jruby-openssl 0.6 → 0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. data/History.txt +45 -0
  2. data/Manifest.txt +19 -11
  3. data/README.txt +1 -12
  4. data/Rakefile +12 -5
  5. data/lib/bcmail-jdk15-144.jar +0 -0
  6. data/lib/bcprov-jdk15-144.jar +0 -0
  7. data/lib/jopenssl/version.rb +1 -1
  8. data/lib/jopenssl.jar +0 -0
  9. data/lib/openssl/bn.rb +5 -3
  10. data/lib/openssl/buffering.rb +2 -2
  11. data/lib/openssl/cipher.rb +27 -18
  12. data/lib/openssl/digest.rb +19 -4
  13. data/lib/openssl/dummy.rb +11 -11
  14. data/lib/openssl/dummyssl.rb +2 -1
  15. data/lib/openssl/pkcs7.rb +25 -0
  16. data/lib/openssl/ssl.rb +70 -26
  17. data/lib/openssl/x509.rb +2 -2
  18. data/lib/openssl.rb +47 -2
  19. data/test/fixture/ca-bundle.crt +2794 -0
  20. data/test/fixture/keypair.pem +27 -0
  21. data/test/fixture/selfcert.pem +23 -0
  22. data/test/{pkcs7_mime_enveloped.message → java/pkcs7_mime_enveloped.message} +0 -0
  23. data/test/{pkcs7_mime_signed.message → java/pkcs7_mime_signed.message} +0 -0
  24. data/test/{pkcs7_multipart_signed.message → java/pkcs7_multipart_signed.message} +0 -0
  25. data/test/{test_java_attribute.rb → java/test_java_attribute.rb} +2 -2
  26. data/test/{test_java_bio.rb → java/test_java_bio.rb} +0 -0
  27. data/test/{test_java_mime.rb → java/test_java_mime.rb} +0 -0
  28. data/test/{test_java_pkcs7.rb → java/test_java_pkcs7.rb} +35 -32
  29. data/test/{test_java_smime.rb → java/test_java_smime.rb} +0 -0
  30. data/test/openssl/test_asn1.rb +1 -3
  31. data/test/openssl/test_cipher.rb +7 -10
  32. data/test/openssl/test_ec.rb +113 -0
  33. data/test/openssl/test_pair.rb +3 -8
  34. data/test/openssl/test_pkcs7.rb +339 -11
  35. data/test/openssl/test_ssl.rb +728 -100
  36. data/test/openssl/test_x509cert.rb +5 -5
  37. data/test/openssl/test_x509crl.rb +1 -2
  38. data/test/openssl/test_x509ext.rb +3 -3
  39. data/test/openssl/test_x509name.rb +1 -0
  40. data/test/openssl/test_x509req.rb +5 -7
  41. data/test/openssl/test_x509store.rb +3 -2
  42. data/test/test_all.rb +1 -0
  43. data/test/{test_openssl_x509.rb → test_certificate.rb} +33 -3
  44. data/test/test_cipher.rb +85 -7
  45. data/test/test_integration.rb +7 -8
  46. data/test/test_java.rb +9 -9
  47. data/test/test_openssl.rb +3 -33
  48. data/test/test_parse_certificate.rb +8 -1
  49. data/test/test_pkcs7.rb +40 -0
  50. data/test/test_pkey.rb +165 -7
  51. data/test/test_x509store.rb +8 -7
  52. metadata +31 -30
  53. data/lib/bcmail-jdk14-139.jar +0 -0
  54. data/lib/bcprov-jdk14-139.jar +0 -0
@@ -49,7 +49,8 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
49
49
  ].each{|pk, digest|
50
50
  cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts,
51
51
  nil, nil, digest)
52
- assert_equal(cert.extensions[1].value,OpenSSL::TestUtils.get_subject_key_id(cert))
52
+ assert_equal(cert.extensions[1].value,
53
+ OpenSSL::TestUtils.get_subject_key_id(cert))
53
54
  cert = OpenSSL::X509::Certificate.new(cert.to_der)
54
55
  assert_equal(cert.extensions[1].value,
55
56
  OpenSSL::TestUtils.get_subject_key_id(cert))
@@ -156,15 +157,15 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
156
157
  cert.not_after = Time.now
157
158
  assert_equal(false, cert.verify(@dsa512))
158
159
 
