jruby-openssl 0.7.1 → 0.7.2

data/test/openssl/test_x509req.rb

@@ -103,26 +103,38 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
     assert_equal(exts, get_ext_req(attrs[1].value))
   end
 
+  def test_sign_and_verify_wrong_key_type
+    req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
+    req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
+    begin
+      assert_equal(false, req_rsa.verify(@dsa256))
+    rescue OpenSSL::X509::RequestError => e
+      # OpenSSL 1.0.0 added checks for pkey OID
+      assert_equal('wrong public key type', e.message)
+    end
+
+    begin
+      assert_equal(false, req_dsa.verify(@rsa1024))
+    rescue OpenSSL::X509::RequestError => e
+      # OpenSSL 1.0.0 added checks for pkey OID
+      assert_equal('wrong public key type', e.message)
+    end
+  end
+
   def test_sign_and_verify
     req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
     assert_equal(true,  req.verify(@rsa1024))
     assert_equal(false, req.verify(@rsa2048))
-    assert_equal(false, req.verify(@dsa256))
-    assert_equal(false, req.verify(@dsa512))
     req.version = 1
     assert_equal(false, req.verify(@rsa1024))
 
     req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
     assert_equal(false, req.verify(@rsa1024))
     assert_equal(true,  req.verify(@rsa2048))
-    assert_equal(false, req.verify(@dsa256))
-    assert_equal(false, req.verify(@dsa512))
     req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
     assert_equal(false, req.verify(@rsa2048))
 
     req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
-    assert_equal(false, req.verify(@rsa1024))
-    assert_equal(false, req.verify(@rsa2048))
     assert_equal(false, req.verify(@dsa256))
     assert_equal(true,  req.verify(@dsa512))
     req.public_key = @rsa1024.public_key
@@ -130,12 +142,19 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
 
     assert_raise(OpenSSL::X509::RequestError){
       issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
-    assert_raise(OpenSSL::X509::RequestError){
-      issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
     assert_raise(OpenSSL::X509::RequestError){
       issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
   end
 
+  def test_dsig_algorithm_mismatch
+    assert_raise(OpenSSL::X509::RequestError) do
+      issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new)
+    end
+    assert_raise(OpenSSL::X509::RequestError) do
+      issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new)
+    end
+  end
+
   def test_create_from_pem
     req = <<END
 -----BEGIN CERTIFICATE REQUEST-----

data/test/openssl/utils.rb

@@ -96,16 +96,16 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
     cert
   end
 
-  def issue_crl(revoke_info, serial, lastup, nextup, extensions, 
+  def issue_crl(revoke_info, serial, lastup, nextup, extensions,
                 issuer, issuer_key, digest)
     crl = OpenSSL::X509::CRL.new
     crl.issuer = issuer.subject
     crl.version = 1
     crl.last_update = lastup
     crl.next_update = nextup
-    revoke_info.each{|serial, time, reason_code|
+    revoke_info.each{|rserial, time, reason_code|
       revoked = OpenSSL::X509::Revoked.new
-      revoked.serial = serial
+      revoked.serial = rserial
       revoked.time = time
       enum = OpenSSL::ASN1::Enumerated(reason_code)
       ext = OpenSSL::X509::Extension.new("CRLReason", enum)
@@ -132,4 +132,13 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
     pkvalue   = publickey.value
     OpenSSL::Digest::SHA1.hexdigest(pkvalue).scan(/../).join(":").upcase
   end
+
+  def silent
+    begin
+      back, $VERBOSE = $VERBOSE, nil
+      yield
+    ensure
+      $VERBOSE = back if back
+    end
+  end
 end

