Merge pull request #953 from rhenium/ky/test-use-generic-test-keys

Update keys used in tests

Author: rhenium

Rakefile

@@ -26,19 +26,12 @@ Rake::TestTask.new(:test_fips_internal) do |t|
   # Exclude failing test files in FIPS for this task to pass.
   # TODO: Fix failing test files.
   t.test_files = FileList['test/**/test_*.rb'] - FileList[
-    'test/openssl/test_asn1.rb',
     'test/openssl/test_cipher.rb',
     'test/openssl/test_digest.rb',
     'test/openssl/test_hmac.rb',
     'test/openssl/test_kdf.rb',
-    'test/openssl/test_ns_spki.rb',
-    'test/openssl/test_ocsp.rb',
     'test/openssl/test_pkcs12.rb',
     'test/openssl/test_ts.rb',
-    'test/openssl/test_x509cert.rb',
-    'test/openssl/test_x509crl.rb',
-    'test/openssl/test_x509name.rb',
-    'test/openssl/test_x509req.rb',
   ]
   t.warning = true
 end

test/openssl/fixtures/pkey/dsa1024.pem

@@ -6,7 +6,7 @@
 class  OpenSSL::TestASN1 < OpenSSL::TestCase
   def test_decode_x509_certificate
     subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
-    key = Fixtures.pkey("rsa1024")
+    key = Fixtures.pkey("rsa-1")
     now = Time.at(Time.now.to_i) # suppress usec
     s = 0xdeadbeafdeadbeafdeadbeafdeadbeaf
     exts = [

test/openssl/fixtures/pkey/dsa256.pem

@@ -17,8 +17,8 @@ def setup
   end
 
   def test_build_data
-    key1 = Fixtures.pkey("rsa1024")
-    key2 = Fixtures.pkey("rsa2048")
+    key1 = Fixtures.pkey("rsa-1")
+    key2 = Fixtures.pkey("rsa-2")
     spki = OpenSSL::Netscape::SPKI.new
     spki.challenge = "RandomString"
     spki.public_key = key1.public_key

test/openssl/fixtures/pkey/dsa512.pem

@@ -13,7 +13,7 @@ def setup
     # @cert2   @ocsp_cert
 
     ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
-    @ca_key = Fixtures.pkey("rsa1024")
+    @ca_key = Fixtures.pkey("rsa-1")
     ca_exts = [
       ["basicConstraints", "CA:TRUE", true],
       ["keyUsage", "cRLSign,keyCertSign", true],
@@ -22,7 +22,7 @@ def setup
       ca_subj, @ca_key, 1, ca_exts, nil, nil)
 
     cert_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA2")
-    @cert_key = Fixtures.pkey("rsa1024")
+    @cert_key = Fixtures.pkey("rsa-2")
     cert_exts = [
       ["basicConstraints", "CA:TRUE", true],
       ["keyUsage", "cRLSign,keyCertSign", true],
@@ -31,14 +31,14 @@ def setup
       cert_subj, @cert_key, 5, cert_exts, @ca_cert, @ca_key)
 
     cert2_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
-    @cert2_key = Fixtures.pkey("rsa1024")
+    @cert2_key = Fixtures.pkey("rsa-3")
     cert2_exts = [
     ]
     @cert2 = OpenSSL::TestUtils.issue_cert(
       cert2_subj, @cert2_key, 10, cert2_exts, @cert, @cert_key)
 
     ocsp_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCAOCSP")
-    @ocsp_key = Fixtures.pkey("rsa2048")
+    @ocsp_key = Fixtures.pkey("p256")
     ocsp_exts = [
       ["extendedKeyUsage", "OCSPSigning", true],
     ]
@@ -63,8 +63,10 @@ def test_certificate_id_issuer_name_hash
 
   def test_certificate_id_issuer_key_hash
     cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
-    assert_equal OpenSSL::Digest.hexdigest('SHA1', OpenSSL::ASN1.decode(@ca_cert.to_der).value[0].value[6].value[1].value), cid.issuer_key_hash
-    assert_equal "d1fef9fbf8ae1bc160cbfa03e2596dd873089213", cid.issuer_key_hash
+    # content of subjectPublicKey (bit string) in SubjectPublicKeyInfo
+    spki = OpenSSL::ASN1.decode(@ca_key.public_to_der)
+    assert_equal OpenSSL::Digest.hexdigest("SHA1", spki.value[1].value),
+      cid.issuer_key_hash
   end
 
