aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xext/openssl/ossl_ts.c88
-rwxr-xr-xtest/test_ts.rb144
2 files changed, 130 insertions, 102 deletions
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c
index a515d181..2ad84882 100755
--- a/ext/openssl/ossl_ts.c
+++ b/ext/openssl/ossl_ts.c
@@ -196,7 +196,9 @@ ossl_ts_req_initialize(int argc, VALUE *argv, VALUE self)
arg = ossl_to_der_if_possible(arg);
in = ossl_obj2bio(&arg);
- if (!d2i_TS_REQ_bio(in, &ts_req))
+ ts_req = d2i_TS_REQ_bio(in, &ts_req);
+ BIO_free(in);
+ if (!ts_req)
ossl_raise(eTimestampError, "Error when decoding the timestamp request");
DATA_PTR(self) = ts_req;
@@ -371,10 +373,13 @@ ossl_ts_req_set_policy_id(VALUE self, VALUE oid)
{
TS_REQ *req;
ASN1_OBJECT *obj;
+ int ok;
GetTSRequest(self, req);
obj = obj_to_asn1obj(oid);
- if (!TS_REQ_set_policy_id(req, obj))
+ ok = TS_REQ_set_policy_id(req, obj);
+ ASN1_OBJECT_free(obj);
+ if (!ok)
ossl_raise(eTimestampError, "TS_REQ_set_policy_id");
return oid;
@@ -401,9 +406,8 @@ ossl_ts_req_get_nonce(VALUE self)
/*
* Sets the nonce (number used once) that the server shall include in its
- * response. This can be +nil+, implying that the server shall not return
- * a nonce in the Response. If the nonce is set, the server must return the
- * same nonce value in a valid Response.
+ * response. If the nonce is set, the server must return the same nonce value in
+ * a valid Response.
*
* call-seq:
* request.nonce = number -> Fixnum
@@ -412,13 +416,12 @@ static VALUE
ossl_ts_req_set_nonce(VALUE self, VALUE num)
{
TS_REQ *req;
-
- // TS_REQ_set_nonce doesn't allow NULL value, though it is valid value.
- if (num == Qnil)
- ossl_raise(eTimestampError, NULL);
+ ASN1_INTEGER *nonce;
GetTSRequest(self, req);
- TS_REQ_set_nonce(req, num_to_asn1integer(num, NULL));
+ nonce = num_to_asn1integer(num, NULL);
+ TS_REQ_set_nonce(req, nonce);
+ ASN1_INTEGER_free(nonce);
return num;
}
@@ -662,15 +665,17 @@ static VALUE
ossl_ts_resp_get_pkcs7(VALUE self)
{
TS_RESP *resp;
- PKCS7 *p7;
+ PKCS7 *p7, *copy;
VALUE obj;
GetTSResponse(self, resp);
if (!(p7 = TS_RESP_get_token(resp)))
return Qnil;
+ if (!(copy = PKCS7_dup(p7)))
+ ossl_raise(eTimestampError, NULL);
obj = NewPKCS7(cPKCS7);
- SetPKCS7(obj, PKCS7_dup(p7));
+ SetPKCS7(obj, copy);
return obj;
}
@@ -948,8 +953,10 @@ static void int_ossl_init_roots(VALUE roots, X509_STORE * store)
BIO *in;
int i;
- if (roots == Qnil)
+ if (roots == Qnil) {
+ X509_STORE_free(store);
ossl_raise(rb_eTypeError, "roots must not be nil.");
+ }
else if (rb_obj_is_kind_of(roots, rb_cArray)) {
for (i=0; i < RARRAY_LEN(roots); i++) {
VALUE cert = rb_ary_entry(roots, i);
@@ -963,8 +970,10 @@ static void int_ossl_init_roots(VALUE roots, X509_STORE * store)
in = ossl_obj2bio(&roots);
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
BIO_free(in);
- if(!inf)
+ if(!inf) {
+ X509_STORE_free(store);
ossl_raise(eTimestampError, "Could not parse root certificates.");
+ }
for (i = 0; i < sk_X509_INFO_num(inf); i++) {
