jruby-openssl 0.8.0.pre3 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest.txt +5 -124
- data/Rakefile +3 -3
- data/lib/shared/jopenssl.jar +0 -0
- data/lib/shared/jopenssl/version.rb +1 -1
- metadata +10 -116
- data/test/1.8/ssl_server.rb +0 -99
- data/test/1.8/test_asn1.rb +0 -212
- data/test/1.8/test_cipher.rb +0 -193
- data/test/1.8/test_config.rb +0 -290
- data/test/1.8/test_digest.rb +0 -88
- data/test/1.8/test_ec.rb +0 -128
- data/test/1.8/test_hmac.rb +0 -46
- data/test/1.8/test_ns_spki.rb +0 -59
- data/test/1.8/test_pair.rb +0 -149
- data/test/1.8/test_pkcs7.rb +0 -489
- data/test/1.8/test_pkey_rsa.rb +0 -49
- data/test/1.8/test_ssl.rb +0 -1032
- data/test/1.8/test_x509cert.rb +0 -277
- data/test/1.8/test_x509crl.rb +0 -253
- data/test/1.8/test_x509ext.rb +0 -99
- data/test/1.8/test_x509name.rb +0 -290
- data/test/1.8/test_x509req.rb +0 -195
- data/test/1.8/test_x509store.rb +0 -246
- data/test/1.8/utils.rb +0 -144
- data/test/1.9/ssl_server.rb +0 -81
- data/test/1.9/test_asn1.rb +0 -589
- data/test/1.9/test_bn.rb +0 -23
- data/test/1.9/test_buffering.rb +0 -88
- data/test/1.9/test_cipher.rb +0 -107
- data/test/1.9/test_config.rb +0 -288
- data/test/1.9/test_digest.rb +0 -118
- data/test/1.9/test_engine.rb +0 -15
- data/test/1.9/test_hmac.rb +0 -32
- data/test/1.9/test_ns_spki.rb +0 -50
- data/test/1.9/test_ocsp.rb +0 -47
- data/test/1.9/test_pair.rb +0 -257
- data/test/1.9/test_pkcs12.rb +0 -209
- data/test/1.9/test_pkcs7.rb +0 -156
- data/test/1.9/test_pkey_dh.rb +0 -72
- data/test/1.9/test_pkey_dsa.rb +0 -224
- data/test/1.9/test_pkey_ec.rb +0 -182
- data/test/1.9/test_pkey_rsa.rb +0 -244
- data/test/1.9/test_ssl.rb +0 -499
- data/test/1.9/test_ssl_session.rb +0 -327
- data/test/1.9/test_x509cert.rb +0 -217
- data/test/1.9/test_x509crl.rb +0 -221
- data/test/1.9/test_x509ext.rb +0 -69
- data/test/1.9/test_x509name.rb +0 -366
- data/test/1.9/test_x509req.rb +0 -150
- data/test/1.9/test_x509store.rb +0 -229
- data/test/1.9/utils.rb +0 -304
- data/test/cert_with_ec_pk.cer +0 -27
- data/test/fixture/ca-bundle.crt +0 -2794
- data/test/fixture/ca_path/72fa7371.0 +0 -19
- data/test/fixture/ca_path/verisign.pem +0 -19
- data/test/fixture/cacert.pem +0 -23
- data/test/fixture/cert_localhost.pem +0 -19
- data/test/fixture/common.pem +0 -48
- data/test/fixture/ids_in_subject_rdn_set.pem +0 -31
- data/test/fixture/imaps/cacert.pem +0 -60
- data/test/fixture/imaps/server.crt +0 -61
- data/test/fixture/imaps/server.key +0 -15
- data/test/fixture/key_then_cert.pem +0 -34
- data/test/fixture/keypair.pem +0 -27
- data/test/fixture/localhost_keypair.pem +0 -18
- data/test/fixture/max.pem +0 -29
- data/test/fixture/purpose/b70a5bc1.0 +0 -24
- data/test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +0 -0
- data/test/fixture/purpose/ca/ca_config.rb +0 -37
- data/test/fixture/purpose/ca/cacert.pem +0 -24
- data/test/fixture/purpose/ca/newcerts/2_cert.pem +0 -19
- data/test/fixture/purpose/ca/newcerts/3_cert.pem +0 -19
- data/test/fixture/purpose/ca/newcerts/4_cert.pem +0 -19
- data/test/fixture/purpose/ca/private/cakeypair.pem +0 -30
- data/test/fixture/purpose/ca/serial +0 -1
- data/test/fixture/purpose/cacert.pem +0 -24
- data/test/fixture/purpose/scripts/gen_cert.rb +0 -127
- data/test/fixture/purpose/scripts/gen_csr.rb +0 -50
- data/test/fixture/purpose/scripts/init_ca.rb +0 -66
- data/test/fixture/purpose/sslclient.pem +0 -19
- data/test/fixture/purpose/sslclient/csr.pem +0 -10
- data/test/fixture/purpose/sslclient/keypair.pem +0 -15
- data/test/fixture/purpose/sslclient/sslclient.pem +0 -19
- data/test/fixture/purpose/sslserver.pem +0 -19
- data/test/fixture/purpose/sslserver/csr.pem +0 -10
- data/test/fixture/purpose/sslserver/keypair.pem +0 -15
- data/test/fixture/purpose/sslserver/sslserver.pem +0 -19
- data/test/fixture/purpose/sslserver_no_dsig_in_keyUsage.pem +0 -19
- data/test/fixture/selfcert.pem +0 -23
- data/test/fixture/verisign.pem +0 -19
- data/test/fixture/verisign_c3.pem +0 -14
- data/test/ref/a.out +0 -0
- data/test/ref/compile.rb +0 -8
- data/test/ref/pkcs1 +0 -0
- data/test/ref/pkcs1.c +0 -21
- data/test/ruby/envutil.rb +0 -208
- data/test/ruby/ut_eof.rb +0 -128
- data/test/test_all.rb +0 -1
- data/test/test_certificate.rb +0 -132
- data/test/test_cipher.rb +0 -197
- data/test/test_imaps.rb +0 -107