   def test_certificate_id_hash_algorithm

test/openssl/fixtures/pkey/rsa1024.pem

@@ -293,10 +293,10 @@ def test_raw_initialize_errors
   end
 
   def test_compare?
-    key1 = Fixtures.pkey("rsa1024")
-    key2 = Fixtures.pkey("rsa1024")
-    key3 = Fixtures.pkey("rsa2048")
-    key4 = Fixtures.pkey("dh-1")
+    key1 = Fixtures.pkey("rsa-1")
+    key2 = Fixtures.pkey("rsa-1")
+    key3 = Fixtures.pkey("rsa-2")
+    key4 = Fixtures.pkey("p256")
 
     assert_equal(true, key1.compare?(key2))
     assert_equal(true, key1.public_key.compare?(key2))
@@ -311,7 +311,7 @@ def test_compare?
   end
 
   def test_to_text
-    rsa = Fixtures.pkey("rsa1024")
+    rsa = Fixtures.pkey("rsa-1")
     assert_include rsa.to_text, "publicExponent"
   end
 end

test/openssl/test_asn1.rb

@@ -10,7 +10,7 @@ def setup
   end
 
   def test_private
-    key = Fixtures.pkey("dsa1024")
+    key = Fixtures.pkey("dsa2048")
     assert_equal true, key.private?
     key2 = OpenSSL::PKey::DSA.new(key.to_der)
     assert_equal true, key2.private?
@@ -114,105 +114,76 @@ def test_sign_verify_raw
 
   def test_DSAPrivateKey
     # OpenSSL DSAPrivateKey format; similar to RSAPrivateKey
-    dsa512 = Fixtures.pkey("dsa512")
+    orig = Fixtures.pkey("dsa2048")
     asn1 = OpenSSL::ASN1::Sequence([
       OpenSSL::ASN1::Integer(0),
-      OpenSSL::ASN1::Integer(dsa512.p),
-      OpenSSL::ASN1::Integer(dsa512.q),
-      OpenSSL::ASN1::Integer(dsa512.g),
-      OpenSSL::ASN1::Integer(dsa512.pub_key),
-      OpenSSL::ASN1::Integer(dsa512.priv_key)
+      OpenSSL::ASN1::Integer(orig.p),
+      OpenSSL::ASN1::Integer(orig.q),
+      OpenSSL::ASN1::Integer(orig.g),
+      OpenSSL::ASN1::Integer(orig.pub_key),
+      OpenSSL::ASN1::Integer(orig.priv_key)
     ])
     key = OpenSSL::PKey::DSA.new(asn1.to_der)
     assert_predicate key, :private?
-    assert_same_dsa dsa512, key
-
-    pem = <<~EOF
-    -----BEGIN DSA PRIVATE KEY-----
-    MIH4AgEAAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgTYiEEHaOYhkIxv0Ok
-    RZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB4DZGH7UyarcaGy6D
-    AkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqoji3/lHdKoVdTQNuR
-    S/m6DlCwhjRjiQ/lBRgCLCcaAkEAjN891JBjzpMj4bWgsACmMggFf57DS0Ti+5++
-    Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
-    55jreJD3Se3slps=
-    -----END DSA PRIVATE KEY-----
-    EOF
+    assert_same_dsa orig, key
+
+    pem = der_to_pem(asn1.to_der, "DSA PRIVATE KEY")
     key = OpenSSL::PKey::DSA.new(pem)
-    assert_same_dsa dsa512, key
+    assert_same_dsa orig, key
 
-    assert_equal asn1.to_der, dsa512.to_der
-    assert_equal pem, dsa512.export
+    assert_equal asn1.to_der, orig.to_der
+    assert_equal pem, orig.export
   end
 
   def test_DSAPrivateKey_encrypted
-    # key = abcdef
-    dsa512 = Fixtures.pkey("dsa512")
-    pem = <<~EOF
-    -----BEGIN DSA PRIVATE KEY-----
-    Proc-Type: 4,ENCRYPTED
-    DEK-Info: AES-128-CBC,F8BB7BFC7EAB9118AC2E3DA16C8DB1D9
-
-    D2sIzsM9MLXBtlF4RW42u2GB9gX3HQ3prtVIjWPLaKBYoToRUiv8WKsjptfZuLSB
-    74ZPdMS7VITM+W1HIxo/tjS80348Cwc9ou8H/E6WGat8ZUk/igLOUEII+coQS6qw
-    QpuLMcCIavevX0gjdjEIkojBB81TYDofA1Bp1z1zDI/2Zhw822xapI79ZF7Rmywt
-    OSyWzFaGipgDpdFsGzvT6//z0jMr0AuJVcZ0VJ5lyPGQZAeVBlbYEI4T72cC5Cz7
-    XvLiaUtum6/sASD2PQqdDNpgx/WA6Vs1Po2kIUQIM5TIwyJI0GdykZcYm6xIK/ta
-    Wgx6c8K+qBAIVrilw3EWxw==
-    -----END DSA PRIVATE KEY-----
-    EOF
+    # OpenSSL DSAPrivateKey with OpenSSL encryption
+    orig = Fixtures.pkey("dsa2048")
+
+    pem = der_to_encrypted_pem(orig.to_der, "DSA PRIVATE KEY", "abcdef")
     key = OpenSSL::PKey::DSA.new(pem, "abcdef")
-    assert_same_dsa dsa512, key
+    assert_same_dsa orig, key
     key = OpenSSL::PKey::DSA.new(pem) { "abcdef" }
-    assert_same_dsa dsa512, key
+    assert_same_dsa orig, key
 
