ocsp: update keys used in tests

rhenium · rhenium · commit cc4d40525c6b · 2025-10-18T01:58:23.000+09:00
Use generic keys whenever possible.
diff --git a/Rakefile b/Rakefile
@@ -30,7 +30,6 @@ Rake::TestTask.new(:test_fips_internal) do |t|
     'test/openssl/test_digest.rb',
     'test/openssl/test_hmac.rb',
     'test/openssl/test_kdf.rb',
-    'test/openssl/test_ocsp.rb',
     'test/openssl/test_pkcs12.rb',
     'test/openssl/test_ts.rb',
   ]
diff --git a/test/openssl/test_ocsp.rb b/test/openssl/test_ocsp.rb
@@ -13,7 +13,7 @@ def setup
     # @cert2   @ocsp_cert
 
     ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
-    @ca_key = Fixtures.pkey("rsa1024")
+    @ca_key = Fixtures.pkey("rsa-1")
     ca_exts = [
       ["basicConstraints", "CA:TRUE", true],
       ["keyUsage", "cRLSign,keyCertSign", true],
@@ -22,7 +22,7 @@ def setup
       ca_subj, @ca_key, 1, ca_exts, nil, nil)
 
     cert_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA2")
-    @cert_key = Fixtures.pkey("rsa1024")
+    @cert_key = Fixtures.pkey("rsa-2")
     cert_exts = [
       ["basicConstraints", "CA:TRUE", true],
       ["keyUsage", "cRLSign,keyCertSign", true],
@@ -31,14 +31,14 @@ def setup
       cert_subj, @cert_key, 5, cert_exts, @ca_cert, @ca_key)
 
     cert2_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
-    @cert2_key = Fixtures.pkey("rsa1024")
+    @cert2_key = Fixtures.pkey("rsa-3")
     cert2_exts = [
     ]
     @cert2 = OpenSSL::TestUtils.issue_cert(
       cert2_subj, @cert2_key, 10, cert2_exts, @cert, @cert_key)
 
     ocsp_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCAOCSP")
-    @ocsp_key = Fixtures.pkey("rsa2048")
+    @ocsp_key = Fixtures.pkey("p256")
     ocsp_exts = [
       ["extendedKeyUsage", "OCSPSigning", true],
     ]
@@ -63,8 +63,10 @@ def test_certificate_id_issuer_name_hash
 
   def test_certificate_id_issuer_key_hash
     cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
-    assert_equal OpenSSL::Digest.hexdigest('SHA1', OpenSSL::ASN1.decode(@ca_cert.to_der).value[0].value[6].value[1].value), cid.issuer_key_hash
-    assert_equal "d1fef9fbf8ae1bc160cbfa03e2596dd873089213", cid.issuer_key_hash
+    # content of subjectPublicKey (bit string) in SubjectPublicKeyInfo
+    spki = OpenSSL::ASN1.decode(@ca_key.public_to_der)
+    assert_equal OpenSSL::Digest.hexdigest("SHA1", spki.value[1].value),
+      cid.issuer_key_hash
   end
 
   def test_certificate_id_hash_algorithm

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,6 @@ Rake::TestTask.new(:test_fips_internal) do \|t\|`
`30`	`30`	`'test/openssl/test_digest.rb',`
`31`	`31`	`'test/openssl/test_hmac.rb',`
`32`	`32`	`'test/openssl/test_kdf.rb',`
`33`		`- 'test/openssl/test_ocsp.rb',`
`34`	`33`	`'test/openssl/test_pkcs12.rb',`
`35`	`34`	`'test/openssl/test_ts.rb',`
`36`	`35`	`]`