jruby-openssl 0.2.3 → 0.3

data/test/test_integration.rb

@@ -0,0 +1,100 @@
+if defined?(JRUBY_VERSION)
+  require "java"
+  base = File.join(File.dirname(__FILE__), '..')
+  $CLASSPATH << File.join(base, 'pkg', 'classes')
+  $CLASSPATH << File.join(base, 'lib', 'bcprov-jdk14-139.jar')
+end
+
+begin
+  require "openssl"
+rescue LoadError
+end
+require "test/unit"
+require 'net/https'
+
+class TestIntegration < Test::Unit::TestCase
+  # JRUBY-2471
+  def _test_drb
+    config = {
+      :SSLVerifyMode => OpenSSL::SSL::VERIFY_PEER,
+      :SSLCACertificateFile => File.join(File.dirname(__FILE__), "fixture", "cacert.pem"),
+      :SSLPrivateKey => OpenSSL::PKey::RSA.new(File.read(File.join(File.dirname(__FILE__), "fixture", "localhost_keypair.pem"))),
+      :SSLCertificate => OpenSSL::X509::Certificate.new(File.read(File.join(File.dirname(__FILE__), "fixture", "cert_localhost.pem"))),
+    }
+    p config
+    DRb.start_service(nil, nil, config)
+  end
+
+  # JRUBY-2913
+  # Warning - this test actually uses the internet connection.
+  # If there is no connection, it will fail.
+  def test_ca_path_name
+    uri = URI.parse('https://www.paypal.com')
+
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    http.ca_path = "./"
+    http.use_ssl = true
+
+    response = http.start do |s|
+      assert s.get(uri.request_uri).length > 0
+    end
+  end
+  
+  # JRUBY-2178 and JRUBY-1307
+  # Warning - this test actually uses the internet connection.
+  # If there is no connection, it will fail.
+  # This test generally throws an exception
+  # about illegal_parameter when
+  # it can't use the cipher string correctly
+  def test_cipher_strings
+    socket = TCPSocket.new('rubyforge.org', 443)
+    ctx = OpenSSL::SSL::SSLContext.new
+    ctx.cert_store = OpenSSL::X509::Store.new
+    ctx.verify_mode = 0
+    ctx.cert = nil
+    ctx.key = nil
+    ctx.client_ca = nil
+    ctx.ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
+
+    ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ctx)
+    ssl_socket.connect
+    ssl_socket.close
+  end
+
+  # JRUBY-1194
+  def test_des_encryption
+    iv  = "IVIVIVIV"
+    key = "KEYKEYKE"
+    alg = "des"
+    str = "string abc foo bar baxz"
+        
+    cipher = OpenSSL::Cipher::Cipher.new(alg)
+    cipher.encrypt(key, iv)
+    cipher.padding = 32
+    cipher.key = key
+    cipher.iv = iv
+    
+    encrypted = cipher.update(str)
+    encrypted << cipher.final
+ 
+    assert_equal "\253\305\306\372;\374\235\302\357/\006\360\355XO\232\312S\356* #\227\217", encrypted
+  end
+  
+  def _test_perf_of_nil
+# require 'net/https'
+# require 'benchmark'
+
+# def request(data)
+#   connection = Net::HTTP.new("www.google.com", 443)
+#   connection.use_ssl = true
+#   connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
+#   connection.start do |connection|
+#     connection.request_post("/tbproxy/spell?lang=en", data, { 'User-Agent' => "Test", 'Accept' => 'text/xml' })
+#   end
+# end
+
+# puts "is not: #{Benchmark.measure { request("") }.to_s.chomp}"
+# puts "is nil: #{Benchmark.measure { request(nil) }.to_s.chomp}"
+  end
+end

data/test/test_java.rb

@@ -0,0 +1,98 @@
+$:.unshift File.join(File.dirname(__FILE__), '..', 'mocha', 'lib')
+
+require "test/unit"
+require 'mocha'
+
+if defined?(JRUBY_VERSION)
+  require "java"
+  $CLASSPATH << 'pkg/classes'
+  $CLASSPATH << 'lib/bcprov-jdk14-139.jar'
+  
+  module PKCS7Test
+    module ASN1
+      OctetString = org.bouncycastle.asn1.DEROctetString
+    end
+    
+    PKCS7 = org.jruby.ext.openssl.impl.PKCS7 unless defined?(PKCS7)
+    Attribute = org.jruby.ext.openssl.impl.Attribute unless defined?(Attribute)
+    Digest = org.jruby.ext.openssl.impl.Digest unless defined?(Digest)
+    EncContent = org.jruby.ext.openssl.impl.EncContent unless defined?(EncContent)
+    Encrypt = org.jruby.ext.openssl.impl.Encrypt unless defined?(Encrypt)
+    Envelope = org.jruby.ext.openssl.impl.Envelope unless defined?(Envelope)
+    IssuerAndSerial = org.jruby.ext.openssl.impl.IssuerAndSerial unless defined?(IssuerAndSerial)
+    RecipInfo = org.jruby.ext.openssl.impl.RecipInfo unless defined?(RecipInfo)
+    SignEnvelope = org.jruby.ext.openssl.impl.SignEnvelope unless defined?(SignEnvelope)
+    Signed = org.jruby.ext.openssl.impl.Signed unless defined?(Signed)
+    SMIME = org.jruby.ext.openssl.impl.SMIME unless defined?(SMIME)
+    Mime = org.jruby.ext.openssl.impl.Mime unless defined?(Mime)
+    MimeHeader = org.jruby.ext.openssl.impl.MimeHeader unless defined?(MimeHeader)
+    MimeParam = org.jruby.ext.openssl.impl.MimeParam unless defined?(MimeParam)
+    BIO = org.jruby.ext.openssl.impl.BIO unless defined?(BIO)
+    PKCS7Exception = org.jruby.ext.openssl.impl.PKCS7Exception unless defined?(PKCS7Exception)
+    ASN1Registry = org.jruby.ext.openssl.impl.ASN1Registry unless defined?(ASN1Registry)
+    AlgorithmIdentifier = org.bouncycastle.asn1.x509.AlgorithmIdentifier unless defined?(AlgorithmIdentifier)
+    SignerInfoWithPkey = org.jruby.ext.openssl.impl.SignerInfoWithPkey unless defined?(SignerInfoWithPkey)
