jruby-openssl 0.7.4 → 0.7.6.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gemtest +0 -0
- data/History.txt +51 -14
- data/Manifest.txt +136 -79
- data/README.txt +1 -1
- data/Rakefile +17 -8
- data/lib/{openssl → 1.8/openssl}/bn.rb +2 -2
- data/lib/{openssl → 1.8/openssl}/buffering.rb +3 -1
- data/lib/{openssl → 1.8/openssl}/cipher.rb +0 -0
- data/lib/{openssl → 1.8/openssl}/config.rb +1 -1
- data/lib/{openssl → 1.8/openssl}/digest.rb +2 -2
- data/lib/{openssl → 1.8/openssl}/pkcs7.rb +0 -0
- data/lib/{openssl/ssl.rb → 1.8/openssl/ssl-internal.rb} +2 -2
- data/lib/1.8/openssl/ssl.rb +1 -0
- data/lib/{openssl/x509.rb → 1.8/openssl/x509-internal.rb} +8 -9
- data/lib/1.8/openssl/x509.rb +1 -0
- data/lib/{openssl.rb → 1.8/openssl.rb} +2 -11
- data/lib/1.9/openssl/bn.rb +35 -0
- data/lib/1.9/openssl/buffering.rb +448 -0
- data/lib/1.9/openssl/cipher.rb +65 -0
- data/lib/1.9/openssl/config.rb +313 -0
- data/lib/1.9/openssl/digest.rb +72 -0
- data/lib/1.9/openssl/ssl-internal.rb +177 -0
- data/lib/1.9/openssl/ssl.rb +2 -0
- data/lib/1.9/openssl/x509-internal.rb +158 -0
- data/lib/1.9/openssl/x509.rb +2 -0
- data/lib/1.9/openssl.rb +22 -0
- data/lib/{jopenssl → shared/jopenssl}/version.rb +1 -1
- data/lib/shared/jopenssl.jar +0 -0
- data/lib/{openssl → shared/openssl}/dummy.rb +0 -0
- data/lib/{openssl → shared/openssl}/dummyssl.rb +0 -0
- data/lib/shared/openssl/pkcs12.rb +50 -0
- data/lib/shared/openssl/ssl.rb +1 -0
- data/lib/shared/openssl/x509.rb +1 -0
- data/lib/shared/openssl.rb +20 -0
- data/test/{openssl → 1.8}/ssl_server.rb +0 -0
- data/test/{openssl → 1.8}/test_asn1.rb +15 -0
- data/test/{openssl → 1.8}/test_cipher.rb +0 -0
- data/test/{openssl → 1.8}/test_config.rb +0 -0
- data/test/{openssl → 1.8}/test_digest.rb +0 -0
- data/test/{openssl → 1.8}/test_ec.rb +0 -0
- data/test/{openssl → 1.8}/test_hmac.rb +0 -0
- data/test/{openssl → 1.8}/test_ns_spki.rb +0 -0
- data/test/{openssl → 1.8}/test_pair.rb +10 -2
- data/test/{openssl → 1.8}/test_pkcs7.rb +0 -0
- data/test/{openssl → 1.8}/test_pkey_rsa.rb +0 -0
- data/test/{openssl → 1.8}/test_ssl.rb +17 -20
- data/test/{openssl → 1.8}/test_x509cert.rb +0 -0
- data/test/{openssl → 1.8}/test_x509crl.rb +0 -0
- data/test/{openssl → 1.8}/test_x509ext.rb +0 -0
- data/test/{openssl → 1.8}/test_x509name.rb +0 -0
- data/test/{openssl → 1.8}/test_x509req.rb +0 -0
- data/test/{openssl → 1.8}/test_x509store.rb +0 -0
- data/test/{openssl → 1.8}/utils.rb +0 -0
- data/test/1.9/ssl_server.rb +81 -0
- data/test/1.9/test_asn1.rb +589 -0
- data/test/1.9/test_bn.rb +23 -0
- data/test/1.9/test_buffering.rb +88 -0
- data/test/1.9/test_cipher.rb +107 -0
- data/test/1.9/test_config.rb +288 -0
- data/test/1.9/test_digest.rb +118 -0
- data/test/1.9/test_engine.rb +15 -0
- data/test/1.9/test_hmac.rb +32 -0
- data/test/1.9/test_ns_spki.rb +50 -0
