From 432a9f3455f537a99fe9771e550d0e3a682e99e8 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu, 12 Oct 2017 14:10:19 +0900
Subject: x509cert: implement X509::Certificate#==

---
 ext/openssl/ossl_x509cert.c | 21 +++++++++++++++++++++
 test/test_x509cert.rb       | 14 ++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index 003a9c19..cf82a53d 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -683,6 +683,26 @@ ossl_x509_inspect(VALUE self)
 		      ossl_x509_get_not_after(self));
 }
 
+/*
+ * call-seq:
+ *    cert1 == cert2 -> true | false
+ *
+ * Compares the two certificates. Note that this takes into account all fields,
+ * not just the issuer name and the serial number.
+ */
+static VALUE
+ossl_x509_eq(VALUE self, VALUE other)
+{
+    X509 *a, *b;
+
+    GetX509(self, a);
+    if (!rb_obj_is_kind_of(other, cX509Cert))
+	return Qfalse;
+    GetX509(other, b);
+
+    return !X509_cmp(a, b) ? Qtrue : Qfalse;
+}
+
 /*
  * INIT
  */
@@ -821,4 +841,5 @@ Init_ossl_x509cert(void)
     rb_define_method(cX509Cert, "extensions=", ossl_x509_set_extensions, 1);
     rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1);
     rb_define_method(cX509Cert, "inspect", ossl_x509_inspect, 0);
+    rb_define_method(cX509Cert, "==", ossl_x509_eq, 1);
 }
diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb
index 289994d1..bde3fbc9 100644
--- a/test/test_x509cert.rb
+++ b/test/test_x509cert.rb
@@ -169,6 +169,20 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
     }
   end
 
+  def test_eq
+    cacert = issue_cert(@ca, @rsa1024, 1, [], nil, nil)
+    cert1 = issue_cert(@ee1, @rsa2048, 2, [], cacert, @rsa1024)
+    cert2 = issue_cert(@ee1, @rsa2048, 2, [], cacert, @rsa1024)
+    cert3 = issue_cert(@ee1, @rsa2048, 3, [], cacert, @rsa1024)
+    cert4 = issue_cert(@ee1, @rsa2048, 2, [], cacert, @rsa1024, digest: "sha512")
+
+    assert_equal false, cert1 == 12345
+    assert_equal true, cert1 == cert2
+    assert_equal false, cert1 == cert3
+    assert_equal false, cert1 == cert4
+    assert_equal false, cert3 == cert4
+  end
+
   private
 
   def certificate_error_returns_false
-- 
cgit v1.2.3