jruby-openssl-maven 0.7.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +171 -0
- data/License.txt +30 -0
- data/Manifest.txt +115 -0
- data/README.txt +13 -0
- data/Rakefile +79 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/version.rb +5 -0
- data/lib/openssl.rb +76 -0
- data/lib/openssl/bn.rb +35 -0
- data/lib/openssl/buffering.rb +239 -0
- data/lib/openssl/cipher.rb +65 -0
- data/lib/openssl/config.rb +316 -0
- data/lib/openssl/digest.rb +61 -0
- data/lib/openssl/dummy.rb +33 -0
- data/lib/openssl/dummyssl.rb +14 -0
- data/lib/openssl/pkcs7.rb +25 -0
- data/lib/openssl/ssl.rb +179 -0
- data/lib/openssl/x509.rb +154 -0
- data/test/cert_with_ec_pk.cer +27 -0
- data/test/fixture/ca-bundle.crt +2794 -0
- data/test/fixture/ca_path/72fa7371.0 +19 -0
- data/test/fixture/ca_path/verisign.pem +19 -0
- data/test/fixture/cacert.pem +23 -0
- data/test/fixture/cert_localhost.pem +19 -0
- data/test/fixture/common.pem +48 -0
- data/test/fixture/imaps/cacert.pem +60 -0
- data/test/fixture/imaps/server.crt +61 -0
- data/test/fixture/imaps/server.key +15 -0
- data/test/fixture/key_then_cert.pem +34 -0
- data/test/fixture/keypair.pem +27 -0
- data/test/fixture/localhost_keypair.pem +18 -0
- data/test/fixture/max.pem +29 -0
- data/test/fixture/purpose/b70a5bc1.0 +24 -0
- data/test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +0 -0
- data/test/fixture/purpose/ca/ca_config.rb +37 -0
- data/test/fixture/purpose/ca/cacert.pem +24 -0
- data/test/fixture/purpose/ca/newcerts/2_cert.pem +19 -0
- data/test/fixture/purpose/ca/newcerts/3_cert.pem +19 -0
- data/test/fixture/purpose/ca/private/cakeypair.pem +30 -0
- data/test/fixture/purpose/ca/serial +1 -0
- data/test/fixture/purpose/cacert.pem +24 -0
- data/test/fixture/purpose/scripts/gen_cert.rb +127 -0
- data/test/fixture/purpose/scripts/gen_csr.rb +50 -0
- data/test/fixture/purpose/scripts/init_ca.rb +66 -0
- data/test/fixture/purpose/sslclient.pem +19 -0
- data/test/fixture/purpose/sslclient/csr.pem +10 -0
- data/test/fixture/purpose/sslclient/keypair.pem +15 -0
- data/test/fixture/purpose/sslclient/sslclient.pem +19 -0
- data/test/fixture/purpose/sslserver.pem +19 -0
- data/test/fixture/purpose/sslserver/csr.pem +10 -0
- data/test/fixture/purpose/sslserver/keypair.pem +15 -0
- data/test/fixture/purpose/sslserver/sslserver.pem +19 -0
- data/test/fixture/selfcert.pem +23 -0
- data/test/fixture/verisign.pem +19 -0
- data/test/fixture/verisign_c3.pem +14 -0
- data/test/java/pkcs7_mime_enveloped.message +19 -0
- data/test/java/pkcs7_mime_signed.message +30 -0
- data/test/java/pkcs7_multipart_signed.message +45 -0
- data/test/java/test_java_attribute.rb +25 -0
- data/test/java/test_java_bio.rb +42 -0
- data/test/java/test_java_mime.rb +173 -0
- data/test/java/test_java_pkcs7.rb +772 -0
- data/test/java/test_java_smime.rb +177 -0
- data/test/openssl/ssl_server.rb +99 -0
- data/test/openssl/test_asn1.rb +197 -0
- data/test/openssl/test_cipher.rb +193 -0
- data/test/openssl/test_config.rb +290 -0
- data/test/openssl/test_digest.rb +88 -0
- data/test/openssl/test_ec.rb +128 -0
- data/test/openssl/test_hmac.rb +46 -0
- data/test/openssl/test_ns_spki.rb +59 -0
- data/test/openssl/test_pair.rb +141 -0
- data/test/openssl/test_pkcs7.rb +489 -0
- data/test/openssl/test_pkey_rsa.rb +49 -0
- data/test/openssl/test_ssl.rb +1035 -0
- data/test/openssl/test_x509cert.rb +277 -0
- data/test/openssl/test_x509crl.rb +253 -0
- data/test/openssl/test_x509ext.rb +99 -0
- data/test/openssl/test_x509name.rb +290 -0
- data/test/openssl/test_x509req.rb +195 -0
- data/test/openssl/test_x509store.rb +246 -0
- data/test/openssl/utils.rb +144 -0
- data/test/ref/a.out +0 -0
- data/test/ref/compile.rb +8 -0
- data/test/ref/pkcs1 +0 -0
- data/test/ref/pkcs1.c +21 -0
- data/test/test_all.rb +1 -0
- data/test/test_certificate.rb +123 -0
- data/test/test_cipher.rb +197 -0
- data/test/test_imaps.rb +107 -0