- data/test/1.9/test_ocsp.rb +47 -0
- data/test/1.9/test_pair.rb +257 -0
- data/test/1.9/test_pkcs12.rb +209 -0
- data/test/1.9/test_pkcs7.rb +151 -0
- data/test/1.9/test_pkey_dh.rb +72 -0
- data/test/1.9/test_pkey_dsa.rb +224 -0
- data/test/1.9/test_pkey_ec.rb +182 -0
- data/test/1.9/test_pkey_rsa.rb +244 -0
- data/test/1.9/test_ssl.rb +455 -0
- data/test/1.9/test_ssl_session.rb +327 -0
- data/test/1.9/test_x509cert.rb +217 -0
- data/test/1.9/test_x509crl.rb +221 -0
- data/test/1.9/test_x509ext.rb +69 -0
- data/test/1.9/test_x509name.rb +296 -0
- data/test/1.9/test_x509req.rb +150 -0
- data/test/1.9/test_x509store.rb +229 -0
- data/test/1.9/utils.rb +304 -0
- data/test/fixture/ids_in_subject_rdn_set.pem +31 -0
- data/test/fixture/purpose/ca/ca_config.rb +1 -1
- data/test/fixture/purpose/ca/gen_cert.rb +128 -0
- data/test/fixture/purpose/ca/newcerts/4_cert.pem +19 -0
- data/test/fixture/purpose/ca/serial +1 -1
- data/test/fixture/purpose/sslserver_no_dsig_in_keyUsage.pem +19 -0
- data/test/ruby/envutil.rb +208 -0
- data/test/ruby/ut_eof.rb +128 -0
- data/test/test_certificate.rb +9 -0
- data/test/test_java.rb +1 -1
- data/test/test_openssl.rb +1 -1
- data/test/test_pkcs7.rb +16 -0
- data/test/test_pkey_dsa.rb +180 -0
- data/test/test_pkey_rsa.rb +298 -0
- data/test/test_ssl.rb +1 -1
- data/test/test_x509store.rb +8 -0
- metadata +133 -73
- data/lib/jopenssl.jar +0 -0
- data/test/test_pkey.rb +0 -204
@@ -0,0 +1,257 @@
|
|
1
|
+
require_relative 'utils'
|
2
|
+
|
3
|
+
if defined?(OpenSSL)
|
4
|
+
|
5
|
+
require 'socket'
|
6
|
+
require_relative '../ruby/ut_eof'
|
7
|
+
|
8
|
+
module SSLPair
|
9
|
+
DHParam = OpenSSL::PKey::DH.new(128)
|
10
|
+
def server
|
11
|
+
host = "127.0.0.1"
|
12
|
+
port = 0
|
13
|
+
ctx = OpenSSL::SSL::SSLContext.new()
|
14
|
+
ctx.ciphers = "ADH"
|
15
|
+
ctx.tmp_dh_callback = proc { DHParam }
|
16
|
+
tcps = TCPServer.new(host, port)
|
17
|
+
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
|
18
|
+
return ssls
|
19
|
+
end
|
20
|
+
|
21
|
+
def client(port)
|
22
|
+
host = "127.0.0.1"
|
23
|
+
ctx = OpenSSL::SSL::SSLContext.new()
|
24
|
+
ctx.ciphers = "ADH"
|
25
|
+
s = TCPSocket.new(host, port)
|
26
|
+
ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
|
27
|
+
ssl.connect
|
28
|
+
ssl.sync_close = true
|
29
|
+
ssl
|
30
|
+
end
|
31
|
+
|
32
|
+
def ssl_pair
|
33
|
+
ssls = server
|
34
|
+
th = Thread.new {
|
35
|
+
ns = ssls.accept
|
36
|
+
ssls.close
|
37
|
+
ns
|
38
|
+
}
|
39
|
+
port = ssls.to_io.addr[1]
|
40
|
+
c = client(port)
|
41
|
+
s = th.value
|
42
|
+
if block_given?
|
43
|
+
begin
|
44
|
+
yield c, s
|
45
|
+
ensure
|
46
|
+
c.close unless c.closed?
|
47
|
+
s.close unless s.closed?
|
48
|
+
end
|
49
|
+
else
|
50
|
+
return c, s
|
51
|
+
end
|
52
|
+
ensure
|
53
|
+
if th && th.alive?