159
- assert_raises(OpenSSL::X509::CertificateError){
160
+ assert_raise(OpenSSL::X509::CertificateError){
160
161
  cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
161
162
  nil, nil, OpenSSL::Digest::DSS1.new)
162
163
  }
163
- assert_raises(OpenSSL::X509::CertificateError){
164
+ assert_raise(OpenSSL::X509::CertificateError){
164
165
  cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
165
166
  nil, nil, OpenSSL::Digest::MD5.new)
166
167
  }
167
- assert_raises(OpenSSL::X509::CertificateError){
168
+ assert_raise(OpenSSL::X509::CertificateError){
168
169
  cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
169
170
  nil, nil, OpenSSL::Digest::SHA1.new)
170
171
  }
@@ -230,7 +231,6 @@ END
230
231
  # This is commented out because it doesn't take timezone into consideration; FIXME
231
232
  #assert_equal(cert_text, cert.to_text)
232
233
  end
233
-
234
234
  end
235
235
 
236
236
  end
@@ -134,7 +134,7 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
134
134
  ["authorityKeyIdentifier", "keyid:always", false],
135
135
  ["issuerAltName", "issuer:copy", false],
136
136
  ]
137
-
137
+
138
138
  cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, cert_exts,
139
139
  nil, nil, OpenSSL::Digest::SHA1.new)
140
140
  crl = issue_crl([], 1, Time.now, Time.now+1600, crl_exts,
@@ -228,7 +228,6 @@ END
228
228
  assert_equal(1, crl.version)
229
229
  assert_equal(OpenSSL::X509::Name.parse("/CN=ca").to_der, crl.issuer.to_der)
230
230
  end
231
-
232
231
  end
233
232
 
234
233
  end
@@ -69,11 +69,11 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
69
69
  %r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
70
70
  cdp.value)
71
71
  end
72
-
72
+
73
73
  # JRUBY-3888
74
74
  # Problems with subjectKeyIdentifier with non 20-bytes sha1 digested keys
75
75
  def test_certificate_with_rare_extension
76
- cert_file = File.join(File.dirname(__FILE__), "..", "fixture", "max.pem")
76
+ cert_file = File.expand_path('../fixture/max.pem', File.dirname(__FILE__))
77
77
  cer = OpenSSL::X509::Certificate.new(File.read(cert_file))
78
78
  exts = Hash.new
79
79
  cer.extensions.each{|ext| exts[ext.oid] = ext.value}
@@ -82,7 +82,7 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
82
82
  end
83
83
 
84
84
  def test_extension_from_20_byte_sha1_digests
85
- cert_file = File.join(File.dirname(__FILE__), "..", "fixture", "common.pem")
85
+ cert_file = File.expand_path('../fixture/common.pem', File.dirname(__FILE__))
86
86
  cer = OpenSSL::X509::Certificate.new(File.read(cert_file))
87
87
  exts = Hash.new
88
88
  cer.extensions.each{|ext| exts[ext.oid] = ext.value}
@@ -138,6 +138,7 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
138
138
 
139
139
  def test_s_parse_rfc2253
140
140
  scanner = OpenSSL::X509::Name::RFC2253DN.method(:scan)
141
+
141
142
  assert_equal([["C", "JP"]], scanner.call("C=JP"))
142
143
  assert_equal([
143
144
  ["DC", "org"],
@@ -155,8 +155,8 @@ END
155
155
  assert_equal(OpenSSL::X509::Name.parse("/CN=192.168.0.4").to_der, req.subject.to_der)
156
156
  end
157
157
 
158
- def test_create_to_pem
159
- req_s = <<END
158
+ def test_create_to_pem
159
+ req_s = <<END
160
160
  -----BEGIN CERTIFICATE REQUEST-----
161
161
  MIIBVTCBvwIBADAWMRQwEgYDVQQDDAsxOTIuMTY4LjAuNDCBnzANBgkqhkiG9w0B
162
162
  AQEFAAOBjQAwgYkCgYEA0oTTzFLydOTVtBpNdYl4S0356AysVkHlqD/tNEMxQT0l
@@ -168,11 +168,9 @@ DVD201pI3p6LIxaRyXE20RYTp0Jj6jv+tNFd0wjVlzgStmcplNo8hu6Dtp1gKETW
168
168
  qL7M4i48FXHn
169
169
  -----END CERTIFICATE REQUEST-----
170
170
  END
171
- req = OpenSSL::X509::Request.new(req_s)
172
-
173
- assert_equal(req_s, req.to_pem)
174
- end
175
-
171
+ req = OpenSSL::X509::Request.new(req_s)
172
+ assert_equal(req_s.gsub(/[\r\n]/, ''), req.to_pem.gsub(/[\r\n]/, ''))
173
+ end
176
174
  end
177
175
 
