jruby-openssl 0.8.0.pre3 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest.txt +5 -124
- data/Rakefile +3 -3
- data/lib/shared/jopenssl.jar +0 -0
- data/lib/shared/jopenssl/version.rb +1 -1
- metadata +10 -116
- data/test/1.8/ssl_server.rb +0 -99
- data/test/1.8/test_asn1.rb +0 -212
- data/test/1.8/test_cipher.rb +0 -193
- data/test/1.8/test_config.rb +0 -290
- data/test/1.8/test_digest.rb +0 -88
- data/test/1.8/test_ec.rb +0 -128
- data/test/1.8/test_hmac.rb +0 -46
- data/test/1.8/test_ns_spki.rb +0 -59
- data/test/1.8/test_pair.rb +0 -149
- data/test/1.8/test_pkcs7.rb +0 -489
- data/test/1.8/test_pkey_rsa.rb +0 -49
- data/test/1.8/test_ssl.rb +0 -1032
- data/test/1.8/test_x509cert.rb +0 -277
- data/test/1.8/test_x509crl.rb +0 -253
- data/test/1.8/test_x509ext.rb +0 -99
- data/test/1.8/test_x509name.rb +0 -290
- data/test/1.8/test_x509req.rb +0 -195
- data/test/1.8/test_x509store.rb +0 -246
- data/test/1.8/utils.rb +0 -144
- data/test/1.9/ssl_server.rb +0 -81
- data/test/1.9/test_asn1.rb +0 -589
- data/test/1.9/test_bn.rb +0 -23
- data/test/1.9/test_buffering.rb +0 -88
- data/test/1.9/test_cipher.rb +0 -107
- data/test/1.9/test_config.rb +0 -288
- data/test/1.9/test_digest.rb +0 -118
- data/test/1.9/test_engine.rb +0 -15
- data/test/1.9/test_hmac.rb +0 -32
- data/test/1.9/test_ns_spki.rb +0 -50
- data/test/1.9/test_ocsp.rb +0 -47
- data/test/1.9/test_pair.rb +0 -257
- data/test/1.9/test_pkcs12.rb +0 -209
- data/test/1.9/test_pkcs7.rb +0 -156
- data/test/1.9/test_pkey_dh.rb +0 -72
- data/test/1.9/test_pkey_dsa.rb +0 -224
- data/test/1.9/test_pkey_ec.rb +0 -182
- data/test/1.9/test_pkey_rsa.rb +0 -244
- data/test/1.9/test_ssl.rb +0 -499
- data/test/1.9/test_ssl_session.rb +0 -327
- data/test/1.9/test_x509cert.rb +0 -217
- data/test/1.9/test_x509crl.rb +0 -221
- data/test/1.9/test_x509ext.rb +0 -69
- data/test/1.9/test_x509name.rb +0 -366
- data/test/1.9/test_x509req.rb +0 -150
- data/test/1.9/test_x509store.rb +0 -229
- data/test/1.9/utils.rb +0 -304
- data/test/cert_with_ec_pk.cer +0 -27
- data/test/fixture/ca-bundle.crt +0 -2794
- data/test/fixture/ca_path/72fa7371.0 +0 -19
- data/test/fixture/ca_path/verisign.pem +0 -19
- data/test/fixture/cacert.pem +0 -23
- data/test/fixture/cert_localhost.pem +0 -19
- data/test/fixture/common.pem +0 -48
- data/test/fixture/ids_in_subject_rdn_set.pem +0 -31
- data/test/fixture/imaps/cacert.pem +0 -60
- data/test/fixture/imaps/server.crt +0 -61
- data/test/fixture/imaps/server.key +0 -15
- data/test/fixture/key_then_cert.pem +0 -34
- data/test/fixture/keypair.pem +0 -27
- data/test/fixture/localhost_keypair.pem +0 -18
- data/test/fixture/max.pem +0 -29
- data/test/fixture/purpose/b70a5bc1.0 +0 -24
- data/test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +0 -0
- data/test/fixture/purpose/ca/ca_config.rb +0 -37
- data/test/fixture/purpose/ca/cacert.pem +0 -24
- data/test/fixture/purpose/ca/newcerts/2_cert.pem +0 -19
- data/test/fixture/purpose/ca/newcerts/3_cert.pem +0 -19
- data/test/fixture/purpose/ca/newcerts/4_cert.pem +0 -19
- data/test/fixture/purpose/ca/private/cakeypair.pem +0 -30
- data/test/fixture/purpose/ca/serial +0 -1
- data/test/fixture/purpose/cacert.pem +0 -24
- data/test/fixture/purpose/scripts/gen_cert.rb +0 -127
- data/test/fixture/purpose/scripts/gen_csr.rb +0 -50
- data/test/fixture/purpose/scripts/init_ca.rb +0 -66
- data/test/fixture/purpose/sslclient.pem +0 -19
- data/test/fixture/purpose/sslclient/csr.pem +0 -10
- data/test/fixture/purpose/sslclient/keypair.pem +0 -15
- data/test/fixture/purpose/sslclient/sslclient.pem +0 -19
