diff options
-rwxr-xr-x | ext/openssl/ossl_ts.c | 88 | ||||
-rwxr-xr-x | test/test_ts.rb | 144 |
2 files changed, 130 insertions, 102 deletions
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c index a515d181..2ad84882 100755 --- a/ext/openssl/ossl_ts.c +++ b/ext/openssl/ossl_ts.c @@ -196,7 +196,9 @@ ossl_ts_req_initialize(int argc, VALUE *argv, VALUE self) arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(&arg); - if (!d2i_TS_REQ_bio(in, &ts_req)) + ts_req = d2i_TS_REQ_bio(in, &ts_req); + BIO_free(in); + if (!ts_req) ossl_raise(eTimestampError, "Error when decoding the timestamp request"); DATA_PTR(self) = ts_req; @@ -371,10 +373,13 @@ ossl_ts_req_set_policy_id(VALUE self, VALUE oid) { TS_REQ *req; ASN1_OBJECT *obj; + int ok; GetTSRequest(self, req); obj = obj_to_asn1obj(oid); - if (!TS_REQ_set_policy_id(req, obj)) + ok = TS_REQ_set_policy_id(req, obj); + ASN1_OBJECT_free(obj); + if (!ok) ossl_raise(eTimestampError, "TS_REQ_set_policy_id"); return oid; @@ -401,9 +406,8 @@ ossl_ts_req_get_nonce(VALUE self) /* * Sets the nonce (number used once) that the server shall include in its - * response. This can be +nil+, implying that the server shall not return - * a nonce in the Response. If the nonce is set, the server must return the - * same nonce value in a valid Response. + * response. If the nonce is set, the server must return the same nonce value in + * a valid Response. * * call-seq: * request.nonce = number -> Fixnum @@ -412,13 +416,12 @@ static VALUE ossl_ts_req_set_nonce(VALUE self, VALUE num) { TS_REQ *req; - - // TS_REQ_set_nonce doesn't allow NULL value, though it is valid value. - if (num == Qnil) - ossl_raise(eTimestampError, NULL); + ASN1_INTEGER *nonce; GetTSRequest(self, req); - TS_REQ_set_nonce(req, num_to_asn1integer(num, NULL)); + nonce = num_to_asn1integer(num, NULL); + TS_REQ_set_nonce(req, nonce); + ASN1_INTEGER_free(nonce); return num; } @@ -662,15 +665,17 @@ static VALUE ossl_ts_resp_get_pkcs7(VALUE self) { TS_RESP *resp; - PKCS7 *p7; + PKCS7 *p7, *copy; VALUE obj; GetTSResponse(self, resp); if (!(p7 = TS_RESP_get_token(resp))) return Qnil; + if (!(copy = PKCS7_dup(p7))) + ossl_raise(eTimestampError, NULL); obj = NewPKCS7(cPKCS7); - SetPKCS7(obj, PKCS7_dup(p7)); + SetPKCS7(obj, copy); return obj; } @@ -948,8 +953,10 @@ static void int_ossl_init_roots(VALUE roots, X509_STORE * store) BIO *in; int i; - if (roots == Qnil) + if (roots == Qnil) { + X509_STORE_free(store); ossl_raise(rb_eTypeError, "roots must not be nil."); + } else if (rb_obj_is_kind_of(roots, rb_cArray)) { for (i=0; i < RARRAY_LEN(roots); i++) { VALUE cert = rb_ary_entry(roots, i); @@ -963,8 +970,10 @@ static void int_ossl_init_roots(VALUE roots, X509_STORE * store) in = ossl_obj2bio(&roots); inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); BIO_free(in); - if(!inf) + if(!inf) { + X509_STORE_free(store); ossl_raise(eTimestampError, "Could not parse root certificates."); + } for (i = 0; i < sk_X509_INFO_num(inf); i++) { itmp = sk_X509_INFO_value(inf, i); if (itmp->x509) { @@ -980,16 +989,14 @@ void int_ossl_verify_ctx_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs) { int i; - STACK_OF(X509) *new_certs; if (!certs) return; - new_certs = TS_VERIFY_CTS_set_certs(ctx, sk_X509_dup(certs)); - if (!new_certs) - ossl_raise(eTimestampError, NULL); - for (i = 0; i < sk_X509_num(new_certs); ++i) { - X509 *cert = sk_X509_value(new_certs, i); + TS_VERIFY_CTS_set_certs(ctx, certs); + + for (i = 0; i < sk_X509_num(certs); ++i) { + X509 *cert = sk_X509_value(certs, i); X509_up_ref(cert); } } @@ -1029,7 +1036,6 @@ int_ossl_verify_ctx_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs) static VALUE ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self) { - VALUE ret = Qnil; VALUE untrusted = Qnil; VALUE ts_cert; VALUE roots; @@ -1047,26 +1053,23 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self) GetTSResponse(self, resp); req = GetTsReqPtr(ts_req); - if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(req, NULL))) - ossl_raise(eTimestampError, "Error when creating the verification context."); - - store = TS_VERIFY_CTX_set_store(ctx, X509_STORE_new()); - if (!store) { - TS_VERIFY_CTX_free(ctx); - ossl_raise(eTimestampError, NULL); - } + if (!