ruby-changes:14965
From: nahi <ko1@a...>
Date: Sun, 7 Mar 2010 06:42:04 +0900 (JST)
Subject: [ruby-changes:14965] Ruby:r26836 (ruby_1_8): * test/openssl: backport cosmetic changes from 1.9.
nahi 2010-03-07 06:41:32 +0900 (Sun, 07 Mar 2010) New Revision: 26836 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=26836 Log: * test/openssl: backport cosmetic changes from 1.9. Added files: branches/ruby_1_8/test/openssl/test_config.rb Modified files: branches/ruby_1_8/ChangeLog branches/ruby_1_8/test/openssl/ssl_server.rb branches/ruby_1_8/test/openssl/test_cipher.rb branches/ruby_1_8/test/openssl/test_ec.rb branches/ruby_1_8/test/openssl/test_hmac.rb branches/ruby_1_8/test/openssl/test_pkcs7.rb branches/ruby_1_8/test/openssl/test_ssl.rb branches/ruby_1_8/test/openssl/test_x509cert.rb branches/ruby_1_8/test/openssl/test_x509crl.rb branches/ruby_1_8/test/openssl/utils.rb Index: ruby_1_8/ChangeLog =================================================================== --- ruby_1_8/ChangeLog (revision 26835) +++ ruby_1_8/ChangeLog (revision 26836) @@ -1,3 +1,7 @@ +Sun Mar 7 06:37:27 2010 NAKAMURA, Hiroshi <nahi@r...> + + * test/openssl: backport cosmetic changes from 1.9. + Sun Mar 7 06:27:24 2010 NAKAMURA, Hiroshi <nahi@r...> * ext/openssl: backport fixes in 1.9. Index: ruby_1_8/test/openssl/test_x509cert.rb =================================================================== --- ruby_1_8/test/openssl/test_x509cert.rb (revision 26835) +++ ruby_1_8/test/openssl/test_x509cert.rb (revision 26836) @@ -28,7 +28,7 @@ def test_serial [1, 2**32, 2**100].each{|s| cert = issue_cert(@ca, @rsa2048, s, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(s, cert.serial) cert = OpenSSL::X509::Certificate.new(cert.to_der) assert_equal(s, cert.serial) @@ -60,25 +60,25 @@ def test_validity now = Time.now until now && now.usec != 0 cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_not_equal(now, cert.not_before) assert_not_equal(now+3600, cert.not_after) now = Time.at(now.to_i) cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(now.getutc, cert.not_before) assert_equal((now+3600).getutc, cert.not_after) now = Time.at(0) cert = issue_cert(@ca, @rsa2048, 1, now, now, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(now.getutc, cert.not_before) assert_equal(now.getutc, cert.not_after) now = Time.at(0x7fffffff) cert = issue_cert(@ca, @rsa2048, 1, now, now, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(now.getutc, cert.not_before) assert_equal(now.getutc, cert.not_after) end @@ -91,7 +91,7 @@ ["authorityKeyIdentifier","keyid:always",false], ] ca_cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, ca_exts, - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) ca_cert.extensions.each_with_index{|ext, i| assert_equal(ca_exts[i].first, ext.oid) assert_equal(ca_exts[i].last, ext.critical?) @@ -105,7 +105,7 @@ ["subjectAltName","email:ee1@r...",false], ] ee1_cert = issue_cert(@ee1, @rsa1024, 2, Time.now, Time.now+1800, ee1_exts, - ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) + ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) assert_equal(ca_cert.subject.to_der, ee1_cert.issuer.to_der) ee1_cert.extensions.each_with_index{|ext, i| assert_equal(ee1_exts[i].first, ext.oid) @@ -120,7 +120,7 @@ ["subjectAltName","email:ee2@r...",false], ] ee2_cert = issue_cert(@ee2, @rsa1024, 3, Time.now, Time.now+1800, ee2_exts, - ca_cert, @rsa2048, OpenSSL::Digest::MD5.new) + ca_cert, @rsa2048, OpenSSL::Digest::MD5.new) assert_equal(ca_cert.subject.to_der, ee2_cert.issuer.to_der) ee2_cert.extensions.each_with_index{|ext, i| assert_equal(ee2_exts[i].first, ext.oid) @@ -131,7 +131,7 @@ def test_sign_and_verify cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(false, cert.verify(@rsa1024)) assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, cert.verify(@dsa256)) @@ -140,7 +140,7 @@ assert_equal(false, cert.verify(@rsa2048)) cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::MD5.new) + nil, nil, OpenSSL::Digest::MD5.new) assert_equal(false, cert.verify(@rsa1024)) assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, cert.verify(@dsa256)) @@ -149,25 +149,25 @@ assert_equal(false, cert.verify(@rsa2048)) cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::DSS1.new) + nil, nil, OpenSSL::Digest::DSS1.new) assert_equal(false, cert.verify(@rsa1024)) assert_equal(false, cert.verify(@rsa2048)) assert_equal(false, cert.verify(@dsa256)) assert_equal(true, cert.verify(@dsa512)) - cert.not_after = Time.now + cert.not_after = Time.now assert_equal(false, cert.verify(@dsa512)) assert_raise(OpenSSL::X509::CertificateError){ cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::DSS1.new) + nil, nil, OpenSSL::Digest::DSS1.new) } assert_raise(OpenSSL::X509::CertificateError){ cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::MD5.new) + nil, nil, OpenSSL::Digest::MD5.new) } assert_raise(OpenSSL::X509::CertificateError){ cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + nil, nil, OpenSSL::Digest::SHA1.new) } end Index: ruby_1_8/test/openssl/test_ec.rb =================================================================== --- ruby_1_8/test/openssl/test_ec.rb (revision 26835) +++ ruby_1_8/test/openssl/test_ec.rb (revision 26836) @@ -88,7 +88,7 @@ for key in @keys sig = key.dsa_sign_asn1(@data1) assert_equal(key.dsa_verify_asn1(@data1, sig), true) - + assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) } end end Index: ruby_1_8/test/openssl/test_pkcs7.rb =================================================================== --- ruby_1_8/test/openssl/test_pkcs7.rb (revision 26835) +++ ruby_1_8/test/openssl/test_pkcs7.rb (revision 26836) @@ -36,7 +36,7 @@ @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) end - def issue_cert(*args) + def issue_cert(*args) OpenSSL::TestUtils.issue_cert(*args) end @@ -47,6 +47,127 @@ data = "aaaaa\r\nbbbbb\r\nccccc\r\n" tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs) + p7 = OpenSSL::PKCS7.new(tmp.to_der) + certs = p7.certificates + signers = p7.signers + assert(p7.verify([], store)) + assert_equal(data, p7.data) + assert_equal(2, certs.size) + assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s) + assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s) + assert_equal(1, signers.size) + assert_equal(@ee1_cert.serial, signers[0].serial) + assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) + + # Normaly OpenSSL tries to translate the supplied content into canonical + # MIME format (e.g. a newline character is converted into CR+LF). + # If the content is a binary, PKCS7::BINARY flag should be used. + + data = "aaaaa\nbbbbb\nccccc\n" + flag = OpenSSL::PKCS7::BINARY + tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag) + p7 = OpenSSL::PKCS7.new(tmp.to_der) + certs = p7.certificates + signers = p7.signers + assert(p7.verify([], store)) + assert_equal(data, p7.data) + assert_equal(2, certs.size) + assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s) + assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s) + assert_equal(1, signers.size) + assert_equal(@ee1_cert.serial, signers[0].serial) + assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) + + # A signed-data which have multiple signatures can be created + # through the following steps. + # 1. create two signed-data + # 2. copy signerInfo and certificate from one to another + + tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag) + tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag) + tmp1.add_signer(tmp2.signers[0]) + tmp1.add_certificate(@ee2_cert) + + p7 = OpenSSL::PKCS7.new(tmp1.to_der) + certs = p7.certificates + signers = p7.signers + assert(p7.verify([], store)) + assert_equal(data, p7.data) + assert_equal(2, certs.size) + assert_equal(2, signers.size) + assert_equal(@ee1_cert.serial, signers[0].serial) + assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) + assert_equal(@ee2_cert.serial, signers[1].serial) + assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s) + end + + def test_detached_sign + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) + ca_certs = [@ca_cert] + + data = "aaaaa\nbbbbb\nccccc\n" + flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED + tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag) + p7 = OpenSSL::PKCS7.new(tmp.to_der) + a1 = OpenSSL::ASN1.decode(p7) + + certs = p7.certificates + signers = p7.signers + assert(!p7.verify([], store)) + assert(p7.verify([], store, data)) + assert_equal(data, p7.data) + assert_equal(2, certs.size) + assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s) + assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s) + assert_equal(1, signers.size) + assert_equal(@ee1_cert.serial, signers[0].serial) + assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) + end + + def test_enveloped + if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f + # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV. + # http://www.mail-archive.com/openssl-dev@o.../msg17376.html + return + end + + certs = [@ee1_cert, @ee2_cert] + cipher = OpenSSL::Cipher::AES.new("128-CBC") + data = "aaaaa\nbbbbb\nccccc\n" + + tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY) + p7 = OpenSSL::PKCS7.new(tmp.to_der) + recip = p7.recipients + assert_equal(:enveloped, p7.type) + assert_equal(2, recip.size) + + assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s) + assert_equal(2, recip[0].serial) + assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert)) + + assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s) + assert_equal(3, recip[1].serial) + assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert)) + end + + def silent + begin + back, $VERBOSE = $VERBOSE, nil + yield + ensure + $VERBOSE = back if back + end + end + + def test_signed_pkcs7_pkcs7 + silent do + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) + ca_certs = [@ca_cert] + + data = "aaaaa\r\nbbbbb\r\nccccc\r\n" + tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs) p7 = OpenSSL::PKCS7::PKCS7.new(tmp.to_der) certs = p7.certificates signers = p7.signers @@ -100,8 +221,10 @@ assert_equal(@ee2_cert.serial, signers[1].serial) assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s) end + end - def test_detached_sign + def test_detached_sign_pkcs7_pkcs7 + silent do store = OpenSSL::X509::Store.new store.add_cert(@ca_cert) ca_certs = [@ca_cert] @@ -124,8 +247,10 @@ assert_equal(@ee1_cert.serial, signers[0].serial) assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) end + end - def test_enveloped + def test_enveloped_pkcs7_pkcs7 + silent do if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV. # http://www.mail-archive.com/openssl-dev@o.../msg17376.html @@ -150,6 +275,7 @@ assert_equal(3, recip[1].serial) assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert)) end + end end end Index: ruby_1_8/test/openssl/ssl_server.rb =================================================================== --- ruby_1_8/test/openssl/ssl_server.rb (revision 26835) +++ ruby_1_8/test/openssl/ssl_server.rb (revision 26836) @@ -53,7 +53,7 @@ port = port + i break rescue Errno::EADDRINUSE - next + next end } ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) Index: ruby_1_8/test/openssl/utils.rb =================================================================== --- ruby_1_8/test/openssl/utils.rb (revision 26835) +++ ruby_1_8/test/openssl/utils.rb (revision 26836) @@ -96,16 +96,16 @@ cert end - def issue_crl(revoke_info, serial, lastup, nextup, extensions, + def issue_crl(revoke_info, serial, lastup, nextup, extensions, issuer, issuer_key, digest) crl = OpenSSL::X509::CRL.new crl.issuer = issuer.subject crl.version = 1 crl.last_update = lastup crl.next_update = nextup - revoke_info.each{|serial, time, reason_code| + revoke_info.each{|rserial, time, reason_code| revoked = OpenSSL::X509::Revoked.new - revoked.serial = serial + revoked.serial = rserial revoked.time = time enum = OpenSSL::ASN1::Enumerated(reason_code) ext = OpenSSL::X509::Extension.new("CRLReason", enum) Index: ruby_1_8/test/openssl/test_ssl.rb =================================================================== --- ruby_1_8/test/openssl/test_ssl.rb (revision 26835) +++ ruby_1_8/test/openssl/test_ssl.rb (revision 26836) @@ -102,7 +102,7 @@ server_proc.call(ctx, ssl) end end - rescue Errno::EBADF, IOError + rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED end def start_server(port0, verify_mode, start_immediately, args = {}, &block) @@ -143,14 +143,25 @@ block.call(server, port.to_i) ensure - tcps.close