jruby-openssl 0.7.1 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +16 -0
- data/Manifest.txt +2 -0
- data/Rakefile +1 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/version.rb +1 -1
- data/lib/openssl.rb +1 -0
- data/lib/openssl/config.rb +316 -0
- data/test/openssl/test_cipher.rb +4 -4
- data/test/openssl/test_config.rb +290 -0
- data/test/openssl/test_ec.rb +18 -3
- data/test/openssl/test_hmac.rb +11 -9
- data/test/openssl/test_ns_spki.rb +0 -10
- data/test/openssl/test_pkcs7.rb +4 -3
- data/test/openssl/test_ssl.rb +3 -9
- data/test/openssl/test_x509cert.rb +64 -23
- data/test/openssl/test_x509crl.rb +27 -7
- data/test/openssl/test_x509ext.rb +5 -1
- data/test/openssl/test_x509name.rb +12 -4
- data/test/openssl/test_x509req.rb +27 -8
- data/test/openssl/utils.rb +12 -3
- data/test/test_certificate.rb +32 -0
- data/test/test_cipher.rb +24 -0
- data/test/test_integration.rb +9 -5
- data/test/test_x509store.rb +13 -9
- metadata +5 -3
@@ -103,26 +103,38 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
|
|
103
103
|
assert_equal(exts, get_ext_req(attrs[1].value))
|
104
104
|
end
|
105
105
|
|
106
|
+
def test_sign_and_verify_wrong_key_type
|
107
|
+
req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
|
108
|
+
req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
|
109
|
+
begin
|
110
|
+
assert_equal(false, req_rsa.verify(@dsa256))
|
111
|
+
rescue OpenSSL::X509::RequestError => e
|
112
|
+
# OpenSSL 1.0.0 added checks for pkey OID
|
113
|
+
assert_equal('wrong public key type', e.message)
|
114
|
+
end
|
115
|
+
|
116
|
+
begin
|
117
|
+
assert_equal(false, req_dsa.verify(@rsa1024))
|
118
|
+
rescue OpenSSL::X509::RequestError => e
|
119
|
+
# OpenSSL 1.0.0 added checks for pkey OID
|
120
|
+
assert_equal('wrong public key type', e.message)
|
121
|
+
end
|
122
|
+
end
|
123
|
+
|
106
124
|
def test_sign_and_verify
|
107
125
|
req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
|
108
126
|
assert_equal(true, req.verify(@rsa1024))
|
109
127
|
assert_equal(false, req.verify(@rsa2048))
|
110
|
-
assert_equal(false, req.verify(@dsa256))
|
111
|
-
assert_equal(false, req.verify(@dsa512))
|
112
128
|
req.version = 1
|
113
129
|
assert_equal(false, req.verify(@rsa1024))
|
114
130
|
|
115
131
|
req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
|
116
132
|
assert_equal(false, req.verify(@rsa1024))
|
117
133
|
assert_equal(true, req.verify(@rsa2048))
|
118
|
-
assert_equal(false, req.verify(@dsa256))
|
119
|
-
assert_equal(false, req.verify(@dsa512))
|
120
134
|
req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
|
121
135
|
assert_equal(false, req.verify(@rsa2048))
|
122
136
|
|
123
137
|
req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
|
124
|
-
assert_equal(false, req.verify(@rsa1024))
|
125
|
-
assert_equal(false, req.verify(@rsa2048))
|
126
138
|
assert_equal(false, req.verify(@dsa256))
|
127
139
|
assert_equal(true, req.verify(@dsa512))
|
128
140
|
req.public_key = @rsa1024.public_key
|
@@ -130,12 +142,19 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
|
|
130
142
|
|
131
143
|
assert_raise(OpenSSL::X509::RequestError){