|
54
|
+
th.kill
|
55
|
+
th.join
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
class OpenSSL::TestEOF1 < Test::Unit::TestCase
|
61
|
+
include TestEOF
|
62
|
+
include SSLPair
|
63
|
+
|
64
|
+
def open_file(content)
|
65
|
+
s1, s2 = ssl_pair
|
66
|
+
Thread.new { s2 << content; s2.close }
|
67
|
+
yield s1
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
class OpenSSL::TestEOF2 < Test::Unit::TestCase
|
72
|
+
include TestEOF
|
73
|
+
include SSLPair
|
74
|
+
|
75
|
+
def open_file(content)
|
76
|
+
s1, s2 = ssl_pair
|
77
|
+
Thread.new { s1 << content; s1.close }
|
78
|
+
yield s2
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
class OpenSSL::TestPair < Test::Unit::TestCase
|
83
|
+
include SSLPair
|
84
|
+
|
85
|
+
def test_getc
|
86
|
+
ssl_pair {|s1, s2|
|
87
|
+
s1 << "a"
|
88
|
+
assert_equal(?a, s2.getc)
|
89
|
+
}
|
90
|
+
end
|
91
|
+
|
92
|
+
def test_readpartial
|
93
|
+
ssl_pair {|s1, s2|
|
94
|
+
s2.write "a\nbcd"
|
95
|
+
assert_equal("a\n", s1.gets)
|
96
|
+
read = s1.readpartial(10)
|
97
|
+
assert_equal("bcd"[0, read.bytesize], read)
|
98
|
+
s1.read(read.bytesize - 3) # drop unread bytes
|
99
|
+
s2.write "efg"
|
100
|
+
read = s1.readpartial(10)
|
101
|
+
assert_equal("efg"[0, read.bytesize], read)
|
102
|
+
rest = 3 - read.bytesize
|
103
|
+
while rest > 0
|
104
|
+
rest -= s1.readpartial(rest).size
|
105
|
+
end
|
106
|
+
s2.close
|
107
|
+
assert_raise(EOFError) { s1.readpartial(10) }
|
108
|
+
assert_raise(EOFError) { s1.readpartial(10) }
|
109
|
+
assert_equal("", s1.readpartial(0))
|
110
|
+
}
|
111
|
+
end
|
112
|
+
|
113
|
+
def test_readall
|
114
|
+
ssl_pair {|s1, s2|
|
115
|
+
s2.close
|
116
|
+
assert_equal("", s1.read)
|
117
|
+
}
|
118
|
+
end
|
119
|
+
|
120
|
+
def test_readline
|
121
|
+
ssl_pair {|s1, s2|
|
122
|
+
s2.close
|
123
|
+
assert_raise(EOFError) { s1.readline }
|
124
|
+
}
|
125
|
+
end
|
126
|
+
|
127
|
+
def test_puts_meta
|
128
|
+
ssl_pair {|s1, s2|
|
129
|
+
begin
|
130
|
+
old = $/
|
131
|
+
$/ = '*'
|
132
|
+
s1.puts 'a'
|
133
|
+
ensure
|
134
|
+
$/ = old
|
135
|
+
end
|
136
|
+
s1.close
|
137
|
+
assert_equal("a\n", s2.read)
|
138
|
+
}
|
139
|
+
end
|
140
|
+
|
141
|
+
def test_puts_empty
|
142
|
+
ssl_pair {|s1, s2|
|
143
|
+
s1.puts
|
144
|
+
s1.close
|
145
|
+
assert_equal("\n", s2.read)
|
146
|
+
}
|
147
|
+
end
|
148
|
+
|
149
|
+
def test_read_nonblock
|
150
|
+
ssl_pair {|s1, s2|
|
151
|
+
err = nil
|
152
|
+
assert_raise(OpenSSL::SSL::SSLError) {
|
153
|
+
begin
|
154
|
+
s2.read_nonblock(10)
|
155
|
+
ensure
|
156
|
+
err = $!
