jruby-openssl 0.6 → 0.7

data/test/openssl/test_x509cert.rb

@@ -49,7 +49,8 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     ].each{|pk, digest|
       cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts,
                         nil, nil, digest)
-      assert_equal(cert.extensions[1].value,OpenSSL::TestUtils.get_subject_key_id(cert))
+      assert_equal(cert.extensions[1].value,
+                   OpenSSL::TestUtils.get_subject_key_id(cert))
       cert = OpenSSL::X509::Certificate.new(cert.to_der)
       assert_equal(cert.extensions[1].value,
                    OpenSSL::TestUtils.get_subject_key_id(cert))
@@ -156,15 +157,15 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     cert.not_after = Time.now 
     assert_equal(false, cert.verify(@dsa512))
 
-    assert_raises(OpenSSL::X509::CertificateError){
+    assert_raise(OpenSSL::X509::CertificateError){
       cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
                         nil, nil, OpenSSL::Digest::DSS1.new) 
     }
-    assert_raises(OpenSSL::X509::CertificateError){
+    assert_raise(OpenSSL::X509::CertificateError){
       cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
                         nil, nil, OpenSSL::Digest::MD5.new) 
     }
-    assert_raises(OpenSSL::X509::CertificateError){
+    assert_raise(OpenSSL::X509::CertificateError){
       cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
                         nil, nil, OpenSSL::Digest::SHA1.new) 
     }
@@ -230,7 +231,6 @@ END
     # This is commented out because it doesn't take timezone into consideration; FIXME
     #assert_equal(cert_text, cert.to_text)
   end
-
 end
 
 end

data/test/openssl/test_x509crl.rb

@@ -134,7 +134,7 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
       ["authorityKeyIdentifier", "keyid:always", false], 
       ["issuerAltName", "issuer:copy", false],
     ]
-    
+
     cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, cert_exts,
                       nil, nil, OpenSSL::Digest::SHA1.new)
     crl = issue_crl([], 1, Time.now, Time.now+1600, crl_exts,
@@ -228,7 +228,6 @@ END
     assert_equal(1, crl.version)
     assert_equal(OpenSSL::X509::Name.parse("/CN=ca").to_der, crl.issuer.to_der)
   end
-
 end
 
 end

data/test/openssl/test_x509ext.rb

@@ -69,11 +69,11 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
       %r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
       cdp.value)
   end
-  
+
   # JRUBY-3888
   # Problems with subjectKeyIdentifier with non 20-bytes sha1 digested keys
   def test_certificate_with_rare_extension
-	cert_file = File.join(File.dirname(__FILE__), "..", "fixture", "max.pem")
+    cert_file = File.expand_path('../fixture/max.pem', File.dirname(__FILE__))
     cer = OpenSSL::X509::Certificate.new(File.read(cert_file))
     exts = Hash.new
     cer.extensions.each{|ext| exts[ext.oid] = ext.value}
@@ -82,7 +82,7 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
   end
 
   def test_extension_from_20_byte_sha1_digests
-    cert_file = File.join(File.dirname(__FILE__), "..", "fixture", "common.pem")
+    cert_file = File.expand_path('../fixture/common.pem', File.dirname(__FILE__))
     cer = OpenSSL::X509::Certificate.new(File.read(cert_file))
     exts = Hash.new
     cer.extensions.each{|ext| exts[ext.oid] = ext.value}

data/test/openssl/test_x509name.rb

@@ -138,6 +138,7 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
 
   def test_s_parse_rfc2253
     scanner = OpenSSL::X509::Name::RFC2253DN.method(:scan)
+
     assert_equal([["C", "JP"]], scanner.call("C=JP"))
     assert_equal([
         ["DC", "org"],

data/test/openssl/test_x509req.rb

@@ -155,8 +155,8 @@ END
     assert_equal(OpenSSL::X509::Name.parse("/CN=192.168.0.4").to_der, req.subject.to_der)
   end
 
