summaryrefslogtreecommitdiff
path: root/test/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'test/openssl')
-rw-r--r--test/openssl/test_ec.rb4
-rw-r--r--test/openssl/test_x509cert.rb39
-rw-r--r--test/openssl/test_x509crl.rb28
-rw-r--r--test/openssl/test_x509req.rb38
4 files changed, 74 insertions, 35 deletions
diff --git a/test/openssl/test_ec.rb b/test/openssl/test_ec.rb
index 671901ca36..eb1c61e1a9 100644
--- a/test/openssl/test_ec.rb
+++ b/test/openssl/test_ec.rb
@@ -87,9 +87,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase
def test_dsa_sign_verify
for key in @keys
sig = key.dsa_sign_asn1(@data1)
- assert_equal(key.dsa_verify_asn1(@data1, sig), true)
-
- assert_raises(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) }
+ assert(key.dsa_verify_asn1(@data1, sig))
end
end
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
index a5a75ff1b6..cf5e6f7aab 100644
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@@ -129,13 +129,31 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
end
+ def test_sign_and_verify_wrong_key_type
+ cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
+ nil, nil, OpenSSL::Digest::SHA1.new)
+ cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
+ nil, nil, OpenSSL::Digest::DSS1.new)
+ begin
+ assert_equal(false, cert_rsa.verify(@dsa256))
+ rescue OpenSSL::X509::CertificateError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+
+ begin
+ assert_equal(false, cert_dsa.verify(@rsa1024))
+ rescue OpenSSL::X509::CertificateError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+ end
+
def test_sign_and_verify
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::SHA1.new)
assert_equal(false, cert.verify(@rsa1024))
assert_equal(true, cert.verify(@rsa2048))
- assert_equal(false, cert.verify(@dsa256))
- assert_equal(false, cert.verify(@dsa512))
cert.serial = 2
assert_equal(false, cert.verify(@rsa2048))
@@ -143,33 +161,22 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
nil, nil, OpenSSL::Digest::MD5.new)
assert_equal(false, cert.verify(@rsa1024))
assert_equal(true, cert.verify(@rsa2048))
- assert_equal(false, cert.verify(@dsa256))
- assert_equal(false, cert.verify(@dsa512))
cert.subject = @ee1
assert_equal(false, cert.verify(@rsa2048))
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::DSS1.new)
- assert_equal(false, cert.verify(@rsa1024))
- assert_equal(false, cert.verify(@rsa2048))
assert_equal(false, cert.verify(@dsa256))
assert_equal(true, cert.verify(@dsa512))
cert.not_after = Time.now
assert_equal(false, cert.verify(@dsa512))
+ end
+ def test_dsig_algorithm_mismatch
assert_raises(OpenSSL::X509::CertificateError){
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::DSS1.new)
}
- assert_raises(OpenSSL::X509::CertificateError){
- cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
- nil, nil, OpenSSL::Digest::MD5.new)
- }
- assert_raises(OpenSSL::X509::CertificateError){
- cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
- nil, nil, OpenSSL::Digest::SHA1.new)
- }
+ end
end
end
-
-end
diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb
index 444a00a586..c59ff52380 100644
--- a/test/openssl/test_x509crl.rb
+++ b/test/openssl/test_x509crl.rb
@@ -190,6 +190,30 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
assert_match((2**100).to_s, crl.extensions[0].value)
end
+ def test_sign_and_verify_wrong_key_type
+ cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
+ nil, nil, OpenSSL::Digest::SHA1.new)
+ crl_rsa = issue_crl([], 1, Time.now, Time.now+1600, [],
+ cert_rsa, @rsa2048, OpenSSL::Digest::SHA1.new)
+ cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
+ nil, nil, OpenSSL::Digest::DSS1.new)
+ crl_dsa = issue_crl([], 1, Time.now, Time.now+1600, [],
+ cert_dsa, @dsa512, OpenSSL::Digest::DSS1.new)
+ begin
+ assert_equal(false, crl_rsa.verify(@dsa256))
+ rescue OpenSSL::X509::CRLError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+
+ begin
+ assert_equal(false, crl_dsa.verify(@rsa1024))
+ rescue OpenSSL::X509::CRLError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+ end
+
def test_sign_and_verify
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::SHA1.new)
@@ -197,8 +221,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
cert, @rsa2048, OpenSSL::Digest::SHA1.new)
assert_equal(false, crl.verify(@rsa1024))
assert_equal(true, crl.verify(@rsa2048))
- assert_equal(false, crl.verify(@dsa256))
- assert_equal(false, crl.verify(@dsa512))
crl.version = 0
assert_equal(false, crl.verify(@rsa2048))
@@ -206,8 +228,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
nil, nil, OpenSSL::Digest::DSS1.new)
crl = issue_crl([], 1, Time.now, Time.now+1600, [],
cert, @dsa512, OpenSSL::Digest::DSS1.new)
- assert_equal(false, crl.verify(@rsa1024))
- assert_equal(false, crl.verify(@rsa2048))
assert_equal(false, crl.verify(@dsa256))
assert_equal(true, crl.verify(@dsa512))
crl.version = 0
diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb
index a37ed5c5ef..6186bcea0c 100644
--- a/test/openssl/test_x509req.rb
+++ b/test/openssl/test_x509req.rb
@@ -103,37 +103,51 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
assert_equal(exts, get_ext_req(attrs[1].value))
end
+ def test_sign_and_verify_wrong_key_type
+ req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
+ req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
+ begin
+ assert_equal(false, req_rsa.verify(@dsa256))
+ rescue OpenSSL::X509::RequestError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+
+ begin
+ assert_equal(false, req_dsa.verify(@rsa1024))
+ rescue OpenSSL::X509::RequestError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+ end
+
def test_sign_and_verify
req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
assert_equal(true, req.verify(@rsa1024))
assert_equal(false, req.verify(@rsa2048))
- assert_equal(false, req.verify(@dsa256))
- assert_equal(false, req.verify(@dsa512))
req.version = 1
assert_equal(false, req.verify(@rsa1024))
req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
assert_equal(false, req.verify(@rsa1024))
assert_equal(true, req.verify(@rsa2048))
- assert_equal(false, req.verify(@dsa256))
- assert_equal(false, req.verify(@dsa512))
req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
assert_equal(false, req.verify(@rsa2048))
req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
- assert_equal(false, req.verify(@rsa1024))
- assert_equal(false, req.verify(@rsa2048))
assert_equal(false, req.verify(@dsa256))
assert_equal(true, req.verify(@dsa512))
req.public_key = @rsa1024.public_key
assert_equal(false, req.verify(@dsa512))
+ end
- assert_raise(OpenSSL::X509::RequestError){
- issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
- assert_raise(OpenSSL::X509::RequestError){
- issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
- assert_raise(OpenSSL::X509::RequestError){
- issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
+ def test_dsig_algorithm_mismatch
+ assert_raise(OpenSSL::X509::RequestError) do
+ issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new)
+ end
+ assert_raise(OpenSSL::X509::RequestError) do
+ issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new)
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-26 17:55:22 +0000