spiderfw 0.6.23 → 0.6.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. data/CHANGELOG +10 -1
  2. data/README.rdoc +1 -1
  3. data/VERSION +1 -1
  4. data/apps/config_editor/_init.rb +1 -2
  5. data/apps/config_editor/controllers/config_editor_controller.rb +1 -7
  6. data/apps/core/admin/controllers/admin_controller.rb +1 -1
  7. data/apps/core/admin/public/css/sass/admin.css +35 -31
  8. data/apps/core/admin/public/sass/admin.scss +6 -1
  9. data/apps/core/components/widgets/crud/crud.shtml +2 -2
  10. data/apps/core/components/widgets/table/table.rb +5 -5
  11. data/apps/core/forms/tags/element_row.erb +15 -10
  12. data/apps/core/forms/widgets/form/form.rb +35 -22
  13. data/apps/core/forms/widgets/inputs/checkbox/checkbox.shtml +2 -2
  14. data/apps/core/forms/widgets/inputs/date_time/date_time.shtml +2 -2
  15. data/apps/core/forms/widgets/inputs/file_input/file_input.shtml +2 -2
  16. data/apps/core/forms/widgets/inputs/html_area/html_area.shtml +2 -2
  17. data/apps/core/forms/widgets/inputs/input/input.shtml +2 -2
  18. data/apps/core/forms/widgets/inputs/password/password.shtml +2 -2
  19. data/apps/core/forms/widgets/inputs/search_select/search_select.shtml +1 -1
  20. data/apps/core/forms/widgets/inputs/select/select.shtml +2 -2
  21. data/apps/core/forms/widgets/inputs/text/text.shtml +2 -2
  22. data/apps/core/forms/widgets/inputs/text_area/text_area.shtml +2 -2
  23. data/apps/core/forms/widgets/inputs/time_span/time_span.shtml +1 -1
  24. data/blueprints/home/config.ru +8 -0
  25. data/lib/spiderfw/app.rb +416 -224
  26. data/lib/spiderfw/cmd/commands/app.rb +243 -239
  27. data/lib/spiderfw/cmd/commands/cert.rb +421 -417
  28. data/lib/spiderfw/cmd/commands/config.rb +85 -82
  29. data/lib/spiderfw/cmd/commands/console.rb +64 -40
  30. data/lib/spiderfw/cmd/commands/content.rb +29 -25
  31. data/lib/spiderfw/cmd/commands/create.rb +58 -54
  32. data/lib/spiderfw/cmd/commands/model.rb +118 -114
  33. data/lib/spiderfw/cmd/commands/setup.rb +55 -51
  34. data/lib/spiderfw/cmd/commands/test.rb +63 -59
  35. data/lib/spiderfw/cmd/commands/webserver.rb +56 -51
  36. data/lib/spiderfw/config/options/spider.rb +4 -3
  37. data/lib/spiderfw/controller/controller.rb +2 -0
  38. data/lib/spiderfw/controller/http_controller.rb +1 -2
  39. data/lib/spiderfw/controller/mixins/static_content.rb +3 -3
  40. data/lib/spiderfw/controller/mixins/visual.rb +30 -15
  41. data/lib/spiderfw/controller/response.rb +84 -0
  42. data/lib/spiderfw/controller/session/file_session.rb +2 -2
  43. data/lib/spiderfw/http/adapters/rack.rb +12 -13
  44. data/lib/spiderfw/http/server.rb +80 -46
  45. data/lib/spiderfw/i18n/cldr.rb +6 -9
  46. data/lib/spiderfw/model/base_model.rb +103 -23
  47. data/lib/spiderfw/model/condition.rb +110 -25
  48. data/lib/spiderfw/model/mappers/db_mapper.rb +14 -6
  49. data/lib/spiderfw/model/mappers/mapper.rb +440 -197
  50. data/lib/spiderfw/model/model.rb +105 -21
  51. data/lib/spiderfw/model/model_hash.rb +9 -1
  52. data/lib/spiderfw/model/query.rb +50 -9
  53. data/lib/spiderfw/model/query_set.rb +211 -44
  54. data/lib/spiderfw/model/request.rb +28 -21
  55. data/lib/spiderfw/model/storage/base_storage.rb +125 -10
  56. data/lib/spiderfw/model/storage/db/db_storage.rb +7 -4
  57. data/lib/spiderfw/model/storage.rb +8 -1
  58. data/lib/spiderfw/setup/spider_setup_wizard.rb +9 -7
  59. data/lib/spiderfw/spider.rb +270 -43
  60. data/lib/spiderfw/templates/layout.rb +9 -4
  61. data/lib/spiderfw/templates/resources/sass.rb +3 -2
  62. data/lib/spiderfw/templates/template.rb +1 -0
  63. data/lib/spiderfw/utils/annotations.rb +3 -1
  64. data/lib/spiderfw/utils/logger.rb +1 -1
  65. data/lib/spiderfw/utils/monkey/symbol.rb +4 -2
  66. data/lib/spiderfw/utils/shared_store/file_shared_store.rb +2 -2
  67. data/lib/spiderfw/utils/thread_out.rb +3 -1
  68. data/public/css/error_page.css +83 -0
  69. data/public/js/error_page.js +5 -0
  70. data/spider.gemspec +4 -1
  71. data/templates/email/error.erb +9 -0
  72. metadata +28 -12
  73. data/apps/config_editor/widgets/edit_bool/edit_bool.rb +0 -8
  74. data/apps/config_editor/widgets/edit_bool/edit_bool.shtml +0 -5
@@ -1,427 +1,431 @@
1
- class CertCommand < CmdParse::Command
1
+ module Spider::CommandLine
2
2
 
3
+ class CertCommand < CmdParse::Command
3
4
 
4
- def initialize
5
- super( 'cert', true, true )
6
- @short_desc = _("Manage certificates")
7
- # @description = _("")
8
-
9
- # start
10
- generate = CmdParse::Command.new( 'generate', false )
11
- generate.short_desc = _("Generate new X.509")
12
- generate.options = CmdParse::OptionParserWrapper.new do |opt|
13
- opt.on("--path path", _("Where to generate the certificate"), "-p") { |path|
14
- @path = path
15
- }
16
- opt.on("--org label", _("Name of the organization to generate the certificate for"), "-o"){ |org|
17
- @org = org
18
- }
19
- end
20
- generate.set_execution_block do |args|
21
- require 'spiderfw'
22
- Spider.init_base
23
- require 'openssl'
24
- @path ||= Spider.paths[:certs]
25
