diff options
Diffstat (limited to 'test/openssl/test_x509req.rb')
| -rw-r--r-- | test/openssl/test_x509req.rb | 38 |
1 files changed, 26 insertions, 12 deletions
diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb index a37ed5c5ef..6186bcea0c 100644 --- a/test/openssl/test_x509req.rb +++ b/test/openssl/test_x509req.rb @@ -103,37 +103,51 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase assert_equal(exts, get_ext_req(attrs[1].value)) end + def test_sign_and_verify_wrong_key_type + req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new) + req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new) + begin + assert_equal(false, req_rsa.verify(@dsa256)) + rescue OpenSSL::X509::RequestError => e + # OpenSSL 1.0.0 added checks for pkey OID + assert_equal('wrong public key type', e.message) + end + + begin + assert_equal(false, req_dsa.verify(@rsa1024)) + rescue OpenSSL::X509::RequestError => e + # OpenSSL 1.0.0 added checks for pkey OID + assert_equal('wrong public key type', e.message) + end + end + def test_sign_and_verify req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new) assert_equal(true, req.verify(@rsa1024)) assert_equal(false, req.verify(@rsa2048)) - assert_equal(false, req.verify(@dsa256)) - assert_equal(false, req.verify(@dsa512)) req.version = 1 assert_equal(false, req.verify(@rsa1024)) req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new) assert_equal(false, req.verify(@rsa1024)) assert_equal(true, req.verify(@rsa2048)) - assert_equal(false, req.verify(@dsa256)) - assert_equal(false, req.verify(@dsa512)) req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar") assert_equal(false, req.verify(@rsa2048)) req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new) - assert_equal(false, req.verify(@rsa1024)) - assert_equal(false, req.verify(@rsa2048)) assert_equal(false, req.verify(@dsa256)) assert_equal(true, req.verify(@dsa512)) req.public_key = @rsa1024.public_key assert_equal(false, req.verify(@dsa512)) + end - assert_raise(OpenSSL::X509::RequestError){ - issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) } - assert_raise(OpenSSL::X509::RequestError){ - issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) } - assert_raise(OpenSSL::X509::RequestError){ - issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) } + def test_dsig_algorithm_mismatch + assert_raise(OpenSSL::X509::RequestError) do + issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) + end + assert_raise(OpenSSL::X509::RequestError) do + issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) + end end end |