jruby-openssl 0.2.3 → 0.3

data/lib/jopenssl/version.rb

@@ -1,5 +1,5 @@
 module Jopenssl
   module Version
-    VERSION = "0.2.3"
+    VERSION = "0.3"
   end
 end

data/test/fixture/cacert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsSgAwIBAgIBADANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEJ
+MAcGA1UECgwAMRkwFwYDVQQLDBBwb2xhcmZveC1sYXB0b3AKMQswCQYDVQQDDAJD
+QTAeFw0wODA0MjkxNTIzNDlaFw0xMzA0MjgxNTIzNDlaMEAxCzAJBgNVBAYTAlVT
+MQkwBwYDVQQKDAAxGTAXBgNVBAsMEHBvbGFyZm94LWxhcHRvcAoxCzAJBgNVBAMM
+AkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUxEs2y3huzcV+Z9
+VqCJ7CZQn3pE25Gmc+mHyrDfjX65hUsfd0oTWMlGGXHTH3kas25rq4s7iznhLJRM
+b4OUAdSjlIdWLQVe/N9i3MuekHKIcNoiKKtN2IDjIdnveMr65p2BaGKPYrwVASWE
+tj2T4tLplfWqUYv1TPJBcpLSt1zxlAeXhUn7z5h1gMrN0YUCWwPnz8gEhnMsmW8n
+Ev5um8niq8cqC1BDtHtYpKgLNJ5TKG7dnsquX9PIe22xVz936Ga20ScS9VU8QYod
+rPjDq9aT4tGqOJVv2HhUPlRqv3pVahxLQoi8fFXOzuCgzYJZFswqo8KijXlQrYfB
+7sIU0wIDAQABo4HgMIHdMA8GA1UdEwEB/wQFMAMBAf8wMQYJYIZIAYb4QgENBCQW
+IlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOA5
+LUlqCS/CSv0hsB1yVrvE/SfNMA4GA1UdDwEB/wQEAwIBBjBoBgNVHSMEYTBfgBTg
+OS1Jagkvwkr9IbAdcla7xP0nzaFEpEIwQDELMAkGA1UEBhMCVVMxCTAHBgNVBAoM
+ADEZMBcGA1UECwwQcG9sYXJmb3gtbGFwdG9wCjELMAkGA1UEAwwCQ0GCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBAAVa+1G09IwMedFGWGp7mHr8NS+xcXGmQq4g2NsJV0f4
+Aw+K6F7Km65xIUTjO9rfiFmuggT3KeSo/gsRwmRwPRQQWv3Lxv3bvcWyhZ9RMo3V
+5PMQRwJnc5cM4CGACjmusK62v36zrtXJlvNM8fGNSn7tF5i+1Wo4hKJoDwIpKN9X
+tjg1FfQdUsqnLWCFU50vZFM2UwLJczVk+8TAcd9LfZpakMNY7RbGxL4izhAojTow
+M3LieY0bNg9T+8R0A/QtAgImx3SzrLJqKspPZK7cAaXrfvnRQuOzEdTnTloS9VbE
+jjwmik9rpqUfcCtTS2gzqhKaR/HJ4nUiiNbT9pwRp68=
+-----END CERTIFICATE-----