itmp = sk_X509_INFO_value(inf, i);
if (itmp->x509) {
@@ -980,16 +989,14 @@ void
int_ossl_verify_ctx_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs)
{
int i;
- STACK_OF(X509) *new_certs;
if (!certs)
return;
- new_certs = TS_VERIFY_CTS_set_certs(ctx, sk_X509_dup(certs));
- if (!new_certs)
- ossl_raise(eTimestampError, NULL);
- for (i = 0; i < sk_X509_num(new_certs); ++i) {
- X509 *cert = sk_X509_value(new_certs, i);
+ TS_VERIFY_CTS_set_certs(ctx, certs);
+
+ for (i = 0; i < sk_X509_num(certs); ++i) {
+ X509 *cert = sk_X509_value(certs, i);
X509_up_ref(cert);
}
}
@@ -1029,7 +1036,6 @@ int_ossl_verify_ctx_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs)
static VALUE
ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
{
- VALUE ret = Qnil;
VALUE untrusted = Qnil;
VALUE ts_cert;
VALUE roots;
@@ -1047,26 +1053,23 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
GetTSResponse(self, resp);
req = GetTsReqPtr(ts_req);
- if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(req, NULL)))
- ossl_raise(eTimestampError, "Error when creating the verification context.");
-
- store = TS_VERIFY_CTX_set_store(ctx, X509_STORE_new());
- if (!store) {
- TS_VERIFY_CTX_free(ctx);
- ossl_raise(eTimestampError, NULL);
- }
+ if (!(store = X509_STORE_new()))
+ ossl_raise(eTimestampError, NULL);
int_ossl_init_roots(roots, store);
ts_cert = ossl_ts_resp_get_tsa_certificate(self);
if (ts_cert != Qnil || untrusted != Qnil) {
if (!(certs = sk_X509_new_null())) {
- TS_VERIFY_CTX_free(ctx);
+ X509_STORE_free(store);
ossl_raise(eTimestampError, NULL);
}
if (ts_cert != Qnil) {
- if (!(p7 = TS_RESP_get_token(resp)))
+ if (!(p7 = TS_RESP_get_token(resp))) {
+ X509_STORE_free(store);
+ sk_X509_free(certs);
ossl_raise(eTimestampError, "TS_RESP_get_token");
+ }
for (i=0; i < sk_X509_num(p7->d.sign->cert); i++) {
sk_X509_push(certs, sk_X509_value(p7->d.sign->cert, i));
}
@@ -1084,19 +1087,22 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
}
}
+ if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(req, NULL))) {
+ X509_STORE_free(store);
+ sk_X509_pop_free(certs, X509_free);
+ ossl_raise(eTimestampError, "Error when creating the verification context.");
+ }
int_ossl_verify_ctx_set_certs(ctx, certs);
+ TS_VERIFY_CTX_set_store(ctx, store);
TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE);
if (!TS_RESP_verify_response(ctx, resp)) {
+ TS_VERIFY_CTX_free(ctx);
int_ossl_handle_verify_errors();
- goto end;
}
- ret = self;
-
-end:
TS_VERIFY_CTX_free(ctx);
- return ret;
+ return self;
}
static ASN1_INTEGER *
@@ -1218,12 +1224,17 @@ ossl_tsfac_create_ts(VALUE self, VALUE key, VALUE certificate, VALUE request)
else {
sk_X509_push(inter_certs, GetX509CertPtr(additional_certs));
}
+ // this dups the sk_X509 and ups each cert's ref count
TS_RESP_CTX_set_certs(ctx, inter_certs);
+ sk_X509_free(inter_certs);
}
TS_RESP_CTX_set_signer_key(ctx, sign_key);
- if (def_policy_id != Qnil && !TS_REQ_get_policy_id(req))
- TS_RESP_CTX_set_def_policy(ctx, obj_to_asn1obj(def_policy_id));