(store = X509_STORE_new())) + ossl_raise(eTimestampError, NULL); int_ossl_init_roots(roots, store); ts_cert = ossl_ts_resp_get_tsa_certificate(self); if (ts_cert != Qnil || untrusted != Qnil) { if (!(certs = sk_X509_new_null())) { - TS_VERIFY_CTX_free(ctx); + X509_STORE_free(store); ossl_raise(eTimestampError, NULL); } if (ts_cert != Qnil) { - if (!(p7 = TS_RESP_get_token(resp))) + if (!(p7 = TS_RESP_get_token(resp))) { + X509_STORE_free(store); + sk_X509_free(certs); ossl_raise(eTimestampError, "TS_RESP_get_token"); + } for (i=0; i < sk_X509_num(p7->d.sign->cert); i++) { sk_X509_push(certs, sk_X509_value(p7->d.sign->cert, i)); } @@ -1084,19 +1087,22 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self) } } + if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(req, NULL))) { + X509_STORE_free(store); + sk_X509_pop_free(certs, X509_free); + ossl_raise(eTimestampError, "Error when creating the verification context."); + } int_ossl_verify_ctx_set_certs(ctx, certs); + TS_VERIFY_CTX_set_store(ctx, store); TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE); if (!TS_RESP_verify_response(ctx, resp)) { + TS_VERIFY_CTX_free(ctx); int_ossl_handle_verify_errors(); - goto end; } - ret = self; - -end: TS_VERIFY_CTX_free(ctx); - return ret; + return self; } static ASN1_INTEGER * @@ -1218,12 +1224,17 @@ ossl_tsfac_create_ts(VALUE self, VALUE key, VALUE certificate, VALUE request) else { sk_X509_push(inter_certs, GetX509CertPtr(additional_certs)); } + // this dups the sk_X509 and ups each cert's ref count TS_RESP_CTX_set_certs(ctx, inter_certs); + sk_X509_free(inter_certs); } TS_RESP_CTX_set_signer_key(ctx, sign_key); - if (def_policy_id != Qnil && !TS_REQ_get_policy_id(req)) - TS_RESP_CTX_set_def_policy(ctx, obj_to_asn1obj(def_policy_id)); + if (def_policy_id != Qnil && !TS_REQ_get_policy_id(req)) { + ASN1_OBJECT *def_policy_id_obj = obj_to_asn1obj(def_policy_id); + TS_RESP_CTX_set_def_policy(ctx, def_policy_id_obj); + ASN1_OBJECT_free(def_policy_id_obj); + } if (TS_REQ_get_policy_id(req)) TS_RESP_CTX_set_def_policy(ctx, TS_REQ_get_policy_id(req)); TS_RESP_CTX_set_time_cb(ctx, ossl_tsfac_time_cb, &gen_time); @@ -1238,6 +1249,7 @@ ossl_tsfac_create_ts(VALUE self, VALUE key, VALUE certificate, VALUE request) str = rb_funcall(request, rb_intern("to_der"), 0); req_bio = ossl_obj2bio(&str); response = TS_RESP_create_response(ctx, req_bio); + BIO_free(req_bio); if (!response) { err_msg = "Error during response generation"; goto end; diff --git a/test/test_ts.rb b/test/test_ts.rb index 92b57d84..38898f47 100755 --- a/test/test_ts.rb +++ b/test/test_ts.rb @@ -3,7 +3,8 @@ require_relative "utils" if defined?(OpenSSL) && defined?(OpenSSL::Timestamp) class OpenSSL::TestTimestamp < OpenSSL::TestCase - INTERMEDIATE_KEY = OpenSSL::PKey::RSA.new <<-_end_of_pem_ + def intermediate_key + @intermediate_key ||= OpenSSL::PKey::RSA.new <<-_end_of_pem_ -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQCcyODxH+oTrr7l7MITWcGaYnnBma6vidCCJjuSzZpaRmXZHAyH 0YcY4ttC0BdJ4uV+cE05IySVC7tyvVfFb8gFQ6XJV+AEktP+XkLbcxZgj9d2NVu1 @@ -20,8 +21,10 @@ X5fAffWU0u7ZwqeByQJAOUAbYET4RU3iymAvAIDFj8LiQnizG9t5Ty3HXlijKQYv y8gsvWd4CdxwOPatWpBUX9L7IXcMJmD44xXTUvpbfQ== -----END RSA PRIVATE KEY----- _end_of_pem_ + end - EE_KEY = OpenSSL::PKey::RSA.new <<-_end_of_pem_ + def ee_key + @ee_key ||= OpenSSL::PKey::RSA.new <<-_end_of_pem_ -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDA6eB5r2O5KOKNbKMBhzadl43lgpwqq28m+G0gH38kKCL1f3o9 P8xUZm7sZqcWEervZMSSXMGBV9DgeoSR+U6FMJywgQGx/JNRx7wZTMNym3PvgLkl @@ -38,11 +41,24 @@ EWRYkoNQ8/Q4lCeMjQJAfvDIGtyqF4PieFHYgluQAv5pGgYpakdc8SYyeRH9NKey GaL27FRs4fRWf9OmxPhUVgIyGzLGXrueemvQUDHObA== -----END RSA PRIVATE KEY----- _end_of_pem_ + end + + def ca_cert + @ca_cert ||= OpenSSL::Certs.ca_cert + end + - CA_CERT = OpenSSL::Certs.ca_cert - TS_CERT_DIRECT = OpenSSL::Certs.ts_cert_direct(EE_KEY, CA_CERT) - INTERMEDIATE_CERT = OpenSSL::Certs.intermediate_cert(INTERMEDIATE_KEY, CA_CERT) - TS_CERT_EE = OpenSSL::Certs.ts_cert_ee(EE_KEY, INTERMEDIATE_CERT, INTERMEDIATE_KEY) + def ts_cert_direct + @ts_cert_direct ||= OpenSSL::Certs.ts_cert_direct(ee_key, ca_cert) + end + + def intermediate_cert + @intermediate_cert ||= OpenSSL::Certs.intermediate_cert(intermediate_key, ca_cert) + end + + def ts_cert_ee + @ts_cert_ee ||= OpenSSL::Certs.ts_cert_ee(ee_key, intermediate_cert, intermediate_key) + end def test_create_request req = OpenSSL::Timestamp::Request.new @@ -93,7 +109,7 @@ _end_of_pem_ req.nonce = 42 assert_equal(42, req.nonce) assert_raises(TypeError) { req.nonce = "foo" } - assert_raises(OpenSSL::Timestamp::TimestampError) { req.nonce = nil } + assert_raises(TypeError) { req.nonce = nil } req.cert_requested = false assert_equal(false, req.cert_requested?) @@ -168,7 +184,7 @@ _end_of_pem_ fac.gen_time = time fac.serial_number = 1 - resp = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + resp = fac.create_timestamp(ee_key, ts_cert_ee, req) assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status) assert_nil(resp.failure_info) assert_nil(resp.status_text) @@ -180,7 +196,7 @@ _end_of_pem_ assert_equal(time.to_i, resp.gen_time.to_i) assert_equal(false, resp.ordering) assert_nil(req.nonce) - assert_cert(TS_CERT_EE, resp.tsa_certificate) + assert_cert(ts_cert_ee, resp.tsa_certificate) #compare PKCS7 pkcs7 = OpenSSL::ASN1.decode(resp.to_der).value[1] assert_equal(pkcs7.to_der, resp.pkcs7.to_der) @@ -190,32 +206,32 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new req = OpenSSL::Timestamp::Request.new assert_raises(OpenSSL::Timestamp::TimestampError) do - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) end req.algorithm = "sha1" assert_raises(OpenSSL::Timestamp::TimestampError) do - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) end req.message_imprint = OpenSSL::Digest::SHA1.new.digest("data") assert_raises(OpenSSL::Timestamp::TimestampError) do - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) end fac.gen_time = Time.now assert_raises(OpenSSL::Timestamp::TimestampError) do - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) end fac.serial_number = 1 assert_raises(OpenSSL::Timestamp::TimestampError) do - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) end fac.default_policy_id = "1.2.3.4.5" - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) fac.default_policy_id = nil assert_raises(OpenSSL::Timestamp::TimestampError) do - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) end req.policy_id = "1.2.3.4.5" - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) end def test_response_default_policy @@ -229,7 +245,7 @@ _end_of_pem_ fac.serial_number = 1 fac.default_policy_id = "1.2.3.4.6" - resp = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + resp = fac.create_timestamp(ee_key, ts_cert_ee, req) assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status) assert_equal("1.2.3.4.6", resp.policy_id) end @@ -246,7 +262,7 @@ _end_of_pem_ fac.serial_number = 1 fac.default_policy_id = "1.2.3.4.5" - resp = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + resp = fac.create_timestamp(ee_key, ts_cert_ee, req) assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status) assert_nil(resp.tsa_certificate) end @@ -262,14 +278,14 @@ _end_of_pem_ fac.gen_time = Time.now fac.serial_number = 1 - fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.create_timestamp(ee_key, ts_cert_ee, req) end end def test_verify_ee_no_req assert_raises(TypeError) do ts, req = timestamp_ee - ts.verify(nil, CA_CERT) + ts.verify(nil, ca_cert) end end @@ -283,14 +299,14 @@ _end_of_pem_ def test_verify_ee_wrong_root_no_intermediate assert_raises(OpenSSL::Timestamp::CertificateValidationError) do ts, req = timestamp_ee - ts.verify(req, [INTERMEDIATE_CERT]) + ts.verify(req, [intermediate_cert]) end end def test_verify_ee_wrong_root_wrong_intermediate assert_raises(OpenSSL::Timestamp::CertificateValidationError) do ts, req = timestamp_ee - ts.verify(req, [INTERMEDIATE_CERT], CA_CERT) + ts.verify(req, [intermediate_cert], ca_cert) end end @@ -298,40 +314,40 @@ _end_of_pem_ assert_raises(OpenSSL::Timestamp::TimestampError) do ts, req = timestamp_ee req.nonce = 1 - ts.verify(req, [CA_CERT], INTERMEDIATE_CERT) + ts.verify(req, [ca_cert], intermediate_cert) end end def test_verify_ee_intermediate_missing assert_raises(OpenSSL::Timestamp::CertificateValidationError) do ts, req = timestamp_ee - ts.verify(req, [CA_CERT]) + ts.verify(req, [ca_cert]) end end def test_verify_ee_intermediate ts, req = timestamp_ee - ts.verify(req, [CA_CERT], INTERMEDIATE_CERT) + ts.verify(req, [ca_cert], intermediate_cert) end def test_verify_ee_single_root ts, req = timestamp_ee - ts.verify(req, CA_CERT, INTERMEDIATE_CERT) + ts.verify(req, ca_cert, intermediate_cert) end def test_verify_ee_root_from_string ts, req = timestamp_ee - pem_root = CA_CERT.to_pem - ts.verify(req, pem_root, INTERMEDIATE_CERT) + pem_root = ca_cert.to_pem + ts.verify(req, pem_root, intermediate_cert) end def test_verify_ee_root_from_file begin ts, req = timestamp_ee File.open('root_ca', 'wb') do |file| - file.print(CA_CERT.to_pem) + file.print(ca_cert.to_pem) end - ts.verify(req, File.open('root_ca', 'rb'), INTERMEDIATE_CERT) + ts.verify(req, File.open('root_ca', 'rb'), intermediate_cert) ensure if File.exists?('root_ca') File.delete('root_ca') @@ -351,48 +367,48 @@ _end_of_pem_ fac.serial_number = 1 fac.default_policy_id = "1.2.3.4.5" - ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) - ts.verify(req, [CA_CERT], INTERMEDIATE_CERT) + ts = fac.create_timestamp(ee_key, ts_cert_ee, req) + ts.verify(req, [ca_cert], intermediate_cert) end def test_verify_direct ts, req = timestamp_direct - ts.verify(req, [CA_CERT]) + ts.verify(req, [ca_cert]) end def test_verify_direct_redundant_untrusted ts, req = timestamp_direct - ts.verify(req, [CA_CERT], ts.tsa_certificate, ts.tsa_certificate) + ts.verify(req, [ca_cert], ts.tsa_certificate, ts.tsa_certificate) end def test_verify_direct_unrelated_untrusted ts, req = timestamp_direct - ts.verify(req, [CA_CERT], INTERMEDIATE_CERT) + ts.verify(req, [ca_cert], intermediate_cert) end def test_verify_direct_wrong_root assert_raises(OpenSSL::Timestamp::CertificateValidationError) do ts, req = timestamp_direct - ts.verify(req, [INTERMEDIATE_CERT]) + ts.verify(req, [intermediate_cert]) end end def test_verify_direct_no_cert_no_intermediate assert_raises(OpenSSL::Timestamp::TimestampError) do ts, req = timestamp_direct_no_cert - ts.verify(req, [CA_CERT]) + ts.verify(req, [ca_cert]) end end def test_verify_ee_no_cert ts, req = timestamp_ee_no_cert - ts.verify(req, [CA_CERT], TS_CERT_EE, INTERMEDIATE_CERT) + ts.verify(req, [ca_cert], ts_cert_ee, intermediate_cert) end def test_verify_ee_no_cert_no_intermediate assert_raises(OpenSSL::Timestamp::CertificateValidationError) do ts, req = timestamp_ee_no_cert - ts.verify(req, [CA_CERT], TS_CERT_EE) + ts.verify(req, [ca_cert], ts_cert_ee) end end @@ -408,9 +424,9 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - ts = fac.create_timestamp(EE_KEY, INTERMEDIATE_CERT, req) + ts = fac.create_timestamp(ee_key, intermediate_cert, req) - ts.verify(req, [CA_CERT]) + ts.verify(req, [ca_cert]) end end @@ -424,12 +440,12 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - fac.additional_certs = [INTERMEDIATE_CERT] - ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.additional_certs = [intermediate_cert] + ts = fac.create_timestamp(ee_key, ts_cert_ee, req) assert_equal(2, ts.pkcs7.certificates.size) fac.additional_certs = nil - ts.verify(req, CA_CERT) - ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + ts.verify(req, ca_cert) + ts = fac.create_timestamp(ee_key, ts_cert_ee, req) assert_equal(1, ts.pkcs7.certificates.size) end @@ -443,10 +459,10 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - fac.additional_certs = INTERMEDIATE_CERT - ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.additional_certs = intermediate_cert + ts = fac.create_timestamp(ee_key, ts_cert_ee, req) assert_equal(2, ts.pkcs7.certificates.size) - ts.verify(req, CA_CERT) + ts.verify(req, ca_cert) end def test_verify_ee_additional_certs_with_root @@ -459,10 +475,10 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - fac.additional_certs = [INTERMEDIATE_CERT, CA_CERT] - ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.additional_certs = [intermediate_cert, ca_cert] + ts = fac.create_timestamp(ee_key, ts_cert_ee, req) assert_equal(3, ts.pkcs7.certificates.size) - ts.verify(req, CA_CERT) + ts.verify(req, ca_cert) end def test_verify_ee_cert_inclusion_not_requested @@ -477,10 +493,10 @@ _end_of_pem_ fac.serial_number = 1 #needed because the Request contained no policy identifier fac.default_policy_id = '1.2.3.4.5' - fac.additional_certs = [ TS_CERT_EE, INTERMEDIATE_CERT ] - ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + fac.additional_certs = [ ts_cert_ee, intermediate_cert ] + ts = fac.create_timestamp(ee_key, ts_cert_ee, req) assert_nil(ts.pkcs7.certificates) #since cert_requested? == false - ts.verify(req, CA_CERT, TS_CERT_EE, INTERMEDIATE_CERT) + ts.verify(req, ca_cert, ts_cert_ee, intermediate_cert) end def test_reusable @@ -496,11 +512,11 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - fac.additional_certs = [ INTERMEDIATE_CERT ] - ts1 = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) - ts1.verify(req, CA_CERT) - ts2 = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) - ts2.verify(req, CA_CERT) + fac.additional_certs = [ intermediate_cert ] + ts1 = fac.create_timestamp(ee_key, ts_cert_ee, req) + ts1.verify(req, ca_cert) + ts2 = fac.create_timestamp(ee_key, ts_cert_ee, req) + ts2.verify(req, ca_cert) refute_nil(ts1.tsa_certificate) refute_nil(ts2.tsa_certificate) end @@ -522,7 +538,7 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - return fac.create_timestamp(EE_KEY, TS_CERT_EE, req), req + return fac.create_timestamp(ee_key, ts_cert_ee, req), req end def timestamp_ee_no_cert @@ -537,7 +553,7 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - return fac.create_timestamp(EE_KEY, TS_CERT_EE, req), req + return fac.create_timestamp(ee_key, ts_cert_ee, req), req end def timestamp_direct @@ -551,7 +567,7 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - return fac.create_timestamp(EE_KEY, TS_CERT_DIRECT, req), req + return fac.create_timestamp(ee_key, ts_cert_direct, req), req end def timestamp_direct_no_cert @@ -566,7 +582,7 @@ _end_of_pem_ fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 - return fac.create_timestamp(EE_KEY, TS_CERT_DIRECT, req), req + return fac.create_timestamp(ee_key, ts_cert_direct, req), req end end |