data/test/fixture/cert_localhost.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDETCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEJ
+MAcGA1UECgwAMRkwFwYDVQQLDBBwb2xhcmZveC1sYXB0b3AKMQswCQYDVQQDDAJD
+QTAeFw0wODA0MjkxNTIzNTBaFw0wOTA0MjkxNTIzNTBaMFQxCzAJBgNVBAYTAlVT
+MQkwBwYDVQQKDAAxGTAXBgNVBAsMEHBvbGFyZm94LWxhcHRvcAoxCzAJBgNVBAsM
+AkNBMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBALwjGdTLBORgDSx56V5Pr2eykXmxNeZ6/MG/KZcjHxE8F5v5MWrwqIE1RURv
+WGruSh3KNjusP/EeofmHYlgXGMsED5JSVMe9jRH+ewG4dNwcqQPbeGhUE0L3F7Ls
+AaR9m9jsDT5ZIu5uNipbbCf3Z7Z3VkDu5RMn0QYt3gP3Y0TTAgMBAAGjgYUwgYIw
+DAYDVR0TAQH/BAIwADAxBglghkgBhvhCAQ0EJBYiUnVieS9PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHoNAq7GhjaikqPHGtiwGCPMoDysw
+CwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUA
+A4IBAQAgPF1pOQCLFr4YlXzrXV8ieptCNBPMfSjx1V6sxf+1RYhfPabnvV7vaRvj
+0WiPdtdUjBTqaDPohHI9ucyrX6CgcPqtmXcH0XxHkPNZB71DIE78DO+DbFtxKt3I
+tAEGLooERC1ZFiWbWkCdKFcwfqn+5CoN/PYulWmhwOoHrEeQU41coLHFZZjwPYga
+cJSKY4YoCkyYW28MrjMwA4DnGDCgUPENSxZumbW+XEt9IbtZ5eWou9w33BAa33L8
+L6p7CISUJmghVyfVIjVii3fC/CpS6lnL1XB1TNN9P4W3QRJR18gOlXWkPCS7vKF0
+03tfXiG1SDx4vShLX3Go9++cYUVj
+-----END CERTIFICATE-----

data/test/fixture/localhost_keypair.pem

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A4D3615618A2B1CF
+
+FPXTNlUO1RcNmNhLp+oNC0JIAInRE7p6OWBBuBGSyfRr891IZnFkGMzxlnZsvHmh
+TKTq2rVcN3yHK4bc+6vQkc2JZMp7nB04RHU3vBwy29k7Tyz8Ee+RQwBSOahNfDt+
+mJTArnDidmMcpxb3lCLbuxjM9IqCC4PWaNloCGslZb/qlwNUdAeFdQsiFBrdn2SY
+XQySczZnVBzQJv0YjlVJ6guBFtCjnCp8yUaOfIOfOUEgC1hCpjv41tfGDF2+eCiq
+4gEVB4D7Wy0s0kFf3icuhxSYcZLavpLa3dg8pG5YhoX9a+M+1164cTo+fbIdMUp7
+zrzIVSWPcgPzypjGPj/Vfo3K6B/XygLhxhL3Nf+3UVixLRERk0yBksLqPDsfifkj
+BDzMsD3vI4BteZUsbnae/w+LT3VFP+BrkhTUxvPZMzDlS8KKr50cm9Ubbx1R/beY
+uNPx7YyH8oqt70VAciqKL0G2q9DFAfjpqnLaH2toM0vp6iVG4JmI49DFgrV1AHBb
+hrn1FcmkhATfEFMbnm+hpadQxnMzPh/YB1yg7yiuicrJdTs5CJQPp5H0ES0AQhlg
+dYxGoggTic7T586JIpF9YG1yvrau5kVsbP0kqOfHR6BB7hU1XXvQeIa6GSfZVNZY
+zG6u715WH7hrQoXFAGxF6/wd575M2mLQpOWKRKvE/jrsSQHUy4vryQfozaPwPskx
+r+vXVZp9T5XiGx9Bm9m0wwTYYIRo2b7KsD5rjY0D0ZhemjPhKy6B89Y2NLYxuF8j
+kH0ockiSgexYGvWAkhh/5dxR+zCzqmKI6KFpYPkAfOfuvGqggJ3g2Q==
+-----END RSA PRIVATE KEY-----

data/test/openssl/test_cipher.rb

@@ -1,3 +1,10 @@
+if defined?(JRUBY_VERSION)
+  require "java"
+  base = File.join(File.dirname(__FILE__), '..', '..')
+  $CLASSPATH << File.join(base, 'pkg', 'classes')
+  $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
+end
+
 begin
   require "openssl"
 rescue LoadError

