1require_relative 'utils' 2 3class OpenSSL::TestASN1 < Test::Unit::TestCase 4 def test_decode 5 subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA") 6 key = OpenSSL::TestUtils::TEST_KEY_RSA1024 7 now = Time.at(Time.now.to_i) # suppress usec 8 s = 0xdeadbeafdeadbeafdeadbeafdeadbeaf 9 exts = [ 10 ["basicConstraints","CA:TRUE,pathlen:1",true], 11 ["keyUsage","keyCertSign, cRLSign",true], 12 ["subjectKeyIdentifier","hash",false], 13 ] 14 dgst = OpenSSL::Digest::SHA1.new 15 cert = OpenSSL::TestUtils.issue_cert( 16 subj, key, s, now, now+3600, exts, nil, nil, dgst) 17 18 19 asn1 = OpenSSL::ASN1.decode(cert) 20 assert_equal(OpenSSL::ASN1::Sequence, asn1.class) 21 assert_equal(3, asn1.value.size) 22 tbs_cert, sig_alg, sig_val = *asn1.value 23 24 assert_equal(OpenSSL::ASN1::Sequence, tbs_cert.class) 25 assert_equal(8, tbs_cert.value.size) 26 27 version = tbs_cert.value[0] 28 assert_equal(:CONTEXT_SPECIFIC, version.tag_class) 29 assert_equal(0, version.tag) 30 assert_equal(1, version.value.size) 31 assert_equal(OpenSSL::ASN1::Integer, version.value[0].class) 32 assert_equal(2, version.value[0].value) 33 34 serial = tbs_cert.value[1] 35 assert_equal(OpenSSL::ASN1::Integer, serial.class) 36 assert_equal(0xdeadbeafdeadbeafdeadbeafdeadbeaf, serial.value) 37 38 sig = tbs_cert.value[2] 39 assert_equal(OpenSSL::ASN1::Sequence, sig.class) 40 assert_equal(2, sig.value.size) 41 assert_equal(OpenSSL::ASN1::ObjectId, sig.value[0].class) 42 assert_equal("1.2.840.113549.1.1.5", sig.value[0].oid) 43 assert_equal(OpenSSL::ASN1::Null, sig.value[1].class) 44 45 dn = tbs_cert.value[3] # issuer 46 assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash) 47 assert_equal(OpenSSL::ASN1::Sequence, dn.class) 48 assert_equal(3, dn.value.size) 49 assert_equal(OpenSSL::ASN1::Set, dn.value[0].class) 50 assert_equal(OpenSSL::ASN1::Set, dn.value[1].class) 51 assert_equal(OpenSSL::ASN1::Set, dn.value[2].class) 52 assert_equal(1, dn.value[0].value.size) 53 assert_equal(1, dn.value[1].value.size) 54 assert_equal(1, dn.value[2].value.size) 55 assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class) 56 assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class) 57 assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class) 58 assert_equal(2, dn.value[0].value[0].value.size) 59 assert_equal(2, dn.value[1].value[0].value.size) 60 assert_equal(2, dn.value[2].value[0].value.size) 61 oid, value = *dn.value[0].value[0].value 62 assert_equal(OpenSSL::ASN1::ObjectId, oid.class) 63 assert_equal("0.9.2342.19200300.100.1.25", oid.oid) 64 assert_equal(OpenSSL::ASN1::IA5String, value.class) 65 assert_equal("org", value.value) 66 oid, value = *dn.value[1].value[0].value 67 assert_equal(OpenSSL::ASN1::ObjectId, oid.class) 68 assert_equal("0.9.2342.19200300.100.1.25", oid.oid) 69 assert_equal(OpenSSL::ASN1::IA5String, value.class) 70 assert_equal("ruby-lang", value.value) 71 oid, value = *dn.value[2].value[0].value 72 assert_equal(OpenSSL::ASN1::ObjectId, oid.class) 73 assert_equal("2.5.4.3", oid.oid) 74 assert_equal(OpenSSL::ASN1::UTF8String, value.class) 75 assert_equal("TestCA", value.value) 76 77 validity = tbs_cert.value[4] 78 assert_equal(OpenSSL::ASN1::Sequence, validity.class) 79 