+    IssuerAndSerialNumber = org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber unless defined?(IssuerAndSerialNumber)
+    ASN1InputStream = org.bouncycastle.asn1.ASN1InputStream unless defined?(ASN1InputStream)
+    X509AuxCertificate = org.jruby.ext.openssl.x509store.X509AuxCertificate unless defined?(X509AuxCertificate)
+    
+    ArrayList = java.util.ArrayList unless defined?(ArrayList)
+    CertificateFactory = java.security.cert.CertificateFactory unless defined?(CertificateFactory)
+    BCP = org.bouncycastle.jce.provider.BouncyCastleProvider unless defined?(BCP)
+    ByteArrayInputStream = java.io.ByteArrayInputStream unless defined?(ByteArrayInputStream)
+    BigInteger = java.math.BigInteger unless defined?(BigInteger)
+    Cipher = javax.crypto.Cipher unless defined?(Cipher)
+
+    DERInteger = org.bouncycastle.asn1.DERInteger
+    DERSet = org.bouncycastle.asn1.DERSet
+    DEROctetString = org.bouncycastle.asn1.DEROctetString 
+    X509Name = org.bouncycastle.asn1.x509.X509Name
+    
+    
+    MimeEnvelopedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_mime_enveloped.message'))
+    MimeSignedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_mime_signed.message'))
+    MultipartSignedString = File::read(File.join(File.dirname(__FILE__), 'pkcs7_multipart_signed.message'))
+
+    X509CertString = <<CERT
+-----BEGIN CERTIFICATE-----
+MIICijCCAXKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe
+Fw0wODA3MDgxOTE1NDZaFw0wODA3MDgxOTQ1NDZaMEQxEzARBgoJkiaJk/IsZAEZ
+FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy8LEsNRApz7U/j5DoB4X
+BgO9Z8Atv5y/OVQRp0ag8Tqo1YewsWijxEWB7JOATwpBN267U4T1nPZIxxEEO7n/
+WNa2ws9JWsjah8ssEBFSxZqdXKSLf0N4Hi7/GQ/aYoaMCiQ8jA4jegK2FJmXM71u
+Pe+jFN/peeBOpRfyXxRFOYcCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgWgMA0GCSqG
+SIb3DQEBBQUAA4IBAQCU879BALJIM9avHiuZ3WTjDy0UYP3ZG5wtuSqBSnD1k8pr
+hXfRaga7mDj6EQaGUovImb+KrRi6mZc+zsx4rTxwBNJT9U8yiW2eYxmgcT9/qKrD
+/1nz+e8NeUCCDY5UTUHGszZw5zLEDgDX2n3E/CDIZsoRSyq5vXq1jpfih/tSWanj
+Y9uP/o8Dc7ZcRJOAX7NPu1bbZcbxEbZ8sMe5wZ5HNiAR6gnOrjz2Yyazb//PSskE
+4flt/2h4pzGA0/ZHcnDjcoLdiLtInsqPOlVDLgqd/XqRYWtj84N4gw1iS9cHyrIZ
+dqbS54IKvzElD+R0QVS2z6TIGJSpuSBnZ4yfuNuq
+-----END CERTIFICATE-----
+CERT
+
+    X509CRLString = <<CRL
+----BEGIN X509 CRL-----
+MIIBlTB/AgEBMA0GCSqGSIb3DQEBBQUAMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcx
+GTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBFw0wODA3MTgx
+NzQxMjhaFw0wODA3MTgxODA4MDhaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
+AQUFAAOCAQEASJaj1keN+tMmsF3QmjH2RhbW/9rZAl4gjv+uQQqrcS2ByfkXLU1d
+l/8rCHeT/XMoeU6xhQNHPP3uZBwfuuETcp65BMBcZFOUhUR0U5AaGhvSDS/+6EsP
+zFdQgAagmThFdN5ei9guTLqWwN0ZyqiaHyevFJuk+L9qbKavaSeKqfJbU7Sj/Z3J
+WLKoixvyj3N6W7evygH80lTvjZugmxJ1/AjICVSYr1hpHHd6EWq0b0YFrGFmg27R
+WmsAXd0QV5UChfAJ2+Cz5U1bPszvIJGrzfAIoLxHv5rI5rseQzqZdPaFSe4Oehln
+9qEYmsK3PS6bYoQol0cgj97Ep4olS8CulA==
+-----END X509 CRL-----
+CRL
+    
+    X509Cert = X509AuxCertificate.new(CertificateFactory.getInstance("X.509",BCP.new).generateCertificate(ByteArrayInputStream.new(X509CertString.to_java_bytes)))
+    X509CRL = CertificateFactory.getInstance("X.509",BCP.new).generateCRL(ByteArrayInputStream.new(X509CRLString.to_java_bytes))
+  end
+  
+  require File.join(File.dirname(__FILE__), 'test_java_attribute')
+  require File.join(File.dirname(__FILE__), 'test_java_bio')
+  require File.join(File.dirname(__FILE__), 'test_java_mime')
+  require File.join(File.dirname(__FILE__), 'test_java_pkcs7')
+  require File.join(File.dirname(__FILE__), 'test_java_smime')
+end

data/test/test_java_attribute.rb

@@ -0,0 +1,25 @@
+module PKCS7Test
+  class TestJavaAttribute < Test::Unit::TestCase
+    def test_attributes
+      val = ASN1::OctetString.new("foo".to_java_bytes)
+      val2 = ASN1::OctetString.new("bar".to_java_bytes)
+      attr = Attribute.create(123, 444, val)
+      assert_raises NoMethodError do 
+        attr.type = 12
+      end
+      assert_raises NoMethodError do 
+        attr.value = val2
+      end
+
+      assert_equal 123, attr.type
+      assert_equal val, attr.set.get(0)
+
+      attr2 = Attribute.create(123, 444, val)
+      
+      assert_equal attr, attr2
+      
+      assert_not_equal Attribute.create(124, 444, val), attr
+      assert_not_equal Attribute.create(123, 444, val2), attr
+    end
+  end
+end

data/test/test_java_bio.rb

@@ -0,0 +1,42 @@
+module PKCS7Test
+  class TestJavaBIO < Test::Unit::TestCase
+    def test_string_bio_simple
+      bio = BIO::from_string("abc")
+      arr = Java::byte[20].new
+      read = bio.gets(arr, 10)
+      assert_equal 3, read
+      assert_equal "abc".to_java_bytes.to_a, arr.to_a[0...read]
+    end
+
+    def test_string_bio_simple_with_newline
+      bio = BIO::from_string("abc\n")
+      arr = Java::byte[20].new
+      read = bio.gets(arr, 10)
+      assert_equal 4, read
+      assert_equal "abc\n".to_java_bytes.to_a, arr.to_a[0...read]
+    end
+
+    def test_string_bio_simple_with_newline_and_more_data
+      bio = BIO::from_string("abc\nfoo\n\nbar")
+      arr = Java::byte[20].new
+      read = bio.gets(arr, 10)
+      assert_equal 4, read