data/test/openssl/test_pkcs7.rb

@@ -0,0 +1,159 @@
+if defined?(JRUBY_VERSION)
+  require "java"
+  $CLASSPATH << 'pkg/classes'
+  $CLASSPATH << 'lib/bcprov-jdk14-139.jar'
+end
+begin
+  require "openssl"
+  require File.join(File.dirname(__FILE__), "utils.rb")
+rescue LoadError
+end
+require "test/unit"
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestPKCS7 < Test::Unit::TestCase
+  def setup
+    @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
+    ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
+    ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
+    ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
+
+    now = Time.now
+    ca_exts = [
+      ["basicConstraints","CA:TRUE",true],
+      ["keyUsage","keyCertSign, cRLSign",true],
+      ["subjectKeyIdentifier","hash",false],
+      ["authorityKeyIdentifier","keyid:always",false],
+    ]
+    @ca_cert = issue_cert(ca, @rsa2048, 1, Time.now, Time.now+3600, ca_exts,
+                           nil, nil, OpenSSL::Digest::SHA1.new)
+    ee_exts = [
+      ["keyUsage","Non Repudiation, Digital Signature, Key Encipherment",true],
+      ["authorityKeyIdentifier","keyid:always",false],
+      ["extendedKeyUsage","clientAuth, emailProtection, codeSigning",false],
+    ]
+    @ee1_cert = issue_cert(ee1, @rsa1024, 2, Time.now, Time.now+1800, ee_exts,
+                           @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+    @ee2_cert = issue_cert(ee2, @rsa1024, 3, Time.now, Time.now+1800, ee_exts,
+                           @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+  end
+
+  def issue_cert(*args)             
+    OpenSSL::TestUtils.issue_cert(*args)
+  end
+
+  def test_signed
+    store = OpenSSL::X509::Store.new
+    store.add_cert(@ca_cert)
+    ca_certs = [@ca_cert]
+
+    data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
+    tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
+    p7 = OpenSSL::PKCS7::PKCS7.new(tmp.to_der)
+    certs = p7.certificates
+    signers = p7.signers
+    assert(p7.verify([], store))
+    assert_equal(data, p7.data)
+    assert_equal(2, certs.size)
+    assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
+    assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
+    assert_equal(1, signers.size)
+    assert_equal(@ee1_cert.serial, signers[0].serial)
+    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
+
+    # Normaly OpenSSL tries to translate the supplied content into canonical
+    # MIME format (e.g. a newline character is converted into CR+LF).
+    # If the content is a binary, PKCS7::BINARY flag should be used.
+
+    data = "aaaaa\nbbbbb\nccccc\n"
+    flag = OpenSSL::PKCS7::BINARY
+    tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
+    p7 = OpenSSL::PKCS7::PKCS7.new(tmp.to_der)
+    certs = p7.certificates
+    signers = p7.signers
+    assert(p7.verify([], store))
+    assert_equal(data, p7.data)
+    assert_equal(2, certs.size)
+    assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
+    assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
+    assert_equal(1, signers.size)
+    assert_equal(@ee1_cert.serial, signers[0].serial)
+    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
+
+    # A signed-data which have multiple signatures can be created 
+    # through the following steps.
+    #   1. create two signed-data
+    #   2. copy signerInfo and certificate from one to another
+
+    tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
+    tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
+    tmp1.add_signer(tmp2.signers[0])
+    tmp1.add_certificate(@ee2_cert)  
+
+    p7 = OpenSSL::PKCS7::PKCS7.new(tmp1.to_der)
+    certs = p7.certificates
+    signers = p7.signers
+    assert(p7.verify([], store))
+    assert_equal(data, p7.data)
+    assert_equal(2, certs.size)
+    assert_equal(2, signers.size)
+    assert_equal(@ee1_cert.serial, signers[0].serial)
+    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
+    assert_equal(@ee2_cert.serial, signers[1].serial)
+    assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
+  end
+
+  def test_detached_sign
+    store = OpenSSL::X509::Store.new
+    store.add_cert(@ca_cert)
+    ca_certs = [@ca_cert]
+
+    data = "aaaaa\nbbbbb\nccccc\n"
+    flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
+    tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
+    p7 = OpenSSL::PKCS7::PKCS7.new(tmp.to_der)
+    a1 = OpenSSL::ASN1.decode(p7)
+
+    certs = p7.certificates
+    signers = p7.signers
+    assert(!p7.verify([], store))
+    assert(p7.verify([], store, data))
+    assert_equal(data, p7.data)
+    assert_equal(2, certs.size)
+    assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
+    assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
+    assert_equal(1, signers.size)
+    assert_equal(@ee1_cert.serial, signers[0].serial)
+    assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
+  end
+
+  def test_enveloped
+    if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
+      # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
+      # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
+      return
+    end
+
+    certs = [@ee1_cert, @ee2_cert]
+    cipher = OpenSSL::Cipher::AES.new("128-CBC")
+    data = "aaaaa\nbbbbb\nccccc\n"
+
+    tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
+    p7 = OpenSSL::PKCS7::PKCS7.new(tmp.to_der)
+    recip = p7.recipients
+    assert_equal(:enveloped, p7.type)
+    assert_equal(2, recip.size)
+
+    assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s)
+    assert_equal(2, recip[0].serial)
+    assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
+
+    assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
+    assert_equal(3, recip[1].serial)
+    assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
+  end
+end
+
+end

