diff options
| author | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-03-06 21:41:32 +0000 |
|---|---|---|
| committer | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-03-06 21:41:32 +0000 |
| commit | 0322d30623165b350e47d99ce81d60ab14e5b3cd (patch) | |
| tree | 6bdcfbbec5fe436aeacc8c57db4b8b820aa09e52 | |
| parent | ef5c7c951ae77d9ca802b48030c62f522dcd9daf (diff) | |
* test/openssl: backport cosmetic changes from 1.9.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@26836 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | test/openssl/ssl_server.rb | 2 | ||||
| -rw-r--r-- | test/openssl/test_cipher.rb | 7 | ||||
| -rw-r--r-- | test/openssl/test_config.rb | 16 | ||||
| -rw-r--r-- | test/openssl/test_ec.rb | 2 | ||||
| -rw-r--r-- | test/openssl/test_hmac.rb | 20 | ||||
| -rw-r--r-- | test/openssl/test_pkcs7.rb | 132 | ||||
| -rw-r--r-- | test/openssl/test_ssl.rb | 29 | ||||
| -rw-r--r-- | test/openssl/test_x509cert.rb | 30 | ||||
| -rw-r--r-- | test/openssl/test_x509crl.rb | 6 | ||||
| -rw-r--r-- | test/openssl/utils.rb | 6 |
11 files changed, 203 insertions, 51 deletions
@@ -1,3 +1,7 @@ +Sun Mar 7 06:37:27 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org> + + * test/openssl: backport cosmetic changes from 1.9. + Sun Mar 7 06:27:24 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org> * ext/openssl: backport fixes in 1.9. diff --git a/test/openssl/ssl_server.rb b/test/openssl/ssl_server.rb index 6e620629c5..d3ad55d236 100644 --- a/test/openssl/ssl_server.rb +++ b/test/openssl/ssl_server.rb @@ -53,7 +53,7 @@ tcps = nil port = port + i break rescue Errno::EADDRINUSE - next + next end } ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 173e757d8c..39195a1e26 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -1,10 +1,3 @@ -if defined?(JRUBY_VERSION) - require "java" - base = File.join(File.dirname(__FILE__), '..', '..') - $CLASSPATH << File.join(base, 'pkg', 'classes') - $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk15-144.jar') -end - begin require "openssl" rescue LoadError diff --git a/test/openssl/test_config.rb b/test/openssl/test_config.rb new file mode 100644 index 0000000000..47d9c9ab45 --- /dev/null +++ b/test/openssl/test_config.rb @@ -0,0 +1,16 @@ +require 'openssl' +require "test/unit" + +class OpenSSL::TestConfig < Test::Unit::TestCase + def test_freeze + c = OpenSSL::Config.new + c['foo'] = [['key', 'value']] + c.freeze + + # [ruby-core:18377] + # RuntimeError for 1.9, TypeError for 1.8 + assert_raise(TypeError, /frozen/) do + c['foo'] = [['key', 'wrong']] + end + end +end diff --git a/test/openssl/test_ec.rb b/test/openssl/test_ec.rb index 66dbf54b4d..282bb67624 100644 --- a/test/openssl/test_ec.rb +++ b/test/openssl/test_ec.rb @@ -88,7 +88,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase for key in @keys sig = key.dsa_sign_asn1(@data1) assert_equal(key.dsa_verify_asn1(@data1, sig), true) - + assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) } end end diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb index adcb6f719c..50ad675a16 100644 --- a/test/openssl/test_hmac.rb +++ b/test/openssl/test_hmac.rb @@ -4,15 +4,13 @@ rescue LoadError end require "test/unit" -if defined?(OpenSSL) - class OpenSSL::TestHMAC < Test::Unit::TestCase def setup - @digest = OpenSSL::Digest::MD5.new + @digest = OpenSSL::Digest::MD5 @key = "KEY" @data = "DATA" - @h1 = OpenSSL::HMAC.new(@key, @digest) - @h2 = OpenSSL::HMAC.new(@key, @digest) + @h1 = OpenSSL::HMAC.new(@key, @digest.new) + @h2 = OpenSSL::HMAC.new(@key, "MD5") end def teardown @@ -20,8 +18,14 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase def test_hmac @h1.update(@data) - assert_equal(OpenSSL::HMAC.digest(@digest, @key, @data), @h1.digest, "digest") - assert_equal(OpenSSL::HMAC.hexdigest(@digest, @key, @data), @h1.hexdigest, "hexdigest") + @h2.update(@data) + assert_equal(@h1.digest, @h2.digest) + + assert_equal(OpenSSL::HMAC.digest(@digest.new, @key, @data), @h1.digest, "digest") + assert_equal(OpenSSL::HMAC.hexdigest(@digest.new, @key, @data), @h1.hexdigest, "hexdigest") + + assert_equal(OpenSSL::HMAC.digest("MD5", @key, @data), @h2.digest, "digest") + assert_equal(OpenSSL::HMAC.hexdigest("MD5", @key, @data), @h2.hexdigest, "hexdigest") end