assert_equal(2, validity.value.size) 80 assert_equal(OpenSSL::ASN1::UTCTime, validity.value[0].class) 81 assert_equal(now, validity.value[0].value) 82 assert_equal(OpenSSL::ASN1::UTCTime, validity.value[1].class) 83 assert_equal(now+3600, validity.value[1].value) 84 85 dn = tbs_cert.value[5] # subject 86 assert_equal(subj.hash, OpenSSL::X509::Name.new(dn).hash) 87 assert_equal(OpenSSL::ASN1::Sequence, dn.class) 88 assert_equal(3, dn.value.size) 89 assert_equal(OpenSSL::ASN1::Set, dn.value[0].class) 90 assert_equal(OpenSSL::ASN1::Set, dn.value[1].class) 91 assert_equal(OpenSSL::ASN1::Set, dn.value[2].class) 92 assert_equal(1, dn.value[0].value.size) 93 assert_equal(1, dn.value[1].value.size) 94 assert_equal(1, dn.value[2].value.size) 95 assert_equal(OpenSSL::ASN1::Sequence, dn.value[0].value[0].class) 96 assert_equal(OpenSSL::ASN1::Sequence, dn.value[1].value[0].class) 97 assert_equal(OpenSSL::ASN1::Sequence, dn.value[2].value[0].class) 98 assert_equal(2, dn.value[0].value[0].value.size) 99 assert_equal(2, dn.value[1].value[0].value.size) 100 assert_equal(2, dn.value[2].value[0].value.size) 101 oid, value = *dn.value[0].value[0].value 102 assert_equal(OpenSSL::ASN1::ObjectId, oid.class) 103 assert_equal("0.9.2342.19200300.100.1.25", oid.oid) 104 assert_equal(OpenSSL::ASN1::IA5String, value.class) 105 assert_equal("org", value.value) 106 oid, value = *dn.value[1].value[0].value 107 assert_equal(OpenSSL::ASN1::ObjectId, oid.class) 108 assert_equal("0.9.2342.19200300.100.1.25", oid.oid) 109 assert_equal(OpenSSL::ASN1::IA5String, value.class) 110 assert_equal("ruby-lang", value.value) 111 oid, value = *dn.value[2].value[0].value 112 assert_equal(OpenSSL::ASN1::ObjectId, oid.class) 113 assert_equal("2.5.4.3", oid.oid) 114 assert_equal(OpenSSL::ASN1::UTF8String, value.class) 115 assert_equal("TestCA", value.value) 116 117 pkey = tbs_cert.value[6] 118 assert_equal(OpenSSL::ASN1::Sequence, pkey.class) 119 assert_equal(2, pkey.value.size) 120 assert_equal(OpenSSL::ASN1::Sequence, pkey.value[0].class) 121 assert_equal(2, pkey.value[0].value.size) 122 assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class) 123 assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid) 124 assert_equal(OpenSSL::ASN1::BitString, pkey.value[1].class) 125 assert_equal(0, pkey.value[1].unused_bits) 126 spkey = OpenSSL::ASN1.decode(pkey.value[1].value) 127 assert_equal(OpenSSL::ASN1::Sequence, spkey.class) 128 assert_equal(2, spkey.value.size) 129 assert_equal(OpenSSL::ASN1::Integer, spkey.value[0].class) 130 assert_equal(143085709396403084580358323862163416700436550432664688288860593156058579474547937626086626045206357324274536445865308750491138538454154232826011964045825759324933943290377903384882276841880081931690695505836279972214003660451338124170055999155993192881685495391496854691199517389593073052473319331505702779271, spkey.value[0].value) 131 assert_equal(OpenSSL::ASN1::Integer, spkey.value[1].class) 132 assert_equal(65537, spkey.value[1].value) 133 134 extensions = tbs_cert.value[7] 135 assert_equal(:CONTEXT_SPECIFIC, extensions.tag_class) 136 assert_equal(3, extensions.tag) 137 assert_equal(1, extensions.value.size) 138 assert_equal(OpenSSL::ASN1::Sequence, extensions.value[0].class) 139 