summaryrefslogtreecommitdiff
path: root/test/rubygems/test_gem_security.rb
diff options
context:
space:
mode:
Diffstat (limited to 'test/rubygems/test_gem_security.rb')
-rw-r--r--test/rubygems/test_gem_security.rb195
1 files changed, 109 insertions, 86 deletions
diff --git a/test/rubygems/test_gem_security.rb b/test/rubygems/test_gem_security.rb
index 2eabbea3bf..82449a8626 100644
--- a/test/rubygems/test_gem_security.rb
+++ b/test/rubygems/test_gem_security.rb
@@ -1,33 +1,29 @@
# frozen_string_literal: true
-require_relative 'helper'
-require 'rubygems/security'
+
+require_relative "helper"
+require "rubygems/security"
unless Gem::HAVE_OPENSSL
- warn 'Skipping Gem::Security tests. openssl not found.'
+ warn "Skipping Gem::Security tests. openssl not found."
end
if Gem.java_platform?
- warn 'Skipping Gem::Security tests on jruby.'
+ warn "Skipping Gem::Security tests on jruby."
end
class TestGemSecurity < Gem::TestCase
- CHILD_KEY = load_key 'child'
-
- ALTERNATE_CERT = load_cert 'child'
- CHILD_CERT = load_cert 'child'
- EXPIRED_CERT = load_cert 'expired'
+ CHILD_KEY = load_key "child"
+ EC_KEY = load_key "private_ec", "Foo bar"
- def setup
- super
-
- @SEC = Gem::Security
- end
+ ALTERNATE_CERT = load_cert "child"
+ CHILD_CERT = load_cert "child"
+ EXPIRED_CERT = load_cert "expired"
def test_class_create_cert
name = PUBLIC_CERT.subject
key = PRIVATE_KEY
- cert = @SEC.create_cert name, key, 60, Gem::Security::EXTENSIONS, 5
+ cert = Gem::Security.create_cert name, key, 60, Gem::Security::EXTENSIONS, 5
assert_kind_of OpenSSL::X509::Certificate, cert
@@ -41,37 +37,37 @@ class TestGemSecurity < Gem::TestCase
assert_equal 3, cert.extensions.length,
cert.extensions.map {|e| e.to_a.first }
- constraints = cert.extensions.find {|ext| ext.oid == 'basicConstraints' }
- assert_equal 'CA:FALSE', constraints.value
+ constraints = cert.extensions.find {|ext| ext.oid == "basicConstraints" }
+ assert_equal "CA:FALSE", constraints.value
- key_usage = cert.extensions.find {|ext| ext.oid == 'keyUsage' }
- assert_equal 'Digital Signature, Key Encipherment, Data Encipherment',
+ key_usage = cert.extensions.find {|ext| ext.oid == "keyUsage" }
+ assert_equal "Digital Signature, Key Encipherment, Data Encipherment",
key_usage.value
- key_ident = cert.extensions.find {|ext| ext.oid == 'subjectKeyIdentifier' }
+ key_ident = cert.extensions.find {|ext| ext.oid == "subjectKeyIdentifier" }
assert_equal 59, key_ident.value.length
- assert_equal '5F:43:6E:F6:9A:8E:45:25:E9:22:E3:7D:37:5E:A4:D5:36:02:85:1B',
+ assert_equal "B1:1A:54:09:67:45:60:02:02:D7:CE:F4:1D:60:4A:89:DF:E7:58:D9",
key_ident.value
- assert_equal '', cert.issuer.to_s
+ assert_equal "", cert.issuer.to_s
assert_equal name.to_s, cert.subject.to_s
end
def test_class_create_cert_self_signed
subject = PUBLIC_CERT.subject
- cert = @SEC.create_cert_self_signed subject, PRIVATE_KEY, 60
+ cert = Gem::Security.create_cert_self_signed subject, PRIVATE_KEY, 60
- assert_equal '/CN=nobody/DC=example', cert.issuer.to_s
+ assert_equal "/CN=nobody/DC=example", cert.issuer.to_s
assert_equal "sha256WithRSAEncryption", cert.signature_algorithm
end
def test_class_create_cert_email
- email = 'nobody@example'
+ email = "nobody@example"
name = PUBLIC_CERT.subject
key = PRIVATE_KEY
- cert = @SEC.create_cert_email email, key, 60