|
132
144
|
issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
|
133
|
-
assert_raise(OpenSSL::X509::RequestError){
|
134
|
-
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
|
135
145
|
assert_raise(OpenSSL::X509::RequestError){
|
136
146
|
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
|
137
147
|
end
|
138
148
|
|
149
|
+
def test_dsig_algorithm_mismatch
|
150
|
+
assert_raise(OpenSSL::X509::RequestError) do
|
151
|
+
issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new)
|
152
|
+
end
|
153
|
+
assert_raise(OpenSSL::X509::RequestError) do
|
154
|
+
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
139
158
|
def test_create_from_pem
|
140
159
|
req = <<END
|
141
160
|
-----BEGIN CERTIFICATE REQUEST-----
|
data/test/openssl/utils.rb
CHANGED
@@ -96,16 +96,16 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
|
|
96
96
|
cert
|
97
97
|
end
|
98
98
|
|
99
|
-
def issue_crl(revoke_info, serial, lastup, nextup, extensions,
|
99
|
+
def issue_crl(revoke_info, serial, lastup, nextup, extensions,
|
100
100
|
issuer, issuer_key, digest)
|
101
101
|
crl = OpenSSL::X509::CRL.new
|
102
102
|
crl.issuer = issuer.subject
|
103
103
|
crl.version = 1
|
104
104
|
crl.last_update = lastup
|
105
105
|
crl.next_update = nextup
|
106
|
-
revoke_info.each{|
|
106
|
+
revoke_info.each{|rserial, time, reason_code|
|
107
107
|
revoked = OpenSSL::X509::Revoked.new
|
108
|
-
revoked.serial =
|
108
|
+
revoked.serial = rserial
|
109
109
|
revoked.time = time
|
110
110
|
enum = OpenSSL::ASN1::Enumerated(reason_code)
|
111
111
|
ext = OpenSSL::X509::Extension.new("CRLReason", enum)
|
@@ -132,4 +132,13 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
|
|
132
132
|
pkvalue = publickey.value
|
133
133
|
OpenSSL::Digest::SHA1.hexdigest(pkvalue).scan(/../).join(":").upcase
|
134
134
|
end
|
135
|
+
|
136
|
+
def silent
|
137
|
+
begin
|
138
|
+
back, $VERBOSE = $VERBOSE, nil
|
139
|
+
yield
|
140
|
+
ensure
|
141
|
+
$VERBOSE = back if back
|
142
|
+
end
|
143
|
+
end
|
135
144
|
end
|
data/test/test_certificate.rb
CHANGED
@@ -61,4 +61,36 @@ END
|
|
61
61
|
|
62
62
|
assert_equal "24:D1:34:18:66:91:2A:63:76:AA:19:CE:17:20:56:56:5E:10:8F:AA", key_id.value
|
63
63
|
end
|
64
|
+
|
65
|
+
# JRUBY-5060
|
66
|
+
def test_to_pem_with_empty_object
|
67
|
+
empty_cert = "MCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA"
|
68
|
+
empty_req = "MBowEAIAMAAwCDADBgEAAwEAoAAwAwYBAAMBAA=="
|
69
|
+
empty_crl = "MBMwCTADBgEAMAAfADADBgEAAwEA"
|
70
|
+
empty_key = "MAA="
|
71
|
+
#assert_equal(empty_cert, OpenSSL::X509::Certificate.new.to_pem.split("\n")[1])
|
72
|
+
#assert_equal(empty_req, OpenSSL::X509::Request.new.to_pem.split("\n")[1])
|
73
|
+
#assert_equal(empty_crl, OpenSSL::X509::CRL.new.to_pem.split("\n")[1])
|
74
|
+
assert_nothing_raised do
|
75
|
+
OpenSSL::X509::Certificate.new.to_pem
|
76
|
+
end
|
77
|
+
assert_nothing_raised do
|
78
|
+
OpenSSL::X509::Request.new.to_pem
|
79
|
+
end
|
80
|
+
assert_nothing_raised do
|
81
|
+
OpenSSL::X509::CRL.new.to_pem
|
82
|
+
end
|
83
|
+
assert_equal(empty_key, OpenSSL::PKey::RSA.new.to_pem.split("\n")[1].chomp)
