jruby-openssl 0.6 → 0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +45 -0
- data/Manifest.txt +19 -11
- data/README.txt +1 -12
- data/Rakefile +12 -5
- data/lib/bcmail-jdk15-144.jar +0 -0
- data/lib/bcprov-jdk15-144.jar +0 -0
- data/lib/jopenssl/version.rb +1 -1
- data/lib/jopenssl.jar +0 -0
- data/lib/openssl/bn.rb +5 -3
- data/lib/openssl/buffering.rb +2 -2
- data/lib/openssl/cipher.rb +27 -18
- data/lib/openssl/digest.rb +19 -4
- data/lib/openssl/dummy.rb +11 -11
- data/lib/openssl/dummyssl.rb +2 -1
- data/lib/openssl/pkcs7.rb +25 -0
- data/lib/openssl/ssl.rb +70 -26
- data/lib/openssl/x509.rb +2 -2
- data/lib/openssl.rb +47 -2
- data/test/fixture/ca-bundle.crt +2794 -0
- data/test/fixture/keypair.pem +27 -0
- data/test/fixture/selfcert.pem +23 -0
- data/test/{pkcs7_mime_enveloped.message → java/pkcs7_mime_enveloped.message} +0 -0
- data/test/{pkcs7_mime_signed.message → java/pkcs7_mime_signed.message} +0 -0
- data/test/{pkcs7_multipart_signed.message → java/pkcs7_multipart_signed.message} +0 -0
- data/test/{test_java_attribute.rb → java/test_java_attribute.rb} +2 -2
- data/test/{test_java_bio.rb → java/test_java_bio.rb} +0 -0
- data/test/{test_java_mime.rb → java/test_java_mime.rb} +0 -0
- data/test/{test_java_pkcs7.rb → java/test_java_pkcs7.rb} +35 -32
- data/test/{test_java_smime.rb → java/test_java_smime.rb} +0 -0
- data/test/openssl/test_asn1.rb +1 -3
- data/test/openssl/test_cipher.rb +7 -10
- data/test/openssl/test_ec.rb +113 -0
- data/test/openssl/test_pair.rb +3 -8
- data/test/openssl/test_pkcs7.rb +339 -11
- data/test/openssl/test_ssl.rb +728 -100
- data/test/openssl/test_x509cert.rb +5 -5
- data/test/openssl/test_x509crl.rb +1 -2
- data/test/openssl/test_x509ext.rb +3 -3
- data/test/openssl/test_x509name.rb +1 -0
- data/test/openssl/test_x509req.rb +5 -7
- data/test/openssl/test_x509store.rb +3 -2
- data/test/test_all.rb +1 -0
- data/test/{test_openssl_x509.rb → test_certificate.rb} +33 -3
- data/test/test_cipher.rb +85 -7
- data/test/test_integration.rb +7 -8
- data/test/test_java.rb +9 -9
- data/test/test_openssl.rb +3 -33
- data/test/test_parse_certificate.rb +8 -1
- data/test/test_pkcs7.rb +40 -0
- data/test/test_pkey.rb +165 -7
- data/test/test_x509store.rb +8 -7
- metadata +31 -30
- data/lib/bcmail-jdk14-139.jar +0 -0
- data/lib/bcprov-jdk14-139.jar +0 -0
@@ -49,7 +49,8 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
|
|
49
49
|
].each{|pk, digest|
|
50
50
|
cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts,
|
51
51
|
nil, nil, digest)
|
52
|
-
assert_equal(cert.extensions[1].value,
|
52
|
+
assert_equal(cert.extensions[1].value,
|
53
|
+
OpenSSL::TestUtils.get_subject_key_id(cert))
|
53
54
|
cert = OpenSSL::X509::Certificate.new(cert.to_der)
|
54
55
|
assert_equal(cert.extensions[1].value,
|
55
56
|
OpenSSL::TestUtils.get_subject_key_id(cert))
|
@@ -156,15 +157,15 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
|
|
156
157
|
cert.not_after = Time.now
|
157
158
|
assert_equal(false, cert.verify(@dsa512))
|
158
159
|
|
159
|
-
|
160
|
+
assert_raise(OpenSSL::X509::CertificateError){
|
160
161
|
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
161
162
|
nil, nil, OpenSSL::Digest::DSS1.new)
|
162
163
|
}
|
163
|
-
|
164
|
+
assert_raise(OpenSSL::X509::CertificateError){
|
164
165
|
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
|
165
166
|
nil, nil, OpenSSL::Digest::MD5.new)
|
166
167
|
}
|
167
|
-
|
168
|
+
assert_raise(OpenSSL::X509::CertificateError){
|
168
169
|
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
|
169
170
|
nil, nil, OpenSSL::Digest::SHA1.new)
|
170
171
|
}
|
@@ -230,7 +231,6 @@ END
|
|
230
231
|
# This is commented out because it doesn't take timezone into consideration; FIXME
|
231
232
|
#assert_equal(cert_text, cert.to_text)
