hexapdf 0.19.0 → 0.20.0

data/test/hexapdf/layout/test_style.rb

@@ -597,6 +597,11 @@ end
 describe HexaPDF::Layout::Style do
   before do
     @style = HexaPDF::Layout::Style.new
+    @style.font = Object.new.tap do |obj|
+      obj.define_singleton_method(:pdf_object) do
+        Object.new.tap {|pdf| pdf.define_singleton_method(:glyph_scaling_factor) { 0.001 } }
+      end
+    end
   end
 
   it "can assign values on initialization" do
@@ -644,6 +649,7 @@ describe HexaPDF::Layout::Style do
   end
 
   it "has several simple and dynamically generated properties with default values" do
+    @style = HexaPDF::Layout::Style.new
     assert_raises(HexaPDF::Error) { @style.font }
     assert_equal(10, @style.font_size)
     assert_equal(0, @style.character_spacing)
@@ -725,6 +731,11 @@ describe HexaPDF::Layout::Style do
       font = Object.new
       font.define_singleton_method(:scaling_factor) { 1 }
       font.define_singleton_method(:wrapped_font) { wrapped_font }
+      font.define_singleton_method(:pdf_object) do
+        obj = Object.new
+        obj.define_singleton_method(:glyph_scaling_factor) { 0.001 }
+        obj
+      end
       @style.font = font
     end
 

data/test/hexapdf/test_document.rb

@@ -596,6 +596,34 @@ describe HexaPDF::Document do
     end
   end
 
+  describe "signature interface" do
+    it "returns whether the document is signed or not" do
+      refute(@doc.signed?)
+
+      form = @doc.acro_form(create: true)
+      form.signature_flag(:signatures_exist)
+      assert(@doc.signed?)
+    end
+
+    it "returns all signature fields of the document" do
+      form = @doc.acro_form(create: true)
+      sig1 = @doc.add({FT: :Sig, T: 'sig1', V: :sig1})
+      sig2 = @doc.add({FT: :Sig, T: 'sig2', V: :sig2})
+      form.root_fields << sig1 << sig2
+      assert_equal([:sig1, :sig2], @doc.signatures.to_a)
+    end
+
+    it "allows to conveniently sign a document" do
+      mock = Minitest::Mock.new
+      mock.expect(:handler, :handler, [{name: :handler, opt: :key}])
+      mock.expect(:add, :added, [:io, :handler, {signature: :sig, write_options: :write_options}])
+      @doc.instance_variable_set(:@signatures, mock)
+      result = @doc.sign(:io, handler: :handler, write_options: :write_options, signature: :sig, opt: :key)
+      assert_equal(:added, result)
+      mock.verify
+    end
+  end
+
   describe "listener interface" do
     it "allows registering and dispatching messages" do
       args = []

data/test/hexapdf/test_object.rb

@@ -182,7 +182,7 @@ describe HexaPDF::Object do
     assert_match(/\[5, 0\].*value=5/, obj.inspect)
   end
 
-  it "can be compared to another object or reference" do
+  it "can be compared to another object, reference or, if not indirect, a simple value" do
     obj = HexaPDF::Object.new(5, oid: 5)
 
     assert_equal(obj, HexaPDF::Object.new(obj))
@@ -192,6 +192,11 @@ describe HexaPDF::Object do
     refute_equal(obj, HexaPDF::Object.new(5, oid: 5, gen: 1))
 
     assert_equal(obj, HexaPDF::Reference.new(5, 0))
+
+    refute_equal(obj, 5)
+    obj.data.oid = 0
+    assert_equal(obj, 5)
+    assert_equal(obj, HexaPDF::Object.new(5))
   end
 
   it "works correctly as hash key, is interchangable in this regard with Reference objects" do
@@ -216,7 +221,7 @@ describe HexaPDF::Object do
     it "creates an independent object" do
       obj = HexaPDF::Object.new({a: "mystring", b: HexaPDF::Reference.new(1, 0), c: 5})
       copy = obj.deep_copy
-      refute_equal(copy, obj)
+      refute_same(copy, obj)
       assert_equal(copy.value, obj.value)
       refute_same(copy.value[:a], obj.value[:a])
     end

data/test/hexapdf/test_parser.rb

@@ -338,6 +338,11 @@ describe HexaPDF::Parser do
       assert_equal(5, @parser.startxref_offset)
     end
 