+      assert_equal "abc\n".to_java_bytes.to_a, arr.to_a[0...read]
+
+      read = bio.gets(arr, 10)
+      assert_equal 4, read
+      assert_equal "foo\n".to_java_bytes.to_a, arr.to_a[0...read]
+    
+      read = bio.gets(arr, 10)
+      assert_equal 1, read
+      assert_equal "\n".to_java_bytes.to_a, arr.to_a[0...read]
+
+      read = bio.gets(arr, 10)
+      assert_equal 3, read
+      assert_equal "bar".to_java_bytes.to_a, arr.to_a[0...read]
+
+      read = bio.gets(arr, 10)
+      assert_equal 0, read
+    end
+  end
+end

data/test/test_java_mime.rb

@@ -0,0 +1,173 @@
+module PKCS7Test
+  class TestJavaMime < Test::Unit::TestCase
+    def test_find_header_returns_null_on_nonexisting_header
+      headers = []
+      assert_nil Mime::DEFAULT.find_header(headers, "foo")
+
+      headers = [MimeHeader.new("blarg", "bluff")]
+      assert_nil Mime::DEFAULT.find_header(headers, "foo")
+    end
+
+    def test_find_header_returns_the_header_with_the_same_name
+      hdr = MimeHeader.new("one", "two")
+      assert_equal hdr, Mime::DEFAULT.find_header([hdr], "one")
+    end
+
+    def test_find_param_returns_null_on_nonexisting_param
+      assert_nil Mime::DEFAULT.find_param(MimeHeader.new("one", "two", []), "foo")
+      assert_nil Mime::DEFAULT.find_param(MimeHeader.new("one", "two", [MimeParam.new("hi", "ho")]), "foo")
+    end
+
+    def test_find_param_returns_the_param_with_the_same_name
+      par = MimeParam.new("hox", "box")
+      hdr = MimeHeader.new("one", "two", [par])
+      assert_equal par, Mime::DEFAULT.find_param(hdr, "hox")
+    end
+    
+    def test_simple_parse_headers
+      bio = BIO::from_string("Foo: bar")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      assert_equal MimeHeader.new("Foo", "bar"), result.first
+      assert_equal "foo", result.first.name
+    end
+
+    def test_simple_parse_headers2
+      bio = BIO::from_string("Foo:bar")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      assert_equal MimeHeader.new("Foo", "bar"), result.first
+      assert_equal "foo", result.first.name
+    end
+
+    def test_simple_parse_headers3
+      bio = BIO::from_string("Foo: bar")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      assert_equal MimeHeader.new("Foo", "bar"), result.first
+      assert_equal "foo", result.first.name
+    end
+
+    def test_simple_parse_headers4
+      bio = BIO::from_string("Foo: bar\n")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      assert_equal MimeHeader.new("Foo", "bar"), result.first
+      assert_equal "foo", result.first.name
+    end
+
+    def test_simple_parse_headers5
+      bio = BIO::from_string("     Foo        :                    bar    \n")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      assert_equal MimeHeader.new("Foo", "bar"), result.first
+      assert_equal "foo", result.first.name
+    end
+
+
+    def test_simple_parse_headers6
+      bio = BIO::from_string("Foo: bar;\n")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      assert_equal MimeHeader.new("Foo", "bar"), result.first
+      assert_equal "foo", result.first.name
+    end
+
+    def test_simple_parse_headers7
+      bio = BIO::from_string("Foo: bar;\nFlurg: blarg")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 2, result.size
+      assert_equal MimeHeader.new("Foo", "bar"), result[0]
+      assert_equal MimeHeader.new("Flurg", "blarg"), result[1]
+      assert_equal "foo", result[0].name
+      assert_equal "flurg", result[1].name
+    end
+
+    def test_simple_parse_headers_quotes
+      bio = BIO::from_string("Foo: \"bar\"")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      assert_equal MimeHeader.new("Foo", "bar"), result[0]
+      assert_equal "foo", result.first.name
+    end
+
+    def test_simple_parse_headers_comment
+      bio = BIO::from_string("Foo: (this is the right thing)ba(and this is the wrong one)r")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      assert_equal MimeHeader.new("Foo", "(this is the right thing)ba(and this is the wrong one)r"), result[0]
+      assert_equal "foo", result.first.name
+    end
+
+    def test_parse_headers_with_param
+      bio = BIO::from_string("Content-Type: Multipart/Related; boundary=MIME_boundary; type=text/xml")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      header = result.first
+      assert_equal "content-type", header.name
+      assert_equal "multipart/related", header.value
+      assert_equal [MimeParam.new("boundary","MIME_boundary"), 
+                    MimeParam.new("type","text/xml")], header.params.to_a
+    end
+
+    def test_parse_headers_with_param_newline
+      bio = BIO::from_string("Content-Type: Multipart/Related\n boundary=MIME_boundary; type=text/xml")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      header = result.first
+      assert_equal "content-type", header.name
+      assert_equal "multipart/related", header.value
+      assert_equal [MimeParam.new("boundary","MIME_boundary"), 
+                    MimeParam.new("type","text/xml")], header.params.to_a
+    end
+
