* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): try to decode

the argument as a string.

* ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method.

* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
  set @time to avoid warning.

* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
  X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
  wrapped functions fails.

* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.

* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
  of unused variable.

* test/openssl/test_ns_spki.rb: add new file.

* test/openssl/test_x509store.rb: add test for error.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9021 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,26 @@
+Tue Aug 23 05:47:04 2005  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): try to decode
+	  the argument as a string.
+
+	* ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method.
+
+	* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
+	  set @time to avoid warning.
+
+	* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
+	  X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
+	  wrapped functions fails.
+
+	* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
+
+	* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
+	  of unused variable.
+
+	* test/openssl/test_ns_spki.rb: add new file.
+
+	* test/openssl/test_x509store.rb: add test for error.
+
 Tue Aug 23 01:11:40 2005  Hirokazu Yamamoto  <ocean@m2.ccsnet.ne.jp>
 
 	* sprintf.c (ruby__sfvwrite): should move `buf' to the end of

ext/openssl/ossl_ns_spki.c

@@ -56,12 +56,17 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
 {
     NETSCAPE_SPKI *spki;
     VALUE buffer;
+    unsigned char *p;
 	
     if (rb_scan_args(argc, argv, "01", &buffer) == 0) {
 	return self;
     }
-    if (!(spki = NETSCAPE_SPKI_b64_decode(StringValuePtr(buffer), -1))) {
+    StringValue(buffer);
-	ossl_raise(eSPKIError, NULL);
+    if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING(buffer)->ptr, -1))) {
+	p = RSTRING(buffer)->ptr;
+	if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING(buffer)->len))) {
+	    ossl_raise(eSPKIError, NULL);
+	}
     }
     NETSCAPE_SPKI_free(DATA_PTR(self));
     DATA_PTR(self) = spki;
@@ -69,6 +74,26 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
 
+static VALUE
+ossl_spki_to_der(VALUE self)
+{
+    NETSCAPE_SPKI *spki;
+    VALUE str;
+    long len;
+    unsigned char *p;
+
+    GetSPKI(self, spki);
+    if ((len = i2d_NETSCAPE_SPKI(spki, NULL)) <= 0)
+        ossl_raise(eX509CertError, NULL);
+    str = rb_str_new(0, len);
+    p = RSTRING(str)->ptr;
+    if (i2d_NETSCAPE_SPKI(spki, &p) <= 0)
+        ossl_raise(eX509CertError, NULL);
+    ossl_str_adjust(str, p);
+    
+    return str;
+}
+
 static VALUE
 ossl_spki_to_pem(VALUE self)
 {
@@ -217,6 +242,7 @@ Init_ossl_ns_spki()
     rb_define_alloc_func(cSPKI, ossl_spki_alloc);
     rb_define_method(cSPKI, "initialize", ossl_spki_initialize, -1);
 	
+    rb_define_method(cSPKI, "to_der", ossl_spki_to_der, 0);
     rb_define_method(cSPKI, "to_pem", ossl_spki_to_pem, 0);
     rb_define_alias(cSPKI, "to_s", "to_pem");
     rb_define_method(cSPKI, "to_text", ossl_spki_print, 0);

ext/openssl/ossl_ssl.c

@@ -477,7 +477,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
         return Qnil;
     }
     if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) {
-        ossl_raise(eSSLError, "SSL_CTX_set_ciphers:");
+        ossl_raise(eSSLError, "SSL_CTX_set_cipher_list:");
     }
 
     return v;

ext/openssl/ossl_x509req.c

@@ -400,7 +400,7 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
     X509_REQ *req;
     X509_ATTRIBUTE *attr;
     int i;
-    VALUE tmp, item;
+    VALUE item;
 
     Check_Type(ary, T_ARRAY);
     for (i=0;i<RARRAY(ary)->len; i++) {

ext/openssl/ossl_x509store.c

@@ -137,6 +137,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
     rb_iv_set(self, "@error", Qnil);
     rb_iv_set(self, "@error_string", Qnil);
     rb_iv_set(self, "@chain", Qnil);
+    rb_iv_set(self, "@time", Qnil);
 
     return self;
 }
@@ -244,7 +245,9 @@ ossl_x509store_set_default_paths(VALUE self)
     X509_STORE *store;
 