178
176
  end
@@ -99,6 +99,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
99
99
  store.purpose = OpenSSL::X509::PURPOSE_CRL_SIGN
100
100
  assert_equal(true, store.verify(ca2_cert))
101
101
  assert_equal(OpenSSL::X509::V_OK, store.error)
102
+
102
103
  store.add_cert(ca2_cert)
103
104
  store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
104
105
  assert_equal(true, store.verify(ee1_cert))
@@ -198,7 +199,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
198
199
  nil, nil, OpenSSL::Digest::SHA1.new)
199
200
  store = OpenSSL::X509::Store.new
200
201
  store.add_cert(ca1_cert)
201
- assert_raises(OpenSSL::X509::StoreError){
202
+ assert_raise(OpenSSL::X509::StoreError){
202
203
  store.add_cert(ca1_cert) # add same certificate twice
203
204
  }
204
205
 
@@ -209,7 +210,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
209
210
  crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
210
211
  ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
211
212
  store.add_crl(crl1)
212
- assert_raises(OpenSSL::X509::StoreError){
213
+ assert_raise(OpenSSL::X509::StoreError){
213
214
  store.add_crl(crl2) # add CRL issued by same CA twice.
214
215
  }
215
216
  end
data/test/test_all.rb ADDED
@@ -0,0 +1 @@
1
+ Dir.glob("test/test_*.rb").sort.reject{|t| t =~ /test_all/}.each {|t| require t }
@@ -1,8 +1,38 @@
1
1
  require 'openssl'
2
- require 'test/unit'
2
+ require "test/unit"
3
3
 
4
- # JRUBY-3468
5
- class TestOpensslX509 < Test::Unit::TestCase
4
+ class TestCertificate < Test::Unit::TestCase
5
+ def setup
6
+ cert_file = File.expand_path('fixture/selfcert.pem', File.dirname(__FILE__))
7
+ key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
8
+ @cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
9
+ @key = OpenSSL::PKey::RSA.new(File.read(key_file))
10
+ end
11
+
12
+ def test_sign_for_pem_initialized_certificate
13
+ pem = @cert.to_pem
14
+ exts = @cert.extensions
15
+ assert_nothing_raised do
16
+ @cert.sign(@key, OpenSSL::Digest::SHA1.new)
17
+ end
18
+ # TODO: for now, jruby-openssl cannot keep order of extensions after sign.
19
+ # assert_equal(pem, @cert.to_pem)
20
+ assert_equal(exts.size, @cert.extensions.size)
21
+ exts.each do |ext|
22
+ found = @cert.extensions.find { |e| e.oid == ext.oid }
23
+ assert_not_nil(found)
24
+ assert_equal(ext.value, found.value)
25
+ end
26
+ end
27
+
28
+ def test_set_public_key
29
+ pkey = @cert.public_key
30
+ newkey = OpenSSL::PKey::RSA.new(1024)
31
+ @cert.public_key = newkey
32
+ assert_equal(newkey.public_key.to_pem, @cert.public_key.to_pem)
33
+ end
34
+
35
+ # JRUBY-3468
6
36
  def test_jruby3468
7
37
  pem_cert = <<END
8
38
  -----BEGIN CERTIFICATE-----
data/test/test_cipher.rb CHANGED
@@ -1,10 +1,3 @@
1
- if defined?(JRUBY_VERSION)
2
- require "java"
3
- base = File.dirname(__FILE__)
4
- $CLASSPATH << File.join(base, '..', 'pkg', 'classes')
5
- $CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
6
- end
7
-
8
1
  begin
9
2
  require "openssl"
10
3
  rescue LoadError
@@ -59,6 +52,91 @@ class TestCipher < Test::Unit::TestCase
59
52
  )
60
53
  end
61
54
 
