| blob | 7cb1a1fe8eb072c1fac09dad221ec148d8455ce3 |
1 require_relative "utils"
3 if defined?(OpenSSL) && defined?(OpenSSL::Timestamp)
5 class OpenSSL::TestTimestamp < OpenSSL::TestCase
6 def intermediate_key
7 @intermediate_key ||= OpenSSL::PKey::RSA.new <<-_end_of_pem_
8 -----BEGIN RSA PRIVATE KEY-----
9 MIICWwIBAAKBgQCcyODxH+oTrr7l7MITWcGaYnnBma6vidCCJjuSzZpaRmXZHAyH
10 0YcY4ttC0BdJ4uV+cE05IySVC7tyvVfFb8gFQ6XJV+AEktP+XkLbcxZgj9d2NVu1
11 ziXdI+ldXkPnMhyWpMS5E7SD6gflv9NhUYEsmAGsUgdK6LDmm2W2/4TlewIDAQAB
12 AoGAYgx6KDFWONLqjW3f/Sv/mGYHUNykUyDzpcD1Npyf797gqMMSzwlo3FZa2tC6
13 D7n23XirwpTItvEsW9gvgMikJDPlThAeGLZ+L0UbVNNBHVxGP998Nda1kxqKvhRE
14 pfZCKc7PLM9ZXc6jBTmgxdcAYfVCCVUoa2mEf9Ktr3BlI4kCQQDQAM09+wHDXGKP
15 o2UnCwCazGtyGU2r0QCzHlh9BVY+KD2KjjhuWh86rEbdWN7hEW23Je1vXIhuM6Pa
16 /Ccd+XYnAkEAwPZ91PK6idEONeGQ4I3dyMKV2SbaUjfq3MDL4iIQPQPuj7QsBO/5
17 3Nf9ReSUUTRFCUVwoC8k4Z1KAJhR/K/ejQJANE7PTnPuGJQGETs09+GTcFpR9uqY
18 FspDk8fg1ufdrVnvSAXF+TJewiGK3KU5v33jinhWQngRsyz3Wt2odKhEZwJACbjh
19 oicQqvzzgFd7GzVKpWDYd/ZzLY1PsgusuhoJQ2m9TVRAm4cTycLAKhNYPbcqe0sa
20 X5fAffWU0u7ZwqeByQJAOUAbYET4RU3iymAvAIDFj8LiQnizG9t5Ty3HXlijKQYv
21 y8gsvWd4CdxwOPatWpBUX9L7IXcMJmD44xXTUvpbfQ==
22 -----END RSA PRIVATE KEY-----
23 _end_of_pem_
24 end
26 def ee_key
27 @ee_key ||= OpenSSL::PKey::RSA.new <<-_end_of_pem_
28 -----BEGIN RSA PRIVATE KEY-----
29 MIICWwIBAAKBgQDA6eB5r2O5KOKNbKMBhzadl43lgpwqq28m+G0gH38kKCL1f3o9
30 P8xUZm7sZqcWEervZMSSXMGBV9DgeoSR+U6FMJywgQGx/JNRx7wZTMNym3PvgLkl
31 xCXh6ZA0/xbtJtcNI+UUv0ENBkTIuUWBhkAf3jQclAr9aQ0ktYBuHAcRcQIDAQAB
32 AoGAKNhcAuezwZx6e18pFEXAtpVEIfgJgK9TlXi8AjUpAkrNPBWFmDpN1QDrM3p4
33 nh+lEpLPW/3vqqchPqYyM4YJraMLpS3KUG+s7+m9QIia0ri2WV5Cig7WL+Tl9p7K
34 b3oi2Aj/wti8GfOLFQXOQQ4Ea4GoCv2Sxe0GZR39UBxzTsECQQD1zuVIwBvqU2YR
35 8innsoa+j4u2hulRmQO6Zgpzj5vyRYfA9uZxQ9nKbfJvzuWwUv+UzyS9RqxarqrP
36 5nQw5EmVAkEAyOmJg6+AfGrgvSWfSpXEds/WA/sHziCO3rE4/sd6cnDc6XcTgeMs
37 mT8Z3kAYGpqFDew5orUylPfJJa+PUueJbQJAY+gkvw3+Cp69FLw1lgu0wo07fwOU
38 n2qu3jsNMm0DOFRUWfTAMvcd9S385L7WEnWZldUfnKK1+OGXYYrMXPbchQJAChU2
39 UoaHQzc16iguM1cK0g+iJPb/MEgQA3sPajHmokGpxIm2T+lvvo0dJjs/Om6QyN8X
40 EWRYkoNQ8/Q4lCeMjQJAfvDIGtyqF4PieFHYgluQAv5pGgYpakdc8SYyeRH9NKey
41 GaL27FRs4fRWf9OmxPhUVgIyGzLGXrueemvQUDHObA==
42 -----END RSA PRIVATE KEY-----
43 _end_of_pem_
44 end
46 def ca_cert
47 @ca_cert ||= OpenSSL::Certs.ca_cert
48 end
50 def ca_store
51 @ca_store ||= OpenSSL::X509::Store.new.tap { |s| s.add_cert(ca_cert) }
52 end
54 def ts_cert_direct
55 @ts_cert_direct ||= OpenSSL::Certs.ts_cert_direct(ee_key, ca_cert)