     cipher = OpenSSL::Cipher.new("aes-128-cbc")
-    exported = dsa512.to_pem(cipher, "abcdef\0\1")
-    assert_same_dsa dsa512, OpenSSL::PKey::DSA.new(exported, "abcdef\0\1")
+    exported = orig.to_pem(cipher, "abcdef\0\1")
+    assert_same_dsa orig, OpenSSL::PKey::DSA.new(exported, "abcdef\0\1")
     assert_raise(OpenSSL::PKey::DSAError) {
       OpenSSL::PKey::DSA.new(exported, "abcdef")
     }
   end
 
   def test_PUBKEY
-    dsa512 = Fixtures.pkey("dsa512")
-    dsa512pub = OpenSSL::PKey::DSA.new(dsa512.public_to_der)
+    orig = Fixtures.pkey("dsa2048")
+    pub = OpenSSL::PKey::DSA.new(orig.public_to_der)
 
     asn1 = OpenSSL::ASN1::Sequence([
       OpenSSL::ASN1::Sequence([
         OpenSSL::ASN1::ObjectId("DSA"),
         OpenSSL::ASN1::Sequence([
-          OpenSSL::ASN1::Integer(dsa512.p),
-          OpenSSL::ASN1::Integer(dsa512.q),
-          OpenSSL::ASN1::Integer(dsa512.g)
+          OpenSSL::ASN1::Integer(orig.p),
+          OpenSSL::ASN1::Integer(orig.q),
+          OpenSSL::ASN1::Integer(orig.g)
         ])
       ]),
       OpenSSL::ASN1::BitString(
-        OpenSSL::ASN1::Integer(dsa512.pub_key).to_der
+        OpenSSL::ASN1::Integer(orig.pub_key).to_der
       )
     ])
     key = OpenSSL::PKey::DSA.new(asn1.to_der)
     assert_not_predicate key, :private?
-    assert_same_dsa dsa512pub, key
-
-    pem = <<~EOF
-    -----BEGIN PUBLIC KEY-----
-    MIHxMIGoBgcqhkjOOAQBMIGcAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgT
-    YiEEHaOYhkIxv0OkRZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB
-    4DZGH7UyarcaGy6DAkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqo
-    ji3/lHdKoVdTQNuRS/m6DlCwhjRjiQ/lBRgCLCcaA0QAAkEAjN891JBjzpMj4bWg
-    sACmMggFf57DS0Ti+5++Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxX
-    oXi9OA==
-    -----END PUBLIC KEY-----
-    EOF
+    assert_same_dsa pub, key
+
+    pem = der_to_pem(asn1.to_der, "PUBLIC KEY")
     key = OpenSSL::PKey::DSA.new(pem)
-    assert_same_dsa dsa512pub, key
+    assert_same_dsa pub, key
 
     assert_equal asn1.to_der, key.to_der
     assert_equal pem, key.export
 
-    assert_equal asn1.to_der, dsa512.public_to_der
+    assert_equal asn1.to_der, orig.public_to_der
     assert_equal asn1.to_der, key.public_to_der
-    assert_equal pem, dsa512.public_to_pem
+    assert_equal pem, orig.public_to_pem
     assert_equal pem, key.public_to_pem
   end
 
@@ -263,7 +234,7 @@ def test_params
   end
 
   def test_dup
-    key = Fixtures.pkey("dsa1024")
+    key = Fixtures.pkey("dsa2048")
     key2 = key.dup
     assert_equal key.params, key2.params
 
@@ -275,7 +246,7 @@ def test_dup
   end
 
   def test_marshal
-    key = Fixtures.pkey("dsa1024")
+    key = Fixtures.pkey("dsa2048")
     deserialized = Marshal.load(Marshal.dump(key))
 
     assert_equal key.to_der, deserialized.to_der