- @org ||= 'default'
26
- path = @path+'/'+@org
27
- orgs = Spider.conf.get('orgs')
28
- o = orgs[@org] if orgs
29
- raise _("You have to configure the organization '#{@org}' to generate a certificate") unless o
30
- raise _("You have to set the organization name for '#{@org}' in configuration") unless o['name']
31
- raise _("You have to set the organization country code for '#{@org}' in configuration") unless o['country_code']
32
- raise _("You have to set the organization state for '#{@org}' in configuration") unless o['state']
33
- raise _("You have to set the organization city for '#{@org}' in configuration") unless o['city']
34
- raise _("You have to set the organization common name for '#{@org}' in configuration") unless o['common_name']
35
- raise _("You have to set the organization email address for '#{@org}' in configuration") unless o['email']
36
- id = "/C=#{o['country_code']}/ST=#{o['state']}/L=#{o['city']}"
37
- id += "/OU=#{o['organizational_unit']}" if o['organizational_unit']
38
- id += "/CN=#{o['common_name']}/emailAddress=#{o['email']}"
39
- FileUtils.mkpath(path+'/private')
40
- key = OpenSSL::PKey::RSA.generate(4096)
41
- pub = key.public_key
42
- # O => organization (Example company)
43
- # OU => organizational unit (Test department)
44
- # CN => common name (my company name)
45
- # /C=US/ST=Florida/L=Miami/O=Waitingf/OU=Poopstat/CN=waitingf.org/emailAddress=bkerley@brycekerley.net
46
- ca = OpenSSL::X509::Name.parse(id)
47
- cert = OpenSSL::X509::Certificate.new
48
- cert.version = 2
49
- cert.serial = 1
50
- cert.subject = ca
51
- cert.issuer = ca
52
- cert.public_key = pub
53
- cert.not_before = Time.now
54
- cert.not_after = Time.now + (60*60*24*356*3)
55
- cert.sign(key, OpenSSL::Digest::SHA1.new)
56
- File.open(path+"/public.pem", "w"){ |f| f.write pub.to_pem }
57
- File.open(path+"/private/key.pem", "w") { |f| f.write key.to_pem }
58
- File.open(path+"/cert.pem", "w") { |f| f.write cert.to_pem }
59
- end
60
- self.add_command( generate )
61
5
 
62
- # stop
6
+ def initialize
7
+ super( 'cert', true, true )
8
+ @short_desc = _("Manage certificates")
9
+ # @description = _("")
10
+
11
+ # start
12
+ generate = CmdParse::Command.new( 'generate', false )
13
+ generate.short_desc = _("Generate new X.509")
14
+ generate.options = CmdParse::OptionParserWrapper.new do |opt|
15
+ opt.on("--path path", _("Where to generate the certificate"), "-p") { |path|
16
+ @path = path
17
+ }
18
+ opt.on("--org label", _("Name of the organization to generate the certificate for"), "-o"){ |org|
19
+ @org = org
20
+ }
21
+ end
22
+ generate.set_execution_block do |args|
23
+ require 'spiderfw'
24
+ Spider.init_base
25
+ require 'openssl'
26
+ @path ||= Spider.paths[:certs]
27
+ @org ||= 'default'
28
+ path = @path+'/'+@org
29
+ orgs = Spider.conf.get('orgs')
30
+ o = orgs[@org] if orgs
31
+ raise _("You have to configure the organization '#{@org}' to generate a certificate") unless o
32
+ raise _("You have to set the organization name for '#{@org}' in configuration") unless o['name']
33
+ raise _("You have to set the organization country code for '#{@org}' in configuration") unless o['country_code']
34
+ raise _("You have to set the organization state for '#{@org}' in configuration") unless o['state']
35
+ raise _("You have to set the organization city for '#{@org}' in configuration") unless o['city']
36
+ raise _("You have to set the organization common name for '#{@org}' in configuration") unless o['common_name']
37
+ raise _("You have to set the organization email address for '#{@org}' in configuration") unless o['email']
38
+ id = "/C=#{o['country_code']}/ST=#{o['state']}/L=#{o['city']}"
39
+ id += "/OU=#{o['organizational_unit']}" if o['organizational_unit']
40
+ id += "/CN=#{o['common_name']}/emailAddress=#{o['email']}"
41
+ FileUtils.mkpath(path+'/private')
42
+ key = OpenSSL::PKey::RSA.generate(4096)
43
+ pub = key.public_key
44
+ # O => organization (Example company)
45
+ # OU => organizational unit (Test department)
46
+ # CN => common name (my company name)
47
+ # /C=US/ST=Florida/L=Miami/O=Waitingf/OU=Poopstat/CN=waitingf.org/emailAddress=bkerley@brycekerley.net
48
+ ca = OpenSSL::X509::Name.parse(id)
49
+ cert = OpenSSL::X509::Certificate.new
50
+ cert.version = 2
51
+ cert.serial = 1
52
+ cert.subject = ca
53
+ cert.issuer = ca
54
+ cert.public_key = pub
55
+ cert.not_before = Time.now
56
+ cert.not_after = Time.now + (60*60*24*356*3)
57
+ cert.sign(key, OpenSSL::Digest::SHA1.new)
58
+ File.open(path+"/public.pem", "w"){ |f| f.write pub.to_pem }
59
+ File.open(path+"/private/key.pem", "w") { |f| f.write key.to_pem }
60
+ File.open(path+"/cert.pem", "w") { |f| f.write cert.to_pem }
61
+ end
62
+ self.add_command( generate )
63
+
64
+ # stop
63
65
 
64
66
 
67
+ end
68
+
65
69
  end
66
70
 
67
- end
68
71
 
69
72
 
73
+ # Documentation:
74
+ #
75
+ # require "openssl"
76
+ # require "test/unit"
77
+ #
78
+ # module OpenSSL::TestUtils
79
+ # TEST_KEY_RSA1024 = OpenSSL::PKey::RSA.new <<-_end_of_pem_
80