56 end
58 def intermediate_cert
59 @intermediate_cert ||= OpenSSL::Certs.intermediate_cert(intermediate_key, ca_cert)
60 end
62 def intermediate_store
63 @intermediate_store ||= OpenSSL::X509::Store.new.tap { |s| s.add_cert(intermediate_cert) }
64 end
66 def ts_cert_ee
67 @ts_cert_ee ||= OpenSSL::Certs.ts_cert_ee(ee_key, intermediate_cert, intermediate_key)
68 end
70 def test_request_mandatory_fields
71 req = OpenSSL::Timestamp::Request.new
72 assert_raise(OpenSSL::Timestamp::TimestampError) do
73 tmp = req.to_der
74 pp OpenSSL::ASN1.decode(tmp)
75 end
76 req.algorithm = "sha1"
77 assert_raise(OpenSSL::Timestamp::TimestampError) do
78 req.to_der
79 end
80 req.message_imprint = OpenSSL::Digest.digest('SHA1', "data")
81 req.to_der
82 end
84 def test_request_assignment
85 req = OpenSSL::Timestamp::Request.new
87 req.version = 2
88 assert_equal(2, req.version)
89 assert_raise(TypeError) { req.version = nil }
90 assert_raise(TypeError) { req.version = "foo" }
92 req.algorithm = "SHA1"
93 assert_equal("SHA1", req.algorithm)
94 assert_raise(TypeError) { req.algorithm = nil }
95 assert_raise(OpenSSL::ASN1::ASN1Error) { req.algorithm = "xxx" }
97 req.message_imprint = "test"
98 assert_equal("test", req.message_imprint)
99 assert_raise(TypeError) { req.message_imprint = nil }
101 req.policy_id = "1.2.3.4.5"
102 assert_equal("1.2.3.4.5", req.policy_id)
103 assert_raise(TypeError) { req.policy_id = 123 }
104 assert_raise(TypeError) { req.policy_id = nil }
106 req.nonce = 42
107 assert_equal(42, req.nonce)
108 assert_raise(TypeError) { req.nonce = "foo" }
109 assert_raise(TypeError) { req.nonce = nil }
111 req.cert_requested = false
112 assert_equal(false, req.cert_requested?)
113 req.cert_requested = nil
114 assert_equal(false, req.cert_requested?)
115 req.cert_requested = 123
116 assert_equal(true, req.cert_requested?)
117 req.cert_requested = "asdf"
118 assert_equal(true, req.cert_requested?)
119 end
121 def test_request_serialization
122 req = OpenSSL::Timestamp::Request.new
124 req.version = 2
125 req.algorithm = "SHA1"
126 req.message_imprint = "test"
127 req.policy_id = "1.2.3.4.5"
128 req.nonce = 42
129 req.cert_requested = true
131 req = OpenSSL::Timestamp::Request.new(req.to_der)
133 assert_equal(2, req.version)
134 assert_equal("SHA1", req.algorithm)
135 assert_equal("test", req.message_imprint)
136 assert_equal("1.2.3.4.5", req.policy_id)
137 assert_equal(42, req.nonce)
138 assert_equal(true, req.cert_requested?)
