ruby-changes:43337
From: rhe <ko1@a...>
Date: Tue, 14 Jun 2016 22:12:24 +0900 (JST)
Subject: [ruby-changes:43337] rhe:r55411 (trunk): openssl: add some accessor methods for OCSP::CertificateId
rhe 2016-06-14 22:12:20 +0900 (Tue, 14 Jun 2016) New Revision: 55411 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55411 Log: openssl: add some accessor methods for OCSP::CertificateId * ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash, ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm): Add accessor methods OCSP::CertificateId#issuer_name_hash, #issuer_key_hash, #hash_algorithm. Based on a patch provided by Paul Kehrer <paul.l.kehrer@g...>. [ruby-core:48062] [Feature #7181] * test/openssl/test_ocsp.rb: Test these new methods. Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_ocsp.c trunk/test/openssl/test_ocsp.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 55410) +++ ChangeLog (revision 55411) @@ -1,3 +1,14 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Tue Jun 14 22:11:11 2016 Kazuki Yamaguchi <k@r...> + + * ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash, + ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm): + Add accessor methods OCSP::CertificateId#issuer_name_hash, + #issuer_key_hash, #hash_algorithm. + Based on a patch provided by Paul Kehrer <paul.l.kehrer@g...>. + [ruby-core:48062] [Feature #7181] + + * test/openssl/test_ocsp.rb: Test these new methods. + Tue Jun 14 22:07:25 2016 Nobuyoshi Nakada <nobu@r...> * ext/date/date_strftime.c (date_strftime_with_tmx): reject too Index: test/openssl/test_ocsp.rb =================================================================== --- test/openssl/test_ocsp.rb (revision 55410) +++ test/openssl/test_ocsp.rb (revision 55411) @@ -38,13 +38,29 @@ class OpenSSL::TestOCSP < OpenSSL::TestC https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ocsp.rb#L38 cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert) assert_kind_of OpenSSL::OCSP::CertificateId, cid assert_equal @cert.serial, cid.serial - end - - def test_new_certificate_id_with_digest cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA256.new) assert_kind_of OpenSSL::OCSP::CertificateId, cid assert_equal @cert.serial, cid.serial - end if defined?(OpenSSL::Digest::SHA256) + end + + def test_certificate_id_issuer_name_hash + cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert) + assert_equal OpenSSL::Digest::SHA1.hexdigest(@cert.issuer.to_der), cid.issuer_name_hash + assert_equal "d91f736ac4dc3242f0fb9b77a3149bd83c5c43d0", cid.issuer_name_hash + end + + def test_certificate_id_issuer_key_hash + cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert) + assert_equal OpenSSL::Digest::SHA1.hexdigest(OpenSSL::ASN1.decode(@ca_cert.to_der).value[0].value[6].value[1].value), cid.issuer_key_hash + assert_equal "d1fef9fbf8ae1bc160cbfa03e2596dd873089213", cid.issuer_key_hash + end + + def test_certificate_id_hash_algorithm + cid_sha1 = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new) + cid_sha256 = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA256.new) + assert_equal "sha1", cid_sha1.hash_algorithm + assert_equal "sha256", cid_sha256.hash_algorithm + end def test_certificate_id_der cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert) # hash algorithm defaults to SHA-1 Index: ext/openssl/ossl_ocsp.c =================================================================== --- ext/openssl/ossl_ocsp.c (revision 55410) +++ ext/openssl/ossl_ocsp.c (revision 55411) @@ -1004,11 +1004,11 @@ ossl_ocspcid_cmp_issuer(VALUE self, VALU https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1004 /* * call-seq: - * certificate_id.get_serial -> Integer + * certificate_id.serial -> Integer * - * Returns the serial number of the issuing certificate. + * Returns the serial number of the certificate for which status is being + * requested. */ - static VALUE ossl_ocspcid_get_serial(VALUE self) { @@ -1023,6 +1023,79 @@ ossl_ocspcid_get_serial(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1023 /* * call-seq: + * certificate_id.issuer_name_hash -> String + * + * Returns the issuerNameHash of this certificate ID, the hash of the + * issuer's distinguished name calculated with the hashAlgorithm. + */ +static VALUE +ossl_ocspcid_get_issuer_name_hash(VALUE self) +{ + OCSP_CERTID *id; + ASN1_OCTET_STRING *name_hash; + char *hexbuf; + + GetOCSPCertId(self, id); + OCSP_id_get0_info(&name_hash, NULL, NULL, NULL, id); + + if (string2hex(name_hash->data, name_hash->length, &hexbuf, NULL) < 0) + ossl_raise(eOCSPError, "string2hex"); + + return ossl_buf2str(hexbuf, name_hash->length * 2); +} + +/* + * call-seq: + * certificate_id.issuer_key_hash -> String + * + * Returns the issuerKeyHash of this certificate ID, the hash of the issuer's + * public key. + */ +static VALUE +ossl_ocspcid_get_issuer_key_hash(VALUE self) +{ + OCSP_CERTID *id; + ASN1_OCTET_STRING *key_hash; + char *hexbuf; + + GetOCSPCertId(self, id); + OCSP_id_get0_info(NULL, NULL, &key_hash, NULL, id); + + if (string2hex(key_hash->data, key_hash->length, &hexbuf, NULL) < 0) + ossl_raise(eOCSPError, "string2hex"); + + return ossl_buf2str(hexbuf, key_hash->length * 2); +} + +/* + * call-seq: + * certificate_id.hash_algorithm -> String + * + * Returns the ln (long name) of the hash algorithm used to generate + * the issuerNameHash and the issuerKeyHash values. + */ +static VALUE +ossl_ocspcid_get_hash_algorithm(VALUE self) +{ + OCSP_CERTID *id; + ASN1_OBJECT *oid; + BIO *out; + + GetOCSPCertId(self, id); + OCSP_id_get0_info(NULL, &oid, NULL, NULL, id); + + if (!(out = BIO_new(BIO_s_mem()))) + ossl_raise(eOCSPError, "BIO_new"); + + if (!i2a_ASN1_OBJECT(out, oid)) { + BIO_free(out); + ossl_raise(eOCSPError, "i2a_ASN1_OBJECT"); + } + return ossl_membio2str(out); +} + +/* + * call-seq: * certificate_id.to_der -> String * * Encodes this certificate identifier into a DER-encoded string. @@ -1227,6 +1300,9 @@ Init_ossl_ocsp(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1300 rb_define_method(cOCSPCertId, "cmp", ossl_ocspcid_cmp, 1); rb_define_method(cOCSPCertId, "cmp_issuer", ossl_ocspcid_cmp_issuer, 1); rb_define_method(cOCSPCertId, "serial", ossl_ocspcid_get_serial, 0); + rb_define_method(cOCSPCertId, "issuer_name_hash", ossl_ocspcid_get_issuer_name_hash, 0); + rb_define_method(cOCSPCertId, "issuer_key_hash", ossl_ocspcid_get_issuer_key_hash, 0); + rb_define_method(cOCSPCertId, "hash_algorithm", ossl_ocspcid_get_hash_algorithm, 0); rb_define_method(cOCSPCertId, "to_der", ossl_ocspcid_to_der, 0); /* Internal error in issuer */ @@ -1329,7 +1405,6 @@ Init_ossl_ocsp(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1405 /* The responder ID is based on the public key. */ rb_define_const(mOCSP, "V_RESPID_KEY", INT2NUM(V_OCSP_RESPID_KEY)); } - #else void Init_ossl_ocsp(void) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/