|
157
|
+
end
|
158
|
+
}
|
159
|
+
assert_kind_of(IO::WaitReadable, err)
|
160
|
+
s1.write "abc\ndef\n"
|
161
|
+
IO.select([s2])
|
162
|
+
assert_equal("ab", s2.read_nonblock(2))
|
163
|
+
assert_equal("c\n", s2.gets)
|
164
|
+
ret = nil
|
165
|
+
assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10) }
|
166
|
+
assert_equal("def\n", ret)
|
167
|
+
}
|
168
|
+
end
|
169
|
+
|
170
|
+
def test_write_nonblock
|
171
|
+
ssl_pair {|s1, s2|
|
172
|
+
n = 0
|
173
|
+
begin
|
174
|
+
n += s1.write_nonblock("a" * 100000)
|
175
|
+
n += s1.write_nonblock("b" * 100000)
|
176
|
+
n += s1.write_nonblock("c" * 100000)
|
177
|
+
n += s1.write_nonblock("d" * 100000)
|
178
|
+
n += s1.write_nonblock("e" * 100000)
|
179
|
+
n += s1.write_nonblock("f" * 100000)
|
180
|
+
rescue IO::WaitWritable
|
181
|
+
end
|
182
|
+
s1.close
|
183
|
+
assert_equal(n, s2.read.length)
|
184
|
+
}
|
185
|
+
end
|
186
|
+
|
187
|
+
def test_write_nonblock_with_buffered_data
|
188
|
+
ssl_pair {|s1, s2|
|
189
|
+
s1.write "foo"
|
190
|
+
s1.write_nonblock("bar")
|
191
|
+
s1.write "baz"
|
192
|
+
s1.close
|
193
|
+
assert_equal("foobarbaz", s2.read)
|
194
|
+
}
|
195
|
+
end
|
196
|
+
|
197
|
+
def test_connect_accept_nonblock
|
198
|
+
host = "127.0.0.1"
|
199
|
+
port = 0
|
200
|
+
ctx = OpenSSL::SSL::SSLContext.new()
|
201
|
+
ctx.ciphers = "ADH"
|
202
|
+
ctx.tmp_dh_callback = proc { DHParam }
|
203
|
+
serv = TCPServer.new(host, port)
|
204
|
+
|
205
|
+
port = serv.connect_address.ip_port
|
206
|
+
|
207
|
+
sock1 = TCPSocket.new(host, port)
|
208
|
+
sock2 = serv.accept
|
209
|
+
serv.close
|
210
|
+
|
211
|
+
th = Thread.new {
|
212
|
+
s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx)
|
213
|
+
s2.sync_close = true
|
214
|
+
begin
|
215
|
+
sleep 0.2
|
216
|
+
s2.accept_nonblock
|
217
|
+
rescue IO::WaitReadable
|
218
|
+
IO.select([s2])
|
219
|
+
retry
|
220
|
+
rescue IO::WaitWritable
|
221
|
+
IO.select(nil, [s2])
|
222
|
+
retry
|
223
|
+
end
|
224
|
+
s2
|
225
|
+
}
|
226
|
+
|
227
|
+
sleep 0.1
|
228
|
+
ctx = OpenSSL::SSL::SSLContext.new()
|
229
|
+
ctx.ciphers = "ADH"
|
230
|
+
s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx)
|
231
|
+
begin
|
232
|
+
sleep 0.2
|
233
|
+
s1.connect_nonblock
|
234
|
+
rescue IO::WaitReadable
|
235
|
+
IO.select([s1])
|
236
|
+
retry
|
237
|
+
rescue IO::WaitWritable
|
238
|
+
IO.select(nil, [s1])
|
239
|
+
retry
|
240
|
+
end
|
241
|
+
s1.sync_close = true
|
242
|
+
|
243
|
+
s2 = th.value
|
244
|
+
|
245
|
+
s1.print "a\ndef"
|
246
|
+
assert_equal("a\n", s2.gets)
|
247
|
+
ensure
|
248
|
+
s1.close if s1 && !s1.closed?
|
249
|
+
s2.close if s2 && !s2.closed?
|
250
|
+
serv.close if serv && !serv.closed?
|
251
|
+
sock1.close if sock1 && !sock1.closed?
|
252
|
+
sock2.close if sock2 && !sock2.closed?
|
253
|
+
end
|
254
|
+
|
255
|
+
end
|
256
|
+
|
257
|
+
end
|
@@ -0,0 +1,209 @@
|
|
1
|
+
require_relative "utils"
|
2
|
+
|
3
|
+
if defined?(OpenSSL)
|
4
|
+
|
5
|
+
module OpenSSL
|
6
|
+
class TestPKCS12 < Test::Unit::TestCase
|
7
|
+
include OpenSSL::TestUtils
|
8
|
+
|
9
|
+
def setup
|
10
|
+
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
|
11
|
+
|
12
|
+
now = Time.now
|
13
|
+
ca_exts = [
|
14
|
+
["basicConstraints","CA:TRUE",true],
|
15
|
+
["keyUsage","keyCertSign, cRLSign",true],
|
16
|
+
["subjectKeyIdentifier","hash",false],
|
17
|
+
["authorityKeyIdentifier","keyid:always",false],
|
18
|
+
]
|
19
|
+
|
20
|
+
@cacert = issue_cert(ca, TEST_KEY_RSA2048, 1, now, now+3600, ca_exts,