- data/test/test_integration.rb +0 -144
- data/test/test_openssl.rb +0 -4
- data/test/test_parse_certificate.rb +0 -27
- data/test/test_pkcs7.rb +0 -56
- data/test/test_pkey_dsa.rb +0 -180
- data/test/test_pkey_rsa.rb +0 -329
- data/test/test_ssl.rb +0 -97
- data/test/test_x509store.rb +0 -168
data/test/1.9/test_pkey_ec.rb
DELETED
@@ -1,182 +0,0 @@
|
|
1
|
-
require_relative 'utils'
|
2
|
-
|
3
|
-
if defined?(OpenSSL::PKey::EC)
|
4
|
-
|
5
|
-
class OpenSSL::TestEC < Test::Unit::TestCase
|
6
|
-
def setup
|
7
|
-
@data1 = 'foo'
|
8
|
-
@data2 = 'bar' * 1000 # data too long for DSA sig
|
9
|
-
|
10
|
-
@group1 = OpenSSL::PKey::EC::Group.new('secp112r1')
|
11
|
-
@group2 = OpenSSL::PKey::EC::Group.new('sect163k1')
|
12
|
-
@group3 = OpenSSL::PKey::EC::Group.new('prime256v1')
|
13
|
-
|
14
|
-
@key1 = OpenSSL::PKey::EC.new
|
15
|
-
@key1.group = @group1
|
16
|
-
@key1.generate_key
|
17
|
-
|
18
|
-
@key2 = OpenSSL::PKey::EC.new(@group2.curve_name)
|
19
|
-
@key2.generate_key
|
20
|
-
|
21
|
-
@key3 = OpenSSL::PKey::EC.new(@group3)
|
22
|
-
@key3.generate_key
|
23
|
-
|
24
|
-
@groups = [@group1, @group2, @group3]
|
25
|
-
@keys = [@key1, @key2, @key3]
|
26
|
-
end
|
27
|
-
|
28
|
-
def compare_keys(k1, k2)
|
29
|
-
assert_equal(k1.to_pem, k2.to_pem)
|
30
|
-
end
|
31
|
-
|
32
|
-
def test_curve_names
|
33
|
-
@groups.each_with_index do |group, idx|
|
34
|
-
key = @keys[idx]
|
35
|
-
assert_equal(group.curve_name, key.group.curve_name)
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
def test_check_key
|
40
|
-
for key in @keys
|
41
|
-
assert_equal(key.check_key, true)
|
42
|
-
assert_equal(key.private_key?, true)
|
43
|
-
assert_equal(key.public_key?, true)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_encoding
|
48
|
-
for group in @groups
|
49
|
-
for meth in [:to_der, :to_pem]
|
50
|
-
txt = group.send(meth)
|
51
|
-
gr = OpenSSL::PKey::EC::Group.new(txt)
|
52
|
-
assert_equal(txt, gr.send(meth))
|
53
|
-
|
54
|
-
assert_equal(group.generator.to_bn, gr.generator.to_bn)
|
55
|
-
assert_equal(group.cofactor, gr.cofactor)
|
56
|
-
assert_equal(group.order, gr.order)
|
57
|
-
assert_equal(group.seed, gr.seed)
|
58
|
-
assert_equal(group.degree, gr.degree)
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
62
|
-
for key in @keys
|
63
|
-
group = key.group
|
64
|
-
|
65
|
-
for meth in [:to_der, :to_pem]
|
66
|
-
txt = key.send(meth)
|
67
|
-
assert_equal(txt, OpenSSL::PKey::EC.new(txt).send(meth))
|
68
|
-
end
|
69
|
-
|
70
|
-
bn = key.public_key.to_bn
|
71
|
-
assert_equal(bn, OpenSSL::PKey::EC::Point.new(group, bn).to_bn)
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
def test_set_keys
|
76
|
-
for key in @keys
|
77
|
-
k = OpenSSL::PKey::EC.new
|
78
|
-
k.group = key.group
|
79
|
-
k.private_key = key.private_key
|
80
|
-
k.public_key = key.public_key
|
81
|
-
|
82
|
-
compare_keys(key, k)
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
def test_dsa_sign_verify
|
87
|
-
for key in @keys
|
88
|
-
sig = key.dsa_sign_asn1(@data1)
|
89
|
-
assert(key.dsa_verify_asn1(@data1, sig))
|
90
|
-
end
|
91
|
-
end
|
92
|
-
|
93
|
-
def test_dsa_sign_asn1_FIPS186_3
|
94
|
-
for key in @keys
|
95
|
-
size = key.group.order.num_bits / 8 + 1
|
96
|
-
dgst = (1..size).to_a.pack('C*')
|
97
|
-
begin
|
98
|
-
sig = key.dsa_sign_asn1(dgst)
|
99
|
-
# dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
|
100
|
-
assert(key.dsa_verify_asn1(dgst + "garbage", sig))
|
101
|
-
rescue OpenSSL::PKey::ECError => e
|
102
|
-
# just an exception for longer dgst before openssl-0.9.8m
|
103
|
-
assert_equal('ECDSA_sign: data too large for key size', e.message)
|
104
|
-
# no need to do following tests
|
105
|
-
return
|
106
|
-
end
|
107
|
-
end
|
108
|
-
end
|
109
|
-
|
110
|
-
def test_dh_compute_key
|
111
|
-
for key in @keys
|
112
|
-
k = OpenSSL::PKey::EC.new(key.group)
|
113
|
-
k.generate_key
|
114
|
-
|
115
|
-
puba = key.public_key
|
116
|
-
pubb = k.public_key
|
117
|
-
a = key.dh_compute_key(pubb)
|
118
|
-
b = k.dh_compute_key(puba)
|
119
|
-
assert_equal(a, b)
|
120
|
-
end
|
121
|
-
end
|
122
|
-
|
123
|
-
def test_read_private_key_der
|
124
|
-
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
125
|
-
der = ec.to_der
|
126
|
-
ec2 = OpenSSL::PKey.read(der)
|
127
|
-
assert(ec2.private_key?)