+ if (def_policy_id != Qnil && !TS_REQ_get_policy_id(req)) {
+ ASN1_OBJECT *def_policy_id_obj = obj_to_asn1obj(def_policy_id);
+ TS_RESP_CTX_set_def_policy(ctx, def_policy_id_obj);
+ ASN1_OBJECT_free(def_policy_id_obj);
+ }
if (TS_REQ_get_policy_id(req))
TS_RESP_CTX_set_def_policy(ctx, TS_REQ_get_policy_id(req));
TS_RESP_CTX_set_time_cb(ctx, ossl_tsfac_time_cb, &gen_time);
@@ -1238,6 +1249,7 @@ ossl_tsfac_create_ts(VALUE self, VALUE key, VALUE certificate, VALUE request)
str = rb_funcall(request, rb_intern("to_der"), 0);
req_bio = ossl_obj2bio(&str);
response = TS_RESP_create_response(ctx, req_bio);
+ BIO_free(req_bio);
if (!response) {
err_msg = "Error during response generation";
goto end;
diff --git a/test/test_ts.rb b/test/test_ts.rb
index 92b57d84..38898f47 100755
--- a/test/test_ts.rb
+++ b/test/test_ts.rb
@@ -3,7 +3,8 @@ require_relative "utils"
if defined?(OpenSSL) && defined?(OpenSSL::Timestamp)
class OpenSSL::TestTimestamp < OpenSSL::TestCase
- INTERMEDIATE_KEY = OpenSSL::PKey::RSA.new <<-_end_of_pem_
+ def intermediate_key
+ @intermediate_key ||= OpenSSL::PKey::RSA.new <<-_end_of_pem_
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCcyODxH+oTrr7l7MITWcGaYnnBma6vidCCJjuSzZpaRmXZHAyH
0YcY4ttC0BdJ4uV+cE05IySVC7tyvVfFb8gFQ6XJV+AEktP+XkLbcxZgj9d2NVu1
@@ -20,8 +21,10 @@ X5fAffWU0u7ZwqeByQJAOUAbYET4RU3iymAvAIDFj8LiQnizG9t5Ty3HXlijKQYv
y8gsvWd4CdxwOPatWpBUX9L7IXcMJmD44xXTUvpbfQ==
-----END RSA PRIVATE KEY-----
_end_of_pem_
+ end
- EE_KEY = OpenSSL::PKey::RSA.new <<-_end_of_pem_
+ def ee_key
+ @ee_key ||= OpenSSL::PKey::RSA.new <<-_end_of_pem_
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDA6eB5r2O5KOKNbKMBhzadl43lgpwqq28m+G0gH38kKCL1f3o9
P8xUZm7sZqcWEervZMSSXMGBV9DgeoSR+U6FMJywgQGx/JNRx7wZTMNym3PvgLkl
@@ -38,11 +41,24 @@ EWRYkoNQ8/Q4lCeMjQJAfvDIGtyqF4PieFHYgluQAv5pGgYpakdc8SYyeRH9NKey
GaL27FRs4fRWf9OmxPhUVgIyGzLGXrueemvQUDHObA==
-----END RSA PRIVATE KEY-----
_end_of_pem_
+ end
+
+ def ca_cert
+ @ca_cert ||= OpenSSL::Certs.ca_cert
+ end
+
- CA_CERT = OpenSSL::Certs.ca_cert
- TS_CERT_DIRECT = OpenSSL::Certs.ts_cert_direct(EE_KEY, CA_CERT)
- INTERMEDIATE_CERT = OpenSSL::Certs.intermediate_cert(INTERMEDIATE_KEY, CA_CERT)
- TS_CERT_EE = OpenSSL::Certs.ts_cert_ee(EE_KEY, INTERMEDIATE_CERT, INTERMEDIATE_KEY)
+ def ts_cert_direct
+ @ts_cert_direct ||= OpenSSL::Certs.ts_cert_direct(ee_key, ca_cert)
+ end
+
+ def intermediate_cert
+ @intermediate_cert ||= OpenSSL::Certs.intermediate_cert(intermediate_key, ca_cert)
+ end
+
+ def ts_cert_ee
+ @ts_cert_ee ||= OpenSSL::Certs.ts_cert_ee(ee_key, intermediate_cert, intermediate_key)
+ end
def test_create_request
req = OpenSSL::Timestamp::Request.new
@@ -93,7 +109,7 @@ _end_of_pem_
req.nonce = 42
assert_equal(42, req.nonce)
assert_raises(TypeError) { req.nonce = "foo" }
- assert_raises(OpenSSL::Timestamp::TimestampError) { req.nonce = nil }
+ assert_raises(TypeError) { req.nonce = nil }
req.cert_requested = false
assert_equal(false, req.cert_requested?)