-    def test_create_to_pem
-      req_s = <<END
+  def test_create_to_pem
+    req_s = <<END
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBVTCBvwIBADAWMRQwEgYDVQQDDAsxOTIuMTY4LjAuNDCBnzANBgkqhkiG9w0B
 AQEFAAOBjQAwgYkCgYEA0oTTzFLydOTVtBpNdYl4S0356AysVkHlqD/tNEMxQT0l
@@ -168,11 +168,9 @@ DVD201pI3p6LIxaRyXE20RYTp0Jj6jv+tNFd0wjVlzgStmcplNo8hu6Dtp1gKETW
 qL7M4i48FXHn
 -----END CERTIFICATE REQUEST-----
 END
-      req = OpenSSL::X509::Request.new(req_s)
-
-      assert_equal(req_s, req.to_pem)
-    end
-
+    req = OpenSSL::X509::Request.new(req_s)
+    assert_equal(req_s.gsub(/[\r\n]/, ''), req.to_pem.gsub(/[\r\n]/, ''))
+  end
 end
 
 end

data/test/openssl/test_x509store.rb

@@ -99,6 +99,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
     store.purpose = OpenSSL::X509::PURPOSE_CRL_SIGN
     assert_equal(true, store.verify(ca2_cert))
     assert_equal(OpenSSL::X509::V_OK, store.error)
+
     store.add_cert(ca2_cert)
     store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
     assert_equal(true, store.verify(ee1_cert))
@@ -198,7 +199,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
                           nil, nil, OpenSSL::Digest::SHA1.new)
     store = OpenSSL::X509::Store.new
     store.add_cert(ca1_cert)
-    assert_raises(OpenSSL::X509::StoreError){
+    assert_raise(OpenSSL::X509::StoreError){
       store.add_cert(ca1_cert)  # add same certificate twice
     }
 
@@ -209,7 +210,7 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
     crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
                      ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
     store.add_crl(crl1)
-    assert_raises(OpenSSL::X509::StoreError){
+    assert_raise(OpenSSL::X509::StoreError){
       store.add_crl(crl2) # add CRL issued by same CA twice.
     }
   end

data/test/test_all.rb

@@ -0,0 +1 @@
+Dir.glob("test/test_*.rb").sort.reject{|t| t =~ /test_all/}.each {|t| require t }

data/test/{test_openssl_x509.rb → test_certificate.rb}

@@ -1,8 +1,38 @@
 require 'openssl'
-require 'test/unit'
+require "test/unit"
 
-# JRUBY-3468
-class TestOpensslX509 < Test::Unit::TestCase
+class TestCertificate < Test::Unit::TestCase
+  def setup
+    cert_file = File.expand_path('fixture/selfcert.pem', File.dirname(__FILE__))
+    key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
+    @cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
+    @key = OpenSSL::PKey::RSA.new(File.read(key_file))
+  end
+
+  def test_sign_for_pem_initialized_certificate
+    pem = @cert.to_pem
+    exts = @cert.extensions
+    assert_nothing_raised do
+      @cert.sign(@key, OpenSSL::Digest::SHA1.new)
+    end
+    # TODO: for now, jruby-openssl cannot keep order of extensions after sign.
+    # assert_equal(pem, @cert.to_pem)
+    assert_equal(exts.size, @cert.extensions.size)
+    exts.each do |ext|
+      found = @cert.extensions.find { |e| e.oid == ext.oid }
+      assert_not_nil(found)
+      assert_equal(ext.value, found.value)
+    end
+  end
+
+  def test_set_public_key
+    pkey = @cert.public_key
+    newkey = OpenSSL::PKey::RSA.new(1024)
+    @cert.public_key = newkey
+    assert_equal(newkey.public_key.to_pem, @cert.public_key.to_pem)
+  end
+
+  # JRUBY-3468
   def test_jruby3468
     pem_cert = <<END
 -----BEGIN CERTIFICATE-----

data/test/test_cipher.rb

@@ -1,10 +1,3 @@
-if defined?(JRUBY_VERSION)
-  require "java"
-  base = File.dirname(__FILE__)
-  $CLASSPATH << File.join(base, '..', 'pkg', 'classes')
-  $CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
-end
-
 begin
   require "openssl"
 rescue LoadError
@@ -59,6 +52,91 @@ class TestCipher < Test::Unit::TestCase
 		    )
   end
 