|
128
|
-
assert_equal(der, ec2.to_der)
|
129
|
-
assert_equal([], OpenSSL.errors)
|
130
|
-
end
|
131
|
-
|
132
|
-
def test_read_private_key_pem
|
133
|
-
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
134
|
-
pem = ec.to_pem
|
135
|
-
ec2 = OpenSSL::PKey.read(pem)
|
136
|
-
assert(ec2.private_key?)
|
137
|
-
assert_equal(pem, ec2.to_pem)
|
138
|
-
assert_equal([], OpenSSL.errors)
|
139
|
-
end
|
140
|
-
|
141
|
-
def test_read_public_key_der
|
142
|
-
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
143
|
-
ec2 = OpenSSL::PKey::EC.new(ec.group)
|
144
|
-
ec2.public_key = ec.public_key
|
145
|
-
der = ec2.to_der
|
146
|
-
ec3 = OpenSSL::PKey.read(der)
|
147
|
-
assert(!ec3.private_key?)
|
148
|
-
assert_equal(der, ec3.to_der)
|
149
|
-
assert_equal([], OpenSSL.errors)
|
150
|
-
end
|
151
|
-
|
152
|
-
def test_read_public_key_pem
|
153
|
-
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
154
|
-
ec2 = OpenSSL::PKey::EC.new(ec.group)
|
155
|
-
ec2.public_key = ec.public_key
|
156
|
-
pem = ec2.to_pem
|
157
|
-
ec3 = OpenSSL::PKey.read(pem)
|
158
|
-
assert(!ec3.private_key?)
|
159
|
-
assert_equal(pem, ec3.to_pem)
|
160
|
-
assert_equal([], OpenSSL.errors)
|
161
|
-
end
|
162
|
-
|
163
|
-
def test_read_private_key_pem_pw
|
164
|
-
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
165
|
-
pem = ec.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
|
166
|
-
#callback form for password
|
167
|
-
ec2 = OpenSSL::PKey.read(pem) do
|
168
|
-
'secret'
|
169
|
-
end
|
170
|
-
assert(ec2.private_key?)
|
171
|
-
# pass password directly
|
172
|
-
ec2 = OpenSSL::PKey.read(pem, 'secret')
|
173
|
-
assert(ec2.private_key?)
|
174
|
-
#omit pem equality check, will be different due to cipher iv
|
175
|
-
assert_equal([], OpenSSL.errors)
|
176
|
-
end
|
177
|
-
|
178
|
-
# test Group: asn1_flag, point_conversion
|
179
|
-
|
180
|
-
end
|
181
|
-
|
182
|
-
end
|
data/test/1.9/test_pkey_rsa.rb
DELETED
@@ -1,244 +0,0 @@
|
|
1
|
-
require_relative 'utils'
|
2
|
-
require 'base64'
|
3
|
-
|
4
|
-
if defined?(OpenSSL)
|
5
|
-
|
6
|
-
class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
|
7
|
-
def test_padding
|
8
|
-
key = OpenSSL::PKey::RSA.new(512, 3)
|
9
|
-
|
10
|
-
# Need right size for raw mode
|
11
|
-
plain0 = "x" * (512/8)
|
12
|
-
cipher = key.private_encrypt(plain0, OpenSSL::PKey::RSA::NO_PADDING)
|
13
|
-
plain1 = key.public_decrypt(cipher, OpenSSL::PKey::RSA::NO_PADDING)
|
14
|
-
assert_equal(plain0, plain1)
|
15
|
-
|
16
|
-
# Need smaller size for pkcs1 mode
|
17
|
-
plain0 = "x" * (512/8 - 11)
|
18
|
-
cipher1 = key.private_encrypt(plain0, OpenSSL::PKey::RSA::PKCS1_PADDING)
|
19
|
-
plain1 = key.public_decrypt(cipher1, OpenSSL::PKey::RSA::PKCS1_PADDING)
|
20
|
-
assert_equal(plain0, plain1)
|
21
|
-
|
22
|
-
cipherdef = key.private_encrypt(plain0) # PKCS1_PADDING is default
|
23
|
-
plain1 = key.public_decrypt(cipherdef)
|
24
|
-
assert_equal(plain0, plain1)
|
25
|
-
assert_equal(cipher1, cipherdef)
|
26
|
-
|
27
|
-
# Failure cases
|
28
|
-
assert_raise(ArgumentError){ key.private_encrypt() }
|
29
|
-
assert_raise(ArgumentError){ key.private_encrypt("hi", 1, nil) }
|
30
|
-
assert_raise(OpenSSL::PKey::RSAError){ key.private_encrypt(plain0, 666) }
|
31
|
-
end
|
32
|
-
|
33
|
-
def test_private
|
34
|
-
key = OpenSSL::PKey::RSA.new(512, 3)
|
35
|
-
assert(key.private?)
|
36
|
-
key2 = OpenSSL::PKey::RSA.new(key.to_der)
|
37
|
-
assert(key2.private?)
|
38
|
-
key3 = key.public_key
|
39
|
-
assert(!key3.private?)
|
40
|
-
key4 = OpenSSL::PKey::RSA.new(key3.to_der)
|
41
|
-
assert(!key4.private?)
|
42
|
-
end
|
43
|
-
|
44
|
-
def test_new
|
45
|
-
key = OpenSSL::PKey::RSA.new 512
|
46
|
-
pem = key.public_key.to_pem
|
47
|
-
OpenSSL::PKey::RSA.new pem
|
48
|
-
assert_equal([], OpenSSL.errors)
|
49
|
-
end
|
50
|
-
|
51
|
-
def test_sign_verify
|
52
|
-
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
53
|
-
digest = OpenSSL::Digest::SHA1.new
|
54
|
-
data = 'Sign me!'
