diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-10-12 15:40:39 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-10-12 16:43:25 +0900 |
commit | 51699757a2e2f1a3e47e385346c35b23cf92f245 (patch) | |
tree | ddc752e23dc5f792584d898f7f18af2fdfde0808 | |
parent | 432a9f3455f537a99fe9771e550d0e3a682e99e8 (diff) | |
download | ruby-openssl-51699757a2e2f1a3e47e385346c35b23cf92f245.tar.gz |
x509revoked: add missing X509::Revoked#to_der
-rw-r--r-- | ext/openssl/ossl_x509revoked.c | 21 | ||||
-rw-r--r-- | test/test_x509crl.rb | 23 |
2 files changed, 44 insertions, 0 deletions
diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index 85489efd..5fe68534 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -249,6 +249,26 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext) return ext; } +static VALUE +ossl_x509revoked_to_der(VALUE self) +{ + X509_REVOKED *rev; + VALUE str; + int len; + unsigned char *p; + + GetX509Rev(self, rev); + len = i2d_X509_REVOKED(rev, NULL); + if (len <= 0) + ossl_raise(eX509RevError, "i2d_X509_REVOKED"); + str = rb_str_new(NULL, len); + p = (unsigned char *)RSTRING_PTR(str); + if (i2d_X509_REVOKED(rev, &p) <= 0) + ossl_raise(eX509RevError, "i2d_X509_REVOKED"); + ossl_str_adjust(str, p); + return str; +} + /* * INIT */ @@ -276,4 +296,5 @@ Init_ossl_x509revoked(void) rb_define_method(cX509Rev, "extensions", ossl_x509revoked_get_extensions, 0); rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1); rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1); + rb_define_method(cX509Rev, "to_der", ossl_x509revoked_to_der, 0); } diff --git a/test/test_x509crl.rb b/test/test_x509crl.rb index 1914a651..01f3ab1f 100644 --- a/test/test_x509crl.rb +++ b/test/test_x509crl.rb @@ -197,6 +197,29 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase assert_equal(false, crl.verify(@dsa512)) end + def test_revoked_to_der + # revokedCertificates SEQUENCE OF SEQUENCE { + # userCertificate CertificateSerialNumber, + # revocationDate Time, + # crlEntryExtensions Extensions OPTIONAL + # -- if present, version MUST be v2 + # } OPTIONAL, + + now = Time.utc(2000, 1, 1) + rev1 = OpenSSL::X509::Revoked.new + rev1.serial = 123 + rev1.time = now + ext = OpenSSL::X509::Extension.new("CRLReason", OpenSSL::ASN1::Enumerated(1)) + rev1.extensions = [ext] + asn1 = OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Integer(123), + OpenSSL::ASN1::UTCTime(now), + OpenSSL::ASN1::Sequence([ext.to_der]) + ]) + + assert_equal asn1.to_der, rev1.to_der + end + private def crl_error_returns_false |