
+
The contents of this file are subject to the Common Public
|
6
|
+
License Version 1.0 (the "License"); you may not use this file
|
7
|
+
except in compliance with the License. You may obtain a copy of
|
8
|
+
the License at http://www.eclipse.org/legal/cpl-v10.html
|
9
|
+
|
10
|
+
Software distributed under the License is distributed on an "AS
|
11
|
+
IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
12
|
+
implied. See the License for the specific language governing
|
13
|
+
rights and limitations under the License.
|
14
|
+
|
15
|
+
Copyright (C) 2007 Ola Bini <ola.bini@gmail.com>
|
16
|
+
|
17
|
+
Alternatively, the contents of this file may be used under the terms of
|
18
|
+
either of the GNU General Public License Version 2 or later (the "GPL"),
|
19
|
+
or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
20
|
+
in which case the provisions of the GPL or the LGPL are applicable instead
|
21
|
+
of those above. If you wish to allow use of your version of this file only
|
22
|
+
under the terms of either the GPL or the LGPL, and not to allow others to
|
23
|
+
use your version of this file under the terms of the CPL, indicate your
|
24
|
+
decision by deleting the provisions above and replace them with the notice
|
25
|
+
and other provisions required by the GPL or the LGPL. If you do not delete
|
26
|
+
the provisions above, a recipient may use your version of this file under
|
27
|
+
the terms of any one of the CPL, the GPL or the LGPL.
|
28
|
+
|
29
|
+
JRuby-OpenSSL includes software by the Legion of the Bouncy Castle
|
30
|
+
(http://bouncycastle.org/license.html).
|
data/README.txt
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.
|
2
|
+
|
3
|
+
JRuby offers *just enough* compatibility for most Ruby applications that use OpenSSL.
|
4
|
+
|
5
|
+
Libraries that appear to work fine:
|
6
|
+
|
7
|
+
Rails, Net::HTTPS
|
8
|
+
|
9
|
+
Notable libraries that do *not* yet work include:
|
10
|
+
|
11
|
+
Net::SSH, Net::SFTP, etc.
|
12
|
+
|
13
|
+
Please report bugs and incompatibilities (preferably with testcases) to either the JRuby
|
14
|
+
mailing list [1] or the JRuby bug tracker [2].
|
15
|
+
|
16
|
+
[1]: http://xircles.codehaus.org/projects/jruby/lists
|
17
|
+
|
18
|
+
[2]: http://jira.codehaus.org/browse/JRUBY
|
data/lib/jopenssl.jar
CHANGED
Binary file
|
@@ -0,0 +1,34 @@
|
|
1
|
+
warn "Warning: OpenSSL ASN1/PKey/X509/Netscape/PKCS7 implementation unavailable"
|
2
|
+
warn "You need to download or install BouncyCastle jars (bc-prov-*.jar, bc-mail-*.jar)"
|
3
|
+
warn "to fix this."