+    it "handles the case of startxref and its value being on the same line" do
+      create_parser("startxref 5\n%%EOF")
+      assert_equal(5, @parser.startxref_offset)
+    end
+
     it "fails even in big files when nothing is found" do
       create_parser("\nhallo" * 5000)
       exp = assert_raises(HexaPDF::MalformedPDFError) { @parser.startxref_offset }
@@ -366,6 +371,13 @@ describe HexaPDF::Parser do
       exp = assert_raises(HexaPDF::MalformedPDFError) { @parser.startxref_offset }
       assert_match(/end-of-file marker not found/, exp.message)
     end
+
+    it "fails on strict parsing if the startxref is on the same line as its value" do
+      @document.config['parser.on_correctable_error'] = proc { true }
+      create_parser("startxref 5\n%%EOF")
+      exp = assert_raises(HexaPDF::MalformedPDFError) { @parser.startxref_offset }
+      assert_match(/startxref on same line/, exp.message)
+    end
   end
 
   describe "file_header_version" do
@@ -531,12 +543,14 @@ describe HexaPDF::Parser do
       xref_section, trailer = @parser.load_revision(@parser.startxref_offset)
       assert_equal({Test: 'now'}, trailer)
       assert(xref_section[1].in_use?)
+      refute(@parser.contains_xref_streams?)
     end
 
     it "works for a cross-reference stream" do
       xref_section, trailer = @parser.load_revision(212)
       assert_equal({Size: 2}, trailer)
       assert(xref_section[1].in_use?)
+      assert(@parser.contains_xref_streams?)
     end
 
     it "fails if another object is found instead of a cross-reference stream" do

data/test/hexapdf/test_rectangle.rb

@@ -50,13 +50,6 @@ describe HexaPDF::Rectangle do
     assert_equal(12, rect.top)
   end
 
-  it "allows comparison to arrays" do
-    rect = HexaPDF::Rectangle.new([0, 1, 2, 5])
-    assert(rect == [0, 1, 2, 5])
-    rect.oid = 5
-    refute(rect == [0, 1, 2, 5])
-  end
-
   describe "validation" do
     it "ensures that it is a correct PDF rectangle" do
       doc = HexaPDF::Document.new

data/test/hexapdf/test_revision.rb

@@ -2,9 +2,10 @@
 
 require 'test_helper'
 require 'hexapdf/revision'
-require 'hexapdf/object'
+require 'hexapdf/dictionary'
 require 'hexapdf/reference'
 require 'hexapdf/xref_section'
+require 'hexapdf/type/catalog'
 require 'stringio'
 
 describe HexaPDF::Revision do
@@ -12,6 +13,10 @@ describe HexaPDF::Revision do
     @xref_section = HexaPDF::XRefSection.new
     @xref_section.add_in_use_entry(2, 0, 5000)
     @xref_section.add_free_entry(3, 0)
+    @xref_section.add_in_use_entry(4, 0, 1000)
+    @xref_section.add_in_use_entry(5, 0, 1000)
+    @xref_section.add_in_use_entry(6, 0, 5000)
+    @xref_section.add_in_use_entry(7, 0, 5000)
     @obj = HexaPDF::Object.new(:val, oid: 1, gen: 0)
     @ref = HexaPDF::Reference.new(1, 0)
 
@@ -19,7 +24,13 @@ describe HexaPDF::Revision do
       if entry.type == :free
         HexaPDF::Object.new(nil, oid: entry.oid, gen: entry.gen)
       else
-        HexaPDF::Object.new(:Test, oid: entry.oid, gen: entry.gen)
+        case entry.oid
+        when 4 then HexaPDF::Dictionary.new({Type: :XRef}, oid: entry.oid, gen: entry.gen)
+        when 5 then HexaPDF::Dictionary.new({Type: :ObjStm}, oid: entry.oid, gen: entry.gen)
+        when 7 then HexaPDF::Type::Catalog.new({Type: :Catalog}, oid: entry.oid, gen: entry.gen,
+                                              document: self)
+        else HexaPDF::Object.new(:Test, oid: entry.oid, gen: entry.gen)
+        end
       end
     end
     @rev = HexaPDF::Revision.new({}, xref_section: @xref_section, loader: @loader)
@@ -36,10 +47,10 @@ describe HexaPDF::Revision do
   end
 