- data/test/test_integration.rb +144 -0
- data/test/test_java.rb +98 -0
- data/test/test_openssl.rb +4 -0
- data/test/test_parse_certificate.rb +27 -0
- data/test/test_pkcs7.rb +40 -0
- data/test/test_pkey.rb +204 -0
- data/test/test_ssl.rb +97 -0
- data/test/test_x509store.rb +160 -0
- data/test/ut_eof.rb +128 -0
- metadata +161 -0
@@ -0,0 +1,489 @@
|
|
1
|
+
begin
|
2
|
+
require "openssl"
|
3
|
+
require File.join(File.dirname(__FILE__), "utils.rb")
|
4
|
+
rescue LoadError
|
5
|
+
end
|
6
|
+
require "test/unit"
|
7
|
+
|
8
|
+
if defined?(OpenSSL)
|
9
|
+
|
10
|
+
class OpenSSL::TestPKCS7 < Test::Unit::TestCase
|
11
|
+
def setup
|
12
|
+
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
13
|
+
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
14
|
+
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
|
15
|
+
ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
|
16
|
+
ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
|
17
|
+
|
18
|
+
now = Time.now
|
19
|
+
ca_exts = [
|
20
|
+
["basicConstraints","CA:TRUE",true],
|
21
|
+
["keyUsage","keyCertSign, cRLSign",true],
|
22
|
+
["subjectKeyIdentifier","hash",false],
|
23
|
+
["authorityKeyIdentifier","keyid:always",false],
|
24
|
+
]
|
25
|
+
@ca_cert = issue_cert(ca, @rsa2048, 1, Time.now, Time.now+3600, ca_exts,
|
26
|
+
nil, nil, OpenSSL::Digest::SHA1.new)
|
27
|
+
ee_exts = [
|
28
|
+
["keyUsage","Non Repudiation, Digital Signature, Key Encipherment",true],
|
29
|
+
["authorityKeyIdentifier","keyid:always",false],
|
30
|
+
["extendedKeyUsage","clientAuth, emailProtection, codeSigning",false],
|
31
|
+
["nsCertType","client,email",false],
|
32
|
+
]
|
33
|
+
@ee1_cert = issue_cert(ee1, @rsa1024, 2, Time.now, Time.now+1800, ee_exts,
|
34
|
+
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
35
|
+
@ee2_cert = issue_cert(ee2, @rsa1024, 3, Time.now, Time.now+1800, ee_exts,
|
36
|
+
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
37
|
+
end
|
38
|
+
|
39
|
+
def issue_cert(*args)
|
40
|
+
OpenSSL::TestUtils.issue_cert(*args)
|
41
|
+
end
|
42
|
+
|
43
|
+
def test_signed
|
44
|
+
store = OpenSSL::X509::Store.new
|
45
|
+
store.add_cert(@ca_cert)
|
46
|
+
ca_certs = [@ca_cert]
|
47
|
+
|
48
|
+
data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
|
49
|
+
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
|
50
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
51
|
+
certs = p7.certificates
|
52
|
+
signers = p7.signers
|
53
|
+
assert(p7.verify([], store))
|
54
|
+
assert_equal(data, p7.data)
|
55
|
+
assert_equal(2, certs.size)
|
56
|
+
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
57
|
+
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
58
|
+
assert_equal(1, signers.size)
|
59
|
+
assert_equal(@ee1_cert.serial, signers[0].serial)
|
60
|
+
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
61
|
+
|
62
|
+
# Normaly OpenSSL tries to translate the supplied content into canonical
|
63
|
+
# MIME format (e.g. a newline character is converted into CR+LF).
|
64
|
+
# If the content is a binary, PKCS7::BINARY flag should be used.
|
65
|
+
|
66
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
67
|
+
flag = OpenSSL::PKCS7::BINARY
|
68
|
+
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
|
69
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
70
|
+
certs = p7.certificates
|
71
|
+
signers = p7.signers
|
72
|
+
assert(p7.verify([], store))
|
73
|
+
assert_equal(data, p7.data)
|
74
|
+
assert_equal(2, certs.size)
|
75
|
+
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
76
|
+
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
77
|
+
assert_equal(1, signers.size)
|
78
|
+
assert_equal(@ee1_cert.serial, signers[0].serial)
|
79
|
+
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
80
|
+
|
81
|
+
# A signed-data which have multiple signatures can be created
|
82
|
+
# through the following steps.
|
83
|
+
# 1. create two signed-data
|
