From fcbf63e62c627deae76c1b8cb8c0876c536ed811 Mon Sep 17 00:00:00 2001
From: Jari Vetoniemi <jari.vetoniemi@indooratlas.com>
Date: Mon, 16 Mar 2020 18:49:26 +0900
Subject: Fresh start

---
 jni/ruby/test/rubygems/test_bundled_ca.rb | 60 +++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 jni/ruby/test/rubygems/test_bundled_ca.rb

(limited to 'jni/ruby/test/rubygems/test_bundled_ca.rb')

diff --git a/jni/ruby/test/rubygems/test_bundled_ca.rb b/jni/ruby/test/rubygems/test_bundled_ca.rb
new file mode 100644
index 0000000..711cd1b
--- /dev/null
+++ b/jni/ruby/test/rubygems/test_bundled_ca.rb
@@ -0,0 +1,60 @@
+require 'rubygems/test_case'
+require 'net/https'
+require 'rubygems/request'
+
+# = Testing Bundled CA
+#
+# The tested hosts are explained in detail here: https://github.com/rubygems/rubygems/commit/5e16a5428f973667cabfa07e94ff939e7a83ebd9
+#
+class TestBundledCA < Gem::TestCase
+
+  THIS_FILE = File.expand_path __FILE__
+
+  def bundled_certificate_store
+    store = OpenSSL::X509::Store.new
+
+    ssl_cert_glob =
+      File.expand_path '../../../lib/rubygems/ssl_certs/*.pem', THIS_FILE
+
+    Dir[ssl_cert_glob].each do |ssl_cert|
+      store.add_file ssl_cert
+    end
+
+    store
+  end
+
+  def assert_https(host)
+    if self.respond_to? :_assertions # minitest <= 4
+      self._assertions += 1
+    else # minitest >= 5
+      self.assertions += 1
+    end
+    http = Net::HTTP.new(host, 443)
+    http.use_ssl = true
+    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    http.cert_store = bundled_certificate_store
+    http.get('/')
+  rescue Errno::ENOENT, Errno::ETIMEDOUT
+    skip "#{host} seems offline, I can't tell whether ssl would work."
+  rescue OpenSSL::SSL::SSLError => e
+    # Only fail for certificate verification errors
+    if e.message =~ /certificate verify failed/
+      flunk "#{host} is not verifiable using the included certificates. Error was: #{e.message}"
+    end
+    raise
+  end
+
+  def test_accessing_rubygems
+    assert_https('rubygems.org')
+  end
+
+  def test_accessing_cloudfront
+    assert_https('d2chzxaqi4y7f8.cloudfront.net')
+  end
+
+  def test_accessing_s3
+    assert_https('s3.amazonaws.com')
+  end
+
+end if ENV['TRAVIS']
+
-- 
cgit v1.2.3