test/openssl/test_x509req.rb

   1 begin
   2   require "openssl"
   3   require File.join(File.dirname(__FILE__), "utils.rb")
   4 rescue LoadError
   5 end
   6 require "test/unit"
   7
   8 if defined?(OpenSSL)
   9
  10 class OpenSSL::TestX509Request < Test::Unit::TestCase
  11   def setup
  12     @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
  13     @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
  14     @dsa256  = OpenSSL::TestUtils::TEST_KEY_DSA256
  15     @dsa512  = OpenSSL::TestUtils::TEST_KEY_DSA512
  16     @dn = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=GOTOU Yuuzou")
  17   end
  18
  19   def issue_csr(ver, dn, key, digest)
  20     req = OpenSSL::X509::Request.new
  21     req.version = ver
  22     req.subject = dn
  23     req.public_key = key.public_key
  24     req.sign(key, digest)
  25     req
  26   end
  27
  28   def test_public_key
  29     req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
  30     assert_equal(@rsa1024.public_key.to_der, req.public_key.to_der)
  31     req = OpenSSL::X509::Request.new(req.to_der)
  32     assert_equal(@rsa1024.public_key.to_der, req.public_key.to_der)
  33
  34     req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
  35     assert_equal(@dsa512.public_key.to_der, req.public_key.to_der)
  36     req = OpenSSL::X509::Request.new(req.to_der)
  37     assert_equal(@dsa512.public_key.to_der, req.public_key.to_der)
  38   end
  39
  40   def test_version
  41     req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
  42     assert_equal(0, req.version)
  43     req = OpenSSL::X509::Request.new(req.to_der)
  44     assert_equal(0, req.version)
  45
  46     req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
  47     assert_equal(1, req.version)
  48     req = OpenSSL::X509::Request.new(req.to_der)
  49     assert_equal(1, req.version)
  50   end
  51
  52   def test_subject
  53     req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
  54     assert_equal(@dn.to_der, req.subject.to_der)
  55     req = OpenSSL::X509::Request.new(req.to_der)
  56     assert_equal(@dn.to_der, req.subject.to_der)
  57   end
  58
  59   def create_ext_req(exts)
  60     ef = OpenSSL::X509::ExtensionFactory.new
  61     exts = exts.collect{|e| ef.create_extension(*e) }
  62     return OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence(exts)])
  63   end
  64
  65   def get_ext_req(ext_req_value)
  66     set = OpenSSL::ASN1.decode(ext_req_value)
  67     seq = set.value[0]
  68     seq.value.collect{|asn1ext|
  69       OpenSSL::X509::Extension.new(asn1ext).to_a
  70     }
  71   end
  72
  73   def test_attr
  74     exts = [
  75       ["keyUsage", "Digital Signature, Key Encipherment", true],
  76       ["subjectAltName", "email:gotoyuzo@ruby-lang.org", false],
  77     ]
  78     attrval = create_ext_req(exts)
  79     attrs = [
  80       OpenSSL::X509::Attribute.new("extReq", attrval),
  81       OpenSSL::X509::Attribute.new("msExtReq", attrval),
  82     ]
  83
  84     req0 = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
  85     attrs.each{|attr| req0.add_attribute(attr) }
  86     req1 = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
  87     req1.attributes = attrs
  88     assert_equal(req0.to_der, req1.to_der)
  89
  90     attrs = req0.attributes
  91     assert_equal(2, attrs.size)
  92     assert_equal("extReq", attrs[0].oid)
  93     assert_equal("msExtReq", attrs[1].oid)
  94     assert_equal(exts, get_ext_req(attrs[0].value))
  95     assert_equal(exts, get_ext_req(attrs[1].value))
  96
  97     req = OpenSSL::X509::Request.new(req0.to_der)
  98     attrs = req.attributes
  99     assert_equal(2, attrs.size)
 100     assert_equal("extReq", attrs[0].oid)
 101     assert_equal("msExtReq", attrs[1].oid)
 102     assert_equal(exts, get_ext_req(attrs[0].value))
 103     assert_equal(exts, get_ext_req(attrs[1].value))
 104   end
 105
 106   def test_sign_and_verify
 107     req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
 108     assert_equal(true,  req.verify(@rsa1024))
 109     assert_equal(false, req.verify(@rsa2048))
 110     assert_equal(false, req.verify(@dsa256))
 111     assert_equal(false, req.verify(@dsa512))
 112     req.version = 1
 113     assert_equal(false, req.verify(@rsa1024))
 114
 115     req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
 116     assert_equal(false, req.verify(@rsa1024))
 117     assert_equal(true,  req.verify(@rsa2048))
 118     assert_equal(false, req.verify(@dsa256))
 119     assert_equal(false, req.verify(@dsa512))
 120     req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
 121     assert_equal(false, req.verify(@rsa2048))
 122
 123     req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
 124     assert_equal(false, req.verify(@rsa1024))
 125     assert_equal(false, req.verify(@rsa2048))
 126     assert_equal(false, req.verify(@dsa256))
 127     assert_equal(true,  req.verify(@dsa512))
 128     req.public_key = @rsa1024.public_key
 129     assert_equal(false, req.verify(@dsa512))
 130
 131     assert_raise(OpenSSL::X509::RequestError){
 132       issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
 133     assert_raise(OpenSSL::X509::RequestError){
 134       issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
 135     assert_raise(OpenSSL::X509::RequestError){
 136       issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
 137   end
 138 end
 139
 140 end