[test] refactor issue_cert to use updated format

Author: kares

src/test/ruby/ssl/test_helper.rb

@@ -24,9 +24,9 @@ def setup;
       [ "keyUsage", "keyEncipherment,digitalSignature", true ],
     ]
     now = Time.at(Time.now.to_i)
-    @ca_cert  = issue_cert(@ca, @ca_key, 1, now, now + 3600, ca_exts, nil, nil, OpenSSL::Digest::SHA256.new)
-    @svr_cert = issue_cert(@svr, @svr_key, 2, now, now + 1800, ee_exts, @ca_cert, @ca_key, OpenSSL::Digest::SHA256.new)
-    @cli_cert = issue_cert(@cli, @cli_key, 3, now, now + 1800, ee_exts, @ca_cert, @ca_key, OpenSSL::Digest::SHA256.new)
+    @ca_cert  = issue_cert(@ca, @ca_key, 1, ca_exts, nil, nil, not_before: now, not_after: now + 3600)
+    @svr_cert = issue_cert(@svr, @svr_key, 2, ee_exts, @ca_cert, @ca_key, not_before: now, not_after: now + 1800)
+    @cli_cert = issue_cert(@cli, @cli_key, 3, ee_exts, @ca_cert, @ca_key, not_before: now, not_after: now + 1800)
     @server = nil
   end
 

src/test/ruby/ssl/test_ocsp.rb

@@ -19,27 +19,27 @@ def setup
       ["basicConstraints", "CA:TRUE", true],
       ["keyUsage", "cRLSign,keyCertSign", true],
     ]
-    @ca_cert = issue_cert(ca_subj, @ca_key, 1, now, now+1800, ca_exts, nil, nil, OpenSSL::Digest::SHA1.new)
+    @ca_cert = issue_cert(ca_subj, @ca_key, 1, ca_exts, nil, nil, not_before: now, not_after: now + 1800, digest: OpenSSL::Digest::SHA1.new)
 
     cert_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA2")
     @cert_key = OpenSSL::PKey::RSA.new TEST_KEY_RSA1
     cert_exts = [
       ["basicConstraints", "CA:TRUE", true],
       ["keyUsage", "cRLSign,keyCertSign", true],
     ]
-    @cert = issue_cert(cert_subj, @cert_key, 5, now, now+1800, cert_exts, @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
+    @cert = issue_cert(cert_subj, @cert_key, 5, cert_exts, @ca_cert, @ca_key, not_before: now, not_after: now + 1800, digest: OpenSSL::Digest::SHA1.new)
 
     cert2_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
     @cert2_key = OpenSSL::PKey::RSA.new TEST_KEY_RSA1
     cert2_exts = []
-    @cert2 = issue_cert(cert2_subj, @cert2_key, 10, now, now+1800, cert2_exts, @cert, @cert_key, OpenSSL::Digest::SHA1.new)
+    @cert2 = issue_cert(cert2_subj, @cert2_key, 10, cert2_exts, @cert, @cert_key, not_before: now, not_after: now + 1800, digest: OpenSSL::Digest::SHA1.new)
 
     ocsp_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCAOCSP")
     @ocsp_key = OpenSSL::PKey::RSA.new TEST_KEY_RSA2
     ocsp_exts = [
       ["extendedKeyUsage", "OCSPSigning", true],
     ]
-    @ocsp_cert = issue_cert(ocsp_subj, @ocsp_key, 100, now, now+1800, ocsp_exts, @cert, @cert_key, OpenSSL::Digest::SHA1.new)
+    @ocsp_cert = issue_cert(ocsp_subj, @ocsp_key, 100, ocsp_exts, @cert, @cert_key, not_before: now, not_after: now + 1800, digest: OpenSSL::Digest::SHA1.new)
   end
 
   def test_new_certificate_id

src/test/ruby/ssl/test_ssl.rb

@@ -38,8 +38,8 @@ def test_post_connection_check
       ["subjectAltName","DNS:localhost.localdomain",false],
       ["subjectAltName","IP:127.0.0.1",false],
     ]
-    @svr_cert = issue_cert(@svr, @svr_key, 4, now, now + 1800, exts,
-                           @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
+    @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key,
+                           not_before: now, not_after: now + 1800, digest: OpenSSL::Digest::SHA1.new)
     start_server0(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port|
       sock = TCPSocket.new("127.0.0.1", port)
       ssl = OpenSSL::SSL::SSLSocket.new(sock)
@@ -62,8 +62,8 @@ def test_post_connection_check
       [ "keyUsage", "keyEncipherment,digitalSignature", true ],
       [ "subjectAltName", "DNS:*.localdomain", false ],
     ]
-    @svr_cert = issue_cert(@svr, @svr_key, 5, now, now + 1800, exts,
-                           @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
+    @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key,
+                           not_before: now, not_after: now + 1800, digest: OpenSSL::Digest::SHA1.new)
     start_server0(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port|
       sock = TCPSocket.new("127.0.0.1", port)
       ssl = OpenSSL::SSL::SSLSocket.new(sock)