- data/test/fixture/purpose/sslserver.pem +0 -19
- data/test/fixture/purpose/sslserver/csr.pem +0 -10
- data/test/fixture/purpose/sslserver/keypair.pem +0 -15
- data/test/fixture/purpose/sslserver/sslserver.pem +0 -19
- data/test/fixture/purpose/sslserver_no_dsig_in_keyUsage.pem +0 -19
- data/test/fixture/selfcert.pem +0 -23
- data/test/fixture/verisign.pem +0 -19
- data/test/fixture/verisign_c3.pem +0 -14
- data/test/ref/a.out +0 -0
- data/test/ref/compile.rb +0 -8
- data/test/ref/pkcs1 +0 -0
- data/test/ref/pkcs1.c +0 -21
- data/test/ruby/envutil.rb +0 -208
- data/test/ruby/ut_eof.rb +0 -128
- data/test/test_all.rb +0 -1
- data/test/test_certificate.rb +0 -132
- data/test/test_cipher.rb +0 -197
- data/test/test_imaps.rb +0 -107
- data/test/test_integration.rb +0 -144
- data/test/test_openssl.rb +0 -4
- data/test/test_parse_certificate.rb +0 -27
- data/test/test_pkcs7.rb +0 -56
- data/test/test_pkey_dsa.rb +0 -180
- data/test/test_pkey_rsa.rb +0 -329
- data/test/test_ssl.rb +0 -97
- data/test/test_x509store.rb +0 -168
data/test/1.8/test_pkcs7.rb
DELETED
@@ -1,489 +0,0 @@
|
|
1
|
-
begin
|
2
|
-
require "openssl"
|
3
|
-
require File.join(File.dirname(__FILE__), "utils.rb")
|
4
|
-
rescue LoadError
|
5
|
-
end
|
6
|
-
require "test/unit"
|
7
|
-
|
8
|
-
if defined?(OpenSSL)
|
9
|
-
|
10
|
-
class OpenSSL::TestPKCS7 < Test::Unit::TestCase
|
11
|
-
def setup
|
12
|
-
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
13
|
-
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
14
|
-
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
|
15
|
-
ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
|
16
|
-
ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
|
17
|
-
|
18
|
-
now = Time.now
|
19
|
-
ca_exts = [
|
20
|
-
["basicConstraints","CA:TRUE",true],
|
21
|
-
["keyUsage","keyCertSign, cRLSign",true],
|
22
|
-
["subjectKeyIdentifier","hash",false],
|
23
|
-
["authorityKeyIdentifier","keyid:always",false],
|
24
|
-
]
|
25
|
-
@ca_cert = issue_cert(ca, @rsa2048, 1, Time.now, Time.now+3600, ca_exts,
|
26
|
-
nil, nil, OpenSSL::Digest::SHA1.new)
|
27
|
-
ee_exts = [
|
28
|
-
["keyUsage","Non Repudiation, Digital Signature, Key Encipherment",true],
|
29
|
-
["authorityKeyIdentifier","keyid:always",false],
|
30
|
-
["extendedKeyUsage","clientAuth, emailProtection, codeSigning",false],
|
31
|
-
["nsCertType","client,email",false],
|
32
|
-
]
|
33
|
-
@ee1_cert = issue_cert(ee1, @rsa1024, 2, Time.now, Time.now+1800, ee_exts,
|
34
|
-
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
35
|
-
@ee2_cert = issue_cert(ee2, @rsa1024, 3, Time.now, Time.now+1800, ee_exts,
|
36
|
-
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
37
|
-
end
|
38
|
-
|
39
|
-
def issue_cert(*args)
|
40
|
-
OpenSSL::TestUtils.issue_cert(*args)
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_signed
|
44
|
-
store = OpenSSL::X509::Store.new
|
45
|
-
store.add_cert(@ca_cert)
|
46
|
-
ca_certs = [@ca_cert]
|
47
|
-
|
48
|
-
data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
|
49
|
-
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
|
50
|
-
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
51
|
-
certs = p7.certificates
|
52
|
-
signers = p7.signers
|
53
|
-
assert(p7.verify([], store))
|
54
|
-
assert_equal(data, p7.data)
|
55
|
-
assert_equal(2, certs.size)
|
56
|
-
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
57
|
-
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
58
|
-
assert_equal(1, signers.size)
|
59
|
-
assert_equal(@ee1_cert.serial, signers[0].serial)