|
21
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
22
|
+
|
23
|
+
inter_ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Intermediate CA")
|
24
|
+
inter_ca_key = OpenSSL::PKey.read <<-_EOS_
|
25
|
+
-----BEGIN RSA PRIVATE KEY-----
|
26
|
+
MIICXAIBAAKBgQDp7hIG0SFMG/VWv1dBUWziAPrNmkMXJgTCAoB7jffzRtyyN04K
|
27
|
+
oq/89HAszTMStZoMigQURfokzKsjpUp8OYCAEsBtt9d5zPndWMz/gHN73GrXk3LT
|
28
|
+
ZsxEn7Xv5Da+Y9F/Hx2QZUHarV5cdZixq2NbzWGwrToogOQMh2pxN3Z/0wIDAQAB
|
29
|
+
AoGBAJysUyx3olpsGzv3OMRJeahASbmsSKTXVLZvoIefxOINosBFpCIhZccAG6UV
|
30
|
+
5c/xCvS89xBw8aD15uUfziw3AuT8QPEtHCgfSjeT7aWzBfYswEgOW4XPuWr7EeI9
|
31
|
+
iNHGD6z+hCN/IQr7FiEBgTp6A+i/hffcSdR83fHWKyb4M7TRAkEA+y4BNd668HmC
|
32
|
+
G5MPRx25n6LixuBxrNp1umfjEI6UZgEFVpYOg4agNuimN6NqM253kcTR94QNTUs5
|
33
|
+
Kj3EhG1YWwJBAO5rUjiOyCNVX2WUQrOMYK/c1lU7fvrkdygXkvIGkhsPoNRzLPeA
|
34
|
+
HGJszKtrKD8bNihWpWNIyqKRHfKVD7yXT+kCQGCAhVCIGTRoypcDghwljHqLnysf
|
35
|
+
ci0h5ZdPcIqc7ODfxYhFsJ/Rql5ONgYsT5Ig/+lOQAkjf+TRYM4c2xKx2/8CQBvG
|
36
|
+
jv6dy70qDgIUgqzONtlmHeYyFzn9cdBO5sShdVYHvRHjFSMEXsosqK9zvW2UqvuK
|
37
|
+
FJx7d3f29gkzynCLJDkCQGQZlEZJC4vWmWJGRKJ24P6MyQn3VsPfErSKOg4lvyM3
|
38
|
+
Li8JsX5yIiuVYaBg/6ha3tOg4TCa5K/3r3tVliRZ2Es=
|
39
|
+
-----END RSA PRIVATE KEY-----
|
40
|
+
_EOS_
|
41
|
+
|
42
|
+
@inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, now, now+3600, ca_exts,
|
43
|
+
@ca_cert, TEST_KEY_RSA2048, OpenSSL::Digest::SHA1.new)
|
44
|
+
|
45
|
+
exts = [
|
46
|
+
["keyUsage","digitalSignature",true],
|
47
|
+
["subjectKeyIdentifier","hash",false],
|
48
|
+
]
|
49
|
+
ee = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby PKCS12 Test Certificate")
|
50
|
+
@mycert = issue_cert(ee, TEST_KEY_RSA1024, 3, now, now+3600, exts,
|
51
|
+
@inter_cacert, inter_ca_key, OpenSSL::Digest::SHA1.new)
|
52
|
+
end
|
53
|
+
|
54
|
+
def test_create
|
55
|
+
pkcs12 = OpenSSL::PKCS12.create(
|
56
|
+
"omg",
|
57
|
+
"hello",
|
58
|
+
TEST_KEY_RSA1024,
|
59
|
+
@mycert
|
60
|
+
)
|
61
|
+
assert_equal @mycert, pkcs12.certificate
|
62
|
+
assert_equal TEST_KEY_RSA1024, pkcs12.key
|
63
|
+
assert_nil pkcs12.ca_certs
|
64
|
+
end
|
65
|
+
|
66
|
+
def test_create_no_pass
|
67
|
+
pkcs12 = OpenSSL::PKCS12.create(
|
68
|
+
nil,
|
69
|
+
"hello",
|
70
|
+
TEST_KEY_RSA1024,
|
71
|
+
@mycert
|
72
|
+
)
|
73
|
+
assert_equal @mycert, pkcs12.certificate
|
74
|
+
assert_equal TEST_KEY_RSA1024, pkcs12.key
|
75
|
+
assert_nil pkcs12.ca_certs
|
76
|
+
|
77
|
+
decoded = OpenSSL::PKCS12.new(pkcs12.to_der)
|
78
|
+
assert_cert @mycert, decoded.certificate
|
79
|
+
end
|
80
|
+
|
81
|
+
def test_create_with_chain
|
82
|
+
chain = [@inter_cacert, @cacert]
|
83
|
+
|
84
|
+
pkcs12 = OpenSSL::PKCS12.create(
|
85
|
+
"omg",
|
86
|
+
"hello",
|
87
|
+
TEST_KEY_RSA1024,
|
88
|
+
@mycert,
|
89
|
+
chain
|
90
|
+
)
|
91
|
+
assert_equal chain, pkcs12.ca_certs
|
92
|
+
end
|
93
|
+
|
94
|
+
def test_create_with_chain_decode
|
95
|
+
chain = [@cacert, @inter_cacert]
|
96
|
+
|
97
|
+
passwd = "omg"
|
98
|
+
|
99
|
+
pkcs12 = OpenSSL::PKCS12.create(
|
100
|
+
passwd,
|
101
|
+
"hello",
|
102
|
+
TEST_KEY_RSA1024,
|
103
|
+
@mycert,
|
104
|
+
chain
|
105
|
+
)
|
106
|
+
|
107
|
+
decoded = OpenSSL::PKCS12.new(pkcs12.to_der, passwd)
|
108
|
+
assert_equal chain.size, decoded.ca_certs.size
|
109
|
+
assert_include_cert @cacert, decoded.ca_certs
|
110
|
+
assert_include_cert @inter_cacert, decoded.ca_certs
|
111
|
+
assert_cert @mycert, decoded.certificate
|
112