data/test/test_certificate.rb

@@ -61,4 +61,36 @@ END
 
     assert_equal "24:D1:34:18:66:91:2A:63:76:AA:19:CE:17:20:56:56:5E:10:8F:AA", key_id.value
   end
+
+  # JRUBY-5060
+  def test_to_pem_with_empty_object
+    empty_cert = "MCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA"
+    empty_req = "MBowEAIAMAAwCDADBgEAAwEAoAAwAwYBAAMBAA=="
+    empty_crl = "MBMwCTADBgEAMAAfADADBgEAAwEA"
+    empty_key = "MAA="
+    #assert_equal(empty_cert, OpenSSL::X509::Certificate.new.to_pem.split("\n")[1])
+    #assert_equal(empty_req, OpenSSL::X509::Request.new.to_pem.split("\n")[1])
+    #assert_equal(empty_crl, OpenSSL::X509::CRL.new.to_pem.split("\n")[1])
+    assert_nothing_raised do
+      OpenSSL::X509::Certificate.new.to_pem
+    end
+    assert_nothing_raised do
+      OpenSSL::X509::Request.new.to_pem
+    end
+    assert_nothing_raised do
+      OpenSSL::X509::CRL.new.to_pem
+    end
+    assert_equal(empty_key, OpenSSL::PKey::RSA.new.to_pem.split("\n")[1].chomp)
+    assert_equal(empty_key, OpenSSL::PKey::DSA.new.to_pem.split("\n")[1].chomp)
+    assert_equal(empty_key, OpenSSL::PKey::DH.new.to_pem.split("\n")[1].chomp)
+  end
+
+  # JRUBY-5096
+  def test_verify_failed_by_lazy_public_key_initialization
+    msg = 'hello,world'
+    digester = OpenSSL::Digest::SHA1.new
+    sig = @key.sign(digester, msg)
+    assert(@cert.public_key.verify(digester, sig, msg))
+    assert(@cert.verify(@cert.public_key))
+  end
 end

data/test/test_cipher.rb

@@ -137,6 +137,30 @@ class TestCipher < Test::Unit::TestCase
     assert_equal(e2, e1, "JRUBY-4012")
   end
 
+  # JRUBY-5125
+  def test_rc4_cipher_name
+    assert_equal("RC4", OpenSSL::Cipher::Cipher.new("rc4").name)
+  end
+
+  # JRUBY-5126
+  def test_stream_cipher_reset_should_be_ignored
+    c1 = "%E\x96\xDAZ\xEF\xB2$/\x9F\x02"
+    c2 = ">aV\xB0\xE1l\xF3oyL\x9B"
+    #
+    cipher = OpenSSL::Cipher::Cipher.new("RC4")
+    cipher.encrypt
+    cipher.key = "\0\1\2\3" * (128/8/4)
+    str = cipher.update('hello,world')
+    str += cipher.final
+    assert_equal(c1, str)
+    #
+    cipher.reset
+    cipher.iv = "\0" * 16
+    str = cipher.update('hello,world')
+    str += cipher.final
+    assert_equal(c2, str) # was equal to c1 before the fix
+  end
+
   private
   def do_repeated_test(algo, string, enc1, enc2)
     do_repeated_encrypt_test(algo, string, enc1, enc2)

data/test/test_integration.rb

@@ -6,6 +6,10 @@ require "test/unit"
 require 'net/https'
 
 class TestIntegration < Test::Unit::TestCase
+  def path(file)
+    File.expand_path(file, File.dirname(__FILE__))
+  end
+
   # JRUBY-2471
   def _test_drb
     config = {
@@ -25,7 +29,7 @@ class TestIntegration < Test::Unit::TestCase
     uri = URI.parse('https://www.amazon.com')
     http = Net::HTTP.new(uri.host, uri.port)
     http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-    http.ca_path = "test/fixture/ca_path/"
+    http.ca_path = path("fixture/ca_path/")
     http.use_ssl = true
     response = http.start do |s|
       assert s.get(uri.request_uri).length > 0
@@ -40,7 +44,7 @@ class TestIntegration < Test::Unit::TestCase
     http.use_ssl = true
     http.verify_mode = OpenSSL::SSL::VERIFY_PEER
     # right trust anchor for www.amazon.com
-    http.ca_file = 'test/fixture/verisign.pem'
+    http.ca_file = path('fixture/verisign.pem')
     response = http.start do |s|
       assert s.get(uri.request_uri).length > 0
     end
@@ -48,7 +52,7 @@ class TestIntegration < Test::Unit::TestCase
     http = Net::HTTP.new(uri.host, uri.port)
     http.use_ssl = true
     http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-    http.ca_file = 'test/fixture/verisign_c3.pem'
+    http.ca_file = path('fixture/verisign_c3.pem')
     assert_raise(OpenSSL::SSL::SSLError) do
       # it must cause SSLError for verification failure.
       response = http.start do |s|
@@ -59,7 +63,7 @@ class TestIntegration < Test::Unit::TestCase
     http = Net::HTTP.new(uri.host, uri.port)
     http.use_ssl = true
     http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-    http.ca_file = 'test/fixture/verisign.pem'
+    http.ca_file = path('fixture/verisign.pem')
     response = http.start do |s|
       assert s.get(uri.request_uri).length > 0
     end
@@ -73,7 +77,7 @@ class TestIntegration < Test::Unit::TestCase
     http.use_ssl = true
     http.verify_mode = OpenSSL::SSL::VERIFY_PEER
     # right trust anchor for www.amazon.com
-    http.ca_file = 'test/fixture/verisign_c3.pem'
+    http.ca_file = path('fixture/verisign_c3.pem')
     response = http.start do |s|
       assert s.get(uri.request_uri).length > 0
     end