84
|
+
# 2. copy signerInfo and certificate from one to another
|
85
|
+
|
86
|
+
tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
|
87
|
+
tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
|
88
|
+
tmp1.add_signer(tmp2.signers[0])
|
89
|
+
tmp1.add_certificate(@ee2_cert)
|
90
|
+
|
91
|
+
p7 = OpenSSL::PKCS7.new(tmp1.to_der)
|
92
|
+
certs = p7.certificates
|
93
|
+
signers = p7.signers
|
94
|
+
assert(p7.verify([], store))
|
95
|
+
assert_equal(data, p7.data)
|
96
|
+
assert_equal(2, certs.size)
|
97
|
+
assert_equal(2, signers.size)
|
98
|
+
assert_equal(@ee1_cert.serial, signers[0].serial)
|
99
|
+
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
100
|
+
assert_equal(@ee2_cert.serial, signers[1].serial)
|
101
|
+
assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
|
102
|
+
end
|
103
|
+
|
104
|
+
def test_detached_sign
|
105
|
+
store = OpenSSL::X509::Store.new
|
106
|
+
store.add_cert(@ca_cert)
|
107
|
+
ca_certs = [@ca_cert]
|
108
|
+
|
109
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
110
|
+
flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
|
111
|
+
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
|
112
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
113
|
+
a1 = OpenSSL::ASN1.decode(p7)
|
114
|
+
|
115
|
+
certs = p7.certificates
|
116
|
+
signers = p7.signers
|
117
|
+
assert(!p7.verify([], store))
|
118
|
+
assert(p7.verify([], store, data))
|
119
|
+
assert_equal(data, p7.data)
|
120
|
+
assert_equal(2, certs.size)
|
121
|
+
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
122
|
+
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
123
|
+
assert_equal(1, signers.size)
|
124
|
+
assert_equal(@ee1_cert.serial, signers[0].serial)
|
125
|
+
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
126
|
+
end
|
127
|
+
|
128
|
+
def test_enveloped
|
129
|
+
if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
|
130
|
+
# PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
|
131
|
+
# http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
|
132
|
+
return
|
133
|
+
end
|
134
|
+
|
135
|
+
certs = [@ee1_cert, @ee2_cert]
|
136
|
+
cipher = OpenSSL::Cipher::AES.new("128-CBC")
|
137
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
138
|
+
|
139
|
+
tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
|
140
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
141
|
+
recip = p7.recipients
|
142
|
+
assert_equal(:enveloped, p7.type)
|
143
|
+
assert_equal(2, recip.size)
|
144
|
+
|
145
|
+
assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s)
|
146
|
+
assert_equal(2, recip[0].serial)
|
147
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
148
|
+
|
149
|
+
assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
|
150
|
+
assert_equal(3, recip[1].serial)
|
151
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
|
152
|
+
end
|
153
|
+
|
154
|
+
def test_envelope_des3
|
155
|
+
certs = [@ee1_cert]
|
156
|
+
cipher = OpenSSL::Cipher.new("des-ede3-cbc")
|
157
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
158
|
+
tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
|
159
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
160
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
161
|
+
end
|
162
|
+
|
163
|
+
def test_envelope_nil # RC2-40-CBC by default
|
164
|
+
certs = [@ee1_cert]
|
165
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
166
|
+
tmp = OpenSSL::PKCS7.encrypt(certs, data, nil, OpenSSL::PKCS7::BINARY)
|
167
|
+
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
168
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
169
|
+
end
|
170
|
+
|
171
|
+
def test_envelope_des3_compat
|
172
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
173
|
+
cruby_envelope = <<EOP
|
174
|
+
-----BEGIN PKCS7-----
|
175
|
+
MIIBMgYJKoZIhvcNAQcDoIIBIzCCAR8CAQAxgdwwgdkCAQAwQjA9MRMwEQYKCZIm
|
176
|
+
iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