|
232
233
|
end
|
233
|
-
|
234
234
|
end
|
235
235
|
|
236
236
|
end
|
@@ -134,7 +134,7 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
|
|
134
134
|
["authorityKeyIdentifier", "keyid:always", false],
|
135
135
|
["issuerAltName", "issuer:copy", false],
|
136
136
|
]
|
137
|
-
|
137
|
+
|
138
138
|
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, cert_exts,
|
139
139
|
nil, nil, OpenSSL::Digest::SHA1.new)
|
140
140
|
crl = issue_crl([], 1, Time.now, Time.now+1600, crl_exts,
|
@@ -228,7 +228,6 @@ END
|
|
228
228
|
assert_equal(1, crl.version)
|
229
229
|
assert_equal(OpenSSL::X509::Name.parse("/CN=ca").to_der, crl.issuer.to_der)
|
230
230
|
end
|
231
|
-
|
232
231
|
end
|
233
232
|
|
234
233
|
end
|
@@ -69,11 +69,11 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
|
|
69
69
|
%r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
|
70
70
|
cdp.value)
|
71
71
|
end
|
72
|
-
|
72
|
+
|
73
73
|
# JRUBY-3888
|
74
74
|
# Problems with subjectKeyIdentifier with non 20-bytes sha1 digested keys
|
75
75
|
def test_certificate_with_rare_extension
|
76
|
-
|
76
|
+
cert_file = File.expand_path('../fixture/max.pem', File.dirname(__FILE__))
|
77
77
|
cer = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
78
78
|
exts = Hash.new
|
79
79
|
cer.extensions.each{|ext| exts[ext.oid] = ext.value}
|
@@ -82,7 +82,7 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
|
|
82
82
|
end
|
83
83
|
|
84
84
|
def test_extension_from_20_byte_sha1_digests
|
85
|
-
cert_file = File.
|
85
|
+
cert_file = File.expand_path('../fixture/common.pem', File.dirname(__FILE__))
|
86
86
|
cer = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
87
87
|
exts = Hash.new
|
88
88
|
cer.extensions.each{|ext| exts[ext.oid] = ext.value}
|
@@ -155,8 +155,8 @@ END
|
|
155
155
|
assert_equal(OpenSSL::X509::Name.parse("/CN=192.168.0.4").to_der, req.subject.to_der)
|
156
156
|
end
|
157
157
|
|
158
|
-
|
159
|
-
|
158
|
+
def test_create_to_pem
|
159
|
+
req_s = <<END
|
160
160
|
-----BEGIN CERTIFICATE REQUEST-----
|
161
161
|
MIIBVTCBvwIBADAWMRQwEgYDVQQDDAsxOTIuMTY4LjAuNDCBnzANBgkqhkiG9w0B
|
162
162
|
AQEFAAOBjQAwgYkCgYEA0oTTzFLydOTVtBpNdYl4S0356AysVkHlqD/tNEMxQT0l
|
@@ -168,11 +168,9 @@ DVD201pI3p6LIxaRyXE20RYTp0Jj6jv+tNFd0wjVlzgStmcplNo8hu6Dtp1gKETW
|
|
168
168
|
qL7M4i48FXHn
|
169
169
|
-----END CERTIFICATE REQUEST-----
|
170
170
|
END
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
end
|
175
|
-
|
171
|
+
req = OpenSSL::X509::Request.new(req_s)
|
172
|
+
assert_equal(req_s.gsub(/[\r\n]/, ''), req.to_pem.gsub(/[\r\n]/, ''))
|
173
|
+
end
|
176
174
|
end
|
177
175
|
|
178
176
|
end
|
@@ -99,6 +99,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
|
|
99
99
|
store.purpose = OpenSSL::X509::PURPOSE_CRL_SIGN
|
100
100
|
assert_equal(true, store.verify(ca2_cert))
|
101
101
|
assert_equal(OpenSSL::X509::V_OK, store.error)
|
102
|
+
|
102
103
|
store.add_cert(ca2_cert)
|
103
104
|
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
104
105
|
assert_equal(true, store.verify(ee1_cert))
|
@@ -198,7 +199,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
|
|
198
199
|
nil, nil, OpenSSL::Digest::SHA1.new)
|
199
200
|
store = OpenSSL::X509::Store.new
|
200
201
|
store.add_cert(ca1_cert)
|
201
|
-
|
202
|
+
assert_raise(OpenSSL::X509::StoreError){
|
202
203
|
store.add_cert(ca1_cert) # add same certificate twice
|
203
204
|
}
|
204
205
|
|
@@ -209,7 +210,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
|
|
209
210
|
crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
|
210
211
|
ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
211
212
|
store.add_crl(crl1)
|
212
|
-
|
213
|
+
assert_raise(OpenSSL::X509::StoreError){
|
213
214
|
store.add_crl(crl2) # add CRL issued by same CA twice.
