jruby-openssl 0.8.0.pre3 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest.txt +5 -124
- data/Rakefile +3 -3
- data/lib/shared/jopenssl.jar +0 -0
- data/lib/shared/jopenssl/version.rb +1 -1
- metadata +10 -116
- data/test/1.8/ssl_server.rb +0 -99
- data/test/1.8/test_asn1.rb +0 -212
- data/test/1.8/test_cipher.rb +0 -193
- data/test/1.8/test_config.rb +0 -290
- data/test/1.8/test_digest.rb +0 -88
- data/test/1.8/test_ec.rb +0 -128
- data/test/1.8/test_hmac.rb +0 -46
- data/test/1.8/test_ns_spki.rb +0 -59
- data/test/1.8/test_pair.rb +0 -149
- data/test/1.8/test_pkcs7.rb +0 -489
- data/test/1.8/test_pkey_rsa.rb +0 -49
- data/test/1.8/test_ssl.rb +0 -1032
- data/test/1.8/test_x509cert.rb +0 -277
- data/test/1.8/test_x509crl.rb +0 -253
- data/test/1.8/test_x509ext.rb +0 -99
- data/test/1.8/test_x509name.rb +0 -290
- data/test/1.8/test_x509req.rb +0 -195
- data/test/1.8/test_x509store.rb +0 -246
- data/test/1.8/utils.rb +0 -144
- data/test/1.9/ssl_server.rb +0 -81
- data/test/1.9/test_asn1.rb +0 -589
- data/test/1.9/test_bn.rb +0 -23
- data/test/1.9/test_buffering.rb +0 -88
- data/test/1.9/test_cipher.rb +0 -107
- data/test/1.9/test_config.rb +0 -288
- data/test/1.9/test_digest.rb +0 -118
- data/test/1.9/test_engine.rb +0 -15
- data/test/1.9/test_hmac.rb +0 -32
- data/test/1.9/test_ns_spki.rb +0 -50
- data/test/1.9/test_ocsp.rb +0 -47
- data/test/1.9/test_pair.rb +0 -257
- data/test/1.9/test_pkcs12.rb +0 -209
- data/test/1.9/test_pkcs7.rb +0 -156
- data/test/1.9/test_pkey_dh.rb +0 -72
- data/test/1.9/test_pkey_dsa.rb +0 -224
- data/test/1.9/test_pkey_ec.rb +0 -182
- data/test/1.9/test_pkey_rsa.rb +0 -244
- data/test/1.9/test_ssl.rb +0 -499
- data/test/1.9/test_ssl_session.rb +0 -327
- data/test/1.9/test_x509cert.rb +0 -217
- data/test/1.9/test_x509crl.rb +0 -221
- data/test/1.9/test_x509ext.rb +0 -69
- data/test/1.9/test_x509name.rb +0 -366
- data/test/1.9/test_x509req.rb +0 -150
- data/test/1.9/test_x509store.rb +0 -229
- data/test/1.9/utils.rb +0 -304
- data/test/cert_with_ec_pk.cer +0 -27
- data/test/fixture/ca-bundle.crt +0 -2794
- data/test/fixture/ca_path/72fa7371.0 +0 -19
- data/test/fixture/ca_path/verisign.pem +0 -19
- data/test/fixture/cacert.pem +0 -23
- data/test/fixture/cert_localhost.pem +0 -19
- data/test/fixture/common.pem +0 -48
- data/test/fixture/ids_in_subject_rdn_set.pem +0 -31
- data/test/fixture/imaps/cacert.pem +0 -60
- data/test/fixture/imaps/server.crt +0 -61
- data/test/fixture/imaps/server.key +0 -15
- data/test/fixture/key_then_cert.pem +0 -34
- data/test/fixture/keypair.pem +0 -27
- data/test/fixture/localhost_keypair.pem +0 -18
- data/test/fixture/max.pem +0 -29
- data/test/fixture/purpose/b70a5bc1.0 +0 -24
- data/test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +0 -0
- data/test/fixture/purpose/ca/ca_config.rb +0 -37
- data/test/fixture/purpose/ca/cacert.pem +0 -24
- data/test/fixture/purpose/ca/newcerts/2_cert.pem +0 -19
- data/test/fixture/purpose/ca/newcerts/3_cert.pem +0 -19
- data/test/fixture/purpose/ca/newcerts/4_cert.pem +0 -19
- data/test/fixture/purpose/ca/private/cakeypair.pem +0 -30
- data/test/fixture/purpose/ca/serial +0 -1
- data/test/fixture/purpose/cacert.pem +0 -24
- data/test/fixture/purpose/scripts/gen_cert.rb +0 -127
- data/test/fixture/purpose/scripts/gen_csr.rb +0 -50
