jruby-openssl 0.7.1 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +16 -0
- data/Manifest.txt +2 -0
- data/Rakefile +1 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/version.rb +1 -1
- data/lib/openssl.rb +1 -0
- data/lib/openssl/config.rb +316 -0
- data/test/openssl/test_cipher.rb +4 -4
- data/test/openssl/test_config.rb +290 -0
- data/test/openssl/test_ec.rb +18 -3
- data/test/openssl/test_hmac.rb +11 -9
- data/test/openssl/test_ns_spki.rb +0 -10
- data/test/openssl/test_pkcs7.rb +4 -3
- data/test/openssl/test_ssl.rb +3 -9
- data/test/openssl/test_x509cert.rb +64 -23
- data/test/openssl/test_x509crl.rb +27 -7
- data/test/openssl/test_x509ext.rb +5 -1
- data/test/openssl/test_x509name.rb +12 -4
- data/test/openssl/test_x509req.rb +27 -8
- data/test/openssl/utils.rb +12 -3
- data/test/test_certificate.rb +32 -0
- data/test/test_cipher.rb +24 -0
- data/test/test_integration.rb +9 -5
- data/test/test_x509store.rb +13 -9
- metadata +5 -3
data/test/openssl/test_ec.rb
CHANGED
@@ -87,9 +87,24 @@ class OpenSSL::TestEC < Test::Unit::TestCase
|
|
87
87
|
def test_dsa_sign_verify
|
88
88
|
for key in @keys
|
89
89
|
sig = key.dsa_sign_asn1(@data1)
|
90
|
-
|
91
|
-
|
92
|
-
|
90
|
+
assert(key.dsa_verify_asn1(@data1, sig))
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
def test_dsa_sign_asn1_FIPS186_3
|
95
|
+
for key in @keys
|
96
|
+
size = key.group.order.num_bits / 8 + 1
|
97
|
+
dgst = (1..size).to_a.pack('C*')
|
98
|
+
begin
|
99
|
+
sig = key.dsa_sign_asn1(dgst)
|
100
|
+
# dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
|
101
|
+
assert(key.dsa_verify_asn1(dgst + "garbage", sig))
|
102
|
+
rescue OpenSSL::PKey::ECError => e
|
103
|
+
# just an exception for longer dgst before openssl-0.9.8m
|
104
|
+
assert_equal('ECDSA_sign: data too large for key size', e.message)
|
105
|
+
# no need to do following tests
|
106
|
+
return
|
107
|
+
end
|
93
108
|
end
|
94
109
|
end
|
95
110
|
|
data/test/openssl/test_hmac.rb
CHANGED
@@ -4,15 +4,13 @@ rescue LoadError
|
|
4
4
|
end
|
5
5
|
require "test/unit"
|
6
6
|
|
7
|
-
if defined?(OpenSSL)
|
8
|
-
|
9
7
|
class OpenSSL::TestHMAC < Test::Unit::TestCase
|
10
8
|
def setup
|
11
|
-
@digest = OpenSSL::Digest::MD5
|
9
|
+
@digest = OpenSSL::Digest::MD5
|
12
10
|
@key = "KEY"
|
13
11
|
@data = "DATA"
|
14
|
-
@h1 = OpenSSL::HMAC.new(@key, @digest)
|
15
|
-
@h2 = OpenSSL::HMAC.new(@key,
|
12
|
+
@h1 = OpenSSL::HMAC.new(@key, @digest.new)
|
13
|
+
@h2 = OpenSSL::HMAC.new(@key, "MD5")
|
16
14
|
end
|
17
15
|
|
18
16
|
def teardown
|
@@ -20,8 +18,14 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
|
|
20
18
|
|
21
19
|
def test_hmac
|
22
20
|
@h1.update(@data)
|
23
|
-
|
24
|
-
assert_equal(
|
21
|
+
@h2.update(@data)
|
22
|
+
assert_equal(@h1.digest, @h2.digest)
|
23
|
+
|
24
|
+
assert_equal(OpenSSL::HMAC.digest(@digest.new, @key, @data), @h1.digest, "digest")
|
25
|
+
assert_equal(OpenSSL::HMAC.hexdigest(@digest.new, @key, @data), @h1.hexdigest, "hexdigest")
|
26
|
+
|
27
|
+
assert_equal(OpenSSL::HMAC.digest("MD5", @key, @data), @h2.digest, "digest")
|
28
|
+