55
+ def test_rc4
56
+ do_repeated_test(
57
+ "RC4",
58
+ "foobarbazboofarf",
59
+ "/i|\257\336U\354\331\212\304E\021\246\351\235\303",
60
+ "\020\367\370\316\212\262\266e\242\333\263\305z\340\204\200"
61
+ )
62
+ end
63
+
64
+ def test_cast
65
+ do_repeated_test(
66
+ "cast-cbc",
67
+ "foobarbazboofarf",
68
+ "`m^\225\277\307\247m`{\f\020fl\ry",
69
+ "(\354\265\251,D\016\037\251\250V\207\367\214\276B"
70
+ )
71
+ end
72
+
73
+ # JRUBY-4326 (1)
74
+ def test_cipher_unsupported_algorithm
75
+ assert_raise(OpenSSL::Cipher::CipherError) do
76
+ cipher = OpenSSL::Cipher::Cipher.new('aes-xxxxxxx')
77
+ end
78
+ end
79
+
80
+ # JRUBY-4326 (2)
81
+ def test_cipher_unsupported_keylen
82
+ bits_128 = java.lang.String.new("0123456789ABCDEF").getBytes()
83
+ bits_256 = java.lang.String.new("0123456789ABCDEF0123456789ABCDEF").getBytes()
84
+
85
+ # AES128 is allowed
86
+ cipher = OpenSSL::Cipher::Cipher.new('aes-128-cbc')
87
+ cipher = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
88
+ cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding")
89
+ key_spec = javax.crypto.spec.SecretKeySpec.new(bits_128, "AES")
90
+ iv_spec = javax.crypto.spec.IvParameterSpec.new(bits_128)
91
+ assert_nothing_raised do
92
+ cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, key_spec, iv_spec)
93
+ end
94
+
95
+ # check if AES256 is allowed or not in env policy
96
+ cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding")
97
+ key_spec = javax.crypto.spec.SecretKeySpec.new(bits_256, "AES")
98
+ allowed = false
99
+ begin
100
+ cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, key_spec, iv_spec)
101
+ allowed = true
102
+ rescue
103
+ end
104
+
105
+ # jruby-openssl should raise as well?
106
+ # CRuby's openssl raises exception at initialization time.
107
+ # At this time, jruby-openssl raises later. TODO
108
+ cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
109
+ cipher.encrypt
110
+ cipher.padding = 0
111
+ if allowed
112
+ assert_nothing_raised(OpenSSL::Cipher::CipherError) do
113
+ cipher.pkcs5_keyivgen("password")
114
+ end
115
+ else
116
+ assert_raise(OpenSSL::Cipher::CipherError) do
117
+ cipher.pkcs5_keyivgen("password")
118
+ end
119
+ end
120
+ end
121
+
122
+ def test_iv_length_auto_trim_JRUBY_4012
123
+ e1 = e2 = nil
124
+ plain = 'data'
125
+ des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
126
+ des.encrypt
127
+ des.key = '0123456789abcdef01234567890'
128
+ des.iv = "0" * (128/8) # too long for DES which is a 64 bit block
129
+ assert_nothing_raised do
130
+ e1 = des.update(plain) + des.final
131
+ end
132
+ des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
133
+ des.encrypt
134
+ des.key = '0123456789abcdef01234567890'
135
+ des.iv = "0" * (64/8) # DES is a 64 bit block
136
+ e2 = des.update(plain) + des.final
137
+ assert_equal(e2, e1, "JRUBY-4012")
138
+ end
139
+
62
140
  private
63
141
  def do_repeated_test(algo, string, enc1, enc2)
64
142
  do_repeated_encrypt_test(algo, string, enc1, enc2)
@@ -1,10 +1,3 @@
1
- if defined?(JRUBY_VERSION)
2
- require "java"
3
- base = File.join(File.dirname(__FILE__), '..')
4
- $CLASSPATH << File.join(base, 'pkg', 'classes')
5
- $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
6
- end
7
-
8
1
  begin
9
2
  require "openssl"
10
3
  rescue LoadError
@@ -52,14 +45,20 @@ class TestIntegration < Test::Unit::TestCase
52
45
  assert s.get(uri.request_uri).length > 0
53
46
  end
54
47
  # wrong trust anchor for www.amazon.com
48
+ http = Net::HTTP.new(uri.host, uri.port)
49
+ http.use_ssl = true
50
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
55
51
  http.ca_file = 'test/fixture/verisign_c3.pem'
56
- assert_raises(OpenSSL::SSL::SSLError) do
52
+ assert_raise(OpenSSL::SSL::SSLError) do
57
53
  # it must cause SSLError for verification failure.
58
54
  response = http.start do |s|
59
55
  s.get(uri.request_uri)
60
56
  end
61
57
  end
62
58
  # round trip
59
+ http = Net::HTTP.new(uri.host, uri.port)
60
+ http.use_ssl = true
61
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
63
62
  http.ca_file = 'test/fixture/verisign.pem'
64
63
  response = http.start do |s|
65
64
  assert s.get(uri.request_uri).length > 0
data/test/test_java.rb CHANGED
@@ -6,7 +6,7 @@ require 'mocha'
6
6
  if defined?(JRUBY_VERSION)
7
7
  require "java"
8
8
  $CLASSPATH << 'pkg/classes'
9
- $CLASSPATH << 'lib/bcprov-jdk14-139.jar'
9
+ $CLASSPATH << 'lib/bcprov-jdk15-144.jar'
10
10
 
11
11
  module PKCS7Test
12
12
  module ASN1
@@ -15,6 +15,7 @@ if defined?(JRUBY_VERSION)
15
15
 
