tttls1.3 0.2.10 → 0.2.15

data/spec/signature_algorithms_spec.rb

@@ -24,6 +24,8 @@ RSpec.describe SignatureAlgorithms do
     end
 
     it 'should be generated' do
+      expect(extension).to be_a(SignatureAlgorithms)
+
       expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
       expect(extension.supported_signature_algorithms)
         .to eq supported_signature_algorithms
@@ -76,6 +78,8 @@ RSpec.describe SignatureAlgorithms do
     end
 
     it 'should generate valid object' do
+      expect(extension).to be_a(SignatureAlgorithms)
+
       expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
       expect(extension.supported_signature_algorithms)
         .to eq supported_signature_algorithms

data/spec/spec_helper.rb

@@ -4,6 +4,7 @@
 RSpec.configure(&:disable_monkey_patching!)
 
 # rubocop: disable Style/MixinUsage
+require 'date'
 require 'tttls1.3'
 include TTTLS13
 include TTTLS13::Error
@@ -41,10 +42,43 @@ TESTBINARY_SERVER_NAME = <<BIN.split.map(&:hex).map(&:chr).join
   00 0d 00 00 0a 67 69 74     68 75 62 2e 63 6f 6d
 BIN
 
-TESTBINARY_STATUS_REQUEST = <<BIN.split.map(&:hex).map(&:chr).join
+TESTBINARY_OCSP_STATUS_REQUEST = <<BIN.split.map(&:hex).map(&:chr).join
   01 00 00 00 00
 BIN
 
+TESTBINARY_OCSP_RESPONSE = <<BIN.split.map(&:hex).map(&:chr).join
+  01 00 01 d0 30 82 01 cc     0a 01 00 a0 82 01 c5 30
+  82 01 c1 06 09 2b 06 01     05 05 07 30 01 01 04 82
+  01 b2 30 82 01 ae 30 81     97 a1 16 30 14 31 12 30
+  10 06 03 55 04 03 0c 09     74 65 73 74 2d 6f 63 73
+  70 18 0f 32 30 31 39 31     31 32 38 32 30 34 32 32
+  38 5a 30 6c 30 6a 30 42     30 09 06 05 2b 0e 03 02
+  1a 05 00 04 14 71 02 ca     0e ca 3e be d8 31 e6 37
+  40 80 9e 37 f6 da 9f a5     27 04 14 ac c2 63 89 fe
+  4d c6 08 1f 1f 4d 77 9e     12 7a bf 32 b6 d6 12 02
+  09 00 cf 1a 4c 8a cc cc     78 33 80 00 18 0f 32 30
+  31 39 31 31 32 38 32 30     34 32 32 38 5a a0 11 18
+  0f 32 30 32 39 31 31 32     38 32 30 34 32 32 38 5a
+  30 0d 06 09 2a 86 48 86     f7 0d 01 01 05 05 00 03
+  82 01 01 00 42 90 e2 2f     f0 25 3b cf 11 75 56 83
+  c2 dc 10 d1 e8 d3 74 67     9e df db 0e 03 36 9f 64
+  48 61 8b 50 ca 2c dd fc     82 5b 52 d5 9b 06 64 86
+  70 08 c2 0b ca c9 50 b8     42 42 19 80 8f 6e f0 42
+  92 ac 67 4f 74 fa 2a d2     f4 2f 82 15 11 71 4b bd
+  54 d0 21 fb 0a 91 d3 ba     67 5e cb 7d b2 e6 a2 da
+  30 3d b3 92 3d a9 4e 2c     f6 4a 0b 22 96 b2 1d 06
+  c3 0a c7 41 5f 9e 22 c0     e0 3f 52 cc ff be dd 52
+  80 3f 68 36 ce c0 02 df     ae ab 96 a9 be d8 51 b2
+  bd ec f9 e7 98 5e 8a 77     69 b6 f1 60 19 49 f0 58
+  26 70 2f 7b 19 cc d0 13     9e 9c ed 8a 5c 87 34 4c
+  fd bd 0f 41 3f 5c d8 1e     26 ce bb dd 17 a7 a4 37
+  8f d8 19 39 5b c9 17 18     ca c3 7a eb 5d e7 ba a1
+  12 23 d6 cb 22 0e e1 bf     9e 40 9b e3 5c b5 6b e3
+  aa 6e 93 56 4f da da a1     c6 79 13 9d 5c d6 87 2b
+  f7 6a 0f fc 2c 03 b2 41     c4 90 b8 3d 50 1c 8a 9b
+  11 1b 41 83
+BIN
+
 TESTBINARY_SUPPORTED_GROUPS = <<BIN.split.map(&:hex).map(&:chr).join
   00 06 00 17 00 18 00 19
 BIN

data/spec/status_request_spec.rb

@@ -4,10 +4,10 @@
 require_relative 'spec_helper'
 using Refinements
 
-RSpec.describe StatusRequest do
-  context 'default status_request' do
+RSpec.describe OCSPStatusRequest do
+  context 'default OCSPStatusRequest' do
     let(:extension) do
-      StatusRequest.new
+      OCSPStatusRequest.new
     end
 
     it 'should be generated' do
@@ -21,9 +21,9 @@ RSpec.describe StatusRequest do
     end
   end
 
-  context 'valid status_request' do
+  context 'valid OCSPStatusRequest' do
     let(:extension) do
-      StatusRequest.new(responder_id_list: [], request_extensions: '')
+      OCSPStatusRequest.new(responder_id_list: [], request_extensions: [])
     end
 
     it 'should be generated' do
@@ -37,9 +37,9 @@ RSpec.describe StatusRequest do
     end
   end
 