assert_equal(3, extensions.value[0].value.size) 140 141 ext = extensions.value[0].value[0] # basicConstraints 142 assert_equal(OpenSSL::ASN1::Sequence, ext.class) 143 assert_equal(3, ext.value.size) 144 assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class) 145 assert_equal("2.5.29.19", ext.value[0].oid) 146 assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class) 147 assert_equal(true, ext.value[1].value) 148 assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class) 149 extv = OpenSSL::ASN1.decode(ext.value[2].value) 150 assert_equal(OpenSSL::ASN1::Sequence, extv.class) 151 assert_equal(2, extv.value.size) 152 assert_equal(OpenSSL::ASN1::Boolean, extv.value[0].class) 153 assert_equal(true, extv.value[0].value) 154 assert_equal(OpenSSL::ASN1::Integer, extv.value[1].class) 155 assert_equal(1, extv.value[1].value) 156 157 ext = extensions.value[0].value[1] # keyUsage 158 assert_equal(OpenSSL::ASN1::Sequence, ext.class) 159 assert_equal(3, ext.value.size) 160 assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class) 161 assert_equal("2.5.29.15", ext.value[0].oid) 162 assert_equal(OpenSSL::ASN1::Boolean, ext.value[1].class) 163 assert_equal(true, ext.value[1].value) 164 assert_equal(OpenSSL::ASN1::OctetString, ext.value[2].class) 165 extv = OpenSSL::ASN1.decode(ext.value[2].value) 166 assert_equal(OpenSSL::ASN1::BitString, extv.class) 167 str = "\000"; str[0] = 0b00000110.chr 168 assert_equal(str, extv.value) 169 170 ext = extensions.value[0].value[2] # subjetKeyIdentifier 171 assert_equal(OpenSSL::ASN1::Sequence, ext.class) 172 assert_equal(2, ext.value.size) 173 assert_equal(OpenSSL::ASN1::ObjectId, ext.value[0].class) 174 assert_equal("2.5.29.14", ext.value[0].oid) 175 assert_equal(OpenSSL::ASN1::OctetString, ext.value[1].class) 176 extv = OpenSSL::ASN1.decode(ext.value[1].value) 177 assert_equal(OpenSSL::ASN1::OctetString, extv.class) 178 sha1 = OpenSSL::Digest::SHA1.new 179 sha1.update(pkey.value[1].value) 180 assert_equal(sha1.digest, extv.value) 181 182 assert_equal(OpenSSL::ASN1::Sequence, sig_alg.class) 183 assert_equal(2, sig_alg.value.size) 184 assert_equal(OpenSSL::ASN1::ObjectId, pkey.value[0].value[0].class) 185 assert_equal("1.2.840.113549.1.1.1", pkey.value[0].value[0].oid) 186 assert_equal(OpenSSL::ASN1::Null, pkey.value[0].value[1].class) 187 188 assert_equal(OpenSSL::ASN1::BitString, sig_val.class) 189 cululated_sig = key.sign(OpenSSL::Digest::SHA1.new, tbs_cert.to_der) 190 assert_equal(cululated_sig, sig_val.value) 191 end 192 193 def test_encode_boolean 194 encode_decode_test(OpenSSL::ASN1::Boolean, [true, false]) 195 end 196 197 def test_encode_integer 198 encode_decode_test(OpenSSL::ASN1::Integer, [72, -127, -128, 128, -1, 0, 1, -(2**12345), 2**12345]) 199 end 200 201 def test_encode_nil 202 m = OpenSSL::ASN1 203 [ 204 m::Boolean, m::Integer, m::BitString, m::OctetString, 205 m::ObjectId, m::Enumerated, m::UTF8String, m::UTCTime, 206 m::GeneralizedTime, m::Sequence, m::Set 207 ].each do |klass| 208 #Primitives raise TypeError, Constructives NoMethodError 209 assert_raise(TypeError, NoMethodError) { klass.send(:new, nil).to_der } 210 end 211 end 212 213 def encode_decode_test(type, values) 214 values.each do |v| 215 