|
177
|
+
DAJDQQIBAjANBgkqhkiG9w0BAQEFAASBgECDOPwRb0Vimo3bXAypvnhB/JvHZ0hV
|
178
|
+
5CWFdAmovioiu1fnMEqawJWudznUZ1rsCKKX4qzqfvSXk+8w7IZ5rqEFoGmLRQQ+
|
179
|
+
GR8yPJnDwNyQJwRjvcX2WzJnFDFIfROb+ySu8UCmxkTd/5jB3jsREXVqSIxezTif
|
180
|
+
IT8Q8X7CCx8+MDsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIaH1JJe6+hX+AGD8E
|
181
|
+
j3/kwFY3IOUxly+lPJNEQLpWBoSHZA==
|
182
|
+
-----END PKCS7-----
|
183
|
+
EOP
|
184
|
+
p7 = OpenSSL::PKCS7.new(cruby_envelope)
|
185
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
186
|
+
#
|
187
|
+
jruby_envelope = <<EOP
|
188
|
+
-----BEGIN PKCS7-----
|
189
|
+
MIIBMAYJKoZIhvcNAQcDoIIBITCCAR0CAQAxgdowgdcCAQAwQjA9MRMwEQYKCZIm
|
190
|
+
iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
|
191
|
+
DAJDQQIBAjALBgkqhkiG9w0BAQEEgYBqCQY/oP0Gv1XbAJ5HjZ9HNZN9gBFlmMDx
|
192
|
+
fb9YWDQZH24KrTUEssr6jyJuyMsONTdaYWIfG/RWHxw970AkXUXcXDeO8Ze+vSVh
|
193
|
+
8tohLGLTsBKdvizuC/5jFHLAoNaa5qJZEFanmqMXlO5HiImUZB2BHwJddRuRTg0y
|
194
|
+
UuAnFtLd+DA7BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECP1rHLNHCtyWgBgFQDex
|
195
|
+
XDgcukPOkDwRcUQJAKu3x5HtQpw=
|
196
|
+
-----END PKCS7-----
|
197
|
+
EOP
|
198
|
+
p7 = OpenSSL::PKCS7.new(jruby_envelope)
|
199
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
200
|
+
end
|
201
|
+
|
202
|
+
def test_envelope_aes_compat
|
203
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
204
|
+
cruby_envelope = <<EOP
|
205
|
+
-----BEGIN PKCS7-----
|
206
|
+
MIICIAYJKoZIhvcNAQcDoIICETCCAg0CAQAxggG4MIHZAgEAMEIwPTETMBEGCgmS
|
207
|
+
JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
|
208
|
+
AwwCQ0ECAQIwDQYJKoZIhvcNAQEBBQAEgYCHIMVl+WKzjnTuslePlItMq4A+klIZ
|
209
|
+
rU+5U0UvaOPPpr2UgjD3J1OL09W19De7pKNSSZUd0QWQBB3IG4IzefWzYxt2ejZY
|
210
|
+
rJDO/wdHa6Mdq1ZsdbLP1sIRxTyWskc3O8VJvo5boFG/bZxLHA6CPnhifnfqEkkq
|
211
|
+
wVbjAbBGI61HxTCB2QIBADBCMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJ
|
212
|
+
kiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBAgEDMA0GCSqGSIb3DQEB
|
213
|
+
AQUABIGASvO7jsPCAB/TcRgmIKEHRDqPThQrSAJRE+uDVeiPlIHsCaUDspGX8niH
|
214
|
+
4+UPsLhdd6H68Ecay93Hi78SYR/w0NbrwwMBGRlU3/AFhq/OseosuBb303mAqnoz
|
215
|
+
kU6qlNwJuy/4NIReldsaVJJuZ4nkEBfZAw+99Mxh7IQYx069fwIwTAYJKoZIhvcN
|
216
|
+
AQcBMB0GCWCGSAFlAwQBAgQQf1IrOpN2OmqMHz1t7biX/oAgubIiBzarCuTKPMby
|
217
|
+
eg4/+hy0xJsT0IkF1O0G1XTOWcE=
|
218
|
+
-----END PKCS7-----
|
219
|
+
EOP
|
220
|
+
p7 = OpenSSL::PKCS7.new(cruby_envelope)
|
221
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
222
|
+
#
|
223
|
+
jruby_envelope = <<EOP
|
224
|
+
-----BEGIN PKCS7-----
|
225
|
+
MIICHAYJKoZIhvcNAQcDoIICDTCCAgkCAQAxggG0MIHXAgEAMEIwPTETMBEGCgmS
|
226
|
+
JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
|
227
|
+
AwwCQ0ECAQIwCwYJKoZIhvcNAQEBBIGAg0Yz54LwCKM9l128jjh0FlA5Wvzfsjd2
|
228
|
+
S3dYESzxnxqdhKkSDya16lkYyZZ+aVWmC8XOgkGGwGJTudq3gGn2p3wsgx63J4Ar
|
229
|
+
PfslsDslIaddp8op4i+ifDi15qCjWXIyQaYMSN/DsFN8DlB8jMjPAlQO3MFtifb2
|
230
|
+
D7vFjLjSrogwgdcCAQAwQjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZIm
|
231
|
+
iZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQQIBAzALBgkqhkiG9w0BAQEE
|
232
|
+
gYCfAEL80vCsFo9kalePlb73lL2iDPbbDfjpWs0nnlXX8BhS/H781kvUkDpwl/qT
|
233
|
+
9KcFCaPGJ2IYgEjys6VPK9ho/hIIIz+BX8MIuWbweQTn1Y0TTlTL91Zr66xyZP1p
|
234
|
+
zyStG6Zc1u26hiX31hk1P6ihhhXu+I5bserKNYUnYsxJSjBMBgkqhkiG9w0BBwEw
|
235
|
+
HQYJYIZIAWUDBAECBBD42Hndr47SEdUoc6SWOKsbgCCylxb34kE14eBc9nN9MnC+
|
236
|
+
SaVrDPgso584FIimP6o+Fw==
|
237
|
+
-----END PKCS7-----
|
238
|
+
EOP
|
239
|
+
p7 = OpenSSL::PKCS7.new(jruby_envelope)
|
240
|
+
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
241
|
+
end
|
242
|
+
|
243
|
+
def test_signed_compat
|
244
|
+
=begin
|
245
|
+
# how to generate signature
|
246
|
+
ca_certs = [@ca_cert]
|
247
|
+
data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
|
248
|
+
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
|
249
|
+
puts tmp
