tttls1.3 0.2.10 → 0.2.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +32 -0
  3. data/.rubocop.yml +6 -3
  4. data/Gemfile +3 -4
  5. data/README.md +5 -1
  6. data/Rakefile +66 -7
  7. data/example/helper.rb +3 -3
  8. data/example/https_client.rb +1 -1
  9. data/example/https_client_using_0rtt.rb +3 -3
  10. data/example/https_client_using_hrr.rb +1 -1
  11. data/example/https_client_using_hrr_and_ticket.rb +2 -2
  12. data/example/https_client_using_status_request.rb +31 -0
  13. data/example/https_client_using_ticket.rb +2 -2
  14. data/example/https_server.rb +3 -2
  15. data/interop/client_spec.rb +6 -6
  16. data/interop/server_spec.rb +6 -6
  17. data/lib/tttls1.3.rb +1 -0
  18. data/lib/tttls1.3/client.rb +97 -12
  19. data/lib/tttls1.3/connection.rb +44 -11
  20. data/lib/tttls1.3/cryptograph.rb +1 -1
  21. data/lib/tttls1.3/cryptograph/aead.rb +20 -7
  22. data/lib/tttls1.3/message.rb +1 -1
  23. data/lib/tttls1.3/message/alert.rb +2 -2
  24. data/lib/tttls1.3/message/extension/signature_algorithms.rb +13 -3
  25. data/lib/tttls1.3/message/extension/signature_algorithms_cert.rb +5 -4
  26. data/lib/tttls1.3/message/extension/status_request.rb +73 -17
  27. data/lib/tttls1.3/message/extensions.rb +33 -11
  28. data/lib/tttls1.3/server.rb +40 -13
  29. data/lib/tttls1.3/utils.rb +15 -0
  30. data/lib/tttls1.3/version.rb +1 -1
  31. data/spec/extensions_spec.rb +16 -0
  32. data/spec/fixtures/rsa_rsa.crt +15 -15
  33. data/spec/fixtures/rsa_rsa.key +25 -25
  34. data/spec/fixtures/rsa_rsa_ocsp.crt +18 -0
  35. data/spec/fixtures/rsa_rsa_ocsp.key +27 -0
  36. data/spec/server_hello_spec.rb +1 -1
  37. data/spec/signature_algorithms_cert_spec.rb +4 -0
  38. data/spec/signature_algorithms_spec.rb +4 -0
  39. data/spec/spec_helper.rb +35 -1
  40. data/spec/status_request_spec.rb +77 -10
  41. data/tttls1.3.gemspec +0 -1
  42. metadata +12 -7
  43. data/.github/workflows/main.yml +0 -25
@@ -24,6 +24,8 @@ RSpec.describe SignatureAlgorithms do
24
24
  end
25
25
 
26
26
  it 'should be generated' do
27
+ expect(extension).to be_a(SignatureAlgorithms)
28
+
27
29
  expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
28
30
  expect(extension.supported_signature_algorithms)
29
31
  .to eq supported_signature_algorithms
@@ -76,6 +78,8 @@ RSpec.describe SignatureAlgorithms do
76
78
  end
77
79
 
78
80
  it 'should generate valid object' do
81
+ expect(extension).to be_a(SignatureAlgorithms)
82
+
79
83
  expect(extension.extension_type).to eq ExtensionType::SIGNATURE_ALGORITHMS
80
84
  expect(extension.supported_signature_algorithms)
81
85
  .to eq supported_signature_algorithms
@@ -4,6 +4,7 @@
4
4
  RSpec.configure(&:disable_monkey_patching!)
5
5
 
6
6
  # rubocop: disable Style/MixinUsage
7
+ require 'date'
7
8
  require 'tttls1.3'
8
9
  include TTTLS13
9
10
  include TTTLS13::Error
@@ -41,10 +42,43 @@ TESTBINARY_SERVER_NAME = <<BIN.split.map(&:hex).map(&:chr).join
41
42
  00 0d 00 00 0a 67 69 74 68 75 62 2e 63 6f 6d
42
43
  BIN
43
44
 