assert_equal(v, OpenSSL::ASN1.decode(type.new(v).to_der).value) 216 end 217 end 218 219 def test_decode_pem #should fail gracefully (cf. [ruby-dev:44542]) 220 pem = <<-_EOS_ 221-----BEGIN CERTIFICATE----- 222MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZImiZPyLGQB 223GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe 224Fw0xMTA5MjUxMzQ4MjZaFw0xMTA5MjUxNDQ4MjZaMD0xEzARBgoJkiaJk/IsZAEZ 225FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB 226IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9 227gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen 228fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm 229qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6 2308JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX 2319KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID 232AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAiAtrIr1pLX4GYN5klviWKb8HC9ICYuAFI 233NfE3FwqzErEVXotuMe3yPVyB3Bv6rjYY/x5EtS5+WPTbHlvHZTkfcsnTpizcn4mW 234dJ6dDRaFCHt1YKKjUxqBt9lvvrc3nReYZN/P+s1mrDhWzGf8iPZgf8sFUHgnaK7W 235CXRVXmPFgCDRNpDDVQ0MQkr509yYfTH+dujNzqTCwSvkyZFyQ7Oe8Yj0VR6kquG3 236rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm 237/93PnPG1IvPjYNd5VlV+sXSnaxQn974HRCsMv7jA8BD6IgSaX6WK 238-----END CERTIFICATE----- 239 _EOS_ 240 assert_raise(OpenSSL::ASN1::ASN1Error) { OpenSSL::ASN1.decode(pem) } 241 assert_raise(OpenSSL::ASN1::ASN1Error) { OpenSSL::ASN1.decode_all(pem) } 242 end 243 244 def test_primitive_cannot_set_infinite_length 245 begin 246 prim = OpenSSL::ASN1::Integer.new(50) 247 assert_equal(false, prim.infinite_length) 248 prim.infinite_length = true 249 flunk('Could set infinite length on primitive value') 250 rescue NoMethodError 251 #ok 252 end 253 end 254 255 def test_decode_all 256 expected = %w{ 02 01 01 02 01 02 02 01 03 } 257 raw = [expected.join('')].pack('H*') 258 ary = OpenSSL::ASN1.decode_all(raw) 259 assert_equal(3, ary.size) 260 ary.each_with_index do |asn1, i| 261 assert_universal(OpenSSL::ASN1::INTEGER, asn1) 262 assert_equal(i + 1, asn1.value) 263 end 264 end 265 266 def test_decode_utctime 267 expected = Time.at 1374535380 268 assert_equal expected, OpenSSL::ASN1.decode("\x17\v1307222323Z").value 269 270 expected += 17 271 assert_equal expected, OpenSSL::ASN1.decode("\x17\r130722232317Z").value 272 end 273 274 def test_create_inf_length_primitive 275 expected = %w{ 24 80 04 01 61 00 00 } 276 raw = [expected.join('')].pack('H*') 277 val = OpenSSL::ASN1::OctetString.new('a') 278 cons = OpenSSL::ASN1::Constructive.new([val, 279 OpenSSL::ASN1::EndOfContent.new], 280 OpenSSL::ASN1::OCTET_STRING, 281 nil, 282 :UNIVERSAL) 283 cons.infinite_length = true 284 assert_equal(nil, cons.tagging) 285 assert_equal(raw, cons.to_der) 286 asn1 = OpenSSL::ASN1.decode(raw) 287 assert(asn1.infinite_length) 288 assert_equal(raw, asn1.to_der) 289 end 290 291 def test_cons_without_inf_length_forbidden 292 assert_raise(OpenSSL::ASN1::ASN1Error) do 293 val = OpenSSL::ASN1::OctetString.new('a') 294 cons = OpenSSL::ASN1::Constructive.new([val], 295 OpenSSL::ASN1::OCTET_STRING, 296 nil, 297 :UNIVERSAL) 298 cons.to_der 299 end 300 end 301 302 def test_cons_without_array_forbidden 303 assert_raise(OpenSSL::ASN1::ASN1Error) do 304 val = OpenSSL::ASN1::OctetString.new('a') 