if (tcps) - if (server) - server.join(5) - if server.alive? - server.kill + begin + begin + tcps.shutdown + rescue Errno::ENOTCONN + # when `Errno::ENOTCONN: Socket is not connected' on some platforms, + # call #close instead of #shutdown. + tcps.close + tcps = nil + end if (tcps) + if (server) server.join(5) - flunk("TCPServer was closed and SSLServer is still alive") unless $! + if server.alive? + server.kill + server.join + flunk("TCPServer was closed and SSLServer is still alive") unless $! + end end + ensure + tcps.close if (tcps) end end end @@ -594,7 +605,7 @@ ctx.session_add(saved_session) end connections += 1 - + readwrite_loop(ctx, ssl) end @@ -639,7 +650,7 @@ ctx_proc = Proc.new do |ctx, ssl| foo_ctx = ctx.dup - ctx.servername_cb = Proc.new do |ssl, hostname| + ctx.servername_cb = Proc.new do |ssl2, hostname| case hostname when 'foo.example.com' foo_ctx Index: ruby_1_8/test/openssl/test_config.rb =================================================================== --- ruby_1_8/test/openssl/test_config.rb (revision 0) +++ ruby_1_8/test/openssl/test_config.rb (revision 26836) @@ -0,0 +1,16 @@ +require 'openssl' +require "test/unit" + +class OpenSSL::TestConfig < Test::Unit::TestCase + def test_freeze + c = OpenSSL::Config.new + c['foo'] = [['key', 'value']] + c.freeze + + # [ruby-core:18377] + # RuntimeError for 1.9, TypeError for 1.8 + assert_raise(TypeError, /frozen/) do + c['foo'] = [['key', 'wrong']] + end + end +end Index: ruby_1_8/test/openssl/test_x509crl.rb =================================================================== --- ruby_1_8/test/openssl/test_x509crl.rb (revision 26835) +++ ruby_1_8/test/openssl/test_x509crl.rb (revision 26836) @@ -125,13 +125,13 @@ def test_extension cert_exts = [ ["basicConstraints", "CA:TRUE", true], - ["subjectKeyIdentifier", "hash", false], - ["authorityKeyIdentifier", "keyid:always", false], + ["subjectKeyIdentifier", "hash", false], + ["authorityKeyIdentifier", "keyid:always", false], ["subjectAltName", "email:xyzzy@r...", false], ["keyUsage", "cRLSign, keyCertSign", true], ] crl_exts = [ - ["authorityKeyIdentifier", "keyid:always", false], + ["authorityKeyIdentifier", "keyid:always", false], ["issuerAltName", "issuer:copy", false], ] Index: ruby_1_8/test/openssl/test_hmac.rb =================================================================== --- ruby_1_8/test/openssl/test_hmac.rb (revision 26835) +++ ruby_1_8/test/openssl/test_hmac.rb (revision 26836) @@ -4,15 +4,13 @@ end require "test/unit" -if defined?(OpenSSL) - class OpenSSL::TestHMAC < Test::Unit::TestCase def setup - @digest = OpenSSL::Digest::MD5.new + @digest = OpenSSL::Digest::MD5 @key = "KEY" @data = "DATA" - @h1 = OpenSSL::HMAC.new(@key, @digest) - @h2 = OpenSSL::HMAC.new(@key, @digest) + @h1 = OpenSSL::HMAC.new(@key, @digest.new) + @h2 = OpenSSL::HMAC.new(@key, "MD5") end def teardown @@ -20,8 +18,14 @@ def test_hmac @h1.update(@data) - assert_equal(OpenSSL::HMAC.digest(@digest, @key, @data), @h1.digest, "digest") - assert_equal(OpenSSL::HMAC.hexdigest(@digest, @key, @data), @h1.hexdigest, "hexdigest") + @h2.update(@data) + assert_equal(@h1.digest, @h2.digest) + + assert_equal(OpenSSL::HMAC.digest(@digest.new, @key, @data), @h1.digest, "digest") + assert_equal(OpenSSL::HMAC.hexdigest(@digest.new, @key, @data), @h1.hexdigest, "hexdigest") + + assert_equal(OpenSSL::HMAC.digest("MD5", @key, @data), @h2.digest, "digest") + assert_equal(OpenSSL::HMAC.hexdigest("MD5", @key, @data), @h2.hexdigest, "hexdigest") end def test_dup @@ -40,5 +44,3 @@ OpenSSL::HMAC.hexdigest(digest256, 'blah', "blah")) end end - -end Index: ruby_1_8/test/openssl/test_cipher.rb =================================================================== --- ruby_1_8/test/openssl/test_cipher.rb (revision 26835) +++ ruby_1_8/test/openssl/test_cipher.rb (revision 26836) @@ -1,10 +1,3 @@ -if defined?(JRUBY_VERSION) - require "java" - base = File.join(File.dirname(__FILE__), '..', '..') - $CLASSPATH << File.join(base, 'pkg', 'classes') - $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk15-144.jar') -end - begin require "openssl" rescue LoadError -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/