+ cert = Gem::Security.create_cert_email email, key, 60
assert_kind_of OpenSSL::X509::Certificate, cert
@@ -86,44 +82,71 @@ class TestGemSecurity < Gem::TestCase
assert_equal 5, cert.extensions.length,
cert.extensions.map {|e| e.to_a.first }
- constraints = cert.extensions.find {|ext| ext.oid == 'subjectAltName' }
- assert_equal 'email:nobody@example', constraints.value
+ constraints = cert.extensions.find {|ext| ext.oid == "subjectAltName" }
+ assert_equal "email:nobody@example", constraints.value
- constraints = cert.extensions.find {|ext| ext.oid == 'basicConstraints' }
- assert_equal 'CA:FALSE', constraints.value
+ constraints = cert.extensions.find {|ext| ext.oid == "basicConstraints" }
+ assert_equal "CA:FALSE", constraints.value
- key_usage = cert.extensions.find {|ext| ext.oid == 'keyUsage' }
- assert_equal 'Digital Signature, Key Encipherment, Data Encipherment',
+ key_usage = cert.extensions.find {|ext| ext.oid == "keyUsage" }
+ assert_equal "Digital Signature, Key Encipherment, Data Encipherment",
key_usage.value
- key_ident = cert.extensions.find {|ext| ext.oid == 'subjectKeyIdentifier' }
+ key_ident = cert.extensions.find {|ext| ext.oid == "subjectKeyIdentifier" }
assert_equal 59, key_ident.value.length
- assert_equal '5F:43:6E:F6:9A:8E:45:25:E9:22:E3:7D:37:5E:A4:D5:36:02:85:1B',
+ assert_equal "B1:1A:54:09:67:45:60:02:02:D7:CE:F4:1D:60:4A:89:DF:E7:58:D9",
key_ident.value
end
def test_class_create_key
- key = @SEC.create_key 1024
+ key = Gem::Security.create_key "rsa"
assert_kind_of OpenSSL::PKey::RSA, key
end
+ def test_class_create_key_downcases
+ key = Gem::Security.create_key "DSA"
+
+ assert_kind_of OpenSSL::PKey::DSA, key
+ end
+
+ def test_class_create_key_raises_unknown_algorithm
+ e = assert_raise Gem::Security::Exception do
+ Gem::Security.create_key "NOT_RSA"
+ end
+
+ assert_equal "NOT_RSA algorithm not found. RSA, DSA, and EC algorithms are supported.",
+ e.message
+ end
+
+ def test_class_get_public_key_rsa
+ pkey_pem = PRIVATE_KEY.public_key.to_pem
+
+ assert_equal pkey_pem, Gem::Security.get_public_key(PRIVATE_KEY).to_pem
+ end
+
+ def test_class_get_public_key_ec
+ pkey = Gem::Security.get_public_key(EC_KEY)
+
+ assert_respond_to pkey, :to_pem
+ end
+
def test_class_email_to_name
- assert_equal '/CN=nobody/DC=example',
- @SEC.email_to_name('nobody@example').to_s
+ assert_equal "/CN=nobody/DC=example",
+ Gem::Security.email_to_name("nobody@example").to_s
- assert_equal '/CN=nobody/DC=example/DC=com',
- @SEC.email_to_name('nobody@example.com').to_s
+ assert_equal "/CN=nobody/DC=example/DC=com",
+ Gem::Security.email_to_name("nobody@example.com").to_s
- assert_equal '/CN=no.body/DC=example',
- @SEC.email_to_name('no.body@example').to_s
+ assert_equal "/CN=no.body/DC=example",
+ Gem::Security.email_to_name("no.body@example").to_s
- assert_equal '/CN=no_body/DC=example',
- @SEC.email_to_name('no+body@example').to_s
+ assert_equal "/CN=no_body/DC=example",
+ Gem::Security.email_to_name("no+body@example").to_s
end
def test_class_re_sign
- assert_equal "sha1WithRSAEncryption", EXPIRED_CERT.signature_algorithm
+ assert_equal "sha256WithRSAEncryption", EXPIRED_CERT.signature_algorithm
re_signed = Gem::Security.re_sign EXPIRED_CERT, PRIVATE_KEY, 60
assert_in_delta Time.now, re_signed.not_before, 10
@@ -140,10 +163,10 @@ class TestGemSecurity < Gem::TestCase