assert_equal(OpenSSL::HMAC.hexdigest("MD5", @key, @data), @h2.hexdigest, "hexdigest")
|
25
29
|
end
|
26
30
|
|
27
31
|
def test_dup
|
@@ -40,5 +44,3 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
|
|
40
44
|
OpenSSL::HMAC.hexdigest(digest256, 'blah', "blah"))
|
41
45
|
end
|
42
46
|
end
|
43
|
-
|
44
|
-
end
|
@@ -22,16 +22,6 @@ class OpenSSL::TestNSSPI < Test::Unit::TestCase
|
|
22
22
|
|
23
23
|
def teardown
|
24
24
|
end
|
25
|
-
def pr(obj, ind=0)
|
26
|
-
if obj.respond_to?(:value)
|
27
|
-
puts((" "*ind) + obj.class.to_s + ":")
|
28
|
-
pr(obj.value,(ind+1))
|
29
|
-
elsif obj.respond_to?(:each) && !(String===obj)
|
30
|
-
obj.each {|v| pr(v,ind+1) }
|
31
|
-
else
|
32
|
-
puts((" "*ind) + obj.inspect)
|
33
|
-
end
|
34
|
-
end
|
35
25
|
|
36
26
|
def test_build_data
|
37
27
|
key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
data/test/openssl/test_pkcs7.rb
CHANGED
@@ -36,7 +36,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
|
|
36
36
|
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
37
37
|
end
|
38
38
|
|
39
|
-
def issue_cert(*args)
|
39
|
+
def issue_cert(*args)
|
40
40
|
OpenSSL::TestUtils.issue_cert(*args)
|
41
41
|
end
|
42
42
|
|
@@ -78,7 +78,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
|
|
78
78
|
assert_equal(@ee1_cert.serial, signers[0].serial)
|
79
79
|
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
80
80
|
|
81
|
-
# A signed-data which have multiple signatures can be created
|
81
|
+
# A signed-data which have multiple signatures can be created
|
82
82
|
# through the following steps.
|
83
83
|
# 1. create two signed-data
|
84
84
|
# 2. copy signerInfo and certificate from one to another
|
@@ -86,7 +86,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
|
|
86
86
|
tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
|
87
87
|
tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
|
88
88
|
tmp1.add_signer(tmp2.signers[0])
|
89
|
-
tmp1.add_certificate(@ee2_cert)
|
89
|
+
tmp1.add_certificate(@ee2_cert)
|
90
90
|
|
91
91
|
p7 = OpenSSL::PKCS7.new(tmp1.to_der)
|
92
92
|
certs = p7.certificates
|
@@ -135,6 +135,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
|
|
135
135
|
certs = [@ee1_cert, @ee2_cert]
|
136
136
|
cipher = OpenSSL::Cipher::AES.new("128-CBC")
|
137
137
|
data = "aaaaa\nbbbbb\nccccc\n"
|
138
|
+
|
138
139
|
tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
|
139
140
|
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
140
141
|
recip = p7.recipients
|
data/test/openssl/test_ssl.rb
CHANGED
@@ -111,7 +111,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
|
|
111
111
|
server_proc.call(ctx, ssl)
|
112
112
|
end
|
113
113
|
end
|
114
|
-
rescue Errno::EBADF, IOError
|
114
|
+
rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED
|
115
115
|
end
|
116
116
|
|
117
117
|
def start_server(port0, verify_mode, start_immediately, args = {}, &block)
|
@@ -132,12 +132,6 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
|
|
132
132
|
|
133
133
|
Socket.do_not_reverse_lookup = true
|
134
134
|
tcps, port = choose_port(port0)
|
135
|
-
begin
|
136
|
-
tcps = TCPServer.new("127.0.0.1", port)
|
137
|
-