140 end
142 def test_request_re_assignment
143 #tests whether the potential 'freeing' of previous values in C works properly
144 req = OpenSSL::Timestamp::Request.new
145 req.version = 2
146 req.version = 3
147 req.algorithm = "SHA1"
148 req.algorithm = "SHA256"
149 req.message_imprint = "test"
150 req.message_imprint = "test2"
151 req.policy_id = "1.2.3.4.5"
152 req.policy_id = "1.2.3.4.6"
153 req.nonce = 42
154 req.nonce = 24
155 req.cert_requested = false
156 req.cert_requested = true
157 req.to_der
158 end
160 def test_request_encode_decode
161 req = OpenSSL::Timestamp::Request.new
162 req.algorithm = "SHA1"
163 digest = OpenSSL::Digest.digest('SHA1', "test")
164 req.message_imprint = digest
165 req.policy_id = "1.2.3.4.5"
166 req.nonce = 42
168 qer = OpenSSL::Timestamp::Request.new(req.to_der)
169 assert_equal(1, qer.version)
170 assert_equal("SHA1", qer.algorithm)
171 assert_equal(digest, qer.message_imprint)
172 assert_equal("1.2.3.4.5", qer.policy_id)
173 assert_equal(42, qer.nonce)
175 #put OpenSSL::ASN1.decode inbetween
176 qer2 = OpenSSL::Timestamp::Request.new(OpenSSL::ASN1.decode(req.to_der))
177 assert_equal(1, qer2.version)
178 assert_equal("SHA1", qer2.algorithm)
179 assert_equal(digest, qer2.message_imprint)
180 assert_equal("1.2.3.4.5", qer2.policy_id)
181 assert_equal(42, qer2.nonce)
182 end
184 def test_request_invalid_asn1
185 assert_raise(OpenSSL::Timestamp::TimestampError) do
186 OpenSSL::Timestamp::Request.new("*" * 44)
187 end
188 end
190 def test_response_constants
191 assert_equal(0, OpenSSL::Timestamp::Response::GRANTED)
192 assert_equal(1, OpenSSL::Timestamp::Response::GRANTED_WITH_MODS)
193 assert_equal(2, OpenSSL::Timestamp::Response::REJECTION)
194 assert_equal(3, OpenSSL::Timestamp::Response::WAITING)
195 assert_equal(4, OpenSSL::Timestamp::Response::REVOCATION_WARNING)
196 assert_equal(5, OpenSSL::Timestamp::Response::REVOCATION_NOTIFICATION)
197 end
199 def test_response_creation
200 req = OpenSSL::Timestamp::Request.new
201 req.algorithm = "SHA1"
202 digest = OpenSSL::Digest.digest('SHA1', "test")
203 req.message_imprint = digest
204 req.policy_id = "1.2.3.4.5"
206 fac = OpenSSL::Timestamp::Factory.new
207 time = Time.now
208 fac.gen_time = time
209 fac.serial_number = 1
210 fac.allowed_digests = ["sha1"]
212 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
213 resp = OpenSSL::Timestamp::Response.new(resp)
214 assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status)
215 assert_nil(resp.failure_info)
216 assert_equal([], resp.status_text)
217 assert_equal(1, resp.token_info.version)
218 assert_equal("1.2.3.4.5", resp.token_info.policy_id)
219 assert_equal("SHA1", resp.token_info.algorithm)
220 assert_equal(digest, resp.token_info.message_imprint)
221 assert_equal(1, resp.token_info.serial_number)
222 assert_equal(time.to_i, resp.token_info.gen_time.to_i)
223 assert_equal(false, resp.token_info.ordering)
224 assert_nil(resp.token_info.nonce)
225 assert_cert(ts_cert_ee, resp.tsa_certificate)
226 #compare PKCS7
227 token = OpenSSL::ASN1.decode(resp.to_der).value[1]
228 assert_equal(token.to_der, resp.token.to_der)
229 end
231 def test_response_failure_info
232 resp = OpenSSL::Timestamp::Response.new("0\"0 \x02\x01\x020\x17\f\x15Invalid TimeStampReq.\x03\x02\x06\x80")
233 assert_equal(:BAD_ALG, resp.failure_info)
234 end
236 def test_response_mandatory_fields
237 fac = OpenSSL::Timestamp::Factory.new