   it "returns the next free object number" do
-    assert_equal(4, @rev.next_free_oid)
-    @obj.oid = 4
+    assert_equal(8, @rev.next_free_oid)
+    @obj.oid = 8
     @rev.add(@obj)
-    assert_equal(5, @rev.next_free_oid)
+    assert_equal(9, @rev.next_free_oid)
   end
 
   describe "add" do
@@ -151,15 +162,14 @@ describe HexaPDF::Revision do
       assert(@rev.object(@ref).null?)
       assert(@obj.null?)
       assert_raises(HexaPDF::Error) { @obj.document }
+      assert_same(@obj.data, @rev.object(@ref).data)
     end
   end
 
   describe "object iteration" do
     it "iterates over all objects via each" do
       @rev.add(@obj)
-      obj2 = @rev.object(2)
-      obj3 = @rev.object(3)
-      assert_equal([@obj, obj2, obj3], @rev.each.to_a)
+      assert_equal([@obj, *(2..7).map {|i| @rev.object(i) }], @rev.each.to_a)
     end
 
     it "iterates only over loaded objects" do
@@ -178,11 +188,31 @@ describe HexaPDF::Revision do
     refute(rev.object?(@ref))
   end
 
-  it "can iterate over all modified objects" do
-    obj = @rev.object(2)
-    assert_equal([], @rev.each_modified_object.to_a)
-    obj.value = :Other
-    @rev.add(@obj)
-    assert_equal([obj, @obj], @rev.each_modified_object.to_a)
+  describe "each_modified_object" do
+    it "returns modified objects" do
+      obj = @rev.object(2)
+      obj.value = :Other
+      @rev.add(@obj)
+      deleted = @rev.object(6)
+      @rev.delete(6)
+      assert_equal([obj, @obj, deleted], @rev.each_modified_object.to_a)
+    end
+
+    it "ignores object and xref streams that were deleted" do
+      @rev.delete(4)
+      @rev.delete(5)
+      assert_equal([], @rev.each_modified_object.to_a)
+    end
+
+    it "doesn't return non-modified objects" do
+      @rev.object(2)
+      assert_equal([], @rev.each_modified_object.to_a)
+    end
+
+    it "doesn't return objects that have modified values just because of reading" do
+      obj = @rev.object(7)
+      obj.delete(:Type)
+      assert_equal([], @rev.each_modified_object.to_a)
+    end
   end
 end

data/test/hexapdf/test_writer.rb

@@ -40,7 +40,7 @@ describe HexaPDF::Writer do
       219
       %%EOF
       3 0 obj
-      <</Producer(HexaPDF version 0.19.0)>>
+      <</Producer(HexaPDF version 0.20.0)>>
       endobj
       xref
       3 1
@@ -72,7 +72,7 @@ describe HexaPDF::Writer do
       141
       %%EOF
       6 0 obj
-      <</Producer(HexaPDF version 0.19.0)>>
+      <</Producer(HexaPDF version 0.20.0)>>
       endobj
       2 0 obj
       <</Length 10>>stream
@@ -94,7 +94,8 @@ describe HexaPDF::Writer do
     document = HexaPDF::Document.new(io: input_io)
     document.trailer.info[:Producer] = "unknown"
     output_io = StringIO.new(''.force_encoding(Encoding::BINARY))
-    HexaPDF::Writer.write(document, output_io)
+    xref_section = HexaPDF::Writer.write(document, output_io)
+    assert_kind_of(HexaPDF::XRefSection, xref_section)
     assert_equal(input_io.string, output_io.string)
   end
 
@@ -103,21 +104,50 @@ describe HexaPDF::Writer do
     assert_document_conversion(@compressed_input_io)
   end
 