305 cons = OpenSSL::ASN1::Constructive.new(val, 306 OpenSSL::ASN1::OCTET_STRING, 307 nil, 308 :UNIVERSAL) 309 cons.infinite_length = true 310 cons.to_der 311 end 312 end 313 314 def test_parse_empty_sequence 315 expected = %w{ A0 07 30 02 30 00 02 01 00 } 316 raw = [expected.join('')].pack('H*') 317 asn1 = OpenSSL::ASN1.decode(raw) 318 assert_equal(raw, asn1.to_der) 319 assert_equal(2, asn1.value.size) 320 seq = asn1.value[0] 321 assert_equal(1, seq.value.size) 322 inner_seq = seq.value[0] 323 assert_equal(0, inner_seq.value.size) 324 end 325 326 def test_parse_tagged_0_infinite 327 expected = %w{ 30 80 02 01 01 80 01 02 00 00 } 328 raw = [expected.join('')].pack('H*') 329 asn1 = OpenSSL::ASN1.decode(raw) 330 assert_equal(3, asn1.value.size) 331 int = asn1.value[0] 332 assert_universal(OpenSSL::ASN1::INTEGER, int) 333 tagged = asn1.value[1] 334 assert_equal(0, tagged.tag) 335 assert_universal(OpenSSL::ASN1::EOC, asn1.value[2]) 336 assert_equal(raw, asn1.to_der) 337 end 338 339 def test_seq_infinite_length 340 begin 341 content = [ OpenSSL::ASN1::Null.new(nil), 342 OpenSSL::ASN1::EndOfContent.new ] 343 cons = OpenSSL::ASN1::Sequence.new(content) 344 cons.infinite_length = true 345 expected = %w{ 30 80 05 00 00 00 } 346 raw = [expected.join('')].pack('H*') 347 assert_equal(raw, cons.to_der) 348 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 349 end 350 end 351 352 def test_set_infinite_length 353 begin 354 content = [ OpenSSL::ASN1::Null.new(nil), 355 OpenSSL::ASN1::EndOfContent.new() ] 356 cons = OpenSSL::ASN1::Set.new(content) 357 cons.infinite_length = true 358 expected = %w{ 31 80 05 00 00 00 } 359 raw = [expected.join('')].pack('H*') 360 assert_equal(raw, cons.to_der) 361 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 362 end 363 end 364 365 def test_octet_string_infinite_length 366 begin 367 octets = [ OpenSSL::ASN1::OctetString.new('aaa'), 368 OpenSSL::ASN1::EndOfContent.new() ] 369 cons = OpenSSL::ASN1::Constructive.new( 370 octets, 371 OpenSSL::ASN1::OCTET_STRING, 372 nil, 373 :UNIVERSAL) 374 cons.infinite_length = true 375 expected = %w{ 24 80 04 03 61 61 61 00 00 } 376 raw = [expected.join('')].pack('H*') 377 assert_equal(raw, cons.to_der) 378 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 379 end 380 end 381 382 def test_prim_explicit_tagging 383 begin 384 oct_str = OpenSSL::ASN1::OctetString.new("a", 0, :EXPLICIT) 385 expected = %w{ A0 03 04 01 61 } 386 raw = [expected.join('')].pack('H*') 387 assert_equal(raw, oct_str.to_der) 388 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 389 end 390 end 391 392 def test_prim_explicit_tagging_tag_class 393 begin 394 oct_str = OpenSSL::ASN1::OctetString.new("a", 0, :EXPLICIT) 395 oct_str2 = OpenSSL::ASN1::OctetString.new( 396 "a", 397 0, 398 :EXPLICIT, 399 :CONTEXT_SPECIFIC) 400 assert_equal(oct_str.to_der, oct_str2.to_der) 401 end 402 end 403 404 def test_prim_implicit_tagging 405 begin 406 int = OpenSSL::ASN1::Integer.new(1, 0, :IMPLICIT) 407 expected = %w{ 80 01 01 } 408 raw = [expected.join('')].pack('H*') 409 assert_equal(raw, int.to_der) 410 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 411 end 412 end 413 414 def test_prim_implicit_tagging_tag_class 415 begin 