From 55956cce10d7a176b71eaeada4b70adc16300146 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 12 Oct 2017 14:29:32 +0900 Subject: x509ext: implement X509::Extension#== --- lib/openssl/x509.rb | 5 +++++ test/test_x509ext.rb | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index 6d31b98c..2f87ea19 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -41,6 +41,11 @@ module OpenSSL end class Extension + def ==(other) + return false unless Extension === other + to_der == other.to_der + end + def to_s # "oid = critical, value" str = self.oid str << " = " diff --git a/test/test_x509ext.rb b/test/test_x509ext.rb index f384a25e..91ce202f 100644 --- a/test/test_x509ext.rb +++ b/test/test_x509ext.rb @@ -75,6 +75,17 @@ class OpenSSL::TestX509Extension < OpenSSL::TestCase assert_equal(@basic_constraints.to_der, ext.to_der) assert_equal(ext.to_der, ext.dup.to_der) end + + def test_eq + ext1 = OpenSSL::X509::Extension.new(@basic_constraints.to_der) + ef = OpenSSL::X509::ExtensionFactory.new + ext2 = ef.create_extension("basicConstraints", "critical, CA:TRUE, pathlen:2") + ext3 = ef.create_extension("basicConstraints", "critical, CA:TRUE") + + assert_equal false, ext1 == 12345 + assert_equal true, ext1 == ext2 + assert_equal false, ext1 == ext3 + end end end -- cgit v1.2.3 From b99f1ddc05dbdc69fc9b79fd65d1069d96c83b86 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 12 Oct 2017 14:24:59 +0900 Subject: x509attr: implement X509::Attribute#== --- lib/openssl/x509.rb | 7 +++++++ test/test_x509attr.rb | 17 +++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index 2f87ea19..bc8ccc7d 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -165,6 +165,13 @@ module OpenSSL end end + class Attribute + def ==(other) + return false unless Attribute === other + to_der == other.to_der + end + end + class StoreContext def cleanup warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE diff --git a/test/test_x509attr.rb b/test/test_x509attr.rb index 108162f4..c6c48e86 100644 --- a/test/test_x509attr.rb +++ b/test/test_x509attr.rb @@ -62,6 +62,23 @@ class OpenSSL::TestX509Attribute < OpenSSL::TestCase attr = OpenSSL::X509::Attribute.new("challengePassword", val) assert_equal(attr.to_der, attr.dup.to_der) end + + def test_eq + val1 = OpenSSL::ASN1::Set([ + OpenSSL::ASN1::UTF8String("abc123") + ]) + attr1 = OpenSSL::X509::Attribute.new("challengePassword", val1) + attr2 = OpenSSL::X509::Attribute.new("challengePassword", val1) + ef = OpenSSL::X509::ExtensionFactory.new + val2 = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([ + ef.create_extension("keyUsage", "keyCertSign", true) + ])]) + attr3 = OpenSSL::X509::Attribute.new("extReq", val2) + + assert_equal false, attr1 == 12345 + assert_equal true, attr1 == attr2 + assert_equal false, attr1 == attr3 + end end end -- cgit v1.2.3 From 432a9f3455f537a99fe9771e550d0e3a682e99e8 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 12 Oct 2017 14:10:19 +0900 Subject: x509cert: implement X509::Certificate#== --- ext/openssl/ossl_x509cert.c | 21 +++++++++++++++++++++ test/test_x509cert.rb | 14 ++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 003a9c19..cf82a53d 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -683,6 +683,26 @@ ossl_x509_inspect(VALUE self) ossl_x509_get_not_after(self)); } +/* + * call-seq: + * cert1 == cert2 -> true | false + * + * Compares the two certificates. Note that this takes into account all fields, + * not just the issuer name and the serial number. + */ +static VALUE +ossl_x509_eq(VALUE self, VALUE other) +{ + X509 *a, *b; + + GetX509(self, a); + if (!rb_obj_is_kind_of(other, cX509Cert)) + return Qfalse; + GetX509(other, b); + + return !X509_cmp(a, b) ? Qtrue : Qfalse; +} + /* * INIT */ @@ -821,4 +841,5 @@ Init_ossl_x509cert(void) rb_define_method(cX509Cert, "extensions=", ossl_x509_set_extensions, 1); rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1); rb_define_method(cX509Cert, "inspect", ossl_x509_inspect, 0); + rb_define_method(cX509Cert, "==", ossl_x509_eq, 1); } diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb index 289994d1..bde3fbc9 100644 --- a/test/test_x509cert.rb +++ b/test/test_x509cert.rb @@ -169,6 +169,20 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase } end + def test_eq + cacert = issue_cert(@ca, @rsa1024, 1, [], nil, nil) + cert1 = issue_cert(@ee1, @rsa2048, 2, [], cacert, @rsa1024) + cert2 = issue_cert(@ee1, @rsa2048, 2, [], cacert, @rsa1024) + cert3 = issue_cert(@ee1, @rsa2048, 3, [], cacert, @rsa1024) + cert4 = issue_cert(@ee1, @rsa2048, 2, [], cacert, @rsa1024, digest: "sha512") + + assert_equal false, cert1 == 12345 + assert_equal true, cert1 == cert2 + assert_equal false, cert1 == cert3 + assert_equal false, cert1 == cert4 + assert_equal false, cert3 == cert4 + end + private def certificate_error_returns_false -- cgit v1.2.3 From 51699757a2e2f1a3e47e385346c35b23cf92f245 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 12 Oct 2017 15:40:39 +0900 Subject: x509revoked: add missing X509::Revoked#to_der --- ext/openssl/ossl_x509revoked.c | 21 +++++++++++++++++++++ test/test_x509crl.rb | 23 +++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index 85489efd..5fe68534 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -249,6 +249,26 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext) return ext; } +static VALUE +ossl_x509revoked_to_der(VALUE self) +{ + X509_REVOKED *rev; + VALUE str; + int len; + unsigned char *p; + + GetX509Rev(self, rev); + len = i2d_X509_REVOKED(rev, NULL); + if (len <= 0) + ossl_raise(eX509RevError, "i2d_X509_REVOKED"); + str = rb_str_new(NULL, len); + p = (unsigned char *)RSTRING_PTR(str); + if (i2d_X509_REVOKED(rev, &p) <= 0) + ossl_raise(eX509RevError, "i2d_X509_REVOKED"); + ossl_str_adjust(str, p); + return str; +} + /* * INIT */ @@ -276,4 +296,5 @@ Init_ossl_x509revoked(void) rb_define_method(cX509Rev, "extensions", ossl_x509revoked_get_extensions, 0); rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1); rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1); + rb_define_method(cX509Rev, "to_der", ossl_x509revoked_to_der, 0); } diff --git a/test/test_x509crl.rb b/test/test_x509crl.rb index 1914a651..01f3ab1f 100644 --- a/test/test_x509crl.rb +++ b/test/test_x509crl.rb @@ -197,6 +197,29 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase assert_equal(false, crl.verify(@dsa512)) end + def test_revoked_to_der + # revokedCertificates SEQUENCE OF SEQUENCE { + # userCertificate CertificateSerialNumber, + # revocationDate Time, + # crlEntryExtensions Extensions OPTIONAL + # -- if present, version MUST be v2 + # } OPTIONAL, + + now = Time.utc(2000, 1, 1) + rev1 = OpenSSL::X509::Revoked.new + rev1.serial = 123 + rev1.time = now + ext = OpenSSL::X509::Extension.new("CRLReason", OpenSSL::ASN1::Enumerated(1)) + rev1.extensions = [ext] + asn1 = OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Integer(123), + OpenSSL::ASN1::UTCTime(now), + OpenSSL::ASN1::Sequence([ext.to_der]) + ]) + + assert_equal asn1.to_der, rev1.to_der + end + private def crl_error_returns_false -- cgit v1.2.3 From e4727829837a4a4de173a54ddd6514053fce1b5a Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 12 Oct 2017 15:32:02 +0900 Subject: x509crl, x509revoked: implement X509::{CRL,Revoked}#== --- lib/openssl/x509.rb | 14 ++++++++++++++ test/test_x509crl.rb | 27 +++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index bc8ccc7d..6b220142 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -190,5 +190,19 @@ module OpenSSL } end end + + class CRL + def ==(other) + return false unless CRL === other + to_der == other.to_der + end + end + + class Revoked + def ==(other) + return false unless Revoked === other + to_der == other.to_der + end + end end end diff --git a/test/test_x509crl.rb b/test/test_x509crl.rb index 01f3ab1f..a11073fb 100644 --- a/test/test_x509crl.rb +++ b/test/test_x509crl.rb @@ -220,6 +220,33 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase assert_equal asn1.to_der, rev1.to_der end + def test_eq + cacert = issue_cert(@ca, @rsa1024, 1, [], nil, nil) + crl1 = issue_crl([], 1, Time.now, Time.now + 3600, [], cacert, @rsa1024, "sha256") + rev1 = OpenSSL::X509::Revoked.new.tap { |rev| + rev.serial = 1 + rev.time = Time.now + } + crl1.add_revoked(rev1) + crl2 = OpenSSL::X509::CRL.new(crl1.to_der) + + # CRL + assert_equal false, crl1 == 12345 + assert_equal true, crl1 == crl2 + rev2 = OpenSSL::X509::Revoked.new.tap { |rev| + rev.serial = 2 + rev.time = Time.now + } + crl2.add_revoked(rev2) + assert_equal false, crl1 == crl2 + + # Revoked + assert_equal false, rev1 == 12345 + assert_equal true, rev1 == crl2.revoked[0] + assert_equal false, rev1 == crl2.revoked[1] + assert_equal true, rev2 == crl2.revoked[1] + end + private def crl_error_returns_false -- cgit v1.2.3 From 5c4af48a35c5c6bea10fd86a848a564e9f2f84b0 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 12 Oct 2017 15:57:00 +0900 Subject: x509req: implement X509::Request#== --- lib/openssl/x509.rb | 7 +++++++ test/test_x509req.rb | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index 6b220142..98358f90 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -204,5 +204,12 @@ module OpenSSL to_der == other.to_der end end + + class Request + def ==(other) + return false unless Request === other + to_der == other.to_der + end + end end end diff --git a/test/test_x509req.rb b/test/test_x509req.rb index a21d45da..2c447ccd 100644 --- a/test/test_x509req.rb +++ b/test/test_x509req.rb @@ -141,6 +141,16 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase assert_equal(req.to_der, req.dup.to_der) end + def test_eq + req1 = issue_csr(0, @dn, @rsa1024, "sha1") + req2 = issue_csr(0, @dn, @rsa1024, "sha1") + req3 = issue_csr(0, @dn, @rsa1024, "sha256") + + assert_equal false, req1 == 12345 + assert_equal true, req1 == req2 + assert_equal false, req1 == req3 + end + private def request_error_returns_false -- cgit v1.2.3