+    def test_parse_headers_with_param_newline_and_semicolon
+      bio = BIO::from_string("Content-Type: Multipart/Related;\n boundary=MIME_boundary;\n Type=text/xml")
+      result = Mime::DEFAULT.parse_headers(bio)
+      assert_equal 1, result.size
+      header = result.first
+      assert_equal "content-type", header.name
+      assert_equal "multipart/related", header.value
+      assert_equal [MimeParam.new("boundary","MIME_boundary"), 
+                    MimeParam.new("type","text/xml")], header.params.to_a
+    end
+
+    def test_advanced_mime_message
+      bio = BIO::from_string(MultipartSignedString)
+      result = Mime::DEFAULT.parse_headers(bio)
+      
+      assert_equal "mime-version", result[0].name
+      assert_equal "1.0", result[0].value
+      
+      assert_equal "to", result[1].name
+      assert_equal "user2@examples.com", result[1].value
+
+      assert_equal "from", result[2].name
+      assert_equal "alicedss@examples.com", result[2].value
+
+      assert_equal "subject", result[3].name
+      assert_equal "example 4.8", result[3].value
+
+      assert_equal "message-id", result[4].name
+      assert_equal "<020906002550300.249@examples.com>", result[4].value
+
+      assert_equal "date", result[5].name
+      assert_equal "fri, 06 sep 2002 00:25:21 -0300", result[5].value
+      
+      assert_equal "content-type", result[6].name
+      assert_equal "multipart/signed", result[6].value
+      
+      assert_equal "micalg", result[6].params[0].param_name
+      assert_equal "SHA1", result[6].params[0].param_value
+
+      assert_equal "boundary", result[6].params[1].param_name
+      assert_equal "----=_NextBoundry____Fri,_06_Sep_2002_00:25:21", result[6].params[1].param_value
+
+      assert_equal "protocol", result[6].params[2].param_name
+      assert_equal "application/pkcs7-signature", result[6].params[2].param_value
+      
+      assert_equal 3, result[6].params.length
+      assert_equal 7, result.length
+    end
+  end
+end

data/test/test_java_pkcs7.rb

@@ -0,0 +1,769 @@
+module PKCS7Test
+  class TestJavaPKCS7 < Test::Unit::TestCase
+    def test_is_signed
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+      assert p7.signed?
+      assert !p7.encrypted?
+      assert !p7.enveloped?
+      assert !p7.signed_and_enveloped?
+      assert !p7.data?
+      assert !p7.digest?
+    end
+
+    def test_is_encrypted
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+      assert !p7.signed?
+      assert p7.encrypted?
+      assert !p7.enveloped?
+      assert !p7.signed_and_enveloped?
+      assert !p7.data?
+      assert !p7.digest?
+    end
+
+    def test_is_enveloped
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+      assert !p7.signed?
+      assert !p7.encrypted?
+      assert p7.enveloped?
+      assert !p7.signed_and_enveloped?
+      assert !p7.data?
+      assert !p7.digest?
+    end
+
+    def test_is_signed_and_enveloped
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      assert !p7.signed?
+      assert !p7.encrypted?
+      assert !p7.enveloped?
+      assert p7.signed_and_enveloped?
+      assert !p7.data?
+      assert !p7.digest?
+    end
+
+    def test_is_data
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      assert !p7.signed?
+      assert !p7.encrypted?
+      assert !p7.enveloped?
+      assert !p7.signed_and_enveloped?
+      assert p7.data?
+      assert !p7.digest?
+    end
+
+    def test_is_digest
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      assert !p7.signed?
+      assert !p7.encrypted?
+      assert !p7.enveloped?
+      assert !p7.signed_and_enveloped?
+      assert !p7.data?
+      assert p7.digest?
+    end
+
+    def test_set_detached
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+
+      sign = Signed.new
+      p7.sign = sign
+      
+      test_p7 = PKCS7.new
+      test_p7.type = ASN1Registry::NID_pkcs7_data 
+      test_p7.data = ASN1::OctetString.new("foo".to_java_bytes)
+      sign.contents = test_p7
+      
+      p7.detached = 2
+      assert_equal 1, p7.get_detached
+      assert_equal nil, test_p7.get_data
+    end
+
+    def test_set_not_detached
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+
+      sign = Signed.new
+      p7.sign = sign
+      
+      test_p7 = PKCS7.new
+      test_p7.type = ASN1Registry::NID_pkcs7_data 
+      data = ASN1::OctetString.new("foo".to_java_bytes)
+      test_p7.data = data
+      sign.contents = test_p7
+      
+      p7.detached = 0
+      assert_equal 0, p7.get_detached
+      assert_equal data, test_p7.get_data
+    end
+
+    def test_is_detached
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+
+      sign = Signed.new
+      p7.sign = sign
+      
+      test_p7 = PKCS7.new
+      test_p7.type = ASN1Registry::NID_pkcs7_data 
+      data = ASN1::OctetString.new("foo".to_java_bytes)
+      test_p7.data = data
+      sign.contents = test_p7
+      
+      p7.detached = 1
+      assert p7.detached?
+    end
+
+    def test_is_detached_with_wrong_type
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      
+      assert !p7.detached?