- data/test/fixture/purpose/scripts/init_ca.rb +0 -66
- data/test/fixture/purpose/sslclient.pem +0 -19
- data/test/fixture/purpose/sslclient/csr.pem +0 -10
- data/test/fixture/purpose/sslclient/keypair.pem +0 -15
- data/test/fixture/purpose/sslclient/sslclient.pem +0 -19
- data/test/fixture/purpose/sslserver.pem +0 -19
- data/test/fixture/purpose/sslserver/csr.pem +0 -10
- data/test/fixture/purpose/sslserver/keypair.pem +0 -15
- data/test/fixture/purpose/sslserver/sslserver.pem +0 -19
- data/test/fixture/purpose/sslserver_no_dsig_in_keyUsage.pem +0 -19
- data/test/fixture/selfcert.pem +0 -23
- data/test/fixture/verisign.pem +0 -19
- data/test/fixture/verisign_c3.pem +0 -14
- data/test/ref/a.out +0 -0
- data/test/ref/compile.rb +0 -8
- data/test/ref/pkcs1 +0 -0
- data/test/ref/pkcs1.c +0 -21
- data/test/ruby/envutil.rb +0 -208
- data/test/ruby/ut_eof.rb +0 -128
- data/test/test_all.rb +0 -1
- data/test/test_certificate.rb +0 -132
- data/test/test_cipher.rb +0 -197
- data/test/test_imaps.rb +0 -107
- data/test/test_integration.rb +0 -144
- data/test/test_openssl.rb +0 -4
- data/test/test_parse_certificate.rb +0 -27
- data/test/test_pkcs7.rb +0 -56
- data/test/test_pkey_dsa.rb +0 -180
- data/test/test_pkey_rsa.rb +0 -329
- data/test/test_ssl.rb +0 -97
- data/test/test_x509store.rb +0 -168
data/test/test_all.rb
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
Dir.glob("test/test_*.rb").sort.reject{|t| t =~ /test_all/}.each {|t| require t }
|
data/test/test_certificate.rb
DELETED
@@ -1,132 +0,0 @@
|
|
1
|
-
require 'openssl'
|
2
|
-
require "test/unit"
|
3
|
-
|
4
|
-
class TestCertificate < Test::Unit::TestCase
|
5
|
-
def setup
|
6
|
-
cert_file = File.expand_path('fixture/selfcert.pem', File.dirname(__FILE__))
|
7
|
-
key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
|
8
|
-
@cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
9
|
-
@key = OpenSSL::PKey::RSA.new(File.read(key_file))
|
10
|
-
end
|
11
|
-
|
12
|
-
def test_sign_for_pem_initialized_certificate
|
13
|
-
pem = @cert.to_pem
|
14
|
-
exts = @cert.extensions
|
15
|
-
assert_nothing_raised do
|
16
|
-
@cert.sign(@key, OpenSSL::Digest::SHA1.new)
|
17
|
-
end
|
18
|
-
# TODO: for now, jruby-openssl cannot keep order of extensions after sign.
|
19
|
-
# assert_equal(pem, @cert.to_pem)
|
20
|
-
assert_equal(exts.size, @cert.extensions.size)
|
21
|
-
exts.each do |ext|
|
22
|
-
found = @cert.extensions.find { |e| e.oid == ext.oid }
|
23
|
-
assert_not_nil(found)
|
24
|
-
assert_equal(ext.value, found.value)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
def test_set_public_key
|
29
|
-
pkey = @cert.public_key
|
30
|
-
newkey = OpenSSL::PKey::RSA.new(1024)
|
31
|
-
@cert.public_key = newkey
|
32
|
-
assert_equal(newkey.public_key.to_pem, @cert.public_key.to_pem)
|
33
|
-
end
|
34
|
-
|
35
|
-
# JRUBY-3468
|
36
|
-
def test_jruby3468
|
37
|
-
pem_cert = <<END
|
38
|
-
-----BEGIN CERTIFICATE-----
|
39
|
-
MIIC/jCCAmegAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJKUDER
|
40
|
-
MA8GA1UECgwIY3Rvci5vcmcxFDASBgNVBAsMC0RldmVsb3BtZW50MRUwEwYDVQQD
|
41
|
-
DAxodHRwLWFjY2VzczIwHhcNMDcwOTExMTM1ODMxWhcNMDkwOTEwMTM1ODMxWjBN
|
42
|
-
MQswCQYDVQQGEwJKUDERMA8GA1UECgwIY3Rvci5vcmcxFDASBgNVBAsMC0RldmVs
|
43
|
-