src/test/ruby/test_asn1.rb

@@ -253,8 +253,7 @@ def test_decode
       ["subjectKeyIdentifier","hash",false],
     ]
     dgst = OpenSSL::Digest::SHA1.new
-    cert = issue_cert( # OpenSSL::TestUtils.issue_cert
-      subj, key, s, now, now+3600, exts, nil, nil, dgst)
+    cert = issue_cert(subj, key, s, exts, nil, nil, not_before: now, not_after: now + 3600, digest: dgst)
 
     asn1 = OpenSSL::ASN1.decode(cert)
     assert_equal(OpenSSL::ASN1::Sequence, asn1.class)

src/test/ruby/test_helper.rb

@@ -135,17 +135,7 @@ def jruby?; self.class.jruby? end
 
   def debug(msg); puts msg if $VERBOSE end
 
-  def issue_cert(*args)
-  # def issue_cert(dn, key, serial, not_before, not_after, extensions, issuer, issuer_key, digest)
-  # def issue_cert(dn, key, serial, extensions, issuer, issuer_key,
-  #                not_before: nil, not_after: nil, digest: "sha256")
-    if args.length == 9
-      dn, key, serial, not_before, not_after, extensions, issuer, issuer_key, digest = *args
-    else
-      dn, key, serial, extensions, issuer, issuer_key, opts = *args
-      opts ||= {}
-      not_before, not_after, digest = opts[:not_before], opts[:not_after], opts[:digest] || "sha256"
-    end
+  def issue_cert(dn, key, serial, extensions, issuer, issuer_key, not_before: nil, not_after: nil, digest: 'sha256')
     cert = OpenSSL::X509::Certificate.new
     issuer = cert unless issuer
     issuer_key = key unless issuer_key
@@ -167,8 +157,7 @@ def issue_cert(*args)
     cert
   end
 
-  def issue_crl(revoke_info, serial, lastup, nextup, extensions,
-                issuer, issuer_key, digest)
+  def issue_crl(revoke_info, serial, lastup, nextup, extensions, issuer, issuer_key, digest)
     crl = OpenSSL::X509::CRL.new
     crl.issuer = issuer.subject
     crl.version = 1

src/test/ruby/x509/test_x509cert.rb

@@ -132,8 +132,8 @@ def test_resolve_extensions
     ]
 
     now = Time.now
-    ca_cert = issue_cert(ca, rsa2048, 1, now, now + 3600, ca_exts,
-                         nil, nil, OpenSSL::Digest::SHA1.new)
+    ca_cert = issue_cert(ca, rsa2048, 1, ca_exts, nil, nil,
+                         not_before: now, not_after: now + 3600, digest: OpenSSL::Digest::SHA1.new)
 
     assert_equal 5, ca_cert.extensions.size
 
@@ -180,8 +180,8 @@ def test_extensions
     ]
 
     now = Time.now
-    ca_cert = issue_cert(ca, rsa2048, 1, now, now + 3600, ca_exts,
-                         nil, nil, OpenSSL::Digest::SHA1.new)
+    ca_cert = issue_cert(ca, rsa2048, 1, ca_exts, nil, nil,
+                         not_before: now, not_after: now + 3600, digest: OpenSSL::Digest::SHA1.new)
 
     assert_equal 8, ca_cert.extensions.size
     ca_cert.extensions.each_with_index do |ext, i|
@@ -222,7 +222,7 @@ def test_inspect_to_text
 
     dgst = OpenSSL::Digest::SHA1.new # NOTE: does it match MRI ?!
 
-    cert = issue_cert(subj, key, s, now, now + 3600, exts, nil, nil, dgst)
+    cert = issue_cert(subj, key, s, exts, nil, nil, not_before: now, not_after: now + 3600, digest: dgst)
 
     assert cert.inspect.start_with?('#<OpenSSL::X509::Certificate:')
     if defined? JRUBY_VERSION

src/test/ruby/x509/test_x509crl.rb

@@ -120,8 +120,8 @@ def test_extension
     ]
 
     now = Time.now
-    cert = issue_cert(_ca, _rsa2048, 1, now, now + 3600, cert_exts, nil, nil, OpenSSL::Digest::SHA1.new)
-    crl = issue_crl([], 1, now, now+1600, crl_exts, cert, _rsa2048, OpenSSL::Digest::SHA1.new)
+    cert = issue_cert(_ca, _rsa2048, 1, cert_exts, nil, nil, not_before: now, not_after: now + 3600)
+    crl = issue_crl([], 1, now, now+1600, crl_exts, cert, _rsa2048, OpenSSL::Digest::SHA256.new)
 
     exts = crl.extensions
     assert_equal(3, exts.size)

src/test/ruby/x509/test_x509store.rb

@@ -74,7 +74,7 @@ def test_add_file_to_store_with_custom_cert_file
     store.add_file @pem
     cert = OpenSSL::X509::Certificate.new(File.read(@pem))
 