44
- TESTBINARY_STATUS_REQUEST = <<BIN.split.map(&:hex).map(&:chr).join
45
+ TESTBINARY_OCSP_STATUS_REQUEST = <<BIN.split.map(&:hex).map(&:chr).join
45
46
  01 00 00 00 00
46
47
  BIN
47
48
 
49
+ TESTBINARY_OCSP_RESPONSE = <<BIN.split.map(&:hex).map(&:chr).join
50
+ 01 00 01 d0 30 82 01 cc 0a 01 00 a0 82 01 c5 30
51
+ 82 01 c1 06 09 2b 06 01 05 05 07 30 01 01 04 82
52
+ 01 b2 30 82 01 ae 30 81 97 a1 16 30 14 31 12 30
53
+ 10 06 03 55 04 03 0c 09 74 65 73 74 2d 6f 63 73
54
+ 70 18 0f 32 30 31 39 31 31 32 38 32 30 34 32 32
55
+ 38 5a 30 6c 30 6a 30 42 30 09 06 05 2b 0e 03 02
56
+ 1a 05 00 04 14 71 02 ca 0e ca 3e be d8 31 e6 37
57
+ 40 80 9e 37 f6 da 9f a5 27 04 14 ac c2 63 89 fe
58
+ 4d c6 08 1f 1f 4d 77 9e 12 7a bf 32 b6 d6 12 02
59
+ 09 00 cf 1a 4c 8a cc cc 78 33 80 00 18 0f 32 30
60
+ 31 39 31 31 32 38 32 30 34 32 32 38 5a a0 11 18
61
+ 0f 32 30 32 39 31 31 32 38 32 30 34 32 32 38 5a
62
+ 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03
63
+ 82 01 01 00 42 90 e2 2f f0 25 3b cf 11 75 56 83
64
+ c2 dc 10 d1 e8 d3 74 67 9e df db 0e 03 36 9f 64
65
+ 48 61 8b 50 ca 2c dd fc 82 5b 52 d5 9b 06 64 86
66
+ 70 08 c2 0b ca c9 50 b8 42 42 19 80 8f 6e f0 42
67
+ 92 ac 67 4f 74 fa 2a d2 f4 2f 82 15 11 71 4b bd
68
+ 54 d0 21 fb 0a 91 d3 ba 67 5e cb 7d b2 e6 a2 da
69
+ 30 3d b3 92 3d a9 4e 2c f6 4a 0b 22 96 b2 1d 06
70
+ c3 0a c7 41 5f 9e 22 c0 e0 3f 52 cc ff be dd 52
71
+ 80 3f 68 36 ce c0 02 df ae ab 96 a9 be d8 51 b2
72
+ bd ec f9 e7 98 5e 8a 77 69 b6 f1 60 19 49 f0 58
73
+ 26 70 2f 7b 19 cc d0 13 9e 9c ed 8a 5c 87 34 4c
74
+ fd bd 0f 41 3f 5c d8 1e 26 ce bb dd 17 a7 a4 37
75
+ 8f d8 19 39 5b c9 17 18 ca c3 7a eb 5d e7 ba a1
76
+ 12 23 d6 cb 22 0e e1 bf 9e 40 9b e3 5c b5 6b e3
77
+ aa 6e 93 56 4f da da a1 c6 79 13 9d 5c d6 87 2b
78
+ f7 6a 0f fc 2c 03 b2 41 c4 90 b8 3d 50 1c 8a 9b
79
+ 11 1b 41 83
80
+ BIN
81
+
48
82
  TESTBINARY_SUPPORTED_GROUPS = <<BIN.split.map(&:hex).map(&:chr).join
49
83
  00 06 00 17 00 18 00 19
50
84
  BIN
@@ -4,10 +4,10 @@
4
4
  require_relative 'spec_helper'
5
5
  using Refinements
6
6
 
7
- RSpec.describe StatusRequest do
8
- context 'default status_request' do
7
+ RSpec.describe OCSPStatusRequest do
8
+ context 'default OCSPStatusRequest' do
9
9
  let(:extension) do
10
- StatusRequest.new
10
+ OCSPStatusRequest.new
11
11
  end
12
12
 