|
+
assert_equal TEST_KEY_RSA1024.to_der, decoded.key.to_der
|
113
|
+
end
|
114
|
+
|
115
|
+
def test_create_with_bad_nid
|
116
|
+
assert_raises(ArgumentError) do
|
117
|
+
OpenSSL::PKCS12.create(
|
118
|
+
"omg",
|
119
|
+
"hello",
|
120
|
+
TEST_KEY_RSA1024,
|
121
|
+
@mycert,
|
122
|
+
[],
|
123
|
+
"foo"
|
124
|
+
)
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
def test_create_with_itr
|
129
|
+
OpenSSL::PKCS12.create(
|
130
|
+
"omg",
|
131
|
+
"hello",
|
132
|
+
TEST_KEY_RSA1024,
|
133
|
+
@mycert,
|
134
|
+
[],
|
135
|
+
nil,
|
136
|
+
nil,
|
137
|
+
2048
|
138
|
+
)
|
139
|
+
|
140
|
+
assert_raises(TypeError) do
|
141
|
+
OpenSSL::PKCS12.create(
|
142
|
+
"omg",
|
143
|
+
"hello",
|
144
|
+
TEST_KEY_RSA1024,
|
145
|
+
@mycert,
|
146
|
+
[],
|
147
|
+
nil,
|
148
|
+
nil,
|
149
|
+
"omg"
|
150
|
+
)
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
def test_create_with_mac_itr
|
155
|
+
OpenSSL::PKCS12.create(
|
156
|
+
"omg",
|
157
|
+
"hello",
|
158
|
+
TEST_KEY_RSA1024,
|
159
|
+
@mycert,
|
160
|
+
[],
|
161
|
+
nil,
|
162
|
+
nil,
|
163
|
+
nil,
|
164
|
+
2048
|
165
|
+
)
|
166
|
+
|
167
|
+
assert_raises(TypeError) do
|
168
|
+
OpenSSL::PKCS12.create(
|
169
|
+
"omg",
|
170
|
+
"hello",
|
171
|
+
TEST_KEY_RSA1024,
|
172
|
+
@mycert,
|
173
|
+
[],
|
174
|
+
nil,
|
175
|
+
nil,
|
176
|
+
nil,
|
177
|
+
"omg"
|
178
|
+
)
|
179
|
+
end
|
180
|
+
end
|
181
|
+
|
182
|
+
private
|
183
|
+
def assert_cert expected, actual
|
184
|
+
[
|
185
|
+
:subject,
|
186
|
+
:issuer,
|
187
|
+
:serial,
|
188
|
+
:not_before,
|
189
|
+
:not_after,
|
190
|
+
].each do |attribute|
|
191
|
+
assert_equal expected.send(attribute), actual.send(attribute)
|
192
|
+
end
|
193
|
+
assert_equal expected.to_der, actual.to_der
|
194
|
+
end
|
195
|
+
|
196
|
+
def assert_include_cert cert, ary
|
197
|
+
der = cert.to_der
|
198
|
+
ary.each do |candidate|
|
199
|
+
if candidate.to_der == der
|
200
|
+
return true
|
201
|
+
end
|
202
|
+
end
|
203
|
+
false
|
204
|
+
end
|
205
|
+
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
209
|
+
end
|
@@ -0,0 +1,151 @@
|
|
1
|
+
require_relative 'utils'
|
2
|
+
|
3
|
+
if defined?(OpenSSL)
|
4
|
+
|
5
|
+
class OpenSSL::TestPKCS7 < Test::Unit::TestCase
|
6
|
+
def setup
|
7
|
+
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
8
|
+
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
9
|
+
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
|
10
|
+
ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
|
11
|
+
ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
|
12
|
+
|
13
|
+
now = Time.now
|
14
|
+
ca_exts = [
|
15
|
+
["basicConstraints","CA:TRUE",true],
|
16
|
+
["keyUsage","keyCertSign, cRLSign",true],
|
17
|
+
["subjectKeyIdentifier","hash",false],
|
18
|
+
["authorityKeyIdentifier","keyid:always",false],
|
19
|
+
]
|
20
|
+
@ca_cert = issue_cert(ca, @rsa2048, 1, now, now+3600, ca_exts,
|
21
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
22
|
+
ee_exts = [
|
23
|
+
["keyUsage","Non Repudiation, Digital Signature, Key Encipherment",true],
|
24
|
+
["authorityKeyIdentifier","keyid:always",false],
|
25
|
+
["extendedKeyUsage","clientAuth, emailProtection, codeSigning",false],
|
26
|
+
]
|
27
|
+
@ee1_cert = issue_cert(ee1, @rsa1024, 2, now, now+1800, ee_exts,
|
28
|
+
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
29
|
+
@ee2_cert = issue_cert(ee2, @rsa1024, 3, now, now+1800, ee_exts,
|
30
|
+
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