|
214
215
|
}
|
215
216
|
end
|
data/test/test_all.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
Dir.glob("test/test_*.rb").sort.reject{|t| t =~ /test_all/}.each {|t| require t }
|
@@ -1,8 +1,38 @@
|
|
1
1
|
require 'openssl'
|
2
|
-
require
|
2
|
+
require "test/unit"
|
3
3
|
|
4
|
-
|
5
|
-
|
4
|
+
class TestCertificate < Test::Unit::TestCase
|
5
|
+
def setup
|
6
|
+
cert_file = File.expand_path('fixture/selfcert.pem', File.dirname(__FILE__))
|
7
|
+
key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
|
8
|
+
@cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
9
|
+
@key = OpenSSL::PKey::RSA.new(File.read(key_file))
|
10
|
+
end
|
11
|
+
|
12
|
+
def test_sign_for_pem_initialized_certificate
|
13
|
+
pem = @cert.to_pem
|
14
|
+
exts = @cert.extensions
|
15
|
+
assert_nothing_raised do
|
16
|
+
@cert.sign(@key, OpenSSL::Digest::SHA1.new)
|
17
|
+
end
|
18
|
+
# TODO: for now, jruby-openssl cannot keep order of extensions after sign.
|
19
|
+
# assert_equal(pem, @cert.to_pem)
|
20
|
+
assert_equal(exts.size, @cert.extensions.size)
|
21
|
+
exts.each do |ext|
|
22
|
+
found = @cert.extensions.find { |e| e.oid == ext.oid }
|
23
|
+
assert_not_nil(found)
|
24
|
+
assert_equal(ext.value, found.value)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_set_public_key
|
29
|
+
pkey = @cert.public_key
|
30
|
+
newkey = OpenSSL::PKey::RSA.new(1024)
|
31
|
+
@cert.public_key = newkey
|
32
|
+
assert_equal(newkey.public_key.to_pem, @cert.public_key.to_pem)
|
33
|
+
end
|
34
|
+
|
35
|
+
# JRUBY-3468
|
6
36
|
def test_jruby3468
|
7
37
|
pem_cert = <<END
|
8
38
|
-----BEGIN CERTIFICATE-----
|
data/test/test_cipher.rb
CHANGED
@@ -1,10 +1,3 @@
|
|
1
|
-
if defined?(JRUBY_VERSION)
|
2
|
-
require "java"
|
3
|
-
base = File.dirname(__FILE__)
|
4
|
-
$CLASSPATH << File.join(base, '..', 'pkg', 'classes')
|
5
|
-
$CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
|
6
|
-
end
|
7
|
-
|
8
1
|
begin
|
9
2
|
require "openssl"
|
10
3
|
rescue LoadError
|
@@ -59,6 +52,91 @@ class TestCipher < Test::Unit::TestCase
|
|
59
52
|
)
|
60
53
|
end
|
61
54
|
|
55
|
+
def test_rc4
|
56
|
+
do_repeated_test(
|
57
|
+
"RC4",
|
58
|
+
"foobarbazboofarf",
|
59
|
+
"/i|\257\336U\354\331\212\304E\021\246\351\235\303",
|
60
|
+
"\020\367\370\316\212\262\266e\242\333\263\305z\340\204\200"
|
61
|
+
)
|
62
|
+
end
|
63
|
+
|
64
|
+
def test_cast
|
65
|
+
do_repeated_test(
|
66
|
+
"cast-cbc",
|
67
|
+
"foobarbazboofarf",
|
68
|
+
"`m^\225\277\307\247m`{\f\020fl\ry",
|
69
|
+
"(\354\265\251,D\016\037\251\250V\207\367\214\276B"
|
70
|
+
)
|
71
|
+
end
|
72
|
+
|
73
|
+
# JRUBY-4326 (1)
|
74
|
+
def test_cipher_unsupported_algorithm
|
75
|
+
assert_raise(OpenSSL::Cipher::CipherError) do
|
76
|
+
cipher = OpenSSL::Cipher::Cipher.new('aes-xxxxxxx')
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
# JRUBY-4326 (2)
|
81
|
+
def test_cipher_unsupported_keylen
|
82
|
+
bits_128 = java.lang.String.new("0123456789ABCDEF").getBytes()
|
83
|
+
bits_256 = java.lang.String.new("0123456789ABCDEF0123456789ABCDEF").getBytes()
|
84
|
+
|
85
|
+
# AES128 is allowed
|
86
|
+
cipher = OpenSSL::Cipher::Cipher.new('aes-128-cbc')
|
87
|
+
cipher = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
|
88
|
+
cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding")
|
89
|
+
key_spec = javax.crypto.spec.SecretKeySpec.new(bits_128, "AES")
|
90
|
+
iv_spec = javax.crypto.spec.IvParameterSpec.new(bits_128)
|
91
|
+
assert_nothing_raised do
|
92
|
+
cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, key_spec, iv_spec)
|
93
|
+
end
|
94
|
+
|
95
|
+
# check if AES256 is allowed or not in env policy
|
96
|
+
cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding")
|
97
|
+
key_spec = javax.crypto.spec.SecretKeySpec.new(bits_256, "AES")
|
98
|
+
allowed = false
|
99
|
+
begin
|
100
|
+
cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, key_spec, iv_spec)
