jruby-openssl 0.7.1 → 0.7.2
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +16 -0
- data/Manifest.txt +2 -0
- data/Rakefile +1 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/version.rb +1 -1
- data/lib/openssl.rb +1 -0
- data/lib/openssl/config.rb +316 -0
- data/test/openssl/test_cipher.rb +4 -4
- data/test/openssl/test_config.rb +290 -0
- data/test/openssl/test_ec.rb +18 -3
- data/test/openssl/test_hmac.rb +11 -9
- data/test/openssl/test_ns_spki.rb +0 -10
- data/test/openssl/test_pkcs7.rb +4 -3
- data/test/openssl/test_ssl.rb +3 -9
- data/test/openssl/test_x509cert.rb +64 -23
- data/test/openssl/test_x509crl.rb +27 -7
- data/test/openssl/test_x509ext.rb +5 -1
- data/test/openssl/test_x509name.rb +12 -4
- data/test/openssl/test_x509req.rb +27 -8
- data/test/openssl/utils.rb +12 -3
- data/test/test_certificate.rb +32 -0
- data/test/test_cipher.rb +24 -0
- data/test/test_integration.rb +9 -5
- data/test/test_x509store.rb +13 -9
- metadata +5 -3
@@ -103,26 +103,38 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
|
|
103
103
|
assert_equal(exts, get_ext_req(attrs[1].value))
|
104
104
|
end
|
105
105
|
|
106
|
+
def test_sign_and_verify_wrong_key_type
|
107
|
+
req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
|
108
|
+
req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
|
109
|
+
begin
|
110
|
+
assert_equal(false, req_rsa.verify(@dsa256))
|
111
|
+
rescue OpenSSL::X509::RequestError => e
|
112
|
+
# OpenSSL 1.0.0 added checks for pkey OID
|
113
|
+
assert_equal('wrong public key type', e.message)
|
114
|
+
end
|
115
|
+
|
116
|
+
begin
|
117
|
+
assert_equal(false, req_dsa.verify(@rsa1024))
|
118
|
+
rescue OpenSSL::X509::RequestError => e
|
119
|
+
# OpenSSL 1.0.0 added checks for pkey OID
|
120
|
+
assert_equal('wrong public key type', e.message)
|
121
|
+
end
|
122
|
+
end
|
123
|
+
|
106
124
|
def test_sign_and_verify
|
107
125
|
req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
|
108
126
|
assert_equal(true, req.verify(@rsa1024))
|
109
127
|
assert_equal(false, req.verify(@rsa2048))
|
110
|
-
assert_equal(false, req.verify(@dsa256))
|
111
|
-
assert_equal(false, req.verify(@dsa512))
|
112
128
|
req.version = 1
|
113
129
|
assert_equal(false, req.verify(@rsa1024))
|
114
130
|
|
115
131
|
req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
|
116
132
|
assert_equal(false, req.verify(@rsa1024))
|
117
133
|
assert_equal(true, req.verify(@rsa2048))
|
118
|
-
assert_equal(false, req.verify(@dsa256))
|
119
|
-
assert_equal(false, req.verify(@dsa512))
|
120
134
|
req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
|
121
135
|
assert_equal(false, req.verify(@rsa2048))
|
122
136
|
|
123
137
|
req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
|
124
|
-
assert_equal(false, req.verify(@rsa1024))
|
125
|
-
assert_equal(false, req.verify(@rsa2048))
|
126
138
|
assert_equal(false, req.verify(@dsa256))
|
127
139
|
assert_equal(true, req.verify(@dsa512))
|
128
140
|
req.public_key = @rsa1024.public_key
|
@@ -130,12 +142,19 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
|
|
130
142
|
|
131
143
|