+    end
+    
+    def _test_encrypt_generates_enveloped_PKCS7_object
+      p7 = PKCS7.encrypt([], "".to_java_bytes, nil, 0)
+      assert !p7.signed?
+      assert !p7.encrypted?
+      assert p7.enveloped?
+      assert !p7.signed_and_enveloped?
+      assert !p7.data?
+      assert !p7.digest?
+    end
+    
+    def test_set_type_throws_exception_on_wrong_argument
+      assert_raises NativeException do 
+        # 42 is a value that is not one of the valid NID's for type
+        PKCS7.new.type = 42
+      end
+    end
+    
+    def test_set_type_signed
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+
+      assert p7.signed?
+      assert_equal 1, p7.get_sign.version
+
+      assert_nil p7.get_data
+      assert_nil p7.get_enveloped
+      assert_nil p7.get_signed_and_enveloped
+      assert_nil p7.get_digest
+      assert_nil p7.get_encrypted
+      assert_nil p7.get_other
+    end
+
+    def test_set_type_data
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+
+      assert p7.data?
+      assert_equal ASN1::OctetString.new("".to_java_bytes), p7.get_data
+
+      assert_nil p7.get_sign
+      assert_nil p7.get_enveloped
+      assert_nil p7.get_signed_and_enveloped
+      assert_nil p7.get_digest
+      assert_nil p7.get_encrypted
+      assert_nil p7.get_other
+    end
+
+    def test_set_type_signed_and_enveloped
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+
+      assert p7.signed_and_enveloped?
+      assert_equal 1, p7.get_signed_and_enveloped.version
+      assert_equal ASN1Registry::NID_pkcs7_data, p7.get_signed_and_enveloped.enc_data.content_type
+
+      assert_nil p7.get_sign
+      assert_nil p7.get_enveloped
+      assert_nil p7.get_data
+      assert_nil p7.get_digest
+      assert_nil p7.get_encrypted
+      assert_nil p7.get_other
+    end
+
+    def test_set_type_enveloped
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+
+      assert p7.enveloped?
+      assert_equal 0, p7.get_enveloped.version
+      assert_equal ASN1Registry::NID_pkcs7_data, p7.get_enveloped.enc_data.content_type
+
+      assert_nil p7.get_sign
+      assert_nil p7.get_signed_and_enveloped
+      assert_nil p7.get_data
+      assert_nil p7.get_digest
+      assert_nil p7.get_encrypted
+      assert_nil p7.get_other
+    end
+
+    def test_set_type_encrypted
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+
+      assert p7.encrypted?
+      assert_equal 0, p7.get_encrypted.version
+      assert_equal ASN1Registry::NID_pkcs7_data, p7.get_encrypted.enc_data.content_type
+
+      assert_nil p7.get_sign
+      assert_nil p7.get_signed_and_enveloped
+      assert_nil p7.get_data
+      assert_nil p7.get_digest
+      assert_nil p7.get_enveloped
+      assert_nil p7.get_other
+    end
+
+    def test_set_type_digest
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+
+      assert p7.digest?
+      assert_equal 0, p7.get_digest.version
+
+      assert_nil p7.get_sign
+      assert_nil p7.get_signed_and_enveloped
+      assert_nil p7.get_data
+      assert_nil p7.get_encrypted
+      assert_nil p7.get_enveloped
+      assert_nil p7.get_other
+    end
+    
+    def test_set_cipher_on_non_enveloped_object
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      
+      assert_raises NativeException do 
+        p7.cipher = nil
+      end
+      
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+
+      assert_raises NativeException do 
+        p7.cipher = nil
+      end
+
+      p7.type = ASN1Registry::NID_pkcs7_data
+
+      assert_raises NativeException do 
+        p7.cipher = nil
+      end
+
+      p7.type = ASN1Registry::NID_pkcs7_signed
+
+      assert_raises NativeException do 
+        p7.cipher = nil
+      end
+    end
+    
+    def test_set_cipher_on_enveloped_object
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+
+      cipher = javax.crypto.Cipher.getInstance("RSA")
+      
+      p7.cipher = cipher
+      
+      assert_equal cipher, p7.get_enveloped.enc_data.cipher
+    end
+
+    
+    def test_set_cipher_on_signedAndEnveloped_object
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+
+      cipher = javax.crypto.Cipher.getInstance("RSA")
+      
+      p7.cipher = cipher
+      
+      assert_equal cipher, p7.get_signed_and_enveloped.enc_data.cipher
+    end
+    
+    def test_add_recipient_info_to_something_that_cant_have_recipients
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+      assert_raises NativeException do 
+        p7.add_recipient(X509Cert)
+      end
+
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      assert_raises NativeException do 
+        p7.add_recipient(X509Cert)
+      end
+      
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+      assert_raises NativeException do 
+        p7.add_recipient(X509Cert)
+      end
+      
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      assert_raises NativeException do 
+        p7.add_recipient(X509Cert)
+      end
+    end
+
+    def test_add_recipient_info_to_enveloped_should_add_that_to_stack
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+      
+      ri = p7.add_recipient(X509Cert)
+      
+      assert_equal 1, p7.get_enveloped.recipient_info.size
+      assert_equal ri, p7.get_enveloped.recipient_info.iterator.next
+    end
+
+
+    def test_add_recipient_info_to_signedAndEnveloped_should_add_that_to_stack
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      
+      ri = p7.add_recipient(X509Cert)
+      
+      assert_equal 1, p7.get_signed_and_enveloped.recipient_info.size
+      assert_equal ri, p7.get_signed_and_enveloped.recipient_info.iterator.next
+    end
+    
+    def test_add_signer_to_something_that_cant_have_signers
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+      assert_raises NativeException do 
+        p7.add_signer(SignerInfoWithPkey.new(nil, nil, nil, nil, nil, nil, nil))
+      end
+
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      assert_raises NativeException do 
+        p7.add_signer(SignerInfoWithPkey.new(nil, nil, nil, nil, nil, nil, nil))
+      end
+      
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+      assert_raises NativeException do 
+        p7.add_signer(SignerInfoWithPkey.new(nil, nil, nil, nil, nil, nil, nil))
+      end
+      
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      assert_raises NativeException do 
+        p7.add_signer(SignerInfoWithPkey.new(nil, nil, nil, nil, nil, nil, nil))
+      end
+    end
+
+    def test_add_signer_to_signed_should_add_that_to_stack