31
|
+
end
|
32
|
+
|
33
|
+
def issue_cert(*args)
|
34
|
+
OpenSSL::TestUtils.issue_cert(*args)
|
35
|
+
end
|
36
|
+
|
37
|
+
def test_signed
|
38
|
+
store = OpenSSL::X509::Store.new
|
39
|
+
store.add_cert(@ca_cert)
|
40
|
+
ca_certs = [@ca_cert]
|
41
|
+
|
42
|
+
data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
|
43
|
+
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
|
44
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
45
|
+
certs = p7.certificates
|
46
|
+
signers = p7.signers
|
47
|
+
assert(p7.verify([], store))
|
48
|
+
assert_equal(data, p7.data)
|
49
|
+
assert_equal(2, certs.size)
|
50
|
+
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
51
|
+
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
52
|
+
assert_equal(1, signers.size)
|
53
|
+
assert_equal(@ee1_cert.serial, signers[0].serial)
|
54
|
+
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
55
|
+
|
56
|
+
# Normaly OpenSSL tries to translate the supplied content into canonical
|
57
|
+
# MIME format (e.g. a newline character is converted into CR+LF).
|
58
|
+
# If the content is a binary, PKCS7::BINARY flag should be used.
|
59
|
+
|
60
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
61
|
+
flag = OpenSSL::PKCS7::BINARY
|
62
|
+
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
|
63
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
64
|
+
certs = p7.certificates
|
65
|
+
signers = p7.signers
|
66
|
+
assert(p7.verify([], store))
|
67
|
+
assert_equal(data, p7.data)
|
68
|
+
assert_equal(2, certs.size)
|
69
|
+
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
70
|
+
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
71
|
+
assert_equal(1, signers.size)
|
72
|
+
assert_equal(@ee1_cert.serial, signers[0].serial)
|
73
|
+
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
74
|
+
|
75
|
+
# A signed-data which have multiple signatures can be created
|
76
|
+
# through the following steps.
|
77
|
+
# 1. create two signed-data
|
78
|
+
# 2. copy signerInfo and certificate from one to another
|
79
|
+
|
80
|
+
tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
|
81
|
+
tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
|
82
|
+
tmp1.add_signer(tmp2.signers[0])
|
83
|
+
tmp1.add_certificate(@ee2_cert)
|
84
|
+
|
85
|
+
p7 = OpenSSL::PKCS7.new(tmp1.to_der)
|
86
|
+
certs = p7.certificates
|
87
|
+
signers = p7.signers
|
88
|
+
assert(p7.verify([], store))
|
89
|
+
assert_equal(data, p7.data)
|
90
|
+
assert_equal(2, certs.size)
|
91
|
+
assert_equal(2, signers.size)
|
92
|
+
assert_equal(@ee1_cert.serial, signers[0].serial)
|
93
|
+
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
94
|
+
assert_equal(@ee2_cert.serial, signers[1].serial)
|
95
|
+
assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
|
96
|
+
end
|
97
|
+
|
98
|
+
def test_detached_sign
|
99
|
+
store = OpenSSL::X509::Store.new
|
100
|
+
store.add_cert(@ca_cert)
|
101
|
+
ca_certs = [@ca_cert]
|
102
|
+
|
103
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
104
|
+
flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
|
105
|
+
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
|
106
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
107
|
+
assert_nothing_raised do
|
108
|
+
OpenSSL::ASN1.decode(p7)
|
109
|
+
end
|
110
|
+
|
111
|
+
certs = p7.certificates
|
112
|
+
signers = p7.signers
|
113
|
+
assert(!p7.verify([], store))
|
114
|
+
assert(p7.verify([], store, data))
|
115