b3BtZW50MRUwEwYDVQQDDAxodHRwLWFjY2VzczIwgZ8wDQYJKoZIhvcNAQEBBQAD
|
44
|
-
gY0AMIGJAoGBALi66ujWtUCQm5HpMSyr/AAIFYVXC/dmn7C8TR/HMiUuW3waY4uX
|
45
|
-
LFqCDAGOX4gf177pX+b99t3mpaiAjJuqc858D9xEECzhDWgXdLbhRqWhUOble4RY
|
46
|
-
c1yWYC990IgXJDMKx7VAuZ3cBhdBxtlE9sb1ZCzmHQsvTy/OoRzcJCrTAgMBAAGj
|
47
|
-
ge0wgeowDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9PcGVu
|
48
|
-
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUJNE0GGaRKmN2qhnO
|
49
|
-
FyBWVl4Qj6owDgYDVR0PAQH/BAQDAgEGMHUGA1UdIwRuMGyAFCTRNBhmkSpjdqoZ
|
50
|
-
zhcgVlZeEI+qoVGkTzBNMQswCQYDVQQGEwJKUDERMA8GA1UECgwIY3Rvci5vcmcx
|
51
|
-
FDASBgNVBAsMC0RldmVsb3BtZW50MRUwEwYDVQQDDAxodHRwLWFjY2VzczKCAQEw
|
52
|
-
DQYJKoZIhvcNAQEFBQADgYEAH11tstSUuqFpMqoh/vM5l3Nqb8ygblbqEYQs/iG/
|
53
|
-
UeQkOZk/P1TxB6Ozn2htJ1srqDpUsncFVZ/ecP19GkeOZ6BmIhppcHhE5WyLBcPX
|
54
|
-
It5q1BW0PiAzT9LlEGoaiW0nw39so0Pr1whJDfc1t4fjdk+kSiMIzRHbTDvHWfpV
|
55
|
-
nTA=
|
56
|
-
-----END CERTIFICATE-----
|
57
|
-
END
|
58
|
-
|
59
|
-
cert = OpenSSL::X509::Certificate.new(pem_cert)
|
60
|
-
cert.extensions.each do |ext|
|
61
|
-
value = ext.value
|
62
|
-
crit = ext.critical?
|
63
|
-
case ext.oid
|
64
|
-
when "keyUsage"
|
65
|
-
assert_equal true, crit
|
66
|
-
assert_equal "Key Cert Sign, cRLSign", value
|
67
|
-
when "basicConstraints"
|
68
|
-
assert_equal true, crit
|
69
|
-
assert_equal "CA:TRUE", value
|
70
|
-
when "authorityKeyIdentifier"
|
71
|
-
assert_equal false, crit
|
72
|
-
assert_equal "keyid:80:14:24:D1:34:18:66:91:2A:63:76:AA:19:CE:17:20:56:56:5E:10:8F:AA", value
|
73
|
-
when "subjectKeyIdentifier"
|
74
|
-
assert_equal false, crit
|
75
|
-
assert_equal "24:D1:34:18:66:91:2A:63:76:AA:19:CE:17:20:56:56:5E:10:8F:AA", value
|
76
|
-
when "nsComment"
|
77
|
-
assert_equal false, crit
|
78
|
-
assert_equal "Ruby/OpenSSL Generated Certificate", value
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
|
-
# JRUBY-5060
|
84
|
-
def test_to_pem_with_empty_object
|
85
|
-
empty_cert = "MCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA"
|
86
|
-
empty_req = "MBowEAIAMAAwCDADBgEAAwEAoAAwAwYBAAMBAA=="
|
87
|
-
empty_crl = "MBMwCTADBgEAMAAfADADBgEAAwEA"
|
88
|
-
empty_key = "MAA="
|
89
|
-
#assert_equal(empty_cert, OpenSSL::X509::Certificate.new.to_pem.split("\n")[1])
|
90
|
-
#assert_equal(empty_req, OpenSSL::X509::Request.new.to_pem.split("\n")[1])
|
91
|
-
#assert_equal(empty_crl, OpenSSL::X509::CRL.new.to_pem.split("\n")[1])
|
92
|
-
assert_nothing_raised do
|
93
|
-
OpenSSL::X509::Certificate.new.to_pem
|
94
|
-
end
|
95
|
-
assert_nothing_raised do
|
96
|
-
OpenSSL::X509::Request.new.to_pem
|
97
|
-
end
|
98
|
-
assert_nothing_raised do
|
99
|
-
OpenSSL::X509::CRL.new.to_pem
|
100
|
-
end
|
101
|
-
assert_equal(empty_key, OpenSSL::PKey::RSA.new.to_pem.split("\n")[1].chomp)
|
102
|
-
assert_equal(empty_key, OpenSSL::PKey::DSA.new.to_pem.split("\n")[1].chomp)
|
103
|
-
assert_equal(empty_key, OpenSSL::PKey::DH.new.to_pem.split("\n")[1].chomp)
|
104
|
-
end
|
105
|
-
|
106
|
-
# JRUBY-5096
|
107
|
-
def test_verify_failed_by_lazy_public_key_initialization
|
108
|
-
msg = 'hello,world'
|
109
|
-
digester = OpenSSL::Digest::SHA1.new
|
110
|
-
sig = @key.sign(digester, msg)
|
111
|
-
assert(@cert.public_key.verify(digester, sig, msg))
|
112
|
-
assert(@cert.verify(@cert.public_key))
|
