diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-13 15:36:43 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-13 15:36:43 +0900 |
commit | 0b8db854a4c595826eeec11aa03ab20f242f651e (patch) | |
tree | 7ac8bafede901ff77c42f4f1b5b7d03351264e3a /test/openssl/test_x509cert.rb | |
parent | ed84536dd88340ea4a38f8e5f7e07b23bd68c00f (diff) | |
download | ruby-0b8db854a4c595826eeec11aa03ab20f242f651e.tar.gz |
ext/openssl: implement OpenSSL::PKey::{DSA,RSA,EC}#public_pkeytopic/openssl-pkey-ec
Add OpenSSL::PKey::{DSA,RSA,EC}#public_pkey. They return a new instance
of itself, which contains only parameters and public information.
The old methods, {DSA,RSA}#public_key, are now deprecated.
There are 3 types of PKey#public_key: 1) EC#public_key, which returns
the actual public key (EC::Point). 2) RSA/DSA#public_key, which returns
a new instance of PKey with no private information. 3) DH#public_key,
which returns a new instance of DH which contains only DH params. This
doesn't even contain 'private key'. This is very confusing. The new
methods are intend to replace the 2).
Diffstat (limited to 'test/openssl/test_x509cert.rb')
-rw-r--r-- | test/openssl/test_x509cert.rb | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb index 72cb9e6095..642a65253b 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb @@ -9,6 +9,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512 + @p256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1") @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") @@ -42,7 +43,9 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new [ - [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest] + [@rsa1024, sha1], [@rsa2048, sha1], + [@dsa256, dsa_digest], [@dsa512, dsa_digest], + [@p256, sha1], ].each{|pk, digest| cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts, nil, nil, digest) @@ -133,6 +136,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.serial = 2 assert_equal(false, cert.verify(@rsa2048)) end @@ -145,6 +149,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError # RHEL7 disables MD5 @@ -157,6 +162,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) }) assert_equal(false, cert.verify(@dsa256)) assert_equal(true, cert.verify(@dsa512)) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.not_after = Time.now assert_equal(false, cert.verify(@dsa512)) end @@ -168,6 +174,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError @@ -180,6 +187,18 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase } end + def test_sign_and_verify_ecdsa_sha1 + cert = issue_cert(@ca, @p256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + assert_equal(false, certificate_error_returns_false { cert.verify(@rsa1024) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(true, cert.verify(@p256)) + cert.serial = 123 + assert_equal(false, cert.verify(@p256)) + end + def test_dsig_algorithm_mismatch assert_raise(OpenSSL::X509::CertificateError) do issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], @@ -213,6 +232,9 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(true, cert.check_private_key(@rsa2048)) + cert = issue_cert(@ca, @p256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + assert_equal(true, cert.check_private_key(@p256)) end private |