416 int = OpenSSL::ASN1::Integer.new(1, 0, :IMPLICIT) 417 int2 = OpenSSL::ASN1::Integer.new(1, 0, :IMPLICIT, :CONTEXT_SPECIFIC); 418 assert_equal(int.to_der, int2.to_der) 419 end 420 end 421 422 def test_cons_explicit_tagging 423 begin 424 content = [ OpenSSL::ASN1::PrintableString.new('abc') ] 425 seq = OpenSSL::ASN1::Sequence.new(content, 2, :EXPLICIT) 426 expected = %w{ A2 07 30 05 13 03 61 62 63 } 427 raw = [expected.join('')].pack('H*') 428 assert_equal(raw, seq.to_der) 429 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 430 end 431 end 432 433 def test_cons_explicit_tagging_inf_length 434 begin 435 content = [ OpenSSL::ASN1::PrintableString.new('abc') , 436 OpenSSL::ASN1::EndOfContent.new() ] 437 seq = OpenSSL::ASN1::Sequence.new(content, 2, :EXPLICIT) 438 seq.infinite_length = true 439 expected = %w{ A2 80 30 80 13 03 61 62 63 00 00 00 00 } 440 raw = [expected.join('')].pack('H*') 441 assert_equal(raw, seq.to_der) 442 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 443 end 444 end 445 446 def test_cons_implicit_tagging 447 begin 448 content = [ OpenSSL::ASN1::Null.new(nil) ] 449 seq = OpenSSL::ASN1::Sequence.new(content, 1, :IMPLICIT) 450 expected = %w{ A1 02 05 00 } 451 raw = [expected.join('')].pack('H*') 452 assert_equal(raw, seq.to_der) 453 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 454 end 455 end 456 457 def test_cons_implicit_tagging_inf_length 458 begin 459 content = [ OpenSSL::ASN1::Null.new(nil), 460 OpenSSL::ASN1::EndOfContent.new() ] 461 seq = OpenSSL::ASN1::Sequence.new(content, 1, :IMPLICIT) 462 seq.infinite_length = true 463 expected = %w{ A1 80 05 00 00 00 } 464 raw = [expected.join('')].pack('H*') 465 assert_equal(raw, seq.to_der) 466 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 467 end 468 end 469 470 def test_octet_string_infinite_length_explicit_tagging 471 begin 472 octets = [ OpenSSL::ASN1::OctetString.new('aaa'), 473 OpenSSL::ASN1::EndOfContent.new() ] 474 cons = OpenSSL::ASN1::Constructive.new( 475 octets, 476 1, 477 :EXPLICIT) 478 cons.infinite_length = true 479 expected = %w{ A1 80 24 80 04 03 61 61 61 00 00 00 00 } 480 raw = [expected.join('')].pack('H*') 481 assert_equal(raw, cons.to_der) 482 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 483 end 484 end 485 486 def test_octet_string_infinite_length_implicit_tagging 487 begin 488 octets = [ OpenSSL::ASN1::OctetString.new('aaa'), 489 OpenSSL::ASN1::EndOfContent.new() ] 490 cons = OpenSSL::ASN1::Constructive.new( 491 octets, 492 0, 493 :IMPLICIT) 494 cons.infinite_length = true 495 expected = %w{ A0 80 04 03 61 61 61 00 00 } 496 raw = [expected.join('')].pack('H*') 497 assert_equal(raw, cons.to_der) 498 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 499 end 500 end 501 502 def test_recursive_octet_string_infinite_length 503 begin 504 octets_sub1 = [ OpenSSL::ASN1::OctetString.new("\x01"), 505 OpenSSL::ASN1::EndOfContent.new() ] 506 octets_sub2 = [ OpenSSL::ASN1::OctetString.new("\x02"), 507 OpenSSL::ASN1::EndOfContent.new() ] 508 container1 = OpenSSL::ASN1::Constructive.new( 509 octets_sub1, 510 OpenSSL::ASN1::OCTET_STRING, 511 nil, 512 :UNIVERSAL) 513 container1.infinite_length = true 514 container2 = OpenSSL::ASN1::Constructive.new( 