rescue Errno::EADDRINUSE
|
138
|
-
port += 1
|
139
|
-
retry
|
140
|
-
end
|
141
135
|
|
142
136
|
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
|
143
137
|
ssls.start_immediately = start_immediately
|
@@ -954,7 +948,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
|
|
954
948
|
ctx.session_add(saved_session)
|
955
949
|
end
|
956
950
|
connections += 1
|
957
|
-
|
951
|
+
|
958
952
|
readwrite_loop(ctx, ssl)
|
959
953
|
end
|
960
954
|
|
@@ -999,7 +993,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
|
|
999
993
|
ctx_proc = Proc.new do |ctx, ssl|
|
1000
994
|
foo_ctx = ctx.dup
|
1001
995
|
|
1002
|
-
ctx.servername_cb = Proc.new do |
|
996
|
+
ctx.servername_cb = Proc.new do |ssl2, hostname|
|
1003
997
|
case hostname
|
1004
998
|
when 'foo.example.com'
|
1005
999
|
foo_ctx
|
@@ -28,7 +28,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
|
|
28
28
|
def test_serial
|
29
29
|
[1, 2**32, 2**100].each{|s|
|
30
30
|
cert = issue_cert(@ca, @rsa2048, s, Time.now, Time.now+3600, [],
|
31
|
-
nil, nil, OpenSSL::Digest::SHA1.new)
|
31
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
32
32
|
assert_equal(s, cert.serial)
|
33
33
|
cert = OpenSSL::X509::Certificate.new(cert.to_der)
|
34
34
|
assert_equal(s, cert.serial)
|
@@ -60,25 +60,25 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
|
|
60
60
|
def test_validity
|
61
61
|
now = Time.now until now && now.usec != 0
|
62
62
|
cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [],
|
63
|
-
nil, nil, OpenSSL::Digest::SHA1.new)
|
63
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
64
64
|
assert_not_equal(now, cert.not_before)
|
65
65
|
assert_not_equal(now+3600, cert.not_after)
|
66
66
|
|
67
67
|
now = Time.at(now.to_i)
|
68
68
|
cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [],
|
69
|
-
nil, nil, OpenSSL::Digest::SHA1.new)
|
69
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
70
70
|
assert_equal(now.getutc, cert.not_before)
|
71
71
|
assert_equal((now+3600).getutc, cert.not_after)
|
72
72
|
|
73
73
|
now = Time.at(0)
|
74
74
|
cert = issue_cert(@ca, @rsa2048, 1, now, now, [],
|
75
|
-
nil, nil, OpenSSL::Digest::SHA1.new)
|
75
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
76
76
|
assert_equal(now.getutc, cert.not_before)
|
77
77
|
assert_equal(now.getutc, cert.not_after)
|
78
78
|
|
79
79
|
now = Time.at(0x7fffffff)
|
80
80
|
cert = issue_cert(@ca, @rsa2048, 1, now, now, [],
|
81
|
-
nil, nil, OpenSSL::Digest::SHA1.new)
|
81
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
82
82
|
assert_equal(now.getutc, cert.not_before)
|
83
83
|
assert_equal(now.getutc, cert.not_after)
|
84
84
|
end
|
@@ -91,7 +91,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
|
|
91
91
|
["authorityKeyIdentifier","keyid:always",false],
|
92
92
|
]
|
93
93
|
ca_cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, ca_exts,
|
94
|
-
nil, nil, OpenSSL::Digest::SHA1.new)
|
94
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
95
95
|
ca_cert.extensions.each_with_index{|ext, i|
|
96
96
|
assert_equal(ca_exts[i].first, ext.oid)
|
97
97
|
assert_equal(ca_exts[i].last, ext.critical?)