113
|
-
end
|
114
|
-
|
115
|
-
# JRUBY-5253
|
116
|
-
def test_load_key_and_cert_in_one_file
|
117
|
-
file = File.read(File.expand_path('fixture/key_then_cert.pem', File.dirname(__FILE__)))
|
118
|
-
cert = OpenSSL::X509::Certificate.new(file)
|
119
|
-
key = OpenSSL::PKey::RSA.new(file)
|
120
|
-
assert_equal("Tue Dec 7 04:34:54 2010", cert.not_before.asctime)
|
121
|
-
assert_equal(155138628173305760586484923990788939560020632428367464748448028799529480209574373402763304069949574437177088605664104864141770364385183263453740781162330879666907894314877641447552442838727890327086630369910941911916802731723019019303432276515402934176273116832204529025371212188573318159421452591783377914839, key.n)
|
122
|
-
end
|
123
|
-
|
124
|
-
# JRUBY-5834
|
125
|
-
def test_ids_in_subject_rdn_set
|
126
|
-
cert_file = File.expand_path('fixture/ids_in_subject_rdn_set.pem', File.dirname(__FILE__))
|
127
|
-
cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
128
|
-
keys = cert.subject.to_a.map { |k, v| k }.sort
|
129
|
-
assert_equal(10, keys.size)
|
130
|
-
assert_equal(true, keys.include?("CN"))
|
131
|
-
end
|
132
|
-
end
|
data/test/test_cipher.rb
DELETED
@@ -1,197 +0,0 @@
|
|
1
|
-
begin
|
2
|
-
require "openssl"
|
3
|
-
rescue LoadError
|
4
|
-
end
|
5
|
-
|
6
|
-
require "test/unit"
|
7
|
-
|
8
|
-
class TestCipher < Test::Unit::TestCase
|
9
|
-
def test_keylen
|
10
|
-
cipher = OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC')
|
11
|
-
# must be 24 but it returns 16 on JRE6 without unlimited jurisdiction
|
12
|
-
# policy. it returns 24 on JRE6 with the unlimited policy.
|
13
|
-
assert_equal(24, cipher.key_len)
|
14
|
-
end
|
15
|
-
|
16
|
-
def test_encrypt_takes_parameter
|
17
|
-
enc = OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC')
|
18
|
-
enc.encrypt("123")
|
19
|
-
data = enc.update("password")
|
20
|
-
data << enc.final
|
21
|
-
end
|
22
|
-
|
23
|
-
IV_TEMPLATE = "aaaabbbbccccddddeeeeffffgggghhhhiiiijjjjj"
|
24
|
-
KEY_TEMPLATE = "aaaabbbbccccddddeeeeffffgggghhhhiiiijjjjj"
|
25
|
-
|
26
|
-
# JRUBY-1692
|
27
|
-
def test_repeated_des
|
28
|
-
do_repeated_test(
|
29
|
-
"des-ede3-cbc",
|
30
|
-
"foobarbazboofarf",
|
31
|
-
":\022Q\211ex\370\332\374\274\214\356\301\260V\025",
|
32
|
-
"B\242\3531\003\362\3759\363s\203\374\240\030|\230"
|
33
|
-
)
|
34
|
-
end
|
35
|
-
|
36
|
-
# JRUBY-1692
|
37
|
-
def test_repeated_aes
|
38
|
-
do_repeated_test(
|
39
|
-
"aes-128-cbc",
|
40
|
-
"foobarbazboofarf",
|
41
|
-
"\342\260Y\344\306\227\004^\272|/\323<\016,\226",
|
42
|
-
"jqO\305/\211\216\b\373\300\274\bw\213]\310"
|
43
|
-
)
|
44
|
-
end
|
45
|
-
|
46
|
-
def test_rc2
|
47
|
-
do_repeated_test(
|
48
|
-
"RC2",
|
49
|
-
"foobarbazboofarf",
|
50
|
-
"\x18imZ\x9Ed\x15\xF3\xD6\xE6M\xCDf\xAA\xD3\xFE",
|
51
|
-
"\xEF\xF7\x16\x06\x93)-##\xB2~\xAD,\xAD\x82\xF5"
|
52
|
-
)
|
53
|
-
end
|
54
|
-
|
55
|
-
def test_rc4
|
56
|
-
do_repeated_test(
|
57
|
-
"RC4",
|
58
|
-
"foobarbazboofarf",
|
59
|
-
"/i|\257\336U\354\331\212\304E\021\246\351\235\303",
|
60
|
-
"\020\367\370\316\212\262\266e\242\333\263\305z\340\204\200"
|
61
|
-
)
|
62
|
-
end
|
63
|
-
|
64
|
-
def test_cast
|
65
|
-
do_repeated_test(
|
66
|
-
"cast-cbc",
|
67
|
-
"foobarbazboofarf",
|
68
|
-
"`m^\225\277\307\247m`{\f\020fl\ry",
|
69
|
-