-  it "writes a document in incremental mode" do
-    doc = HexaPDF::Document.new(io: @std_input_io)
-    doc.pages.add
-    output_io = StringIO.new
-    HexaPDF::Writer.write(doc, output_io, incremental: true)
-    assert_equal(output_io.string[0, @std_input_io.string.length], @std_input_io.string)
-    doc = HexaPDF::Document.new(io: output_io)
-    assert_equal(4, doc.revisions.size)
-    assert_equal(2, doc.revisions.current.each.to_a.size)
+  describe "write_incremental" do
+    it "writes a document in incremental mode" do
+      doc = HexaPDF::Document.new(io: @std_input_io)
+      doc.pages.add
+      output_io = StringIO.new
+      HexaPDF::Writer.write(doc, output_io, incremental: true)
+      assert_equal(output_io.string[0, @std_input_io.string.length], @std_input_io.string)
+      doc = HexaPDF::Document.new(io: output_io)
+      assert_equal(4, doc.revisions.size)
+      assert_equal(2, doc.revisions.current.each.to_a.size)
+    end
+
+    it "uses an xref stream if the document already contains at least one" do
+      doc = HexaPDF::Document.new(io: @compressed_input_io)
+      doc.pages.add
+      output_io = StringIO.new
+      HexaPDF::Writer.write(doc, output_io, incremental: true)
+      refute_match(/^trailer/, output_io.string)
+    end
   end
 
-  it "raises an error if no xref stream is in a revision but object streams are" do
+  it "creates an xref stream if no xref stream is in a revision but object streams are" do
     document = HexaPDF::Document.new
     document.add({Type: :ObjStm})
-    assert_raises(HexaPDF::Error) { HexaPDF::Writer.new(document, StringIO.new).write }
+    HexaPDF::Writer.new(document, StringIO.new).write
+    assert(:XRef, document.object(2).type)
+  end
+
+  it "creates an xref stream if a previous revision had one" do
+    document = HexaPDF::Document.new
+    document.pages.add
+    document.revisions.add
+    document.pages.add
+    document.add({Type: :ObjStm})
+    document.revisions.add
+    document.pages.add
+    io = StringIO.new
+    HexaPDF::Writer.new(document, io).write
+
+    document = HexaPDF::Document.new(io: io)
+    assert_equal(3, document.revisions.count)
+    assert(document.revisions[0].none? {|obj| obj.type == :XRef })
+    assert(document.revisions[1].one? {|obj| obj.type == :XRef })
+    assert(document.revisions[2].one? {|obj| obj.type == :XRef })
   end
 
   it "raises an error if the class is misused and an xref section contains invalid entries" do

data/test/hexapdf/type/acro_form/test_field.rb

@@ -155,6 +155,16 @@ describe HexaPDF::Type::AcroForm::Field do
       assert_equal(5, widget[:X])
     end
 
+    it "sets the print flag on the widget" do
+      widget = @field.create_widget(@page, X: 5)
+      assert_equal([:print], widget.flags)
+    end
+
+    it "associates the page with the widget" do
+      widget = @field.create_widget(@page, X: 5)
+      assert_same(@page, widget[:P])
+    end
+
     it "adds the new widget to the given page's annotations" do
       widget = @field.create_widget(@page)
       assert_equal([widget], @page[:Annots].value)
@@ -179,7 +189,7 @@ describe HexaPDF::Type::AcroForm::Field do
       refute_same(widget1, kids[0])
       assert_same(widget2, kids[1])
       assert_nil(@field[:Rect])
-      assert_equal({Rect: [1, 2, 3, 4], Type: :Annot, Subtype: :Widget, Parent: @field},
+      assert_equal({Rect: [1, 2, 3, 4], Type: :Annot, Subtype: :Widget, Parent: @field, F: 4, P: @page},
                    kids[0].value)
       assert_equal([2, 1, 4, 3], kids[1][:Rect].value)
 

data/test/hexapdf/type/acro_form/test_form.rb

@@ -226,6 +226,11 @@ describe HexaPDF::Type::AcroForm::Form do
       assert(field.flagged?(:multi_select))
       applies_variable_text_properties(:create_list_box)
     end
+
+    it "creates a signature field" do
+      field = @acro_form.create_signature_field("field")
+      assert_equal(:signature_field, field.concrete_field_type)
+    end
   end
 