|
55
|
-
sig = key.sign(digest, data)
|
56
|
-
assert(key.verify(digest, sig, data))
|
57
|
-
end
|
58
|
-
|
59
|
-
def test_digest_state_irrelevant_sign
|
60
|
-
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
61
|
-
digest1 = OpenSSL::Digest::SHA1.new
|
62
|
-
digest2 = OpenSSL::Digest::SHA1.new
|
63
|
-
data = 'Sign me!'
|
64
|
-
digest1 << 'Change state of digest1'
|
65
|
-
sig1 = key.sign(digest1, data)
|
66
|
-
sig2 = key.sign(digest2, data)
|
67
|
-
assert_equal(sig1, sig2)
|
68
|
-
end
|
69
|
-
|
70
|
-
def test_digest_state_irrelevant_verify
|
71
|
-
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
72
|
-
digest1 = OpenSSL::Digest::SHA1.new
|
73
|
-
digest2 = OpenSSL::Digest::SHA1.new
|
74
|
-
data = 'Sign me!'
|
75
|
-
sig = key.sign(digest1, data)
|
76
|
-
digest1.reset
|
77
|
-
digest1 << 'Change state of digest1'
|
78
|
-
assert(key.verify(digest1, sig, data))
|
79
|
-
assert(key.verify(digest2, sig, data))
|
80
|
-
end
|
81
|
-
|
82
|
-
def test_read_RSAPublicKey
|
83
|
-
modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351
|
84
|
-
exponent = 65537
|
85
|
-
seq = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)])
|
86
|
-
key = OpenSSL::PKey::RSA.new(seq.to_der)
|
87
|
-
assert(key.public?)
|
88
|
-
assert(!key.private?)
|
89
|
-
assert_equal(modulus, key.n)
|
90
|
-
assert_equal(exponent, key.e)
|
91
|
-
assert_equal(nil, key.d)
|
92
|
-
assert_equal(nil, key.p)
|
93
|
-
assert_equal(nil, key.q)
|
94
|
-
assert_equal([], OpenSSL.errors)
|
95
|
-
end
|
96
|
-
|
97
|
-
def test_read_RSA_PUBKEY
|
98
|
-
modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351
|
99
|
-
exponent = 65537
|
100
|
-
algo = OpenSSL::ASN1::ObjectId.new('rsaEncryption')
|
101
|
-
null_params = OpenSSL::ASN1::Null.new(nil)
|
102
|
-
algo_id = OpenSSL::ASN1::Sequence.new ([algo, null_params])
|
103
|
-
pub_key = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)])
|
104
|
-
seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)])
|
105
|
-
key = OpenSSL::PKey::RSA.new(seq.to_der)
|
106
|
-
assert(key.public?)
|
107
|
-
assert(!key.private?)
|
108
|
-
assert_equal(modulus, key.n)
|
109
|
-
assert_equal(exponent, key.e)
|
110
|
-
assert_equal(nil, key.d)
|
111
|
-
assert_equal(nil, key.p)
|
112
|
-
assert_equal(nil, key.q)
|
113
|
-
assert_equal([], OpenSSL.errors)
|
114
|
-
end
|
115
|
-
|
116
|
-
def test_read_RSAPublicKey_pem
|
117
|
-
modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061
|
118
|
-
exponent = 65537
|
119
|
-
pem = <<-EOF
|
120
|
-
-----BEGIN RSA PUBLIC KEY-----
|
121
|
-
MEgCQQCzyh2RIZK62E2PbTWqUljD+K23XR9AGBKNtXjal6WD2yRGcLqzPJLNCa60
|
122
|
-
AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE=
|
123
|
-
-----END RSA PUBLIC KEY-----
|
124
|
-
EOF
|
125
|
-
key = OpenSSL::PKey::RSA.new(pem)
|
126
|
-
assert(key.public?)
|
127
|
-
assert(!key.private?)
|
128
|
-
assert_equal(modulus, key.n)
|
129
|
-
assert_equal(exponent, key.e)
|
130
|
-
assert_equal(nil, key.d)
|
131
|
-
assert_equal(nil, key.p)
|
132
|
-
assert_equal(nil, key.q)
|
133
|
-
assert_equal([], OpenSSL.errors)
|
134
|
-
end
|
135
|
-
|
136
|
-
def test_read_RSA_PUBKEY_pem
|
137
|
-
modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061
|
138
|
-
exponent = 65537
|
139
|
-
pem = <<-EOF
|
140
|
-
-----BEGIN PUBLIC KEY-----
|
141
|
-
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALPKHZEhkrrYTY9tNapSWMP4rbdd
|
142
|
-
H0AYEo21eNqXpYPbJEZwurM8ks0JrrQC50lHUmhtshsMmtC7oBedaHmT9i0C
|
143
|
-
AwEAAQ==
|
144
|
-
-----END PUBLIC KEY-----
|
145
|
-
EOF
|
146
|
-
key = OpenSSL::PKey::RSA.new(pem)
|
147
|
-
assert(key.public?)
|
148
|
-
assert(!key.private?)
|
149
|
-
assert_equal(modulus, key.n)
|
150
|
-
assert_equal(exponent, key.e)
|
151
|
-
assert_equal(nil, key.d)
|
152
|
-
assert_equal(nil, key.p)
|
153
|
-
assert_equal(nil, key.q)
|
154
|
-
assert_equal([], OpenSSL.errors)
|
155
|
-
end
|
156
|
-
|
157
|
-
def test_export_format_is_RSA_PUBKEY
|
158
|
-
key = OpenSSL::PKey::RSA.new(512)
|
159
|
-
asn1 = OpenSSL::ASN1.decode(key.public_key.to_der)
|
160
|
-
check_PUBKEY(asn1, key)
|
161
|
-
end
|
162
|
-
|
163
|
-
def test_export_format_is_RSA_PUBKEY_pem
|
164
|
-
key = OpenSSL::PKey::RSA.new(512)
|
165
|
-
pem = key.public_key.to_pem
|
166
|
-
pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...-------
|
167
|
-
asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem))
|
168
|
-
check_PUBKEY(asn1, key)
|
169
|
-
end
|
170
|
-
|
171
|
-
def test_read_private_key_der
|
172
|
-
der = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_der
|
173
|
-
key = OpenSSL::PKey.read(der)
|
174
|
-
assert(key.private?)