data/test/openssl/test_ssl.rb

@@ -92,8 +92,6 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
           end
           block.call(server, port.to_i)
         end
-      rescue => e
-        puts e, *(e.backtrace)
       ensure
         if server
           $stderr.puts "killing: #{pid}" if $DEBUG

data/test/pkcs7_mime_enveloped.message

@@ -0,0 +1,19 @@
+MIME-Version: 1.0
+Message-Id: <00103112005203.00349@amyemily.ig.com>
+Date: Tue, 31 Oct 2000 12:00:52 -0600 (Central Standard Time)
+From: User1
+To: User2
+Subject: Example 5.3
+Content-Type: application/pkcs7-mime;
+  name=smime.p7m;
+  smime-type=enveloped-data
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename=smime.p7m
+
+
+MIIBHgYJKoZIhvcNAQcDoIIBDzCCAQsCAQAxgcAwgb0CAQAwJjASMRAwDgYDVQQDEwdDYXJ
+sUlNBAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUABIGAC3EN5nGIiJi2lsGPcP
+2iJ97a4e8kbKQz36zg6Z2i0yx6zYC4mZ7mX7FBs3IWg+f6KgCLx3M1eCbWx8+MDFbbpXadC
+DgO8/nUkUNYeNxJtuzubGgzoyEd8Ch4H/dd9gdzTd+taTEgS0ipdSJuNnkVY4/M652jKKHR
+LFf02hosdR8wQwYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgtaMXpRwZRNYAgDsiSf8Z9P43
+LrY4OxUk660cu1lXeCSFOSOpOJ7FuVyU=

data/test/pkcs7_mime_signed.message

@@ -0,0 +1,30 @@
+MIME-Version: 1.0
+To: User2@examples.com
+From: aliceDss@examples.com
+Subject: Example 4.9
+Message-Id: <021031164540300.304@examples.com>
+Date: Thu, 31 Oct 2002 16:45:14 -0300
+Content-Type: application/pkcs7-mime; smime-type=signed-data;
+  name=smime.p7m
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename=smime.p7m
+
+
+MIIDmQYJKoZIhvcNAQcCoIIDijCCA4YCAQExCTAHBgUrDgMCGjAtBgkqhkiG9w0BBwGgIAQ
+eDQpUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuoIIC4DCCAtwwggKboAMCAQICAgDIMA
+kGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUzAeFw05OTA4MTcwMTEwNDlaFw0zOTEyM
+zEyMzU5NTlaMBMxETAPBgNVBAMTCEFsaWNlRFNTMIIBtjCCASsGByqGSM44BAEwggEeAoGB
+AIGNze2D6gqeOT7CSCij5EeT3Q7XqA7sU8WrhAhP/5Thc0h+DNbzREjR/p+vpKGJL+HZMMg
+23j+bv7dM3F9piuR10DcMkQiVm96nXvn89J8v3UOoi1TxP7AHCEdNXYjDw7Wz41UIddU5dh
+DEeL3/nbCElzfy5FEbteQJllzzflvbAhUA4kemGkVmuBPG2o+4NyErYov3k80CgYAmONAUi
+TKqOfs+bdlLWWpMdiM5BAI1XPLLGjDDHlBd3ZtZ4s2qBT1YwHuiNrhuB699ikIlp/R1z0oI
+Xks+kPht6pzJIYo7dhTpzi5dowfNI4W4LzABfG1JiRGJNkS9+MiVSlNWteL5c+waYTYfEX/
+Cve3RUP+YdMLRgUpgObo2OQOBhAACgYBc47ladRSWC6l63eM/qeysXty9txMRNKYWiSgRI9
+k0hmd1dRMSPUNbb+VRv/qJ8qIbPiR9PQeNW2PIu0WloErjhdbOBoA/6CN+GvIkq1MauCcNH
+u8Iv2YUgFxirGX6FYvxuzTU0pY39mFHssQyhPB+QUD9RqdjTjPypeL08oPluKOBgTB/MAwG
+A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFHBEPoIub4feStN14z0
+gvEMrk/EfMB0GA1UdDgQWBBS+bKGz48H37UNwpM4TAeL945f+zTAfBgNVHREEGDAWgRRBbG
+ljZURTU0BleGFtcGxlLmNvbTAJBgcqhkjOOAQDAzAAMC0CFFUMpBkfQiuJcSIzjYNqtT1na
+79FAhUAn2FTUlQLXLLd2ud2HeIQUltDXr0xYzBhAgEBMBgwEjEQMA4GA1UEAxMHQ2FybERT
+UwICAMgwBwYFKw4DAhowCQYHKoZIzjgEAwQuMCwCFD1cSW6LIUFzeXle3YI5SKSBer/sAhQ
+mCq7s/CTFHOEjgASeUjbMpx5g6A==