+ # -----BEGIN RSA PRIVATE KEY-----
81
+ # MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
82
+ # aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
83
+ # Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
84
+ # AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
85
+ # maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
86
+ # gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572
87
+ # 74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE
88
+ # JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX
89
+ # sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII
90
+ # 8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA
91
+ # wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi
92
+ # qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD
93
+ # dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA==
94
+ # -----END RSA PRIVATE KEY-----
95
+ # _end_of_pem_
96
+ #
97
+ # TEST_KEY_RSA2048 = OpenSSL::PKey::RSA.new <<-_end_of_pem_
98
+ # -----BEGIN RSA PRIVATE KEY-----
99
+ # MIIEpAIBAAKCAQEAuV9ht9J7k4NBs38jOXvvTKY9gW8nLICSno5EETR1cuF7i4pN
100
+ # s9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enenfzq/t/e/1IRW0wkJUJUFQign
101
+ # 4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWmqbjs07JbuS4QQGGXLc+Su96D
102
+ # kYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v68JkRFIhdGlb6JL8fllf/A/bl
103
+ # NwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX9KZYcU00mOX+fdxOSnGqS/8J
104
+ # DRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wIDAQABAoIBAAzsamqfYQAqwXTb
105
+ # I0CJtGg6msUgU7HVkOM+9d3hM2L791oGHV6xBAdpXW2H8LgvZHJ8eOeSghR8+dgq
106
+ # PIqAffo4x1Oma+FOg3A0fb0evyiACyrOk+EcBdbBeLo/LcvahBtqnDfiUMQTpy6V
107
+ # seSoFCwuN91TSCeGIsDpRjbG1vxZgtx+uI+oH5+ytqJOmfCksRDCkMglGkzyfcl0
108
+ # Xc5CUhIJ0my53xijEUQl19rtWdMnNnnkdbG8PT3LZlOta5Do86BElzUYka0C6dUc
109
+ # VsBDQ0Nup0P6rEQgy7tephHoRlUGTYamsajGJaAo1F3IQVIrRSuagi7+YpSpCqsW
110
+ # wORqorkCgYEA7RdX6MDVrbw7LePnhyuaqTiMK+055/R1TqhB1JvvxJ1CXk2rDL6G
111
+ # 0TLHQ7oGofd5LYiemg4ZVtWdJe43BPZlVgT6lvL/iGo8JnrncB9Da6L7nrq/+Rvj
112
+ # XGjf1qODCK+LmreZWEsaLPURIoR/Ewwxb9J2zd0CaMjeTwafJo1CZvcCgYEAyCgb
113
+ # aqoWvUecX8VvARfuA593Lsi50t4MEArnOXXcd1RnXoZWhbx5rgO8/ATKfXr0BK/n
114
+ # h2GF9PfKzHFm/4V6e82OL7gu/kLy2u9bXN74vOvWFL5NOrOKPM7Kg+9I131kNYOw
115
+ # Ivnr/VtHE5s0dY7JChYWE1F3vArrOw3T00a4CXUCgYEA0SqY+dS2LvIzW4cHCe9k
116
+ # IQqsT0yYm5TFsUEr4sA3xcPfe4cV8sZb9k/QEGYb1+SWWZ+AHPV3UW5fl8kTbSNb
117
+ # v4ng8i8rVVQ0ANbJO9e5CUrepein2MPL0AkOATR8M7t7dGGpvYV0cFk8ZrFx0oId
118
+ # U0PgYDotF/iueBWlbsOM430CgYEAqYI95dFyPI5/AiSkY5queeb8+mQH62sdcCCr
119
+ # vd/w/CZA/K5sbAo4SoTj8dLk4evU6HtIa0DOP63y071eaxvRpTNqLUOgmLh+D6gS
120
+ # Cc7TfLuFrD+WDBatBd5jZ+SoHccVrLR/4L8jeodo5FPW05A+9gnKXEXsTxY4LOUC
121
+ # 9bS4e1kCgYAqVXZh63JsMwoaxCYmQ66eJojKa47VNrOeIZDZvd2BPVf30glBOT41
122
+ # gBoDG3WMPZoQj9pb7uMcrnvs4APj2FIhMU8U15LcPAj59cD6S6rWnAxO8NFK7HQG
123
+ # 4Jxg3JNNf8ErQoCHb1B3oVdXJkmbJkARoDpBKmTCgKtP8ADYLmVPQw==
124
+ # -----END RSA PRIVATE KEY-----
125
+ # _end_of_pem_
126
+ #
127
+ # TEST_KEY_DSA256 = OpenSSL::PKey::DSA.new <<-_end_of_pem_
128
+ # -----BEGIN DSA PRIVATE KEY-----
129
+ # MIH3AgEAAkEAhk2libbY2a8y2Pt21+YPYGZeW6wzaW2yfj5oiClXro9XMR7XWLkE
130
+ # 9B7XxLNFCS2gmCCdMsMW1HulaHtLFQmB2wIVAM43JZrcgpu6ajZ01VkLc93gu/Ed
131
+ # AkAOhujZrrKV5CzBKutKLb0GVyVWmdC7InoNSMZEeGU72rT96IjM59YzoqmD0pGM
132
+ # 3I1o4cGqg1D1DfM1rQlnN1eSAkBq6xXfEDwJ1mLNxF6q8Zm/ugFYWR5xcX/3wFiT
133
+ # b4+EjHP/DbNh9Vm5wcfnDBJ1zKvrMEf2xqngYdrV/3CiGJeKAhRvL57QvJZcQGvn
134
+ # ISNX5cMzFHRW3Q==
135
+ # -----END DSA PRIVATE KEY-----
136
+ # _end_of_pem_
137
+ #
138
+ # TEST_KEY_DSA512 = OpenSSL::PKey::DSA.new <<-_end_of_pem_
139
+ # -----BEGIN DSA PRIVATE KEY-----
140
+ # MIH4AgEAAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgTYiEEHaOYhkIxv0Ok
141
+ # RZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB4DZGH7UyarcaGy6D
142
+ # AkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqoji3/lHdKoVdTQNuR
143
+ # S/m6DlCwhjRjiQ/lBRgCLCcaAkEAjN891JBjzpMj4bWgsACmMggFf57DS0Ti+5++
144
+ # Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
145
+ # 55jreJD3Se3slps=
146
+ # -----END DSA PRIVATE KEY-----
147
+ # _end_of_pem_
148
+ #
149
+ # module_function
150
+ #
151
+ # def issue_cert(dn, key, serial, not_before, not_after, extensions,
152
+ # issuer, issuer_key, digest)
153
+ # cert = OpenSSL::X509::Certificate.new
154
+ # issuer = cert unless issuer
155
+ # issuer_key = key unless issuer_key
156
+ # cert.version = 2
157
+ # cert.serial = serial
158
+ # cert.subject = dn
159
+ # cert.issuer = issuer.subject
160
+ # cert.public_key = key.public_key
161
+ # cert.not_before = not_before
162
+ # cert.not_after = not_after
163
+ # ef = OpenSSL::X509::ExtensionFactory.new
164
+ # ef.subject_certificate = cert
165
+ # ef.issuer_certificate = issuer
166
+ # extensions.each{|oid, value, critical|
167
+ # cert.add_extension(ef.create_extension(oid, value, critical))
168
+ # }
169
+ # cert.sign(issuer_key, digest)
170
+ # cert
171
+ # end
172
+ #
173
+ # def issue_crl(revoke_info, serial, lastup, nextup, extensions,
174