+  def test_rc4
+    do_repeated_test(
+                     "RC4",
+                     "foobarbazboofarf",
+                     "/i|\257\336U\354\331\212\304E\021\246\351\235\303",
+                     "\020\367\370\316\212\262\266e\242\333\263\305z\340\204\200"
+		    )
+  end
+
+  def test_cast
+    do_repeated_test(
+                     "cast-cbc",
+                     "foobarbazboofarf",
+                     "`m^\225\277\307\247m`{\f\020fl\ry",
+                     "(\354\265\251,D\016\037\251\250V\207\367\214\276B"
+		    )
+  end
+
+  # JRUBY-4326 (1)
+  def test_cipher_unsupported_algorithm
+    assert_raise(OpenSSL::Cipher::CipherError) do
+      cipher = OpenSSL::Cipher::Cipher.new('aes-xxxxxxx')
+    end
+  end
+
+  # JRUBY-4326 (2)
+  def test_cipher_unsupported_keylen
+    bits_128 = java.lang.String.new("0123456789ABCDEF").getBytes()
+    bits_256 = java.lang.String.new("0123456789ABCDEF0123456789ABCDEF").getBytes()
+
+    # AES128 is allowed
+    cipher = OpenSSL::Cipher::Cipher.new('aes-128-cbc')
+    cipher = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
+    cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding")
+    key_spec = javax.crypto.spec.SecretKeySpec.new(bits_128, "AES")
+    iv_spec = javax.crypto.spec.IvParameterSpec.new(bits_128)
+    assert_nothing_raised do
+      cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, key_spec, iv_spec)
+    end
+
+    # check if AES256 is allowed or not in env policy
+    cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding")
+    key_spec = javax.crypto.spec.SecretKeySpec.new(bits_256, "AES")
+    allowed = false
+    begin
+      cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, key_spec, iv_spec)
+      allowed = true
+    rescue
+    end
+
+    # jruby-openssl should raise as well?
+    # CRuby's openssl raises exception at initialization time.
+    # At this time, jruby-openssl raises later. TODO
+    cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+    cipher.encrypt
+    cipher.padding = 0
+    if allowed
+      assert_nothing_raised(OpenSSL::Cipher::CipherError) do
+        cipher.pkcs5_keyivgen("password")
+      end
+    else
+      assert_raise(OpenSSL::Cipher::CipherError) do
+        cipher.pkcs5_keyivgen("password")
+      end
+    end
+  end
+
+  def test_iv_length_auto_trim_JRUBY_4012
+    e1 = e2 = nil
+    plain = 'data'
+    des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
+    des.encrypt
+    des.key = '0123456789abcdef01234567890'
+    des.iv = "0" * (128/8) # too long for DES which is a 64 bit block
+    assert_nothing_raised do
+      e1 = des.update(plain) + des.final  
+    end
+    des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
+    des.encrypt
+    des.key = '0123456789abcdef01234567890'
+    des.iv = "0" * (64/8) # DES is a 64 bit block
+    e2 = des.update(plain) + des.final  
+    assert_equal(e2, e1, "JRUBY-4012")
+  end
+
   private
   def do_repeated_test(algo, string, enc1, enc2)
     do_repeated_encrypt_test(algo, string, enc1, enc2)

data/test/test_integration.rb

@@ -1,10 +1,3 @@
-if defined?(JRUBY_VERSION)
-  require "java"
-  base = File.join(File.dirname(__FILE__), '..')
-  $CLASSPATH << File.join(base, 'pkg', 'classes')
-  $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
-end
-
 begin
   require "openssl"
 rescue LoadError
@@ -52,14 +45,20 @@ class TestIntegration < Test::Unit::TestCase
       assert s.get(uri.request_uri).length > 0
     end
     # wrong trust anchor for www.amazon.com
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true
+    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
     http.ca_file = 'test/fixture/verisign_c3.pem'
-    assert_raises(OpenSSL::SSL::SSLError) do
+    assert_raise(OpenSSL::SSL::SSLError) do
       # it must cause SSLError for verification failure.
       response = http.start do |s|
         s.get(uri.request_uri)
       end
     end
     # round trip
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true
+    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
     http.ca_file = 'test/fixture/verisign.pem'
     response = http.start do |s|
       assert s.get(uri.request_uri).length > 0

data/test/test_java.rb

@@ -6,7 +6,7 @@ require 'mocha'
 if defined?(JRUBY_VERSION)
   require "java"
   $CLASSPATH << 'pkg/classes'
-  $CLASSPATH << 'lib/bcprov-jdk14-139.jar'
+  $CLASSPATH << 'lib/bcprov-jdk15-144.jar'
   
   module PKCS7Test
     module ASN1
@@ -15,6 +15,7 @@ if defined?(JRUBY_VERSION)
     