"(\354\265\251,D\016\037\251\250V\207\367\214\276B"
|
70
|
-
)
|
71
|
-
end
|
72
|
-
|
73
|
-
# JRUBY-4326 (1)
|
74
|
-
def test_cipher_unsupported_algorithm
|
75
|
-
assert_raise(OpenSSL::Cipher::CipherError) do
|
76
|
-
cipher = OpenSSL::Cipher::Cipher.new('aes-xxxxxxx')
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
# JRUBY-4326 (2)
|
81
|
-
def test_cipher_unsupported_keylen
|
82
|
-
bits_128 = java.lang.String.new("0123456789ABCDEF").getBytes()
|
83
|
-
bits_256 = java.lang.String.new("0123456789ABCDEF0123456789ABCDEF").getBytes()
|
84
|
-
|
85
|
-
# AES128 is allowed
|
86
|
-
cipher = OpenSSL::Cipher::Cipher.new('aes-128-cbc')
|
87
|
-
cipher = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
|
88
|
-
cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding")
|
89
|
-
key_spec = javax.crypto.spec.SecretKeySpec.new(bits_128, "AES")
|
90
|
-
iv_spec = javax.crypto.spec.IvParameterSpec.new(bits_128)
|
91
|
-
assert_nothing_raised do
|
92
|
-
cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, key_spec, iv_spec)
|
93
|
-
end
|
94
|
-
|
95
|
-
# check if AES256 is allowed or not in env policy
|
96
|
-
cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding")
|
97
|
-
key_spec = javax.crypto.spec.SecretKeySpec.new(bits_256, "AES")
|
98
|
-
allowed = false
|
99
|
-
begin
|
100
|
-
cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, key_spec, iv_spec)
|
101
|
-
allowed = true
|
102
|
-
rescue
|
103
|
-
end
|
104
|
-
|
105
|
-
# jruby-openssl should raise as well?
|
106
|
-
# CRuby's openssl raises exception at initialization time.
|
107
|
-
# At this time, jruby-openssl raises later. TODO
|
108
|
-
cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
|
109
|
-
cipher.encrypt
|
110
|
-
cipher.padding = 0
|
111
|
-
if allowed
|
112
|
-
assert_nothing_raised(OpenSSL::Cipher::CipherError) do
|
113
|
-
cipher.pkcs5_keyivgen("password")
|
114
|
-
end
|
115
|
-
else
|
116
|
-
assert_raise(OpenSSL::Cipher::CipherError) do
|
117
|
-
cipher.pkcs5_keyivgen("password")
|
118
|
-
end
|
119
|
-
end
|
120
|
-
end
|
121
|
-
|
122
|
-
def test_iv_length_auto_trim_JRUBY_4012
|
123
|
-
e1 = e2 = nil
|
124
|
-
plain = 'data'
|
125
|
-
des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
|
126
|
-
des.encrypt
|
127
|
-
des.key = '0123456789abcdef01234567890'
|
128
|
-
des.iv = "0" * (128/8) # too long for DES which is a 64 bit block
|
129
|
-
assert_nothing_raised do
|
130
|
-
e1 = des.update(plain) + des.final
|
131
|
-
end
|
132
|
-
des = OpenSSL::Cipher::Cipher.new("des-ede3-cbc")
|
133
|
-
des.encrypt
|
134
|
-
des.key = '0123456789abcdef01234567890'
|
135
|
-
des.iv = "0" * (64/8) # DES is a 64 bit block
|
136
|
-
e2 = des.update(plain) + des.final
|
137
|
-
assert_equal(e2, e1, "JRUBY-4012")
|
138
|
-
end
|
139
|
-
|
140
|
-
# JRUBY-5125
|
141
|
-
def test_rc4_cipher_name
|
142
|
-
assert_equal("RC4", OpenSSL::Cipher::Cipher.new("rc4").name)
|
143
|
-
end
|
144
|
-
|
145
|
-
# JRUBY-5126
|
146
|
-
def test_stream_cipher_reset_should_be_ignored
|
147
|
-
c1 = "%E\x96\xDAZ\xEF\xB2$/\x9F\x02"
|
148
|
-
c2 = ">aV\xB0\xE1l\xF3oyL\x9B"
|
149
|
-
#
|
150
|
-
cipher = OpenSSL::Cipher::Cipher.new("RC4")
|
151
|
-
cipher.encrypt
|
152
|
-
cipher.key = "\0\1\2\3" * (128/8/4)
|
153
|
-
str = cipher.update('hello,world')