|
175
|
-
assert_equal(der, key.to_der)
|
176
|
-
assert_equal([], OpenSSL.errors)
|
177
|
-
end
|
178
|
-
|
179
|
-
def test_read_private_key_pem
|
180
|
-
pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem
|
181
|
-
key = OpenSSL::PKey.read(pem)
|
182
|
-
assert(key.private?)
|
183
|
-
assert_equal(pem, key.to_pem)
|
184
|
-
assert_equal([], OpenSSL.errors)
|
185
|
-
end
|
186
|
-
|
187
|
-
def test_read_public_key_der
|
188
|
-
der = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_der
|
189
|
-
key = OpenSSL::PKey.read(der)
|
190
|
-
assert(!key.private?)
|
191
|
-
assert_equal(der, key.to_der)
|
192
|
-
assert_equal([], OpenSSL.errors)
|
193
|
-
end
|
194
|
-
|
195
|
-
def test_read_public_key_pem
|
196
|
-
pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_pem
|
197
|
-
key = OpenSSL::PKey.read(pem)
|
198
|
-
assert(!key.private?)
|
199
|
-
assert_equal(pem, key.to_pem)
|
200
|
-
assert_equal([], OpenSSL.errors)
|
201
|
-
end
|
202
|
-
|
203
|
-
def test_read_private_key_pem_pw
|
204
|
-
pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
|
205
|
-
#callback form for password
|
206
|
-
key = OpenSSL::PKey.read(pem) do
|
207
|
-
'secret'
|
208
|
-
end
|
209
|
-
assert(key.private?)
|
210
|
-
# pass password directly
|
211
|
-
key = OpenSSL::PKey.read(pem, 'secret')
|
212
|
-
assert(key.private?)
|
213
|
-
#omit pem equality check, will be different due to cipher iv
|
214
|
-
assert_equal([], OpenSSL.errors)
|
215
|
-
end
|
216
|
-
|
217
|
-
private
|
218
|
-
|
219
|
-
def check_PUBKEY(asn1, key)
|
220
|
-
assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag)
|
221
|
-
assert_equal(2, asn1.value.size)
|
222
|
-
seq = asn1.value
|
223
|
-
assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag)
|
224
|
-
assert_equal(2, seq[0].value.size)
|
225
|
-
algo_id = seq[0].value
|
226
|
-
assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag)
|
227
|
-
assert_equal('rsaEncryption', algo_id[0].value)
|
228
|
-
assert_equal(OpenSSL::ASN1::NULL, algo_id[1].tag)
|
229
|
-
assert_equal(nil, algo_id[1].value)
|
230
|
-
assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag)
|
231
|
-
assert_equal(0, seq[1].unused_bits)
|
232
|
-
pub_key = OpenSSL::ASN1.decode(seq[1].value)
|
233
|
-
assert_equal(OpenSSL::ASN1::SEQUENCE, pub_key.tag)
|
234
|
-
assert_equal(2, pub_key.value.size)
|
235
|
-
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[0].tag)
|
236
|
-
assert_equal(key.n, pub_key.value[0].value)
|
237
|
-
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag)
|
238
|
-
assert_equal(key.e, pub_key.value[1].value)
|
239
|
-
assert_equal([], OpenSSL.errors)
|
240
|
-
end
|
241
|
-
|
242
|
-
end
|
243
|
-
|
244
|
-
end
|
data/test/1.9/test_ssl.rb
DELETED
@@ -1,499 +0,0 @@
|
|
1
|
-
require_relative "utils"
|
2
|
-
|
3
|
-
if defined?(OpenSSL)
|
4
|
-
|
5
|
-
class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
6
|
-
def test_ctx_setup
|
7
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
8
|
-
assert_equal(ctx.setup, true)
|
9
|
-
assert_equal(ctx.setup, nil)
|
10
|
-
end
|
11
|
-
|
12
|
-
def test_ctx_setup_no_compression
|
13
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
14
|
-
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_COMPRESSION
|
15
|
-
assert_equal(ctx.setup, true)
|
16
|
-
assert_equal(ctx.setup, nil)
|
17
|
-
assert_equal(OpenSSL::SSL::OP_NO_COMPRESSION,
|
18
|
-
ctx.options & OpenSSL::SSL::OP_NO_COMPRESSION)
|
19
|
-
end if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
|
20
|
-
|
21
|
-
def test_not_started_session
|
22
|
-
skip "non socket argument of SSLSocket.new is not supported on this platform" if /mswin|mingw/ =~ RUBY_PLATFORM
|
23
|
-
open(__FILE__) do |f|
|
24
|
-
assert_nil OpenSSL::SSL::SSLSocket.new(f).cert
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
def test_ssl_read_nonblock
|
29
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) { |server, port|
|
30
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
31
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
32
|
-
ssl.sync_close = true
|
33
|
-
ssl.connect
|
34
|
-
assert_raise(IO::WaitReadable) { ssl.read_nonblock(100) }
|
35
|
-
ssl.write("abc\n")
|
36
|
-
IO.select [ssl]
|
37
|
-
assert_equal('a', ssl.read_nonblock(1))
|
38
|
-
assert_equal("bc\n", ssl.read_nonblock(100))
|
39
|
-
assert_raise(IO::WaitReadable) { ssl.read_nonblock(100) }
|
40
|
-
}
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_connect_and_close
|
44
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
45
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
46
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
47
|
-
assert(ssl.connect)
|
48
|
-
ssl.close
|
49
|
-
assert(!sock.closed?)
