Bug #10257 ยป ec_x509.patch
| ext/openssl/ossl_pkey_ec.c (working copy) | ||
|---|---|---|
|
rb_define_method(cEC, "public_key", ossl_ec_key_get_public_key, 0);
|
||
|
rb_define_method(cEC, "public_key=", ossl_ec_key_set_public_key, 1);
|
||
|
rb_define_method(cEC, "private_key?", ossl_ec_key_is_private_key, 0);
|
||
|
rb_define_alias(cEC, "private?", "private_key?");
|
||
|
rb_define_method(cEC, "public_key?", ossl_ec_key_is_public_key, 0);
|
||
|
rb_define_alias(cEC, "public?", "public_key?");
|
||
|
/* rb_define_method(cEC, "", ossl_ec_key_get_, 0);
|
||
|
rb_define_method(cEC, "=", ossl_ec_key_set_ 1);
|
||
|
set/get enc_flags
|
||
| test/openssl/test_pkey_ec.rb (working copy) | ||
|---|---|---|
|
assert_equal(key.check_key, true)
|
||
|
assert_equal(key.private_key?, true)
|
||
|
assert_equal(key.public_key?, true)
|
||
|
assert_equal(key.private?, true)
|
||
|
assert_equal(key.public?, true)
|
||
|
end
|
||
|
end
|
||
| test/openssl/test_x509cert.rb (working copy) | ||
|---|---|---|
|
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
||
|
@dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256
|
||
|
@dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512
|
||
|
if defined?(OpenSSL::PKey::EC)
|
||
|
@ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
||
|
end
|
||
|
@ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
|
||
|
@ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
|
||
|
@ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
|
||
| ... | ... | |
|
sha1 = OpenSSL::Digest::SHA1.new
|
||
|
dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new
|
||
|
[
|
||
|
[@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest]
|
||
|
].each{|pk, digest|
|
||
|
cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts,
|
||
|
combinations = [
|
||
|
[@rsa1024, @rsa1024.public_key, sha1],
|
||
|
[@rsa2048, @rsa2048.public_key, sha1],
|
||
|
[@dsa256, @dsa256.public_key, dsa_digest],
|
||
|
[@dsa512, @dsa512.public_key, dsa_digest]
|
||
|
]
|
||
|
if defined?(OpenSSL::PKey::EC)
|
||
|
public_key = OpenSSL::PKey::EC.new(@ec256)
|
||
|
public_key.private_key = nil
|
||
|
combinations << [@ec256, public_key, sha1]
|
||
|
end
|
||
|
combinations.each{|private_key, public_key, digest|
|
||
|
cert = issue_cert(@ca, private_key, 1, Time.now, Time.now+3600, exts,
|
||
|
nil, nil, digest)
|
||
|
assert_equal(cert.extensions.sort_by(&:to_s)[2].value,
|
||
|
OpenSSL::TestUtils.get_subject_key_id(cert))
|
||
|
cert = OpenSSL::X509::Certificate.new(cert.to_der)
|
||
|
assert_equal(cert.extensions.sort_by(&:to_s)[2].value,
|
||
|
OpenSSL::TestUtils.get_subject_key_id(cert))
|
||
|
assert_equal(cert.public_key.to_pem, public_key.to_pem)
|
||
|
}
|
||
|
end
|
||
| ... | ... | |
|
}
|
||
|
end
|
||
|
if defined?(OpenSSL::PKey::EC)
|
||
|
def test_sign_and_verify_ec_sha1
|
||
|
cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [],
|
||
|
nil, nil, OpenSSL::Digest::SHA1.new)
|
||
|
assert_equal(true, cert.verify(@ec256))
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
|
||
|
cert.serial = 2
|
||
|
assert_equal(false, cert.verify(@ec256))
|
||
|
end
|
||
|
def test_sign_and_verify_ec_sha2
|
||
|
cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [],
|
||
|
nil, nil, OpenSSL::Digest::SHA256.new)
|
||
|
assert_equal(true, cert.verify(@ec256))
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
|
||
|
cert.serial = 2
|
||
|
assert_equal(false, cert.verify(@ec256))
|
||
|
end
|
||