|
84
|
+
assert_equal(empty_key, OpenSSL::PKey::DSA.new.to_pem.split("\n")[1].chomp)
|
85
|
+
assert_equal(empty_key, OpenSSL::PKey::DH.new.to_pem.split("\n")[1].chomp)
|
86
|
+
end
|
87
|
+
|
88
|
+
# JRUBY-5096
|
89
|
+
def test_verify_failed_by_lazy_public_key_initialization
|
90
|
+
msg = 'hello,world'
|
91
|
+
digester = OpenSSL::Digest::SHA1.new
|
92
|
+
sig = @key.sign(digester, msg)
|
93
|
+
assert(@cert.public_key.verify(digester, sig, msg))
|
94
|
+
assert(@cert.verify(@cert.public_key))
|
95
|
+
end
|
64
96
|
end
|
data/test/test_cipher.rb
CHANGED
@@ -137,6 +137,30 @@ class TestCipher < Test::Unit::TestCase
|
|
137
137
|
assert_equal(e2, e1, "JRUBY-4012")
|
138
138
|
end
|
139
139
|
|
140
|
+
# JRUBY-5125
|
141
|
+
def test_rc4_cipher_name
|
142
|
+
assert_equal("RC4", OpenSSL::Cipher::Cipher.new("rc4").name)
|
143
|
+
end
|
144
|
+
|
145
|
+
# JRUBY-5126
|
146
|
+
def test_stream_cipher_reset_should_be_ignored
|
147
|
+
c1 = "%E\x96\xDAZ\xEF\xB2$/\x9F\x02"
|
148
|
+
c2 = ">aV\xB0\xE1l\xF3oyL\x9B"
|
149
|
+
#
|
150
|
+
cipher = OpenSSL::Cipher::Cipher.new("RC4")
|
151
|
+
cipher.encrypt
|
152
|
+
cipher.key = "\0\1\2\3" * (128/8/4)
|
153
|
+
str = cipher.update('hello,world')
|
154
|
+
str += cipher.final
|
155
|
+
assert_equal(c1, str)
|
156
|
+
#
|
157
|
+
cipher.reset
|
158
|
+
cipher.iv = "\0" * 16
|
159
|
+
str = cipher.update('hello,world')
|
160
|
+
str += cipher.final
|
161
|
+
assert_equal(c2, str) # was equal to c1 before the fix
|
162
|
+
end
|
163
|
+
|
140
164
|
private
|
141
165
|
def do_repeated_test(algo, string, enc1, enc2)
|
142
166
|
do_repeated_encrypt_test(algo, string, enc1, enc2)
|
data/test/test_integration.rb
CHANGED
@@ -6,6 +6,10 @@ require "test/unit"
|
|
6
6
|
require 'net/https'
|
7
7
|
|
8
8
|
class TestIntegration < Test::Unit::TestCase
|
9
|
+
def path(file)
|
10
|
+
File.expand_path(file, File.dirname(__FILE__))
|
11
|
+
end
|
12
|
+
|
9
13
|
# JRUBY-2471
|
10
14
|
def _test_drb
|
11
15
|
config = {
|
@@ -25,7 +29,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
25
29
|
uri = URI.parse('https://www.amazon.com')
|
26
30
|
http = Net::HTTP.new(uri.host, uri.port)
|
27
31
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
28
|
-
http.ca_path = "
|
32
|
+
http.ca_path = path("fixture/ca_path/")
|
29
33
|
http.use_ssl = true
|
30
34
|
response = http.start do |s|
|
31
35
|
assert s.get(uri.request_uri).length > 0
|
@@ -40,7 +44,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
40
44
|
http.use_ssl = true
|
41
45
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
42
46
|
# right trust anchor for www.amazon.com
|
43
|
-
http.ca_file = '
|
47
|
+
http.ca_file = path('fixture/verisign.pem')
|
44
48
|
response = http.start do |s|
|
45
49
|
assert s.get(uri.request_uri).length > 0
|
46
50
|
end
|
@@ -48,7 +52,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
48
52
|
http = Net::HTTP.new(uri.host, uri.port)
|
49
53
|
http.use_ssl = true
|
50
54
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
51
|
-
http.ca_file = '
|
55
|
+
http.ca_file = path('fixture/verisign_c3.pem')