|
50
|
-
sock.close
|
51
|
-
|
52
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
53
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
54
|
-
ssl.sync_close = true # !!
|
55
|
-
assert(ssl.connect)
|
56
|
-
ssl.close
|
57
|
-
assert(sock.closed?)
|
58
|
-
}
|
59
|
-
end
|
60
|
-
|
61
|
-
def test_read_and_write
|
62
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
63
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
64
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
65
|
-
ssl.sync_close = true
|
66
|
-
ssl.connect
|
67
|
-
|
68
|
-
# puts and gets
|
69
|
-
ITERATIONS.times{
|
70
|
-
str = "x" * 100 + "\n"
|
71
|
-
ssl.puts(str)
|
72
|
-
assert_equal(str, ssl.gets)
|
73
|
-
|
74
|
-
str = "x" * 100
|
75
|
-
ssl.puts(str)
|
76
|
-
assert_equal(str, ssl.gets("\n", 100))
|
77
|
-
assert_equal("\n", ssl.gets)
|
78
|
-
}
|
79
|
-
|
80
|
-
# read and write
|
81
|
-
ITERATIONS.times{|i|
|
82
|
-
str = "x" * 100 + "\n"
|
83
|
-
ssl.write(str)
|
84
|
-
assert_equal(str, ssl.read(str.size))
|
85
|
-
|
86
|
-
str = "x" * i * 100 + "\n"
|
87
|
-
buf = ""
|
88
|
-
ssl.write(str)
|
89
|
-
assert_equal(buf.object_id, ssl.read(str.size, buf).object_id)
|
90
|
-
assert_equal(str, buf)
|
91
|
-
}
|
92
|
-
|
93
|
-
ssl.close
|
94
|
-
}
|
95
|
-
end
|
96
|
-
|
97
|
-
def sysread_size(ssl, size)
|
98
|
-
buf = ''
|
99
|
-
while buf.bytesize < size
|
100
|
-
buf += ssl.sysread(size - buf.bytesize)
|
101
|
-
end
|
102
|
-
buf
|
103
|
-
end
|
104
|
-
|
105
|
-
def test_sysread_chunks
|
106
|
-
args = {}
|
107
|
-
args[:server_proc] = proc { |ctx, ssl|
|
108
|
-
while line = ssl.gets
|
109
|
-
if line =~ /^STARTTLS$/
|
110
|
-
ssl.accept
|
111
|
-
next
|
112
|
-
end
|
113
|
-
ssl.write("0" * 800)
|
114
|
-
ssl.write("1" * 200)
|
115
|
-
ssl.close
|
116
|
-
break
|
117
|
-
end
|
118
|
-
}
|
119
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, args){|server, port|
|
120
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
121
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
122
|
-
ssl.sync_close = true
|
123
|
-
ssl.connect
|
124
|
-
ssl.syswrite("hello\n")
|
125
|
-
assert_equal("0" * 200, sysread_size(ssl, 200))
|
126
|
-
assert_equal("0" * 200, sysread_size(ssl, 200))
|
127
|
-
assert_equal("0" * 200, sysread_size(ssl, 200))
|
128
|
-
assert_equal("0" * 200, sysread_size(ssl, 200))
|
129
|
-
assert_equal("1" * 200, sysread_size(ssl, 200))
|
130
|
-
ssl.close
|
131
|
-
}
|
132
|
-
end
|
133
|
-
|
134
|
-
def test_sysread_buffer
|
135
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
136
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
137
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
138
|
-
ssl.sync_close = true
|
139
|
-
ssl.connect
|
140
|
-
ITERATIONS.times{|i|
|
141
|
-
# the given buffer is cleared before concatenating.
|
142
|
-
# NB: SSLSocket#readpartial depends sysread.
|
143
|
-
str = "x" * i * 100 + "\n"
|
144
|
-
ssl.syswrite(str)
|
145
|
-
buf = "asdf"
|
146
|
-
assert_equal(buf.object_id, ssl.sysread(0, buf).object_id)
|
147
|
-
assert_equal("", buf)
|
148
|
-
|
149
|
-
buf = "asdf"
|
150
|
-
read = ssl.sysread(str.size, buf)
|
151
|
-
assert(!read.empty?)
|
152
|
-
assert_equal(buf.object_id, read.object_id)
|
153
|
-
assert_equal(str[0, buf.bytesize], buf)
|
154
|
-
sysread_size(ssl, str.bytesize - buf.bytesize) # drop unread bytes
|
155
|
-
|
156
|
-
ssl.syswrite(str)
|
157
|
-
read = ssl.sysread(str.size, nil)
|
158
|
-
assert(!read.empty?)
