[test] adjust cert verify tests with valid CA

Author: kares

src/test/ruby/x509/Entrust.net_Premium_2048_Secure_Server_CA.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3
+MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub
+j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo
+U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
+zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
+u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
+bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
+fF6adulZkMV8gzURZVE=
+-----END CERTIFICATE-----

src/test/ruby/x509/EntrustnetSecureServerCertificationAuthority.pem renamed to src/test/ruby/x509/Entrust.net_Secure_Server_CA.expired.pem

@@ -9,7 +9,7 @@ def setup; require 'openssl'
     @cert = OpenSSL::X509::Certificate.new(cert)
     @ca_cert = File.expand_path('../ca.crt', __FILE__) # File.expand_path('../demoCA/cacert.pem', __FILE__)
     @javastore = File.expand_path('../javastore.ts', __FILE__)
-    @pem = File.expand_path('../EntrustnetSecureServerCertificationAuthority.pem', __FILE__)
+    @pem = File.expand_path('../Entrust.net_Premium_2048_Secure_Server_CA.pem', __FILE__) # validity: 1999 - 2029
   end
 
   @@ssl_cert_file = ENV['SSL_CERT_FILE']
@@ -30,7 +30,7 @@ def test_store_location_with_pem
     store.set_default_paths
 
     puts @cert.inspect if $VERBOSE
-    #puts @cert.to_java java.security.cert.X509Certificate
+    #puts @cert.to_java java.security.cert.X509Certificate if $VERBOSE
 
     verified = store.verify(@cert)
     assert verified, "CA verification failed: #{store.inspect}"
@@ -72,7 +72,27 @@ def test_add_file_to_store_with_custom_cert_file
     store = OpenSSL::X509::Store.new
     store.set_default_paths
     store.add_file @pem
-    assert store.verify( OpenSSL::X509::Certificate.new(File.read(@pem)))
+    cert = OpenSSL::X509::Certificate.new(File.read(@pem))
+
+    puts cert.to_text if $VERBOSE
+
+    verified = store.verify(cert)
+    assert verified, "verification failed for cert: #{cert.inspect} - #{store.inspect}"
+  end
+
+
+  def test_add_file_to_store_with_expired_ca_cert
+    ENV['SSL_CERT_FILE'] = @ca_cert
+    pem = File.expand_path('../Entrust.net_Secure_Server_CA.expired.pem', __FILE__)
+    store = OpenSSL::X509::Store.new
+    store.set_default_paths
+    store.add_file pem
+    cert = OpenSSL::X509::Certificate.new(File.read(pem))
+
+    puts cert.to_text if $VERBOSE
+
+    verified = store.verify(cert)
+    assert !verified, "verification passed for (expired) cert: #{cert.inspect}"
   end
 
   def test_use_non_existing_cert_file