+ # issuer, issuer_key, digest)
175
+ # crl = OpenSSL::X509::CRL.new
176
+ # crl.issuer = issuer.subject
177
+ # crl.version = 1
178
+ # crl.last_update = lastup
179
+ # crl.next_update = nextup
180
+ # revoke_info.each{|serial, time, reason_code|
181
+ # revoked = OpenSSL::X509::Revoked.new
182
+ # revoked.serial = serial
183
+ # revoked.time = time
184
+ # enum = OpenSSL::ASN1::Enumerated(reason_code)
185
+ # ext = OpenSSL::X509::Extension.new("CRLReason", enum)
186
+ # revoked.add_extension(ext)
187
+ # crl.add_revoked(revoked)
188
+ # }
189
+ # ef = OpenSSL::X509::ExtensionFactory.new
190
+ # ef.issuer_certificate = issuer
191
+ # ef.crl = crl
192
+ # crlnum = OpenSSL::ASN1::Integer(serial)
193
+ # crl.add_extension(OpenSSL::X509::Extension.new("crlNumber", crlnum))
194
+ # extensions.each{|oid, value, critical|
195
+ # crl.add_extension(ef.create_extension(oid, value, critical))
196
+ # }
197
+ # crl.sign(issuer_key, digest)
198
+ # crl
199
+ # end
200
+ #
201
+ # def get_subject_key_id(cert)
202
+ # asn1_cert = OpenSSL::ASN1.decode(cert)
203
+ # tbscert = asn1_cert.value[0]
204
+ # pkinfo = tbscert.value[6]
205
+ # publickey = pkinfo.value[1]
206
+ # pkvalue = publickey.value
207
+ # OpenSSL::Digest::SHA1.hexdigest(pkvalue).scan(/../).join(":").upcase
208
+ # end
209
+ # end
210
+ #
211
+ #
212
+ # # Test
213
+ #
214
+ #
215
+ # if defined?(OpenSSL)
216
+ #
217
+ # class OpenSSL::TestX509CRL < Test::Unit::TestCase
218
+ # def setup
219
+ # @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
220
+ # @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
221
+ # @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256
222
+ # @dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512
223
+ # @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
224
+ # @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
225
+ # @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
226
+ # end
227
+ #
228
+ # def teardown
229
+ # end
230
+ #
231
+ # def issue_crl(*args)
232
+ # OpenSSL::TestUtils.issue_crl(*args)
233
+ # end
234
+ #
235
+ # def issue_cert(*args)
236
+ # OpenSSL::TestUtils.issue_cert(*args)
237
+ # end
238
+ #
239
+ # def test_basic
240
+ # now = Time.at(Time.now.to_i)
241
+ #
242
+ # cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [],
243
+ # nil, nil, OpenSSL::Digest::SHA1.new)
244
+ # crl = issue_crl([], 1, now, now+1600, [],
245
+ # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
246
+ # assert_equal(1, crl.version)
247
+ # assert_equal(cert.issuer.to_der, crl.issuer.to_der)
248
+ # assert_equal(now, crl.last_update)
249
+ # assert_equal(now+1600, crl.next_update)
250
+ #
251
+ # crl = OpenSSL::X509::CRL.new(crl.to_der)
252
+ # assert_equal(1, crl.version)
253
+ # assert_equal(cert.issuer.to_der, crl.issuer.to_der)
254
+ # assert_equal(now, crl.last_update)
255
+ # assert_equal(now+1600, crl.next_update)
256
+ # end
257
+ #
258
+ # def test_revoked
259
+ #
260
+ # # CRLReason ::= ENUMERATED {
261
+ # # unspecified (0),
262
+ # # keyCompromise (1),
263
+ # # cACompromise (2),
264
+ # # affiliationChanged (3),
265
+ # # superseded (4),
266
+ # # cessationOfOperation (5),
267
+ # # certificateHold (6),
268
+ # # removeFromCRL (8),
269
+ # # privilegeWithdrawn (9),
270
+ # # aACompromise (10) }
271
+ #
272
+ # now = Time.at(Time.now.to_i)
273
+ # revoke_info = [
274
+ # [1, Time.at(0), 1],
275
+ # [2, Time.at(0x7fffffff), 2],
276
+ # [3, now, 3],
277
+ # [4, now, 4],
278
+ # [5, now, 5],
279
+ # ]
280
+ # cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
281
+ # nil, nil, OpenSSL::Digest::SHA1.new)
282
+ # crl = issue_crl(revoke_info, 1, Time.now, Time.now+1600, [],
283
+ # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
284
+ # revoked = crl.revoked
285
+ # assert_equal(5, revoked.size)
286
+ # assert_equal(1, revoked[0].serial)
287
+ # assert_equal(2, revoked[1].serial)
288
+ # assert_equal(3, revoked[2].serial)
289
+ # assert_equal(4, revoked[3].serial)
290
+ # assert_equal(5, revoked[4].serial)
291
+ #
292
+ # assert_equal(Time.at(0), revoked[0].time)
293
+ # assert_equal(Time.at(0x7fffffff), revoked[1].time)
294
+ # assert_equal(now, revoked[2].time)
295
+ # assert_equal(now, revoked[3].time)
296
+ # assert_equal(now, revoked[4].time)
297
+ #
298
+ # assert_equal("CRLReason", revoked[0].extensions[0].oid)
299
+ # assert_equal("CRLReason", revoked[1].extensions[0].oid)
300
+ # assert_equal("CRLReason", revoked[2].extensions[0].oid)
301
+ # assert_equal("CRLReason", revoked[3].extensions[0].oid)
302
+ # assert_equal("CRLReason", revoked[4].extensions[0].oid)
303
+ #
304
+ # assert_equal("Key Compromise", revoked[0].extensions[0].value)
305
+ # assert_equal("CA Compromise", revoked[1].extensions[0].value)
306
+ # assert_equal("Affiliation Changed", revoked[2].extensions[0].value)
307
+ # assert_equal("Superseded", revoked[3].extensions[0].value)
308
+ # assert_equal("Cessation Of Operation", revoked[4].extensions[0].value)
309
+ #
310
+ # assert_equal(false, revoked[0].extensions[0].critical?)