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+      
+      si = SignerInfoWithPkey.new(nil, nil, nil, nil, nil, nil, nil)
+      p7.add_signer(si)
+      
+      assert_equal 1, p7.get_sign.signer_info.size
+      assert_equal si, p7.get_sign.signer_info.iterator.next
+    end
+
+
+    def test_add_signer_to_signedAndEnveloped_should_add_that_to_stack
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      
+      si = SignerInfoWithPkey.new(nil, nil, nil, nil, nil, nil, nil)
+      p7.add_signer(si)
+      
+      assert_equal 1, p7.get_signed_and_enveloped.signer_info.size
+      assert_equal si, p7.get_signed_and_enveloped.signer_info.iterator.next
+    end
+
+    def create_signer_info_with_algo(algo)
+      md5 = AlgorithmIdentifier.new(ASN1Registry.nid2obj(4))
+      SignerInfoWithPkey.new(DERInteger.new(BigInteger::ONE), 
+                     IssuerAndSerialNumber.new(X509Name.new("C=SE"), DERInteger.new(BigInteger::ONE)), 
+                     algo, 
+                     DERSet.new, 
+                     md5, 
+                     DEROctetString.new([].to_java(:byte)), 
+                     DERSet.new)
+    end
+    
+    def test_add_signer_to_signed_with_new_algo_should_add_that_algo_to_the_algo_list
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+
+      # YES, these numbers are correct. Don't change them. They are OpenSSL internal NIDs
+      md5 = AlgorithmIdentifier.new(ASN1Registry.nid2obj(4))
+      md4 = AlgorithmIdentifier.new(ASN1Registry.nid2obj(5))
+      
+      si = create_signer_info_with_algo(md5)
+      p7.add_signer(si)
+
+      assert_equal md5, p7.get_sign.md_algs.iterator.next
+      assert_equal 1, p7.get_sign.md_algs.size
+
+      si = create_signer_info_with_algo(md5)
+      p7.add_signer(si)
+
+      assert_equal md5, p7.get_sign.md_algs.iterator.next
+      assert_equal 1, p7.get_sign.md_algs.size
+
+      si = create_signer_info_with_algo(md4)
+      p7.add_signer(si)
+
+      assert_equal 2, p7.get_sign.md_algs.size
+      assert p7.get_sign.md_algs.contains(md4)
+      assert p7.get_sign.md_algs.contains(md5)
+    end
+
+
+    def test_add_signer_to_signedAndEnveloped_with_new_algo_should_add_that_algo_to_the_algo_list
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      
+      # YES, these numbers are correct. Don't change them. They are OpenSSL internal NIDs
+      md5 = AlgorithmIdentifier.new(ASN1Registry.nid2obj(4))
+      md4 = AlgorithmIdentifier.new(ASN1Registry.nid2obj(5))
+
+      si = create_signer_info_with_algo(md5)
+      p7.add_signer(si)
+
+      assert_equal md5, p7.get_signed_and_enveloped.md_algs.iterator.next
+      assert_equal 1, p7.get_signed_and_enveloped.md_algs.size
+
+      si = create_signer_info_with_algo(md5)
+      p7.add_signer(si)
+
+      assert_equal md5, p7.get_signed_and_enveloped.md_algs.iterator.next
+      assert_equal 1, p7.get_signed_and_enveloped.md_algs.size
+
+      si = create_signer_info_with_algo(md4)
+      p7.add_signer(si)
+
+      assert_equal 2, p7.get_signed_and_enveloped.md_algs.size
+      assert p7.get_signed_and_enveloped.md_algs.contains(md4)
+      assert p7.get_signed_and_enveloped.md_algs.contains(md5)
+    end
+    
+    def test_set_content_on_data_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      assert_raises NativeException do 
+        p7.setContent(PKCS7.new)
+      end
+    end
+
+    def test_set_content_on_enveloped_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+      assert_raises NativeException do 
+        p7.setContent(PKCS7.new)
+      end
+    end
+
+    def test_set_content_on_signedAndEnveloped_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      assert_raises NativeException do 
+        p7.setContent(PKCS7.new)
+      end
+    end
+
+    def test_set_content_on_encrypted_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+      assert_raises NativeException do 
+        p7.setContent(PKCS7.new)
+      end
+    end
+
+    def test_set_content_on_signed_sets_the_content
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+      p7new = PKCS7.new
+      p7.setContent(p7new)
+      
+      assert_equal p7new, p7.get_sign.contents
+    end
+
+    def test_set_content_on_digest_sets_the_content
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      p7new = PKCS7.new
+      p7.setContent(p7new)
+      
+      assert_equal p7new, p7.get_digest.contents
+    end
+    
+    def test_get_signer_info_on_digest_returns_null
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      assert_nil p7.signer_info
+    end
+
+    def test_get_signer_info_on_data_returns_null
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      assert_nil p7.signer_info
+    end
+
+    def test_get_signer_info_on_encrypted_returns_null
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+      assert_nil p7.signer_info
+    end
+
+    def test_get_signer_info_on_enveloped_returns_null
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+      assert_nil p7.signer_info
+    end
+
+    def test_get_signer_info_on_signed_returns_signer_info
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+      assert_equal p7.get_sign.signer_info.object_id, p7.signer_info.object_id
+    end
+
+    def test_get_signer_info_on_signedAndEnveloped_returns_signer_info
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      assert_equal p7.get_signed_and_enveloped.signer_info.object_id, p7.signer_info.object_id
+    end
+    
+    def test_content_new_on_data_raises_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      assert_raises NativeException do 
+        p7.content_new(ASN1Registry::NID_pkcs7_data)
+      end
+    end
+
+    def test_content_new_on_encrypted_raises_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+      assert_raises NativeException do 
+        p7.content_new(ASN1Registry::NID_pkcs7_data)
+      end
+    end
+
+    def test_content_new_on_enveloped_raises_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+      assert_raises NativeException do 
+        p7.content_new(ASN1Registry::NID_pkcs7_data)
+      end
+    end
+
+    def test_content_new_on_signedAndEnveloped_raises_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      assert_raises NativeException do 
+        p7.content_new(ASN1Registry::NID_pkcs7_data)
+      end
+    end
+    
+    def test_content_new_on_digest_creates_new_content
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      p7.content_new(ASN1Registry::NID_pkcs7_signedAndEnveloped)
+      assert p7.get_digest.contents.signed_and_enveloped?