-  context 'valid status_request, 0 length request ' do
+  context 'valid OCSPStatusRequest, 0 length request ' do
     let(:extension) do
-      StatusRequest.new(responder_id_list: nil, request_extensions: nil)
+      OCSPStatusRequest.new(responder_id_list: nil, request_extensions: nil)
     end
 
     it 'should be generated' do
@@ -53,9 +53,9 @@ RSpec.describe StatusRequest do
     end
   end
 
-  context 'valid status_request binary' do
+  context 'valid OCSPStatusRequest binary' do
     let(:extension) do
-      StatusRequest.deserialize(TESTBINARY_STATUS_REQUEST)
+      OCSPStatusRequest.deserialize(TESTBINARY_OCSP_STATUS_REQUEST)
     end
 
     it 'should generate valid object' do
@@ -67,7 +67,74 @@ RSpec.describe StatusRequest do
     it 'should generate serializable object' do
       expect(extension.serialize)
         .to eq ExtensionType::STATUS_REQUEST \
-               + TESTBINARY_STATUS_REQUEST.prefix_uint16_length
+               + TESTBINARY_OCSP_STATUS_REQUEST.prefix_uint16_length
+    end
+  end
+end
+
+RSpec.describe OCSPResponse do
+  context 'valid OCSPResponse whose status is good' do
+    let(:basic_resp) do
+      server_crt = OpenSSL::X509::Certificate.new(
+        File.read(__dir__ + '/fixtures/rsa_rsa.crt')
+      )
+      ca_crt = OpenSSL::X509::Certificate.new(
+        File.read(__dir__ + '/fixtures/rsa_ca.crt')
+      )
+      ocsp_crt = OpenSSL::X509::Certificate.new(
+        File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.crt')
+      )
+      ocsp_key = OpenSSL::PKey.read(
+        File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.key')
+      )
+
+      br = OpenSSL::OCSP::BasicResponse.new
+      cid = OpenSSL::OCSP::CertificateId.new(server_crt, ca_crt)
+      br.add_status(
+        cid,
+        OpenSSL::OCSP::V_CERTSTATUS_GOOD,
+        0,
+        nil,
+        Time.now,
+        DateTime.now.next_day(1).to_time,
+        []
+      )
+      br.sign(ocsp_crt, ocsp_key)
+      br
+    end
+
+    let(:ocsp_response) do
+      OpenSSL::OCSP::Response.create(
+        OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL,
+        basic_resp
+      )
+    end
+
+    let(:extension) do
+      OCSPResponse.new(ocsp_response)
+    end
+
+    it 'should be generated' do
+      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
+      expect(extension.ocsp_response).to eq ocsp_response
+    end
+
+    it 'should be serialized' do
+      binary = CertificateStatusType::OCSP \
+               + ocsp_response.to_der.prefix_uint24_length
+
+      expect(extension.serialize).to eq ExtensionType::STATUS_REQUEST \
+                                        + binary.prefix_uint16_length
+    end
+  end
+
+  context 'valid OCSPResponse binary' do
+    let(:extension) do
+      OCSPResponse.deserialize(TESTBINARY_OCSP_RESPONSE)
+    end
+
+    it 'should generate valid object' do
+      expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
     end
   end
 end

data/tttls1.3.gemspec

@@ -16,7 +16,6 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>=2.6.1'
 
   spec.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.10
+  version: 0.2.15
 platform: ruby
 authors:
 - thekuwayama
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-09 00:00:00.000000000 Z
+date: 2020-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -59,7 +59,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/main.yml"
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -73,6 +73,7 @@ files:
 - example/https_client_using_0rtt.rb
 - example/https_client_using_hrr.rb
 - example/https_client_using_hrr_and_ticket.rb
+- example/https_client_using_status_request.rb
 - example/https_client_using_ticket.rb
 - example/https_server.rb
 - interop/client_spec.rb
@@ -144,6 +145,8 @@ files:
 - spec/fixtures/rsa_ca.key
 - spec/fixtures/rsa_rsa.crt
 - spec/fixtures/rsa_rsa.key
+- spec/fixtures/rsa_rsa_ocsp.crt
+- spec/fixtures/rsa_rsa_ocsp.key
 - spec/fixtures/rsa_rsassaPss.crt
 - spec/fixtures/rsa_rsassaPss.key
 - spec/fixtures/rsa_secp256r1.crt
@@ -176,7 +179,7 @@ homepage: https://github.com/thekuwayama/tttls1.3
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -191,8 +194,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
 test_files:
@@ -217,6 +220,8 @@ test_files:
 - spec/fixtures/rsa_ca.key
 - spec/fixtures/rsa_rsa.crt
 - spec/fixtures/rsa_rsa.key
+- spec/fixtures/rsa_rsa_ocsp.crt
+- spec/fixtures/rsa_rsa_ocsp.key
 - spec/fixtures/rsa_rsassaPss.crt
 - spec/fixtures/rsa_rsassaPss.key
 - spec/fixtures/rsa_secp256r1.crt

data/.github/workflows/main.yml

@@ -1,25 +0,0 @@
-name: workflow
-
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-    branches:
-      - '*'
-
-jobs:
-  ci:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-ruby@v1
-      - uses: thekuwayama/openssl@master
-        with:
-          ruby-version: '2.6.x'
-      - run: gem install bundler
-      - run: bundle install
-      - run: docker pull thekuwayama/openssl
-      - run: bundle exec rake
-      - run: bundle exec rake interop:client
-      - run: bundle exec rake interop:server