data/test/pkcs7_multipart_signed.message

@@ -0,0 +1,45 @@
+MIME-Version: 1.0
+To: User2@examples.com
+From: aliceDss@examples.com
+Subject: Example 4.8
+Message-Id: <020906002550300.249@examples.com>
+Date: Fri, 06 Sep 2002 00:25:21 -0300
+Content-Type: multipart/signed;
+  micalg=SHA1;
+  boundary="----=_NextBoundry____Fri,_06_Sep_2002_00:25:21";
+  protocol="application/pkcs7-signature"
+
+		
+This is a multi-part message in MIME format.
+
+		
+------=_NextBoundry____Fri,_06_Sep_2002_00:25:21
+
+This is some sample content.
+		
+------=_NextBoundry____Fri,_06_Sep_2002_00:25:21
+Content-Type: application/pkcs7-mime; name=smime.p7s
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename=smime.p7s
+
+
+MIIDdwYJKoZIhvcNAQcCoIIDaDCCA2QCAQExCTAHBgUrDgMCGjALBgkqhkiG9w0BBwGgggL
+gMIIC3DCCApugAwIBAgICAMgwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT
+k5MDgxNzAxMTA0OVoXDTM5MTIzMTIzNTk1OVowEzERMA8GA1UEAxMIQWxpY2VEU1MwggG2M
+IIBKwYHKoZIzjgEATCCAR4CgYEAgY3N7YPqCp45PsJIKKPkR5PdDteoDuxTxauECE//lOFz
+SH4M1vNESNH+n6+koYkv4dkwyDbeP5u/t0zcX2mK5HXQNwyRCJWb3qde+fz0ny/dQ6iLVPE
+/sAcIR01diMPDtbPjVQh11Tl2EMR4vf+dsISXN/LkURu15AmWXPN+W9sCFQDiR6YaRWa4E8
+baj7g3IStii/eTzQKBgCY40BSJMqo5+z5t2UtZakx2IzkEAjVc8ssaMMMeUF3dm1nizaoFP
+VjAe6I2uG4Hr32KQiWn9HXPSgheSz6Q+G3qnMkhijt2FOnOLl2jB80jhbgvMAF8bUmJEYk2
+RL34yJVKU1a14vlz7BphNh8Rf8K97dFQ/5h0wtGBSmA5ujY5A4GEAAKBgFzjuVp1FJYLqXr
+d4z+p7Kxe3L23ExE0phaJKBEj2TSGZ3V1ExI9Q1tv5VG/+onyohs+JH09B41bY8i7RaWgSu
+OF1s4GgD/oI34a8iSrUxq4Jw0e7wi/ZhSAXGKsZfoVi/G7NNTSljf2YUeyxDKE8H5BQP1Gp
+2NOM/Kl4vTyg+W4o4GBMH8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwHwYDVR0j
+BBgwFoAUcEQ+gi5vh95K03XjPSC8QyuT8R8wHQYDVR0OBBYEFL5sobPjwfftQ3CkzhMB4v3
+jl/7NMB8GA1UdEQQYMBaBFEFsaWNlRFNTQGV4YW1wbGUuY29tMAkGByqGSM44BAMDMAAwLQ
+IUVQykGR9CK4lxIjONg2q1PWdrv0UCFQCfYVNSVAtcst3a53Yd4hBSW0NevTFjMGECAQEwG
+DASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyDAHBgUrDgMCGjAJBgcqhkjOOAQDBC4wLAIUM/mG
+f6gkgp9Z0XtRdGimJeB/BxUCFGFFJqwYRt1WYcIOQoGiaowqGzVI
+
+		
+------=_NextBoundry____Fri,_06_Sep_2002_00:25:21--

