From c27fd3331989b33b9721444c98e77ba367a65270 Mon Sep 17 00:00:00 2001 From: drbrain Date: Thu, 7 Feb 2013 05:56:53 +0000 Subject: * lib/rubygems/package.rb: Ensure digests are generated for signing. * test/rubygems/test_gem_package.rb: Test for the above. * lib/rubygems/security/policy.rb: Ensure digests are present when verifying a gem and match the number of signatures bidirectionally. * test/rubygems/test_gem_security_policy.rb: Test for the above. * lib/rubygems.rb: Documentation improvements (by zzak) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39126 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/rubygems/test_gem_package.rb | 54 ++++++++++++++- test/rubygems/test_gem_security_policy.rb | 109 +++++++++++++++++++++--------- 2 files changed, 128 insertions(+), 35 deletions(-) (limited to 'test/rubygems') diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb index 3051147948..d08f46d7d2 100644 --- a/test/rubygems/test_gem_package.rb +++ b/test/rubygems/test_gem_package.rb @@ -429,10 +429,17 @@ class TestGemPackage < Gem::Package::TarTestCase digest = OpenSSL::Digest::SHA1.new digest << metadata_gz - checksum = "#{digest.name}\t#{digest.hexdigest}\n" - tar.add_file 'metadata.gz.sum', 0444 do |io| - io.write checksum + checksums = { + 'SHA1' => { + 'metadata.gz' => digest.hexdigest, + }, + } + + tar.add_file 'checksums.yaml.gz', 0444 do |io| + Zlib::GzipWriter.wrap io do |gz_io| + gz_io.write YAML.dump checksums + end end tar.add_file 'data.tar.gz', 0444 do |io| @@ -504,6 +511,47 @@ class TestGemPackage < Gem::Package::TarTestCase assert_empty package.instance_variable_get(:@files), '@files must empty' end + def test_verify_security_policy_checksum_missing + @spec.cert_chain = [PUBLIC_CERT.to_pem] + @spec.signing_key = PRIVATE_KEY + + build = Gem::Package.new @gem + build.spec = @spec + build.setup_signer + + FileUtils.mkdir 'lib' + FileUtils.touch 'lib/code.rb' + + open @gem, 'wb' do |gem_io| + Gem::Package::TarWriter.new gem_io do |gem| + build.add_metadata gem + build.add_contents gem + + # write bogus data.tar.gz to foil signature + bogus_data = Gem.gzip 'hello' + gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io| + io.write bogus_data + end + + # pre rubygems 2.0 gems do not add checksums + end + end + + Gem::Security.trust_dir.trust_cert PUBLIC_CERT + + package = Gem::Package.new @gem + package.security_policy = Gem::Security::HighSecurity + + e = assert_raises Gem::Security::Exception do + package.verify + end + + assert_equal 'invalid signature', e.message + + refute package.instance_variable_get(:@spec), '@spec must not be loaded' + assert_empty package.instance_variable_get(:@files), '@files must empty' + end + def test_verify_truncate open 'bad.gem', 'wb' do |io| io.write File.read(@gem, 1024) # don't care about newlines diff --git a/test/rubygems/test_gem_security_policy.rb b/test/rubygems/test_gem_security_policy.rb index 22f5375dbf..568bf69d08 100644 --- a/test/rubygems/test_gem_security_policy.rb +++ b/test/rubygems/test_gem_security_policy.rb @@ -31,6 +31,7 @@ class TestGemSecurityPolicy < Gem::TestCase @sha1 = OpenSSL::Digest::SHA1 @trust_dir = Gem::Security.trust_dir.dir # HACK use the object + @no = Gem::Security::NoSecurity @almost_no = Gem::Security::AlmostNoSecurity @low = Gem::Security::LowSecurity @high = Gem::Security::HighSecurity @@ -220,73 +221,108 @@ class TestGemSecurityPolicy < Gem::TestCase def test_verify Gem::Security.trust_dir.trust_cert PUBLIC_CERT - assert @almost_no.verify [PUBLIC_CERT] + assert @almost_no.verify [PUBLIC_CERT], nil, *dummy_signatures end def test_verify_chain_signatures Gem::Security.trust_dir.trust_cert PUBLIC_CERT - data = digest 'hello' - digest = { 'SHA1' => { 0 => data } } - signature = { 0 => sign(data, PRIVATE_KEY) } - - assert @high.verify [PUBLIC_CERT], nil, digest, signature + assert @high.verify [PUBLIC_CERT], nil, *dummy_signatures end def test_verify_chain_key - assert @almost_no.verify [PUBLIC_CERT], PRIVATE_KEY + @almost_no.verify [PUBLIC_CERT], PRIVATE_KEY, *dummy_signatures end - def test_verify_signatures_chain - data = digest 'hello' - digest = { 'SHA1' => { 0 => data } } - signature = { 0 => sign(data, CHILD_KEY) } + def test_verify_no_digests + Gem::Security.trust_dir.trust_cert PUBLIC_CERT + + _, signatures = dummy_signatures + + e = assert_raises Gem::Security::Exception do + @almost_no.verify [PUBLIC_CERT], nil, {}, signatures + end + + assert_equal 'no digests provided (probable bug)', e.message + end + + def test_verify_no_digests_no_security + Gem::Security.trust_dir.trust_cert PUBLIC_CERT + + _, signatures = dummy_signatures + + e = assert_raises Gem::Security::Exception do + @no.verify [PUBLIC_CERT], nil, {}, signatures + end + + assert_equal 'missing digest for 0', e.message + end + + def test_verify_not_enough_signatures + Gem::Security.trust_dir.trust_cert PUBLIC_CERT + + digests, signatures = dummy_signatures + + data = digest 'goodbye' + + signatures[1] = PRIVATE_KEY.sign @sha1.new, data.digest + + e = assert_raises Gem::Security::Exception do + @almost_no.verify [PUBLIC_CERT], nil, digests, signatures + end + assert_equal 'missing digest for 1', e.message + end + + def test_verify_wrong_digest_type + Gem::Security.trust_dir.trust_cert PUBLIC_CERT + + sha512 = OpenSSL::Digest::SHA512 + + data = sha512.new + data << 'hello' + + digests = { 'SHA512' => { 0 => data } } + signature = PRIVATE_KEY.sign sha512.new, data.digest + signatures = { 0 => signature } + + e = assert_raises Gem::Security::Exception do + @almost_no.verify [PUBLIC_CERT], nil, digests, signatures + end + + assert_equal 'no digests provided (probable bug)', e.message + end + + def test_verify_signatures_chain @spec.cert_chain = [PUBLIC_CERT, CHILD_CERT] - assert @chain.verify_signatures @spec, digest, signature + assert @chain.verify_signatures @spec, *dummy_signatures(CHILD_KEY) end def test_verify_signatures_data - data = digest 'hello' - digest = { 'SHA1' => { 0 => data } } - signature = { 0 => sign(data) } - @spec.cert_chain = [PUBLIC_CERT] - @almost_no.verify_signatures @spec, digest, signature + @almost_no.verify_signatures @spec, *dummy_signatures end def test_verify_signatures_root - data = digest 'hello' - digest = { 'SHA1' => { 0 => data } } - signature = { 0 => sign(data, CHILD_KEY) } - @spec.cert_chain = [PUBLIC_CERT, CHILD_CERT] - assert @root.verify_signatures @spec, digest, signature + assert @root.verify_signatures @spec, *dummy_signatures(CHILD_KEY) end def test_verify_signatures_signer - data = digest 'hello' - digest = { 'SHA1' => { 0 => data } } - signature = { 0 => sign(data) } - @spec.cert_chain = [PUBLIC_CERT] - assert @low.verify_signatures @spec, digest, signature + assert @low.verify_signatures @spec, *dummy_signatures end def test_verify_signatures_trust Gem::Security.trust_dir.trust_cert PUBLIC_CERT - data = digest 'hello' - digest = { 'SHA1' => { 0 => data } } - signature = { 0 => sign(data, PRIVATE_KEY) } - @spec.cert_chain = [PUBLIC_CERT] - assert @high.verify_signatures @spec, digest, signature + assert @high.verify_signatures @spec, *dummy_signatures end def test_verify_signatures @@ -372,5 +408,14 @@ class TestGemSecurityPolicy < Gem::TestCase key.sign @sha1.new, data.digest end + def dummy_signatures key = PRIVATE_KEY + data = digest 'hello' + + digests = { 'SHA1' => { 0 => data } } + signatures = { 0 => sign(data, key) } + + return digests, signatures + end + end -- cgit v1.2.3