|
4
|
+
module OpenSSL
|
5
|
+
module ASN1
|
6
|
+
class ASN1Error < OpenSSLError; end
|
7
|
+
class ASN1Data; end
|
8
|
+
class Primitive; end
|
9
|
+
class Constructive; end
|
10
|
+
end
|
11
|
+
module PKey
|
12
|
+
class PKeyError < OpenSSLError; end
|
13
|
+
class PKey; def initialize(*args); end; end
|
14
|
+
class RSA < PKey; end
|
15
|
+
class DSA < PKey; end
|
16
|
+
class DH < PKey; end
|
17
|
+
end
|
18
|
+
module X509
|
19
|
+
class Name; end
|
20
|
+
class Certificate; end
|
21
|
+
class Extension; end
|
22
|
+
class CRL; end
|
23
|
+
class Revoked; end
|
24
|
+
class Store; end
|
25
|
+
class Request; end
|
26
|
+
class Attribute; end
|
27
|
+
end
|
28
|
+
module Netscape
|
29
|
+
class SPKI; end
|
30
|
+
end
|
31
|
+
module PKCS7
|
32
|
+
class PKCS7; end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
warn "Warning: OpenSSL SSL implementation unavailable"
|
2
|
+
warn "You must run on JDK 1.5 (Java 5) or higher to use SSL"
|
3
|
+
module OpenSSL
|
4
|
+
module SSL
|
5
|
+
class SSLError < OpenSSLError; end
|
6
|
+
class SSLContext; end
|
7
|
+
class SSLSocket; end
|
8
|
+
VERIFY_NONE = 0
|
9
|
+
VERIFY_PEER = 1
|
10
|
+
VERIFY_FAIL_IF_NO_PEER_CERT = 2
|
11
|
+
VERIFY_CLIENT_ONCE = 4
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
require "socket"
|
2
|
+
require "thread"
|
3
|
+
require "openssl"
|
4
|
+
require File.join(File.dirname(__FILE__), "utils.rb")
|
5
|
+
|
6
|
+
def get_pem(io=$stdin)
|
7
|
+
buf = ""
|
8
|
+
while line = io.gets
|
9
|
+
if /^-----BEGIN / =~ line
|
10
|
+
buf << line
|
11
|
+
break
|
12
|
+
end
|
13
|
+
end
|
14
|
+
while line = io.gets
|
15
|
+
buf << line
|
16
|
+
if /^-----END / =~ line
|
17
|
+
break
|
18
|
+
end
|
19
|
+
end
|
20
|
+
return buf
|
21
|
+
end
|
22
|
+
|
23
|
+
def make_key(pem)
|
24
|
+
begin
|
25
|
+
return OpenSSL::PKey::RSA.new(pem)
|
26
|
+
rescue
|
27
|
+
return OpenSSL::PKey::DSA.new(pem)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
ca_cert = OpenSSL::X509::Certificate.new(get_pem)
|
32
|
+
ssl_cert = OpenSSL::X509::Certificate.new(get_pem)
|
33
|
+
ssl_key = make_key(get_pem)
|
34
|
+
port = Integer(ARGV.shift)
|
35
|
+
verify_mode = Integer(ARGV.shift)
|
36
|
+
start_immediately = (/yes/ =~ ARGV.shift)
|
37
|
+
|
38
|
+
store = OpenSSL::X509::Store.new
|
39
|
+
store.add_cert(ca_cert)
|
40
|
+
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
41
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
42
|
+
ctx.cert_store = store
|
43
|
+
#ctx.extra_chain_cert = [ ca_cert ]
|
44
|
+
ctx.cert = ssl_cert
|
45
|
+
ctx.key = ssl_key
|
46
|
+
ctx.verify_mode = verify_mode
|
47
|
+
|
48
|
+
Socket.do_not_reverse_lookup = true
|
49
|
+
tcps = nil
|
50
|
+
100.times{|i|
|
51
|
+
begin
|
52
|
+
tcps = TCPServer.new("0.0.0.0", port+i)
|
53
|
+
port = port + i
|
54
|
+
break
|
55
|
+
rescue Errno::EADDRINUSE
|
56
|
+
next
|
57
|
+
end
|
58
|
+
}
|
59
|
+
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
|
60
|
+
ssls.start_immediately = start_immediately
|
61
|
+
|
62
|
+
$stdout.sync = true
|
63
|
+
$stdout.puts Process.pid
|
64
|
+
$stdout.puts port
|
65
|
+
|
66
|
+
loop do
|
67
|
+
ssl = ssls.accept rescue next
|
68
|
+
Thread.start{
|
69
|
+
q = Queue.new
|
70
|
+
th = Thread.start{ ssl.write(q.shift) while true }
|
71
|
+
while line = ssl.gets
|
72
|
+
if line =~ /^STARTTLS$/
|
73
|
+
ssl.accept
|
74
|
+
next
|
75
|
+
end
|
76
|
+
q.push(line)
|
77
|
+
end
|
78
|
+
th.kill if q.empty?