238 req = OpenSSL::Timestamp::Request.new
239 assert_raise(OpenSSL::Timestamp::TimestampError) do
240 fac.create_timestamp(ee_key, ts_cert_ee, req)
241 end
242 req.algorithm = "sha1"
243 assert_raise(OpenSSL::Timestamp::TimestampError) do
244 fac.create_timestamp(ee_key, ts_cert_ee, req)
245 end
246 req.message_imprint = OpenSSL::Digest.digest('SHA1', "data")
247 assert_raise(OpenSSL::Timestamp::TimestampError) do
248 fac.create_timestamp(ee_key, ts_cert_ee, req)
249 end
250 fac.gen_time = Time.now
251 assert_raise(OpenSSL::Timestamp::TimestampError) do
252 fac.create_timestamp(ee_key, ts_cert_ee, req)
253 end
254 fac.serial_number = 1
255 fac.allowed_digests = ["sha1"]
256 assert_raise(OpenSSL::Timestamp::TimestampError) do
257 fac.create_timestamp(ee_key, ts_cert_ee, req)
258 end
259 fac.default_policy_id = "1.2.3.4.5"
260 assert_equal OpenSSL::Timestamp::Response::GRANTED, fac.create_timestamp(ee_key, ts_cert_ee, req).status
261 fac.default_policy_id = nil
262 assert_raise(OpenSSL::Timestamp::TimestampError) do
263 fac.create_timestamp(ee_key, ts_cert_ee, req)
264 end
265 req.policy_id = "1.2.3.4.5"
266 assert_equal OpenSSL::Timestamp::Response::GRANTED, fac.create_timestamp(ee_key, ts_cert_ee, req).status
267 end
269 def test_response_allowed_digests
270 req = OpenSSL::Timestamp::Request.new
271 req.algorithm = "SHA1"
272 req.message_imprint = OpenSSL::Digest.digest('SHA1', "test")
274 fac = OpenSSL::Timestamp::Factory.new
275 fac.gen_time = Time.now
276 fac.serial_number = 1
277 fac.default_policy_id = "1.2.3.4.6"
279 # None allowed by default
280 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
281 assert_equal OpenSSL::Timestamp::Response::REJECTION, resp.status
283 # Explicitly allow SHA1 (string)
284 fac.allowed_digests = ["sha1"]
285 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
286 assert_equal OpenSSL::Timestamp::Response::GRANTED, resp.status
288 # Explicitly allow SHA1 (object)
289 fac.allowed_digests = [OpenSSL::Digest.new('SHA1')]
290 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
291 assert_equal OpenSSL::Timestamp::Response::GRANTED, resp.status
293 # Others not allowed
294 req.algorithm = "SHA256"
295 req.message_imprint = OpenSSL::Digest.digest('SHA256', "test")
296 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
297 assert_equal OpenSSL::Timestamp::Response::REJECTION, resp.status
299 # Non-Array
300 fac.allowed_digests = 123
301 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
302 assert_equal OpenSSL::Timestamp::Response::REJECTION, resp.status
304 # Non-String, non-Digest Array element
305 fac.allowed_digests = ["sha1", OpenSSL::Digest.new('SHA1'), 123]
306 assert_raise(TypeError) do
307 fac.create_timestamp(ee_key, ts_cert_ee, req)
308 end
309 end
311 def test_response_default_policy
312 req = OpenSSL::Timestamp::Request.new
313 req.algorithm = "SHA1"
314 digest = OpenSSL::Digest.digest('SHA1', "test")
315 req.message_imprint = digest
317 fac = OpenSSL::Timestamp::Factory.new
318 fac.gen_time = Time.now
319 fac.serial_number = 1
320 fac.allowed_digests = ["sha1"]
321 fac.default_policy_id = "1.2.3.4.6"
323 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
324 assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status)
325 assert_equal("1.2.3.4.6", resp.token_info.policy_id)
326 end
328 def test_response_bad_purpose
329 req = OpenSSL::Timestamp::Request.new
330 req.algorithm = "SHA1"