|
@@ -105,7 +105,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
|
|
105
105
|
["subjectAltName","email:ee1@ruby-lang.org",false],
|
106
106
|
]
|
107
107
|
ee1_cert = issue_cert(@ee1, @rsa1024, 2, Time.now, Time.now+1800, ee1_exts,
|
108
|
-
ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
108
|
+
ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
109
109
|
assert_equal(ca_cert.subject.to_der, ee1_cert.issuer.to_der)
|
110
110
|
ee1_cert.extensions.each_with_index{|ext, i|
|
111
111
|
assert_equal(ee1_exts[i].first, ext.oid)
|
@@ -120,7 +120,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
|
|
120
120
|
["subjectAltName","email:ee2@ruby-lang.org",false],
|
121
121
|
]
|
122
122
|
ee2_cert = issue_cert(@ee2, @rsa1024, 3, Time.now, Time.now+1800, ee2_exts,
|
123
|
-
ca_cert, @rsa2048, OpenSSL::Digest::MD5.new)
|
123
|
+
ca_cert, @rsa2048, OpenSSL::Digest::MD5.new)
|
124
124
|
assert_equal(ca_cert.subject.to_der, ee2_cert.issuer.to_der)
|
125
125
|
ee2_cert.extensions.each_with_index{|ext, i|
|
126
126
|
assert_equal(ee2_exts[i].first, ext.oid)
|
@@ -129,46 +129,87 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
|
|
129
129
|
|
130
130
|
end
|
131
131
|
|
132
|
+
def test_sign_and_verify_wrong_key_type
|
133
|
+
cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
134
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
135
|
+
cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
|
136
|
+
nil, nil, OpenSSL::Digest::DSS1.new)
|
137
|
+
begin
|
138
|
+
assert_equal(false, cert_rsa.verify(@dsa256))
|
139
|
+
rescue OpenSSL::X509::CertificateError => e
|
140
|
+
# OpenSSL 1.0.0 added checks for pkey OID
|
141
|
+
assert_equal('wrong public key type', e.message)
|
142
|
+
end
|
143
|
+
|
144
|
+
begin
|
145
|
+
assert_equal(false, cert_dsa.verify(@rsa1024))
|
146
|
+
rescue OpenSSL::X509::CertificateError => e
|
147
|
+
# OpenSSL 1.0.0 added checks for pkey OID
|
148
|
+
assert_equal('wrong public key type', e.message)
|
149
|
+
end
|
150
|
+
end
|
151
|
+
|
132
152
|
def test_sign_and_verify
|
133
153
|
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
134
|
-
nil, nil, OpenSSL::Digest::SHA1.new)
|
154
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
155
|
+
assert_equal("sha1WithRSAEncryption", cert.signature_algorithm)
|
135
156
|
assert_equal(false, cert.verify(@rsa1024))
|
136
157
|
assert_equal(true, cert.verify(@rsa2048))
|
137
|
-
assert_equal(false, cert.verify(@dsa256))
|
138
|
-
assert_equal(false, cert.verify(@dsa512))
|
139
158
|
cert.serial = 2
|
140
159
|
assert_equal(false, cert.verify(@rsa2048))
|
141
160
|
|
142
161
|
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
143
|
-
nil, nil, OpenSSL::Digest::MD5.new)
|
162
|
+
nil, nil, OpenSSL::Digest::MD5.new)
|
163
|
+
assert_equal("md5WithRSAEncryption", cert.signature_algorithm)
|
144
164
|
assert_equal(false, cert.verify(@rsa1024))
|
145
165
|
assert_equal(true, cert.verify(@rsa2048))
|
146
|
-
assert_equal(false, cert.verify(@dsa256))
|
147
|
-
assert_equal(false, cert.verify(@dsa512))
|
148
166
|
cert.subject = @ee1
|
149
167
|
assert_equal(false, cert.verify(@rsa2048))
|
150
168
|
|
151
169
|
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
|
152
|
-
nil, nil, OpenSSL::Digest::DSS1.new)
|
153
|
-
assert_equal(
|
154
|
-
assert_equal(false, cert.verify(@rsa2048))
|
170
|
+
nil, nil, OpenSSL::Digest::DSS1.new)
|
171
|
+
assert_equal("dsaWithSHA1", cert.signature_algorithm)
|
155
172
|
assert_equal(false, cert.verify(@dsa256))
|
156
173
|
assert_equal(true, cert.verify(@dsa512))
|
157
|
-
cert.not_after = Time.now
|
174
|
+
cert.not_after = Time.now
|
158
175
|
assert_equal(false, cert.verify(@dsa512))
|
159
176
|
|
160
177
|
assert_raise(OpenSSL::X509::CertificateError){
|
161
178
|
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
162
|
-
nil, nil, OpenSSL::Digest::DSS1.new)
|
179
|
+
nil, nil, OpenSSL::Digest::DSS1.new)
|
163
180
|
}
|
164
181
|
assert_raise(OpenSSL::X509::CertificateError){
|
165
182
|
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
|
166
|
-
nil, nil, OpenSSL::Digest::MD5.new)
|
183
|
+
nil, nil, OpenSSL::Digest::MD5.new)
|
167
184
|
}
|
168
|
-
|
185
|
+
end
|
186
|
+
|
187
|
+
def test_dsig_algorithm_mismatch
|
188
|
+
assert_raise(OpenSSL::X509::CertificateError) do
|
189
|
+
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
190
|
+
nil, nil, OpenSSL::Digest::DSS1.new)
|
191
|
+
end
|
192
|
+
assert_raise(OpenSSL::X509::CertificateError) do
|
169
193
|
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
|
170
|
-
nil, nil, OpenSSL::Digest::
|
171
|
-
|
194
|
+
nil, nil, OpenSSL::Digest::MD5.new)
|
195
|
+
end
|
196
|
+
end
|
197
|
+
|
198
|
+
def test_dsa_with_sha2
|
199
|
+
begin
|
200
|
+
cert = issue_cert(@ca, @dsa256, 1, Time.now, Time.now+3600, [],
|
201
|
+
nil, nil, OpenSSL::Digest::SHA256.new)
|
202
|
+
assert_equal("dsa_with_SHA256", cert.signature_algorithm)