|
+
assert_equal(data, p7.data)
|
116
|
+
assert_equal(2, certs.size)
|
117
|
+
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
118
|
+
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
119
|
+
assert_equal(1, signers.size)
|
120
|
+
assert_equal(@ee1_cert.serial, signers[0].serial)
|
121
|
+
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
122
|
+
end
|
123
|
+
|
124
|
+
def test_enveloped
|
125
|
+
if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
|
126
|
+
# PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
|
127
|
+
# http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
|
128
|
+
return
|
129
|
+
end
|
130
|
+
|
131
|
+
certs = [@ee1_cert, @ee2_cert]
|
132
|
+
cipher = OpenSSL::Cipher::AES.new("128-CBC")
|
133
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
134
|
+
|
135
|
+
tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
|
136
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
137
|
+
recip = p7.recipients
|
138
|
+
assert_equal(:enveloped, p7.type)
|
139
|
+
assert_equal(2, recip.size)
|
140
|
+
|
141
|
+
assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s)
|
142
|
+
assert_equal(2, recip[0].serial)
|
143
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
144
|
+
|
145
|
+
assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
|
146
|
+
assert_equal(3, recip[1].serial)
|
147
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
end
|
@@ -0,0 +1,72 @@
|
|
1
|
+
require_relative 'utils'
|
2
|
+
|
3
|
+
if defined?(OpenSSL)
|
4
|
+
|
5
|
+
class OpenSSL::TestPKeyDH < Test::Unit::TestCase
|
6
|
+
def test_new
|
7
|
+
dh = OpenSSL::PKey::DH.new(256)
|
8
|
+
assert_key(dh)
|
9
|
+
end
|
10
|
+
|
11
|
+
def test_to_der
|
12
|
+
dh = OpenSSL::PKey::DH.new(256)
|
13
|
+
der = dh.to_der
|
14
|
+
dh2 = OpenSSL::PKey::DH.new(der)
|
15
|
+
assert_equal_params(dh, dh2)
|
16
|
+
assert_no_key(dh2)
|
17
|
+
end
|
18
|
+
|
19
|
+
def test_to_pem
|
20
|
+
dh = OpenSSL::PKey::DH.new(256)
|
21
|
+
pem = dh.to_pem
|
22
|
+
dh2 = OpenSSL::PKey::DH.new(pem)
|
23
|
+
assert_equal_params(dh, dh2)
|
24
|
+
assert_no_key(dh2)
|
25
|
+
end
|
26
|
+
|
27
|
+
def test_public_key
|
28
|
+
dh = OpenSSL::PKey::DH.new(256)
|
29
|
+
public_key = dh.public_key
|
30
|
+
assert_no_key(public_key) #implies public_key.public? is false!
|
31
|
+
assert_equal(dh.to_der, public_key.to_der)
|
32
|
+
assert_equal(dh.to_pem, public_key.to_pem)
|
33
|
+
end
|
34
|
+
|
35
|
+
def test_generate_key
|
36
|
+
dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy
|
37
|
+
assert_no_key(dh)
|
38
|
+
dh.generate_key!
|
39
|
+
assert_key(dh)
|
40
|
+
end
|
41
|
+
|
42
|
+
def test_key_exchange
|
43
|
+
dh = OpenSSL::TestUtils::TEST_KEY_DH512
|
44
|
+
dh2 = dh.public_key
|
45
|
+
dh.generate_key!
|
46
|
+
dh2.generate_key!
|
47
|
+
assert_equal(dh.compute_key(dh2.pub_key), dh2.compute_key(dh.pub_key))
|
48
|
+
end
|
49
|
+
|
50
|
+
private
|
51
|
+
|
52
|
+
def assert_equal_params(dh1, dh2)
|
53
|
+
assert_equal(dh1.g, dh2.g)
|
54
|
+
assert_equal(dh1.p, dh2.p)
|
55
|
+
end
|
56
|
+
|
57
|
+
def assert_no_key(dh)
|
58
|
+
assert_equal(false, dh.public?)
|
59
|
+
assert_equal(false, dh.private?)
|
60
|
+
assert_equal(nil, dh.pub_key)
|
61
|
+
assert_equal(nil, dh.priv_key)
|
62
|
+
end
|
63
|
+
|
64
|
+
def assert_key(dh)
|
65
|
+
assert(dh.public?)
|
66
|
+
assert(dh.private?)
|
67
|
+
assert(dh.pub_key)
|
68
|
+
assert(dh.priv_key)
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
end
|