From e4727829837a4a4de173a54ddd6514053fce1b5a Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu, 12 Oct 2017 15:32:02 +0900
Subject: x509crl, x509revoked: implement X509::{CRL,Revoked}#==

---
 lib/openssl/x509.rb  | 14 ++++++++++++++
 test/test_x509crl.rb | 27 +++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb
index bc8ccc7d..6b220142 100644
--- a/lib/openssl/x509.rb
+++ b/lib/openssl/x509.rb
@@ -190,5 +190,19 @@ module OpenSSL
         }
       end
     end
+
+    class CRL
+      def ==(other)
+        return false unless CRL === other
+        to_der == other.to_der
+      end
+    end
+
+    class Revoked
+      def ==(other)
+        return false unless Revoked === other
+        to_der == other.to_der
+      end
+    end
   end
 end
diff --git a/test/test_x509crl.rb b/test/test_x509crl.rb
index 01f3ab1f..a11073fb 100644
--- a/test/test_x509crl.rb
+++ b/test/test_x509crl.rb
@@ -220,6 +220,33 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase
     assert_equal asn1.to_der, rev1.to_der
   end
 
+  def test_eq
+    cacert = issue_cert(@ca, @rsa1024, 1, [], nil, nil)
+    crl1 = issue_crl([], 1, Time.now, Time.now + 3600, [], cacert, @rsa1024, "sha256")
+    rev1 = OpenSSL::X509::Revoked.new.tap { |rev|
+      rev.serial = 1
+      rev.time = Time.now
+    }
+    crl1.add_revoked(rev1)
+    crl2 = OpenSSL::X509::CRL.new(crl1.to_der)
+
+    # CRL
+    assert_equal false, crl1 == 12345
+    assert_equal true, crl1 == crl2
+    rev2 = OpenSSL::X509::Revoked.new.tap { |rev|
+      rev.serial = 2
+      rev.time = Time.now
+    }
+    crl2.add_revoked(rev2)
+    assert_equal false, crl1 == crl2
+
+    # Revoked
+    assert_equal false, rev1 == 12345
+    assert_equal true, rev1 == crl2.revoked[0]
+    assert_equal false, rev1 == crl2.revoked[1]
+    assert_equal true, rev2 == crl2.revoked[1]
+  end
+
   private
 
   def crl_error_returns_false
-- 
cgit v1.2.3