|
203
|
+
rescue OpenSSL::X509::CertificateError
|
204
|
+
# dsa_with_sha2 not supported. skip following test.
|
205
|
+
return
|
206
|
+
end
|
207
|
+
# TODO: need more tests for dsa + sha2
|
208
|
+
|
209
|
+
# SHA1 is allowed from OpenSSL 1.0.0 (0.9.8 requireds DSS1)
|
210
|
+
cert = issue_cert(@ca, @dsa256, 1, Time.now, Time.now+3600, [],
|
211
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
212
|
+
assert_equal("dsaWithSHA1", cert.signature_algorithm)
|
172
213
|
end
|
173
214
|
|
174
215
|
def test_check_private_key
|
@@ -125,13 +125,13 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
|
|
125
125
|
def test_extension
|
126
126
|
cert_exts = [
|
127
127
|
["basicConstraints", "CA:TRUE", true],
|
128
|
-
["subjectKeyIdentifier", "hash", false],
|
129
|
-
["authorityKeyIdentifier", "keyid:always", false],
|
128
|
+
["subjectKeyIdentifier", "hash", false],
|
129
|
+
["authorityKeyIdentifier", "keyid:always", false],
|
130
130
|
["subjectAltName", "email:xyzzy@ruby-lang.org", false],
|
131
131
|
["keyUsage", "cRLSign, keyCertSign", true],
|
132
132
|
]
|
133
133
|
crl_exts = [
|
134
|
-
["authorityKeyIdentifier", "keyid:always", false],
|
134
|
+
["authorityKeyIdentifier", "keyid:always", false],
|
135
135
|
["issuerAltName", "issuer:copy", false],
|
136
136
|
]
|
137
137
|
|
@@ -190,6 +190,30 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
|
|
190
190
|
assert_match((2**100).to_s, crl.extensions[0].value)
|
191
191
|
end
|
192
192
|
|
193
|
+
def test_sign_and_verify_wrong_key_type
|
194
|
+
cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
195
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
196
|
+
crl_rsa = issue_crl([], 1, Time.now, Time.now+1600, [],
|
197
|
+
cert_rsa, @rsa2048, OpenSSL::Digest::SHA1.new)
|
198
|
+
cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
|
199
|
+
nil, nil, OpenSSL::Digest::DSS1.new)
|
200
|
+
crl_dsa = issue_crl([], 1, Time.now, Time.now+1600, [],
|
201
|
+
cert_dsa, @dsa512, OpenSSL::Digest::DSS1.new)
|
202
|
+
begin
|
203
|
+
assert_equal(false, crl_rsa.verify(@dsa256))
|
204
|
+
rescue OpenSSL::X509::CRLError => e
|
205
|
+
# OpenSSL 1.0.0 added checks for pkey OID
|
206
|
+
assert_equal('wrong public key type', e.message)
|
207
|
+
end
|
208
|
+
|
209
|
+
begin
|
210
|
+
assert_equal(false, crl_dsa.verify(@rsa1024))
|
211
|
+
rescue OpenSSL::X509::CRLError => e
|
212
|
+
# OpenSSL 1.0.0 added checks for pkey OID
|
213
|
+
assert_equal('wrong public key type', e.message)
|
214
|
+
end
|
215
|
+
end
|
216
|
+
|
193
217
|
def test_sign_and_verify
|
194
218
|
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
195
219
|
nil, nil, OpenSSL::Digest::SHA1.new)
|
@@ -197,8 +221,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
|
|
197
221
|
cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
198
222
|
assert_equal(false, crl.verify(@rsa1024))
|
199
223
|
assert_equal(true, crl.verify(@rsa2048))
|
200
|
-
assert_equal(false, crl.verify(@dsa256))
|
201
|
-
assert_equal(false, crl.verify(@dsa512))
|
202
224
|
crl.version = 0
|
203
225
|
assert_equal(false, crl.verify(@rsa2048))
|
204
226
|
|
@@ -206,8 +228,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
|
|
206
228
|
nil, nil, OpenSSL::Digest::DSS1.new)
|
207
229
|
crl = issue_crl([], 1, Time.now, Time.now+1600, [],
|
208
230
|
cert, @dsa512, OpenSSL::Digest::DSS1.new)
|
209
|
-
assert_equal(false, crl.verify(@rsa1024))
|
210
|
-
assert_equal(false, crl.verify(@rsa2048))
|
211
231
|
assert_equal(false, crl.verify(@dsa256))
|
212
232
|
assert_equal(true, crl.verify(@dsa512))
|
213
233
|
crl.version = 0
|
@@ -56,18 +56,22 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
|
|
56
56
|
cdp = ef.create_extension("crlDistributionPoints", "@crlDistPts")
|
57
57
|
assert_equal(false, cdp.critical?)