@@ -168,7 +184,7 @@ _end_of_pem_
fac.gen_time = time
fac.serial_number = 1
- resp = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status)
assert_nil(resp.failure_info)
assert_nil(resp.status_text)
@@ -180,7 +196,7 @@ _end_of_pem_
assert_equal(time.to_i, resp.gen_time.to_i)
assert_equal(false, resp.ordering)
assert_nil(req.nonce)
- assert_cert(TS_CERT_EE, resp.tsa_certificate)
+ assert_cert(ts_cert_ee, resp.tsa_certificate)
#compare PKCS7
pkcs7 = OpenSSL::ASN1.decode(resp.to_der).value[1]
assert_equal(pkcs7.to_der, resp.pkcs7.to_der)
@@ -190,32 +206,32 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
req = OpenSSL::Timestamp::Request.new
assert_raises(OpenSSL::Timestamp::TimestampError) do
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
end
req.algorithm = "sha1"
assert_raises(OpenSSL::Timestamp::TimestampError) do
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
end
req.message_imprint = OpenSSL::Digest::SHA1.new.digest("data")
assert_raises(OpenSSL::Timestamp::TimestampError) do
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
end
fac.gen_time = Time.now
assert_raises(OpenSSL::Timestamp::TimestampError) do
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
end
fac.serial_number = 1
assert_raises(OpenSSL::Timestamp::TimestampError) do
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
end
fac.default_policy_id = "1.2.3.4.5"
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
fac.default_policy_id = nil
assert_raises(OpenSSL::Timestamp::TimestampError) do
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
end
req.policy_id = "1.2.3.4.5"
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
end
def test_response_default_policy
@@ -229,7 +245,7 @@ _end_of_pem_
fac.serial_number = 1
fac.default_policy_id = "1.2.3.4.6"
- resp = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status)
assert_equal("1.2.3.4.6", resp.policy_id)
end
@@ -246,7 +262,7 @@ _end_of_pem_
fac.serial_number = 1
fac.default_policy_id = "1.2.3.4.5"
- resp = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status)
assert_nil(resp.tsa_certificate)
end
@@ -262,14 +278,14 @@ _end_of_pem_
fac.gen_time = Time.now
fac.serial_number = 1
- fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.create_timestamp(ee_key, ts_cert_ee, req)
end
end
def test_verify_ee_no_req
assert_raises(TypeError) do
ts, req = timestamp_ee
- ts.verify(nil, CA_CERT)
+ ts.verify(nil, ca_cert)
end
end
@@ -283,14 +299,14 @@ _end_of_pem_
def test_verify_ee_wrong_root_no_intermediate
assert_raises(OpenSSL::Timestamp::CertificateValidationError) do
ts, req = timestamp_ee
- ts.verify(req, [INTERMEDIATE_CERT])
+ ts.verify(req, [intermediate_cert])
end
end
def test_verify_ee_wrong_root_wrong_intermediate
assert_raises(OpenSSL::Timestamp::CertificateValidationError) do
ts, req = timestamp_ee
- ts.verify(req, [INTERMEDIATE_CERT], CA_CERT)
+ ts.verify(req, [intermediate_cert], ca_cert)
end
end
@@ -298,40 +314,40 @@ _end_of_pem_
assert_raises(OpenSSL::Timestamp::TimestampError) do
ts, req = timestamp_ee
req.nonce = 1
- ts.verify(req, [CA_CERT], INTERMEDIATE_CERT)
+ ts.verify(req, [ca_cert], intermediate_cert)
end
end
def test_verify_ee_intermediate_missing
