103
103
assert_equal(exts, get_ext_req(attrs[1].value))
106
def test_sign_and_verify_wrong_key_type
107
req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
108
req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
110
assert_equal(false, req_rsa.verify(@dsa256))
111
rescue OpenSSL::X509::RequestError => e
112
# OpenSSL 1.0.0 added checks for pkey OID
113
assert_equal('wrong public key type', e.message)
117
assert_equal(false, req_dsa.verify(@rsa1024))
118
rescue OpenSSL::X509::RequestError => e
119
# OpenSSL 1.0.0 added checks for pkey OID
120
assert_equal('wrong public key type', e.message)
106
124
def test_sign_and_verify
107
125
req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
108
126
assert_equal(true, req.verify(@rsa1024))
109
127
assert_equal(false, req.verify(@rsa2048))
110
assert_equal(false, req.verify(@dsa256))
111
assert_equal(false, req.verify(@dsa512))
113
129
assert_equal(false, req.verify(@rsa1024))
115
131
req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
116
132
assert_equal(false, req.verify(@rsa1024))
117
133
assert_equal(true, req.verify(@rsa2048))
118
assert_equal(false, req.verify(@dsa256))
119
assert_equal(false, req.verify(@dsa512))
120
134
req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
121
135
assert_equal(false, req.verify(@rsa2048))
123
137
req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
124
assert_equal(false, req.verify(@rsa1024))
125
assert_equal(false, req.verify(@rsa2048))
126
138
assert_equal(false, req.verify(@dsa256))
127
139
assert_equal(true, req.verify(@dsa512))
128
140
req.public_key = @rsa1024.public_key
129
141
assert_equal(false, req.verify(@dsa512))
131
assert_raise(OpenSSL::X509::RequestError){
132
issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
133
assert_raise(OpenSSL::X509::RequestError){
134
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
135
assert_raise(OpenSSL::X509::RequestError){
136
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
144
def test_dsig_algorithm_mismatch
145
assert_raise(OpenSSL::X509::RequestError) do
146
issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new)
148
assert_raise(OpenSSL::X509::RequestError) do
149
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new)