|
60
|
-
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
61
|
-
|
62
|
-
# Normaly OpenSSL tries to translate the supplied content into canonical
|
63
|
-
# MIME format (e.g. a newline character is converted into CR+LF).
|
64
|
-
# If the content is a binary, PKCS7::BINARY flag should be used.
|
65
|
-
|
66
|
-
data = "aaaaa\nbbbbb\nccccc\n"
|
67
|
-
flag = OpenSSL::PKCS7::BINARY
|
68
|
-
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
|
69
|
-
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
70
|
-
certs = p7.certificates
|
71
|
-
signers = p7.signers
|
72
|
-
assert(p7.verify([], store))
|
73
|
-
assert_equal(data, p7.data)
|
74
|
-
assert_equal(2, certs.size)
|
75
|
-
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
76
|
-
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
77
|
-
assert_equal(1, signers.size)
|
78
|
-
assert_equal(@ee1_cert.serial, signers[0].serial)
|
79
|
-
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
80
|
-
|
81
|
-
# A signed-data which have multiple signatures can be created
|
82
|
-
# through the following steps.
|
83
|
-
# 1. create two signed-data
|
84
|
-
# 2. copy signerInfo and certificate from one to another
|
85
|
-
|
86
|
-
tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
|
87
|
-
tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
|
88
|
-
tmp1.add_signer(tmp2.signers[0])
|
89
|
-
tmp1.add_certificate(@ee2_cert)
|
90
|
-
|
91
|
-
p7 = OpenSSL::PKCS7.new(tmp1.to_der)
|
92
|
-
certs = p7.certificates
|
93
|
-
signers = p7.signers
|
94
|
-
assert(p7.verify([], store))
|
95
|
-
assert_equal(data, p7.data)
|
96
|
-
assert_equal(2, certs.size)
|
97
|
-
assert_equal(2, signers.size)
|
98
|
-
assert_equal(@ee1_cert.serial, signers[0].serial)
|
99
|
-
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
100
|
-
assert_equal(@ee2_cert.serial, signers[1].serial)
|
101
|
-
assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
|
102
|
-
end
|
103
|
-
|
104
|
-
def test_detached_sign
|
105
|
-
store = OpenSSL::X509::Store.new
|
106
|
-
store.add_cert(@ca_cert)
|
107
|
-
ca_certs = [@ca_cert]
|
108
|
-
|
109
|
-
data = "aaaaa\nbbbbb\nccccc\n"
|
110
|
-
flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
|
111
|
-
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
|
112
|
-
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
113
|
-
a1 = OpenSSL::ASN1.decode(p7)
|
114
|
-
|
115
|
-
certs = p7.certificates
|
116
|
-
signers = p7.signers
|
117
|
-
assert(!p7.verify([], store))
|
118
|
-
assert(p7.verify([], store, data))
|
119
|
-
assert_equal(data, p7.data)
|
120
|
-
assert_equal(2, certs.size)
|
121
|
-
assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
|
122
|
-
assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
|
123
|
-
assert_equal(1, signers.size)
|
124
|
-
assert_equal(@ee1_cert.serial, signers[0].serial)
|
125
|
-
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
|
126
|
-
end
|
127
|
-
|
128
|
-
def test_enveloped
|
129
|
-
if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
|
130
|
-
# PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
|
131
|
-
# http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
|
132
|
-
return
|
133
|
-
end
|
134
|
-
|
135
|
-
certs = [@ee1_cert, @ee2_cert]
|
136
|
-
cipher = OpenSSL::Cipher::AES.new("128-CBC")
|
137
|
-
data = "aaaaa\nbbbbb\nccccc\n"
|
138
|
-
|
139
|
-
tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
|
140
|
-
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
141
|
-
recip = p7.recipients
|
142
|
-
assert_equal(:enveloped, p7.type)
|
143
|
-
assert_equal(2, recip.size)
|
144
|
-
|
145
|
-
assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s)
|
146
|
-
assert_equal(2, recip[0].serial)
|
147
|
-
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
148
|
-
|
149
|
-
assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
|
150
|
-
assert_equal(3, recip[1].serial)
|
151
|
-
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
|
152
|
-
end
|
153
|
-
|
154
|
-
def test_envelope_des3
|
155
|
-
certs = [@ee1_cert]
|
156
|
-
cipher = OpenSSL::Cipher.new("des-ede3-cbc")
|
157
|
-
data = "aaaaa\nbbbbb\nccccc\n"
|
158
|
-
tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
|
159
|
-
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
160
|
-
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
161
|
-
end
|
162
|
-
|
163
|
-
def test_envelope_nil # RC2-40-CBC by default
|
164
|
-
certs = [@ee1_cert]
|
165
|
-
data = "aaaaa\nbbbbb\nccccc\n"
|
166
|
-
tmp = OpenSSL::PKCS7.encrypt(certs, data, nil, OpenSSL::PKCS7::BINARY)
|
167
|
-
p7 = OpenSSL::PKCS7.new(tmp.to_der)
|
168
|
-
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
169
|
-
end
|
170
|
-
|
171
|
-
def test_envelope_des3_compat
|
172
|
-
data = "aaaaa\nbbbbb\nccccc\n"
|
173
|
-
cruby_envelope = <<EOP
|
174
|
-
-----BEGIN PKCS7-----
|
175
|
-
MIIBMgYJKoZIhvcNAQcDoIIBIzCCAR8CAQAxgdwwgdkCAQAwQjA9MRMwEQYKCZIm
|
176
|
-
iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
|
177
|
-
DAJDQQIBAjANBgkqhkiG9w0BAQEFAASBgECDOPwRb0Vimo3bXAypvnhB/JvHZ0hV
|
178
|
-
5CWFdAmovioiu1fnMEqawJWudznUZ1rsCKKX4qzqfvSXk+8w7IZ5rqEFoGmLRQQ+
|
179
|
-
GR8yPJnDwNyQJwRjvcX2WzJnFDFIfROb+ySu8UCmxkTd/5jB3jsREXVqSIxezTif
|
180
|
-
IT8Q8X7CCx8+MDsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIaH1JJe6+hX+AGD8E
|
181
|
-
j3/kwFY3IOUxly+lPJNEQLpWBoSHZA==
|
182
|
-
-----END PKCS7-----
|
183
|
-
EOP
|
184
|
-
