summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorgotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2004-05-26 18:14:27 +0000
committergotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2004-05-26 18:14:27 +0000
commit61949eefde17da5497fe28cbbe311e459073296f (patch)
tree5512c3a0f9f43631d4f71597f2557fde09a6f9bf /test
parentfde5c3ff928fb42d30595f7e2a75bf7e123e5973 (diff)
* add test for OpenSSL::SSL.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
-rw-r--r--test/openssl/ssl_server.rb78
-rw-r--r--test/openssl/test_ssl.rb184
2 files changed, 262 insertions, 0 deletions
diff --git a/test/openssl/ssl_server.rb b/test/openssl/ssl_server.rb
new file mode 100644
index 00000000000..53e520379bb
--- /dev/null
+++ b/test/openssl/ssl_server.rb
@@ -0,0 +1,78 @@
+require "socket"
+require "thread"
+require "openssl"
+require File.join(File.dirname(__FILE__), "utils.rb")
+
+def get_pem(io=$stdin)
+ buf = ""
+ while line = io.gets
+ if /^-----BEGIN / =~ line
+ buf << line
+ break
+ end
+ end
+ while line = io.gets
+ buf << line
+ if /^-----END / =~ line
+ break
+ end
+ end
+ return buf
+end
+
+def make_key(pem)
+ begin
+ return OpenSSL::PKey::RSA.new(pem)
+ rescue
+ return OpenSSL::PKey::DSA.new(pem)
+ end
+end
+
+ca_cert = OpenSSL::X509::Certificate.new(get_pem)
+ssl_cert = OpenSSL::X509::Certificate.new(get_pem)
+ssl_key = make_key(get_pem)
+port = Integer(ARGV.shift)
+verify_mode = Integer(ARGV.shift)
+start_immediately = (/yes/ =~ ARGV.shift)
+
+store = OpenSSL::X509::Store.new
+store.add_cert(ca_cert)
+store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
+ctx = OpenSSL::SSL::SSLContext.new
+ctx.cert_store = store
+#ctx.extra_chain_cert = [ ca_cert ]
+ctx.cert = ssl_cert
+ctx.key = ssl_key
+ctx.verify_mode = verify_mode
+
+Socket.do_not_reverse_lookup = true
+tcps = TCPServer.new("0.0.0.0", port)
+ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
+ssls.start_immediately = start_immediately
+ssock = nil
+
+Thread.start{
+ while line = $stdin.gets
+ if /STARTTLS/ =~ line
+ ssock && ssock.accept
+ end
+ end
+ exit
+}
+
+$stdout.sync = true
+$stdout.puts Process.pid
+
+loop do
+ s = ssls.accept
+ ssock = s
+ Thread.start{
+ q = Queue.new
+ th = Thread.start{ s.write(q.shift) while true }
+ while line = s.gets
+ q.push(line)
+ end
+ th.kill
+ s.close unless s.closed?
+ }
+end
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
new file mode 100644
index 00000000000..e0517f9953b
--- /dev/null
+++ b/test/openssl/test_ssl.rb
@@ -0,0 +1,184 @@
+begin
+ require "openssl"
+ require File.join(File.dirname(__FILE__), "utils.rb")
+rescue LoadError
+end
+require "rbconfig"
+require "socket"
+require "test/unit"
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestSSL < Test::Unit::TestCase
+ RUBY = ENV["RUBY"] || File.join(
+ ::Config::CONFIG["bindir"],
+ ::Config::CONFIG["ruby_install_name"] + ::Config::CONFIG["EXEEXT"]
+ )
+ SSL_SERVER = File.join(File.dirname(__FILE__), "ssl_server.rb")
+ PORT = 20443
+ ITERATIONS = ($0 == __FILE__) ? 100 : 10
+
+ def setup
+ @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA2048
+ @svr_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+ @cli_key = OpenSSL::TestUtils::TEST_KEY_DSA256
+ @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
+ @svr = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
+ @cli = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
+
+ now = Time.at(Time.now.to_i)
+ ca_exts = [
