1require_relative 'utils'
2
3if defined?(OpenSSL)
4
5class OpenSSL::TestX509Extension < Test::Unit::TestCase
6  def setup
7    @basic_constraints_value = OpenSSL::ASN1::Sequence([
8      OpenSSL::ASN1::Boolean(true),   # CA
9      OpenSSL::ASN1::Integer(2)       # pathlen
10    ])
11    @basic_constraints = OpenSSL::ASN1::Sequence([
12      OpenSSL::ASN1::ObjectId("basicConstraints"),
13      OpenSSL::ASN1::Boolean(true),
14      OpenSSL::ASN1::OctetString(@basic_constraints_value.to_der),
15    ])
16  end
17
18  def teardown
19  end
20
21  def test_new
22    ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
23    assert_equal("basicConstraints", ext.oid)
24    assert_equal(true, ext.critical?)
25    assert_equal("CA:TRUE, pathlen:2", ext.value)
26
27    ext = OpenSSL::X509::Extension.new("2.5.29.19",
28                                       @basic_constraints_value.to_der, true)
29    assert_equal(@basic_constraints.to_der, ext.to_der)
30  end
31
32  def test_create_by_factory
33    ef = OpenSSL::X509::ExtensionFactory.new
34
35    bc = ef.create_extension("basicConstraints", "critical, CA:TRUE, pathlen:2")
36    assert_equal(@basic_constraints.to_der, bc.to_der)
37
38    bc = ef.create_extension("basicConstraints", "CA:TRUE, pathlen:2", true)
39    assert_equal(@basic_constraints.to_der, bc.to_der)
40
41    begin
42      ef.config = OpenSSL::Config.parse(<<-_end_of_cnf_)
43      [crlDistPts]
44      URI.1 = http://www.example.com/crl
45      URI.2 = ldap://ldap.example.com/cn=ca?certificateRevocationList;binary
46      _end_of_cnf_
47    rescue NotImplementedError
48      return
49    end
50
51    cdp = ef.create_extension("crlDistributionPoints", "@crlDistPts")
52    assert_equal(false, cdp.critical?)
53    assert_equal("crlDistributionPoints", cdp.oid)
54    assert_match(%{URI:http://www\.example\.com/crl}, cdp.value)
55    assert_match(
56      %r{URI:ldap://ldap\.example\.com/cn=ca\?certificateRevocationList;binary},
57      cdp.value)
58
59    cdp = ef.create_extension("crlDistributionPoints", "critical, @crlDistPts")
60    assert_equal(true, cdp.critical?)
61    assert_equal("crlDistributionPoints", cdp.oid)
62    assert_match(%{URI:http://www.example.com/crl}, cdp.value)
63    assert_match(
64      %r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
65      cdp.value)
66  end
67end
68
69end
70