|
250
|
+
=end
|
251
|
+
cruby_sign = <<EOP
|
252
|
+
-----BEGIN PKCS7-----
|
253
|
+
MIIILgYJKoZIhvcNAQcCoIIIHzCCCBsCAQExCzAJBgUrDgMCGgUAMCQGCSqGSIb3
|
254
|
+
DQEHAaAXBBVhYWFhYQ0KYmJiYmINCmNjY2NjDQqgggZBMIIC4TCCAcmgAwIBAgIB
|
255
|
+
AjANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZIm
|
256
|
+
iZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAeFw0wOTEyMTYxNTQ1MzRa
|
257
|
+
Fw0wOTEyMTYxNjE1MzRaMD4xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJ
|
258
|
+
k/IsZAEZFglydWJ5LWxhbmcxDDAKBgNVBAMMA0VFMTCBnzANBgkqhkiG9w0BAQEF
|
259
|
+
AAOBjQAwgYkCgYEAy8LEsNRApz7U/j5DoB4XBgO9Z8Atv5y/OVQRp0ag8Tqo1Yew
|
260
|
+
sWijxEWB7JOATwpBN267U4T1nPZIxxEEO7n/WNa2ws9JWsjah8ssEBFSxZqdXKSL
|
261
|
+
f0N4Hi7/GQ/aYoaMCiQ8jA4jegK2FJmXM71uPe+jFN/peeBOpRfyXxRFOYcCAwEA
|
262
|
+
AaNvMG0wDgYDVR0PAQH/BAQDAgXgMB8GA1UdIwQYMBaAFJc5ncP7zbqPVAyQe0Y/
|
263
|
+
6tZDdbHLMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwMw
|
264
|
+
EQYJYIZIAYb4QgEBBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4IBAQB9jL0H9qAeWZmA
|
265
|
+
lmEr7WbVibFwod6ZgNmbFhoP6a9PANDdYwp1EQ7J2o3Dzw1hNjsxDVE5uf3qgA0F
|
266
|
+
df/YoFkfi4xoL1pKdZv9ZMOlctC1po7MbFakjeHdxMtdIM70DMxbS4o4HzXrKtC3
|
267
|
+
of1SmKh+g+r4R1YHCrbBCspEX+s2Y4mKD0IP0XkVvv1d4YICAnKYGCYEC9OS4fr7
|
268
|
+
JPB2cL1yXnjPL0OOvSeAOC2uIkDq1SVZk6Xq4sSaHAKwBNGg0HrqOhrdgcB0Ftpi
|
269
|
+
7Paty9PUmSIjoqre/WzfGNF1MrtTC0wf0PDw/aUzWgInlIXJhcbJOMyhWM/SO5ok
|
270
|
+
50rcYfObMIIDWDCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZIm
|
271
|
+
iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
|
272
|
+
DAJDQTAeFw0wOTEyMTYxNTQ1MzRaFw0wOTEyMTYxNjQ1MzRaMD0xEzARBgoJkiaJ
|
273
|
+
k/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMM
|
274
|
+
AkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38j
|
275
|
+
OXvvTKY9gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+
|
276
|
+
Slp1enenfzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5
|
277
|
+
mrJVSrWmqbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+
|
278
|
+
X8xdW5v68JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE02
|
279
|
+
7E5lyAVX9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoM
|
280
|
+
cH+94wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
|
281
|
+
BgNVHQ4EFgQUlzmdw/vNuo9UDJB7Rj/q1kN1scswHwYDVR0jBBgwFoAUlzmdw/vN
|
282
|
+
uo9UDJB7Rj/q1kN1scswDQYJKoZIhvcNAQEFBQADggEBAFa1X5xX5+NlXOI3z2vh
|
283
|
+
Vp9tPvIAtftqkhdMbfS1dAAIIZKVLPfvQ+ZLqx/AzQXmDajg3Pg9YoBB3RRDx1xh
|
284
|
+
A9ECO4Lpbv5fYAkIul6XQ2D3U1IjnkhdfYHcU5iRl58nhjlDNd+3vOp1/h9D9Pp6
|
285
|
+
lRILuFCoRcOogcXzChuDA06CDbMao1dDcwdNe1SdV54hzZs1DVqoKIjj4182HUST
|
286
|
+
getU2RDFXh76VtF35iYDzdA+iCAWOqXSMAq7GnZJvL//0Ndffc7Oc6QXCicwiUSw
|
287
|
+
Wrj72gEakBOeC8XxlYaP7TSXFkasdg1Eccz7+U6LgWaYrgwgTdGXarT3ewjs/mvb
|
288
|
+
sgsxggGcMIIBmAIBATBCMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJ
|
289
|
+
k/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBAgECMAkGBSsOAwIaBQCggbEw
|
290
|
+
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkxMjE2
|
291
|
+
MTU0NTM0WjAjBgkqhkiG9w0BCQQxFgQUTqRiQxhezJlftad5eZ6u7hNacV0wUgYJ
|
292
|
+
KoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI
|
293
|
+
hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAE
|
294
|
+
gYCMPxJNaR29Yeo/3JWtUTTRq+IlUWHP4bHoZJHQzyFkFPS3fk+9q9KjlTcFY1rT
|
295
|
+
YbBOUD+QxwU/jlks6Y5PZByIpnWvVy0RujcCzGcMyEY6xKBBkps9X5VuezMB0nbW
|
296
|
+
xM2k+0e3B7V0KU8fMcO8Ajq9jGn8/hVixbUkyvhq3Xx2Nw==
|
297
|
+
-----END PKCS7-----
|
298
|
+
EOP
|
299
|
+
jruby_sign = <<EOP
|
300
|
+
-----BEGIN PKCS7-----
|
301
|
+
MIIIKAYJKoZIhvcNAQcCoIIIGTCCCBUCAQExCTAHBgUrDgMCGjAkBgkqhkiG9w0B
|
302
|
+
BwGgFwQVYWFhYWENCmJiYmJiDQpjY2NjYw0KoIIGQTCCAuEwggHJoAMCAQICAQIw
|
303
|
+
DQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT
|
304
|
+
8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwHhcNMDkxMjE2MTU0NjE5WhcN
|
305
|
+
MDkxMjE2MTYxNjE5WjA+MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
|
306
|
+