|
101
|
+
allowed = true
|
102
|
+
rescue
|
103
|
+
end
|
104
|
+
|
105
|
+
# jruby-openssl should raise as well?
|
106
|
+
# CRuby's openssl raises exception at initialization time.
|
107
|
+
# At this time, jruby-openssl raises later. TODO
|
108
|
+
cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
|
109
|
+
cipher.encrypt
|
110
|
+
cipher.padding = 0
|
111
|
+
if allowed
|
112
|
+
assert_nothing_raised(OpenSSL::Cipher::CipherError) do
|
113
|
+
cipher.pkcs5_keyivgen("password")
|
114
|
+
end
|
115
|
+
else
|
116
|
+
assert_raise(OpenSSL::Cipher::CipherError) do
|
117
|
+
cipher.pkcs5_keyivgen("password")
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
def test_iv_length_auto_trim_JRUBY_4012
|
123
|
+
e1 = e2 = nil
|
124
|
+
plain = 'data'
|
125
|
+
des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
|
126
|
+
des.encrypt
|
127
|
+
des.key = '0123456789abcdef01234567890'
|
128
|
+
des.iv = "0" * (128/8) # too long for DES which is a 64 bit block
|
129
|
+
assert_nothing_raised do
|
130
|
+
e1 = des.update(plain) + des.final
|
131
|
+
end
|
132
|
+
des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
|
133
|
+
des.encrypt
|
134
|
+
des.key = '0123456789abcdef01234567890'
|
135
|
+
des.iv = "0" * (64/8) # DES is a 64 bit block
|
136
|
+
e2 = des.update(plain) + des.final
|
137
|
+
assert_equal(e2, e1, "JRUBY-4012")
|
138
|
+
end
|
139
|
+
|
62
140
|
private
|
63
141
|
def do_repeated_test(algo, string, enc1, enc2)
|
64
142
|
do_repeated_encrypt_test(algo, string, enc1, enc2)
|
data/test/test_integration.rb
CHANGED
@@ -1,10 +1,3 @@
|
|
1
|
-
if defined?(JRUBY_VERSION)
|
2
|
-
require "java"
|
3
|
-
base = File.join(File.dirname(__FILE__), '..')
|
4
|
-
$CLASSPATH << File.join(base, 'pkg', 'classes')
|
5
|
-
$CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
|
6
|
-
end
|
7
|
-
|
8
1
|
begin
|
9
2
|
require "openssl"
|
10
3
|
rescue LoadError
|
@@ -52,14 +45,20 @@ class TestIntegration < Test::Unit::TestCase
|
|
52
45
|
assert s.get(uri.request_uri).length > 0
|
53
46
|
end
|
54
47
|
# wrong trust anchor for www.amazon.com
|
48
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
49
|
+
http.use_ssl = true
|
50
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
55
51
|
http.ca_file = 'test/fixture/verisign_c3.pem'
|
56
|
-
|
52
|
+
assert_raise(OpenSSL::SSL::SSLError) do
|
57
53
|
# it must cause SSLError for verification failure.
|
58
54
|
response = http.start do |s|
|
59
55
|
s.get(uri.request_uri)
|
60
56
|
end
|
61
57
|
end
|
62
58
|
# round trip
|
59
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
60
|
+
http.use_ssl = true
|
61
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
63
62
|
http.ca_file = 'test/fixture/verisign.pem'
|
64
63
|
response = http.start do |s|
|
65
64
|
assert s.get(uri.request_uri).length > 0
|
data/test/test_java.rb
CHANGED
@@ -6,7 +6,7 @@ require 'mocha'
|
|
6
6
|
if defined?(JRUBY_VERSION)
|
7
7
|
require "java"
|
8
8
|
$CLASSPATH << 'pkg/classes'
|
9
|
-
$CLASSPATH << 'lib/bcprov-
|
9
|
+
$CLASSPATH << 'lib/bcprov-jdk15-144.jar'
|
10
10
|
|
11
11
|
module PKCS7Test
|
12
12
|
module ASN1
|
@@ -15,6 +15,7 @@ if defined?(JRUBY_VERSION)
|
|
15
15
|
|
16
16
|
PKCS7 = org.jruby.ext.openssl.impl.PKCS7 unless defined?(PKCS7)
|
17
17
|
Attribute = org.jruby.ext.openssl.impl.Attribute unless defined?(Attribute)
|
18
|
+
CipherSpec = org.jruby.ext.openssl.impl.CipherSpec unless defined?(CipherSpec)
|
18
19
|
Digest = org.jruby.ext.openssl.impl.Digest unless defined?(Digest)
|
19
20
|
EncContent = org.jruby.ext.openssl.impl.EncContent unless defined?(EncContent)
|
20
21
|
Encrypt = org.jruby.ext.openssl.impl.Encrypt unless defined?(Encrypt)
|
@@ -49,9 +50,9 @@ if defined?(JRUBY_VERSION)
|
|
49
50
|
X509Name = org.bouncycastle.asn1.x509.X509Name
|
50
51
|
|
51
52
|
|
52
|
-
MimeEnvelopedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_mime_enveloped.message'))
|
53
|
-
MimeSignedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_mime_signed.message'))
|
54
|
-
MultipartSignedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_multipart_signed.message'))
|
53
|
+
MimeEnvelopedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_mime_enveloped.message'))
|
54
|
+
MimeSignedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_mime_signed.message'))
|
55
|
+
MultipartSignedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_multipart_signed.message'))
|
55
56
|
|
56
57
|
X509CertString = <<CERT
|
57
58
|
-----BEGIN CERTIFICATE-----
|
@@ -90,9 +91,8 @@ CRL
|
|
90
91
|
X509CRL = CertificateFactory.getInstance("X.509",BCP.new).generateCRL(ByteArrayInputStream.new(X509CRLString.to_java_bytes))
|
91
92
|
end
|
92
93
|
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
require File.join(File.dirname(__FILE__), 'test_java_smime')
|
94
|
+
files = File.join(File.dirname(__FILE__), 'java', 'test_*.rb')
|
95
|
+
Dir.glob(files).sort.each do |tc|
|
96
|
+
require tc
|
97
|
+
end
|
98
98
|
end
|
data/test/test_openssl.rb
CHANGED
@@ -1,34 +1,4 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
base = File.join(File.dirname(__FILE__), '..')