|
159
|
-
assert_equal(str[0, read.bytesize], read)
|
160
|
-
sysread_size(ssl, str.bytesize - read.bytesize) # drop unread bytes
|
161
|
-
}
|
162
|
-
ssl.close
|
163
|
-
}
|
164
|
-
end
|
165
|
-
|
166
|
-
def test_client_auth
|
167
|
-
vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
168
|
-
start_server(PORT, vflag, true){|server, port|
|
169
|
-
assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET){
|
170
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
171
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
172
|
-
ssl.connect
|
173
|
-
}
|
174
|
-
|
175
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
176
|
-
ctx.key = @cli_key
|
177
|
-
ctx.cert = @cli_cert
|
178
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
179
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
180
|
-
ssl.sync_close = true
|
181
|
-
ssl.connect
|
182
|
-
ssl.puts("foo")
|
183
|
-
assert_equal("foo\n", ssl.gets)
|
184
|
-
ssl.close
|
185
|
-
|
186
|
-
called = nil
|
187
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
188
|
-
ctx.client_cert_cb = Proc.new{ |sslconn|
|
189
|
-
called = true
|
190
|
-
[@cli_cert, @cli_key]
|
191
|
-
}
|
192
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
193
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
194
|
-
ssl.sync_close = true
|
195
|
-
ssl.connect
|
196
|
-
assert(called)
|
197
|
-
ssl.puts("foo")
|
198
|
-
assert_equal("foo\n", ssl.gets)
|
199
|
-
ssl.close
|
200
|
-
}
|
201
|
-
end
|
202
|
-
|
203
|
-
def test_client_ca
|
204
|
-
ctx_proc = Proc.new do |ctx|
|
205
|
-
ctx.client_ca = [@ca_cert]
|
206
|
-
end
|
207
|
-
|
208
|
-
vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
209
|
-
start_server(PORT, vflag, true, :ctx_proc => ctx_proc){|server, port|
|
210
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
211
|
-
client_ca_from_server = nil
|
212
|
-
ctx.client_cert_cb = Proc.new do |sslconn|
|
213
|
-
client_ca_from_server = sslconn.client_ca
|
214
|
-
[@cli_cert, @cli_key]
|
215
|
-
end
|
216
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
217
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
218
|
-
ssl.sync_close = true
|
219
|
-
ssl.connect
|
220
|
-
assert_equal([@ca], client_ca_from_server)
|
221
|
-
ssl.close
|
222
|
-
}
|
223
|
-
end
|
224
|
-
|
225
|
-
def test_starttls
|
226
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|server, port|
|
227
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
228
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
229
|
-
ssl.sync_close = true
|
230
|
-
str = "x" * 1000 + "\n"
|
231
|
-
|
232
|
-
OpenSSL::TestUtils.silent do
|
233
|
-
ITERATIONS.times{
|
234
|
-
ssl.puts(str)
|
235
|
-
assert_equal(str, ssl.gets)
|
236
|
-
}
|
237
|
-
starttls(ssl)
|
238
|
-
end
|
239
|
-
|
240
|
-
ITERATIONS.times{
|
241
|
-
ssl.puts(str)
|
242
|
-
assert_equal(str, ssl.gets)
|
243
|
-
}
|
244
|
-
|
245
|
-
ssl.close
|
246
|
-
}
|
247
|
-
end
|
248
|
-
|
249
|
-
def test_parallel
|
250
|
-
GC.start
|
251
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
252
|
-
ssls = []
|
253
|
-
10.times{
|
254
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
255
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
256
|
-
ssl.connect
|
257
|
-
ssl.sync_close = true
|
258
|
-
ssls << ssl
|
259
|
-
}
|
260
|
-
str = "x" * 1000 + "\n"
|
261
|
-
ITERATIONS.times{
|
262
|
-
ssls.each{|ssl|
|
263
|
-
ssl.puts(str)
|
264
|
-
assert_equal(str, ssl.gets)
|
265
|
-
}
|
266
|
-
}
|
267
|
-
ssls.each{|ssl| ssl.close }
|
268
|
-
}
|
269
|
-
end
|
270
|
-
|
271
|
-
def test_verify_result
|
272
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
273
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
274
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
275
|
-
ctx.set_params
|
276
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
277
|
-
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
|
278
|
-
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
|
279
|
-
|
280
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
281
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
282
|
-
ctx.set_params(
|
283
|
-
:verify_callback => Proc.new do |preverify_ok, store_ctx|
|
284
|
-
store_ctx.error = OpenSSL::X509::V_OK
|
285
|
-
true
|
286
|
-
end
|
287
|
-
)
|
288
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
289
|
-
ssl.connect
|
290
|
-
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
|
291
|
-
|
292
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
293
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
294
|
-
ctx.set_params(
|
295
|
-
:verify_callback => Proc.new do |preverify_ok, store_ctx|
|
296
|
-
store_ctx.error = OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION
|
297
|
-
false
|
298
|
-
end
|
299
|
-
)
|
300
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
301
|
-
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
|
302
|
-
assert_equal(OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION, ssl.verify_result)
|
303
|
-
}
|
304
|
-
end
|
305
|
-
|
306
|
-
def test_exception_in_verify_callback_is_ignored
|
307
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
308
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
309
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
310
|
-
ctx.set_params(
|
311
|
-
:verify_callback => Proc.new do |preverify_ok, store_ctx|
|
312
|
-
store_ctx.error = OpenSSL::X509::V_OK
|
313
|
-
raise RuntimeError
|
314
|
-
end
|
315
|
-
)
|
316
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
317
|
-
OpenSSL::TestUtils.silent do
|
318
|
-
# SSLError, not RuntimeError
|
319
|
-
assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
|
320
|
-
end
|
321
|
-
assert_equal(OpenSSL::X509::V_ERR_CERT_REJECTED, ssl.verify_result)
|
322
|
-
ssl.close
|
323
|
-
}
|
324
|
-
end
|
325
|
-
|
326
|
-
def test_sslctx_set_params
|
327
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
328
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
329
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
330
|
-
ctx.set_params
|
331
|
-
assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
|
332
|
-
assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
|
333
|
-
ciphers = ctx.ciphers
|
334
|
-
ciphers_versions = ciphers.collect{|_, v, _, _| v }
|
335
|
-
ciphers_names = ciphers.collect{|v, _, _, _| v }
|
336