311
+ # assert_equal(false, revoked[1].extensions[0].critical?)
312
+ # assert_equal(false, revoked[2].extensions[0].critical?)
313
+ # assert_equal(false, revoked[3].extensions[0].critical?)
314
+ # assert_equal(false, revoked[4].extensions[0].critical?)
315
+ #
316
+ # crl = OpenSSL::X509::CRL.new(crl.to_der)
317
+ # assert_equal("Key Compromise", revoked[0].extensions[0].value)
318
+ # assert_equal("CA Compromise", revoked[1].extensions[0].value)
319
+ # assert_equal("Affiliation Changed", revoked[2].extensions[0].value)
320
+ # assert_equal("Superseded", revoked[3].extensions[0].value)
321
+ # assert_equal("Cessation Of Operation", revoked[4].extensions[0].value)
322
+ #
323
+ # revoke_info = (1..1000).collect{|i| [i, now, 0] }
324
+ # crl = issue_crl(revoke_info, 1, Time.now, Time.now+1600, [],
325
+ # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
326
+ # revoked = crl.revoked
327
+ # assert_equal(1000, revoked.size)
328
+ # assert_equal(1, revoked[0].serial)
329
+ # assert_equal(1000, revoked[999].serial)
330
+ # end
331
+ #
332
+ # def test_extension
333
+ # cert_exts = [
334
+ # ["basicConstraints", "CA:TRUE", true],
335
+ # ["subjectKeyIdentifier", "hash", false],
336
+ # ["authorityKeyIdentifier", "keyid:always", false],
337
+ # ["subjectAltName", "email:xyzzy@ruby-lang.org", false],
338
+ # ["keyUsage", "cRLSign, keyCertSign", true],
339
+ # ]
340
+ # crl_exts = [
341
+ # ["authorityKeyIdentifier", "keyid:always", false],
342
+ # ["issuerAltName", "issuer:copy", false],
343
+ # ]
344
+ #
345
+ # cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, cert_exts,
346
+ # nil, nil, OpenSSL::Digest::SHA1.new)
347
+ # crl = issue_crl([], 1, Time.now, Time.now+1600, crl_exts,
348
+ # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
349
+ # exts = crl.extensions
350
+ # assert_equal(3, exts.size)
351
+ # assert_equal("1", exts[0].value)
352
+ # assert_equal("crlNumber", exts[0].oid)
353
+ # assert_equal(false, exts[0].critical?)
354
+ #
355
+ # assert_equal("authorityKeyIdentifier", exts[1].oid)
356
+ # keyid = OpenSSL::TestUtils.get_subject_key_id(cert)
357
+ # assert_match(/^keyid:#{keyid}/, exts[1].value)
358
+ # assert_equal(false, exts[1].critical?)
359
+ #
360
+ # assert_equal("issuerAltName", exts[2].oid)
361
+ # assert_equal("email:xyzzy@ruby-lang.org", exts[2].value)
362
+ # assert_equal(false, exts[2].critical?)
363
+ #
364
+ # crl = OpenSSL::X509::CRL.new(crl.to_der)
365
+ # exts = crl.extensions
366
+ # assert_equal(3, exts.size)
367
+ # assert_equal("1", exts[0].value)
368
+ # assert_equal("crlNumber", exts[0].oid)
369
+ # assert_equal(false, exts[0].critical?)
370
+ #
371
+ # assert_equal("authorityKeyIdentifier", exts[1].oid)
372
+ # keyid = OpenSSL::TestUtils.get_subject_key_id(cert)
373
+ # assert_match(/^keyid:#{keyid}/, exts[1].value)
374
+ # assert_equal(false, exts[1].critical?)
375
+ #
376
+ # assert_equal("issuerAltName", exts[2].oid)
377
+ # assert_equal("email:xyzzy@ruby-lang.org", exts[2].value)
378
+ # assert_equal(false, exts[2].critical?)
379
+ # end
380
+ #
381
+ # def test_crlnumber
382
+ # cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
383
+ # nil, nil, OpenSSL::Digest::SHA1.new)
384
+ # crl = issue_crl([], 1, Time.now, Time.now+1600, [],
385
+ # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
386
+ # assert_match(1.to_s, crl.extensions[0].value)
387
+ # assert_match(/X509v3 CRL Number:\s+#{1}/m, crl.to_text)
388
+ #
389
+ # crl = issue_crl([], 2**32, Time.now, Time.now+1600, [],
390
+ # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
391
+ # assert_match((2**32).to_s, crl.extensions[0].value)
392
+ # assert_match(/X509v3 CRL Number:\s+#{2**32}/m, crl.to_text)
393
+ #
394
+ # crl = issue_crl([], 2**100, Time.now, Time.now+1600, [],
395
+ # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
396
+ # assert_match(/X509v3 CRL Number:\s+#{2**100}/m, crl.to_text)
397
+ # assert_match((2**100).to_s, crl.extensions[0].value)
398
+ # end
399
+ #
400
+ # def test_sign_and_verify
401
+ # cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
402
+ # nil, nil, OpenSSL::Digest::SHA1.new)
403
+ # crl = issue_crl([], 1, Time.now, Time.now+1600, [],
404
+ # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
405
+ # assert_equal(false, crl.verify(@rsa1024))
406
+ # assert_equal(true, crl.verify(@rsa2048))
407
+ # assert_equal(false, crl.verify(@dsa256))
408
+ # assert_equal(false, crl.verify(@dsa512))
409
+ # crl.version = 0
410
+ # assert_equal(false, crl.verify(@rsa2048))
411
+ #
412
+ # cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
413
+ # nil, nil, OpenSSL::Digest::DSS1.new)
414
+ # crl = issue_crl([], 1, Time.now, Time.now+1600, [],
415
+ # cert, @dsa512, OpenSSL::Digest::DSS1.new)
416
+ # assert_equal(false, crl.verify(@rsa1024))
417
+ # assert_equal(false, crl.verify(@rsa2048))
418
+ # assert_equal(false, crl.verify(@dsa256))
419
+ # assert_equal(true, crl.verify(@dsa512))
420
+ # crl.version = 0
421
+ # assert_equal(false, crl.verify(@dsa512))
422
+ # end
423
+ # end
424
+ #
425
+ # end
426
+ #
427
+ #
428
+ #
429
+ #
70
430
 
71
- # Documentation:
72
- #
73
- # require "openssl"
74
- # require "test/unit"
75
- #
76
- # module OpenSSL::TestUtils
77
- # TEST_KEY_RSA1024 = OpenSSL::PKey::RSA.new <<-_end_of_pem_
78
- # -----BEGIN RSA PRIVATE KEY-----
79
- # MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
80
- # aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
81
- # Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
82
- # AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
83
- # maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
84
- # gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572
85
- # 74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE
86
- # JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX
87
- # sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII
88
- # 8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA
89
- # wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi
90
- # qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD
91
- # dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA==
92
- # -----END RSA PRIVATE KEY-----
93
- # _end_of_pem_
94
- #
95
- # TEST_KEY_RSA2048 = OpenSSL::PKey::RSA.new <<-_end_of_pem_
96
- # -----BEGIN RSA PRIVATE KEY-----
97
- # MIIEpAIBAAKCAQEAuV9ht9J7k4NBs38jOXvvTKY9gW8nLICSno5EETR1cuF7i4pN
98
- # s9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enenfzq/t/e/1IRW0wkJUJUFQign
99
- # 4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWmqbjs07JbuS4QQGGXLc+Su96D
100
- # kYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v68JkRFIhdGlb6JL8fllf/A/bl
101
- # NwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX9KZYcU00mOX+fdxOSnGqS/8J
102
- # DRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wIDAQABAoIBAAzsamqfYQAqwXTb
103
- # I0CJtGg6msUgU7HVkOM+9d3hM2L791oGHV6xBAdpXW2H8LgvZHJ8eOeSghR8+dgq
104
- # PIqAffo4x1Oma+FOg3A0fb0evyiACyrOk+EcBdbBeLo/LcvahBtqnDfiUMQTpy6V
105
- # seSoFCwuN91TSCeGIsDpRjbG1vxZgtx+uI+oH5+ytqJOmfCksRDCkMglGkzyfcl0
106
- # Xc5CUhIJ0my53xijEUQl19rtWdMnNnnkdbG8PT3LZlOta5Do86BElzUYka0C6dUc
107
- # VsBDQ0Nup0P6rEQgy7tephHoRlUGTYamsajGJaAo1F3IQVIrRSuagi7+YpSpCqsW
108
- # wORqorkCgYEA7RdX6MDVrbw7LePnhyuaqTiMK+055/R1TqhB1JvvxJ1CXk2rDL6G
109
- # 0TLHQ7oGofd5LYiemg4ZVtWdJe43BPZlVgT6lvL/iGo8JnrncB9Da6L7nrq/+Rvj
110
- # XGjf1qODCK+LmreZWEsaLPURIoR/Ewwxb9J2zd0CaMjeTwafJo1CZvcCgYEAyCgb
111
- # aqoWvUecX8VvARfuA593Lsi50t4MEArnOXXcd1RnXoZWhbx5rgO8/ATKfXr0BK/n
112
- # h2GF9PfKzHFm/4V6e82OL7gu/kLy2u9bXN74vOvWFL5NOrOKPM7Kg+9I131kNYOw
113
- # Ivnr/VtHE5s0dY7JChYWE1F3vArrOw3T00a4CXUCgYEA0SqY+dS2LvIzW4cHCe9k
114
- # IQqsT0yYm5TFsUEr4sA3xcPfe4cV8sZb9k/QEGYb1+SWWZ+AHPV3UW5fl8kTbSNb
115
- # v4ng8i8rVVQ0ANbJO9e5CUrepein2MPL0AkOATR8M7t7dGGpvYV0cFk8ZrFx0oId
116
- # U0PgYDotF/iueBWlbsOM430CgYEAqYI95dFyPI5/AiSkY5queeb8+mQH62sdcCCr
117
- # vd/w/CZA/K5sbAo4SoTj8dLk4evU6HtIa0DOP63y071eaxvRpTNqLUOgmLh+D6gS
118
- # Cc7TfLuFrD+WDBatBd5jZ+SoHccVrLR/4L8jeodo5FPW05A+9gnKXEXsTxY4LOUC
119
- # 9bS4e1kCgYAqVXZh63JsMwoaxCYmQ66eJojKa47VNrOeIZDZvd2BPVf30glBOT41
120
- # gBoDG3WMPZoQj9pb7uMcrnvs4APj2FIhMU8U15LcPAj59cD6S6rWnAxO8NFK7HQG
121
- # 4Jxg3JNNf8ErQoCHb1B3oVdXJkmbJkARoDpBKmTCgKtP8ADYLmVPQw==
122
- # -----END RSA PRIVATE KEY-----
123
- # _end_of_pem_
124
- #
125
- # TEST_KEY_DSA256 = OpenSSL::PKey::DSA.new <<-_end_of_pem_
126
- # -----BEGIN DSA PRIVATE KEY-----
127
- # MIH3AgEAAkEAhk2libbY2a8y2Pt21+YPYGZeW6wzaW2yfj5oiClXro9XMR7XWLkE
128
- # 9B7XxLNFCS2gmCCdMsMW1HulaHtLFQmB2wIVAM43JZrcgpu6ajZ01VkLc93gu/Ed
129
- # AkAOhujZrrKV5CzBKutKLb0GVyVWmdC7InoNSMZEeGU72rT96IjM59YzoqmD0pGM
130
- # 3I1o4cGqg1D1DfM1rQlnN1eSAkBq6xXfEDwJ1mLNxF6q8Zm/ugFYWR5xcX/3wFiT
131
- # b4+EjHP/DbNh9Vm5wcfnDBJ1zKvrMEf2xqngYdrV/3CiGJeKAhRvL57QvJZcQGvn
132
- # ISNX5cMzFHRW3Q==
133
- # -----END DSA PRIVATE KEY-----
134
- # _end_of_pem_
135
- #
136
- # TEST_KEY_DSA512 = OpenSSL::PKey::DSA.new <<-_end_of_pem_
137
- # -----BEGIN DSA PRIVATE KEY-----
138
- # MIH4AgEAAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgTYiEEHaOYhkIxv0Ok
139
- # RZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB4DZGH7UyarcaGy6D
140
- # AkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqoji3/lHdKoVdTQNuR
141
- # S/m6DlCwhjRjiQ/lBRgCLCcaAkEAjN891JBjzpMj4bWgsACmMggFf57DS0Ti+5++
142
- # Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
143
- # 55jreJD3Se3slps=
144
- # -----END DSA PRIVATE KEY-----
145
- # _end_of_pem_
146
- #
147
- # module_function
148
- #
149
- # def issue_cert(dn, key, serial, not_before, not_after, extensions,
150
- # issuer, issuer_key, digest)
151
- # cert = OpenSSL::X509::Certificate.new
152
- # issuer = cert unless issuer
153
- # issuer_key = key unless issuer_key
154
- # cert.version = 2
155
- # cert.serial = serial
156
- # cert.subject = dn
157
- # cert.issuer = issuer.subject
158
- # cert.public_key = key.public_key
159
- # cert.not_before = not_before
160
- # cert.not_after = not_after
161
- # ef = OpenSSL::X509::ExtensionFactory.new
162
- # ef.subject_certificate = cert
163
- # ef.issuer_certificate = issuer
164
- # extensions.each{|oid, value, critical|
165
- # cert.add_extension(ef.create_extension(oid, value, critical))
166
- # }
167
- # cert.sign(issuer_key, digest)
168
- # cert
169
