diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-13 15:36:43 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-13 15:36:43 +0900 |
commit | 0b8db854a4c595826eeec11aa03ab20f242f651e (patch) | |
tree | 7ac8bafede901ff77c42f4f1b5b7d03351264e3a /test/openssl | |
parent | ed84536dd88340ea4a38f8e5f7e07b23bd68c00f (diff) | |
download | ruby-topic/openssl-pkey-ec.tar.gz |
ext/openssl: implement OpenSSL::PKey::{DSA,RSA,EC}#public_pkeytopic/openssl-pkey-ec
Add OpenSSL::PKey::{DSA,RSA,EC}#public_pkey. They return a new instance
of itself, which contains only parameters and public information.
The old methods, {DSA,RSA}#public_key, are now deprecated.
There are 3 types of PKey#public_key: 1) EC#public_key, which returns
the actual public key (EC::Point). 2) RSA/DSA#public_key, which returns
a new instance of PKey with no private information. 3) DH#public_key,
which returns a new instance of DH which contains only DH params. This
doesn't even contain 'private key'. This is very confusing. The new
methods are intend to replace the 2).
Diffstat (limited to 'test/openssl')
-rw-r--r-- | test/openssl/test_pkey_dh.rb | 7 | ||||
-rw-r--r-- | test/openssl/test_pkey_dsa.rb | 5 | ||||
-rw-r--r-- | test/openssl/test_pkey_ec.rb | 10 | ||||
-rw-r--r-- | test/openssl/test_pkey_rsa.rb | 7 | ||||
-rw-r--r-- | test/openssl/test_x509cert.rb | 24 | ||||
-rw-r--r-- | test/openssl/utils.rb | 2 |
6 files changed, 53 insertions, 2 deletions
diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb index a0eca53c48..bca40ee202 100644 --- a/test/openssl/test_pkey_dh.rb +++ b/test/openssl/test_pkey_dh.rb @@ -68,6 +68,13 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3 assert_equal(dh.to_pem, public_key.to_pem) end + def test_public_pkey + dh = OpenSSL::TestUtils::TEST_KEY_DH1024 + dh_test = dh.public_pkey + assert(!dh_test.private?) + assert(dh_test.public?) + end + def test_generate_key dh = OpenSSL::TestUtils::TEST_KEY_DH1024.public_key # creates a copy assert_no_key(dh) diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb index eb3e4f1c65..3537738aa9 100644 --- a/test/openssl/test_pkey_dsa.rb +++ b/test/openssl/test_pkey_dsa.rb @@ -228,6 +228,11 @@ YNMbNw== assert(pem) end + def test_public_pkey + key = OpenSSL::TestUtils::TEST_KEY_DSA256 + assert_equal(key.public_key.to_der, key.public_pkey.to_der) + end + private def check_sign_verify(digest) diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index fe128fd455..e5c4056114 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -189,6 +189,16 @@ class OpenSSL::TestEC < Test::Unit::TestCase assert(pem) end + def test_public_pkey + ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 + ec_pub = OpenSSL::PKey::EC.new(ec.group) + ec_pub.public_key = ec.public_key + test_obj = ec.public_pkey + assert(!test_obj.private?) + assert(test_obj.public?) + assert_equal(ec_pub.to_der, test_obj.to_der) + end + def test_ec_point_mul ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 p1 = ec.public_key diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index 165b1ec98e..b031fdd387 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -284,6 +284,13 @@ AwEAAQ== assert(pem) end + def test_public_pkey + key = OpenSSL::TestUtils::TEST_KEY_RSA1024 + key_test = key.public_pkey + assert(!key_test.private?) + assert(key_test.public?) + end + private def check_PUBKEY(asn1, key) diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb index 72cb9e6095..642a65253b 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb @@ -9,6 +9,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512 + @p256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1") @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") @@ -42,7 +43,9 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new [ - [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest] + [@rsa1024, sha1], [@rsa2048, sha1], + [@dsa256, dsa_digest], [@dsa512, dsa_digest], + [@p256, sha1], ].each{|pk, digest| cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts, nil, nil, digest) @@ -133,6 +136,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.serial = 2 assert_equal(false, cert.verify(@rsa2048)) end @@ -145,6 +149,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError # RHEL7 disables MD5 @@ -157,6 +162,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) }) assert_equal(false, cert.verify(@dsa256)) assert_equal(true, cert.verify(@dsa512)) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.not_after = Time.now assert_equal(false, cert.verify(@dsa512)) end @@ -168,6 +174,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError @@ -180,6 +187,18 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase } end + def test_sign_and_verify_ecdsa_sha1 + cert = issue_cert(@ca, @p256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + assert_equal(false, certificate_error_returns_false { cert.verify(@rsa1024) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(true, cert.verify(@p256)) + cert.serial = 123 + assert_equal(false, cert.verify(@p256)) + end + def test_dsig_algorithm_mismatch assert_raise(OpenSSL::X509::CertificateError) do issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], @@ -213,6 +232,9 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(true, cert.check_private_key(@rsa2048)) + cert = issue_cert(@ca, @p256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + assert_equal(true, cert.check_private_key(@p256)) end private diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index 6909854cad..c2a0864297 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -122,7 +122,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC cert.serial = serial cert.subject = dn cert.issuer = issuer.subject - cert.public_key = key.public_key + cert.public_key = key.public_pkey cert.not_before = not_before cert.not_after = not_after ef = OpenSSL::X509::ExtensionFactory.new |