|
79
|
+
ssl.close
|
80
|
+
}
|
81
|
+
end
|
@@ -0,0 +1,199 @@
|
|
1
|
+
begin
|
2
|
+
require "openssl"
|
3
|
+
require File.join(File.dirname(__FILE__), "utils.rb")
|
4
|
+
rescue LoadError
|
5
|
+
end
|
6
|
+
require 'test/unit'
|
7
|
+
|
8
|
+
class OpenSSL::TestASN1 < Test::Unit::TestCase
|
9
|
+
def test_decode
|
10
|
+
subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
|
11
|
+
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
12
|
+
now = Time.at(Time.now.to_i) # suppress usec
|
13
|
+
# now = Time.utc(2006,04,03,22,15,13)
|
14
|
+
s = 0xdeadbeafdeadbeafdeadbeafdeadbeaf
|
15
|
+
exts = [
|
16
|
+
["basicConstraints","CA:TRUE,pathlen:1",true],
|
17
|
+
["keyUsage","keyCertSign, cRLSign",true],
|
18
|
+
["subjectKeyIdentifier","hash",false],
|
19
|
+
]
|
20
|
+
dgst = OpenSSL::Digest::SHA1.new
|
21
|
+
cert = OpenSSL::TestUtils.issue_cert(
|
22
|
+
subj, key, s, now, now+3600, exts, nil, nil, dgst)
|
23
|
+
|
24
|
+
asn1 = OpenSSL::ASN1.decode(cert)
|
25
|
+
assert_equal(OpenSSL::ASN1::Sequence, asn1.class)
|
26
|
+
assert_equal(3, asn1.value.size)
|
27
|
+
tbs_cert, sig_alg, sig_val = *asn1.value
|
28
|
+
|
29
|
+
assert_equal(OpenSSL::ASN1::Sequence, tbs_cert.class)
|
30
|
+
assert_equal(8, tbs_cert.value.size)
|
31
|
+
|
32
|
+
version = tbs_cert.value[0]
|
33
|
+
assert_equal(:CONTEXT_SPECIFIC, version.tag_class)
|
34
|
+
assert_equal(0, version.tag)
|
35
|
+
|
36
|
+
assert_equal(1, version.value.size)
|
37
|
+
assert_equal(OpenSSL::ASN1::Integer, version.value[0].class)
|
38
|
+
assert_equal(2, version.value[0].value)
|
39
|
+
|
40
|
+
serial = tbs_cert.value[1]
|
41
|
+
assert_equal(OpenSSL::ASN1::Integer, serial.class)
|
42
|
+
assert_equal(0xdeadbeafdeadbeafdeadbeafdeadbeaf, serial.value)
|
43
|
+
|
44
|
+
sig = tbs_cert.value[2]
|
45
|
+
assert_equal(OpenSSL::ASN1::Sequence, sig.class)
|
46
|
+
assert_equal(2, sig.value.size)
|
47
|
+
assert_equal(OpenSSL::ASN1::ObjectId, sig.value[0].class)
|
48
|
+
assert_equal("1.2.840.113549.1.1.5", sig.value[0].oid)
|
49
|
+
assert_equal(OpenSSL::ASN1::Null, sig.value[1].class)
|
50
|
+
|
51
|
+
dn = tbs_cert.value[3] # issuer
|
52
|
+
assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash)
|
53
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.class)
|
54
|
+
assert_equal(3, dn.value.size)
|
55
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[0].class)
|
56
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[1].class)
|
57
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[2].class)
|
58
|
+
assert_equal(1, dn.value[0].value.size)
|
59
|
+
assert_equal(1, dn.value[1].value.size)
|
60
|
+
assert_equal(1, dn.value[2].value.size)
|
61
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class)
|
62
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class)
|
63
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class)
|
64
|
+
assert_equal(2, dn.value[0].value[0].value.size)
|
65
|
+
assert_equal(2, dn.value[1].value[0].value.size)
|
66
|
+
assert_equal(2, dn.value[2].value[0].value.size)
|
67
|
+
oid, value = *dn.value[0].value[0].value
|
68
