diff options
Diffstat (limited to 'test/openssl')
-rw-r--r-- | test/openssl/test_pkey_dh.rb | 7 | ||||
-rw-r--r-- | test/openssl/test_pkey_dsa.rb | 5 | ||||
-rw-r--r-- | test/openssl/test_pkey_ec.rb | 10 | ||||
-rw-r--r-- | test/openssl/test_pkey_rsa.rb | 7 | ||||
-rw-r--r-- | test/openssl/test_x509cert.rb | 24 | ||||
-rw-r--r-- | test/openssl/utils.rb | 2 |
6 files changed, 53 insertions, 2 deletions
diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb index a0eca53c48..bca40ee202 100644 --- a/test/openssl/test_pkey_dh.rb +++ b/test/openssl/test_pkey_dh.rb @@ -68,6 +68,13 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3 assert_equal(dh.to_pem, public_key.to_pem) end + def test_public_pkey + dh = OpenSSL::TestUtils::TEST_KEY_DH1024 + dh_test = dh.public_pkey + assert(!dh_test.private?) + assert(dh_test.public?) + end + def test_generate_key dh = OpenSSL::TestUtils::TEST_KEY_DH1024.public_key # creates a copy assert_no_key(dh) diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb index eb3e4f1c65..3537738aa9 100644 --- a/test/openssl/test_pkey_dsa.rb +++ b/test/openssl/test_pkey_dsa.rb @@ -228,6 +228,11 @@ YNMbNw== assert(pem) end + def test_public_pkey + key = OpenSSL::TestUtils::TEST_KEY_DSA256 + assert_equal(key.public_key.to_der, key.public_pkey.to_der) + end + private def check_sign_verify(digest) diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index fe128fd455..e5c4056114 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -189,6 +189,16 @@ class OpenSSL::TestEC < Test::Unit::TestCase assert(pem) end + def test_public_pkey + ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 + ec_pub = OpenSSL::PKey::EC.new(ec.group) + ec_pub.public_key = ec.public_key + test_obj = ec.public_pkey + assert(!test_obj.private?) + assert(test_obj.public?) + assert_equal(ec_pub.to_der, test_obj.to_der) + end + def test_ec_point_mul ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 p1 = ec.public_key diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index 165b1ec98e..b031fdd387 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -284,6 +284,13 @@ AwEAAQ== assert(pem) end + def test_public_pkey + key = OpenSSL::TestUtils::TEST_KEY_RSA1024 + key_test = key.public_pkey + assert(!key_test.private?) + assert(key_test.public?) + end + private def check_PUBKEY(asn1, key) diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb index 72cb9e6095..642a65253b 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb @@ -9,6 +9,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512 + @p256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1") @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") @@ -42,7 +43,9 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new [ - [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest] + [@rsa1024, sha1], [@rsa2048, sha1], + [@dsa256, dsa_digest], [@dsa512, dsa_digest], + [@p256, sha1], ].each{|pk, digest| cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts, nil, nil, digest) @@ -133,6 +136,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.serial = 2 assert_equal(false, cert.verify(@rsa2048)) end @@ -145,6 +149,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError # RHEL7 disables MD5 @@ -157,6 +162,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) }) assert_equal(false, cert.verify(@dsa256)) assert_equal(true, cert.verify(@dsa512)) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.not_after = Time.now assert_equal(false, cert.verify(@dsa512)) end @@ -168,6 +174,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase assert_equal(true, cert.verify(@rsa2048)) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@p256) }) cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError @@ -180,6 +187,18 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase } end + def test_sign_and_verify_ecdsa_sha1 + cert = issue_cert(@ca, @p256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + assert_equal(false, certificate_error_returns_false { cert.verify(@rsa1024) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + assert_equal(true, cert.verify(@p256)) + cert.serial = 123 + assert_equal(false, cert.verify(@p256)) + end + def test_dsig_algorithm_mismatch assert_raise(OpenSSL::X509::CertificateError) do issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], @@ -213,6 +232,9 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(true, cert.check_private_key(@rsa2048)) + cert = issue_cert(@ca, @p256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + assert_equal(true, cert.check_private_key(@p256)) end private diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index 6909854cad..c2a0864297 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -122,7 +122,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC cert.serial = serial cert.subject = dn cert.issuer = issuer.subject - cert.public_key = key.public_key + cert.public_key = key.public_pkey cert.not_before = not_before cert.not_after = not_after ef = OpenSSL::X509::ExtensionFactory.new |