jruby-openssl 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -87,9 +87,24 @@ class OpenSSL::TestEC < Test::Unit::TestCase
87
87
  def test_dsa_sign_verify
88
88
  for key in @keys
89
89
  sig = key.dsa_sign_asn1(@data1)
90
- assert_equal(key.dsa_verify_asn1(@data1, sig), true)
91
-
92
- assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) }
90
+ assert(key.dsa_verify_asn1(@data1, sig))
91
+ end
92
+ end
93
+
94
+ def test_dsa_sign_asn1_FIPS186_3
95
+ for key in @keys
96
+ size = key.group.order.num_bits / 8 + 1
97
+ dgst = (1..size).to_a.pack('C*')
98
+ begin
99
+ sig = key.dsa_sign_asn1(dgst)
100
+ # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
101
+ assert(key.dsa_verify_asn1(dgst + "garbage", sig))
102
+ rescue OpenSSL::PKey::ECError => e
103
+ # just an exception for longer dgst before openssl-0.9.8m
104
+ assert_equal('ECDSA_sign: data too large for key size', e.message)
105
+ # no need to do following tests
106
+ return
107
+ end
93
108
  end
94
109
  end
95
110
 
@@ -4,15 +4,13 @@ rescue LoadError
4
4
  end
5
5
  require "test/unit"
6
6
 
7
- if defined?(OpenSSL)
8
-
9
7
  class OpenSSL::TestHMAC < Test::Unit::TestCase
10
8
  def setup
11
- @digest = OpenSSL::Digest::MD5.new
9
+ @digest = OpenSSL::Digest::MD5
12
10
  @key = "KEY"
13
11
  @data = "DATA"
14
- @h1 = OpenSSL::HMAC.new(@key, @digest)
15
- @h2 = OpenSSL::HMAC.new(@key, @digest)
12
+ @h1 = OpenSSL::HMAC.new(@key, @digest.new)
13
+ @h2 = OpenSSL::HMAC.new(@key, "MD5")
16
14
  end
17
15
 
18
16
  def teardown
@@ -20,8 +18,14 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
20
18
 
21
19
  def test_hmac
22
20
  @h1.update(@data)
23
- assert_equal(OpenSSL::HMAC.digest(@digest, @key, @data), @h1.digest, "digest")
24
- assert_equal(OpenSSL::HMAC.hexdigest(@digest, @key, @data), @h1.hexdigest, "hexdigest")
21
+ @h2.update(@data)
22
+ assert_equal(@h1.digest, @h2.digest)
23
+
24
+ assert_equal(OpenSSL::HMAC.digest(@digest.new, @key, @data), @h1.digest, "digest")
25
+ assert_equal(OpenSSL::HMAC.hexdigest(@digest.new, @key, @data), @h1.hexdigest, "hexdigest")
26
+
27
+ assert_equal(OpenSSL::HMAC.digest("MD5", @key, @data), @h2.digest, "digest")
28
+ assert_equal(OpenSSL::HMAC.hexdigest("MD5", @key, @data), @h2.hexdigest, "hexdigest")
25
29
  end
26
30
 
27
31
  def test_dup
@@ -40,5 +44,3 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
40
44
  OpenSSL::HMAC.hexdigest(digest256, 'blah', "blah"))
41
45
  end
42
46
  end
43
-
44
- end
@@ -22,16 +22,6 @@ class OpenSSL::TestNSSPI < Test::Unit::TestCase
22
22
 
23
23
  def teardown
24
24
  end
25
- def pr(obj, ind=0)
26
- if obj.respond_to?(:value)
27
- puts((" "*ind) + obj.class.to_s + ":")
28
- pr(obj.value,(ind+1))
29
- elsif obj.respond_to?(:each) && !(String===obj)
30
- obj.each {|v| pr(v,ind+1) }
31
- else
32
- puts((" "*ind) + obj.inspect)
33
- end
34
- end
35
25
 
36
26
  def test_build_data
37
27
  key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@@ -36,7 +36,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
36
36
  @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
37
37
  end
38
38
 
39
- def issue_cert(*args)
39
+ def issue_cert(*args)
40
40
  OpenSSL::TestUtils.issue_cert(*args)
41
41
  end
42
42
 
@@ -78,7 +78,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
78
78
  assert_equal(@ee1_cert.serial, signers[0].serial)
79
79
  assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
80
80
 