331 digest = OpenSSL::Digest.digest('SHA1', "test")
332 req.message_imprint = digest
333 req.policy_id = "1.2.3.4.5"
334 req.nonce = 42
336 fac = OpenSSL::Timestamp::Factory.new
337 fac.gen_time = Time.now
338 fac.serial_number = 1
339 fac.allowed_digests = ["sha1"]
342 assert_raise(OpenSSL::Timestamp::TimestampError) do
343 fac.create_timestamp(ee_key, intermediate_cert, req)
344 end
345 end
347 def test_response_invalid_asn1
348 assert_raise(OpenSSL::Timestamp::TimestampError) do
349 OpenSSL::Timestamp::Response.new("*" * 44)
350 end
351 end
353 def test_no_cert_requested
354 req = OpenSSL::Timestamp::Request.new
355 req.algorithm = "SHA1"
356 digest = OpenSSL::Digest.digest('SHA1', "test")
357 req.message_imprint = digest
358 req.cert_requested = false
360 fac = OpenSSL::Timestamp::Factory.new
361 fac.gen_time = Time.now
362 fac.serial_number = 1
363 fac.allowed_digests = ["sha1"]
364 fac.default_policy_id = "1.2.3.4.5"
366 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
367 assert_equal(OpenSSL::Timestamp::Response::GRANTED, resp.status)
368 assert_nil(resp.tsa_certificate)
369 end
371 def test_response_no_policy_defined
372 assert_raise(OpenSSL::Timestamp::TimestampError) do
373 req = OpenSSL::Timestamp::Request.new
374 req.algorithm = "SHA1"
375 digest = OpenSSL::Digest.digest('SHA1', "test")
376 req.message_imprint = digest
378 fac = OpenSSL::Timestamp::Factory.new
379 fac.gen_time = Time.now
380 fac.serial_number = 1
381 fac.allowed_digests = ["sha1"]
383 fac.create_timestamp(ee_key, ts_cert_ee, req)
384 end
385 end
387 def test_verify_ee_no_req
388 assert_raise(TypeError) do
389 ts, _ = timestamp_ee
390 ts.verify(nil, ca_cert)
391 end
392 end
394 def test_verify_ee_no_store
395 assert_raise(TypeError) do
396 ts, req = timestamp_ee
397 ts.verify(req, nil)
398 end
399 end
401 def test_verify_ee_wrong_root_no_intermediate
402 assert_raise(OpenSSL::Timestamp::TimestampError) do
403 ts, req = timestamp_ee
404 ts.verify(req, intermediate_store)
405 end
406 end
408 def test_verify_ee_wrong_root_wrong_intermediate
409 assert_raise(OpenSSL::Timestamp::TimestampError) do
410 ts, req = timestamp_ee
411 ts.verify(req, intermediate_store, [ca_cert])
412 end
413 end
415 def test_verify_ee_nonce_mismatch
416 assert_raise(OpenSSL::Timestamp::TimestampError) do
417 ts, req = timestamp_ee
418 req.nonce = 1
419 ts.verify(req, ca_store, [intermediate_cert])
420 end
421 end
423 def test_verify_ee_intermediate_missing
424 assert_raise(OpenSSL::Timestamp::TimestampError) do
425 ts, req = timestamp_ee
426 ts.verify(req, ca_store)
427 end
428 end
430 def test_verify_ee_intermediate
431 ts, req = timestamp_ee
432 ts.verify(req, ca_store, [intermediate_cert])
433 end
435 def test_verify_ee_intermediate_type_error
436 ts, req = timestamp_ee
437 assert_raise(TypeError) { ts.verify(req, [ca_cert], 123) }
438 end
440 def test_verify_ee_def_policy
441 req = OpenSSL::Timestamp::Request.new
442 req.algorithm = "SHA1"
443 digest = OpenSSL::Digest.digest('SHA1', "test")
444 req.message_imprint = digest
445 req.nonce = 42
447 fac = OpenSSL::Timestamp::Factory.new
448 fac.gen_time = Time.now
449 fac.serial_number = 1
450 fac.allowed_digests = ["sha1"]
451 fac.default_policy_id = "1.2.3.4.5"
453 ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
454 ts.verify(req, ca_store, [intermediate_cert])
455 end
457 def test_verify_direct
458 ts, req = timestamp_direct
