summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorgotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2005-08-22 20:47:55 +0000
committergotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2005-08-22 20:47:55 +0000
commit8a94b1740ad5c1676c8b4574733961fc36b1ad78 (patch)
treef67e5ec733bf10339e89bba6b08293857b1a5a28 /test
parentf19fe6d957766910d8cd6567c36b29a40ecf9b46 (diff)
* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): try to decode
the argument as a string. * ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method. * ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should set @time to avoid warning. * ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths, X509_STORE_add_cert, X509_STORE_add_crl): should raise error if wrapped functions fails. * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message. * ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid of unused variable. * test/openssl/test_ns_spki.rb: add new file. * test/openssl/test_x509store.rb: add test for error. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9021 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
-rw-r--r--test/openssl/test_ns_spki.rb59
-rw-r--r--test/openssl/test_x509store.rb22
2 files changed, 81 insertions, 0 deletions
diff --git a/test/openssl/test_ns_spki.rb b/test/openssl/test_ns_spki.rb
new file mode 100644
index 0000000000..3937132aa0
--- /dev/null
+++ b/test/openssl/test_ns_spki.rb
@@ -0,0 +1,59 @@
+begin
+ require "openssl"
+ require File.join(File.dirname(__FILE__), "utils.rb")
+rescue LoadError
+end
+require "test/unit"
+
+if defined?(OpenSSL)
+
+
+class OpenSSL::TestNSSPI < Test::Unit::TestCase
+ def setup
+ # This request data is adopt from the specification of
+ # "Netscape Extensions for User Key Generation".
+ # -- http://wp.netscape.com/eng/security/comm4-keygen.html
+ @b64 = "MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue+PtwBRE6XfV"
+ @b64 << "WtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID"
+ @b64 << "AQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n/S"
+ @b64 << "r/7iJNroWlSzSMtTiQTEB+ADWHGj9u1xrUrOilq/o2cuQxIfZcNZkYAkWP4DubqW"
+ @b64 << "i0//rgBvmco="
+ end
+
+ def teardown
+ end
+
+ def test_build_data
+ key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
+ key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
+ spki = OpenSSL::Netscape::SPKI.new
+ spki.challenge = "RandomString"
+ spki.public_key = key1.public_key
+ spki.sign(key1, OpenSSL::Digest::SHA1.new)
+ assert(spki.verify(spki.public_key))
+ assert(spki.verify(key1.public_key))
+ assert(!spki.verify(key2.public_key))
+
+ der = spki.to_der
+ spki = OpenSSL::Netscape::SPKI.new(der)
+ assert_equal("RandomString", spki.challenge)
+ assert_equal(key1.public_key.to_der, spki.public_key.to_der)
+ assert(spki.verify(spki.public_key))
+ end
+
+ def test_decode_data
+ spki = OpenSSL::Netscape::SPKI.new(@b64)
+ assert_equal(@b64, spki.to_pem)
+ assert_equal(@b64.unpack("m").first, spki.to_der)
+ assert_equal("MozillaIsMyFriend", spki.challenge)
+ assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
+
+ spki = OpenSSL::Netscape::SPKI.new(@b64.unpack("m").first)
+ assert_equal(@b64, spki.to_pem)
+ assert_equal(@b64.unpack("m").first, spki.to_der)
+ assert_equal("MozillaIsMyFriend", spki.challenge)
+ assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
+ end
+end
+
+end
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
index 6696020af7..b0fe597262 100644
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error)
assert_equal(false, store.verify(ee2_cert))
end
+
+ def test_set_errors
+ now = Time.now
+ ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [],
+ nil, nil, OpenSSL::Digest::SHA1.new)
+ store = OpenSSL::X509::Store.new
+ store.add_cert(ca1_cert)
+ assert_raises(OpenSSL::X509::StoreError){
+ store.add_cert(ca1_cert) # add same certificate twice
+ }
+
+ revoke_info = []
+ crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
+ ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+ revoke_info = [ [2, now, 1], ]
+ crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
+ ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+ store.add_crl(crl1)
+ assert_raises(OpenSSL::X509::StoreError){
+ store.add_crl(crl2) # add CRL issued by same CA twice.
+ }
+ end
end
end