data/test/test_x509store.rb

@@ -11,6 +11,10 @@ class TestX509Store < Test::Unit::TestCase
     @store = OpenSSL::X509::Store.new
   end
 
+  def path(file)
+    File.expand_path(file, File.dirname(__FILE__))
+  end
+
   def teardown
   end
 
@@ -38,8 +42,8 @@ class TestX509Store < Test::Unit::TestCase
   end
 
   def test_purpose_ssl_client
-    @store.add_file("test/fixture/purpose/cacert.pem")
-    cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslclient.pem"))
+    @store.add_file(path("fixture/purpose/cacert.pem"))
+    cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslclient.pem")))
     @store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
     assert_equal(true, @store.verify(cert))
     @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
@@ -49,8 +53,8 @@ class TestX509Store < Test::Unit::TestCase
   end
 
   def test_purpose_ssl_server
-    @store.add_file("test/fixture/purpose/cacert.pem")
-    cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))
+    @store.add_file(path("fixture/purpose/cacert.pem"))
+    cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
     @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
     assert_equal(true, @store.verify(cert))
     @store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
@@ -65,12 +69,12 @@ class TestX509Store < Test::Unit::TestCase
     f << "junk junk\n"
     f << "junk junk\n"
     f << "junk junk\n"
-    f << File.read("test/fixture/purpose/cacert.pem")
+    f << File.read(path("fixture/purpose/cacert.pem"))
     f.close
     @store.add_file(f.path)
     f.unlink
 
-    cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))
+    cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
     @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
     assert_equal(true, @store.verify(cert))
     @store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
@@ -83,17 +87,17 @@ class TestX509Store < Test::Unit::TestCase
   # subject. ruby-openssl just ignores the second certificate.
   def test_add_file_JRUBY_4409
     assert_nothing_raised do
-      @store.add_file("test/fixture/ca-bundle.crt")
+      @store.add_file(path("fixture/ca-bundle.crt"))
     end
   end
 
   def test_set_default_paths
     @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
-    cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))
+    cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
     assert_equal(false, @store.verify(cert))
     begin
       backup = ENV['SSL_CERT_DIR']
-      ENV['SSL_CERT_DIR'] = 'test/fixture/purpose/'
+      ENV['SSL_CERT_DIR'] = path('fixture/purpose/')
       @store.set_default_paths
       assert_equal(true, @store.verify(cert))
     ensure

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
     - 0
     - 7
-    - 1
-  version: 0.7.1
+    - 2
+  version: 0.7.2
 platform: ruby
 authors: 
   - Ola Bini and JRuby contributors
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-03 00:00:00 -05:00
+date: 2010-11-03 00:00:00 -05:00
 default_executable: 
 dependencies: 
   - !ruby/object:Gem::Dependency 
@@ -68,6 +68,7 @@ files:
   - lib/openssl/bn.rb
   - lib/openssl/buffering.rb
   - lib/openssl/cipher.rb
+  - lib/openssl/config.rb
   - lib/openssl/digest.rb
   - lib/openssl/dummy.rb
   - lib/openssl/dummyssl.rb
@@ -130,6 +131,7 @@ files:
   - test/openssl/ssl_server.rb
   - test/openssl/test_asn1.rb
   - test/openssl/test_cipher.rb
+  - test/openssl/test_config.rb
   - test/openssl/test_digest.rb
   - test/openssl/test_ec.rb
   - test/openssl/test_hmac.rb