     PKCS7 = org.jruby.ext.openssl.impl.PKCS7 unless defined?(PKCS7)
     Attribute = org.jruby.ext.openssl.impl.Attribute unless defined?(Attribute)
+    CipherSpec = org.jruby.ext.openssl.impl.CipherSpec unless defined?(CipherSpec)
     Digest = org.jruby.ext.openssl.impl.Digest unless defined?(Digest)
     EncContent = org.jruby.ext.openssl.impl.EncContent unless defined?(EncContent)
     Encrypt = org.jruby.ext.openssl.impl.Encrypt unless defined?(Encrypt)
@@ -49,9 +50,9 @@ if defined?(JRUBY_VERSION)
     X509Name = org.bouncycastle.asn1.x509.X509Name
     
     
-    MimeEnvelopedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_mime_enveloped.message'))
-    MimeSignedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_mime_signed.message'))
-    MultipartSignedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_multipart_signed.message'))
+    MimeEnvelopedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_mime_enveloped.message'))
+    MimeSignedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_mime_signed.message'))
+    MultipartSignedString = File::read(File.join(File.dirname(__FILE__), 'java', 'pkcs7_multipart_signed.message'))
 
     X509CertString = <<CERT
 -----BEGIN CERTIFICATE-----
@@ -90,9 +91,8 @@ CRL
     X509CRL = CertificateFactory.getInstance("X.509",BCP.new).generateCRL(ByteArrayInputStream.new(X509CRLString.to_java_bytes))
   end
   
-  require File.join(File.dirname(__FILE__), 'test_java_attribute')
-  require File.join(File.dirname(__FILE__), 'test_java_bio')
-  require File.join(File.dirname(__FILE__), 'test_java_mime')
-  require File.join(File.dirname(__FILE__), 'test_java_pkcs7')
-  require File.join(File.dirname(__FILE__), 'test_java_smime')
+  files = File.join(File.dirname(__FILE__), 'java', 'test_*.rb')
+  Dir.glob(files).sort.each do |tc|
+    require tc
+  end
 end

data/test/test_openssl.rb

@@ -1,34 +1,4 @@
-
-if defined?(JRUBY_VERSION)
-  require "java"
-  base = File.join(File.dirname(__FILE__), '..')
-  $CLASSPATH << File.join(base, 'pkg', 'classes')
-  $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
+files = File.join(File.dirname(__FILE__), 'openssl', 'test_*.rb')
+Dir.glob(files).sort.each do |tc|
+  require tc
 end
-
-def protect_require(name)
-  require name
-rescue Exception => e
-  $stderr.puts "Had exception in #{name}: #{e.inspect}"
-  $stderr.puts(*(e.backtrace))
-end
-
-protect_require 'openssl/test_asn1'
-protect_require 'openssl/test_cipher'
-protect_require 'openssl/test_digest'
-protect_require 'openssl/test_hmac'
-protect_require 'openssl/test_ns_spki'
-protect_require 'openssl/test_pair'
-protect_require 'openssl/test_pkcs7'
-protect_require 'openssl/test_pkey_rsa'
-protect_require 'openssl/test_ssl'
-protect_require 'openssl/test_x509cert'
-protect_require 'openssl/test_x509crl'
-protect_require 'openssl/test_x509ext'
-protect_require 'openssl/test_x509name'
-protect_require 'openssl/test_x509req'
-protect_require 'openssl/test_x509store'
-protect_require 'test_cipher'
-protect_require 'test_java'
-protect_require 'test_integration'
-protect_require 'test_pkey'

data/test/test_parse_certificate.rb

@@ -14,7 +14,14 @@ class TestParseCertificate < Test::Unit::TestCase
 
   def test_certificate_with_ec_pk_cert_fails_requesting_pk
     cer = OpenSSL::X509::Certificate.new(File.read(CERT))
-    assert_raises(OpenSSL::X509::CertificateError) { cer.public_key }
+    assert_raise(OpenSSL::X509::CertificateError) { cer.public_key }
+  end
+
+  def test_loading_key_raise_certificate_error
+    key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
+    assert_raises(OpenSSL::X509::CertificateError) do
+      OpenSSL::X509::Certificate.new(File.read(key_file))
+    end
   end
 end
 