assert_raise(OpenSSL::X509::RequestError){
|
132
144
|
issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
|
133
|
-
assert_raise(OpenSSL::X509::RequestError){
|
134
|
-
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
|
135
145
|
assert_raise(OpenSSL::X509::RequestError){
|
136
146
|
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
|
137
147
|
end
|
138
148
|
|
149
|
+
def test_dsig_algorithm_mismatch
|
150
|
+
assert_raise(OpenSSL::X509::RequestError) do
|
151
|
+
issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new)
|
152
|
+
end
|
153
|
+
assert_raise(OpenSSL::X509::RequestError) do
|
154
|
+
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
139
158
|
def test_create_from_pem
|
140
159
|
req = <<END
|
141
160
|
-----BEGIN CERTIFICATE REQUEST-----
|
data/test/openssl/utils.rb
CHANGED
@@ -96,16 +96,16 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
|
|
96
96
|
cert
|
97
97
|
end
|
98
98
|
|
99
|
-
def issue_crl(revoke_info, serial, lastup, nextup, extensions,
|
99
|
+
def issue_crl(revoke_info, serial, lastup, nextup, extensions,
|
100
100
|
issuer, issuer_key, digest)
|
101
101
|
crl = OpenSSL::X509::CRL.new
|
102
102
|
crl.issuer = issuer.subject
|
103
103
|
crl.version = 1
|
104
104
|
crl.last_update = lastup
|
105
105
|
crl.next_update = nextup
|
106
|
-
revoke_info.each{|
|
106
|
+
revoke_info.each{|rserial, time, reason_code|
|
107
107
|
revoked = OpenSSL::X509::Revoked.new
|
108
|
-
revoked.serial =
|
108
|
+
revoked.serial = rserial
|
109
109
|
revoked.time = time
|
110
110
|
enum = OpenSSL::ASN1::Enumerated(reason_code)
|
111
111
|
ext = OpenSSL::X509::Extension.new("CRLReason", enum)
|
@@ -132,4 +132,13 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
|
|
132
132
|
pkvalue = publickey.value
|
133
133
|
OpenSSL::Digest::SHA1.hexdigest(pkvalue).scan(/../).join(":").upcase
|
134
134
|
end
|
135
|
+
|
136
|
+
def silent
|
137
|
+
begin
|
138
|
+
back, $VERBOSE = $VERBOSE, nil
|
139
|
+
yield
|
140
|
+
ensure
|
141
|
+
$VERBOSE = back if back
|
142
|
+
end
|
143
|
+
end
|
135
144
|
end
|
data/test/test_certificate.rb
CHANGED
@@ -61,4 +61,36 @@ END
|
|
61
61
|
|
62
62
|
assert_equal "24:D1:34:18:66:91:2A:63:76:AA:19:CE:17:20:56:56:5E:10:8F:AA", key_id.value
|
63
63
|
end
|
64
|
+
|
65
|
+
# JRUBY-5060
|
66
|
+
def test_to_pem_with_empty_object
|
67
|
+
empty_cert = "MCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA"
|
68
|
+
empty_req = "MBowEAIAMAAwCDADBgEAAwEAoAAwAwYBAAMBAA=="
|
69
|
+
empty_crl = "MBMwCTADBgEAMAAfADADBgEAAwEA"
|
70
|
+
empty_key = "MAA="
|
71
|
+
#assert_equal(empty_cert, OpenSSL::X509::Certificate.new.to_pem.split("\n")[1])
|
72
|
+
#assert_equal(empty_req, OpenSSL::X509::Request.new.to_pem.split("\n")[1])
|
73
|
+
#assert_equal(empty_crl, OpenSSL::X509::CRL.new.to_pem.split("\n")[1])
|
74
|
+
assert_nothing_raised do
|
75
|
+
OpenSSL::X509::Certificate.new.to_pem
|
76
|
+
end
|
77
|
+
assert_nothing_raised do
|
78
|
+
OpenSSL::X509::Request.new.to_pem
|
79
|
+
end
|
80
|
+
assert_nothing_raised do
|
81
|
+
OpenSSL::X509::CRL.new.to_pem
|
82
|
+
end
|
83
|
+
assert_equal(empty_key, OpenSSL::PKey::RSA.new.to_pem.split("\n")[1].chomp)