-    p cert if $VERBOSE
+    #p cert if $VERBOSE
 
     verified = store.verify(cert)
     assert verified, "verification failed for cert: #{cert.inspect} - #{store.inspect}"
@@ -192,18 +192,12 @@ def test_verify
     ee_exts = [
         ["keyUsage","keyEncipherment,digitalSignature",true],
     ]
-    ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, ca_exts,
-                          nil, nil, OpenSSL::Digest::SHA1.new)
-    ca2_cert = issue_cert(@ca2, @rsa1024, 2, now, now+1800, ca_exts,
-                          ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
-    ee1_cert = issue_cert(@ee1, @dsa256, 10, now, now+1800, ee_exts,
-                          ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new)
-    ee2_cert = issue_cert(@ee2, @dsa512, 20, now, now+1800, ee_exts,
-                          ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new)
-    ee3_cert = issue_cert(@ee2, @dsa512, 30, now-100, now-1, ee_exts,
-                          ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new)
-    ee4_cert = issue_cert(@ee2, @dsa512, 40, now+1000, now+2000, ee_exts,
-                          ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new)
+    ca1_cert = issue_cert(@ca1, @rsa2048, 1, ca_exts, nil, nil, not_before: now, not_after: now + 3600)
+    ca2_cert = issue_cert(@ca2, @rsa1024, 2, ca_exts, ca1_cert, @rsa2048, not_before: now, not_after: now + 1800)
+    ee1_cert = issue_cert(@ee1, @dsa256, 10, ee_exts, ca2_cert, @rsa1024, not_before: now, not_after: now + 1800)
+    ee2_cert = issue_cert(@ee2, @dsa512, 20, ee_exts, ca2_cert, @rsa1024, not_before: now, not_after: now + 1800)
+    ee3_cert = issue_cert(@ee2, @dsa512, 30, ee_exts, ca2_cert, @rsa1024, not_before: now - 100, not_after: now - 1)
+    ee4_cert = issue_cert(@ee2, @dsa512, 40, ee_exts, ca2_cert, @rsa1024, not_before: now + 1000, not_after: now + 2000)
 
     revoke_info = []
     crl1   = issue_crl(revoke_info, 1, now, now+1800, [],
@@ -408,20 +402,13 @@ def test_verify_same_subject_ca
     ee_exts = [
         ["keyUsage","keyEncipherment,digitalSignature",true],
     ]
-    ca1_cert = issue_cert(@ca_same, @rsa1, 1, not_before, now - 60 * 60, ca_exts1,
-                          nil, nil, OpenSSL::Digest::SHA1.new)
-    ca2_cert = issue_cert(@ca_same, @rsa2, 2, not_before, not_after, ca_exts2,
-                          nil, nil, OpenSSL::Digest::SHA1.new)
-    ca3_cert = issue_cert(@ca_other, @rsa3, 3, not_before, not_after, ca_exts1,
-                          nil, nil, OpenSSL::Digest::SHA1.new)
-    ca4_cert = issue_cert(@ca_same, @rsa4, 4, not_before, not_after, ca_exts1,
-                          nil, nil, OpenSSL::Digest::SHA1.new)
-    ee1_cert = issue_cert(@ee1, @dsa1, 10, now - 60, now + 1800, ee_exts,
-                          ca1_cert, @rsa1, OpenSSL::Digest::SHA1.new)
-    ee2_cert = issue_cert(@ee2, @dsa2, 20, now - 60, now + 1800, ee_exts,
-                          ca2_cert, @rsa2, OpenSSL::Digest::SHA1.new)
-    ee4_cert = issue_cert(@ee4, @dsa2, 20, now - 60, now + 1800, ee_exts,
-                          ca4_cert, @rsa4, OpenSSL::Digest::SHA1.new)
+    ca1_cert = issue_cert(@ca_same, @rsa1, 1, ca_exts1, nil, nil, not_before: not_before, not_after: now - 60 * 60)
+    ca2_cert = issue_cert(@ca_same, @rsa2, 2, ca_exts2, nil, nil, not_before: not_before, not_after: not_after)
+    ca3_cert = issue_cert(@ca_other, @rsa3, 3, ca_exts1, nil, nil, not_before: not_before, not_after: not_after)
+    ca4_cert = issue_cert(@ca_same, @rsa4, 4, ca_exts1, nil, nil, not_before: not_before, not_after: not_after)
+    ee1_cert = issue_cert(@ee1, @dsa1, 10, ee_exts, ca1_cert, @rsa1, not_before: now - 60, not_after: now + 1800)
+    ee2_cert = issue_cert(@ee2, @dsa2, 20, ee_exts, ca2_cert, @rsa2, not_before: now - 60, not_after: now + 1800)
+    ee4_cert = issue_cert(@ee4, @dsa2, 20, ee_exts, ca4_cert, @rsa4, not_before: now - 60, not_after: now + 1800)
 
     cert_store = OpenSSL::X509::Store.new
     cert_store.add_cert ca1_cert