   it "returns the default resources" do

data/test/hexapdf/type/signature/common.rb

@@ -0,0 +1,71 @@
+require 'openssl'
+
+module TestHelper
+
+  class Certificates
+
+    def ca_key
+      @ca_key ||= OpenSSL::PKey::RSA.new(512)
+    end
+
+    def ca_certificate
+      @ca_cert ||=
+        begin
+          ca_name = OpenSSL::X509::Name.parse('/C=AT/O=HexaPDF/CN=HexaPDF Test Root CA')
+
+          ca_cert = OpenSSL::X509::Certificate.new
+          ca_cert.serial = 0
+          ca_cert.version = 2
+          ca_cert.not_before = Time.now - 86400
+          ca_cert.not_after = Time.now + 86400
+          ca_cert.public_key = ca_key.public_key
+          ca_cert.subject = ca_name
+          ca_cert.issuer = ca_name
+
+          extension_factory = OpenSSL::X509::ExtensionFactory.new
+          extension_factory.subject_certificate = ca_cert
+          extension_factory.issuer_certificate = ca_cert
+          ca_cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash'))
+          ca_cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:TRUE', true))
+          ca_cert.add_extension(extension_factory.create_extension('keyUsage', 'cRLSign,keyCertSign', true))
+          ca_cert.sign(ca_key, OpenSSL::Digest.new('SHA1'))
+
+          ca_cert
+        end
+    end
+
+    def signer_key
+      @signer_key ||= OpenSSL::PKey::RSA.new(512)
+    end
+
+    def signer_certificate
+      @signer_certificate ||=
+        begin
+          name = OpenSSL::X509::Name.parse('/CN=signer/DC=gettalong')
+
+          signer_cert = OpenSSL::X509::Certificate.new
+          signer_cert.serial = 2
+          signer_cert.version = 2
+          signer_cert.not_before = Time.now - 86400
+          signer_cert.not_after = Time.now + 86400
+          signer_cert.public_key = signer_key.public_key
+          signer_cert.subject = name
+          signer_cert.issuer = ca_certificate.subject
+
+          extension_factory = OpenSSL::X509::ExtensionFactory.new
+          extension_factory.subject_certificate = signer_cert
+          extension_factory.issuer_certificate = ca_certificate
+          signer_cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash'))
+          signer_cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:FALSE'))
+          signer_cert.add_extension(extension_factory.create_extension('keyUsage', 'digitalSignature'))
+          signer_cert.sign(ca_key, OpenSSL::Digest.new('SHA1'))
+
+          signer_cert
+        end
+    end
+
+  end
+
+end
+
+CERTIFICATES = TestHelper::Certificates.new