|
154
|
-
str += cipher.final
|
155
|
-
assert_equal(c1, str)
|
156
|
-
#
|
157
|
-
cipher.reset
|
158
|
-
cipher.iv = "\0" * 16
|
159
|
-
str = cipher.update('hello,world')
|
160
|
-
str += cipher.final
|
161
|
-
assert_equal(c2, str) # was equal to c1 before the fix
|
162
|
-
end
|
163
|
-
|
164
|
-
private
|
165
|
-
def do_repeated_test(algo, string, enc1, enc2)
|
166
|
-
do_repeated_encrypt_test(algo, string, enc1, enc2)
|
167
|
-
do_repeated_decrypt_test(algo, string, enc1, enc2)
|
168
|
-
end
|
169
|
-
|
170
|
-
def do_repeated_encrypt_test(algo, string, result1, result2)
|
171
|
-
cipher = OpenSSL::Cipher::Cipher.new(algo)
|
172
|
-
cipher.encrypt
|
173
|
-
|
174
|
-
cipher.padding = 0
|
175
|
-
cipher.iv = IV_TEMPLATE[0, cipher.iv_len]
|
176
|
-
cipher.key = KEY_TEMPLATE[0, cipher.key_len]
|
177
|
-
|
178
|
-
assert_equal result1, cipher.update(string)
|
179
|
-
assert_equal "", cipher.final
|
180
|
-
|
181
|
-
assert_equal result2, cipher.update(string) + cipher.final
|
182
|
-
end
|
183
|
-
|
184
|
-
def do_repeated_decrypt_test(algo, result, string1, string2)
|
185
|
-
cipher = OpenSSL::Cipher::Cipher.new(algo)
|
186
|
-
cipher.decrypt
|
187
|
-
|
188
|
-
cipher.padding = 0
|
189
|
-
cipher.iv = IV_TEMPLATE[0, cipher.iv_len]
|
190
|
-
cipher.key = KEY_TEMPLATE[0, cipher.key_len]
|
191
|
-
|
192
|
-
assert_equal result, cipher.update(string1)
|
193
|
-
assert_equal "", cipher.final
|
194
|
-
|
195
|
-
assert_equal result, cipher.update(string2) + cipher.final
|
196
|
-
end
|
197
|
-
end
|
data/test/test_imaps.rb
DELETED
@@ -1,107 +0,0 @@
|
|
1
|
-
require "net/imap"
|
2
|
-
require "test/unit"
|
3
|
-
|
4
|
-
# This testcase is made for 1.8 based on test_imap.rb in CRuby 1.9
|
5
|
-
class IMAPTest < Test::Unit::TestCase
|
6
|
-
CA_FILE = File.expand_path("fixture/imaps/cacert.pem", File.dirname(__FILE__))
|
7
|
-
SERVER_KEY = File.expand_path("fixture/imaps/server.key", File.dirname(__FILE__))
|
8
|
-
SERVER_CERT = File.expand_path("fixture/imaps/server.crt", File.dirname(__FILE__))
|
9
|
-
|
10
|
-
SERVER_ADDR = "127.0.0.1"
|
11
|
-
|
12
|
-
def setup
|
13
|
-
@do_not_reverse_lookup = Socket.do_not_reverse_lookup
|
14
|
-
Socket.do_not_reverse_lookup = true
|
15
|
-
end
|
16
|
-
|
17
|
-
def teardown
|
18
|
-
Socket.do_not_reverse_lookup = @do_not_reverse_lookup
|
19
|
-
end
|
20
|
-
|
21
|
-
def test_imaps_unknown_ca
|
22
|
-
assert_raise(OpenSSL::SSL::SSLError) do
|
23
|
-
imaps_test do |port|
|
24
|
-
Net::IMAP.new("localhost", port, true, nil, true)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_imaps_with_ca_file
|
30
|
-
assert_nothing_raised do
|
31
|
-
imaps_test do |port|
|
32
|
-
Net::IMAP.new("localhost", port, true, CA_FILE, true)
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def test_imaps_login
|
38
|
-
assert_raises(Net::IMAP::ByeResponseError) do
|
39
|
-
imaps_test do |port|
|
40
|
-
imaps = Net::IMAP.new("localhost", port, true, CA_FILE, true)
|
41
|
-
imaps.login('foo@bar.com', 'wrong password')
|
42
|
-
imaps
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_imaps_verify_none
|
48
|
-
assert_nothing_raised do
|
49
|
-
imaps_test do |port|
|
50
|
-
Net::IMAP.new(SERVER_ADDR, port, true, nil, false)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