16
16
  PKCS7 = org.jruby.ext.openssl.impl.PKCS7 unless defined?(PKCS7)
17
17
  Attribute = org.jruby.ext.openssl.impl.Attribute unless defined?(Attribute)
18
+ CipherSpec = org.jruby.ext.openssl.impl.CipherSpec unless defined?(CipherSpec)
18
19
  Digest = org.jruby.ext.openssl.impl.Digest unless defined?(Digest)
19
20
  EncContent = org.jruby.ext.openssl.impl.EncContent unless defined?(EncContent)
20
21
  Encrypt = org.jruby.ext.openssl.impl.Encrypt unless defined?(Encrypt)
@@ -49,9 +50,9 @@ if defined?(JRUBY_VERSION)
49
50
  X509Name = org.bouncycastle.asn1.x509.X509Name
50
51
 
51
52
 
52
- MimeEnvelopedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_mime_enveloped.message'))
53
- MimeSignedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_mime_signed.message'))
54
- MultipartSignedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_multipart_signed.message'))
53
+ MimeEnvelopedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_mime_enveloped.message'))
54
+ MimeSignedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_mime_signed.message'))
55
+ MultipartSignedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_multipart_signed.message'))
55
56
 
56
57
  X509CertString = <<CERT
57
58
  -----BEGIN CERTIFICATE-----
@@ -90,9 +91,8 @@ CRL
90
91
  X509CRL = CertificateFactory.getInstance("X.509",BCP.new).generateCRL(ByteArrayInputStream.new(X509CRLString.to_java_bytes))
91
92
  end
92
93
 
93
- require File.join(File.dirname(__FILE__), 'test_java_attribute')
94
- require File.join(File.dirname(__FILE__), 'test_java_bio')
95
- require File.join(File.dirname(__FILE__), 'test_java_mime')
96
- require File.join(File.dirname(__FILE__), 'test_java_pkcs7')
97
- require File.join(File.dirname(__FILE__), 'test_java_smime')
94
+ files = File.join(File.dirname(__FILE__), 'java', 'test_*.rb')
95
+ Dir.glob(files).sort.each do |tc|
96
+ require tc
97
+ end
98
98
  end
data/test/test_openssl.rb CHANGED
@@ -1,34 +1,4 @@
1
-
2
- if defined?(JRUBY_VERSION)
3
- require "java"
4
- base = File.join(File.dirname(__FILE__), '..')
5
- $CLASSPATH << File.join(base, 'pkg', 'classes')
6
- $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
1
+ files = File.join(File.dirname(__FILE__), 'openssl', 'test_*.rb')
2
+ Dir.glob(files).sort.each do |tc|
3
+ require tc
7
4
  end
8
-
9
- def protect_require(name)
10
- require name
11
- rescue Exception => e
12
- $stderr.puts "Had exception in #{name}: #{e.inspect}"
13
- $stderr.puts(*(e.backtrace))
14
- end
15
-
16
- protect_require 'openssl/test_asn1'
17
- protect_require 'openssl/test_cipher'
18
- protect_require 'openssl/test_digest'
19
- protect_require 'openssl/test_hmac'
20
- protect_require 'openssl/test_ns_spki'
21
- protect_require 'openssl/test_pair'
22
- protect_require 'openssl/test_pkcs7'
23
- protect_require 'openssl/test_pkey_rsa'
24
- protect_require 'openssl/test_ssl'
25
- protect_require 'openssl/test_x509cert'
26
- protect_require 'openssl/test_x509crl'
27
- protect_require 'openssl/test_x509ext'
28
- protect_require 'openssl/test_x509name'
29
- protect_require 'openssl/test_x509req'
30
- protect_require 'openssl/test_x509store'
31
- protect_require 'test_cipher'
32
- protect_require 'test_java'
33
- protect_require 'test_integration'
34
- protect_require 'test_pkey'
@@ -14,7 +14,14 @@ class TestParseCertificate < Test::Unit::TestCase
14
14
 
15
15
  def test_certificate_with_ec_pk_cert_fails_requesting_pk
16
16
  cer = OpenSSL::X509::Certificate.new(File.read(CERT))
17
- assert_raises(OpenSSL::X509::CertificateError) { cer.public_key }
17
+ assert_raise(OpenSSL::X509::CertificateError) { cer.public_key }
18
+ end
19
+
20
+ def test_loading_key_raise_certificate_error
21
+ key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
22
+ assert_raises(OpenSSL::X509::CertificateError) do
23
+ OpenSSL::X509::Certificate.new(File.read(key_file))
24
+ end
18
25
  end
19
26
  end
20
27
 