515 octets_sub2, 516 OpenSSL::ASN1::OCTET_STRING, 517 nil, 518 :UNIVERSAL) 519 container2.infinite_length = true 520 octets3 = OpenSSL::ASN1::OctetString.new("\x03") 521 522 octets = [ container1, container2, octets3, 523 OpenSSL::ASN1::EndOfContent.new() ] 524 cons = OpenSSL::ASN1::Constructive.new( 525 octets, 526 OpenSSL::ASN1::OCTET_STRING, 527 nil, 528 :UNIVERSAL) 529 cons.infinite_length = true 530 expected = %w{ 24 80 24 80 04 01 01 00 00 24 80 04 01 02 00 00 04 01 03 00 00 } 531 raw = [expected.join('')].pack('H*') 532 assert_equal(raw, cons.to_der) 533 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 534 end 535 end 536 537 def test_bit_string_infinite_length 538 begin 539 content = [ OpenSSL::ASN1::BitString.new("\x01"), 540 OpenSSL::ASN1::EndOfContent.new() ] 541 cons = OpenSSL::ASN1::Constructive.new( 542 content, 543 OpenSSL::ASN1::BIT_STRING, 544 nil, 545 :UNIVERSAL) 546 cons.infinite_length = true 547 expected = %w{ 23 80 03 02 00 01 00 00 } 548 raw = [expected.join('')].pack('H*') 549 assert_equal(raw, cons.to_der) 550 assert_equal(raw, OpenSSL::ASN1.decode(raw).to_der) 551 end 552 end 553 554 def test_primitive_inf_length 555 assert_raises(OpenSSL::ASN1::ASN1Error) do 556 spec = %w{ 02 80 02 01 01 00 00 } 557 raw = [spec.join('')].pack('H*') 558 OpenSSL::ASN1.decode(raw) 559 OpenSSL::ASN1.decode_all(raw) 560 end 561 end 562 563 def test_recursive_octet_string_parse 564 test = %w{ 24 80 24 80 04 01 01 00 00 24 80 04 01 02 00 00 04 01 03 00 00 } 565 raw = [test.join('')].pack('H*') 566 asn1 = OpenSSL::ASN1.decode(raw) 567 assert_equal(OpenSSL::ASN1::Constructive, asn1.class) 568 assert_universal(OpenSSL::ASN1::OCTET_STRING, asn1) 569 assert_equal(true, asn1.infinite_length) 570 assert_equal(4, asn1.value.size) 571 nested1 = asn1.value[0] 572 assert_equal(OpenSSL::ASN1::Constructive, nested1.class) 573 assert_universal(OpenSSL::ASN1::OCTET_STRING, nested1) 574 assert_equal(true, nested1.infinite_length) 575 assert_equal(2, nested1.value.size) 576 oct1 = nested1.value[0] 577 assert_universal(OpenSSL::ASN1::OCTET_STRING, oct1) 578 assert_equal(false, oct1.infinite_length) 579 assert_universal(OpenSSL::ASN1::EOC, nested1.value[1]) 580 assert_equal(false, nested1.value[1].infinite_length) 581 nested2 = asn1.value[1] 582 assert_equal(OpenSSL::ASN1::Constructive, nested2.class) 583 assert_universal(OpenSSL::ASN1::OCTET_STRING, nested2) 584 assert_equal(true, nested2.infinite_length) 585 assert_equal(2, nested2.value.size) 586 oct2 = nested2.value[0] 587 assert_universal(OpenSSL::ASN1::OCTET_STRING, oct2) 588 assert_equal(false, oct2.infinite_length) 589 assert_universal(OpenSSL::ASN1::EOC, nested2.value[1]) 590 assert_equal(false, nested2.value[1].infinite_length) 591 oct3 = asn1.value[2] 592 assert_universal(OpenSSL::ASN1::OCTET_STRING, oct3) 593 assert_equal(false, oct3.infinite_length) 594 assert_universal(OpenSSL::ASN1::EOC, asn1.value[3]) 595 assert_equal(false, asn1.value[3].infinite_length) 596 end 597 598 private 599 600 def assert_universal(tag, asn1) 601 assert_equal(tag, asn1.tag) 602 if asn1.respond_to?(:tagging) 603 assert_nil(asn1.tagging) 604 end 605 assert_equal(:UNIVERSAL, asn1.tag_class) 606 end 607 608end if defined?(OpenSSL) 609 610