1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
require 'openssl'
require "test/unit"
class TestCertificate < Test::Unit::TestCase
def setup
cert_file = File.expand_path('fixture/selfcert.pem', File.dirname(__FILE__))
key_file = File.expand_path('fixture/keypair.pem', File.dirname(__FILE__))
@cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
@key = OpenSSL::PKey::RSA.new(File.read(key_file))
end
def test_sign_for_pem_initialized_certificate
pem = @cert.to_pem
exts = @cert.extensions
assert_nothing_raised do
@cert.sign(@key, OpenSSL::Digest::SHA1.new)
end
# TODO: for now, jruby-openssl cannot keep order of extensions after sign.
# assert_equal(pem, @cert.to_pem)
assert_equal(exts.size, @cert.extensions.size)
exts.each do |ext|
found = @cert.extensions.find { |e| e.oid == ext.oid }
assert_not_nil(found)
assert_equal(ext.value, found.value)
end
end
def test_set_public_key
newkey = OpenSSL::PKey::RSA.new(1024)
@cert.public_key = newkey
assert_equal(newkey.public_key.to_pem, @cert.public_key.to_pem)
end
# JRUBY-3468
def test_cert_extensions
pem_cert = <<END
-----BEGIN CERTIFICATE-----
MIIC/jCCAmegAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJKUDER
MA8GA1UECgwIY3Rvci5vcmcxFDASBgNVBAsMC0RldmVsb3BtZW50MRUwEwYDVQQD
DAxodHRwLWFjY2VzczIwHhcNMDcwOTExMTM1ODMxWhcNMDkwOTEwMTM1ODMxWjBN
MQswCQYDVQQGEwJKUDERMA8GA1UECgwIY3Rvci5vcmcxFDASBgNVBAsMC0RldmVs
b3BtZW50MRUwEwYDVQQDDAxodHRwLWFjY2VzczIwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBALi66ujWtUCQm5HpMSyr/AAIFYVXC/dmn7C8TR/HMiUuW3waY4uX
LFqCDAGOX4gf177pX+b99t3mpaiAjJuqc858D9xEECzhDWgXdLbhRqWhUOble4RY
c1yWYC990IgXJDMKx7VAuZ3cBhdBxtlE9sb1ZCzmHQsvTy/OoRzcJCrTAgMBAAGj
ge0wgeowDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUJNE0GGaRKmN2qhnO
FyBWVl4Qj6owDgYDVR0PAQH/BAQDAgEGMHUGA1UdIwRuMGyAFCTRNBhmkSpjdqoZ
zhcgVlZeEI+qoVGkTzBNMQswCQYDVQQGEwJKUDERMA8GA1UECgwIY3Rvci5vcmcx
FDASBgNVBAsMC0RldmVsb3BtZW50MRUwEwYDVQQDDAxodHRwLWFjY2VzczKCAQEw
DQYJKoZIhvcNAQEFBQADgYEAH11tstSUuqFpMqoh/vM5l3Nqb8ygblbqEYQs/iG/
UeQkOZk/P1TxB6Ozn2htJ1srqDpUsncFVZ/ecP19GkeOZ6BmIhppcHhE5WyLBcPX
It5q1BW0PiAzT9LlEGoaiW0nw39so0Pr1whJDfc1t4fjdk+kSiMIzRHbTDvHWfpV
nTA=
-----END CERTIFICATE-----
END
cert = OpenSSL::X509::Certificate.new(pem_cert)
keyid = '24:D1:34:18:66:91:2A:63:76:AA:19:CE:17:20:56:56:5E:10:8F:AA'
cert.extensions.each do |ext|
value = ext.value
crit = ext.critical?
case ext.oid
when "keyUsage"
assert_equal true, crit
assert_equal "Certificate Sign, CRL Sign", value
when "basicConstraints"
assert_equal true, crit
assert_equal "CA:TRUE", value
when "authorityKeyIdentifier"
assert_equal false, crit
expected = "keyid:#{keyid}\n"
# NOTE: behavior matched against MRI 1.8.7/1.9.3/2.1.2 :
expected << "DirName:/C=JP/O=ctor.org/OU=Development/CN=http-access2\n"
expected << "serial:01\n"
assert_equal expected, value
when "subjectKeyIdentifier"
assert_equal false, crit
assert_equal keyid, value
when "nsComment"
assert_equal false, crit
assert_equal "Ruby/OpenSSL Generated Certificate", value
end
end
end
# JRUBY-5060
def test_to_pem_with_empty_object
empty_cert = "MCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA"
empty_req = "MBowEAIAMAAwCDADBgEAAwEAoAAwAwYBAAMBAA=="
empty_crl = "MBMwCTADBgEAMAAfADADBgEAAwEA"
empty_key = "MAA="
#assert_equal(empty_cert, OpenSSL::X509::Certificate.new.to_pem.split("\n")[1])
#assert_equal(empty_req, OpenSSL::X509::Request.new.to_pem.split("\n")[1])
#assert_equal(empty_crl, OpenSSL::X509::CRL.new.to_pem.split("\n")[1])
assert_nothing_raised do
OpenSSL::X509::Certificate.new.to_pem
end
assert_nothing_raised do
OpenSSL::X509::Request.new.to_pem
end
assert_nothing_raised do
OpenSSL::X509::CRL.new.to_pem
end
assert_equal(empty_key, OpenSSL::PKey::RSA.new.to_pem.split("\n")[1].chomp)
assert_equal(empty_key, OpenSSL::PKey::DSA.new.to_pem.split("\n")[1].chomp)
assert_equal(empty_key, OpenSSL::PKey::DH.new.to_pem.split("\n")[1].chomp)
end
# JRUBY-5096
def test_verify_failed_by_lazy_public_key_initialization
msg = 'hello,world'
digester = OpenSSL::Digest::SHA1.new
sig = @key.sign(digester, msg)
assert(@cert.public_key.verify(digester, sig, msg))
assert(@cert.verify(@cert.public_key))
end
# JRUBY-5253
def test_load_key_and_cert_in_one_file
file = File.read(File.expand_path('fixture/key_then_cert.pem', File.dirname(__FILE__)))
cert = OpenSSL::X509::Certificate.new(file)
key = OpenSSL::PKey::RSA.new(file)
assert_equal("Tue Dec 7 04:34:54 2010", cert.not_before.asctime)
assert_equal(155138628173305760586484923990788939560020632428367464748448028799529480209574373402763304069949574437177088605664104864141770364385183263453740781162330879666907894314877641447552442838727890327086630369910941911916802731723019019303432276515402934176273116832204529025371212188573318159421452591783377914839, key.n)
end
# JRUBY-5834
def test_ids_in_subject_rdn_set
cert_file = File.expand_path('fixture/ids_in_subject_rdn_set.pem', File.dirname(__FILE__))
cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
keys = cert.subject.to_a.map { |k, v| k }.sort
assert_equal(10, keys.size)
assert_equal(true, keys.include?("CN"))
end
# jruby/jruby#152
def test_cert_init_from_file
cert_file = File.expand_path('fixture/ca-bundle.crt', File.dirname(__FILE__))
cert = OpenSSL::X509::Certificate.new(File.open(cert_file))
expected = [["C", "US", 19],
["ST", "DC", 19],
["L", "Washington", 19],
["O", "ABA.ECOM, INC.", 19],
["CN", "ABA.ECOM Root CA", 19]]
assert_equal expected, cert.subject.to_a[0..4]
end
end
|
