jruby-openssl 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -103,26 +103,38 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
103
103
  assert_equal(exts, get_ext_req(attrs[1].value))
104
104
  end
105
105
 
106
+ def test_sign_and_verify_wrong_key_type
107
+ req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
108
+ req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
109
+ begin
110
+ assert_equal(false, req_rsa.verify(@dsa256))
111
+ rescue OpenSSL::X509::RequestError => e
112
+ # OpenSSL 1.0.0 added checks for pkey OID
113
+ assert_equal('wrong public key type', e.message)
114
+ end
115
+
116
+ begin
117
+ assert_equal(false, req_dsa.verify(@rsa1024))
118
+ rescue OpenSSL::X509::RequestError => e
119
+ # OpenSSL 1.0.0 added checks for pkey OID
120
+ assert_equal('wrong public key type', e.message)
121
+ end
122
+ end
123
+
106
124
  def test_sign_and_verify
107
125
  req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
108
126
  assert_equal(true, req.verify(@rsa1024))
109
127
  assert_equal(false, req.verify(@rsa2048))
110
- assert_equal(false, req.verify(@dsa256))
111
- assert_equal(false, req.verify(@dsa512))
112
128
  req.version = 1
113
129
  assert_equal(false, req.verify(@rsa1024))
114
130
 
115
131
  req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
116
132
  assert_equal(false, req.verify(@rsa1024))
117
133
  assert_equal(true, req.verify(@rsa2048))
118
- assert_equal(false, req.verify(@dsa256))
119
- assert_equal(false, req.verify(@dsa512))
120
134
  req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
121
135
  assert_equal(false, req.verify(@rsa2048))
122
136
 
123
137
  req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
124
- assert_equal(false, req.verify(@rsa1024))
125
- assert_equal(false, req.verify(@rsa2048))
126
138
  assert_equal(false, req.verify(@dsa256))
127
139
  assert_equal(true, req.verify(@dsa512))
128
140
  req.public_key = @rsa1024.public_key
@@ -130,12 +142,19 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
130
142
 
131
143
  assert_raise(OpenSSL::X509::RequestError){
132
144
  issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
133
- assert_raise(OpenSSL::X509::RequestError){
134
- issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
135
145
  assert_raise(OpenSSL::X509::RequestError){
136
146
  issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
137
147
  end
138
148
 
149
+ def test_dsig_algorithm_mismatch
150
+ assert_raise(OpenSSL::X509::RequestError) do
151
+ issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new)
152
+ end
153
+ assert_raise(OpenSSL::X509::RequestError) do
154
+ issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new)
155
+ end
156
+ end
157
+
139
158
  def test_create_from_pem
140
159
  req = <<END
141
160
  -----BEGIN CERTIFICATE REQUEST-----
@@ -96,16 +96,16 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
96
96
  cert
97
97
  end
98
98
 
99
- def issue_crl(revoke_info, serial, lastup, nextup, extensions,
99
+ def issue_crl(revoke_info, serial, lastup, nextup, extensions,
100
100
  issuer, issuer_key, digest)
101
101
  crl = OpenSSL::X509::CRL.new
102
102
  crl.issuer = issuer.subject
103
103
  crl.version = 1
104
104
  crl.last_update = lastup
105
105
  crl.next_update = nextup
106
- revoke_info.each{|serial, time, reason_code|
106
+ revoke_info.each{|rserial, time, reason_code|
107
107
  revoked = OpenSSL::X509::Revoked.new
108
- revoked.serial = serial
108
+ revoked.serial = rserial
109
109
  revoked.time = time
110
110
  enum = OpenSSL::ASN1::Enumerated(reason_code)
111
111
  ext = OpenSSL::X509::Extension.new("CRLReason", enum)
@@ -132,4 +132,13 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
132
132
  pkvalue = publickey.value
133
133
  OpenSSL::Digest::SHA1.hexdigest(pkvalue).scan(/../).join(":").upcase
134
134
  end
135
+
136
+ def silent
137
+ begin
138
+ back, $VERBOSE = $VERBOSE, nil
139
+ yield
140
+ ensure
141
+ $VERBOSE = back if back
142
+ end
143
+ end
135
144
  end
@@ -61,4 +61,36 @@ END
61
61
 