|
52
56
|
assert_raise(OpenSSL::SSL::SSLError) do
|
53
57
|
# it must cause SSLError for verification failure.
|
54
58
|
response = http.start do |s|
|
@@ -59,7 +63,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
59
63
|
http = Net::HTTP.new(uri.host, uri.port)
|
60
64
|
http.use_ssl = true
|
61
65
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
62
|
-
http.ca_file = '
|
66
|
+
http.ca_file = path('fixture/verisign.pem')
|
63
67
|
response = http.start do |s|
|
64
68
|
assert s.get(uri.request_uri).length > 0
|
65
69
|
end
|
@@ -73,7 +77,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
73
77
|
http.use_ssl = true
|
74
78
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
75
79
|
# right trust anchor for www.amazon.com
|
76
|
-
http.ca_file = '
|
80
|
+
http.ca_file = path('fixture/verisign_c3.pem')
|
77
81
|
response = http.start do |s|
|
78
82
|
assert s.get(uri.request_uri).length > 0
|
79
83
|
end
|
data/test/test_x509store.rb
CHANGED
@@ -11,6 +11,10 @@ class TestX509Store < Test::Unit::TestCase
|
|
11
11
|
@store = OpenSSL::X509::Store.new
|
12
12
|
end
|
13
13
|
|
14
|
+
def path(file)
|
15
|
+
File.expand_path(file, File.dirname(__FILE__))
|
16
|
+
end
|
17
|
+
|
14
18
|
def teardown
|
15
19
|
end
|
16
20
|
|
@@ -38,8 +42,8 @@ class TestX509Store < Test::Unit::TestCase
|
|
38
42
|
end
|
39
43
|
|
40
44
|
def test_purpose_ssl_client
|
41
|
-
@store.add_file("
|
42
|
-
cert = OpenSSL::X509::Certificate.new(File.read("
|
45
|
+
@store.add_file(path("fixture/purpose/cacert.pem"))
|
46
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslclient.pem")))
|
43
47
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
44
48
|
assert_equal(true, @store.verify(cert))
|
45
49
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
@@ -49,8 +53,8 @@ class TestX509Store < Test::Unit::TestCase
|
|
49
53
|
end
|
50
54
|
|
51
55
|
def test_purpose_ssl_server
|
52
|
-
@store.add_file("
|
53
|
-
cert = OpenSSL::X509::Certificate.new(File.read("
|
56
|
+
@store.add_file(path("fixture/purpose/cacert.pem"))
|
57
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
54
58
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
55
59
|
assert_equal(true, @store.verify(cert))
|
56
60
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
@@ -65,12 +69,12 @@ class TestX509Store < Test::Unit::TestCase
|
|
65
69
|
f << "junk junk\n"
|
66
70
|
f << "junk junk\n"
|
67
71
|
f << "junk junk\n"
|
68
|
-
f << File.read("
|
72
|
+
f << File.read(path("fixture/purpose/cacert.pem"))
|
69
73
|
f.close
|
70
74
|
@store.add_file(f.path)
|
71
75
|
f.unlink
|
72
76
|
|
73
|
-
cert = OpenSSL::X509::Certificate.new(File.read("
|
77
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
74
78
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
75
79
|
assert_equal(true, @store.verify(cert))
|
76
80
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
@@ -83,17 +87,17 @@ class TestX509Store < Test::Unit::TestCase
|
|
83
87
|
# subject. ruby-openssl just ignores the second certificate.
|
84
88
|
def test_add_file_JRUBY_4409
|
85
89
|
assert_nothing_raised do
|
86
|
-
@store.add_file("
|
90
|
+
@store.add_file(path("fixture/ca-bundle.crt"))
|
87
91
|
end
|
88
92
|
end
|
89
93
|
|
90
94
|
def test_set_default_paths
|
91
95
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
92
|
-
cert = OpenSSL::X509::Certificate.new(File.read("
|
96
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
93
97
|
assert_equal(false, @store.verify(cert))
|
94
98
|
begin
|
95
99
|
backup = ENV['SSL_CERT_DIR']
|
96
|
-
ENV['SSL_CERT_DIR'] = '
|
100
|
+
ENV['SSL_CERT_DIR'] = path('fixture/purpose/')
|
97
101
|
@store.set_default_paths
|
98
102
|
assert_equal(true, @store.verify(cert))
|
99
103
|
ensure
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 7
|
8
|
-
-
|
9
|
-
version: 0.7.
|
8
|
+
- 2
|
9
|
+
version: 0.7.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Ola Bini and JRuby contributors
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-
|
17
|
+
date: 2010-11-03 00:00:00 -05:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -68,6 +68,7 @@ files:
|
|
68
68
|
- lib/openssl/bn.rb
|
69
69
|
- lib/openssl/buffering.rb
|
70
70
|
- lib/openssl/cipher.rb
|
71
|
+
- lib/openssl/config.rb
|
71
72
|
- lib/openssl/digest.rb
|
72
73
|
- lib/openssl/dummy.rb
|
73
74
|
- lib/openssl/dummyssl.rb
|
@@ -130,6 +131,7 @@ files:
|
|
130
131
|
- test/openssl/ssl_server.rb
|
131
132
|
- test/openssl/test_asn1.rb
|
132
133
|
- test/openssl/test_cipher.rb
|
134
|
+
- test/openssl/test_config.rb
|
133
135
|
- test/openssl/test_digest.rb
|
134
136
|
- test/openssl/test_ec.rb
|
135
137
|
- test/openssl/test_hmac.rb
|