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
69
|
+
assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
|
70
|
+
assert_equal(OpenSSL::ASN1::IA5String, value.class)
|
71
|
+
assert_equal("org", value.value)
|
72
|
+
oid, value = *dn.value[1].value[0].value
|
73
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
74
|
+
assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
|
75
|
+
assert_equal(OpenSSL::ASN1::IA5String, value.class)
|
76
|
+
assert_equal("ruby-lang", value.value)
|
77
|
+
oid, value = *dn.value[2].value[0].value
|
78
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
79
|
+
assert_equal("2.5.4.3", oid.oid)
|
80
|
+
assert_equal(OpenSSL::ASN1::UTF8String, value.class)
|
81
|
+
assert_equal("TestCA", value.value)
|
82
|
+
|
83
|
+
validity = tbs_cert.value[4]
|
84
|
+
assert_equal(OpenSSL::ASN1::Sequence, validity.class)
|
85
|
+
assert_equal(2, validity.value.size)
|
86
|
+
assert_equal(OpenSSL::ASN1::UTCTime, validity.value[0].class)
|
87
|
+
assert_equal(now, validity.value[0].value)
|
88
|
+
assert_equal(OpenSSL::ASN1::UTCTime, validity.value[1].class)
|
89
|
+
assert_equal(now+3600, validity.value[1].value)
|
90
|
+
|
91
|
+
dn = tbs_cert.value[5] # subject
|
92
|
+
assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash)
|
93
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.class)
|
94
|
+
assert_equal(3, dn.value.size)
|
95
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[0].class)
|
96
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[1].class)
|
97
|
+
assert_equal(OpenSSL::ASN1::Set, dn.value[2].class)
|
98
|
+
assert_equal(1, dn.value[0].value.size)
|
99
|
+
assert_equal(1, dn.value[1].value.size)
|
100
|
+
assert_equal(1, dn.value[2].value.size)
|
101
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class)
|
102
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class)
|
103
|
+
assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class)
|
104
|
+
assert_equal(2, dn.value[0].value[0].value.size)
|
105
|
+
assert_equal(2, dn.value[1].value[0].value.size)
|
106
|
+
assert_equal(2, dn.value[2].value[0].value.size)
|
107
|
+
oid, value = *dn.value[0].value[0].value
|
108
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
109
|
+
assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
|
110
|
+
assert_equal(OpenSSL::ASN1::IA5String, value.class)
|
111
|
+
assert_equal("org", value.value)
|
112
|
+
oid, value = *dn.value[1].value[0].value
|
113
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
114
|
+
assert_equal("0.9.2342.19200300.100.1.25", oid.oid)
|
115
|
+
assert_equal(OpenSSL::ASN1::IA5String, value.class)
|
116
|
+
assert_equal("ruby-lang", value.value)
|
117
|
+
oid, value = *dn.value[2].value[0].value
|
118
|
+
assert_equal(OpenSSL::ASN1::ObjectId, oid.class)
|
119
|
+
assert_equal("2.5.4.3", oid.oid)
|
120
|
+
assert_equal(OpenSSL::ASN1::UTF8String, value.class)
|
121
|
+
assert_equal("TestCA", value.value)
|
122
|
+
|
123
|
+
pkey = tbs_cert.value[6]
|
124
|
+
assert_equal(OpenSSL::ASN1::Sequence, pkey.class)
|
125
|
+
assert_equal(2, pkey.value.size)