|
5
|
-
$CLASSPATH << File.join(base, 'pkg', 'classes')
|
6
|
-
$CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
|
1
|
+
files = File.join(File.dirname(__FILE__), 'openssl', 'test_*.rb')
|
2
|
+
Dir.glob(files).sort.each do |tc|
|
3
|
+
require tc
|
7
4
|
end
|
8
|
-
|
9
|
-
def protect_require(name)
|
10
|
-
require name
|
11
|
-
rescue Exception => e
|
12
|
-
$stderr.puts "Had exception in #{name}: #{e.inspect}"
|
13
|
-
$stderr.puts(*(e.backtrace))
|
14
|
-
end
|
15
|
-
|
16
|
-
protect_require 'openssl/test_asn1'
|
17
|
-
protect_require 'openssl/test_cipher'
|
18
|
-
protect_require 'openssl/test_digest'
|
19
|
-
protect_require 'openssl/test_hmac'
|
20
|
-
protect_require 'openssl/test_ns_spki'
|
21
|
-
protect_require 'openssl/test_pair'
|
22
|
-
protect_require 'openssl/test_pkcs7'
|
23
|
-
protect_require 'openssl/test_pkey_rsa'
|
24
|
-
protect_require 'openssl/test_ssl'
|
25
|
-
protect_require 'openssl/test_x509cert'
|
26
|
-
protect_require 'openssl/test_x509crl'
|
27
|
-
protect_require 'openssl/test_x509ext'
|
28
|
-
protect_require 'openssl/test_x509name'
|
29
|
-
protect_require 'openssl/test_x509req'
|
30
|
-
protect_require 'openssl/test_x509store'
|
31
|
-
protect_require 'test_cipher'
|
32
|
-
protect_require 'test_java'
|
33
|
-
protect_require 'test_integration'
|
34
|
-
protect_require 'test_pkey'
|
@@ -14,7 +14,14 @@ class TestParseCertificate < Test::Unit::TestCase
|
|
14
14
|
|
15
15
|
def test_certificate_with_ec_pk_cert_fails_requesting_pk
|
16
16
|
cer = OpenSSL::X509::Certificate.new(File.read(CERT))
|
17
|
-
|
17
|
+
assert_raise(OpenSSL::X509::CertificateError) { cer.public_key }
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_loading_key_raise_certificate_error
|
21
|
+
key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
|
22
|
+
assert_raises(OpenSSL::X509::CertificateError) do
|
23
|
+
OpenSSL::X509::Certificate.new(File.read(key_file))
|
24
|
+
end
|
18
25
|
end
|
19
26
|
end
|
20
27
|
|
data/test/test_pkcs7.rb
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require "test/unit"
|
3
|
+
|
4
|
+
class TestPkcs7 < Test::Unit::TestCase
|
5
|
+
|
6
|
+
CERT_PEM = <<END
|
7
|
+
-----BEGIN CERTIFICATE-----
|
8
|
+
MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQQFADA9MRMwEQYKCZImiZPyLGQB