81
- # A signed-data which have multiple signatures can be created
81
+ # A signed-data which have multiple signatures can be created
82
82
  # through the following steps.
83
83
  # 1. create two signed-data
84
84
  # 2. copy signerInfo and certificate from one to another
@@ -86,7 +86,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
86
86
  tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
87
87
  tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
88
88
  tmp1.add_signer(tmp2.signers[0])
89
- tmp1.add_certificate(@ee2_cert)
89
+ tmp1.add_certificate(@ee2_cert)
90
90
 
91
91
  p7 = OpenSSL::PKCS7.new(tmp1.to_der)
92
92
  certs = p7.certificates
@@ -135,6 +135,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
135
135
  certs = [@ee1_cert, @ee2_cert]
136
136
  cipher = OpenSSL::Cipher::AES.new("128-CBC")
137
137
  data = "aaaaa\nbbbbb\nccccc\n"
138
+
138
139
  tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
139
140
  p7 = OpenSSL::PKCS7.new(tmp.to_der)
140
141
  recip = p7.recipients
@@ -111,7 +111,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
111
111
  server_proc.call(ctx, ssl)
112
112
  end
113
113
  end
114
- rescue Errno::EBADF, IOError
114
+ rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED
115
115
  end
116
116
 
117
117
  def start_server(port0, verify_mode, start_immediately, args = {}, &block)
@@ -132,12 +132,6 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
132
132
 
133
133
  Socket.do_not_reverse_lookup = true
134
134
  tcps, port = choose_port(port0)
135
- begin
136
- tcps = TCPServer.new("127.0.0.1", port)
137
- rescue Errno::EADDRINUSE
138
- port += 1
139
- retry
140
- end
141
135
 
142
136
  ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
143
137
  ssls.start_immediately = start_immediately
@@ -954,7 +948,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
954
948
  ctx.session_add(saved_session)
955
949
  end
956
950
  connections += 1
957
-
951
+
958
952
  readwrite_loop(ctx, ssl)
959
953
  end
960
954
 
@@ -999,7 +993,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
999
993
  ctx_proc = Proc.new do |ctx, ssl|
1000
994
  foo_ctx = ctx.dup
1001
995
 
1002
- ctx.servername_cb = Proc.new do |ssl, hostname|
996
+ ctx.servername_cb = Proc.new do |ssl2, hostname|
1003
997
  case hostname
1004
998
  when 'foo.example.com'
1005
999
  foo_ctx
@@ -28,7 +28,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
28
28
  def test_serial
29
29
  [1, 2**32, 2**100].each{|s|
30
30
  cert = issue_cert(@ca, @rsa2048, s, Time.now, Time.now+3600, [],
31
- nil, nil, OpenSSL::Digest::SHA1.new)
31
+ nil, nil, OpenSSL::Digest::SHA1.new)
32
32
  assert_equal(s, cert.serial)
33
33
  cert = OpenSSL::X509::Certificate.new(cert.to_der)
34
34
  assert_equal(s, cert.serial)
@@ -60,25 +60,25 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
60
60
  def test_validity
61
61
  now = Time.now until now && now.usec != 0
62
62
  cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [],
63
- nil, nil, OpenSSL::Digest::SHA1.new)
63
+ nil, nil, OpenSSL::Digest::SHA1.new)
64
64
  assert_not_equal(now, cert.not_before)
65
65
  assert_not_equal(now+3600, cert.not_after)
66
66
 
67
67
  now = Time.at(now.to_i)
68
68
  cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [],
69
- nil, nil, OpenSSL::Digest::SHA1.new)
69
+ nil, nil, OpenSSL::Digest::SHA1.new)
70
70
  assert_equal(now.getutc, cert.not_before)
71
71
  assert_equal((now+3600).getutc, cert.not_after)
72
72
 
73
73
  now = Time.at(0)
74
74
  cert = issue_cert(@ca, @rsa2048, 1, now, now, [],
75
- nil, nil, OpenSSL::Digest::SHA1.new)
75
+ nil, nil, OpenSSL::Digest::SHA1.new)
76
76
  assert_equal(now.getutc, cert.not_before)
77
77
  assert_equal(now.getutc, cert.not_after)
78
78
 