p7 = OpenSSL::PKCS7.new(cruby_envelope)
|
185
|
-
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
186
|
-
#
|
187
|
-
jruby_envelope = <<EOP
|
188
|
-
-----BEGIN PKCS7-----
|
189
|
-
MIIBMAYJKoZIhvcNAQcDoIIBITCCAR0CAQAxgdowgdcCAQAwQjA9MRMwEQYKCZIm
|
190
|
-
iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
|
191
|
-
DAJDQQIBAjALBgkqhkiG9w0BAQEEgYBqCQY/oP0Gv1XbAJ5HjZ9HNZN9gBFlmMDx
|
192
|
-
fb9YWDQZH24KrTUEssr6jyJuyMsONTdaYWIfG/RWHxw970AkXUXcXDeO8Ze+vSVh
|
193
|
-
8tohLGLTsBKdvizuC/5jFHLAoNaa5qJZEFanmqMXlO5HiImUZB2BHwJddRuRTg0y
|
194
|
-
UuAnFtLd+DA7BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECP1rHLNHCtyWgBgFQDex
|
195
|
-
XDgcukPOkDwRcUQJAKu3x5HtQpw=
|
196
|
-
-----END PKCS7-----
|
197
|
-
EOP
|
198
|
-
p7 = OpenSSL::PKCS7.new(jruby_envelope)
|
199
|
-
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
200
|
-
end
|
201
|
-
|
202
|
-
def test_envelope_aes_compat
|
203
|
-
data = "aaaaa\nbbbbb\nccccc\n"
|
204
|
-
cruby_envelope = <<EOP
|
205
|
-
-----BEGIN PKCS7-----
|
206
|
-
MIICIAYJKoZIhvcNAQcDoIICETCCAg0CAQAxggG4MIHZAgEAMEIwPTETMBEGCgmS
|
207
|
-
JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
|
208
|
-
AwwCQ0ECAQIwDQYJKoZIhvcNAQEBBQAEgYCHIMVl+WKzjnTuslePlItMq4A+klIZ
|
209
|
-
rU+5U0UvaOPPpr2UgjD3J1OL09W19De7pKNSSZUd0QWQBB3IG4IzefWzYxt2ejZY
|
210
|
-
rJDO/wdHa6Mdq1ZsdbLP1sIRxTyWskc3O8VJvo5boFG/bZxLHA6CPnhifnfqEkkq
|
211
|
-
wVbjAbBGI61HxTCB2QIBADBCMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJ
|
212
|
-
kiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBAgEDMA0GCSqGSIb3DQEB
|
213
|
-
AQUABIGASvO7jsPCAB/TcRgmIKEHRDqPThQrSAJRE+uDVeiPlIHsCaUDspGX8niH
|
214
|
-
4+UPsLhdd6H68Ecay93Hi78SYR/w0NbrwwMBGRlU3/AFhq/OseosuBb303mAqnoz
|
215
|
-
kU6qlNwJuy/4NIReldsaVJJuZ4nkEBfZAw+99Mxh7IQYx069fwIwTAYJKoZIhvcN
|
216
|
-
AQcBMB0GCWCGSAFlAwQBAgQQf1IrOpN2OmqMHz1t7biX/oAgubIiBzarCuTKPMby
|
217
|
-
eg4/+hy0xJsT0IkF1O0G1XTOWcE=
|
218
|
-
-----END PKCS7-----
|
219
|
-
EOP
|
220
|
-
p7 = OpenSSL::PKCS7.new(cruby_envelope)
|
221
|
-
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
222
|
-
#
|
223
|
-
jruby_envelope = <<EOP
|
224
|
-
-----BEGIN PKCS7-----
|
225
|
-
MIICHAYJKoZIhvcNAQcDoIICDTCCAgkCAQAxggG0MIHXAgEAMEIwPTETMBEGCgmS
|
226
|
-
JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
|
227
|
-
AwwCQ0ECAQIwCwYJKoZIhvcNAQEBBIGAg0Yz54LwCKM9l128jjh0FlA5Wvzfsjd2
|
228
|
-
S3dYESzxnxqdhKkSDya16lkYyZZ+aVWmC8XOgkGGwGJTudq3gGn2p3wsgx63J4Ar
|
229
|
-
PfslsDslIaddp8op4i+ifDi15qCjWXIyQaYMSN/DsFN8DlB8jMjPAlQO3MFtifb2
|
230
|
-
D7vFjLjSrogwgdcCAQAwQjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZIm
|
231
|
-
iZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQQIBAzALBgkqhkiG9w0BAQEE
|
232
|
-
gYCfAEL80vCsFo9kalePlb73lL2iDPbbDfjpWs0nnlXX8BhS/H781kvUkDpwl/qT
