From d2be12ef6171f75a074aca8caaeaf834e1f2aac8 Mon Sep 17 00:00:00 2001 From: drbrain Date: Fri, 8 Feb 2013 02:58:19 +0000 Subject: * lib/rubygems/security/policy.rb: Raise proper exceptions when verifying unsigned gems (instead of crashing). * test/rubygems/test_gem_security_policy.rb: Tests for the above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39153 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/rubygems/test_gem_security_policy.rb | 67 +++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) (limited to 'test/rubygems') diff --git a/test/rubygems/test_gem_security_policy.rb b/test/rubygems/test_gem_security_policy.rb index 568bf69d08..1ce93fbd95 100644 --- a/test/rubygems/test_gem_security_policy.rb +++ b/test/rubygems/test_gem_security_policy.rb @@ -34,6 +34,7 @@ class TestGemSecurityPolicy < Gem::TestCase @no = Gem::Security::NoSecurity @almost_no = Gem::Security::AlmostNoSecurity @low = Gem::Security::LowSecurity + @medium = Gem::Security::MediumSecurity @high = Gem::Security::HighSecurity @chain = Gem::Security::Policy.new( @@ -85,6 +86,14 @@ class TestGemSecurityPolicy < Gem::TestCase assert @chain.check_chain chain, Time.now end + def test_check_chain_empty_chain + e = assert_raises Gem::Security::Exception do + @chain.check_chain [], Time.now + end + + assert_equal 'empty signing chain', e.message + end + def test_check_chain_invalid chain = [PUBLIC_CERT, CHILD_CERT, INVALIDCHILD_CERT] @@ -97,6 +106,14 @@ class TestGemSecurityPolicy < Gem::TestCase "was not issued by #{CHILD_CERT.subject}", e.message end + def test_check_chain_no_chain + e = assert_raises Gem::Security::Exception do + @chain.check_chain nil, Time.now + end + + assert_equal 'missing signing chain', e.message + end + def test_check_cert assert @low.check_cert(PUBLIC_CERT, nil, Time.now) end @@ -135,10 +152,28 @@ class TestGemSecurityPolicy < Gem::TestCase assert @low.check_cert(CHILD_CERT, PUBLIC_CERT, Time.now) end + def test_check_cert_no_signer + e = assert_raises Gem::Security::Exception do + @high.check_cert(nil, nil, Time.now) + end + + assert_equal 'missing signing certificate', e.message + end + def test_check_key assert @almost_no.check_key(PUBLIC_CERT, PRIVATE_KEY) end + def test_check_key_no_signer + assert @almost_no.check_key(nil, nil) + + e = assert_raises Gem::Security::Exception do + @high.check_key(nil, nil) + end + + assert_equal 'missing key or signature', e.message + end + def test_check_key_wrong_key e = assert_raises Gem::Security::Exception do @almost_no.check_key(PUBLIC_CERT, ALTERNATE_KEY) @@ -154,6 +189,14 @@ class TestGemSecurityPolicy < Gem::TestCase assert @chain.check_root chain, Time.now end + def test_check_root_empty_chain + e = assert_raises Gem::Security::Exception do + @chain.check_root [], Time.now + end + + assert_equal 'missing root certificate', e.message + end + def test_check_root_invalid_signer chain = [INVALID_SIGNER_CERT] @@ -178,6 +221,14 @@ class TestGemSecurityPolicy < Gem::TestCase e.message end + def test_check_root_no_chain + e = assert_raises Gem::Security::Exception do + @chain.check_root nil, Time.now + end + + assert_equal 'missing signing chain', e.message + end + def test_check_trust Gem::Security.trust_dir.trust_cert PUBLIC_CERT @@ -190,6 +241,14 @@ class TestGemSecurityPolicy < Gem::TestCase assert @high.check_trust [PUBLIC_CERT, CHILD_CERT], @sha1, @trust_dir end + def test_check_trust_empty_chain + e = assert_raises Gem::Security::Exception do + @chain.check_trust [], @sha1, @trust_dir + end + + assert_equal 'missing root certificate', e.message + end + def test_check_trust_mismatch Gem::Security.trust_dir.trust_cert PUBLIC_CERT @@ -201,6 +260,14 @@ class TestGemSecurityPolicy < Gem::TestCase "does not match signing root certificate checksum", e.message end + def test_check_trust_no_chain + e = assert_raises Gem::Security::Exception do + @chain.check_trust nil, @sha1, @trust_dir + end + + assert_equal 'missing signing chain', e.message + end + def test_check_trust_no_trust e = assert_raises Gem::Security::Exception do @high.check_trust [PUBLIC_CERT], @sha1, @trust_dir -- cgit v1.2.3