end
child_alt_name = CHILD_CERT.extensions.find do |extension|
- extension.oid == 'subjectAltName'
+ extension.oid == "subjectAltName"
end
- assert_equal "#{child_alt_name.value} is not self-signed, contact " +
+ assert_equal "#{child_alt_name.value} is not self-signed, contact " \
"#{ALTERNATE_CERT.issuer} to obtain a valid certificate",
e.message
end
@@ -154,21 +177,21 @@ class TestGemSecurity < Gem::TestCase
end
assert_equal "incorrect signing key for re-signing " +
- "#{ALTERNATE_CERT.subject}",
+ ALTERNATE_CERT.subject.to_s,
e.message
end
def test_class_reset
- trust_dir = @SEC.trust_dir
+ trust_dir = Gem::Security.trust_dir
- @SEC.reset
+ Gem::Security.reset
- refute_equal trust_dir, @SEC.trust_dir
+ refute_equal trust_dir, Gem::Security.trust_dir
end
def test_class_sign
issuer = PUBLIC_CERT.subject
- signee = OpenSSL::X509::Name.parse "/CN=signee/DC=example"
+ signee = OpenSSL::X509::Name.new([["CN", "signee"], ["DC", "example"]])
key = PRIVATE_KEY
cert = OpenSSL::X509::Certificate.new
@@ -177,7 +200,7 @@ class TestGemSecurity < Gem::TestCase
cert.subject = signee
cert.public_key = key.public_key
- signed = @SEC.sign cert, key, PUBLIC_CERT, 60
+ signed = Gem::Security.sign cert, key, PUBLIC_CERT, 60
assert_equal key.public_key.to_pem, signed.public_key.to_pem
assert_equal signee.to_s, signed.subject.to_s
@@ -189,20 +212,20 @@ class TestGemSecurity < Gem::TestCase
assert_equal 4, signed.extensions.length,
signed.extensions.map {|e| e.to_a.first }
- constraints = signed.extensions.find {|ext| ext.oid == 'issuerAltName' }
- assert_equal 'email:nobody@example', constraints.value, 'issuerAltName'
+ constraints = signed.extensions.find {|ext| ext.oid == "issuerAltName" }
+ assert_equal "email:nobody@example", constraints.value, "issuerAltName"
- constraints = signed.extensions.find {|ext| ext.oid == 'basicConstraints' }
- assert_equal 'CA:FALSE', constraints.value
+ constraints = signed.extensions.find {|ext| ext.oid == "basicConstraints" }
+ assert_equal "CA:FALSE", constraints.value
- key_usage = signed.extensions.find {|ext| ext.oid == 'keyUsage' }
- assert_equal 'Digital Signature, Key Encipherment, Data Encipherment',
+ key_usage = signed.extensions.find {|ext| ext.oid == "keyUsage" }
+ assert_equal "Digital Signature, Key Encipherment, Data Encipherment",
key_usage.value
key_ident =
- signed.extensions.find {|ext| ext.oid == 'subjectKeyIdentifier' }
+ signed.extensions.find {|ext| ext.oid == "subjectKeyIdentifier" }
assert_equal 59, key_ident.value.length
- assert_equal '5F:43:6E:F6:9A:8E:45:25:E9:22:E3:7D:37:5E:A4:D5:36:02:85:1B',
+ assert_equal "B1:1A:54:09:67:45:60:02:02:D7:CE:F4:1D:60:4A:89:DF:E7:58:D9",
key_ident.value
assert signed.verify key
@@ -212,9 +235,9 @@ class TestGemSecurity < Gem::TestCase
issuer = PUBLIC_CERT.subject
signee = OpenSSL::X509::Name.parse "/CN=signee/DC=example"
- cert = @SEC.create_cert_email 'signee@example', PRIVATE_KEY
+ cert = Gem::Security.create_cert_email "signee@example", PRIVATE_KEY
- signed = @SEC.sign cert, PRIVATE_KEY, PUBLIC_CERT, 60
+ signed = Gem::Security.sign cert, PRIVATE_KEY, PUBLIC_CERT, 60
assert_equal PUBLIC_KEY.to_pem, signed.public_key.to_pem
assert_equal signee.to_s, signed.subject.to_s
@@ -228,42 +251,42 @@ class TestGemSecurity < Gem::TestCase