+ ["basicConstraints","CA:TRUE",true],
+ ["keyUsage","cRLSign,keyCertSign",true],
+ ]
+ ee_exts = [
+ ["keyUsage","keyEncipherment,digitalSignature",true],
+ ]
+ @ca_cert = issue_cert(@ca, @ca_key, 1, now, now+3600, ca_exts,
+ nil, nil, OpenSSL::Digest::SHA1.new)
+ @svr_cert = issue_cert(@svr, @svr_key, 2, now, now+1800, ee_exts,
+ @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
+ @cli_cert = issue_cert(@cli, @cli_key, 3, now, now+1800, ee_exts,
+ @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
+ @server = nil
+ end
+
+ def teardown
+ end
+
+ def issue_cert(*arg)
+ OpenSSL::TestUtils.issue_cert(*arg)
+ end
+
+ def issue_crl(*arg)
+ OpenSSL::TestUtils.issue_crl(*arg)
+ end
+
+ def start_server(port, verify_mode, start_immediately, &block)
+ server = nil
+ begin
+ cmd = [RUBY]
+ cmd << "-d" if $DEBUG
+ cmd << SSL_SERVER << port.to_s << verify_mode.to_s
+ cmd << (start_immediately ? "yes" : "no")
+ server = IO.popen(cmd, "w+")
+ server.write(@ca_cert.to_pem)
+ server.write(@svr_cert.to_pem)
+ server.write(@svr_key.to_pem)
+ def server.starttls; self.puts("STARTTLS") end
+ pid = Integer(server.gets)
+ $stderr.printf("%s started: pid=%d\n", SSL_SERVER, pid) if $DEBUG
+ block.call(server)
+ ensure
+ server.close if server
+ end
+ end
+
+ def test_connect_and_close
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){
+ sock = TCPSocket.new("127.0.0.1", PORT)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
+ assert(ssl.connect)
+ ssl.close
+ assert(!sock.closed?)
+ sock.close
+
+ sock = TCPSocket.new("127.0.0.1", PORT)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
+ ssl.sync_close = true # !!
+ assert(ssl.connect)
+ ssl.close
+ assert(sock.closed?)
+ }
+ end
+
+ def test_read_and_write
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){
+ sock = TCPSocket.new("127.0.0.1", PORT)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
+ ssl.sync_close = true
+ ssl.connect
+
+ # syswrite and sysread
+ ITERATIONS.times{|i|
+ str = "x" * 100 + "\n"
+ ssl.syswrite(str)
+ assert_equal(str, ssl.sysread(str.size))
+
+ str = "x" * i * 100 + "\n"
+ buf = ""
+ ssl.syswrite(str)
+ assert_equal(buf.object_id, ssl.sysread(str.size, buf).object_id)
+ assert_equal(str, buf)
+ }
+
+ # puts and gets
+ ITERATIONS.times{
+ str = "x" * 100 + "\n"
+ ssl.puts(str)
+ assert_equal(str, ssl.gets)
+ }
+
+ # read and write
+ ITERATIONS.times{|i|
+ str = "x" * 100 + "\n"
+ ssl.write(str)
+ assert_equal(str, ssl.read(str.size))
+
+ str = "x" * i * 100 + "\n"
+ buf = ""
+ ssl.write(str)
+ assert_equal(buf.object_id, ssl.read(str.size, buf).object_id)
+ assert_equal(str, buf)
+ }
+
+ ssl.close
+ }
+ end
+
+ def test_starttls
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s|
+ sock = TCPSocket.new("127.0.0.1", PORT)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
+ ssl.sync_close = true
+ str = "x" * 1000 + "\n"
+
+ ITERATIONS.times{
+ ssl.puts(str)
+ assert_equal(str, ssl.gets)
+ }
+
+ s.starttls
+ ssl.connect
+
+ ITERATIONS.times{
+ ssl.puts(str)
+ assert_equal(str, ssl.gets)
+ }
+
+ ssl.close
+ }
+ end
+
+ def test_parallel
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){
+ ssls = []
+ 10.times{
+ sock = TCPSocket.new("127.0.0.1", PORT)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
+ ssl.connect
+ ssl.sync_close = true
+ ssls << ssl
+ }
+ str = "x" * 1000 + "\n"
+ ITERATIONS.times{
+ ssls.each{|ssl|
+ ssl.puts(str)
+ assert_equal(str, ssl.gets)
+ }
+ }
+ }
+ end
+end
+
+end