79
79
  now = Time.at(0x7fffffff)
80
80
  cert = issue_cert(@ca, @rsa2048, 1, now, now, [],
81
- nil, nil, OpenSSL::Digest::SHA1.new)
81
+ nil, nil, OpenSSL::Digest::SHA1.new)
82
82
  assert_equal(now.getutc, cert.not_before)
83
83
  assert_equal(now.getutc, cert.not_after)
84
84
  end
@@ -91,7 +91,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
91
91
  ["authorityKeyIdentifier","keyid:always",false],
92
92
  ]
93
93
  ca_cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, ca_exts,
94
- nil, nil, OpenSSL::Digest::SHA1.new)
94
+ nil, nil, OpenSSL::Digest::SHA1.new)
95
95
  ca_cert.extensions.each_with_index{|ext, i|
96
96
  assert_equal(ca_exts[i].first, ext.oid)
97
97
  assert_equal(ca_exts[i].last, ext.critical?)
@@ -105,7 +105,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
105
105
  ["subjectAltName","email:ee1@ruby-lang.org",false],
106
106
  ]
107
107
  ee1_cert = issue_cert(@ee1, @rsa1024, 2, Time.now, Time.now+1800, ee1_exts,
108
- ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
108
+ ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
109
109
  assert_equal(ca_cert.subject.to_der, ee1_cert.issuer.to_der)
110
110
  ee1_cert.extensions.each_with_index{|ext, i|
111
111
  assert_equal(ee1_exts[i].first, ext.oid)
@@ -120,7 +120,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
120
120
  ["subjectAltName","email:ee2@ruby-lang.org",false],
121
121
  ]
122
122
  ee2_cert = issue_cert(@ee2, @rsa1024, 3, Time.now, Time.now+1800, ee2_exts,
123
- ca_cert, @rsa2048, OpenSSL::Digest::MD5.new)
123
+ ca_cert, @rsa2048, OpenSSL::Digest::MD5.new)
124
124
  assert_equal(ca_cert.subject.to_der, ee2_cert.issuer.to_der)
125
125
  ee2_cert.extensions.each_with_index{|ext, i|
126
126
  assert_equal(ee2_exts[i].first, ext.oid)
@@ -129,46 +129,87 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
129
129
 
130
130
  end
131
131
 
132
+ def test_sign_and_verify_wrong_key_type
133
+ cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
134
+ nil, nil, OpenSSL::Digest::SHA1.new)
135
+ cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
136
+ nil, nil, OpenSSL::Digest::DSS1.new)
137
+ begin
138
+ assert_equal(false, cert_rsa.verify(@dsa256))
139
+ rescue OpenSSL::X509::CertificateError => e
140
+ # OpenSSL 1.0.0 added checks for pkey OID
141
+ assert_equal('wrong public key type', e.message)
142
+ end
143
+
144
+ begin
145
+ assert_equal(false, cert_dsa.verify(@rsa1024))
146
+ rescue OpenSSL::X509::CertificateError => e
147
+ # OpenSSL 1.0.0 added checks for pkey OID
148
+ assert_equal('wrong public key type', e.message)
149
+ end
150
+ end
151
+
132
152
  def test_sign_and_verify
133
153
  cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
134
- nil, nil, OpenSSL::Digest::SHA1.new)
154
+ nil, nil, OpenSSL::Digest::SHA1.new)
155
+ assert_equal("sha1WithRSAEncryption", cert.signature_algorithm)
135
156
  assert_equal(false, cert.verify(@rsa1024))
136
157
  assert_equal(true, cert.verify(@rsa2048))
137
- assert_equal(false, cert.verify(@dsa256))
138
- assert_equal(false, cert.verify(@dsa512))
139
158
  cert.serial = 2
140
159
  assert_equal(false, cert.verify(@rsa2048))
141
160
 
142
161
  cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
143
- nil, nil, OpenSSL::Digest::MD5.new)
162
+ nil, nil, OpenSSL::Digest::MD5.new)
163
+ assert_equal("md5WithRSAEncryption", cert.signature_algorithm)
144
164
  assert_equal(false, cert.verify(@rsa1024))
145
165
  assert_equal(true, cert.verify(@rsa2048))
146
- assert_equal(false, cert.verify(@dsa256))
147
- assert_equal(false, cert.verify(@dsa512))
148
166
  cert.subject = @ee1
149
167
  assert_equal(false, cert.verify(@rsa2048))
150
168
 
151
169
  cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
152
- nil, nil, OpenSSL::Digest::DSS1.new)
153
- assert_equal(false, cert.verify(@rsa1024))
154
- assert_equal(false, cert.verify(@rsa2048))
170
+ nil, nil, OpenSSL::Digest::DSS1.new)
171
+ assert_equal("dsaWithSHA1", cert.signature_algorithm)
155
172
  assert_equal(false, cert.verify(@dsa256))
156
173
  assert_equal(true, cert.verify(@dsa512))
157
- cert.not_after = Time.now
174
+ cert.not_after = Time.now
158
175
  assert_equal(false, cert.verify(@dsa512))
159
176
 