LGQBGRYJcnVieS1sYW5nMQwwCgYDVQQDDANFRTEwgZ8wDQYJKoZIhvcNAQEBBQAD
|
307
|
+
gY0AMIGJAoGBAMvCxLDUQKc+1P4+Q6AeFwYDvWfALb+cvzlUEadGoPE6qNWHsLFo
|
308
|
+
o8RFgeyTgE8KQTduu1OE9Zz2SMcRBDu5/1jWtsLPSVrI2ofLLBARUsWanVyki39D
|
309
|
+
eB4u/xkP2mKGjAokPIwOI3oCthSZlzO9bj3voxTf6XngTqUX8l8URTmHAgMBAAGj
|
310
|
+
bzBtMA4GA1UdDwEB/wQEAwIF4DAfBgNVHSMEGDAWBBSXOZ3D+826j1QMkHtGP+rW
|
311
|
+
Q3WxyzAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMDMBEG
|
312
|
+
CWCGSAGG+EIBAQQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAZPqFEX/azn4squHn
|
313
|
+
mh+o3tulK/XqdnPA+mx+yvhg53QqWewpSeNQnhH/Y/wnGva6bEFqDd7WTlhkSp0P
|
314
|
+
2qtCP3C5MI2aLPZBUjFJq6cxEC+CUAD7ggIoV8/Z3XCGOa1z/m+QKpBq5t13Hewb
|
315
|
+
Kd8Ab5lojN15XYyLFQ8wJsrkvjA+z943Ux+4aAv2DoOv0Y+GuvgOuqNCs+frZYHR
|
316
|
+
OdOsnhg48A+UsjlLh5wsHzsZEMmtEfP59TdCZ/HbW2WIbdoij+GsK3uoITjhLNyO
|
317
|
+
RK/XeuBwnaksrBiIeCfVQxNHriTPL/4xolOAWVtlhJOj+i8iMPJnbi9M3lVO5fLd
|
318
|
+
9ShiZDCCA1gwggJAoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT
|
319
|
+
8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwC
|
320
|
+
Q0EwHhcNMDkxMjE2MTU0NjE4WhcNMDkxMjE2MTY0NjE4WjA9MRMwEQYKCZImiZPy
|
321
|
+
LGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJD
|
322
|
+
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlfYbfSe5ODQbN/Izl7
|
323
|
+
70ymPYFvJyyAkp6ORBE0dXLhe4uKTbPSNUCRgBQF9ARDuCm815rjr3wqQ9wlPkpa
|
324
|
+
dXp3p386v7f3v9SEVtMJCVCVBUIoJ+Ara5CS/j9O8sdfFI8j5QV2/NQKRJgAeZqy
|
325
|
+
VUq1pqm47NOyW7kuEEBhly3Pkrveg5GCpkjVYwYi8VVUqcmXwGN4Q9+3etLhvl/M
|
326
|
+
XVub+vCZERSIXRpW+iS/H5ZX/wP25TcHSToVa/ZhEh4cBo8H0nkwz33fGSxNNuxO
|
327
|
+
ZcgFV/SmWHFNNJjl/n3cTkpxqkv/CQ0YdBDxwy9eUXCY1dier2Yz29KzmBg6DHB/
|
328
|
+
veMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
|
329
|
+
VR0OBBYEFJc5ncP7zbqPVAyQe0Y/6tZDdbHLMB8GA1UdIwQYMBYEFJc5ncP7zbqP
|
330
|
+
VAyQe0Y/6tZDdbHLMA0GCSqGSIb3DQEBBQUAA4IBAQBK/6fISsbbIY1uCX4WMENG
|
331
|
+
V1dCmDAFaZwgewhg09n3rgs4lWKVOWG6X57oML9YSVuz05kkFaSIox+vi36awVf6
|
332
|
+
7YY0V+JdNEQRle/0ptLxmEY8gGD1HvM8JAsQdotMl6hFfzMQ8Uu0IHePYFMyU9aU
|
333
|
+
9Z4k1kCEPc222Uyt7whCWHloWMgjKNeCRjMLUvw9HUxGeq/2Y+t8d65SrqsxpHJd
|
334
|
+
dszJvG+fl0UPoAdB0c4jCGWIzfoGP74CXVAGcuuFZlImmV5cY0+sDo7dtwRDp0DF
|
335
|
+
307/n8+qlsMqpIummFV2mhZTGrtgW+bTZSYQsSJTJZ6nK3c0rQCH4wyUP3rBNhRf
|
336
|
+
MYIBmDCCAZQCAQEwQjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
|
337
|
+
LGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQQIBAjAHBgUrDgMCGqCBsTAYBgkq
|
338
|
+
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ2
|
339
|
+
MTlaMCMGCSqGSIb3DQEJBDEWBBROpGJDGF7MmV+1p3l5nq7uE1pxXTBSBgkqhkiG
|
340
|
+
9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
|
341
|
+
AgIBQDANBggqhkiG9w0DAgIBKDAHBgUrDgMCBzALBgkqhkiG9w0BAQEEgYBygH60
|
342
|
+
/1zLRnXaPKh8fTaQtQCTobefRqGLxbWJaTmO83UeDEmS8HXyr6t5KkZ4qZL6BA50
|
343
|
+
bQSlVx3I9SiqevP0vEiXGzmb4m1blFzdH5HHZk4ZUWqWYyTqOdXTSfwFp53VAUhi
|
344
|
+
9d8f3IBfFoxCvORtzYZKCzW/ZRvEqBO3xJlVuQ==
|
345
|
+
-----END PKCS7-----
|
346
|
+
EOP
|
347
|
+
store = OpenSSL::X509::Store.new
|
348
|
+
store.add_cert(@ca_cert)
|
349
|
+
# just checks pubkey's n to avoid certificate expiration.
|
350
|
+
# this test is for PKCS#7, not for certificate verification.
|
351
|
+
store.verify_callback = proc { |ok, ctx|
|
352
|
+
# !! CAUTION: NEVER DO THIS KIND OF NEGLIGENCE !!
|
353
|
+
[@ca_cert.public_key.n, @ee1_cert.public_key.n].include?(ctx.current_cert.public_key.n)
|
354
|
+
# should return 'ok' here
|
355
|
+
}
|
356
|
+
|
357
|
+
p7 = OpenSSL::PKCS7.new(cruby_sign)
|
358
|
+
assert(p7.verify([], store))
|
359
|
+
|
360
|
+
p7 = OpenSSL::PKCS7.new(jruby_sign)
|
361
|
+
assert(p7.verify([], store))
|
362
|
+
end
|
363
|
+
|
364
|
+
def test_detached_sign_compat
|
365
|
+
=begin
|
366
|
+
# how to generate signature
|
367
|
+
ca_certs = [@ca_cert]
|
368
|
+
flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
|
369
|
+
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