62
62
  assert_equal "24:D1:34:18:66:91:2A:63:76:AA:19:CE:17:20:56:56:5E:10:8F:AA", key_id.value
63
63
  end
64
+
65
+ # JRUBY-5060
66
+ def test_to_pem_with_empty_object
67
+ empty_cert = "MCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA"
68
+ empty_req = "MBowEAIAMAAwCDADBgEAAwEAoAAwAwYBAAMBAA=="
69
+ empty_crl = "MBMwCTADBgEAMAAfADADBgEAAwEA"
70
+ empty_key = "MAA="
71
+ #assert_equal(empty_cert, OpenSSL::X509::Certificate.new.to_pem.split("\n")[1])
72
+ #assert_equal(empty_req, OpenSSL::X509::Request.new.to_pem.split("\n")[1])
73
+ #assert_equal(empty_crl, OpenSSL::X509::CRL.new.to_pem.split("\n")[1])
74
+ assert_nothing_raised do
75
+ OpenSSL::X509::Certificate.new.to_pem
76
+ end
77
+ assert_nothing_raised do
78
+ OpenSSL::X509::Request.new.to_pem
79
+ end
80
+ assert_nothing_raised do
81
+ OpenSSL::X509::CRL.new.to_pem
82
+ end
83
+ assert_equal(empty_key, OpenSSL::PKey::RSA.new.to_pem.split("\n")[1].chomp)
84
+ assert_equal(empty_key, OpenSSL::PKey::DSA.new.to_pem.split("\n")[1].chomp)
85
+ assert_equal(empty_key, OpenSSL::PKey::DH.new.to_pem.split("\n")[1].chomp)
86
+ end
87
+
88
+ # JRUBY-5096
89
+ def test_verify_failed_by_lazy_public_key_initialization
90
+ msg = 'hello,world'
91
+ digester = OpenSSL::Digest::SHA1.new
92
+ sig = @key.sign(digester, msg)
93
+ assert(@cert.public_key.verify(digester, sig, msg))
94
+ assert(@cert.verify(@cert.public_key))
95
+ end
64
96
  end
@@ -137,6 +137,30 @@ class TestCipher < Test::Unit::TestCase
137
137
  assert_equal(e2, e1, "JRUBY-4012")
138
138
  end
139
139
 
140
+ # JRUBY-5125
141
+ def test_rc4_cipher_name
142
+ assert_equal("RC4", OpenSSL::Cipher::Cipher.new("rc4").name)
143
+ end
144
+
145
+ # JRUBY-5126
146
+ def test_stream_cipher_reset_should_be_ignored
147
+ c1 = "%E\x96\xDAZ\xEF\xB2$/\x9F\x02"
148
+ c2 = ">aV\xB0\xE1l\xF3oyL\x9B"
149
+ #
150
+ cipher = OpenSSL::Cipher::Cipher.new("RC4")
151
+ cipher.encrypt
152
+ cipher.key = "\0\1\2\3" * (128/8/4)
153
+ str = cipher.update('hello,world')
154
+ str += cipher.final
155
+ assert_equal(c1, str)
156
+ #
157
+ cipher.reset
158
+ cipher.iv = "\0" * 16
159
+ str = cipher.update('hello,world')
160
+ str += cipher.final
161
+ assert_equal(c2, str) # was equal to c1 before the fix
162
+ end
163
+
140
164
  private
141
165
  def do_repeated_test(algo, string, enc1, enc2)
142
166
  do_repeated_encrypt_test(algo, string, enc1, enc2)
@@ -6,6 +6,10 @@ require "test/unit"
6
6
  require 'net/https'
7
7
 
8
8
  class TestIntegration < Test::Unit::TestCase
9
+ def path(file)
10
+ File.expand_path(file, File.dirname(__FILE__))
11
+ end
12
+
9
13
  # JRUBY-2471
10
14
  def _test_drb
11
15
  config = {
@@ -25,7 +29,7 @@ class TestIntegration < Test::Unit::TestCase
25
29
  uri = URI.parse('https://www.amazon.com')
26
30
  http = Net::HTTP.new(uri.host, uri.port)
27
31
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
28
- http.ca_path = "test/fixture/ca_path/"
32
+ http.ca_path = path("fixture/ca_path/")
29
33
  http.use_ssl = true
30
34
  response = http.start do |s|
31
35
  assert s.get(uri.request_uri).length > 0
@@ -40,7 +44,7 @@ class TestIntegration < Test::Unit::TestCase
40
44
  http.use_ssl = true
41
45
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
42
46
  # right trust anchor for www.amazon.com
43
- http.ca_file = 'test/fixture/verisign.pem'
47
+ http.ca_file = path('fixture/verisign.pem')
44
48
  response = http.start do |s|
45
49
  assert s.get(uri.request_uri).length > 0
46
50
  end
@@ -48,7 +52,7 @@ class TestIntegration < Test::Unit::TestCase
48
52
  http = Net::HTTP.new(uri.host, uri.port)
49
53
  http.use_ssl = true
50
54
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
51
- http.ca_file = 'test/fixture/verisign_c3.pem'
55
+ http.ca_file = path('fixture/verisign_c3.pem')
52
56
  assert_raise(OpenSSL::SSL::SSLError) do
53
57
  # it must cause SSLError for verification failure.
54
58
  response = http.start do |s|
@@ -59,7 +63,7 @@ class TestIntegration < Test::Unit::TestCase
59
63
  http = Net::HTTP.new(uri.host, uri.port)
60
64
  http.use_ssl = true
61
65
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
62
- http.ca_file = 'test/fixture/verisign.pem'
66
+ http.ca_file = path('fixture/verisign.pem')
63
67
  response = http.start do |s|
64
68
  assert s.get(uri.request_uri).length > 0
65
69
  end
@@ -73,7 +77,7 @@ class TestIntegration < Test::Unit::TestCase
73
77
  http.use_ssl = true
74
78
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
75
79
  # right trust anchor for www.amazon.com
76
- http.ca_file = 'test/fixture/verisign_c3.pem'
80
+ http.ca_file = path('fixture/verisign_c3.pem')
77
81
  response = http.start do |s|
78
82
  assert s.get(uri.request_uri).length > 0
79
83
  end
@@ -11,6 +11,10 @@ class TestX509Store < Test::Unit::TestCase
11
11
  @store = OpenSSL::X509::Store.new
12
12
  end
13
13
 