|
84
|
+
assert_equal(empty_key, OpenSSL::PKey::DSA.new.to_pem.split("\n")[1].chomp)
|
85
|
+
assert_equal(empty_key, OpenSSL::PKey::DH.new.to_pem.split("\n")[1].chomp)
|
86
|
+
end
|
87
|
+
|
88
|
+
# JRUBY-5096
|
89
|
+
def test_verify_failed_by_lazy_public_key_initialization
|
90
|
+
msg = 'hello,world'
|
91
|
+
digester = OpenSSL::Digest::SHA1.new
|
92
|
+
sig = @key.sign(digester, msg)
|
93
|
+
assert(@cert.public_key.verify(digester, sig, msg))
|
94
|
+
assert(@cert.verify(@cert.public_key))
|
95
|
+
end
|
64
96
|
end
|
data/test/test_cipher.rb
CHANGED
@@ -137,6 +137,30 @@ class TestCipher < Test::Unit::TestCase
|
|
137
137
|
assert_equal(e2, e1, "JRUBY-4012")
|
138
138
|
end
|
139
139
|
|
140
|
+
# JRUBY-5125
|
141
|
+
def test_rc4_cipher_name
|
142
|
+
assert_equal("RC4", OpenSSL::Cipher::Cipher.new("rc4").name)
|
143
|
+
end
|
144
|
+
|
145
|
+
# JRUBY-5126
|
146
|
+
def test_stream_cipher_reset_should_be_ignored
|
147
|
+
c1 = "%E\x96\xDAZ\xEF\xB2$/\x9F\x02"
|
148
|
+
c2 = ">aV\xB0\xE1l\xF3oyL\x9B"
|
149
|
+
#
|
150
|
+
cipher = OpenSSL::Cipher::Cipher.new("RC4")
|
151
|
+
cipher.encrypt
|
152
|
+
cipher.key = "\0\1\2\3" * (128/8/4)
|
153
|
+
str = cipher.update('hello,world')
|
154
|
+
str += cipher.final
|
155
|
+
assert_equal(c1, str)
|
156
|
+
#
|
157
|
+
cipher.reset
|
158
|
+
cipher.iv = "\0" * 16
|
159
|
+
str = cipher.update('hello,world')
|
160
|
+
str += cipher.final
|
161
|
+
assert_equal(c2, str) # was equal to c1 before the fix
|
162
|
+
end
|
163
|
+
|
140
164
|
private
|
141
165
|
def do_repeated_test(algo, string, enc1, enc2)
|
142
166
|
do_repeated_encrypt_test(algo, string, enc1, enc2)
|
data/test/test_integration.rb
CHANGED
@@ -6,6 +6,10 @@ require "test/unit"
|
|
6
6
|
require 'net/https'
|
7
7
|
|
8
8
|
class TestIntegration < Test::Unit::TestCase
|
9
|
+
def path(file)
|
10
|
+
File.expand_path(file, File.dirname(__FILE__))
|
11
|
+
end
|
12
|
+
|
9
13
|
# JRUBY-2471
|
10
14
|
def _test_drb
|
11
15
|
config = {
|
@@ -25,7 +29,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
25
29
|
uri = URI.parse('https://www.amazon.com')
|
26
30
|
http = Net::HTTP.new(uri.host, uri.port)
|
27
31
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
28
|
-
http.ca_path = "
|
32
|
+
http.ca_path = path("fixture/ca_path/")
|
29
33
|
http.use_ssl = true
|
30
34
|
response = http.start do |s|
|
31
35
|
assert s.get(uri.request_uri).length > 0
|
@@ -40,7 +44,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
40
44
|
http.use_ssl = true
|
41
45
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
42
46
|
# right trust anchor for www.amazon.com
|
43
|
-
http.ca_file = '
|
47
|
+
http.ca_file = path('fixture/verisign.pem')
|
44
48
|
response = http.start do |s|
|
45
49
|
assert s.get(uri.request_uri).length > 0
|
46
50
|
end
|
@@ -48,7 +52,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
48
52
|
http = Net::HTTP.new(uri.host, uri.port)
|
49
53
|
http.use_ssl = true
|
50
54
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
51
|
-
http.ca_file = '
|
55
|
+
http.ca_file = path('fixture/verisign_c3.pem')