|
58
58
|
assert_equal("crlDistributionPoints", cdp.oid)
|
59
|
+
=begin TODO: JRuby-OSSL does not implement some features such as config reference, DER:, etc.
|
59
60
|
assert_match(%{URI:http://www\.example\.com/crl}, cdp.value)
|
60
61
|
assert_match(
|
61
62
|
%r{URI:ldap://ldap\.example\.com/cn=ca\?certificateRevocationList;binary},
|
62
63
|
cdp.value)
|
64
|
+
=end
|
63
65
|
|
64
66
|
cdp = ef.create_extension("crlDistributionPoints", "critical, @crlDistPts")
|
65
67
|
assert_equal(true, cdp.critical?)
|
66
68
|
assert_equal("crlDistributionPoints", cdp.oid)
|
69
|
+
=begin TODO: ditto
|
67
70
|
assert_match(%{URI:http://www.example.com/crl}, cdp.value)
|
68
71
|
assert_match(
|
69
72
|
%r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
|
70
73
|
cdp.value)
|
74
|
+
=end
|
71
75
|
end
|
72
76
|
|
73
77
|
# JRUBY-3888
|
@@ -89,7 +93,7 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
|
|
89
93
|
|
90
94
|
assert exts["subjectKeyIdentifier"] == "B4:AC:83:5D:21:FB:D6:8A:56:7E:B2:49:6D:69:BB:E4:6F:D8:5A:AC"
|
91
95
|
end
|
92
|
-
|
96
|
+
|
93
97
|
end
|
94
98
|
|
95
99
|
end
|
@@ -264,18 +264,26 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
|
|
264
264
|
assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[4][2])
|
265
265
|
end
|
266
266
|
|
267
|
+
def name_hash(name)
|
268
|
+
# OpenSSL 1.0.0 uses SHA1 for canonical encoding (not just a der) of
|
269
|
+
# X509Name for X509_NAME_hash.
|
270
|
+
name.respond_to?(:hash_old) ? name.hash_old : name.hash
|
271
|
+
end
|
272
|
+
|
273
|
+
def calc_hash(d)
|
274
|
+
(d[0] & 0xff) | (d[1] & 0xff) << 8 | (d[2] & 0xff) << 16 | (d[3] & 0xff) << 24
|
275
|
+
end
|
276
|
+
|
267
277
|
def test_hash
|
268
278
|
dn = "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org"
|
269
279
|
name = OpenSSL::X509::Name.parse(dn)
|
270
280
|
d = Digest::MD5.digest(name.to_der)
|
271
|
-
|
272
|
-
assert_equal(expected, name.hash)
|
281
|
+
assert_equal(calc_hash(d), name_hash(name))
|
273
282
|
#
|
274
283
|
dn = "/DC=org/DC=ruby-lang/CN=baz.ruby-lang.org"
|
275
284
|
name = OpenSSL::X509::Name.parse(dn)
|
276
285
|
d = Digest::MD5.digest(name.to_der)
|
277
|
-
|
278
|
-
assert_equal(expected, name.hash)
|
286
|
+
assert_equal(calc_hash(d), name_hash(name))
|
279
287
|
end
|
280
288
|
end
|
281
289
|
|