+      
+      p7.content_new(ASN1Registry::NID_pkcs7_encrypted)
+      assert p7.get_digest.contents.encrypted?
+    end
+
+    def test_content_new_on_signed_creates_new_content
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+      p7.content_new(ASN1Registry::NID_pkcs7_signedAndEnveloped)
+      assert p7.get_sign.contents.signed_and_enveloped?
+      
+      p7.content_new(ASN1Registry::NID_pkcs7_encrypted)
+      assert p7.get_sign.contents.encrypted?
+    end
+
+    
+    def test_add_certificate_on_data_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      assert_raises NativeException do 
+        p7.add_certificate(X509Cert)
+      end
+    end
+
+    def test_add_certificate_on_enveloped_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+      assert_raises NativeException do 
+        p7.add_certificate(X509Cert)
+      end
+    end
+
+    def test_add_certificate_on_encrypted_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+      assert_raises NativeException do 
+        p7.add_certificate(X509Cert)
+      end
+    end
+
+    def test_add_certificate_on_digest_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      assert_raises NativeException do 
+        p7.add_certificate(X509Cert)
+      end
+    end
+
+    def test_add_certificate_on_signed_adds_the_certificate
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+      p7.add_certificate(X509Cert)
+      assert_equal 1, p7.get_sign.cert.size
+      assert_equal X509Cert, p7.get_sign.cert.iterator.next
+    end
+
+    def test_add_certificate_on_signedAndEnveloped_adds_the_certificate
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      p7.add_certificate(X509Cert)
+      assert_equal 1, p7.get_signed_and_enveloped.cert.size
+      assert_equal X509Cert, p7.get_signed_and_enveloped.cert.get(0)
+    end
+
+    def test_add_crl_on_data_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_data
+      assert_raises NativeException do 
+        p7.add_crl(X509CRL)
+      end
+    end
+
+    def test_add_crl_on_enveloped_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_enveloped
+      assert_raises NativeException do 
+        p7.add_crl(X509CRL)
+      end
+    end
+
+    def test_add_crl_on_encrypted_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_encrypted
+      assert_raises NativeException do 
+        p7.add_crl(X509CRL)
+      end
+    end
+
+    def test_add_crl_on_digest_throws_exception
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_digest
+      assert_raises NativeException do 
+        p7.add_crl(X509CRL)
+      end
+    end
+
+    def test_add_crl_on_signed_adds_the_crl
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signed
+      p7.add_crl(X509CRL)
+      assert_equal 1, p7.get_sign.crl.size
+      assert_equal X509CRL, p7.get_sign.crl.iterator.next
+    end
+
+    def test_add_crl_on_signedAndEnveloped_adds_the_crl
+      p7 = PKCS7.new
+      p7.type = ASN1Registry::NID_pkcs7_signedAndEnveloped
+      p7.add_crl(X509CRL)
+      assert_equal 1, p7.get_signed_and_enveloped.crl.size
+      assert_equal X509CRL, p7.get_signed_and_enveloped.crl.get(0)
+    end
+    
+    EXISTING_PKCS7_DEF = "0\202\002 \006\t*\206H\206\367\r\001\a\003\240\202\002\0210\202\002\r\002\001\0001\202\001\2700\201\331\002\001\0000B0=1\0230\021\006\n\t\222&\211\223\362,d\001\031\026\003org1\0310\027\006\n\t\222&\211\223\362,d\001\031\026\truby-lang1\v0\t\006\003U\004\003\f\002CA\002\001\0020\r\006\t*\206H\206\367\r\001\001\001\005\000\004\201\200\213kF\330\030\362\237\363$\311\351\207\271+_\310sr\344\233N\200\233)\272\226\343\003\224OOf\372 \r\301{\206\367\241\270\006\240\254\3179F\232\231Q\232\225\347\373\233\032\375\360\035o\371\275p\306\v5Z)\263\037\302|\307\300\327\a\375\023G'Ax\313\346\261\254\227K\026\364\242\337\367\362rk\276\023\217m\326\343F\366I1\263\nLuNf\234\203\261\300\030\232Q\277\231\f0\030\001\332\021\0030\201\331\002\001\0000B0=1\0230\021\006\n\t\222&\211\223\362,d\001\031\026\003org1\0310\027\006\n\t\222&\211\223\362,d\001\031\026\truby-lang1\v0\t\006\003U\004\003\f\002CA\002\001\0030\r\006\t*\206H\206\367\r\001\001\001\005\000\004\201\200\215\223\3428\2440]\0278\016\230,\315\023Tg\325`\376~\353\304\020\243N{\326H\003\005\361q\224OI\310\2324-\341?\355&r\215\233\361\245jF\255R\271\203D\304v\325\265\243\321$\bSh\031i\eS\240\227\362\221\364\232\035\202\f?x\031\223D\004ZHD\355'g\243\037\236mJ\323\210\347\274m\324-\351\332\353#A\273\002\"h\aM\202\347\236\265\aI$@\240bt=<\212\2370L\006\t*\206H\206\367\r\001\a\0010\035\006\t`\206H\001e\003\004\001\002\004\020L?\325\372\\\360\366\372\237|W\333nnI\255\200 \253\234\252\263\006\335\037\320\350{s\352r\337\304\305\216\223k\003\376f\027_\201\035#*\002yM\334"
