summaryrefslogtreecommitdiff
path: root/spec/ruby/library/openssl/x509
diff options
context:
space:
mode:
Diffstat (limited to 'spec/ruby/library/openssl/x509')
-rw-r--r--spec/ruby/library/openssl/x509/name/parse_spec.rb48
-rw-r--r--spec/ruby/library/openssl/x509/store/verify_spec.rb78
2 files changed, 126 insertions, 0 deletions
diff --git a/spec/ruby/library/openssl/x509/name/parse_spec.rb b/spec/ruby/library/openssl/x509/name/parse_spec.rb
new file mode 100644
index 0000000000..84e3d442f6
--- /dev/null
+++ b/spec/ruby/library/openssl/x509/name/parse_spec.rb
@@ -0,0 +1,48 @@
+require_relative '../../../../spec_helper'
+require 'openssl'
+
+describe "OpenSSL::X509::Name.parse" do
+ it "parses a /-delimited string of key-value pairs into a Name" do
+ dn = "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org"
+ name = OpenSSL::X509::Name.parse(dn)
+
+ name.to_s.should == dn
+
+ ary = name.to_a
+
+ ary[0][0].should == "DC"
+ ary[1][0].should == "DC"
+ ary[2][0].should == "CN"
+ ary[0][1].should == "org"
+ ary[1][1].should == "ruby-lang"
+ ary[2][1].should == "www.ruby-lang.org"
+ ary[0][2].should == OpenSSL::ASN1::IA5STRING
+ ary[1][2].should == OpenSSL::ASN1::IA5STRING
+ ary[2][2].should == OpenSSL::ASN1::UTF8STRING
+ end
+
+ it "parses a comma-delimited string of key-value pairs into a name" do
+ dn = "DC=org, DC=ruby-lang, CN=www.ruby-lang.org"
+ name = OpenSSL::X509::Name.parse(dn)
+
+ name.to_s.should == "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org"
+
+ ary = name.to_a
+
+ ary[0][1].should == "org"
+ ary[1][1].should == "ruby-lang"
+ ary[2][1].should == "www.ruby-lang.org"
+ end
+
+ it "raises TypeError if the given string contains no key/value pairs" do
+ -> do
+ OpenSSL::X509::Name.parse("hello")
+ end.should.raise(TypeError)
+ end
+
+ it "raises OpenSSL::X509::NameError if the given string contains invalid keys" do
+ -> do
+ OpenSSL::X509::Name.parse("hello=goodbye")
+ end.should.raise(OpenSSL::X509::NameError)
+ end
+end
diff --git a/spec/ruby/library/openssl/x509/store/verify_spec.rb b/spec/ruby/library/openssl/x509/store/verify_spec.rb
new file mode 100644
index 0000000000..6a6a53d992
--- /dev/null
+++ b/spec/ruby/library/openssl/x509/store/verify_spec.rb
@@ -0,0 +1,78 @@
+require_relative '../../../../spec_helper'
+require 'openssl'
+
+describe "OpenSSL::X509::Store#verify" do
+ it "returns true for valid certificate" do
+ key = OpenSSL::PKey::RSA.new 2048
+ cert = OpenSSL::X509::Certificate.new
+ cert.version = 2
+ cert.serial = 1
+ cert.subject = OpenSSL::X509::Name.parse "/DC=org/DC=truffleruby/CN=TruffleRuby CA"
+ cert.issuer = cert.subject
+ cert.public_key = key.public_key
+ cert.not_before = Time.now - 10
+ cert.not_after = cert.not_before + 365 * 24 * 60 * 60
+ cert.sign key, OpenSSL::Digest.new('SHA256')
+ store = OpenSSL::X509::Store.new
+ store.add_cert(cert)
+ [store.verify(cert), store.error, store.error_string].should == [true, 0, "ok"]
+ end
+
+ it "returns false for an expired certificate" do
+ key = OpenSSL::PKey::RSA.new 2048
+ cert = OpenSSL::X509::Certificate.new
+ cert.version = 2
+ cert.serial = 1
+ cert.subject = OpenSSL::X509::Name.parse "/DC=org/DC=truffleruby/CN=TruffleRuby CA"
+ cert.issuer = cert.subject
+ cert.public_key = key.public_key
+ cert.not_before = Time.now - 10
+ cert.not_after = Time.now - 5
+ cert.sign key, OpenSSL::Digest.new('SHA256')
+ store = OpenSSL::X509::Store.new
+ store.add_cert(cert)
+ store.verify(cert).should == false
+ end
+
+ it "returns false for an expired root certificate" do
+ root_key = OpenSSL::PKey::RSA.new 2048
+ root_cert = OpenSSL::X509::Certificate.new
+ root_cert.version = 2
+ root_cert.serial = 1
+ root_cert.subject = OpenSSL::X509::Name.parse "/DC=org/DC=truffleruby/CN=TruffleRuby CA"
+ root_cert.issuer = root_cert.subject
+ root_cert.public_key = root_key.public_key
+ root_cert.not_before = Time.now - 10
+ root_cert.not_after = Time.now - 5
+ ef = OpenSSL::X509::ExtensionFactory.new
+ ef.subject_certificate = root_cert
+ ef.issuer_certificate = root_cert
+ root_cert.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
+ root_cert.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
+ root_cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
+ root_cert.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
+ root_cert.sign(root_key, OpenSSL::Digest.new('SHA256'))
+
+
+ key = OpenSSL::PKey::RSA.new 2048
+ cert = OpenSSL::X509::Certificate.new
+ cert.version = 2
+ cert.serial = 2
+ cert.subject = OpenSSL::X509::Name.parse "/DC=org/DC=truffleruby/CN=TruffleRuby certificate"
+ cert.issuer = root_cert.subject
+ cert.public_key = key.public_key
+ cert.not_before = Time.now
+ cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60
+ ef = OpenSSL::X509::ExtensionFactory.new
+ ef.subject_certificate = cert
+ ef.issuer_certificate = root_cert
+ cert.add_extension(ef.create_extension("keyUsage","digitalSignature", true))
+ cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
+ cert.sign(root_key, OpenSSL::Digest.new('SHA256'))
+
+ store = OpenSSL::X509::Store.new
+ store.add_cert(root_cert)
+ store.add_cert(cert)
+ store.verify(cert).should == false
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-05 22:46:10 +0000