@@ -0,0 +1,40 @@
1
+ require 'openssl'
2
+ require "test/unit"
3
+
4
+ class TestPkcs7 < Test::Unit::TestCase
5
+
6
+ CERT_PEM = <<END
7
+ -----BEGIN CERTIFICATE-----
8
+ MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQQFADA9MRMwEQYKCZImiZPyLGQB
9
+ GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe
10
+ Fw0wOTA1MjMxNTAzNDNaFw0wOTA1MjMxNjAzNDNaMD0xEzARBgoJkiaJk/IsZAEZ
11
+ FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB
12
+ IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9
13
+ gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen
14
+ fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm
15
+ qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6
16
+ 8JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX
17
+ 9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID
18
+ AQABMA0GCSqGSIb3DQEBBAUAA4IBAQB8UTw1agA9wdXxHMUACduYu6oNL7pdF0dr
19
+ w7a4QPJyj62h4+Umxvp13q0PBw0E+mSjhXMcqUhDLjrmMcvvNGhuh5Sdjbe3GI/M
20
+ 3lCC9OwYYIzzul7omvGC3JEIGfzzdNnPPCPKEWp5X9f0MKLMR79qOf+sjHTjN2BY
21
+ SY3YGsEFxyTXDdqrlaYaOtTAdi/C+g1WxR8fkPLefymVwIFwvyc9/bnp7iBn7Hcw
22
+ mbxtLPbtQ9mURT0GHewZRTGJ1aiTq9Ag3xXME2FPF04eFRd3mclOQZNXKQ+LDxYf
23
+ k0X5FeZvsWf4srFxoVxlcDdJtHh91ZRpDDJYGQlsUm9CPTnO+e4E
24
+ -----END CERTIFICATE-----
25
+ END
26
+
27
+ def test_pkcs7_des3_key_generation_for_encrypt
28
+ # SunJCE requires DES/DES3 keybits = 21/168 for key generation.
29
+ # BC allows 24/192 keybits and treats it as 21/168.
30
+ msg = "Hello World"
31
+ password = "password"
32
+ cert = OpenSSL::X509::Certificate.new(CERT_PEM)
33
+ certs = [cert]
34
+ cipher = OpenSSL::Cipher.new("des-ede3-cbc")
35
+ cipher.encrypt
36
+ cipher.pkcs5_keyivgen(password)
37
+ p7 = OpenSSL::PKCS7.encrypt(certs, msg, cipher, OpenSSL::PKCS7::BINARY)
38
+ assert_equal(msg, p7.data)
39
+ end
40
+ end
data/test/test_pkey.rb CHANGED
@@ -1,10 +1,3 @@
1
- if defined?(JRUBY_VERSION)
2
- require "java"
3
- base = File.dirname(__FILE__)
4
- $CLASSPATH << File.join(base, '..', 'pkg', 'classes')
5
- $CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
6
- end
7
-
8
1
  begin
9
2
  require "openssl"
10
3
  rescue LoadError
@@ -42,5 +35,170 @@ class TestPKey < Test::Unit::TestCase
42
35
  end
43
36
 