160
177
  assert_raise(OpenSSL::X509::CertificateError){
161
178
  cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
162
- nil, nil, OpenSSL::Digest::DSS1.new)
179
+ nil, nil, OpenSSL::Digest::DSS1.new)
163
180
  }
164
181
  assert_raise(OpenSSL::X509::CertificateError){
165
182
  cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
166
- nil, nil, OpenSSL::Digest::MD5.new)
183
+ nil, nil, OpenSSL::Digest::MD5.new)
167
184
  }
168
- assert_raise(OpenSSL::X509::CertificateError){
185
+ end
186
+
187
+ def test_dsig_algorithm_mismatch
188
+ assert_raise(OpenSSL::X509::CertificateError) do
189
+ cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
190
+ nil, nil, OpenSSL::Digest::DSS1.new)
191
+ end
192
+ assert_raise(OpenSSL::X509::CertificateError) do
169
193
  cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
170
- nil, nil, OpenSSL::Digest::SHA1.new)
171
- }
194
+ nil, nil, OpenSSL::Digest::MD5.new)
195
+ end
196
+ end
197
+
198
+ def test_dsa_with_sha2
199
+ begin
200
+ cert = issue_cert(@ca, @dsa256, 1, Time.now, Time.now+3600, [],
201
+ nil, nil, OpenSSL::Digest::SHA256.new)
202
+ assert_equal("dsa_with_SHA256", cert.signature_algorithm)
203
+ rescue OpenSSL::X509::CertificateError
204
+ # dsa_with_sha2 not supported. skip following test.
205
+ return
206
+ end
207
+ # TODO: need more tests for dsa + sha2
208
+
209
+ # SHA1 is allowed from OpenSSL 1.0.0 (0.9.8 requireds DSS1)
210
+ cert = issue_cert(@ca, @dsa256, 1, Time.now, Time.now+3600, [],
211
+ nil, nil, OpenSSL::Digest::SHA1.new)
212
+ assert_equal("dsaWithSHA1", cert.signature_algorithm)
172
213
  end
173
214
 
174
215
  def test_check_private_key
@@ -125,13 +125,13 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
125
125
  def test_extension
126
126
  cert_exts = [
127
127
  ["basicConstraints", "CA:TRUE", true],
128
- ["subjectKeyIdentifier", "hash", false],
129
- ["authorityKeyIdentifier", "keyid:always", false],
128
+ ["subjectKeyIdentifier", "hash", false],
129
+ ["authorityKeyIdentifier", "keyid:always", false],
130
130
  ["subjectAltName", "email:xyzzy@ruby-lang.org", false],
131
131
  ["keyUsage", "cRLSign, keyCertSign", true],
132
132
  ]
133
133
  crl_exts = [
134
- ["authorityKeyIdentifier", "keyid:always", false],
134
+ ["authorityKeyIdentifier", "keyid:always", false],
135
135
  ["issuerAltName", "issuer:copy", false],
136
136
  ]
137
137
 
@@ -190,6 +190,30 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
190
190
  assert_match((2**100).to_s, crl.extensions[0].value)
191
191
  end
192
192
 
193
+ def test_sign_and_verify_wrong_key_type
194
+ cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
195
+ nil, nil, OpenSSL::Digest::SHA1.new)
196
+ crl_rsa = issue_crl([], 1, Time.now, Time.now+1600, [],
197
+ cert_rsa, @rsa2048, OpenSSL::Digest::SHA1.new)
198
+ cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
199
+ nil, nil, OpenSSL::Digest::DSS1.new)
200
+ crl_dsa = issue_crl([], 1, Time.now, Time.now+1600, [],
201
+ cert_dsa, @dsa512, OpenSSL::Digest::DSS1.new)
202
+ begin
203
+ assert_equal(false, crl_rsa.verify(@dsa256))
204
+ rescue OpenSSL::X509::CRLError => e
205
+ # OpenSSL 1.0.0 added checks for pkey OID
206
+ assert_equal('wrong public key type', e.message)
207
+ end
208
+
209
+ begin
210
+ assert_equal(false, crl_dsa.verify(@rsa1024))
211
+ rescue OpenSSL::X509::CRLError => e
212
+ # OpenSSL 1.0.0 added checks for pkey OID
213
+ assert_equal('wrong public key type', e.message)
214
+ end
215
+ end
216
+
193
217
  def test_sign_and_verify
194
218
  cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
195
219
  nil, nil, OpenSSL::Digest::SHA1.new)
@@ -197,8 +221,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
197
221
  cert, @rsa2048, OpenSSL::Digest::SHA1.new)
198
222
  assert_equal(false, crl.verify(@rsa1024))
199
223
  assert_equal(true, crl.verify(@rsa2048))
200
- assert_equal(false, crl.verify(@dsa256))
201
- assert_equal(false, crl.verify(@dsa512))
202
224
  crl.version = 0
203
225
  assert_equal(false, crl.verify(@rsa2048))
204
226
 