14
+ def path(file)
15
+ File.expand_path(file, File.dirname(__FILE__))
16
+ end
17
+
14
18
  def teardown
15
19
  end
16
20
 
@@ -38,8 +42,8 @@ class TestX509Store < Test::Unit::TestCase
38
42
  end
39
43
 
40
44
  def test_purpose_ssl_client
41
- @store.add_file("test/fixture/purpose/cacert.pem")
42
- cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslclient.pem"))
45
+ @store.add_file(path("fixture/purpose/cacert.pem"))
46
+ cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslclient.pem")))
43
47
  @store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
44
48
  assert_equal(true, @store.verify(cert))
45
49
  @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
@@ -49,8 +53,8 @@ class TestX509Store < Test::Unit::TestCase
49
53
  end
50
54
 
51
55
  def test_purpose_ssl_server
52
- @store.add_file("test/fixture/purpose/cacert.pem")
53
- cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))
56
+ @store.add_file(path("fixture/purpose/cacert.pem"))
57
+ cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
54
58
  @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
55
59
  assert_equal(true, @store.verify(cert))
56
60
  @store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
@@ -65,12 +69,12 @@ class TestX509Store < Test::Unit::TestCase
65
69
  f << "junk junk\n"
66
70
  f << "junk junk\n"
67
71
  f << "junk junk\n"
68
- f << File.read("test/fixture/purpose/cacert.pem")
72
+ f << File.read(path("fixture/purpose/cacert.pem"))
69
73
  f.close
70
74
  @store.add_file(f.path)
71
75
  f.unlink
72
76
 
73
- cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))
77
+ cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
74
78
  @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
75
79
  assert_equal(true, @store.verify(cert))
76
80
  @store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
@@ -83,17 +87,17 @@ class TestX509Store < Test::Unit::TestCase
83
87
  # subject. ruby-openssl just ignores the second certificate.
84
88
  def test_add_file_JRUBY_4409
85
89
  assert_nothing_raised do
86
- @store.add_file("test/fixture/ca-bundle.crt")
90
+ @store.add_file(path("fixture/ca-bundle.crt"))
87
91
  end
88
92
  end
89
93
 
90
94
  def test_set_default_paths
91
95
  @store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
92
- cert = OpenSSL::X509::Certificate.new(File.read("test/fixture/purpose/sslserver.pem"))
96
+ cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
93
97
  assert_equal(false, @store.verify(cert))
94
98
  begin
95
99
  backup = ENV['SSL_CERT_DIR']
96
- ENV['SSL_CERT_DIR'] = 'test/fixture/purpose/'
100
+ ENV['SSL_CERT_DIR'] = path('fixture/purpose/')
97
101
  @store.set_default_paths
98
102
  assert_equal(true, @store.verify(cert))
99
103
  ensure
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 7
8
- - 1
9
- version: 0.7.1
8
+ - 2
9
+ version: 0.7.2
10
10
  platform: ruby
11
11
  authors:
12
12
  - Ola Bini and JRuby contributors
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2010-08-03 00:00:00 -05:00
17
+ date: 2010-11-03 00:00:00 -05:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
@@ -68,6 +68,7 @@ files:
68
68
  - lib/openssl/bn.rb
69
69
  - lib/openssl/buffering.rb
70
70
  - lib/openssl/cipher.rb
71
+ - lib/openssl/config.rb
71
72
  - lib/openssl/digest.rb
72
73
  - lib/openssl/dummy.rb
73
74
  - lib/openssl/dummyssl.rb
@@ -130,6 +131,7 @@ files:
130
131
  - test/openssl/ssl_server.rb
131
132
  - test/openssl/test_asn1.rb
132
133
  - test/openssl/test_cipher.rb
134
+ - test/openssl/test_config.rb
133
135
  - test/openssl/test_digest.rb
134
136
  - test/openssl/test_ec.rb
135
137
  - test/openssl/test_hmac.rb