- # end
170
- #
171
- # def issue_crl(revoke_info, serial, lastup, nextup, extensions,
172
- # issuer, issuer_key, digest)
173
- # crl = OpenSSL::X509::CRL.new
174
- # crl.issuer = issuer.subject
175
- # crl.version = 1
176
- # crl.last_update = lastup
177
- # crl.next_update = nextup
178
- # revoke_info.each{|serial, time, reason_code|
179
- # revoked = OpenSSL::X509::Revoked.new
180
- # revoked.serial = serial
181
- # revoked.time = time
182
- # enum = OpenSSL::ASN1::Enumerated(reason_code)
183
- # ext = OpenSSL::X509::Extension.new("CRLReason", enum)
184
- # revoked.add_extension(ext)
185
- # crl.add_revoked(revoked)
186
- # }
187
- # ef = OpenSSL::X509::ExtensionFactory.new
188
- # ef.issuer_certificate = issuer
189
- # ef.crl = crl
190
- # crlnum = OpenSSL::ASN1::Integer(serial)
191
- # crl.add_extension(OpenSSL::X509::Extension.new("crlNumber", crlnum))
192
- # extensions.each{|oid, value, critical|
193
- # crl.add_extension(ef.create_extension(oid, value, critical))
194
- # }
195
- # crl.sign(issuer_key, digest)
196
- # crl
197
- # end
198
- #
199
- # def get_subject_key_id(cert)
200
- # asn1_cert = OpenSSL::ASN1.decode(cert)
201
- # tbscert = asn1_cert.value[0]
202
- # pkinfo = tbscert.value[6]
203
- # publickey = pkinfo.value[1]
204
- # pkvalue = publickey.value
205
- # OpenSSL::Digest::SHA1.hexdigest(pkvalue).scan(/../).join(":").upcase
206
- # end
207
- # end
208
- #
209
- #
210
- # # Test
211
- #
212
- #
213
- # if defined?(OpenSSL)
214
- #
215
- # class OpenSSL::TestX509CRL < Test::Unit::TestCase
216
- # def setup
217
- # @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
218
- # @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
219
- # @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256
220
- # @dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512
221
- # @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
222
- # @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
223
- # @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
224
- # end
225
- #
226
- # def teardown
227
- # end
228
- #
229
- # def issue_crl(*args)
230
- # OpenSSL::TestUtils.issue_crl(*args)
231
- # end
232
- #
233
- # def issue_cert(*args)
234
- # OpenSSL::TestUtils.issue_cert(*args)
235
- # end
236
- #
237
- # def test_basic
238
- # now = Time.at(Time.now.to_i)
239
- #
240
- # cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [],
241
- # nil, nil, OpenSSL::Digest::SHA1.new)
242
- # crl = issue_crl([], 1, now, now+1600, [],
243
- # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
244
- # assert_equal(1, crl.version)
245
- # assert_equal(cert.issuer.to_der, crl.issuer.to_der)
246
- # assert_equal(now, crl.last_update)
247
- # assert_equal(now+1600, crl.next_update)
248
- #
249
- # crl = OpenSSL::X509::CRL.new(crl.to_der)
250
- # assert_equal(1, crl.version)
251
- # assert_equal(cert.issuer.to_der, crl.issuer.to_der)
252
- # assert_equal(now, crl.last_update)
253
- # assert_equal(now+1600, crl.next_update)
254
- # end
255
- #
256
- # def test_revoked
257
- #
258
- # # CRLReason ::= ENUMERATED {
259
- # # unspecified (0),
260
- # # keyCompromise (1),
261
- # # cACompromise (2),
262
- # # affiliationChanged (3),
263
- # # superseded (4),
264
- # # cessationOfOperation (5),
265
- # # certificateHold (6),
266
- # # removeFromCRL (8),
267
- # # privilegeWithdrawn (9),
268
- # # aACompromise (10) }
269
- #
270
- # now = Time.at(Time.now.to_i)
271
- # revoke_info = [
272
- # [1, Time.at(0), 1],
273
- # [2, Time.at(0x7fffffff), 2],
274
- # [3, now, 3],
275
- # [4, now, 4],
276
- # [5, now, 5],
277
- # ]
278
- # cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
279
- # nil, nil, OpenSSL::Digest::SHA1.new)
280
- # crl = issue_crl(revoke_info, 1, Time.now, Time.now+1600, [],
281
- # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
282
- # revoked = crl.revoked
283
- # assert_equal(5, revoked.size)
284
- # assert_equal(1, revoked[0].serial)
285
- # assert_equal(2, revoked[1].serial)
286
- # assert_equal(3, revoked[2].serial)
287
- # assert_equal(4, revoked[3].serial)
288
- # assert_equal(5, revoked[4].serial)
289
- #
290
- # assert_equal(Time.at(0), revoked[0].time)
291
- # assert_equal(Time.at(0x7fffffff), revoked[1].time)
292
- # assert_equal(now, revoked[2].time)
293
- # assert_equal(now, revoked[3].time)
294
- # assert_equal(now, revoked[4].time)
295
- #
296
- # assert_equal("CRLReason", revoked[0].extensions[0].oid)
297
- # assert_equal("CRLReason", revoked[1].extensions[0].oid)
298
- # assert_equal("CRLReason", revoked[2].extensions[0].oid)
299
- # assert_equal("CRLReason", revoked[3].extensions[0].oid)
300
- # assert_equal("CRLReason", revoked[4].extensions[0].oid)
301
- #
302
- # assert_equal("Key Compromise", revoked[0].extensions[0].value)
303
- # assert_equal("CA Compromise", revoked[1].extensions[0].value)
304
- # assert_equal("Affiliation Changed", revoked[2].extensions[0].value)
305
- # assert_equal("Superseded", revoked[3].extensions[0].value)
306
- # assert_equal("Cessation Of Operation", revoked[4].extensions[0].value)
307
- #
308
- # assert_equal(false, revoked[0].extensions[0].critical?)