def test_dup @@ -40,5 +44,3 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase OpenSSL::HMAC.hexdigest(digest256, 'blah', "blah")) end end - -end diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb index cb57ddce71..fb3fd94474 100644 --- a/test/openssl/test_pkcs7.rb +++ b/test/openssl/test_pkcs7.rb @@ -36,7 +36,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) end - def issue_cert(*args) + def issue_cert(*args) OpenSSL::TestUtils.issue_cert(*args) end @@ -47,6 +47,127 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase data = "aaaaa\r\nbbbbb\r\nccccc\r\n" tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs) + p7 = OpenSSL::PKCS7.new(tmp.to_der) + certs = p7.certificates + signers = p7.signers + assert(p7.verify([], store)) + assert_equal(data, p7.data) + assert_equal(2, certs.size) + assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s) + assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s) + assert_equal(1, signers.size) + assert_equal(@ee1_cert.serial, signers[0].serial) + assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) + + # Normaly OpenSSL tries to translate the supplied content into canonical + # MIME format (e.g. a newline character is converted into CR+LF). + # If the content is a binary, PKCS7::BINARY flag should be used. + + data = "aaaaa\nbbbbb\nccccc\n" + flag = OpenSSL::PKCS7::BINARY + tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag) + p7 = OpenSSL::PKCS7.new(tmp.to_der) + certs = p7.certificates + signers = p7.signers + assert(p7.verify([], store)) + assert_equal(data, p7.data) + assert_equal(2, certs.size) + assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s) + assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s) + assert_equal(1, signers.size) + assert_equal(@ee1_cert.serial, signers[0].serial) + assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) + + # A signed-data which have multiple signatures can be created + # through the following steps. + # 1. create two signed-data + # 2. copy signerInfo and certificate from one to another + + tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag) + tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag) + tmp1.add_signer(tmp2.signers[0]) + tmp1.add_certificate(@ee2_cert) + + p7 = OpenSSL::PKCS7.new(tmp1.to_der) + certs = p7.certificates + signers = p7.signers + assert(p7.verify([], store)) + assert_equal(data, p7.data) + assert_equal(2, certs.size) + assert_equal(2, signers.size) + assert_equal(@ee1_cert.serial, signers[0].serial) + assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) + assert_equal(@ee2_cert.serial, signers[1].serial) + assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s) + end + + def test_detached_sign + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) + ca_certs = [@ca_cert] + + data = "aaaaa\nbbbbb\nccccc\n" + flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED + tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag) + p7 = OpenSSL::PKCS7.new(tmp.to_der) + a1 = OpenSSL::ASN1.decode(p7) + + certs = p7.certificates + signers = p7.signers + assert(!p7.verify([], store)) + assert(p7.verify([], store, data)) + assert_equal(data, p7.data) + assert_equal(2, certs.size) + assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s) + assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s) + assert_equal(1, signers.size) + assert_equal(@ee1_cert.serial, signers[0].serial) + assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) + end + + def test_enveloped + if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f + # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV. + # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html + return + end + + certs = [@ee1_cert, @ee2_cert] + cipher = OpenSSL::Cipher::AES.new("128-CBC") + data = "aaaaa\nbbbbb\nccccc\n" + + tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY) + p7 = OpenSSL::PKCS7.new(tmp.to_der) + recip = p7.recipients + assert_equal(:enveloped, p7.type) + assert_equal(2, recip.size) + + assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s) + assert_equal(2, recip[0].serial) + assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert)) + + assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s) + assert_equal(3, recip[1].serial) + assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert)) + end + + def silent + begin + back, $VERBOSE = $VERBOSE, nil + yield + ensure + $VERBOSE = back if back + end + end + + def test_signed_pkcs7_pkcs7 + silent do + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) + ca_certs = [@ca_cert] + + data = "aaaaa\r\nbbbbb\r\nccccc\r\n" + tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs) p7 = OpenSSL::PKCS7::PKCS7.new(tmp.to_der) certs = p7.certificates signers = p7.signers @@ -100,8 +221,10 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase assert_equal(@ee2_cert.serial, signers[1].serial) assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s) end + end - def test_detached_sign + def test_detached_sign_pkcs7_pkcs7 + silent do store = OpenSSL::X509::Store.new store.add_cert(@ca_cert) ca_certs = [@ca_cert] @@ -124,8 +247,10 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase assert_equal(@ee1_cert.serial, signers[0].serial) assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) end + end - def test_enveloped + def test_enveloped_pkcs7_pkcs7 + silent do if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV. # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html @@ -150,6 +275,7 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase assert_equal(3, recip[1].serial) assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert)) end + end end end diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 9c21d428bb..f127f7b239 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -102,7 +102,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase server_proc.call(ctx, ssl) end end - rescue Errno::EBADF, IOError + rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED end def start_server(port0, verify_mode, start_immediately, args = {}, &block) @@ -143,14 +143,25 @@ class OpenSSL::TestSSL < Test::Unit::TestCase block.call(server, port.to_i) ensure - tcps.close if (tcps) - if (server) - server.join(5) - if server.alive? - server.kill + begin + begin + tcps.shutdown + rescue Errno::ENOTCONN + # when `Errno::ENOTCONN: Socket is not connected' on some platforms, + # call #close instead of #shutdown. + tcps.close + tcps = nil + end if (tcps) + if (server) server.join(5) - flunk("TCPServer was closed and SSLServer is still alive") unless $! + if server.alive? + server.kill + server.join + flunk("TCPServer was closed and SSLServer is still alive") unless $! + end end + ensure + tcps.close if (tcps) end end end @@ -594,7 +605,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase ctx.session_add(saved_session) end connections += 1 - + readwrite_loop(ctx, ssl) end @@ -639,7 +650,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase ctx_proc = Proc.new do |ctx, ssl| foo_ctx = ctx.dup - ctx.servername_cb = Proc.new do |ssl, hostname| + ctx.servername_cb = Proc.new do |ssl2, hostname| case hostname when 'foo.example.com' foo_ctx diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb index dd52ab9644..91dd95e956 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb @@ -28,7 +28,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase def test_serial [1, 2**32, 2**100].each{|s| cert = issue_cert(@ca, @rsa2048, s, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(s, cert.serial) cert = OpenSSL::X509::Certificate.new(cert.to_der) assert_equal(s, cert.serial) @@ -60,25 +60,25 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase def test_validity now = Time.now until now && now.usec != 0 cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_not_equal(now, cert.not_before) assert_not_equal(now+3600, cert.not_after) now = Time.at(now.to_i) cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(now.getutc, cert.not_before) assert_equal((now+3600).getutc, cert.not_after) now = Time.at(0) cert = issue_cert(@ca, @rsa2048, 1, now, now, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(now.getutc, cert.not_before) assert_equal(now.getutc, cert.not_after) now = Time.at(0x7fffffff) cert = issue_cert(@ca, @rsa2048, 1, now, now, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(now.getutc, cert.not_before) assert_equal(now.getutc, cert.not_after) end @@ -91,7 +91,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase ["authorityKeyIdentifier","keyid:always",false], ] ca_cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, ca_exts, - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) ca_cert.extensions.each_with_index{|ext, i| assert_equal(ca_exts[i].first, ext.oid) assert_equal(ca_exts[i].last, ext.critical?) @@ -105,7 +105,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase ["subjectAltName","email:ee1@ruby-lang.org",false], ] ee1_cert = issue_cert(@ee1, @rsa1024, 2, Time.now, Time.now+1800, ee1_exts, - ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) + ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) assert_equal(ca_cert.subject.to_der, ee1_cert.issuer.to_der) ee1_cert.extensions.each_with_index{|ext, i| assert_equal(ee1_exts[i].first, ext.oid) @@ -120,7 +120,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase ["subjectAltName","email:ee2@ruby-lang.org",false], ] ee2_cert = issue_cert(@ee2, @rsa1024, 3, Time.now, Time.now+1800, ee2_exts, - ca_cert, @rsa2048, OpenSSL::Digest::MD5.new) + ca_cert, @rsa2048, OpenSSL::Digest::MD5.new) assert_equal(ca_cert.subject.to_der, ee2_cert.issuer.to_der) ee2_cert.extensions.each_with_index{|ext, i| assert_equal(ee2_exts[i].first, ext.oid) @@ -131,7 +131,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase def test_sign_and_verify cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(false, cert.verify(@rsa1024)) assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, cert.verify(@dsa256)) @@ -140,7 +140,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(false, cert.verify(@rsa2048)) cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::MD5.new) + nil, nil, OpenSSL::Digest::MD5.new) assert_equal(false, cert.verify(@rsa1024)) assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, cert.verify(@dsa256)) @@ -149,25 +149,25 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(false, cert.verify(@rsa2048)) cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::DSS1.new) + nil, nil, OpenSSL::Digest::DSS1.new) assert_equal(false, cert.verify(@rsa1024)) assert_equal(false, cert.verify(@rsa2048)) assert_equal(false, cert.verify(@dsa256)) assert_equal(true, cert.verify(@dsa512)) - cert.not_after = Time.now + cert.not_after = Time.now assert_equal(false, cert.verify(@dsa512)) assert_raise(OpenSSL::X509::CertificateError){ cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::DSS1.new) + nil, nil, OpenSSL::Digest::DSS1.new) } assert_raise(OpenSSL::X509::CertificateError){ cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::MD5.new) + nil, nil, OpenSSL::Digest::MD5.new) } assert_raise(OpenSSL::X509::CertificateError){ cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) } end diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb index b5b4229fd9..d9b2ef0c03 100644 --- a/test/openssl/test_x509crl.rb +++ b/test/openssl/test_x509crl.rb @@ -125,13 +125,13 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase def test_extension cert_exts = [ ["basicConstraints", "CA:TRUE", true], - ["subjectKeyIdentifier", "hash", false], - ["authorityKeyIdentifier", "keyid:always", false], + ["subjectKeyIdentifier", "hash", false], + ["authorityKeyIdentifier", "keyid:always", false], ["subjectAltName", "email:xyzzy@ruby-lang.org", false], ["keyUsage", "cRLSign, keyCertSign", true], ] crl_exts = [ - ["authorityKeyIdentifier", "keyid:always", false], + ["authorityKeyIdentifier", "keyid:always", false], ["issuerAltName", "issuer:copy", false], ] diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index c923705b86..2edb7b0c99 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -96,16 +96,16 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S cert end - def issue_crl(revoke_info, serial, lastup, nextup, extensions, + def issue_crl(revoke_info, serial, lastup, nextup, extensions, issuer, issuer_key, digest) crl = OpenSSL::X509::CRL.new crl.issuer = issuer.subject crl.version = 1 crl.last_update = lastup crl.next_update = nextup - revoke_info.each{|serial, time, reason_code| + revoke_info.each{|rserial, time, reason_code| revoked = OpenSSL::X509::Revoked.new - revoked.serial = serial + revoked.serial = rserial revoked.time = time enum = OpenSSL::ASN1::Enumerated(reason_code) ext = OpenSSL::X509::Extension.new("CRLReason", enum) |