data/test/test_pkcs7.rb

@@ -0,0 +1,40 @@
+require 'openssl'
+require "test/unit"
+
+class TestPkcs7 < Test::Unit::TestCase
+
+  CERT_PEM = <<END
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQQFADA9MRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe
+Fw0wOTA1MjMxNTAzNDNaFw0wOTA1MjMxNjAzNDNaMD0xEzARBgoJkiaJk/IsZAEZ
+FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9
+gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen
+fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm
+qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6
+8JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX
+9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID
+AQABMA0GCSqGSIb3DQEBBAUAA4IBAQB8UTw1agA9wdXxHMUACduYu6oNL7pdF0dr
+w7a4QPJyj62h4+Umxvp13q0PBw0E+mSjhXMcqUhDLjrmMcvvNGhuh5Sdjbe3GI/M
+3lCC9OwYYIzzul7omvGC3JEIGfzzdNnPPCPKEWp5X9f0MKLMR79qOf+sjHTjN2BY
+SY3YGsEFxyTXDdqrlaYaOtTAdi/C+g1WxR8fkPLefymVwIFwvyc9/bnp7iBn7Hcw
+mbxtLPbtQ9mURT0GHewZRTGJ1aiTq9Ag3xXME2FPF04eFRd3mclOQZNXKQ+LDxYf
+k0X5FeZvsWf4srFxoVxlcDdJtHh91ZRpDDJYGQlsUm9CPTnO+e4E
+-----END CERTIFICATE-----
+END
+
+  def test_pkcs7_des3_key_generation_for_encrypt
+    # SunJCE requires DES/DES3 keybits = 21/168 for key generation.
+    # BC allows 24/192 keybits and treats it as 21/168.
+    msg = "Hello World"
+    password = "password"
+    cert = OpenSSL::X509::Certificate.new(CERT_PEM)
+    certs = [cert]
+    cipher = OpenSSL::Cipher.new("des-ede3-cbc")
+    cipher.encrypt
+    cipher.pkcs5_keyivgen(password)
+    p7 = OpenSSL::PKCS7.encrypt(certs, msg, cipher, OpenSSL::PKCS7::BINARY)
+    assert_equal(msg, p7.data)
+  end
+end

data/test/test_pkey.rb

@@ -1,10 +1,3 @@
-if defined?(JRUBY_VERSION)
-  require "java"
-  base = File.dirname(__FILE__)
-  $CLASSPATH << File.join(base, '..', 'pkg', 'classes')
-  $CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
-end
-
 begin
   require "openssl"
 rescue LoadError
@@ -42,5 +35,170 @@ class TestPKey < Test::Unit::TestCase
   end
 