|
9
|
+
GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe
|
10
|
+
Fw0wOTA1MjMxNTAzNDNaFw0wOTA1MjMxNjAzNDNaMD0xEzARBgoJkiaJk/IsZAEZ
|
11
|
+
FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB
|
12
|
+
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9
|
13
|
+
gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen
|
14
|
+
fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm
|
15
|
+
qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6
|
16
|
+
8JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX
|
17
|
+
9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID
|
18
|
+
AQABMA0GCSqGSIb3DQEBBAUAA4IBAQB8UTw1agA9wdXxHMUACduYu6oNL7pdF0dr
|
19
|
+
w7a4QPJyj62h4+Umxvp13q0PBw0E+mSjhXMcqUhDLjrmMcvvNGhuh5Sdjbe3GI/M
|
20
|
+
3lCC9OwYYIzzul7omvGC3JEIGfzzdNnPPCPKEWp5X9f0MKLMR79qOf+sjHTjN2BY
|
21
|
+
SY3YGsEFxyTXDdqrlaYaOtTAdi/C+g1WxR8fkPLefymVwIFwvyc9/bnp7iBn7Hcw
|
22
|
+
mbxtLPbtQ9mURT0GHewZRTGJ1aiTq9Ag3xXME2FPF04eFRd3mclOQZNXKQ+LDxYf
|
23
|
+
k0X5FeZvsWf4srFxoVxlcDdJtHh91ZRpDDJYGQlsUm9CPTnO+e4E
|
24
|
+
-----END CERTIFICATE-----
|
25
|
+
END
|
26
|
+
|
27
|
+
def test_pkcs7_des3_key_generation_for_encrypt
|
28
|
+
# SunJCE requires DES/DES3 keybits = 21/168 for key generation.
|
29
|
+
# BC allows 24/192 keybits and treats it as 21/168.
|
30
|
+
msg = "Hello World"
|
31
|
+
password = "password"
|
32
|
+
cert = OpenSSL::X509::Certificate.new(CERT_PEM)
|
33
|
+
certs = [cert]
|
34
|
+
cipher = OpenSSL::Cipher.new("des-ede3-cbc")
|
35
|
+
cipher.encrypt
|
36
|
+
cipher.pkcs5_keyivgen(password)
|
37
|
+
p7 = OpenSSL::PKCS7.encrypt(certs, msg, cipher, OpenSSL::PKCS7::BINARY)
|
38
|
+
assert_equal(msg, p7.data)
|
39
|
+
end
|
40
|
+
end
|
data/test/test_pkey.rb
CHANGED
@@ -1,10 +1,3 @@
|
|
1
|
-
if defined?(JRUBY_VERSION)
|
2
|
-
require "java"
|
3
|
-
base = File.dirname(__FILE__)
|
4
|
-
$CLASSPATH << File.join(base, '..', 'pkg', 'classes')
|
5
|
-
$CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
|
6
|
-
end
|
7
|
-
|
8
1
|
begin
|
9
2
|
require "openssl"
|
10
3
|
rescue LoadError
|
@@ -42,5 +35,170 @@ class TestPKey < Test::Unit::TestCase
|
|
42
35
|
end
|
43
36
|
|
44
37
|
def test_can_generate_dsa_key
|
38
|
+
OpenSSL::PKey::DSA.generate(512)
|
39
|
+
end
|
40
|
+
|
41
|
+
def test_malformed_rsa_handling
|
42
|
+
pem = <<__EOP__
|
43
|
+
-----BEGIN PUBLIC KEY-----
|
44
|
+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiU1/UMzIQ1On9OlZGoV
|
45
|
+
S0yySFYWoXLH12nmP69fg9jwdRbQlb0rxLn7zATbwfqcvGpCcW+8SmdwW74elNrc
|
46
|
+
wRtbKjJKfbJCsVfDssbbj6BF+Bcq3ihi8+CGNXFdJOYhZZ+5Adg2Qc9Qp3Ubw9wu
|
47
|
+
/3Ai87+1aQxoZPMFwdX2BRiZvxch9dwHVyL8EuFGUOYId/8JQepHyZMbTqp/8wlA
|
48
|
+
UAbMcPW+IKp3N0WMgred3CjXKHAqqM0Ira9RLSXdlO2uFV4OrM0ak8rnTN5w1DsI
|
49
|
+
McjvVvOck0aIxfHEEmeadt3YMn4PCW33/j8geulZLvt0ci60/OWMSCcIqByITlvY
|
50
|
+
DwIDAQAB
|
51
|
+
-----END PUBLIC KEY-----
|
52
|
+
__EOP__
|
53
|
+
pkey = OpenSSL::PKey::RSA.new(pem)
|
54
|
+
# jruby-openssl/0.6 raises NativeException
|
55
|
+
assert_raise(OpenSSL::PKey::RSAError, 'JRUBY-4492') do
|
56
|
+
pkey.public_decrypt("rah")
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
# http://github.com/jruby/jruby-openssl/issues#issue/1
|
61
|
+
def test_load_pkey_rsa
|
62
|
+
pem = <<__EOP__
|
63
|
+
-----BEGIN PRIVATE KEY-----
|
64
|
+
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
|
65
|
+
A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
|
66
|
+
7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
|
67
|
+
hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
|
68
|
+
X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
|
69
|
+
uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
|
70
|
+
rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
|
71
|
+
zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
|
72
|
+
qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
|
73
|
+
WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
|
74
|
+
cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
|
75
|
+
3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
|
76
|
+
AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
|
77
|
+
Lw03eHTNQghS0A==
|
78
|
+
-----END PRIVATE KEY-----
|
79
|
+
__EOP__
|
80
|
+
assert_nothing_raised do
|
81
|
+
pkey = OpenSSL::PKey::RSA.new(pem)
|
82
|
+
pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
|
83
|
+
assert_equal(pkey.n, pkey2.n)
|
84
|
+
assert_equal(pkey.e, pkey2.e)
|
85
|
+
assert_equal(pkey.d, pkey2.d)
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
def test_load_pkey_rsa_enc
|
90
|
+
# password is '1234'
|
91
|
+
pem = <<__EOP__
|
92
|
+
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
93
|
+
MIICoTAbBgkqhkiG9w0BBQMwDgQIfvehP6JEg2wCAggABIICgD7kzSr+xWgdAuzG
|
94
|
+
cYNkCEWyKF6V0cJ58AKSoL4FQ59OQvQP/hMnSZEMiUpeGNRE6efC7O02RUjNarIk
|
95
|
+
ciCYIBqd5EFG3OSypK5l777AbCChIkzZHbyE/pIbadr8ZX9C4pkwzPqS0Avzavxi
|
96
|
+
5s1WDX2GggJkBcQUijqG9QuOZcOvoYbojHPT4tdJq+J6s+0LFas9Jp3a6dYkxtgv
|
97
|
+
u8Z6EFDZoLGOSVy/jCSMuZAnhoOxUCYqd9FFo2jryV7tQ/CaYAUApAQFTLgBA9qk
|
98
|
+
4WmyKRpwzIx6EG1pkqulvPXJCcTat9YwllEDVuQ2rKVwDepSl9O7X170Kx1sBecz
|
99
|
+
mGcfqviU9xwP5mkXO/TLoTZExkHF08Y3d/PTMdxGEDZH37/yRqCIb3Uyqv/jLibM
|
100
|
+
/s9fm52aWsfO1ndHEhciovlMJvGXq3+e+9gmq1w2TyNQahRc5fwfhwWKhPKfYDBk
|
101
|
+
7AtjPGfELDX61WZ5m+4Kb70BcGSAEgXCaBydVsMROy0B8jkYgtAnVBb4EMrGOsCG
|
102
|
+
jmNeW9MRIhrhDcifdyq1DMNg7IONMF+5mDdQ3FhK6WzlFU+8cTN517qA8L3A3+ZX
|
103
|
+
asiS+rx5/50InINknjuvVkmTGMzjl89nMNrZCjhx9sIDfXQ3ZKFmh1mvnXq/fLan
|
104
|
+
CgXn/UtLoykrSlobgqIxZslhj3p01kMCgGe62S3kokYrDTQEc57rlKWWR3Xyjy/T
|
105
|
+
LsecXAKEROj95IHSMMnT4jl+TJnbvGKQ2U9tOOB3W+OOOlDEFE59pQlcmQPAwdzr
|
106
|
+
mzI4kupi3QRTFjOgvX29leII9sPtpr4dKMKVIRxKnvMZhUAkS/n3+Szfa6zKexLa
|
107
|
+
4CHVgDo=
|
108
|
+
-----END ENCRYPTED PRIVATE KEY-----
|
109
|
+
__EOP__
|
110
|
+
assert_nothing_raised do
|
111
|
+
pkey = OpenSSL::PKey::RSA.new(pem, '1234')
|
112
|
+
pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
|
113
|
+
assert_equal(pkey.n, pkey2.n)
|
114
|
+
assert_equal(pkey.e, pkey2.e)
|
115
|
+
assert_equal(pkey.d, pkey2.d)
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
# jruby-openssl/0.6 causes NPE
|
120
|
+
def test_generate_pkey_rsa_empty
|
121
|
+
assert_nothing_raised do
|
122
|
+
OpenSSL::PKey::RSA.new.to_pem
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
def test_generate_pkey_rsa_length
|
127
|
+
assert_nothing_raised do
|
128
|
+
OpenSSL::PKey::RSA.new(512).to_pem
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
def test_generate_pkey_rsa_to_text
|
133
|
+
assert_match(
|
134
|
+
/Private-Key: \(512 bit\)/,
|
135
|
+
OpenSSL::PKey::RSA.new(512).to_text
|
136
|
+
)
|
137
|
+
end
|
138
|
+
|
139
|
+
def test_load_pkey_rsa
|
140
|
+
pkey = OpenSSL::PKey::RSA.new(512)
|
141
|
+
assert_equal(pkey.to_pem, OpenSSL::PKey::RSA.new(pkey.to_pem).to_pem)
|
142
|
+
end
|
143
|
+
|
144
|
+
def test_load_pkey_rsa_public
|
145
|
+
pkey = OpenSSL::PKey::RSA.new(512).public_key
|
146
|
+
assert_equal(pkey.to_pem, OpenSSL::PKey::RSA.new(pkey.to_pem).to_pem)
|
147
|
+
end
|
148
|
+
|
149
|
+
def test_load_pkey_rsa_der
|
150
|
+
pkey = OpenSSL::PKey::RSA.new(512)
|
151
|
+
assert_equal(pkey.to_der, OpenSSL::PKey::RSA.new(pkey.to_der).to_der)