def test_imaps_post_connection_check
|
56
|
-
assert_raise(OpenSSL::SSL::SSLError) do
|
57
|
-
imaps_test do |port|
|
58
|
-
# SERVER_ADDR is different from the hostname in the certificate,
|
59
|
-
# so the following code should raise a SSLError.
|
60
|
-
Net::IMAP.new(SERVER_ADDR, port, true, CA_FILE, true)
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
private
|
66
|
-
|
67
|
-
def imaps_test
|
68
|
-
server = create_tcp_server
|
69
|
-
port = server.addr[1]
|
70
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
71
|
-
ctx.ca_file = CA_FILE
|
72
|
-
ctx.key = OpenSSL::PKey::RSA.new(File.read(SERVER_KEY))
|
73
|
-
ctx.cert = OpenSSL::X509::Certificate.new(File.read(SERVER_CERT))
|
74
|
-
ssl_server = OpenSSL::SSL::SSLServer.new(server, ctx)
|
75
|
-
Thread.start do
|
76
|
-
begin
|
77
|
-
sock = ssl_server.accept
|
78
|
-
begin
|
79
|
-
sock.print("* OK test server\r\n")
|
80
|
-
sock.read(10) # emulates half-read for JRUBY-5200
|
81
|
-
sock.print("* BYE terminating connection\r\n")
|
82
|
-
sock.print("RUBY0001 OK LOGOUT completed\r\n")
|
83
|
-
sock.gets
|
84
|
-
ensure
|
85
|
-
sock.close
|
86
|
-
end
|
87
|
-
rescue
|
88
|
-
end
|
89
|
-
end
|
90
|
-
begin
|
91
|
-
begin
|
92
|
-
imap = yield(port)
|
93
|
-
imap.logout if !imap.disconnected?
|
94
|
-
ensure
|
95
|
-
imap.disconnect if imap && !imap.disconnected?
|
96
|
-
end
|
97
|
-
rescue IOError
|
98
|
-
# ignore
|
99
|
-
ensure
|
100
|
-
ssl_server.close
|
101
|
-
end
|
102
|
-
end
|
103
|
-
|
104
|
-
def create_tcp_server
|
105
|
-
return TCPServer.new(SERVER_ADDR, 0)
|
106
|
-
end
|
107
|
-
end
|
data/test/test_integration.rb
DELETED
@@ -1,144 +0,0 @@
|
|
1
|
-
begin
|
2
|
-
require "openssl"
|
3
|
-
rescue LoadError
|
4
|
-
end
|
5
|
-
require "test/unit"
|
6
|
-
require 'net/https'
|
7
|
-
|
8
|
-
class TestIntegration < Test::Unit::TestCase
|
9
|
-
def path(file)
|
10
|
-
File.expand_path(file, File.dirname(__FILE__))
|
11
|
-
end
|
12
|
-
|
13
|
-
# JRUBY-2471
|
14
|
-
def _test_drb
|
15
|
-
config = {
|
16
|
-
:SSLVerifyMode => OpenSSL::SSL::VERIFY_PEER,
|
17
|
-
:SSLCACertificateFile => File.join(File.dirname(__FILE__), "fixture", "cacert.pem"),
|
18
|
-
:SSLPrivateKey => OpenSSL::PKey::RSA.new(File.read(File.join(File.dirname(__FILE__), "fixture", "localhost_keypair.pem"))),
|
19
|
-
:SSLCertificate => OpenSSL::X509::Certificate.new(File.read(File.join(File.dirname(__FILE__), "fixture", "cert_localhost.pem"))),
|
20
|
-
}
|
21
|
-
p config
|
22
|
-
DRb.start_service(nil, nil, config)
|
23
|
-
end
|
24
|
-
|
25
|
-
# JRUBY-2913
|
26
|
-
# Warning - this test actually uses the internet connection.
|
27
|
-
# If there is no connection, it will fail.
|
28
|
-
def test_ca_path_name
|
29
|
-
uri = URI.parse('https://www.amazon.com')
|
30
|
-
http = Net::HTTP.new(uri.host, uri.port)
|
31
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
32
|
-
http.ca_path = path("fixture/ca_path/")