   def test_can_generate_dsa_key
+    OpenSSL::PKey::DSA.generate(512)
+  end
+
+  def test_malformed_rsa_handling
+    pem = <<__EOP__
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiU1/UMzIQ1On9OlZGoV
+S0yySFYWoXLH12nmP69fg9jwdRbQlb0rxLn7zATbwfqcvGpCcW+8SmdwW74elNrc
+wRtbKjJKfbJCsVfDssbbj6BF+Bcq3ihi8+CGNXFdJOYhZZ+5Adg2Qc9Qp3Ubw9wu
+/3Ai87+1aQxoZPMFwdX2BRiZvxch9dwHVyL8EuFGUOYId/8JQepHyZMbTqp/8wlA
+UAbMcPW+IKp3N0WMgred3CjXKHAqqM0Ira9RLSXdlO2uFV4OrM0ak8rnTN5w1DsI
+McjvVvOck0aIxfHEEmeadt3YMn4PCW33/j8geulZLvt0ci60/OWMSCcIqByITlvY
+DwIDAQAB
+-----END PUBLIC KEY-----
+__EOP__
+    pkey = OpenSSL::PKey::RSA.new(pem)
+    # jruby-openssl/0.6 raises NativeException
+    assert_raise(OpenSSL::PKey::RSAError, 'JRUBY-4492') do
+      pkey.public_decrypt("rah")
+    end
+  end
+
+  # http://github.com/jruby/jruby-openssl/issues#issue/1
+  def test_load_pkey_rsa
+    pem = <<__EOP__
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
+A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
+7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
+hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
+X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
+uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
+rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
+zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
+qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
+WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
+cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
+3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
+AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
+Lw03eHTNQghS0A==
+-----END PRIVATE KEY-----
+__EOP__
+    assert_nothing_raised do
+      pkey = OpenSSL::PKey::RSA.new(pem)
+      pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
+      assert_equal(pkey.n, pkey2.n)
+      assert_equal(pkey.e, pkey2.e)
+      assert_equal(pkey.d, pkey2.d)
+    end
+  end
+
+  def test_load_pkey_rsa_enc
+    # password is '1234'
+    pem = <<__EOP__
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoTAbBgkqhkiG9w0BBQMwDgQIfvehP6JEg2wCAggABIICgD7kzSr+xWgdAuzG
+cYNkCEWyKF6V0cJ58AKSoL4FQ59OQvQP/hMnSZEMiUpeGNRE6efC7O02RUjNarIk
+ciCYIBqd5EFG3OSypK5l777AbCChIkzZHbyE/pIbadr8ZX9C4pkwzPqS0Avzavxi
+5s1WDX2GggJkBcQUijqG9QuOZcOvoYbojHPT4tdJq+J6s+0LFas9Jp3a6dYkxtgv
+u8Z6EFDZoLGOSVy/jCSMuZAnhoOxUCYqd9FFo2jryV7tQ/CaYAUApAQFTLgBA9qk
+4WmyKRpwzIx6EG1pkqulvPXJCcTat9YwllEDVuQ2rKVwDepSl9O7X170Kx1sBecz
+mGcfqviU9xwP5mkXO/TLoTZExkHF08Y3d/PTMdxGEDZH37/yRqCIb3Uyqv/jLibM
+/s9fm52aWsfO1ndHEhciovlMJvGXq3+e+9gmq1w2TyNQahRc5fwfhwWKhPKfYDBk
+7AtjPGfELDX61WZ5m+4Kb70BcGSAEgXCaBydVsMROy0B8jkYgtAnVBb4EMrGOsCG
+jmNeW9MRIhrhDcifdyq1DMNg7IONMF+5mDdQ3FhK6WzlFU+8cTN517qA8L3A3+ZX
+asiS+rx5/50InINknjuvVkmTGMzjl89nMNrZCjhx9sIDfXQ3ZKFmh1mvnXq/fLan
+CgXn/UtLoykrSlobgqIxZslhj3p01kMCgGe62S3kokYrDTQEc57rlKWWR3Xyjy/T
+LsecXAKEROj95IHSMMnT4jl+TJnbvGKQ2U9tOOB3W+OOOlDEFE59pQlcmQPAwdzr
+mzI4kupi3QRTFjOgvX29leII9sPtpr4dKMKVIRxKnvMZhUAkS/n3+Szfa6zKexLa
+4CHVgDo=
+-----END ENCRYPTED PRIVATE KEY-----
+__EOP__
+    assert_nothing_raised do
+      pkey = OpenSSL::PKey::RSA.new(pem, '1234')
+      pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
+      assert_equal(pkey.n, pkey2.n)
+      assert_equal(pkey.e, pkey2.e)
+      assert_equal(pkey.d, pkey2.d)
+    end
+  end
+
+  # jruby-openssl/0.6 causes NPE
+  def test_generate_pkey_rsa_empty
+    assert_nothing_raised do
+      OpenSSL::PKey::RSA.new.to_pem
+    end
+  end
+
+  def test_generate_pkey_rsa_length
+    assert_nothing_raised do
+      OpenSSL::PKey::RSA.new(512).to_pem
+    end
+  end
+
+  def test_generate_pkey_rsa_to_text
+    assert_match(