|
233
|
-
9KcFCaPGJ2IYgEjys6VPK9ho/hIIIz+BX8MIuWbweQTn1Y0TTlTL91Zr66xyZP1p
|
234
|
-
zyStG6Zc1u26hiX31hk1P6ihhhXu+I5bserKNYUnYsxJSjBMBgkqhkiG9w0BBwEw
|
235
|
-
HQYJYIZIAWUDBAECBBD42Hndr47SEdUoc6SWOKsbgCCylxb34kE14eBc9nN9MnC+
|
236
|
-
SaVrDPgso584FIimP6o+Fw==
|
237
|
-
-----END PKCS7-----
|
238
|
-
EOP
|
239
|
-
p7 = OpenSSL::PKCS7.new(jruby_envelope)
|
240
|
-
assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
|
241
|
-
end
|
242
|
-
|
243
|
-
def test_signed_compat
|
244
|
-
=begin
|
245
|
-
# how to generate signature
|
246
|
-
ca_certs = [@ca_cert]
|
247
|
-
data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
|
248
|
-
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
|
249
|
-
puts tmp
|
250
|
-
=end
|
251
|
-
cruby_sign = <<EOP
|
252
|
-
-----BEGIN PKCS7-----
|
253
|
-
MIIILgYJKoZIhvcNAQcCoIIIHzCCCBsCAQExCzAJBgUrDgMCGgUAMCQGCSqGSIb3
|
254
|
-
DQEHAaAXBBVhYWFhYQ0KYmJiYmINCmNjY2NjDQqgggZBMIIC4TCCAcmgAwIBAgIB
|
255
|
-
AjANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZIm
|
256
|
-
iZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAeFw0wOTEyMTYxNTQ1MzRa
|
257
|
-
Fw0wOTEyMTYxNjE1MzRaMD4xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJ
|
258
|
-
k/IsZAEZFglydWJ5LWxhbmcxDDAKBgNVBAMMA0VFMTCBnzANBgkqhkiG9w0BAQEF
|
259
|
-
AAOBjQAwgYkCgYEAy8LEsNRApz7U/j5DoB4XBgO9Z8Atv5y/OVQRp0ag8Tqo1Yew
|
260
|
-
sWijxEWB7JOATwpBN267U4T1nPZIxxEEO7n/WNa2ws9JWsjah8ssEBFSxZqdXKSL
|
261
|
-
f0N4Hi7/GQ/aYoaMCiQ8jA4jegK2FJmXM71uPe+jFN/peeBOpRfyXxRFOYcCAwEA
|
262
|
-
AaNvMG0wDgYDVR0PAQH/BAQDAgXgMB8GA1UdIwQYMBaAFJc5ncP7zbqPVAyQe0Y/
|
263
|
-
6tZDdbHLMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwMw
|
264
|
-
EQYJYIZIAYb4QgEBBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4IBAQB9jL0H9qAeWZmA
|
265
|
-
lmEr7WbVibFwod6ZgNmbFhoP6a9PANDdYwp1EQ7J2o3Dzw1hNjsxDVE5uf3qgA0F
|
266
|
-
df/YoFkfi4xoL1pKdZv9ZMOlctC1po7MbFakjeHdxMtdIM70DMxbS4o4HzXrKtC3
|
267
|
-
of1SmKh+g+r4R1YHCrbBCspEX+s2Y4mKD0IP0XkVvv1d4YICAnKYGCYEC9OS4fr7
|
268
|
-
JPB2cL1yXnjPL0OOvSeAOC2uIkDq1SVZk6Xq4sSaHAKwBNGg0HrqOhrdgcB0Ftpi
|
269
|
-
7Paty9PUmSIjoqre/WzfGNF1MrtTC0wf0PDw/aUzWgInlIXJhcbJOMyhWM/SO5ok
|
270
|
-
50rcYfObMIIDWDCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZIm
|
271
|
-
iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
|
272
|
-
DAJDQTAeFw0wOTEyMTYxNTQ1MzRaFw0wOTEyMTYxNjQ1MzRaMD0xEzARBgoJkiaJ
|
273
|
-
k/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMM
|
274
|
-
AkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38j
|
275
|
-
OXvvTKY9gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+
|
276
|
-
Slp1enenfzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5
|
277
|
-
mrJVSrWmqbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+