|
126
|
+
assert_equal(OpenSSL::ASN1::Sequence, pkey.value[0].class)
|
127
|
+
assert_equal(2, pkey.value[0].value.size)
|
128
|
+
assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class)
|
129
|
+
assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid)
|
130
|
+
assert_equal(OpenSSL::ASN1::BitString, pkey.value[1].class)
|
131
|
+
assert_equal(0, pkey.value[1].unused_bits)
|
132
|
+
spkey = OpenSSL::ASN1.decode(pkey.value[1].value)
|
133
|
+
assert_equal(OpenSSL::ASN1::Sequence, spkey.class)
|
134
|
+
assert_equal(2, spkey.value.size)
|
135
|
+
assert_equal(OpenSSL::ASN1::Integer, spkey.value[0].class)
|
136
|
+
assert_equal(143085709396403084580358323862163416700436550432664688288860593156058579474547937626086626045206357324274536445865308750491138538454154232826011964045825759324933943290377903384882276841880081931690695505836279972214003660451338124170055999155993192881685495391496854691199517389593073052473319331505702779271, spkey.value[0].value)
|
137
|
+
assert_equal(OpenSSL::ASN1::Integer, spkey.value[1].class)
|
138
|
+
assert_equal(65537, spkey.value[1].value)
|
139
|
+
|
140
|
+
extensions = tbs_cert.value[7]
|
141
|
+
assert_equal(:CONTEXT_SPECIFIC, extensions.tag_class)
|
142
|
+
assert_equal(3, extensions.tag)
|
143
|
+
assert_equal(1, extensions.value.size)
|
144
|
+
assert_equal(OpenSSL::ASN1::Sequence, extensions.value[0].class)
|
145
|
+
assert_equal(3, extensions.value[0].value.size)
|
146
|
+
|
147
|
+
ext = extensions.value[0].value[0] # basicConstraints
|
148
|
+
assert_equal(OpenSSL::ASN1::Sequence, ext.class)
|
149
|
+
assert_equal(3, ext.value.size)
|
150
|
+
assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
|
151
|
+
assert_equal("2.5.29.19", ext.value[0].oid)
|
152
|
+
assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class)
|
153
|
+
assert_equal(true, ext.value[1].value)
|
154
|
+
assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class)
|
155
|
+
extv = OpenSSL::ASN1.decode(ext.value[2].value)
|
156
|
+
assert_equal(OpenSSL::ASN1::Sequence, extv.class)
|
157
|
+
assert_equal(2, extv.value.size)
|
158
|
+
assert_equal(OpenSSL::ASN1::Boolean, extv.value[0].class)
|
159
|
+
assert_equal(true, extv.value[0].value)
|
160
|
+
assert_equal(OpenSSL::ASN1::Integer, extv.value[1].class)
|
161
|
+
assert_equal(1, extv.value[1].value)
|
162
|
+
|
163
|
+
ext = extensions.value[0].value[1] # keyUsage
|
164
|
+
assert_equal(OpenSSL::ASN1::Sequence, ext.class)
|
165
|
+
assert_equal(3, ext.value.size)
|
166
|
+
assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
|
167
|
+
assert_equal("2.5.29.15", ext.value[0].oid)
|
168
|
+
assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class)
|
169
|
+
assert_equal(true, ext.value[1].value)
|
170
|
+
assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class)
|
171
|
+
extv = OpenSSL::ASN1.decode(ext.value[2].value)
|
172
|
+
assert_equal(OpenSSL::ASN1::BitString, extv.class)
|
173
|
+
str = "\000"; str[0] = 0b00000110
|
174
|
+
assert_equal(str, extv.value)
|
175
|
+
|
176
|
+
ext = extensions.value[0].value[2] # subjetKeyIdentifier