309
- # assert_equal(false, revoked[1].extensions[0].critical?)
310
- # assert_equal(false, revoked[2].extensions[0].critical?)
311
- # assert_equal(false, revoked[3].extensions[0].critical?)
312
- # assert_equal(false, revoked[4].extensions[0].critical?)
313
- #
314
- # crl = OpenSSL::X509::CRL.new(crl.to_der)
315
- # assert_equal("Key Compromise", revoked[0].extensions[0].value)
316
- # assert_equal("CA Compromise", revoked[1].extensions[0].value)
317
- # assert_equal("Affiliation Changed", revoked[2].extensions[0].value)
318
- # assert_equal("Superseded", revoked[3].extensions[0].value)
319
- # assert_equal("Cessation Of Operation", revoked[4].extensions[0].value)
320
- #
321
- # revoke_info = (1..1000).collect{|i| [i, now, 0] }
322
- # crl = issue_crl(revoke_info, 1, Time.now, Time.now+1600, [],
323
- # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
324
- # revoked = crl.revoked
325
- # assert_equal(1000, revoked.size)
326
- # assert_equal(1, revoked[0].serial)
327
- # assert_equal(1000, revoked[999].serial)
328
- # end
329
- #
330
- # def test_extension
331
- # cert_exts = [
332
- # ["basicConstraints", "CA:TRUE", true],
333
- # ["subjectKeyIdentifier", "hash", false],
334
- # ["authorityKeyIdentifier", "keyid:always", false],
335
- # ["subjectAltName", "email:xyzzy@ruby-lang.org", false],
336
- # ["keyUsage", "cRLSign, keyCertSign", true],
337
- # ]
338
- # crl_exts = [
339
- # ["authorityKeyIdentifier", "keyid:always", false],
340
- # ["issuerAltName", "issuer:copy", false],
341
- # ]
342
- #
343
- # cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, cert_exts,
344
- # nil, nil, OpenSSL::Digest::SHA1.new)
345
- # crl = issue_crl([], 1, Time.now, Time.now+1600, crl_exts,
346
- # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
347
- # exts = crl.extensions
348
- # assert_equal(3, exts.size)
349
- # assert_equal("1", exts[0].value)
350
- # assert_equal("crlNumber", exts[0].oid)
351
- # assert_equal(false, exts[0].critical?)
352
- #
353
- # assert_equal("authorityKeyIdentifier", exts[1].oid)
354
- # keyid = OpenSSL::TestUtils.get_subject_key_id(cert)
355
- # assert_match(/^keyid:#{keyid}/, exts[1].value)
356
- # assert_equal(false, exts[1].critical?)
357
- #
358
- # assert_equal("issuerAltName", exts[2].oid)
359
- # assert_equal("email:xyzzy@ruby-lang.org", exts[2].value)
360
- # assert_equal(false, exts[2].critical?)
361
- #
362
- # crl = OpenSSL::X509::CRL.new(crl.to_der)
363
- # exts = crl.extensions
364
- # assert_equal(3, exts.size)
365
- # assert_equal("1", exts[0].value)
366
- # assert_equal("crlNumber", exts[0].oid)
367
- # assert_equal(false, exts[0].critical?)
368
- #
369
- # assert_equal("authorityKeyIdentifier", exts[1].oid)
370
- # keyid = OpenSSL::TestUtils.get_subject_key_id(cert)
371
- # assert_match(/^keyid:#{keyid}/, exts[1].value)
372
- # assert_equal(false, exts[1].critical?)
373
- #
374
- # assert_equal("issuerAltName", exts[2].oid)
375
- # assert_equal("email:xyzzy@ruby-lang.org", exts[2].value)
376
- # assert_equal(false, exts[2].critical?)
377
- # end
378
- #
379
- # def test_crlnumber
380
- # cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
381
- # nil, nil, OpenSSL::Digest::SHA1.new)
382
- # crl = issue_crl([], 1, Time.now, Time.now+1600, [],
383
- # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
384
- # assert_match(1.to_s, crl.extensions[0].value)
385
- # assert_match(/X509v3 CRL Number:\s+#{1}/m, crl.to_text)
386
- #
387
- # crl = issue_crl([], 2**32, Time.now, Time.now+1600, [],
388
- # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
389
- # assert_match((2**32).to_s, crl.extensions[0].value)
390
- # assert_match(/X509v3 CRL Number:\s+#{2**32}/m, crl.to_text)
391
- #
392
- # crl = issue_crl([], 2**100, Time.now, Time.now+1600, [],
393
- # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
394
- # assert_match(/X509v3 CRL Number:\s+#{2**100}/m, crl.to_text)
395
- # assert_match((2**100).to_s, crl.extensions[0].value)
396
- # end
397
- #
398
- # def test_sign_and_verify
399
- # cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
400
- # nil, nil, OpenSSL::Digest::SHA1.new)
401
- # crl = issue_crl([], 1, Time.now, Time.now+1600, [],
402
- # cert, @rsa2048, OpenSSL::Digest::SHA1.new)
403
- # assert_equal(false, crl.verify(@rsa1024))
404
- # assert_equal(true, crl.verify(@rsa2048))
405
- # assert_equal(false, crl.verify(@dsa256))
406
- # assert_equal(false, crl.verify(@dsa512))
407
- # crl.version = 0
408
- # assert_equal(false, crl.verify(@rsa2048))
409
- #
410
- # cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
411
- # nil, nil, OpenSSL::Digest::DSS1.new)
412
- # crl = issue_crl([], 1, Time.now, Time.now+1600, [],
413
- # cert, @dsa512, OpenSSL::Digest::DSS1.new)
414
- # assert_equal(false, crl.verify(@rsa1024))
415
- # assert_equal(false, crl.verify(@rsa2048))
416
- # assert_equal(false, crl.verify(@dsa256))
417
- # assert_equal(true, crl.verify(@dsa512))
418
- # crl.version = 0
419
- # assert_equal(false, crl.verify(@dsa512))
420
- # end
421
- # end
422
- #
423
- # end
424
- #
425
- #
426
- #
427
- #
431
+ end