|
370
|
+
puts tmp
|
371
|
+
=end
|
372
|
+
cruby_sign = <<EOP
|
373
|
+
-----BEGIN PKCS7-----
|
374
|
+
MIIIFQYJKoZIhvcNAQcCoIIIBjCCCAICAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
|
375
|
+
DQEHAaCCBkEwggLhMIIByaADAgECAgECMA0GCSqGSIb3DQEBBQUAMD0xEzARBgoJ
|
376
|
+
kiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNV
|
377
|
+
BAMMAkNBMB4XDTA5MTIxNjE1NDkyN1oXDTA5MTIxNjE2MTkyN1owPjETMBEGCgmS
|
378
|
+
JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzEMMAoGA1UE
|
379
|
+
AwwDRUUxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLwsSw1ECnPtT+PkOg
|
380
|
+
HhcGA71nwC2/nL85VBGnRqDxOqjVh7CxaKPERYHsk4BPCkE3brtThPWc9kjHEQQ7
|
381
|
+
uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/Q3geLv8ZD9pihowKJDyMDiN6ArYUmZcz
|
382
|
+
vW4976MU3+l54E6lF/JfFEU5hwIDAQABo28wbTAOBgNVHQ8BAf8EBAMCBeAwHwYD
|
383
|
+
VR0jBBgwFoAUlzmdw/vNuo9UDJB7Rj/q1kN1scswJwYDVR0lBCAwHgYIKwYBBQUH
|
384
|
+
AwIGCCsGAQUFBwMEBggrBgEFBQcDAzARBglghkgBhvhCAQEEBAMCBaAwDQYJKoZI
|
385
|
+
hvcNAQEFBQADggEBAJ4qQEkUVLW7s3JNKWVOxDwPmDGQsN9uG5ULT3ub76gaC8XH
|
386
|
+
Ljh59zzN2o3bJ5yH4oW+zejcDtGP2R2RBDCu5X7uuLhEbjv4xarSSgLeQHAXhEXa
|
387
|
+
pXY3nXa6DM6HVWKL176FQfN+B7ouejR17ESeMMVAgYjTrr7jjVpaZxXGKXnLeqVv
|
388
|
+
qd4TojjibzoeRw7BxIjmoa+74KO+N6Z+d0R5bNBh+40HyTpCww0O7RjGsOV2ANxW
|
389
|
+
sPREa3KmGmKdlyXsZP1VJyBDymSJSee1zCYmmc+S532+537ygGZEGk8FysRtJXPc
|
390
|
+
71XhPEXMjimn3wVSt1jPhzk4HmXoYwcCI2pKVfMwggNYMIICQKADAgECAgEBMA0G
|
391
|
+
CSqGSIb3DQEBBQUAMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/Is
|
392
|
+
ZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMB4XDTA5MTIxNjE1NDkyNloXDTA5
|
393
|
+
MTIxNjE2NDkyNlowPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixk
|
394
|
+
ARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
395
|
+
DwAwggEKAoIBAQC5X2G30nuTg0GzfyM5e+9Mpj2BbycsgJKejkQRNHVy4XuLik2z
|
396
|
+
0jVAkYAUBfQEQ7gpvNea4698KkPcJT5KWnV6d6d/Or+397/UhFbTCQlQlQVCKCfg
|
397
|
+
K2uQkv4/TvLHXxSPI+UFdvzUCkSYAHmaslVKtaapuOzTslu5LhBAYZctz5K73oOR
|
398
|
+
gqZI1WMGIvFVVKnJl8BjeEPft3rS4b5fzF1bm/rwmREUiF0aVvokvx+WV/8D9uU3
|
399
|
+
B0k6FWv2YRIeHAaPB9J5MM993xksTTbsTmXIBVf0plhxTTSY5f593E5KcapL/wkN
|
400
|
+
GHQQ8cMvXlFwmNXYnq9mM9vSs5gYOgxwf73jAgMBAAGjYzBhMA8GA1UdEwEB/wQF
|
401
|
+
MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSXOZ3D+826j1QMkHtGP+rW
|
402
|
+
Q3WxyzAfBgNVHSMEGDAWgBSXOZ3D+826j1QMkHtGP+rWQ3WxyzANBgkqhkiG9w0B
|
403
|
+
AQUFAAOCAQEAicOGMs494jNo6buyvWgYwCMEHTgf8snOR6F5Xs7R4CsIfF+Y1Q8S
|
404
|
+
urL2ZrabYP0bWNZO0eYyUwNi9QCYn8n5UsYPu5HoC04maVlimAnf8kUoWK4/Es4F
|
405
|
+
0geMJGG7TOn17aQYj4v8CMBuYBAuO/poQgbpjxZnNLBqSkWz3uSl+LF6Zwlu/jIa
|
406
|
+
jcRNTix/soQwTO02EtG3ZhNFmSLwL4cMljjXHuVgTl++mO7w/3qzGgtldkot9W87
|
407
|
+
pnx0u9UgZkgsRVhIkvSsTNaTe0ylA3Lqa5COd89PrCjm66IdAjyND3puWP4etFP6
|
408
|
+
ycc7rtc0302ndadSEJRgul9pFJ4xtuAN5jGCAZwwggGYAgEBMEIwPTETMBEGCgmS
|
409
|
+
JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
|
410
|
+
AwwCQ0ECAQIwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
|
411
|
+
MBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ5MjdaMCMGCSqGSIb3DQEJBDEWBBT2
|
412
|
+
oG8gOR1i/LHuubBgBOVTjSF6lzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH
|
413
|
+
MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
|
414
|
+
9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgCPxDWHnvO3pMg0XUDGtisZgbjFG+sJy
|
415
|
+
brFi2QG0IR+iQ6kOrBWkBW15SDgj0te1ze6ddLx3VT0aaOHMzGS103oWQT6l+xqV
|
416
|
+
C+A/FA5O+hefjqusgl289gFvApuGVSaMisHBcMAN059E1rsSTnG3LoHqkKjOgKkJ
|
417
|
+
zyAlR+YeT270
|
418
|
+
-----END PKCS7-----
|
419
|
+
EOP
|
420
|
+
jruby_sign = <<EOP
|
421
|
+
-----BEGIN PKCS7-----
|
422
|
+
MIIIEwYJKoZIhvcNAQcCoIIIBDCCCAACAQExCTAHBgUrDgMCGjAPBgkqhkiG9w0B
|
423
|
+
BwGgAgQAoIIGQTCCAuEwggHJoAMCAQICAQIwDQYJKoZIhvcNAQEFBQAwPTETMBEG
|
424
|
+
CgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkG
|
425
|
+
A1UEAwwCQ0EwHhcNMDkxMjE2MTU0OTU3WhcNMDkxMjE2MTYxOTU3WjA+MRMwEQYK
|
426
|
+
CZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQwwCgYD
|
427
|
+
VQQDDANFRTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvCxLDUQKc+1P4+
|
428
|
+
Q6AeFwYDvWfALb+cvzlUEadGoPE6qNWHsLFoo8RFgeyTgE8KQTduu1OE9Zz2SMcR
|
429
|
+
BDu5/1jWtsLPSVrI2ofLLBARUsWanVyki39DeB4u/xkP2mKGjAokPIwOI3oCthSZ
|
430
|
+
lzO9bj3voxTf6XngTqUX8l8URTmHAgMBAAGjbzBtMA4GA1UdDwEB/wQEAwIF4DAf
|
431
|
+
BgNVHSMEGDAWBBSXOZ3D+826j1QMkHtGP+rWQ3WxyzAnBgNVHSUEIDAeBggrBgEF
|
432
|
+
BQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIFoDANBgkq
|
433
|
+
hkiG9w0BAQUFAAOCAQEAAVeRavmpW+ez0dpDs1ksEZSKIr+JQHPIfgyF1P0x/uLH
|
434
|
+
tkUssR1puDsYB9bWQncYz2PyFzDdXHUneKLu01hSrY9fS85S3w/sa6scGtMD1SDS
|
435
|
+
Ptm93a67pvNoXY8rrdW67Wughyix78TOpe7F/D8tLxm7dRfZVLCtV/OIgnjTKK36
|
436
|
+
NNBAX4Ef0+43EDUZYQIbEudqcjjYN0Dti0dH4FuUW5PPTAs9nuNfkAWr0hTyBwlC
|
437
|
+
qhlgFY3ParJ9Yug7BVZj99vrI4F9KFzWkoSd5pIl+mR1aNQ3uQgks7aNqnZ8PeJo
|
438
|
+
gP9zcZqZniuj7sa92t1bPxn5JmLy+vnxeWiQPw8fhDCCA1gwggJAoAMCAQICAQEw
|
439
|
+
DQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT
|
440
|
+
8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwHhcNMDkxMjE2MTU0OTU3WhcN
|
441
|
+
MDkxMjE2MTY0OTU3WjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
|
442
|
+
LGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTCCASIwDQYJKoZIhvcNAQEBBQAD
|
443
|
+
ggEPADCCAQoCggEBALlfYbfSe5ODQbN/Izl770ymPYFvJyyAkp6ORBE0dXLhe4uK
|
444
|
+
TbPSNUCRgBQF9ARDuCm815rjr3wqQ9wlPkpadXp3p386v7f3v9SEVtMJCVCVBUIo
|
445
|
+
J+Ara5CS/j9O8sdfFI8j5QV2/NQKRJgAeZqyVUq1pqm47NOyW7kuEEBhly3Pkrve
|
446
|
+
g5GCpkjVYwYi8VVUqcmXwGN4Q9+3etLhvl/MXVub+vCZERSIXRpW+iS/H5ZX/wP2
|
447
|
+
5TcHSToVa/ZhEh4cBo8H0nkwz33fGSxNNuxOZcgFV/SmWHFNNJjl/n3cTkpxqkv/
|
448
|
+
CQ0YdBDxwy9eUXCY1dier2Yz29KzmBg6DHB/veMCAwEAAaNjMGEwDwYDVR0TAQH/
|
449
|
+
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJc5ncP7zbqPVAyQe0Y/
|
450
|
+
6tZDdbHLMB8GA1UdIwQYMBYEFJc5ncP7zbqPVAyQe0Y/6tZDdbHLMA0GCSqGSIb3
|
451
|
+
DQEBBQUAA4IBAQBxj2quNTT3/vKTM6bFtEDmXUcruEnbM+VQ1oaDGc8Zh1c/0GIh
|
452
|
+
l4AGnoD611tdUazZbz7EtLLwfjhEFFJtwxro4Hdc0YEeBwO/ehx8mdclbMzbfQVF
|
453
|
+
l+wyPpcsWYH8aRAZ/AKY31lS/vPp/vDOJ+SAkYgT3f3g8NCOLCXeivkWze5CDzME
|
454
|
+
Qj9GGl8BzhxQAMwzXVkmBNmdsTBlpWE1fJBUNCyvFLVRn09LphQ2SDOXr16af9v0
|
455
|
+
4K8WBTi0/qYcrGvgpl5DIqOg0bfjEwz9Ze5XKa1aem0DdEcM91eEbe5VkakIXvTX
|
456
|
+
0jUoDm9R5iJ7fAt+vmW/Kcif4VK/nDzJnPx+MYIBmDCCAZQCAQEwQjA9MRMwEQYK
|
457
|
+
CZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYD
|
458
|
+
VQQDDAJDQQIBAjAHBgUrDgMCGqCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
|
459
|
+
MBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ5NTdaMCMGCSqGSIb3DQEJBDEWBBT2
|
460
|
+
oG8gOR1i/LHuubBgBOVTjSF6lzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH
|
461
|
+
MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDAH
|
462
|
+
BgUrDgMCBzALBgkqhkiG9w0BAQEEgYBPjfO6ZkzbNhlRI9Y58QpOxdqdF/NmWBJE
|
463
|
+
rYoqlDUeMcH5RHb+MLUBEeo666u0xIXYzG9CWrlVjJa42FDNEl5sGRB1Oic6LNIB
|
464
|
+
YBFvB2CAX9R3+d34WMLXKwl6ikeN6VVud+TeB5SpLR/hltWIb1FJMeJ4wM8fNI/t
|
465
|
+
RfHXsdxTuA==
|
466
|
+
-----END PKCS7-----
|
467
|
+
EOP
|
468
|
+
data = "aaaaa\nbbbbb\nccccc\n"
|
469
|
+
store = OpenSSL::X509::Store.new
|
470
|
+
store.add_cert(@ca_cert)
|
471
|
+
# just checks pubkey's n to avoid certificate expiration.
|
472
|
+
# this test is for PKCS#7, not for certificate verification.
|
473
|
+
store.verify_callback = proc { |ok, ctx|
|
474
|
+
# !! CAUTION: NEVER DO THIS KIND OF NEGLIGENCE !!
|
475
|
+
[@ca_cert.public_key.n, @ee1_cert.public_key.n].include?(ctx.current_cert.public_key.n)
|
476
|
+
# should return 'ok' here
|
477
|
+
}
|
478
|
+
|
479
|
+
p7 = OpenSSL::PKCS7.new(cruby_sign)
|
480
|
+
assert(!p7.verify([], store))
|
481
|
+
assert(p7.verify([], store, data))
|
482
|
+
|
483
|
+
p7 = OpenSSL::PKCS7.new(jruby_sign)
|
484
|
+
assert(!p7.verify([], store))
|
485
|
+
assert(p7.verify([], store, data))
|
486
|
+
end
|
487
|
+
end
|
488
|
+
|
489
|
+
end
|