|
177
|
+
assert_equal(OpenSSL::ASN1::Sequence, ext.class)
|
178
|
+
assert_equal(2, ext.value.size)
|
179
|
+
assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class)
|
180
|
+
assert_equal("2.5.29.14", ext.value[0].oid)
|
181
|
+
assert_equal(OpenSSL::ASN1::OctetString, ext.value[1].class)
|
182
|
+
extv = OpenSSL::ASN1.decode(ext.value[1].value)
|
183
|
+
assert_equal(OpenSSL::ASN1::OctetString, extv.class)
|
184
|
+
sha1 = OpenSSL::Digest::SHA1.new
|
185
|
+
sha1.update(pkey.value[1].value)
|
186
|
+
assert_equal(sha1.digest, extv.value)
|
187
|
+
|
188
|
+
assert_equal(OpenSSL::ASN1::Sequence, sig_alg.class)
|
189
|
+
assert_equal(2, sig_alg.value.size)
|
190
|
+
assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class)
|
191
|
+
assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid)
|
192
|
+
assert_equal(OpenSSL::ASN1::Null, pkey.value[0].value[1].class)
|
193
|
+
|
194
|
+
assert_equal(OpenSSL::ASN1::BitString, sig_val.class)
|
195
|
+
|
196
|
+
cululated_sig = key.sign(OpenSSL::Digest::SHA1.new, tbs_cert.to_der)
|
197
|
+
assert_equal(cululated_sig, sig_val.value)
|
198
|
+
end
|
199
|
+
end if defined?(OpenSSL)
|
@@ -0,0 +1,151 @@
|
|
1
|
+
begin
|
2
|
+
require "openssl"
|
3
|
+
rescue LoadError
|
4
|
+
end
|
5
|
+
require "test/unit"
|
6
|
+
|
7
|
+
if defined?(OpenSSL)
|
8
|
+
|
9
|
+
class OpenSSL::TestCipher < Test::Unit::TestCase
|
10
|
+
def setup
|
11
|
+
@c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC")
|
12
|
+
@c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
|
13
|
+
@key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
14
|
+
@iv = "\0\0\0\0\0\0\0\0"
|
15
|
+
@hexkey = "0000000000000000000000000000000000000000000000"
|
16
|
+
@hexiv = "0000000000000000"
|
17
|
+
@data = "DATA"
|
18
|
+
end
|
19
|
+
|
20
|
+
def teardown
|
21
|
+
@c1 = @c2 = nil
|
22
|
+
end
|
23
|
+
|
24
|
+
def test_crypt
|
25
|
+
@c1.encrypt.pkcs5_keyivgen(@key, @iv)
|
26
|
+
@c2.encrypt.pkcs5_keyivgen(@key, @iv)
|
27
|
+
s1 = @c1.update(@data) + @c1.final
|
28
|
+
s2 = @c2.update(@data) + @c2.final
|
29
|
+
assert_equal(s1, s2, "encrypt")
|
30
|
+
|
31
|
+
@c1.decrypt.pkcs5_keyivgen(@key, @iv)
|
32
|
+
@c2.decrypt.pkcs5_keyivgen(@key, @iv)
|
33
|
+
assert_equal(@data, @c1.update(s1)+@c1.final, "decrypt")
|
34
|
+
assert_equal(@data, @c2.update(s2)+@c2.final, "decrypt")
|
35
|
+
end
|
36
|
+
|
37
|
+
def test_info
|
38
|
+
assert_equal("DES-EDE3-CBC", @c1.name, "name")
|
39
|
+
assert_equal("DES-EDE3-CBC", @c2.name, "name")
|
40
|
+
assert_kind_of(Fixnum, @c1.key_len, "key_len")
|
41
|
+
assert_kind_of(Fixnum, @c1.iv_len, "iv_len")
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_dup
|
45
|
+
assert_equal(@c1.name, @c1.dup.name, "dup")
|
46
|
+
assert_equal(@c1.name, @c1.clone.name, "clone")
|
47
|
+
@c1.encrypt
|
48
|
+
@c1.key = @key
|
49
|
+
@c1.iv = @iv
|
50
|
+
tmpc = @c1.dup
|
51
|
+
s1 = @c1.update(@data) + @c1.final
|
52
|
+
s2 = tmpc.update(@data) + tmpc.final
|
53
|
+
assert_equal(s1, s2, "encrypt dup")
|
54
|
+
end
|
55
|
+
|
56
|
+
def test_reset
|
57
|
+
@c1.encrypt
|
58
