1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
require 'rubygems/test_case'
require 'rubygems/security'
require 'rubygems/fix_openssl_warnings' if RUBY_VERSION < "1.9"
class TestGemSecurity < Gem::TestCase
def setup
super
Gem::Security::OPT[:trust_dir] = File.join(Gem.user_home, '.gem', 'trust')
end
def teardown
super
Gem::Security::OPT[:trust_dir] = File.join(Gem.user_home, '.gem', 'trust')
end
def test_class_build_cert
name = OpenSSL::X509::Name.parse "CN=nobody/DC=example"
key = OpenSSL::PKey::RSA.new 512
opt = { :cert_age => 60 }
cert = Gem::Security.build_cert name, key, opt
assert_kind_of OpenSSL::X509::Certificate, cert
assert_equal 2, cert.version
assert_equal 0, cert.serial
assert_equal key.public_key.to_pem, cert.public_key.to_pem
assert_in_delta Time.now, cert.not_before, 10
assert_in_delta Time.now + 60, cert.not_after, 10
assert_equal name.to_s, cert.subject.to_s
assert_equal 3, cert.extensions.length
constraints = cert.extensions.find { |ext| ext.oid == 'basicConstraints' }
assert_equal 'CA:FALSE', constraints.value
key_usage = cert.extensions.find { |ext| ext.oid == 'keyUsage' }
assert_equal 'Digital Signature, Key Encipherment, Data Encipherment',
key_usage.value
key_ident = cert.extensions.find { |ext| ext.oid == 'subjectKeyIdentifier' }
assert_equal 59, key_ident.value.length
assert_equal name.to_s, cert.issuer.to_s
assert_equal name.to_s, cert.subject.to_s
end
def est_class_build_self_signed_cert
email = 'nobody@example'
opt = {
:cert_age => 60,
:key_size => 512,
:save_cert => false,
:save_key => false,
}
result = Gem::Security.build_self_signed_cert email, opt
key = result[:key]
assert_kind_of OpenSSL::PKey::RSA, key
# assert_equal 512, key.something_here
cert = result[:cert]
assert_equal '/CN=nobody/DC=example', cert.issuer.to_s
end
def test_class_sign_cert
name = OpenSSL::X509::Name.parse "CN=nobody/DC=example"
key = OpenSSL::PKey::RSA.new 512
cert = OpenSSL::X509::Certificate.new
cert.subject = name
cert.public_key = key.public_key
signed = Gem::Security.sign_cert cert, key, cert
assert cert.verify key
assert_equal name.to_s, signed.subject.to_s
end
def test_class_email_to_name
munger = Gem::Security::OPT[:munge_re]
assert_equal '/CN=nobody/DC=example',
Gem::Security.email_to_name('nobody@example', munger).to_s
assert_equal '/CN=nobody/DC=example/DC=com',
Gem::Security.email_to_name('nobody@example.com', munger).to_s
assert_equal '/CN=no.body/DC=example',
Gem::Security.email_to_name('no.body@example', munger).to_s
assert_equal '/CN=no_body/DC=example',
Gem::Security.email_to_name('no+body@example', munger).to_s
end
end if defined?(OpenSSL)
|