assert_raises(OpenSSL::Timestamp::CertificateValidationError) do
ts, req = timestamp_ee
- ts.verify(req, [CA_CERT])
+ ts.verify(req, [ca_cert])
end
end
def test_verify_ee_intermediate
ts, req = timestamp_ee
- ts.verify(req, [CA_CERT], INTERMEDIATE_CERT)
+ ts.verify(req, [ca_cert], intermediate_cert)
end
def test_verify_ee_single_root
ts, req = timestamp_ee
- ts.verify(req, CA_CERT, INTERMEDIATE_CERT)
+ ts.verify(req, ca_cert, intermediate_cert)
end
def test_verify_ee_root_from_string
ts, req = timestamp_ee
- pem_root = CA_CERT.to_pem
- ts.verify(req, pem_root, INTERMEDIATE_CERT)
+ pem_root = ca_cert.to_pem
+ ts.verify(req, pem_root, intermediate_cert)
end
def test_verify_ee_root_from_file
begin
ts, req = timestamp_ee
File.open('root_ca', 'wb') do |file|
- file.print(CA_CERT.to_pem)
+ file.print(ca_cert.to_pem)
end
- ts.verify(req, File.open('root_ca', 'rb'), INTERMEDIATE_CERT)
+ ts.verify(req, File.open('root_ca', 'rb'), intermediate_cert)
ensure
if File.exists?('root_ca')
File.delete('root_ca')
@@ -351,48 +367,48 @@ _end_of_pem_
fac.serial_number = 1
fac.default_policy_id = "1.2.3.4.5"
- ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
- ts.verify(req, [CA_CERT], INTERMEDIATE_CERT)
+ ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
+ ts.verify(req, [ca_cert], intermediate_cert)
end
def test_verify_direct
ts, req = timestamp_direct
- ts.verify(req, [CA_CERT])
+ ts.verify(req, [ca_cert])
end
def test_verify_direct_redundant_untrusted
ts, req = timestamp_direct
- ts.verify(req, [CA_CERT], ts.tsa_certificate, ts.tsa_certificate)
+ ts.verify(req, [ca_cert], ts.tsa_certificate, ts.tsa_certificate)
end
def test_verify_direct_unrelated_untrusted
ts, req = timestamp_direct
- ts.verify(req, [CA_CERT], INTERMEDIATE_CERT)
+ ts.verify(req, [ca_cert], intermediate_cert)
end
def test_verify_direct_wrong_root
assert_raises(OpenSSL::Timestamp::CertificateValidationError) do
ts, req = timestamp_direct
- ts.verify(req, [INTERMEDIATE_CERT])
+ ts.verify(req, [intermediate_cert])
end
end
def test_verify_direct_no_cert_no_intermediate
assert_raises(OpenSSL::Timestamp::TimestampError) do
ts, req = timestamp_direct_no_cert
- ts.verify(req, [CA_CERT])
+ ts.verify(req, [ca_cert])
end
end
def test_verify_ee_no_cert
ts, req = timestamp_ee_no_cert
- ts.verify(req, [CA_CERT], TS_CERT_EE, INTERMEDIATE_CERT)
+ ts.verify(req, [ca_cert], ts_cert_ee, intermediate_cert)
end
def test_verify_ee_no_cert_no_intermediate
assert_raises(OpenSSL::Timestamp::CertificateValidationError) do
ts, req = timestamp_ee_no_cert
- ts.verify(req, [CA_CERT], TS_CERT_EE)
+ ts.verify(req, [ca_cert], ts_cert_ee)
end
end
@@ -408,9 +424,9 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- ts = fac.create_timestamp(EE_KEY, INTERMEDIATE_CERT, req)
+ ts = fac.create_timestamp(ee_key, intermediate_cert, req)
- ts.verify(req, [CA_CERT])
+ ts.verify(req, [ca_cert])
end
end
@@ -424,12 +440,12 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- fac.additional_certs = [INTERMEDIATE_CERT]
- ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.additional_certs = [intermediate_cert]
+ ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
assert_equal(2, ts.pkcs7.certificates.size)