data/test/ref/compile.rb

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+
+name = ARGV[0]
+system("rm -rf #{name}")
+system("gcc -lssl -lcrypto -o #{name} #{name}.c")
+system("chmod +x #{name}")
+system("./#{name}")
+

data/test/ref/pkcs1.c

@@ -0,0 +1,21 @@
+
+#include <openssl/pkcs7.h>
+
+void print_pkcs7(PKCS7* p7) {
+    printf(" | asn1     : %s\n", p7->asn1);
+    printf(" | len      : %d\n", p7->length);
+    printf(" | state    : %d\n", p7->state);
+    printf(" | detached : %d\n", p7->detached);
+    printf(" | type     : %d\n", OBJ_nid2obj(p7->type));
+}
+
+int main(int argc, char** argv) {
+    PKCS7* p7;
+    p7 = PKCS7_new();
+
+    printf("--before:\n");
+    print_pkcs7(p7);
+
+    PKCS7_free(p7);
+    return 0;
+}

data/test/test_cipher.rb

@@ -1,3 +1,10 @@
+if defined?(JRUBY_VERSION)
+  require "java"
+  base = File.dirname(__FILE__)
+  $CLASSPATH << File.join(base, '..', 'pkg', 'classes')
+  $CLASSPATH << File.join(base, '..', 'lib', 'bcprov-jdk14-139.jar')
+end
+
 begin
   require "openssl"
 rescue LoadError
@@ -12,4 +19,63 @@ class TestCipher < Test::Unit::TestCase
     data = enc.update("password")
     data << enc.final
   end
+
+  IV_TEMPLATE  = "aaaabbbbccccddddeeeeffffgggghhhhiiiijjjjj"
+  KEY_TEMPLATE = "aaaabbbbccccddddeeeeffffgggghhhhiiiijjjjj"
+
+  # JRUBY-1692
+  def test_repeated_des
+    do_repeated_test(
+                     "des-ede3-cbc",
+                     "foobarbazboofarf",
+                     ":\022Q\211ex\370\332\374\274\214\356\301\260V\025",
+                     "B\242\3531\003\362\3759\363s\203\374\240\030|\230"
+                     )
+  end
+
+  # JRUBY-1692
+  def test_repeated_aes
+    do_repeated_test(
+                     "aes-128-cbc",
+                     "foobarbazboofarf",
+                     "\342\260Y\344\306\227\004^\272|/\323<\016,\226",
+                     "jqO\305/\211\216\b\373\300\274\bw\213]\310"
+                     )
+  end
+
+  private
+  def do_repeated_test(algo, string, enc1, enc2)
+    do_repeated_encrypt_test(algo, string, enc1, enc2)
+    do_repeated_decrypt_test(algo, string, enc1, enc2)
+  end
+  
+  def do_repeated_encrypt_test(algo, string, result1, result2)
+    cipher = OpenSSL::Cipher::Cipher.new(algo)
+    cipher.encrypt
+
+    cipher.padding = 0
+    cipher.iv      = IV_TEMPLATE[0, cipher.iv_len]
+    cipher.key     = KEY_TEMPLATE[0, cipher.key_len]
+
+    assert_equal result1, cipher.update(string)
+    cipher.final
+
+    assert_equal result2, cipher.update(string)
+    cipher.final
+  end
+
+  def do_repeated_decrypt_test(algo, result, string1, string2)
+    cipher = OpenSSL::Cipher::Cipher.new(algo)
+    cipher.decrypt
+
+    cipher.padding = 0
+    cipher.iv      = IV_TEMPLATE[0, cipher.iv_len]
+    cipher.key     = KEY_TEMPLATE[0, cipher.key_len]
+
+    assert_equal result, cipher.update(string1)
+    cipher.final
+
+    assert_equal result, cipher.update(string2)
+    cipher.final
+  end
 end