     GetX509Store(self, store);
-    X509_STORE_set_default_paths(store);
+    if (X509_STORE_set_default_paths(store) != 1){
+        ossl_raise(eX509StoreError, NULL);
+    }
 
     return Qnil;
 }
@@ -257,7 +260,9 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
 
     cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
     GetX509Store(self, store);
-    X509_STORE_add_cert(store, cert);
+    if (X509_STORE_add_cert(store, cert) != 1){
+        ossl_raise(eX509StoreError, NULL);
+    }
 
     return self;
 }
@@ -270,7 +275,9 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
 
     crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
     GetX509Store(self, store);
-    X509_STORE_add_crl(store, crl);
+    if (X509_STORE_add_crl(store, crl) != 1){
+        ossl_raise(eX509StoreError, NULL);
+    }
 
     return self;
 }

test/openssl/test_ns_spki.rb

@@ -0,0 +1,59 @@
+begin
+  require "openssl"
+  require File.join(File.dirname(__FILE__), "utils.rb")
+rescue LoadError
+end
+require "test/unit"
+
+if defined?(OpenSSL)
+
+
+class OpenSSL::TestNSSPI < Test::Unit::TestCase
+  def setup
+    # This request data is adopt from the specification of
+    # "Netscape Extensions for User Key Generation".
+    # -- http://wp.netscape.com/eng/security/comm4-keygen.html
+    @b64  = "MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue+PtwBRE6XfV"
+    @b64 << "WtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID"
+    @b64 << "AQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n/S"
+    @b64 << "r/7iJNroWlSzSMtTiQTEB+ADWHGj9u1xrUrOilq/o2cuQxIfZcNZkYAkWP4DubqW"
+    @b64 << "i0//rgBvmco="
+  end
+
+  def teardown
+  end
+
+  def test_build_data
+    key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
+    spki = OpenSSL::Netscape::SPKI.new
+    spki.challenge = "RandomString"
+    spki.public_key = key1.public_key
+    spki.sign(key1, OpenSSL::Digest::SHA1.new)
+    assert(spki.verify(spki.public_key))
+    assert(spki.verify(key1.public_key))
+    assert(!spki.verify(key2.public_key))
+
+    der = spki.to_der
+    spki = OpenSSL::Netscape::SPKI.new(der)
+    assert_equal("RandomString", spki.challenge)
+    assert_equal(key1.public_key.to_der, spki.public_key.to_der)
+    assert(spki.verify(spki.public_key))
+  end
+
+  def test_decode_data
+    spki = OpenSSL::Netscape::SPKI.new(@b64)
+    assert_equal(@b64, spki.to_pem)
+    assert_equal(@b64.unpack("m").first, spki.to_der)
+    assert_equal("MozillaIsMyFriend", spki.challenge)
+    assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
+
+    spki = OpenSSL::Netscape::SPKI.new(@b64.unpack("m").first)
+    assert_equal(@b64, spki.to_pem)
+    assert_equal(@b64.unpack("m").first, spki.to_der)
+    assert_equal("MozillaIsMyFriend", spki.challenge)
+    assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
+  end
+end
+
+end

test/openssl/test_x509store.rb

@@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
     assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error)
     assert_equal(false, store.verify(ee2_cert))
   end
+
+  def test_set_errors
+    now = Time.now
+    ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [],
+                          nil, nil, OpenSSL::Digest::SHA1.new)
+    store = OpenSSL::X509::Store.new
+    store.add_cert(ca1_cert)
+    assert_raises(OpenSSL::X509::StoreError){
+      store.add_cert(ca1_cert)  # add same certificate twice
+    }
+
+    revoke_info = []
+    crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
+                     ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+    revoke_info = [ [2, now, 1], ]
+    crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
+                     ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+    store.add_crl(crl1)
+    assert_raises(OpenSSL::X509::StoreError){
+      store.add_crl(crl2) # add CRL issued by same CA twice.
+    }
+  end
 end
 
 end