data/test/hexapdf/type/signature/test_adbe_pkcs7_detached.rb

@@ -0,0 +1,99 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require_relative 'common'
+require 'hexapdf/type/signature'
+require 'ostruct'
+
+describe HexaPDF::Type::Signature::AdbePkcs7Detached do
+  before do
+    @data = 'Some data'
+    @dict = OpenStruct.new
+    @pkcs7 = OpenSSL::PKCS7.sign(CERTIFICATES.signer_certificate, CERTIFICATES.signer_key,
+                                 @data, [CERTIFICATES.ca_certificate],
+                                 OpenSSL::PKCS7::DETACHED)
+    @dict.contents = @pkcs7.to_der
+    @dict.signed_data = @data
+    @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+  end
+
+  it "returns the signer name" do
+    assert_equal("signer", @handler.signer_name)
+  end
+
+  it "returns the signing time" do
+    assert_equal(@pkcs7.signers.first.signed_time, @handler.signing_time)
+  end
+
+  it "returns the certificate chain" do
+    assert_equal([CERTIFICATES.signer_certificate, CERTIFICATES.ca_certificate],
+                 @handler.certificate_chain)
+  end
+
+  it "returns the signer certificate" do
+    assert_equal(CERTIFICATES.signer_certificate, @handler.signer_certificate)
+  end
+
+  it "allows access to the signer information" do
+    info = @handler.signer_info
+    assert(info)
+    assert_equal(2, info.serial)
+    assert_equal(CERTIFICATES.signer_certificate.issuer, info.issuer)
+  end
+
+  describe "verify" do
+    before do
+      @store = OpenSSL::X509::Store.new
+      @store.add_cert(CERTIFICATES.ca_certificate)
+    end
+
+    it "logs an error if there are no certificates" do
+      def @handler.certificate_chain; []; end
+      result = @handler.verify(@store)
+      assert_equal(1, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/No certificates/, result.messages.first.content)
+    end
+
+    it "logs an error if there is more than one signer" do
+      @pkcs7.add_signer(OpenSSL::PKCS7::SignerInfo.new(CERTIFICATES.signer_certificate,
+                                                       CERTIFICATES.signer_key, 'SHA1'))
+      @dict.contents = @pkcs7.to_der
+      @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+      result = @handler.verify(@store)
+      assert_equal(2, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/Exactly one signer needed/, result.messages.first.content)
+    end
+
+    it "logs an error if the signer certificate is not found" do
+      def @handler.signer_certificate; nil end
+      result = @handler.verify(@store)
+      assert_equal(1, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/Signer.*not found/, result.messages.first.content)
+    end
+
+    it "logs an error if the signer certificate is not usable for digital signatures" do
+      @pkcs7 = OpenSSL::PKCS7.sign(CERTIFICATES.ca_certificate, CERTIFICATES.ca_key,
+                                   @data, [CERTIFICATES.ca_certificate],
+                                   OpenSSL::PKCS7::DETACHED)
+      @dict.contents = @pkcs7.to_der
+      @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+      result = @handler.verify(@store)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/key usage is missing 'Digital Signature'/, result.messages.first.content)
+    end
+
+    it "verifies the signature itself" do
+      result = @handler.verify(@store)
+      assert_equal(:info, result.messages.last.type)
+      assert_match(/Signature valid/, result.messages.last.content)
+
+      @dict.signed_data = 'other data'
+      result = @handler.verify(@store)
+      assert_equal(:error, result.messages.last.type)
+      assert_match(/Signature verification failed/, result.messages.last.content)
+    end
+  end
+end

data/test/hexapdf/type/signature/test_adbe_x509_rsa_sha1.rb

@@ -0,0 +1,66 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require_relative 'common'
+require 'hexapdf/type/signature'
+require 'ostruct'
+
+describe HexaPDF::Type::Signature::AdbeX509RsaSha1 do
+  before do
+    @data = 'Some data'
+    @dict = OpenStruct.new
+    @dict.signed_data = @data
+    encoded_data = CERTIFICATES.signer_key.sign(OpenSSL::Digest.new('SHA1'), @data)
+    @dict.contents = OpenSSL::ASN1::OctetString.new(encoded_data).to_der
+    @dict.Cert = [CERTIFICATES.signer_certificate.to_der]
+    def @dict.key?(*); true; end
+    @handler = HexaPDF::Type::Signature::AdbeX509RsaSha1.new(@dict)
+  end
+
+  it "returns the certificate chain" do
+    assert_equal([CERTIFICATES.signer_certificate], @handler.certificate_chain)
+
+    @dict.singleton_class.undef_method(:key?)
+    def @dict.key?(*); false; end
+    assert_equal([], @handler.certificate_chain)
+  end
+
+  it "returns the signer certificate" do
+    assert_equal(CERTIFICATES.signer_certificate, @handler.signer_certificate)
+  end
+
+  describe "verify" do
+    before do
+      @store = OpenSSL::X509::Store.new
+      @store.set_default_paths
+      @store.purpose = OpenSSL::X509::PURPOSE_SMIME_SIGN
+    end
+
+    it "logs an error if there are no certificates" do
+      def @handler.certificate_chain; []; end
+      result = @handler.verify(@store)
+      assert_equal(1, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/No certificates/, result.messages.first.content)
+    end
+
+    it "logs an error if signature contents is not of the expected type" do
+      @dict.contents = OpenSSL::ASN1::Boolean.new(true).to_der
+      result = @handler.verify(@store)
+      assert_equal(1, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/signature object invalid/, result.messages.first.content)
+    end
+
+    it "verifies the signature itself" do
+      result = @handler.verify(@store)
+      assert_equal(:info, result.messages.last.type)
+      assert_match(/Signature valid/, result.messages.last.content)
+
+      @dict.signed_data = 'other data'
+      result = @handler.verify(@store)
+      assert_equal(:error, result.messages.last.type)
+      assert_match(/Signature verification failed/, result.messages.last.content)
+    end
+  end
+end