summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog11
-rw-r--r--ext/openssl/ossl_ocsp.c83
-rw-r--r--test/openssl/test_ocsp.rb24
3 files changed, 110 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index fa058d2b33b..ab2fed04c5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+Tue Jun 14 22:11:11 2016 Kazuki Yamaguchi <k@rhe.jp>
+
+ * ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash,
+ ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm):
+ Add accessor methods OCSP::CertificateId#issuer_name_hash,
+ #issuer_key_hash, #hash_algorithm.
+ Based on a patch provided by Paul Kehrer <paul.l.kehrer@gmail.com>.
+ [ruby-core:48062] [Feature #7181]
+
+ * test/openssl/test_ocsp.rb: Test these new methods.
+
Tue Jun 14 22:07:25 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/date/date_strftime.c (date_strftime_with_tmx): reject too
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index d4589daf038..8b6ad6cff08 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -1004,11 +1004,11 @@ ossl_ocspcid_cmp_issuer(VALUE self, VALUE other)
/*
* call-seq:
- * certificate_id.get_serial -> Integer
+ * certificate_id.serial -> Integer
*
- * Returns the serial number of the issuing certificate.
+ * Returns the serial number of the certificate for which status is being
+ * requested.
*/
-
static VALUE
ossl_ocspcid_get_serial(VALUE self)
{
@@ -1023,6 +1023,79 @@ ossl_ocspcid_get_serial(VALUE self)
/*
* call-seq:
+ * certificate_id.issuer_name_hash -> String
+ *
+ * Returns the issuerNameHash of this certificate ID, the hash of the
+ * issuer's distinguished name calculated with the hashAlgorithm.
+ */
+static VALUE
+ossl_ocspcid_get_issuer_name_hash(VALUE self)
+{
+ OCSP_CERTID *id;
+ ASN1_OCTET_STRING *name_hash;
+ char *hexbuf;
+
+ GetOCSPCertId(self, id);
+ OCSP_id_get0_info(&name_hash, NULL, NULL, NULL, id);
+
+ if (string2hex(name_hash->data, name_hash->length, &hexbuf, NULL) < 0)
+ ossl_raise(eOCSPError, "string2hex");
+
+ return ossl_buf2str(hexbuf, name_hash->length * 2);
+}
+
+/*
+ * call-seq:
+ * certificate_id.issuer_key_hash -> String
+ *
+ * Returns the issuerKeyHash of this certificate ID, the hash of the issuer's
+ * public key.
+ */
+static VALUE
+ossl_ocspcid_get_issuer_key_hash(VALUE self)
+{
+ OCSP_CERTID *id;
+ ASN1_OCTET_STRING *key_hash;
+ char *hexbuf;
+
+ GetOCSPCertId(self, id);
+ OCSP_id_get0_info(NULL, NULL, &key_hash, NULL, id);
+
+ if (string2hex(key_hash->data, key_hash->length, &hexbuf, NULL) < 0)
+ ossl_raise(eOCSPError, "string2hex");
+
+ return ossl_buf2str(hexbuf, key_hash->length * 2);
+}
+
+/*
+ * call-seq:
+ * certificate_id.hash_algorithm -> String
+ *
+ * Returns the ln (long name) of the hash algorithm used to generate
+ * the issuerNameHash and the issuerKeyHash values.
+ */
+static VALUE
+ossl_ocspcid_get_hash_algorithm(VALUE self)
+{
+ OCSP_CERTID *id;
+ ASN1_OBJECT *oid;
+ BIO *out;
+
+ GetOCSPCertId(self, id);
+ OCSP_id_get0_info(NULL, &oid, NULL, NULL, id);
+
+ if (!(out = BIO_new(BIO_s_mem())))
+ ossl_raise(eOCSPError, "BIO_new");
+
+ if (!i2a_ASN1_OBJECT(out, oid)) {
+ BIO_free(out);
+ ossl_raise(eOCSPError, "i2a_ASN1_OBJECT");
+ }
+ return ossl_membio2str(out);
+}
+
+/*
+ * call-seq:
* certificate_id.to_der -> String
*
* Encodes this certificate identifier into a DER-encoded string.
@@ -1227,6 +1300,9 @@ Init_ossl_ocsp(void)
rb_define_method(cOCSPCertId, "cmp", ossl_ocspcid_cmp, 1);
rb_define_method(cOCSPCertId, "cmp_issuer", ossl_ocspcid_cmp_issuer, 1);
rb_define_method(cOCSPCertId, "serial", ossl_ocspcid_get_serial, 0);
+ rb_define_method(cOCSPCertId, "issuer_name_hash", ossl_ocspcid_get_issuer_name_hash, 0);
+ rb_define_method(cOCSPCertId, "issuer_key_hash", ossl_ocspcid_get_issuer_key_hash, 0);
+ rb_define_method(cOCSPCertId, "hash_algorithm", ossl_ocspcid_get_hash_algorithm, 0);
rb_define_method(cOCSPCertId, "to_der", ossl_ocspcid_to_der, 0);
/* Internal error in issuer */
@@ -1329,7 +1405,6 @@ Init_ossl_ocsp(void)
/* The responder ID is based on the public key. */
rb_define_const(mOCSP, "V_RESPID_KEY", INT2NUM(V_OCSP_RESPID_KEY));
}
-
#else
void
Init_ossl_ocsp(void)
diff --git a/test/openssl/test_ocsp.rb b/test/openssl/test_ocsp.rb
index 7d4b39aec29..efdb7e1014d 100644
--- a/test/openssl/test_ocsp.rb
+++ b/test/openssl/test_ocsp.rb
@@ -38,13 +38,29 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
assert_kind_of OpenSSL::OCSP::CertificateId, cid
assert_equal @cert.serial, cid.serial
- end
-
- def test_new_certificate_id_with_digest
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA256.new)
assert_kind_of OpenSSL::OCSP::CertificateId, cid
assert_equal @cert.serial, cid.serial
- end if defined?(OpenSSL::Digest::SHA256)
+ end
+
+ def test_certificate_id_issuer_name_hash
+ cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
+ assert_equal OpenSSL::Digest::SHA1.hexdigest(@cert.issuer.to_der), cid.issuer_name_hash
+ assert_equal "d91f736ac4dc3242f0fb9b77a3149bd83c5c43d0", cid.issuer_name_hash
+ end
+
+ def test_certificate_id_issuer_key_hash
+ cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
+ assert_equal OpenSSL::Digest::SHA1.hexdigest(OpenSSL::ASN1.decode(@ca_cert.to_der).value[0].value[6].value[1].value), cid.issuer_key_hash
+ assert_equal "d1fef9fbf8ae1bc160cbfa03e2596dd873089213", cid.issuer_key_hash
+ end
+
+ def test_certificate_id_hash_algorithm
+ cid_sha1 = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
+ cid_sha256 = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA256.new)
+ assert_equal "sha1", cid_sha1.hash_algorithm
+ assert_equal "sha256", cid_sha256.hash_algorithm
+ end
def test_certificate_id_der
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert) # hash algorithm defaults to SHA-1