fac.additional_certs = nil
- ts.verify(req, CA_CERT)
- ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ ts.verify(req, ca_cert)
+ ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
assert_equal(1, ts.pkcs7.certificates.size)
end
@@ -443,10 +459,10 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- fac.additional_certs = INTERMEDIATE_CERT
- ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.additional_certs = intermediate_cert
+ ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
assert_equal(2, ts.pkcs7.certificates.size)
- ts.verify(req, CA_CERT)
+ ts.verify(req, ca_cert)
end
def test_verify_ee_additional_certs_with_root
@@ -459,10 +475,10 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- fac.additional_certs = [INTERMEDIATE_CERT, CA_CERT]
- ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.additional_certs = [intermediate_cert, ca_cert]
+ ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
assert_equal(3, ts.pkcs7.certificates.size)
- ts.verify(req, CA_CERT)
+ ts.verify(req, ca_cert)
end
def test_verify_ee_cert_inclusion_not_requested
@@ -477,10 +493,10 @@ _end_of_pem_
fac.serial_number = 1
#needed because the Request contained no policy identifier
fac.default_policy_id = '1.2.3.4.5'
- fac.additional_certs = [ TS_CERT_EE, INTERMEDIATE_CERT ]
- ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+ fac.additional_certs = [ ts_cert_ee, intermediate_cert ]
+ ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
assert_nil(ts.pkcs7.certificates) #since cert_requested? == false
- ts.verify(req, CA_CERT, TS_CERT_EE, INTERMEDIATE_CERT)
+ ts.verify(req, ca_cert, ts_cert_ee, intermediate_cert)
end
def test_reusable
@@ -496,11 +512,11 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- fac.additional_certs = [ INTERMEDIATE_CERT ]
- ts1 = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
- ts1.verify(req, CA_CERT)
- ts2 = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
- ts2.verify(req, CA_CERT)
+ fac.additional_certs = [ intermediate_cert ]
+ ts1 = fac.create_timestamp(ee_key, ts_cert_ee, req)
+ ts1.verify(req, ca_cert)
+ ts2 = fac.create_timestamp(ee_key, ts_cert_ee, req)
+ ts2.verify(req, ca_cert)
refute_nil(ts1.tsa_certificate)
refute_nil(ts2.tsa_certificate)
end
@@ -522,7 +538,7 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- return fac.create_timestamp(EE_KEY, TS_CERT_EE, req), req
+ return fac.create_timestamp(ee_key, ts_cert_ee, req), req
end
def timestamp_ee_no_cert
@@ -537,7 +553,7 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- return fac.create_timestamp(EE_KEY, TS_CERT_EE, req), req
+ return fac.create_timestamp(ee_key, ts_cert_ee, req), req
end
def timestamp_direct
@@ -551,7 +567,7 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- return fac.create_timestamp(EE_KEY, TS_CERT_DIRECT, req), req
+ return fac.create_timestamp(ee_key, ts_cert_direct, req), req
end
def timestamp_direct_no_cert
@@ -566,7 +582,7 @@ _end_of_pem_
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
- return fac.create_timestamp(EE_KEY, TS_CERT_DIRECT, req), req
+ return fac.create_timestamp(ee_key, ts_cert_direct, req), req
end
end
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 00:59:29 +0000