@@ -206,8 +228,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
206
228
  nil, nil, OpenSSL::Digest::DSS1.new)
207
229
  crl = issue_crl([], 1, Time.now, Time.now+1600, [],
208
230
  cert, @dsa512, OpenSSL::Digest::DSS1.new)
209
- assert_equal(false, crl.verify(@rsa1024))
210
- assert_equal(false, crl.verify(@rsa2048))
211
231
  assert_equal(false, crl.verify(@dsa256))
212
232
  assert_equal(true, crl.verify(@dsa512))
213
233
  crl.version = 0
@@ -56,18 +56,22 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
56
56
  cdp = ef.create_extension("crlDistributionPoints", "@crlDistPts")
57
57
  assert_equal(false, cdp.critical?)
58
58
  assert_equal("crlDistributionPoints", cdp.oid)
59
+ =begin TODO: JRuby-OSSL does not implement some features such as config reference, DER:, etc.
59
60
  assert_match(%{URI:http://www\.example\.com/crl}, cdp.value)
60
61
  assert_match(
61
62
  %r{URI:ldap://ldap\.example\.com/cn=ca\?certificateRevocationList;binary},
62
63
  cdp.value)
64
+ =end
63
65
 
64
66
  cdp = ef.create_extension("crlDistributionPoints", "critical, @crlDistPts")
65
67
  assert_equal(true, cdp.critical?)
66
68
  assert_equal("crlDistributionPoints", cdp.oid)
69
+ =begin TODO: ditto
67
70
  assert_match(%{URI:http://www.example.com/crl}, cdp.value)
68
71
  assert_match(
69
72
  %r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
70
73
  cdp.value)
74
+ =end
71
75
  end
72
76
 
73
77
  # JRUBY-3888
@@ -89,7 +93,7 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
89
93
 
90
94
  assert exts["subjectKeyIdentifier"] == "B4:AC:83:5D:21:FB:D6:8A:56:7E:B2:49:6D:69:BB:E4:6F:D8:5A:AC"
91
95
  end
92
-
96
+
93
97
  end
94
98
 
95
99
  end
@@ -264,18 +264,26 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
264
264
  assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[4][2])
265
265
  end
266
266
 
267
+ def name_hash(name)
268
+ # OpenSSL 1.0.0 uses SHA1 for canonical encoding (not just a der) of
269
+ # X509Name for X509_NAME_hash.
270
+ name.respond_to?(:hash_old) ? name.hash_old : name.hash
271
+ end
272
+
273
+ def calc_hash(d)
274
+ (d[0] & 0xff) | (d[1] & 0xff) << 8 | (d[2] & 0xff) << 16 | (d[3] & 0xff) << 24
275
+ end
276
+
267
277
  def test_hash
268
278
  dn = "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org"
269
279
  name = OpenSSL::X509::Name.parse(dn)
270
280
  d = Digest::MD5.digest(name.to_der)
271
- expected = (d[0] & 0xff) | (d[1] & 0xff) << 8 | (d[2] & 0xff) << 16 | (d[3] & 0xff) << 24
272
- assert_equal(expected, name.hash)
281
+ assert_equal(calc_hash(d), name_hash(name))
273
282
  #
274
283
  dn = "/DC=org/DC=ruby-lang/CN=baz.ruby-lang.org"
275
284
  name = OpenSSL::X509::Name.parse(dn)
276
285
  d = Digest::MD5.digest(name.to_der)
277
- expected = (d[0] & 0xff) | (d[1] & 0xff) << 8 | (d[2] & 0xff) << 16 | (d[3] & 0xff) << 24
278
- assert_equal(expected, name.hash)
286
+ assert_equal(calc_hash(d), name_hash(name))
279
287
  end
280
288
  end
281
289