File: test_integration.rb

package info (click to toggle)
jruby 1.7.26-1%2Bdeb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 84,572 kB
  • sloc: ruby: 669,910; java: 253,056; xml: 35,152; ansic: 9,187; yacc: 7,267; cpp: 5,244; sh: 1,036; makefile: 345; jsp: 48; tcl: 40
file content (148 lines) | stat: -rw-r--r-- 4,711 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
 
begin
  require "openssl"
rescue LoadError
end
require "test/unit"
require 'net/https'

class TestIntegration < Test::Unit::TestCase
  CACERT_FILE = File.join(File.dirname(__FILE__), "fixture", "cacert.pem");
  NEGATIVE_SERIAL_CERT_FILE = File.join(File.dirname(__FILE__), "fixture", "negative_serial_cert.pem");

  def path(file)
    File.expand_path(file, File.dirname(__FILE__))
  end

  # JRUBY-2471
  def _test_drb
    config = {
      :SSLVerifyMode => OpenSSL::SSL::VERIFY_PEER,
      :SSLCACertificateFile => CACERT_FILE,
      :SSLPrivateKey => OpenSSL::PKey::RSA.new(File.read(File.join(File.dirname(__FILE__), "fixture", "localhost_keypair.pem"))),
      :SSLCertificate => OpenSSL::X509::Certificate.new(File.read(File.join(File.dirname(__FILE__), "fixture", "cert_localhost.pem"))),
    }
    p config
    DRb.start_service(nil, nil, config)
  end

  # JRUBY-2913
  # Warning - this test actually uses the internet connection.
  # If there is no connection, it will fail.
  def test_ca_path_name

    skip("FIXME: failing since ~ 16.11 due JRuby-0penSSL https://github.com/jruby/jruby-openssl/issues/77")
    
    uri = URI.parse('https://www.amazon.com')
    http = Net::HTTP.new(uri.host, uri.port)
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
    http.ca_path = path("fixture/ca_path/")
    http.use_ssl = true
    response = http.start do |s|
      assert s.get(uri.request_uri).length > 0
    end
  end

  # Warning - this test actually uses the internet connection.
  # If there is no connection, it will fail.
  def test_ssl_verify

    skip("FIXME: failing since ~ 16.11 due JRuby-0penSSL https://github.com/jruby/jruby-openssl/issues/77")

    uri = URI.parse('https://www.amazon.com/')
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
    # right trust anchor for www.amazon.com
    http.ca_file = path('fixture/verisign.pem')
    response = http.start do |s|
      assert s.get(uri.request_uri).length > 0
    end
    # wrong trust anchor for www.amazon.com
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
    http.ca_file = path('fixture/digital_signature_trust_global_ca_3.pem')
    assert_raise(OpenSSL::SSL::SSLError) do
      # it must cause SSLError for verification failure.
      response = http.start do |s|
        s.get(uri.request_uri)
      end
    end
    # round trip
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
    http.ca_file = path('fixture/verisign.pem')
    response = http.start do |s|
      assert s.get(uri.request_uri).length > 0
    end
  end

  # Warning - this test actually uses the internet connection.
  # If there is no connection, it will fail.
  def test_pathlen_does_not_appear
    uri = URI.parse('https://www.paypal.com/')
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
    # right trust anchor for www.amazon.com
    http.ca_file = path('fixture/verisign.pem')
    response = http.start do |s|
      assert s.get(uri.request_uri).length > 0
    end
  end

  # JRUBY-2178 and JRUBY-1307
  # Warning - this test actually uses the internet connection.
  # If there is no connection, it will fail.
  # This test generally throws an exception
  # about illegal_parameter when
  # it can't use the cipher string correctly
  def test_cipher_strings
    socket = TCPSocket.new('ruby-lang.org', 443)
    ctx = OpenSSL::SSL::SSLContext.new
    ctx.cert_store = OpenSSL::X509::Store.new
    ctx.verify_mode = 0
    ctx.cert = nil
    ctx.key = nil
    ctx.client_ca = nil
    ctx.ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"

    ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ctx)
    ssl_socket.connect
    ssl_socket.close
  end

  # JRUBY-1194
  def test_des_encryption
    iv  = "IVIVIVIV"
    key = "KEYKEYKE"
    alg = "des"
    str = "string abc foo bar baxz"

    cipher = OpenSSL::Cipher::Cipher.new(alg)
    cipher.encrypt
    cipher.key = key
    cipher.iv = iv
    cipher.padding = 32
    cipher.key = key
    cipher.iv = iv

    encrypted = cipher.update(str)
    encrypted << cipher.final

    assert_equal "\253\305\306\372;\374\235\302\357/\006\360\355XO\232\312S\356* #\227\217", encrypted
  end

  # jruby/jruby#823
  def test_negative_serial_number
    cert_armor_regex =
    /(-----BEGIN (X509 )?CERTIFICATE-----.+?-----END (X509 )?CERTIFICATE-----)/m

    assert_nothing_raised do
      File.read(NEGATIVE_SERIAL_CERT_FILE).scan(cert_armor_regex).map(&:first).map do |cert|
        OpenSSL::X509::Certificate.new(cert)
      end
    end
  end
end