moved (and adjusted to handle 9K besides 1.7) X509 store add .pem test from JRuby

kares · kares · commit b25de83d608a · 2016-01-07T08:51:36.000+01:00
diff --git a/src/test/ruby/x509/test_x509store.rb b/src/test/ruby/x509/test_x509store.rb
@@ -92,7 +92,7 @@ def test_add_cert_concurrently
     assert true
   end
 
-  define_method 'test_add_same_cert_twice jruby/jruby-openssl/issues/3' do
+  define_method 'test_add_same_cert_twice jruby/jruby-openssl#3' do
     root_key = OpenSSL::PKey::RSA.new 2048 # the CA's public/private key
     root_ca = OpenSSL::X509::Certificate.new
     root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
@@ -121,4 +121,25 @@ def test_add_cert_concurrently
     end
   end
 
+  def test_adding_pem_to_store
+    debug = false
+    #OpenSSL.debug = true
+    # mimic what rubygems/request#add_rubygems_trusted_certs does to find the .pem certificates
+    # 1.7: jruby-complete-1.7.22.jar!/META-INF/jruby.home/lib/ruby/shared
+    # 9.0: /opt/local/rvm/rubies/jruby-9.0.4.0/lib/ruby/stdlib
+    base = $LOAD_PATH.detect { |p| p =~ /ruby\/shared/ || p =~ /ruby\/stdlib/ }
+    raise "rubygems home not detected in $LOAD_PATH" unless base
+    pems = Dir[ File.join(base, 'rubygems/ssl_certs/*pem') ]
+    # assert_equal( 9, pems.size ) # >= 11 on 9K
+    pems.each do |pem|
+      puts pem.inspect if debug
+      store = OpenSSL::X509::Store.new
+      cert = OpenSSL::X509::Certificate.new(File.read(pem))
+      assert ! store.verify(cert)
+      store.add_file(pem)
+      # only verify on self signed certifactes
+      assert store.verify(cert) if pem !~ /COMODORSA|AddTrustExternalCARoot/
+    end
+  end
+
 end