assert_equal 5, signed.extensions.length,
signed.extensions.map {|e| e.to_a.first }
- constraints = signed.extensions.find {|ext| ext.oid == 'issuerAltName' }
- assert_equal 'email:nobody@example', constraints.value, 'issuerAltName'
+ constraints = signed.extensions.find {|ext| ext.oid == "issuerAltName" }
+ assert_equal "email:nobody@example", constraints.value, "issuerAltName"
- constraints = signed.extensions.find {|ext| ext.oid == 'subjectAltName' }
- assert_equal 'email:signee@example', constraints.value, 'subjectAltName'
+ constraints = signed.extensions.find {|ext| ext.oid == "subjectAltName" }
+ assert_equal "email:signee@example", constraints.value, "subjectAltName"
- constraints = signed.extensions.find {|ext| ext.oid == 'basicConstraints' }
- assert_equal 'CA:FALSE', constraints.value
+ constraints = signed.extensions.find {|ext| ext.oid == "basicConstraints" }
+ assert_equal "CA:FALSE", constraints.value
- key_usage = signed.extensions.find {|ext| ext.oid == 'keyUsage' }
- assert_equal 'Digital Signature, Key Encipherment, Data Encipherment',
+ key_usage = signed.extensions.find {|ext| ext.oid == "keyUsage" }
+ assert_equal "Digital Signature, Key Encipherment, Data Encipherment",
key_usage.value
key_ident =
- signed.extensions.find {|ext| ext.oid == 'subjectKeyIdentifier' }
+ signed.extensions.find {|ext| ext.oid == "subjectKeyIdentifier" }
assert_equal 59, key_ident.value.length
- assert_equal '5F:43:6E:F6:9A:8E:45:25:E9:22:E3:7D:37:5E:A4:D5:36:02:85:1B',
+ assert_equal "B1:1A:54:09:67:45:60:02:02:D7:CE:F4:1D:60:4A:89:DF:E7:58:D9",
key_ident.value
assert signed.verify PUBLIC_KEY
end
def test_class_trust_dir
- trust_dir = @SEC.trust_dir
+ trust_dir = Gem::Security.trust_dir
- expected = File.join Gem.user_home, '.gem/trust'
+ expected = File.join Gem.user_home, ".gem/trust"
assert_equal expected, trust_dir.dir
end
def test_class_write
- key = @SEC.create_key 1024
+ key = Gem::Security.create_key "rsa"
- path = File.join @tempdir, 'test-private_key.pem'
+ path = File.join @tempdir, "test-private_key.pem"
- @SEC.write key, path
+ Gem::Security.write key, path
assert_path_exist path
@@ -273,13 +296,13 @@ class TestGemSecurity < Gem::TestCase
end
def test_class_write_encrypted
- key = @SEC.create_key 1024
+ key = Gem::Security.create_key "rsa"
- path = File.join @tempdir, 'test-private_encrypted_key.pem'
+ path = File.join @tempdir, "test-private_encrypted_key.pem"
- passphrase = 'It should be long.'
+ passphrase = "It should be long."
- @SEC.write key, path, 0600, passphrase
+ Gem::Security.write key, path, 0o600, passphrase
assert_path_exist path
@@ -289,15 +312,15 @@ class TestGemSecurity < Gem::TestCase
end
def test_class_write_encrypted_cipher
- key = @SEC.create_key 1024
+ key = Gem::Security.create_key "rsa"
- path = File.join @tempdir, 'test-private_encrypted__with_non_default_cipher_key.pem'
+ path = File.join @tempdir, "test-private_encrypted__with_non_default_cipher_key.pem"
- passphrase = 'It should be long.'
+ passphrase = "It should be long."
- cipher = OpenSSL::Cipher.new 'AES-192-CBC'
+ cipher = OpenSSL::Cipher.new "AES-192-CBC"
- @SEC.write key, path, 0600, passphrase, cipher
+ Gem::Security.write key, path, 0o600, passphrase, cipher
assert_path_exist path
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-18 14:49:14 +0000