44
37
  def test_can_generate_dsa_key
38
+ OpenSSL::PKey::DSA.generate(512)
39
+ end
40
+
41
+ def test_malformed_rsa_handling
42
+ pem = <<__EOP__
43
+ -----BEGIN PUBLIC KEY-----
44
+ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiU1/UMzIQ1On9OlZGoV
45
+ S0yySFYWoXLH12nmP69fg9jwdRbQlb0rxLn7zATbwfqcvGpCcW+8SmdwW74elNrc
46
+ wRtbKjJKfbJCsVfDssbbj6BF+Bcq3ihi8+CGNXFdJOYhZZ+5Adg2Qc9Qp3Ubw9wu
47
+ /3Ai87+1aQxoZPMFwdX2BRiZvxch9dwHVyL8EuFGUOYId/8JQepHyZMbTqp/8wlA
48
+ UAbMcPW+IKp3N0WMgred3CjXKHAqqM0Ira9RLSXdlO2uFV4OrM0ak8rnTN5w1DsI
49
+ McjvVvOck0aIxfHEEmeadt3YMn4PCW33/j8geulZLvt0ci60/OWMSCcIqByITlvY
50
+ DwIDAQAB
51
+ -----END PUBLIC KEY-----
52
+ __EOP__
53
+ pkey = OpenSSL::PKey::RSA.new(pem)
54
+ # jruby-openssl/0.6 raises NativeException
55
+ assert_raise(OpenSSL::PKey::RSAError, 'JRUBY-4492') do
56
+ pkey.public_decrypt("rah")
57
+ end
58
+ end
59
+
60
+ # http://github.com/jruby/jruby-openssl/issues#issue/1
61
+ def test_load_pkey_rsa
62
+ pem = <<__EOP__
63
+ -----BEGIN PRIVATE KEY-----
64
+ MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
65
+ A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
66
+ 7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
67
+ hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
68
+ X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
69
+ uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
70
+ rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
71
+ zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
72
+ qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
73
+ WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
74
+ cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
75
+ 3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
76
+ AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
77
+ Lw03eHTNQghS0A==
78
+ -----END PRIVATE KEY-----
79
+ __EOP__
80
+ assert_nothing_raised do
81
+ pkey = OpenSSL::PKey::RSA.new(pem)
82
+ pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
83
+ assert_equal(pkey.n, pkey2.n)
84
+ assert_equal(pkey.e, pkey2.e)
85
+ assert_equal(pkey.d, pkey2.d)
86
+ end
87
+ end
88
+
89
+ def test_load_pkey_rsa_enc
90
+ # password is '1234'
91
+ pem = <<__EOP__
92
+ -----BEGIN ENCRYPTED PRIVATE KEY-----
93
+ MIICoTAbBgkqhkiG9w0BBQMwDgQIfvehP6JEg2wCAggABIICgD7kzSr+xWgdAuzG
94
+ cYNkCEWyKF6V0cJ58AKSoL4FQ59OQvQP/hMnSZEMiUpeGNRE6efC7O02RUjNarIk
95
+ ciCYIBqd5EFG3OSypK5l777AbCChIkzZHbyE/pIbadr8ZX9C4pkwzPqS0Avzavxi
96
+ 5s1WDX2GggJkBcQUijqG9QuOZcOvoYbojHPT4tdJq+J6s+0LFas9Jp3a6dYkxtgv
97
+ u8Z6EFDZoLGOSVy/jCSMuZAnhoOxUCYqd9FFo2jryV7tQ/CaYAUApAQFTLgBA9qk
98
+ 4WmyKRpwzIx6EG1pkqulvPXJCcTat9YwllEDVuQ2rKVwDepSl9O7X170Kx1sBecz
99
+ mGcfqviU9xwP5mkXO/TLoTZExkHF08Y3d/PTMdxGEDZH37/yRqCIb3Uyqv/jLibM
100
+ /s9fm52aWsfO1ndHEhciovlMJvGXq3+e+9gmq1w2TyNQahRc5fwfhwWKhPKfYDBk
101
+ 7AtjPGfELDX61WZ5m+4Kb70BcGSAEgXCaBydVsMROy0B8jkYgtAnVBb4EMrGOsCG
102
+ jmNeW9MRIhrhDcifdyq1DMNg7IONMF+5mDdQ3FhK6WzlFU+8cTN517qA8L3A3+ZX
103
+ asiS+rx5/50InINknjuvVkmTGMzjl89nMNrZCjhx9sIDfXQ3ZKFmh1mvnXq/fLan
104
+ CgXn/UtLoykrSlobgqIxZslhj3p01kMCgGe62S3kokYrDTQEc57rlKWWR3Xyjy/T
105
+ LsecXAKEROj95IHSMMnT4jl+TJnbvGKQ2U9tOOB3W+OOOlDEFE59pQlcmQPAwdzr
106
+ mzI4kupi3QRTFjOgvX29leII9sPtpr4dKMKVIRxKnvMZhUAkS/n3+Szfa6zKexLa
107
+ 4CHVgDo=
108
+ -----END ENCRYPTED PRIVATE KEY-----
109
+ __EOP__
110
+ assert_nothing_raised do
111
+ pkey = OpenSSL::PKey::RSA.new(pem, '1234')
112
+ pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
113
+ assert_equal(pkey.n, pkey2.n)
114
+ assert_equal(pkey.e, pkey2.e)
115
+ assert_equal(pkey.d, pkey2.d)
116
+ end
117
+ end
118
+
119
+ # jruby-openssl/0.6 causes NPE
120
+ def test_generate_pkey_rsa_empty
121
+ assert_nothing_raised do
122
+ OpenSSL::PKey::RSA.new.to_pem
123
+ end
124
+ end
125
+
126
+ def test_generate_pkey_rsa_length
127
+ assert_nothing_raised do
128
+ OpenSSL::PKey::RSA.new(512).to_pem
129
+ end
130
+ end
131
+
132