13
13
  it 'should be generated' do
@@ -21,9 +21,9 @@ RSpec.describe StatusRequest do
21
21
  end
22
22
  end
23
23
 
24
- context 'valid status_request' do
24
+ context 'valid OCSPStatusRequest' do
25
25
  let(:extension) do
26
- StatusRequest.new(responder_id_list: [], request_extensions: '')
26
+ OCSPStatusRequest.new(responder_id_list: [], request_extensions: [])
27
27
  end
28
28
 
29
29
  it 'should be generated' do
@@ -37,9 +37,9 @@ RSpec.describe StatusRequest do
37
37
  end
38
38
  end
39
39
 
40
- context 'valid status_request, 0 length request ' do
40
+ context 'valid OCSPStatusRequest, 0 length request ' do
41
41
  let(:extension) do
42
- StatusRequest.new(responder_id_list: nil, request_extensions: nil)
42
+ OCSPStatusRequest.new(responder_id_list: nil, request_extensions: nil)
43
43
  end
44
44
 
45
45
  it 'should be generated' do
@@ -53,9 +53,9 @@ RSpec.describe StatusRequest do
53
53
  end
54
54
  end
55
55
 
56
- context 'valid status_request binary' do
56
+ context 'valid OCSPStatusRequest binary' do
57
57
  let(:extension) do
58
- StatusRequest.deserialize(TESTBINARY_STATUS_REQUEST)
58
+ OCSPStatusRequest.deserialize(TESTBINARY_OCSP_STATUS_REQUEST)
59
59
  end
60
60
 
61
61
  it 'should generate valid object' do
@@ -67,7 +67,74 @@ RSpec.describe StatusRequest do
67
67
  it 'should generate serializable object' do
68
68
  expect(extension.serialize)
69
69
  .to eq ExtensionType::STATUS_REQUEST \
70
- + TESTBINARY_STATUS_REQUEST.prefix_uint16_length
70
+ + TESTBINARY_OCSP_STATUS_REQUEST.prefix_uint16_length
71
+ end
72
+ end
73
+ end
74
+
75
+ RSpec.describe OCSPResponse do
76
+ context 'valid OCSPResponse whose status is good' do
77
+ let(:basic_resp) do
78
+ server_crt = OpenSSL::X509::Certificate.new(
79
+ File.read(__dir__ + '/fixtures/rsa_rsa.crt')
80
+ )
81
+ ca_crt = OpenSSL::X509::Certificate.new(
82
+ File.read(__dir__ + '/fixtures/rsa_ca.crt')
83
+ )
84
+ ocsp_crt = OpenSSL::X509::Certificate.new(
85
+ File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.crt')
86
+ )
87
+ ocsp_key = OpenSSL::PKey.read(
88
+ File.read(__dir__ + '/fixtures/rsa_rsa_ocsp.key')
89
+ )
90
+
91
+ br = OpenSSL::OCSP::BasicResponse.new
92
+ cid = OpenSSL::OCSP::CertificateId.new(server_crt, ca_crt)
93
+ br.add_status(
94
+ cid,
95
+ OpenSSL::OCSP::V_CERTSTATUS_GOOD,
96
+ 0,
97
+ nil,
98
+ Time.now,
99
+ DateTime.now.next_day(1).to_time,
100
+ []
101
+ )
102
+ br.sign(ocsp_crt, ocsp_key)
103
+ br
104
+ end
105
+
106
+ let(:ocsp_response) do
107
+ OpenSSL::OCSP::Response.create(
108
+ OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL,
109
+ basic_resp
110
+ )
111
+ end
112
+
113
+ let(:extension) do
114
+ OCSPResponse.new(ocsp_response)
115
+ end
116
+
117
+ it 'should be generated' do
118
+ expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
119
+ expect(extension.ocsp_response).to eq ocsp_response
120
+ end
121
+
122
+ it 'should be serialized' do
123
+ binary = CertificateStatusType::OCSP \
124
+ + ocsp_response.to_der.prefix_uint24_length
125
+
126
+ expect(extension.serialize).to eq ExtensionType::STATUS_REQUEST \
127
+ + binary.prefix_uint16_length
128
+ end
129
+ end
130
+
131
+ context 'valid OCSPResponse binary' do
132
+ let(:extension) do
133
+ OCSPResponse.deserialize(TESTBINARY_OCSP_RESPONSE)
134
+ end
135
+
136
+ it 'should generate valid object' do
137
+ expect(extension.extension_type).to eq ExtensionType::STATUS_REQUEST
71
138
  end
72
139
  end
73
140
  end
@@ -16,7 +16,6 @@ Gem::Specification.new do |spec|
16
16
  spec.required_ruby_version = '>=2.6.1'
17
17
 