459 ts.verify(req, ca_store)
460 end
462 def test_verify_direct_redundant_untrusted
463 ts, req = timestamp_direct
464 ts.verify(req, ca_store, [ts.tsa_certificate, ts.tsa_certificate])
465 end
467 def test_verify_direct_unrelated_untrusted
468 ts, req = timestamp_direct
469 ts.verify(req, ca_store, [intermediate_cert])
470 end
472 def test_verify_direct_wrong_root
473 assert_raise(OpenSSL::Timestamp::TimestampError) do
474 ts, req = timestamp_direct
475 ts.verify(req, intermediate_store)
476 end
477 end
479 def test_verify_direct_no_cert_no_intermediate
480 assert_raise(OpenSSL::Timestamp::TimestampError) do
481 ts, req = timestamp_direct_no_cert
482 ts.verify(req, ca_store)
483 end
484 end
486 def test_verify_ee_no_cert
487 ts, req = timestamp_ee_no_cert
488 ts.verify(req, ca_store, [ts_cert_ee, intermediate_cert])
489 end
491 def test_verify_ee_no_cert_no_intermediate
492 assert_raise(OpenSSL::Timestamp::TimestampError) do
493 ts, req = timestamp_ee_no_cert
494 ts.verify(req, ca_store, [ts_cert_ee])
495 end
496 end
498 def test_verify_ee_additional_certs_array
499 req = OpenSSL::Timestamp::Request.new
500 req.algorithm = "SHA1"
501 digest = OpenSSL::Digest.digest('SHA1', "test")
502 req.message_imprint = digest
503 req.policy_id = "1.2.3.4.5"
504 req.nonce = 42
505 fac = OpenSSL::Timestamp::Factory.new
506 fac.gen_time = Time.now
507 fac.serial_number = 1
508 fac.allowed_digests = ["sha1"]
509 fac.additional_certs = [intermediate_cert]
510 ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
511 assert_equal(2, ts.token.certificates.size)
512 fac.additional_certs = nil
513 ts.verify(req, ca_store)
514 ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
515 assert_equal(1, ts.token.certificates.size)
516 end
518 def test_verify_ee_additional_certs_with_root
519 req = OpenSSL::Timestamp::Request.new
520 req.algorithm = "SHA1"
521 digest = OpenSSL::Digest.digest('SHA1', "test")
522 req.message_imprint = digest
523 req.policy_id = "1.2.3.4.5"
524 req.nonce = 42
525 fac = OpenSSL::Timestamp::Factory.new
526 fac.gen_time = Time.now
527 fac.serial_number = 1
528 fac.allowed_digests = ["sha1"]
529 fac.additional_certs = [intermediate_cert, ca_cert]
530 ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
531 assert_equal(3, ts.token.certificates.size)
532 ts.verify(req, ca_store)
533 end
535 def test_verify_ee_cert_inclusion_not_requested
536 req = OpenSSL::Timestamp::Request.new
537 req.algorithm = "SHA1"
538 digest = OpenSSL::Digest.digest('SHA1', "test")
539 req.message_imprint = digest
540 req.nonce = 42
541 req.cert_requested = false
542 fac = OpenSSL::Timestamp::Factory.new
543 fac.gen_time = Time.now
544 fac.serial_number = 1
545 fac.allowed_digests = ["sha1"]
546 #needed because the Request contained no policy identifier
547 fac.default_policy_id = '1.2.3.4.5'
548 fac.additional_certs = [ ts_cert_ee, intermediate_cert ]
549 ts = fac.create_timestamp(ee_key, ts_cert_ee, req)
550 assert_nil(ts.token.certificates) #since cert_requested? == false
551 ts.verify(req, ca_store, [ts_cert_ee, intermediate_cert])
552 end
554 def test_reusable
555 #test if req and faq are reusable, i.e. the internal
556 #CTX_free methods don't mess up e.g. the certificates
557 req = OpenSSL::Timestamp::Request.new
558 req.algorithm = "SHA1"
559 digest = OpenSSL::Digest.digest('SHA1', "test")
560 req.message_imprint = digest
561 req.policy_id = "1.2.3.4.5"