+ def test_generate_pkey_rsa_to_text
133
+ assert_match(
134
+ /Private-Key: \(512 bit\)/,
135
+ OpenSSL::PKey::RSA.new(512).to_text
136
+ )
137
+ end
138
+
139
+ def test_load_pkey_rsa
140
+ pkey = OpenSSL::PKey::RSA.new(512)
141
+ assert_equal(pkey.to_pem, OpenSSL::PKey::RSA.new(pkey.to_pem).to_pem)
142
+ end
143
+
144
+ def test_load_pkey_rsa_public
145
+ pkey = OpenSSL::PKey::RSA.new(512).public_key
146
+ assert_equal(pkey.to_pem, OpenSSL::PKey::RSA.new(pkey.to_pem).to_pem)
147
+ end
148
+
149
+ def test_load_pkey_rsa_der
150
+ pkey = OpenSSL::PKey::RSA.new(512)
151
+ assert_equal(pkey.to_der, OpenSSL::PKey::RSA.new(pkey.to_der).to_der)
152
+ end
153
+
154
+ def test_load_pkey_rsa_public_der
155
+ pkey = OpenSSL::PKey::RSA.new(512).public_key
156
+ assert_equal(pkey.to_der, OpenSSL::PKey::RSA.new(pkey.to_der).to_der)
157
+ end
158
+
159
+ # jruby-openssl/0.6 causes NPE
160
+ def test_generate_pkey_dsa_empty
161
+ assert_nothing_raised do
162
+ OpenSSL::PKey::DSA.new.to_pem
163
+ end
164
+ end
165
+
166
+ # jruby-openssl/0.6 ignores fixnum arg => to_pem returned 65 bytes with 'MAA='
167
+ def test_generate_pkey_dsa_length
168
+ assert(OpenSSL::PKey::DSA.new(512).to_pem.size > 100)
169
+ end
170
+
171
+ # jruby-openssl/0.6 returns nil for DSA#to_text
172
+ def test_generate_pkey_dsa_to_text
173
+ assert_match(
174
+ /Private-Key: \(512 bit\)/,
175
+ OpenSSL::PKey::DSA.new(512).to_text
176
+ )
177
+ end
178
+
179
+ def test_load_pkey_dsa
180
+ pkey = OpenSSL::PKey::DSA.new(512)
181
+ assert_equal(pkey.to_pem, OpenSSL::PKey::DSA.new(pkey.to_pem).to_pem)
182
+ end
183
+
184
+ def test_load_pkey_dsa_public
185
+ pkey = OpenSSL::PKey::DSA.new(512).public_key
186
+ assert_equal(pkey.to_pem, OpenSSL::PKey::DSA.new(pkey.to_pem).to_pem)
187
+ end
188
+
189
+ def test_load_pkey_dsa_der
190
+ pkey = OpenSSL::PKey::DSA.new(512)
191
+ assert_equal(pkey.to_der, OpenSSL::PKey::DSA.new(pkey.to_der).to_der)
192
+ end
193
+
194
+ def test_load_pkey_dsa_public_der
195
+ pkey = OpenSSL::PKey::DSA.new(512).public_key
196
+ assert_equal(pkey.to_der, OpenSSL::PKey::DSA.new(pkey.to_der).to_der)
197
+ end
198
+
199
+ def test_load_pkey_dsa_net_ssh
200
+ blob = "0\201\367\002\001\000\002A\000\203\316/\037u\272&J\265\003l3\315d\324h\372{\t8\252#\331_\026\006\035\270\266\255\343\353Z\302\276\335\336\306\220\375\202L\244\244J\206>\346\b\315\211\302L\246x\247u\a\376\366\345\302\016#\002\025\000\244\274\302\221Og\275/\302+\356\346\360\024\373wI\2573\361\002@\027\215\270r*\f\213\350C\245\021:\350 \006\\\376\345\022`\210b\262\3643\023XLKS\320\370\002\276\347A\nU\204\276\324\256`=\026\240\330\306J\316V\213\024\e\030\215\355\006\037q\337\356ln\002@\017\257\034\f\260\333'S\271#\237\230E\321\312\027\021\226\331\251Vj\220\305\316\036\v\266+\000\230\270\177B\003?t\a\305]e\344\261\334\023\253\323\251\223M\2175)a(\004\"lI8\312\303\307\a\002\024_\aznW\345\343\203V\326\246ua\203\376\201o\350\302\002"
201
+ pkey = OpenSSL::PKey::DSA.new(blob)
202
+ assert_equal(blob, pkey.to_der)
45
203
  end
46
204
  end
@@ -1,10 +1,3 @@
1
- if defined?(JRUBY_VERSION)
2
- require "java"
3
- base = File.dirname(__FILE__)
4
- $CLASSPATH << File.join(base, '..', 'pkg', 'classes')
5
- $CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
6
- end
7
-
8
1
  begin
9
2
  require "openssl"
10
3
  rescue LoadError
@@ -86,6 +79,14 @@ class TestX509Store < Test::Unit::TestCase
86
79
  assert_equal(true, @store.verify(cert))
87
80
  end
88
81
 
82
+ # jruby-openssl/0.6 raises "can't store certificate" because of duplicated
83
+ # subject. ruby-openssl just ignores the second certificate.
84
+ def test_add_file_JRUBY_4409
85
+ assert_nothing_raised do
86
+ @store.add_file("test/fixture/ca-bundle.crt")
87
+ end
88
+ end
89
+
89
90
  def test_set_default_paths
90
91
  @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
91
92
  cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))