+      /Private-Key: \(512 bit\)/,
+      OpenSSL::PKey::RSA.new(512).to_text
+    )
+  end
+
+  def test_load_pkey_rsa
+    pkey = OpenSSL::PKey::RSA.new(512)
+    assert_equal(pkey.to_pem, OpenSSL::PKey::RSA.new(pkey.to_pem).to_pem)
+  end
+
+  def test_load_pkey_rsa_public
+    pkey = OpenSSL::PKey::RSA.new(512).public_key
+    assert_equal(pkey.to_pem, OpenSSL::PKey::RSA.new(pkey.to_pem).to_pem)
+  end
+
+  def test_load_pkey_rsa_der
+    pkey = OpenSSL::PKey::RSA.new(512)
+    assert_equal(pkey.to_der, OpenSSL::PKey::RSA.new(pkey.to_der).to_der)
+  end
+
+  def test_load_pkey_rsa_public_der
+    pkey = OpenSSL::PKey::RSA.new(512).public_key
+    assert_equal(pkey.to_der, OpenSSL::PKey::RSA.new(pkey.to_der).to_der)
+  end
+
+  # jruby-openssl/0.6 causes NPE
+  def test_generate_pkey_dsa_empty
+    assert_nothing_raised do
+      OpenSSL::PKey::DSA.new.to_pem
+    end
+  end
+
+  # jruby-openssl/0.6 ignores fixnum arg => to_pem returned 65 bytes with 'MAA='
+  def test_generate_pkey_dsa_length
+    assert(OpenSSL::PKey::DSA.new(512).to_pem.size > 100)
+  end
+
+  # jruby-openssl/0.6 returns nil for DSA#to_text
+  def test_generate_pkey_dsa_to_text
+    assert_match(
+      /Private-Key: \(512 bit\)/,
+      OpenSSL::PKey::DSA.new(512).to_text
+    )
+  end
+
+  def test_load_pkey_dsa
+    pkey = OpenSSL::PKey::DSA.new(512)
+    assert_equal(pkey.to_pem, OpenSSL::PKey::DSA.new(pkey.to_pem).to_pem)
+  end
+
+  def test_load_pkey_dsa_public
+    pkey = OpenSSL::PKey::DSA.new(512).public_key
+    assert_equal(pkey.to_pem, OpenSSL::PKey::DSA.new(pkey.to_pem).to_pem)
+  end
+
+  def test_load_pkey_dsa_der
+    pkey = OpenSSL::PKey::DSA.new(512)
+    assert_equal(pkey.to_der, OpenSSL::PKey::DSA.new(pkey.to_der).to_der)
+  end
+
+  def test_load_pkey_dsa_public_der
+    pkey = OpenSSL::PKey::DSA.new(512).public_key
+    assert_equal(pkey.to_der, OpenSSL::PKey::DSA.new(pkey.to_der).to_der)
+  end
+
+  def test_load_pkey_dsa_net_ssh
+    blob = "0\201\367\002\001\000\002A\000\203\316/\037u\272&J\265\003l3\315d\324h\372{\t8\252#\331_\026\006\035\270\266\255\343\353Z\302\276\335\336\306\220\375\202L\244\244J\206>\346\b\315\211\302L\246x\247u\a\376\366\345\302\016#\002\025\000\244\274\302\221Og\275/\302+\356\346\360\024\373wI\2573\361\002@\027\215\270r*\f\213\350C\245\021:\350 \006\\\376\345\022`\210b\262\3643\023XLKS\320\370\002\276\347A\nU\204\276\324\256`=\026\240\330\306J\316V\213\024\e\030\215\355\006\037q\337\356ln\002@\017\257\034\f\260\333'S\271#\237\230E\321\312\027\021\226\331\251Vj\220\305\316\036\v\266+\000\230\270\177B\003?t\a\305]e\344\261\334\023\253\323\251\223M\2175)a(\004\"lI8\312\303\307\a\002\024_\aznW\345\343\203V\326\246ua\203\376\201o\350\302\002"
+    pkey = OpenSSL::PKey::DSA.new(blob)
+    assert_equal(blob, pkey.to_der)
   end
 end

data/test/test_x509store.rb

@@ -1,10 +1,3 @@
-if defined?(JRUBY_VERSION)
-  require "java"
-  base = File.dirname(__FILE__)
-  $CLASSPATH << File.join(base, '..', 'pkg', 'classes')
-  $CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
-end
-
 begin
   require "openssl"
 rescue LoadError
@@ -86,6 +79,14 @@ class TestX509Store < Test::Unit::TestCase
     assert_equal(true, @store.verify(cert))
   end
 
+  # jruby-openssl/0.6 raises "can't store certificate" because of duplicated
+  # subject. ruby-openssl just ignores the second certificate.
+  def test_add_file_JRUBY_4409
+    assert_nothing_raised do
+      @store.add_file("test/fixture/ca-bundle.crt")
+    end
+  end
+
   def test_set_default_paths
     @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
     cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))