562 req.nonce = 42
564 fac = OpenSSL::Timestamp::Factory.new
565 fac.gen_time = Time.now
566 fac.serial_number = 1
567 fac.allowed_digests = ["sha1"]
568 fac.additional_certs = [ intermediate_cert ]
569 ts1 = fac.create_timestamp(ee_key, ts_cert_ee, req)
570 ts1.verify(req, ca_store)
571 ts2 = fac.create_timestamp(ee_key, ts_cert_ee, req)
572 ts2.verify(req, ca_store)
573 refute_nil(ts1.tsa_certificate)
574 refute_nil(ts2.tsa_certificate)
575 end
577 def test_token_info_creation
578 req = OpenSSL::Timestamp::Request.new
579 req.algorithm = "SHA1"
580 digest = OpenSSL::Digest.digest('SHA1', "test")
581 req.message_imprint = digest
582 req.policy_id = "1.2.3.4.5"
583 req.nonce = OpenSSL::BN.new(123)
585 fac = OpenSSL::Timestamp::Factory.new
586 time = Time.now
587 fac.gen_time = time
588 fac.serial_number = 1
589 fac.allowed_digests = ["sha1"]
591 resp = fac.create_timestamp(ee_key, ts_cert_ee, req)
592 info = resp.token_info
593 info = OpenSSL::Timestamp::TokenInfo.new(info.to_der)
595 assert_equal(1, info.version)
596 assert_equal("1.2.3.4.5", info.policy_id)
597 assert_equal("SHA1", info.algorithm)
598 assert_equal(digest, info.message_imprint)
599 assert_equal(1, info.serial_number)
600 assert_equal(time.to_i, info.gen_time.to_i)
601 assert_equal(false, info.ordering)
602 assert_equal(123, info.nonce)
603 end
605 def test_token_info_invalid_asn1
606 assert_raise(OpenSSL::Timestamp::TimestampError) do
607 OpenSSL::Timestamp::TokenInfo.new("*" * 44)
608 end
609 end
611 private
613 def assert_cert expected, actual
614 assert_equal expected.to_der, actual.to_der
615 end
617 def timestamp_ee
618 req = OpenSSL::Timestamp::Request.new
619 req.algorithm = "SHA1"
620 digest = OpenSSL::Digest.digest('SHA1', "test")
621 req.message_imprint = digest
622 req.policy_id = "1.2.3.4.5"
623 req.nonce = 42
625 fac = OpenSSL::Timestamp::Factory.new
626 fac.gen_time = Time.now
627 fac.serial_number = 1
628 fac.allowed_digests = ["sha1"]
629 return fac.create_timestamp(ee_key, ts_cert_ee, req), req
630 end
632 def timestamp_ee_no_cert
633 req = OpenSSL::Timestamp::Request.new
634 req.algorithm = "SHA1"
635 digest = OpenSSL::Digest.digest('SHA1', "test")
636 req.message_imprint = digest
637 req.policy_id = "1.2.3.4.5"
638 req.nonce = 42
639 req.cert_requested = false
641 fac = OpenSSL::Timestamp::Factory.new
642 fac.gen_time = Time.now
643 fac.serial_number = 1
644 fac.allowed_digests = ["sha1"]
645 return fac.create_timestamp(ee_key, ts_cert_ee, req), req
646 end
648 def timestamp_direct
649 req = OpenSSL::Timestamp::Request.new
650 req.algorithm = "SHA1"
651 digest = OpenSSL::Digest.digest('SHA1', "test")
652 req.message_imprint = digest
653 req.policy_id = "1.2.3.4.5"
654 req.nonce = 42
656 fac = OpenSSL::Timestamp::Factory.new
657 fac.gen_time = Time.now
658 fac.serial_number = 1
659 fac.allowed_digests = ["sha1"]
660 return fac.create_timestamp(ee_key, ts_cert_direct, req), req
661 end
663 def timestamp_direct_no_cert
664 req = OpenSSL::Timestamp::Request.new
665 req.algorithm = "SHA1"
666 digest = OpenSSL::Digest.digest('SHA1', "test")
667 req.message_imprint = digest
668 req.policy_id = "1.2.3.4.5"
669 req.nonce = 42
670 req.cert_requested = false
672 fac = OpenSSL::Timestamp::Factory.new
673 fac.gen_time = Time.now
674 fac.serial_number = 1
675 fac.allowed_digests = ["sha1"]
676 return fac.create_timestamp(ee_key, ts_cert_direct, req), req
677 end
678 end
680 end