|
152
|
+
end
|
153
|
+
|
154
|
+
def test_load_pkey_rsa_public_der
|
155
|
+
pkey = OpenSSL::PKey::RSA.new(512).public_key
|
156
|
+
assert_equal(pkey.to_der, OpenSSL::PKey::RSA.new(pkey.to_der).to_der)
|
157
|
+
end
|
158
|
+
|
159
|
+
# jruby-openssl/0.6 causes NPE
|
160
|
+
def test_generate_pkey_dsa_empty
|
161
|
+
assert_nothing_raised do
|
162
|
+
OpenSSL::PKey::DSA.new.to_pem
|
163
|
+
end
|
164
|
+
end
|
165
|
+
|
166
|
+
# jruby-openssl/0.6 ignores fixnum arg => to_pem returned 65 bytes with 'MAA='
|
167
|
+
def test_generate_pkey_dsa_length
|
168
|
+
assert(OpenSSL::PKey::DSA.new(512).to_pem.size > 100)
|
169
|
+
end
|
170
|
+
|
171
|
+
# jruby-openssl/0.6 returns nil for DSA#to_text
|
172
|
+
def test_generate_pkey_dsa_to_text
|
173
|
+
assert_match(
|
174
|
+
/Private-Key: \(512 bit\)/,
|
175
|
+
OpenSSL::PKey::DSA.new(512).to_text
|
176
|
+
)
|
177
|
+
end
|
178
|
+
|
179
|
+
def test_load_pkey_dsa
|
180
|
+
pkey = OpenSSL::PKey::DSA.new(512)
|
181
|
+
assert_equal(pkey.to_pem, OpenSSL::PKey::DSA.new(pkey.to_pem).to_pem)
|
182
|
+
end
|
183
|
+
|
184
|
+
def test_load_pkey_dsa_public
|
185
|
+
pkey = OpenSSL::PKey::DSA.new(512).public_key
|
186
|
+
assert_equal(pkey.to_pem, OpenSSL::PKey::DSA.new(pkey.to_pem).to_pem)
|
187
|
+
end
|
188
|
+
|
189
|
+
def test_load_pkey_dsa_der
|
190
|
+
pkey = OpenSSL::PKey::DSA.new(512)
|
191
|
+
assert_equal(pkey.to_der, OpenSSL::PKey::DSA.new(pkey.to_der).to_der)
|
192
|
+
end
|
193
|
+
|
194
|
+
def test_load_pkey_dsa_public_der
|
195
|
+
pkey = OpenSSL::PKey::DSA.new(512).public_key
|
196
|
+
assert_equal(pkey.to_der, OpenSSL::PKey::DSA.new(pkey.to_der).to_der)
|
197
|
+
end
|
198
|
+
|
199
|
+
def test_load_pkey_dsa_net_ssh
|
200
|
+
blob = "0\201\367\002\001\000\002A\000\203\316/\037u\272&J\265\003l3\315d\324h\372{\t8\252#\331_\026\006\035\270\266\255\343\353Z\302\276\335\336\306\220\375\202L\244\244J\206>\346\b\315\211\302L\246x\247u\a\376\366\345\302\016#\002\025\000\244\274\302\221Og\275/\302+\356\346\360\024\373wI\2573\361\002@\027\215\270r*\f\213\350C\245\021:\350 \006\\\376\345\022`\210b\262\3643\023XLKS\320\370\002\276\347A\nU\204\276\324\256`=\026\240\330\306J\316V\213\024\e\030\215\355\006\037q\337\356ln\002@\017\257\034\f\260\333'S\271#\237\230E\321\312\027\021\226\331\251Vj\220\305\316\036\v\266+\000\230\270\177B\003?t\a\305]e\344\261\334\023\253\323\251\223M\2175)a(\004\"lI8\312\303\307\a\002\024_\aznW\345\343\203V\326\246ua\203\376\201o\350\302\002"
|
201
|
+
pkey = OpenSSL::PKey::DSA.new(blob)
|
202
|
+
assert_equal(blob, pkey.to_der)
|
45
203
|
end
|
46
204
|
end
|
data/test/test_x509store.rb
CHANGED
@@ -1,10 +1,3 @@
|
|
1
|
-
if defined?(JRUBY_VERSION)
|
2
|
-
require "java"
|
3
|
-
base = File.dirname(__FILE__)
|
4
|
-
$CLASSPATH << File.join(base, '..', 'pkg', 'classes')
|
5
|
-
$CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
|
6
|
-
end
|
7
|
-
|
8
1
|
begin
|
9
2
|
require "openssl"
|
10
3
|
rescue LoadError
|
@@ -86,6 +79,14 @@ class TestX509Store < Test::Unit::TestCase
|
|
86
79
|
assert_equal(true, @store.verify(cert))
|
87
80
|
end
|
88
81
|
|
82
|
+
# jruby-openssl/0.6 raises "can't store certificate" because of duplicated
|
83
|
+
# subject. ruby-openssl just ignores the second certificate.
|
84
|
+
def test_add_file_JRUBY_4409
|
85
|
+
assert_nothing_raised do
|
86
|
+
@store.add_file("test/fixture/ca-bundle.crt")
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
89
90
|
def test_set_default_paths
|
90
91
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
91
92
|
cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))
|