|
end
|
||
|
def test_dsig_algorithm_mismatch
|
||
|
assert_raise(OpenSSL::X509::CertificateError) do
|
||
|
issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
||
| test/openssl/test_x509crl.rb (working copy) | ||
|---|---|---|
|
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
||
|
@dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256
|
||
|
@dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512
|
||
|
if defined?(OpenSSL::PKey::EC)
|
||
|
@ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
||
|
end
|
||
|
@ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
|
||
|
@ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
|
||
|
@ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
|
||
| ... | ... | |
|
assert_equal(true, crl.verify(@dsa512))
|
||
|
crl.version = 0
|
||
|
assert_equal(false, crl.verify(@dsa512))
|
||
|
if defined?(OpenSSL::PKey::EC)
|
||
|
cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [],
|
||
|
nil, nil, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
|
||
|
crl = issue_crl([], 1, Time.now, Time.now+1600, [],
|
||
|
cert, @ec256, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
|
||
|
assert_equal(false, crl_error_returns_false { crl.verify(@rsa1024) })
|
||
|
assert_equal(false, crl_error_returns_false { crl.verify(@rsa2048) })
|
||
|
assert_equal(true, crl.verify(@ec256))
|
||
|
crl.version = 0
|
||
|
assert_equal(false, crl.verify(@ec256))
|
||
|
end
|
||
|
end
|
||
|
private
|
||
| test/openssl/test_x509req.rb (working copy) | ||
|---|---|---|
|
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
||
|
@dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256
|
||
|
@dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512
|
||
|
if defined?(OpenSSL::PKey::EC)
|
||
|
@ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
||
|
end
|
||
|
@dn = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=GOTOU Yuuzou")
|
||
|
end
|
||
| ... | ... | |
|
req = OpenSSL::X509::Request.new
|
||
|
req.version = ver
|
||
|
req.subject = dn
|
||
|
req.public_key = key.public_key
|
||
|
if key.is_a?(OpenSSL::PKey::EC)
|
||
|
req.public_key = key
|
||
|
else
|
||
|
req.public_key = key.public_key
|
||
|
end
|
||
|
req.sign(key, digest)
|
||
|
req
|
||
|
end
|
||
| ... | ... | |
|
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
|
||
|
end
|
||
|
if defined?(OpenSSL::PKey::EC)
|
||
|
def test_sign_and_verify_ec
|
||
|
req = issue_csr(0, @dn, @ec256, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
|
||
|
assert_equal(true, req.verify(@ec256))
|
||
|
req.public_key = @rsa1024.public_key
|
||
|
assert_equal(false, req.verify(@ec256))
|
||
|
end
|
||
|
def test_sign_and_verify_ec_sha2
|
||
|
req = issue_csr(0, @dn, @ec256, OpenSSL::Digest::SHA256.new)
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
|
||
|
assert_equal(true, req.verify(@ec256))
|
||
|
req.public_key = @rsa1024.public_key
|
||
|
assert_equal(false, req.verify(@ec256))
|
||
|
end
|
||
|
end
|
||
|
private
|
||
|
def request_error_returns_false
|
||
| test/openssl/utils.rb (working copy) | ||
|---|---|---|
|
cert.serial = serial
|
||
|
cert.subject = dn
|
||
|
cert.issuer = issuer.subject
|
||
|
cert.public_key = key.public_key
|
||
|
if key.is_a?(OpenSSL::PKey::EC)
|
||
|
cert.public_key = key
|
||
|
else
|
||
|
cert.public_key = key.public_key
|
||
|
end
|
||
|
cert.not_before = not_before
|
||
|
cert.not_after = not_after
|
||
|
ef = OpenSSL::X509::ExtensionFactory.new
|
||