|
-
assert(ciphers_names.all?{|v| /ADH/ !~ v })
|
337
|
-
assert(ciphers_versions.all?{|v| /SSLv2/ !~ v })
|
338
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
339
|
-
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
|
340
|
-
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
|
341
|
-
}
|
342
|
-
end
|
343
|
-
|
344
|
-
def test_post_connection_check
|
345
|
-
sslerr = OpenSSL::SSL::SSLError
|
346
|
-
|
347
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
348
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
349
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
350
|
-
ssl.connect
|
351
|
-
assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
|
352
|
-
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
|
353
|
-
assert(ssl.post_connection_check("localhost"))
|
354
|
-
assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
|
355
|
-
|
356
|
-
cert = ssl.peer_cert
|
357
|
-
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
|
358
|
-
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
|
359
|
-
assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
|
360
|
-
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))
|
361
|
-
}
|
362
|
-
|
363
|
-
now = Time.now
|
364
|
-
exts = [
|
365
|
-
["keyUsage","keyEncipherment,digitalSignature",true],
|
366
|
-
["subjectAltName","DNS:localhost.localdomain",false],
|
367
|
-
["subjectAltName","IP:127.0.0.1",false],
|
368
|
-
]
|
369
|
-
@svr_cert = issue_cert(@svr, @svr_key, 4, now, now+1800, exts,
|
370
|
-
@ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
|
371
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
372
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
373
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
374
|
-
ssl.connect
|
375
|
-
assert(ssl.post_connection_check("localhost.localdomain"))
|
376
|
-
assert(ssl.post_connection_check("127.0.0.1"))
|
377
|
-
assert_raise(sslerr){ssl.post_connection_check("localhost")}
|
378
|
-
assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
|
379
|
-
|
380
|
-
cert = ssl.peer_cert
|
381
|
-
assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
|
382
|
-
assert(OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
|
383
|
-
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
|
384
|
-
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))
|
385
|
-
}
|
386
|
-
|
387
|
-
now = Time.now
|
388
|
-
exts = [
|
389
|
-
["keyUsage","keyEncipherment,digitalSignature",true],
|
390
|
-
["subjectAltName","DNS:*.localdomain",false],
|
391
|
-
]
|
392
|
-
@svr_cert = issue_cert(@svr, @svr_key, 5, now, now+1800, exts,
|
393
|
-
@ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
|
394
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
395
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
396
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
397
|
-
ssl.connect
|
398
|
-
assert(ssl.post_connection_check("localhost.localdomain"))
|
399
|
-
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
|
400
|
-
assert_raise(sslerr){ssl.post_connection_check("localhost")}
|
401
|
-
assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
|
402
|
-
cert = ssl.peer_cert
|
403
|
-
assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
|
404
|
-
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
|
405
|
-
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
|
406
|
-
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))
|
407
|
-
}
|
408
|
-
end
|
409
|
-
|
410
|
-
def test_tlsext_hostname
|
411
|
-
return unless OpenSSL::SSL::SSLSocket.instance_methods.include?(:hostname)
|
412
|
-
|
413
|
-
ctx_proc = Proc.new do |ctx, ssl|
|
414
|
-
foo_ctx = ctx.dup
|
415
|
-
|
416
|
-
ctx.servername_cb = Proc.new do |ssl2, hostname|
|
417
|
-
case hostname
|
418
|
-
when 'foo.example.com'
|
419
|
-
foo_ctx
|
420
|
-
when 'bar.example.com'
|
421
|
-
nil
|
422
|
-
else
|
423
|
-
raise "unknown hostname #{hostname.inspect}"
|
424
|
-
end
|
425
|
-
end
|
426
|
-
end
|
427
|
-
|
428
|
-
server_proc = Proc.new do |ctx, ssl|
|
429
|
-
readwrite_loop(ctx, ssl)
|
430
|
-
end
|
431
|
-
|
432
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port|
|
433
|
-
2.times do |i|
|
434
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
435
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
436
|
-
if defined?(OpenSSL::SSL::OP_NO_TICKET)
|
437
|
-
# disable RFC4507 support
|
438
|
-
ctx.options = OpenSSL::SSL::OP_NO_TICKET
|
439
|
-
end
|
440
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
441
|
-
ssl.sync_close = true
|
442
|
-
ssl.hostname = (i & 1 == 0) ? 'foo.example.com' : 'bar.example.com'
|
443
|
-
ssl.connect
|
444
|
-
|
445
|
-
str = "x" * 100 + "\n"
|
446
|
-
ssl.puts(str)
|
447
|
-
assert_equal(str, ssl.gets)
|
448
|
-
|
449
|
-
ssl.close
|
450
|
-
end
|
451
|
-
end
|
452
|
-
end
|
453
|
-
|
454
|
-
def test_multibyte_read_write
|
455
|
-
#German a umlaut
|
456
|
-
auml = [%w{ C3 A4 }.join('')].pack('H*')
|
457
|
-
auml.force_encoding(Encoding::UTF_8)
|
458
|
-
|
459
|
-
[10, 1000, 100000].each {|i|
|
460
|
-
str = nil
|
461
|
-
num_written = nil
|
462
|
-
server_proc = Proc.new {|ctx, ssl|
|
463
|
-
cmp = ssl.read
|
464
|
-
raw_size = cmp.size
|
465
|
-
cmp.force_encoding(Encoding::UTF_8)
|
466
|
-
assert_equal(str, cmp)
|
467
|
-
assert_equal(num_written, raw_size)
|
468
|
-
ssl.close
|
469
|
-
}
|
470
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :server_proc => server_proc){|server, port|
|
471
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
472
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
473
|
-
ssl.sync_close = true
|
474
|
-
ssl.connect
|
475
|
-
str = auml * i
|
476
|
-
num_written = ssl.write(str)
|
477
|
-
ssl.close
|
478
|
-
}
|
479
|
-
}
|
480
|
-
end
|
481
|
-
|
482
|
-
def test_unset_OP_ALL
|
483
|
-
ctx_proc = Proc.new { |ctx|
|
484
|
-
ctx.options = OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
|
485
|
-
}
|
486
|
-
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc){|server, port|
|
487
|
-
sock = TCPSocket.new("127.0.0.1", port)
|
488
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
489
|
-
ssl.sync_close = true
|
490
|
-
ssl.connect
|
491
|
-
ssl.puts('hello')
|
492
|
-
assert_equal("hello\n", ssl.gets)
|
493
|
-
ssl.close
|
494
|
-
}
|
495
|
-
end
|
496
|
-
|
497
|
-
end
|
498
|
-
|
499
|
-
end
|