|
52
56
|
assert_raise(OpenSSL::SSL::SSLError) do
|
53
57
|
# it must cause SSLError for verification failure.
|
54
58
|
response = http.start do |s|
|
@@ -59,7 +63,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
59
63
|
http = Net::HTTP.new(uri.host, uri.port)
|
60
64
|
http.use_ssl = true
|
61
65
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
62
|
-
http.ca_file = '
|
66
|
+
http.ca_file = path('fixture/verisign.pem')
|
63
67
|
response = http.start do |s|
|
64
68
|
assert s.get(uri.request_uri).length > 0
|
65
69
|
end
|
@@ -73,7 +77,7 @@ class TestIntegration < Test::Unit::TestCase
|
|
73
77
|
http.use_ssl = true
|
74
78
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
75
79
|
# right trust anchor for www.amazon.com
|
76
|
-
http.ca_file = '
|
80
|
+
http.ca_file = path('fixture/verisign_c3.pem')
|
77
81
|
response = http.start do |s|
|
78
82
|
assert s.get(uri.request_uri).length > 0
|
79
83
|
end
|
data/test/test_x509store.rb
CHANGED
@@ -11,6 +11,10 @@ class TestX509Store < Test::Unit::TestCase
|
|
11
11
|
@store = OpenSSL::X509::Store.new
|
12
12
|
end
|
13
13
|
|
14
|
+
def path(file)
|
15
|
+
File.expand_path(file, File.dirname(__FILE__))
|
16
|
+
end
|
17
|
+
|
14
18
|
def teardown
|
15
19
|
end
|
16
20
|
|
@@ -38,8 +42,8 @@ class TestX509Store < Test::Unit::TestCase
|
|
38
42
|
end
|
39
43
|
|
40
44
|
def test_purpose_ssl_client
|
41
|
-
@store.add_file("
|
42
|
-
cert = OpenSSL::X509::Certificate.new(File.read("
|
45
|
+
@store.add_file(path("fixture/purpose/cacert.pem"))
|
46
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslclient.pem")))
|
43
47
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
44
48
|
assert_equal(true, @store.verify(cert))
|
45
49
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
@@ -49,8 +53,8 @@ class TestX509Store < Test::Unit::TestCase
|
|
49
53
|
end
|
50
54
|
|
51
55
|
def test_purpose_ssl_server
|
52
|
-
@store.add_file("
|
53
|
-
cert = OpenSSL::X509::Certificate.new(File.read("
|
56
|
+
@store.add_file(path("fixture/purpose/cacert.pem"))
|
57
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
54
58
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
55
59
|
assert_equal(true, @store.verify(cert))
|
56
60
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
@@ -65,12 +69,12 @@ class TestX509Store < Test::Unit::TestCase
|
|
65
69
|
f << "junk junk\n"
|
66
70
|
f << "junk junk\n"
|
67
71
|
f << "junk junk\n"
|
68
|
-
f << File.read("
|
72
|
+
f << File.read(path("fixture/purpose/cacert.pem"))
|
69
73
|
f.close
|
70
74
|
@store.add_file(f.path)
|
71
75
|
f.unlink
|
72
76
|
|
73
|
-
cert = OpenSSL::X509::Certificate.new(File.read("
|
77
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
74
78
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
75
79
|
assert_equal(true, @store.verify(cert))
|
76
80
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
@@ -83,17 +87,17 @@ class TestX509Store < Test::Unit::TestCase
|
|
83
87
|
# subject. ruby-openssl just ignores the second certificate.
|
84
88
|
def test_add_file_JRUBY_4409
|
85
89
|
assert_nothing_raised do
|
86
|
-
@store.add_file("
|
90
|
+
@store.add_file(path("fixture/ca-bundle.crt"))
|
87
91
|
end
|
88
92
|
end
|
89
93
|
|
90
94
|
def test_set_default_paths
|
91
95
|
@store.purpose = OpenSSL::X509::PURPOSE_SSL_SERVER
|
92
|
-
cert = OpenSSL::X509::Certificate.new(File.read("
|
96
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path("fixture/purpose/sslserver.pem")))
|
93
97
|
assert_equal(false, @store.verify(cert))
|
94
98
|
begin
|
95
99
|
backup = ENV['SSL_CERT_DIR']
|
96
|
-
ENV['SSL_CERT_DIR'] = '
|
100
|
+
ENV['SSL_CERT_DIR'] = path('fixture/purpose/')
|
97
101
|
@store.set_default_paths
|
98
102
|
assert_equal(true, @store.verify(cert))
|
99
103
|
ensure
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 7
|
8
|
-
-
|
9
|
-
version: 0.7.
|
8
|
+
- 2
|
9
|
+
version: 0.7.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Ola Bini and JRuby contributors
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-
|
17
|
+
date: 2010-11-03 00:00:00 -05:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -68,6 +68,7 @@ files:
|
|
68
68
|
- lib/openssl/bn.rb
|
69
69
|
- lib/openssl/buffering.rb
|
70
70
|
- lib/openssl/cipher.rb
|
71
|
+
- lib/openssl/config.rb
|
71
72
|
- lib/openssl/digest.rb
|
72
73
|
- lib/openssl/dummy.rb
|
73
74
|
- lib/openssl/dummyssl.rb
|
@@ -130,6 +131,7 @@ files:
|
|
130
131
|
- test/openssl/ssl_server.rb
|
131
132
|
- test/openssl/test_asn1.rb
|
132
133
|
- test/openssl/test_cipher.rb
|
134
|
+
- test/openssl/test_config.rb
|
133
135
|
- test/openssl/test_digest.rb
|
134
136
|
- test/openssl/test_ec.rb
|
135
137
|
- test/openssl/test_hmac.rb
|