|
+
@c1.key = @key
|
59
|
+
@c1.iv = @iv
|
60
|
+
s1 = @c1.update(@data) + @c1.final
|
61
|
+
@c1.reset
|
62
|
+
s2 = @c1.update(@data) + @c1.final
|
63
|
+
assert_equal(s1, s2, "encrypt reset")
|
64
|
+
end
|
65
|
+
|
66
|
+
def test_empty_data
|
67
|
+
@c1.encrypt
|
68
|
+
assert_raises(ArgumentError){ @c1.update("") }
|
69
|
+
end
|
70
|
+
|
71
|
+
def test_disable_padding(padding=0)
|
72
|
+
# assume a padding size of 8
|
73
|
+
# encrypt the data with padding
|
74
|
+
@c1.encrypt
|
75
|
+
@c1.key = @key
|
76
|
+
@c1.iv = @iv
|
77
|
+
encrypted_data = @c1.update(@data) + @c1.final
|
78
|
+
assert_equal(8, encrypted_data.size)
|
79
|
+
# decrypt with padding disabled
|
80
|
+
@c1.decrypt
|
81
|
+
@c1.padding = padding
|
82
|
+
decrypted_data = @c1.update(encrypted_data) + @c1.final
|
83
|
+
# check that the result contains the padding
|
84
|
+
assert_equal(8, decrypted_data.size)
|
85
|
+
assert_equal(@data, decrypted_data[0...@data.size])
|
86
|
+
end
|
87
|
+
|
88
|
+
if PLATFORM =~ /java/
|
89
|
+
# JRuby extension - using Java padding types
|
90
|
+
|
91
|
+
def test_disable_padding_javastyle
|
92
|
+
test_disable_padding('NoPadding')
|
93
|
+
end
|
94
|
+
|
95
|
+
def test_iso10126_padding
|
96
|
+
@c1.encrypt
|
97
|
+
@c1.key = @key
|
98
|
+
@c1.iv = @iv
|
99
|
+
@c1.padding = 'ISO10126Padding'
|
100
|
+
encrypted_data = @c1.update(@data) + @c1.final
|
101
|
+
# decrypt with padding disabled to see the padding
|
102
|
+
@c1.decrypt
|
103
|
+
@c1.padding = 0
|
104
|
+
decrypted_data = @c1.update(encrypted_data) + @c1.final
|
105
|
+
assert_equal(@data, decrypted_data[0...@data.size])
|
106
|
+
# last byte should be the amount of padding
|
107
|
+
assert_equal(4, decrypted_data[-1])
|
108
|
+
end
|
109
|
+
|
110
|
+
def test_iso10126_padding_boundry
|
111
|
+
@data = 'HELODATA' # 8 bytes, same as padding size
|
112
|
+
@c1.encrypt
|
113
|
+
@c1.key = @key
|
114
|
+
@c1.iv = @iv
|
115
|
+
@c1.padding = 'ISO10126Padding'
|
116
|
+
encrypted_data = @c1.update(@data) + @c1.final
|
117
|
+
# decrypt with padding disabled to see the padding
|
118
|
+
@c1.decrypt
|
119
|
+
@c1.padding = 0
|
120
|
+
decrypted_data = @c1.update(encrypted_data) + @c1.final
|
121
|
+
assert_equal(@data, decrypted_data[0...@data.size])
|
122
|
+
# padding should be one whole block
|
123
|
+
assert_equal(8, decrypted_data[-1])
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
|
128
|
+
def test_ciphers
|
129
|
+
OpenSSL::Cipher.ciphers.each{|name|
|
130
|
+
assert(OpenSSL::Cipher::Cipher.new(name).is_a?(OpenSSL::Cipher::Cipher))
|
131
|
+
}
|
132
|
+
end
|
133
|
+
|
134
|
+
def test_AES
|
135
|
+
pt = File.read(__FILE__)
|
136
|
+
%w(ECB CBC CFB OFB).each{|mode|
|
137
|
+
c1 = OpenSSL::Cipher::AES256.new(mode)
|
138
|
+
c1.encrypt
|
139
|
+
c1.pkcs5_keyivgen("passwd")
|
140
|
+
ct = c1.update(pt) + c1.final
|
141
|
+
|
142
|
+
c2 = OpenSSL::Cipher::AES256.new(mode)
|
143
|
+
c2.decrypt
|
144
|
+
c2.pkcs5_keyivgen("passwd")
|
145
|
+
assert_equal(pt, c2.update(ct) + c2.final)
|
146
|
+
}
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
end
|