+
+    EXISTING_PKCS7_1 = PKCS7::from_asn1(ASN1InputStream.new(EXISTING_PKCS7_DEF.to_java_bytes).read_object)
+    
+    def test_encrypt_integration_test
+      certs = [X509Cert]
+      cipher = Cipher.get_instance("AES", BCP.new)
+      data = "aaaaa\nbbbbb\nccccc\n".to_java_bytes
+      PKCS7::encrypt(certs, data, cipher, PKCS7::BINARY)
+#       puts
+#       puts PKCS7::encrypt(certs, data, cipher, PKCS7::BINARY)
+#       puts 
+#       puts EXISTING_PKCS7_1
+    end
+    
+    EXISTING_PKCS7_PEM = <<PKCS7STR
+-----BEGIN PKCS7-----
+MIICIAYJKoZIhvcNAQcDoIICETCCAg0CAQAxggG4MIHZAgEAMEIwPTETMBEGCgmS
+JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
+AwwCQ0ECAQIwDQYJKoZIhvcNAQEBBQAEgYCPGMV4KS/8amYA2xeIjj9qLseJf7dl
+BtSDp+YAU3y1JnW7XufBCKxYw7eCuhWWA/mrxijr+wdsFDvSalM6nPX2P2NiVMWP
+a7mzErZ4WrzkKIuGczYPYPJetwBYuhik3ya4ygYygoYssVRAITOSsEKpfqHAPmI+
+AUJkqmCdGpQu9TCB2QIBADBCMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJ
+kiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBAgEDMA0GCSqGSIb3DQEB
+AQUABIGAPaBX0KM3S+2jcrQrncu1jrvm1PUXlUvMfFIG2oBfPkMhiqCBvkOct1Ve
+ws1hxvGtsqyjAUn02Yx1+gQJhTN4JZZHNqkfi0TwN32nlwLxclKcrbF9bvtMiVHx
+V3LrSygblxxJsBf8reoV4yTJRa3w98bEoDhjUwjfy5xTml2cAn4wTAYJKoZIhvcN
+AQcBMB0GCWCGSAFlAwQBAgQQath+2gUo4ntkKl8FO1LLhoAg58j0Jn/OfWG3rNRH
+kTtUQfnBFk/UGbTZgExHILaGz8Y=
+-----END PKCS7-----
+PKCS7STR
+    
+    PKCS7_PEM_CONTENTS = "\347\310\364&\177\316}a\267\254\324G\221;TA\371\301\026O\324\031\264\331\200LG \266\206\317\306" 
+
+    PKCS7_PEM_FIRST_KEY = "\217\030\305x)/\374jf\000\333\027\210\216?j.\307\211\177\267e\006\324\203\247\346\000S|\265&u\273^\347\301\b\254X\303\267\202\272\025\226\003\371\253\306(\353\373\al\024;\322jS:\234\365\366?cbT\305\217k\271\263\022\266xZ\274\344(\213\206s6\017`\362^\267\000X\272\030\244\337&\270\312\0062\202\206,\261T@!3\222\260B\251~\241\300>b>\001Bd\252`\235\032\224.\365"
+
+    PKCS7_PEM_SECOND_KEY = "=\240W\320\2437K\355\243r\264+\235\313\265\216\273\346\324\365\027\225K\314|R\006\332\200_>C!\212\240\201\276C\234\267U^\302\315a\306\361\255\262\254\243\001I\364\331\214u\372\004\t\2053x%\226G6\251\037\213D\3607}\247\227\002\361rR\234\255\261}n\373L\211Q\361Wr\353K(\e\227\034I\260\027\374\255\352\025\343$\311E\255\360\367\306\304\2408cS\b\337\313\234S\232]\234\002~"
+    
+    def test_PEM_read_pkcs7_bio
+      bio = BIO::mem_buf(EXISTING_PKCS7_PEM.to_java_bytes)
+      p7 = PKCS7.read_pem(bio)
+
+      assert_equal ASN1Registry::NID_pkcs7_enveloped, p7.type
+      env = p7.get_enveloped
+      assert_equal 0, env.version
+      enc_data = env.enc_data
+      assert_equal ASN1Registry::NID_pkcs7_data, enc_data.content_type
+      assert_equal ASN1Registry::NID_aes_128_cbc, ASN1Registry::obj2nid(enc_data.algorithm.get_object_id)
+      assert_equal PKCS7_PEM_CONTENTS, String.from_java_bytes(enc_data.enc_data.octets)
+      
+      ris = env.recipient_info
+      assert_equal 2, ris.size
+      
+      first = second = nil
+      tmp = ris.iterator.next
+
+      if tmp.issuer_and_serial.certificate_serial_number.value == 2
+        first = tmp
+        iter = ris.iterator
+        iter.next
+        second = iter.next
+      else 
+        second = tmp
+        iter = ris.iterator
+        iter.next
+        first = iter.next
+      end
+      
+      assert_equal 0, first.version
+      assert_equal 0, second.version
+      
+      assert_equal "DC=org,DC=ruby-lang,CN=CA", first.issuer_and_serial.name.to_s
+      assert_equal "DC=org,DC=ruby-lang,CN=CA", second.issuer_and_serial.name.to_s
+      
+      assert_equal ASN1Registry::NID_rsaEncryption, ASN1Registry::obj2nid(first.key_enc_algor.get_object_id)
+      assert_equal ASN1Registry::NID_rsaEncryption, ASN1Registry::obj2nid(second.key_enc_algor.get_object_id)
+
+      assert_equal PKCS7_PEM_FIRST_KEY, String.from_java_bytes(first.enc_key.octets)
+      assert_equal PKCS7_PEM_SECOND_KEY, String.from_java_bytes(second.enc_key.octets)
+    end
+  end
+end
+