|
33
|
-
http.use_ssl = true
|
34
|
-
response = http.start do |s|
|
35
|
-
assert s.get(uri.request_uri).length > 0
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
# Warning - this test actually uses the internet connection.
|
40
|
-
# If there is no connection, it will fail.
|
41
|
-
def test_ssl_verify
|
42
|
-
uri = URI.parse('https://www.amazon.com/')
|
43
|
-
http = Net::HTTP.new(uri.host, uri.port)
|
44
|
-
http.use_ssl = true
|
45
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
46
|
-
# right trust anchor for www.amazon.com
|
47
|
-
http.ca_file = path('fixture/verisign.pem')
|
48
|
-
response = http.start do |s|
|
49
|
-
assert s.get(uri.request_uri).length > 0
|
50
|
-
end
|
51
|
-
# wrong trust anchor for www.amazon.com
|
52
|
-
http = Net::HTTP.new(uri.host, uri.port)
|
53
|
-
http.use_ssl = true
|
54
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
55
|
-
http.ca_file = path('fixture/verisign_c3.pem')
|
56
|
-
assert_raise(OpenSSL::SSL::SSLError) do
|
57
|
-
# it must cause SSLError for verification failure.
|
58
|
-
response = http.start do |s|
|
59
|
-
s.get(uri.request_uri)
|
60
|
-
end
|
61
|
-
end
|
62
|
-
# round trip
|
63
|
-
http = Net::HTTP.new(uri.host, uri.port)
|
64
|
-
http.use_ssl = true
|
65
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
66
|
-
http.ca_file = path('fixture/verisign.pem')
|
67
|
-
response = http.start do |s|
|
68
|
-
assert s.get(uri.request_uri).length > 0
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
# Warning - this test actually uses the internet connection.
|
73
|
-
# If there is no connection, it will fail.
|
74
|
-
def test_pathlen_does_not_appear
|
75
|
-
uri = URI.parse('https://www.paypal.com/')
|
76
|
-
http = Net::HTTP.new(uri.host, uri.port)
|
77
|
-
http.use_ssl = true
|
78
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
79
|
-
# right trust anchor for www.amazon.com
|
80
|
-
http.ca_file = path('fixture/verisign_c3.pem')
|
81
|
-
response = http.start do |s|
|
82
|
-
assert s.get(uri.request_uri).length > 0
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
# JRUBY-2178 and JRUBY-1307
|
87
|
-
# Warning - this test actually uses the internet connection.
|
88
|
-
# If there is no connection, it will fail.
|
89
|
-
# This test generally throws an exception
|
90
|
-
# about illegal_parameter when
|
91
|
-
# it can't use the cipher string correctly
|
92
|
-
def test_cipher_strings
|
93
|
-
socket = TCPSocket.new('rubyforge.org', 443)
|
94
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
95
|
-
ctx.cert_store = OpenSSL::X509::Store.new
|
96
|
-
ctx.verify_mode = 0
|
97
|
-
ctx.cert = nil
|
98
|
-
ctx.key = nil
|
99
|
-
ctx.client_ca = nil
|
100
|
-
ctx.ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
|
101
|
-
|
102
|
-
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ctx)
|
103
|
-
ssl_socket.connect
|
104
|
-
ssl_socket.close
|
105
|
-
end
|
106
|
-
|
107
|
-
# JRUBY-1194
|
108
|
-
def test_des_encryption
|
109
|
-
iv = "IVIVIVIV"
|
110
|
-
key = "KEYKEYKE"
|
111
|
-
alg = "des"
|
112
|
-
str = "string abc foo bar baxz"
|
113
|
-
|
114
|
-
cipher = OpenSSL::Cipher::Cipher.new(alg)
|
115
|
-
cipher.encrypt
|
116
|
-
cipher.key = key
|
117
|
-
cipher.iv = iv
|
118
|
-
cipher.padding = 32
|
119
|
-
cipher.key = key
|
120
|
-
cipher.iv = iv
|
121
|
-
|
122
|
-
encrypted = cipher.update(str)
|
123
|
-
encrypted << cipher.final
|
124
|
-
|
125
|
-
assert_equal "\253\305\306\372;\374\235\302\357/\006\360\355XO\232\312S\356* #\227\217", encrypted
|
126
|
-
end
|
127
|
-
|
128
|
-
def _test_perf_of_nil
|
129
|
-
# require 'net/https'
|
130
|
-
# require 'benchmark'
|
131
|
-
|
132
|
-
# def request(data)
|
133
|
-
# connection = Net::HTTP.new("www.google.com", 443)
|
134
|
-
# connection.use_ssl = true
|
135
|
-
# connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
136
|
-
# connection.start do |connection|
|
137
|
-
# connection.request_post("/tbproxy/spell?lang=en", data, { 'User-Agent' => "Test", 'Accept' => 'text/xml' })
|
138
|
-
# end
|
139
|
-
# end
|
140
|
-
|
141
|
-
# puts "is not: #{Benchmark.measure { request("") }.to_s.chomp}"
|
142
|
-
# puts "is nil: #{Benchmark.measure { request(nil) }.to_s.chomp}"
|
143
|
-
end
|
144
|
-
end
|