18
18
  spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
19
- spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
20
19
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
21
20
  spec.require_paths = ['lib']
22
21
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tttls1.3
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.10
4
+ version: 0.2.15
5
5
  platform: ruby
6
6
  authors:
7
7
  - thekuwayama
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-09 00:00:00.000000000 Z
11
+ date: 2020-11-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -59,7 +59,7 @@ executables: []
59
59
  extensions: []
60
60
  extra_rdoc_files: []
61
61
  files:
62
- - ".github/workflows/main.yml"
62
+ - ".github/workflows/ci.yml"
63
63
  - ".gitignore"
64
64
  - ".rspec"
65
65
  - ".rubocop.yml"
@@ -73,6 +73,7 @@ files:
73
73
  - example/https_client_using_0rtt.rb
74
74
  - example/https_client_using_hrr.rb
75
75
  - example/https_client_using_hrr_and_ticket.rb
76
+ - example/https_client_using_status_request.rb
76
77
  - example/https_client_using_ticket.rb
77
78
  - example/https_server.rb
78
79
  - interop/client_spec.rb
@@ -144,6 +145,8 @@ files:
144
145
  - spec/fixtures/rsa_ca.key
145
146
  - spec/fixtures/rsa_rsa.crt
146
147
  - spec/fixtures/rsa_rsa.key
148
+ - spec/fixtures/rsa_rsa_ocsp.crt
149
+ - spec/fixtures/rsa_rsa_ocsp.key
147
150
  - spec/fixtures/rsa_rsassaPss.crt
148
151
  - spec/fixtures/rsa_rsassaPss.key
149
152
  - spec/fixtures/rsa_secp256r1.crt
@@ -176,7 +179,7 @@ homepage: https://github.com/thekuwayama/tttls1.3
176
179
  licenses:
177
180
  - MIT
178
181
  metadata: {}
179
- post_install_message:
182
+ post_install_message:
180
183
  rdoc_options: []
181
184
  require_paths:
182
185
  - lib
@@ -191,8 +194,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
191
194
  - !ruby/object:Gem::Version
192
195
  version: '0'
193
196
  requirements: []
194
- rubygems_version: 3.0.3
195
- signing_key:
197
+ rubygems_version: 3.1.2
198
+ signing_key:
196
199
  specification_version: 4
197
200
  summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)
198
201
  test_files:
@@ -217,6 +220,8 @@ test_files:
217
220
  - spec/fixtures/rsa_ca.key
218
221
  - spec/fixtures/rsa_rsa.crt
219
222
  - spec/fixtures/rsa_rsa.key
223
+ - spec/fixtures/rsa_rsa_ocsp.crt
224
+ - spec/fixtures/rsa_rsa_ocsp.key
220
225
  - spec/fixtures/rsa_rsassaPss.crt
221
226
  - spec/fixtures/rsa_rsassaPss.key
222
227
  - spec/fixtures/rsa_secp256r1.crt
@@ -1,25 +0,0 @@
1
- name: workflow
2
-
3
- on:
4
- push:
5
- branches:
6
- - master
7
- pull_request:
8
- branches:
9
- - '*'
10
-
11
- jobs:
12
- ci:
13
- runs-on: ubuntu-latest
14
- steps:
15
- - uses: actions/checkout@v1
16
- - uses: actions/setup-ruby@v1
17
- - uses: thekuwayama/openssl@master
18
- with:
19
- ruby-version: '2.6.x'
20
- - run: gem install bundler
21
- - run: bundle install
22
- - run: docker pull thekuwayama/openssl
23
- - run: bundle exec rake
24
- - run: bundle exec rake interop:client
25
- - run: bundle exec rake interop:server