|
278
|
-
X8xdW5v68JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE02
|
279
|
-
7E5lyAVX9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoM
|
280
|
-
cH+94wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
|
281
|
-
BgNVHQ4EFgQUlzmdw/vNuo9UDJB7Rj/q1kN1scswHwYDVR0jBBgwFoAUlzmdw/vN
|
282
|
-
uo9UDJB7Rj/q1kN1scswDQYJKoZIhvcNAQEFBQADggEBAFa1X5xX5+NlXOI3z2vh
|
283
|
-
Vp9tPvIAtftqkhdMbfS1dAAIIZKVLPfvQ+ZLqx/AzQXmDajg3Pg9YoBB3RRDx1xh
|
284
|
-
A9ECO4Lpbv5fYAkIul6XQ2D3U1IjnkhdfYHcU5iRl58nhjlDNd+3vOp1/h9D9Pp6
|
285
|
-
lRILuFCoRcOogcXzChuDA06CDbMao1dDcwdNe1SdV54hzZs1DVqoKIjj4182HUST
|
286
|
-
getU2RDFXh76VtF35iYDzdA+iCAWOqXSMAq7GnZJvL//0Ndffc7Oc6QXCicwiUSw
|
287
|
-
Wrj72gEakBOeC8XxlYaP7TSXFkasdg1Eccz7+U6LgWaYrgwgTdGXarT3ewjs/mvb
|
288
|
-
sgsxggGcMIIBmAIBATBCMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJ
|
289
|
-
k/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBAgECMAkGBSsOAwIaBQCggbEw
|
290
|
-
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkxMjE2
|
291
|
-
MTU0NTM0WjAjBgkqhkiG9w0BCQQxFgQUTqRiQxhezJlftad5eZ6u7hNacV0wUgYJ
|
292
|
-
KoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI
|
293
|
-
hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAE
|
294
|
-
gYCMPxJNaR29Yeo/3JWtUTTRq+IlUWHP4bHoZJHQzyFkFPS3fk+9q9KjlTcFY1rT
|
295
|
-
YbBOUD+QxwU/jlks6Y5PZByIpnWvVy0RujcCzGcMyEY6xKBBkps9X5VuezMB0nbW
|
296
|
-
xM2k+0e3B7V0KU8fMcO8Ajq9jGn8/hVixbUkyvhq3Xx2Nw==
|
297
|
-
-----END PKCS7-----
|
298
|
-
EOP
|
299
|
-
jruby_sign = <<EOP
|
300
|
-
-----BEGIN PKCS7-----
|
301
|
-
MIIIKAYJKoZIhvcNAQcCoIIIGTCCCBUCAQExCTAHBgUrDgMCGjAkBgkqhkiG9w0B
|
302
|
-
BwGgFwQVYWFhYWENCmJiYmJiDQpjY2NjYw0KoIIGQTCCAuEwggHJoAMCAQICAQIw
|
303
|
-
DQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT
|
304
|
-
8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwHhcNMDkxMjE2MTU0NjE5WhcN
|
305
|
-
MDkxMjE2MTYxNjE5WjA+MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
|
306
|
-
LGQBGRYJcnVieS1sYW5nMQwwCgYDVQQDDANFRTEwgZ8wDQYJKoZIhvcNAQEBBQAD
|
307
|
-
gY0AMIGJAoGBAMvCxLDUQKc+1P4+Q6AeFwYDvWfALb+cvzlUEadGoPE6qNWHsLFo
|
308
|
-
o8RFgeyTgE8KQTduu1OE9Zz2SMcRBDu5/1jWtsLPSVrI2ofLLBARUsWanVyki39D
|
309
|
-
eB4u/xkP2mKGjAokPIwOI3oCthSZlzO9bj3voxTf6XngTqUX8l8URTmHAgMBAAGj
|
310
|
-
bzBtMA4GA1UdDwEB/wQEAwIF4DAfBgNVHSMEGDAWBBSXOZ3D+826j1QMkHtGP+rW
|
311
|
-
Q3WxyzAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMDMBEG
|
312
|
-
CWCGSAGG+EIBAQQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAZPqFEX/azn4squHn
|
313
|
-
mh+o3tulK/XqdnPA+mx+yvhg53QqWewpSeNQnhH/Y/wnGva6bEFqDd7WTlhkSp0P
|
314
|
-
2qtCP3C5MI2aLPZBUjFJq6cxEC+CUAD7ggIoV8/Z3XCGOa1z/m+QKpBq5t13Hewb
|
315
|
-
Kd8Ab5lojN15XYyLFQ8wJsrkvjA+z943Ux+4aAv2DoOv0Y+GuvgOuqNCs+frZYHR
|
316
|
-
OdOsnhg48A+UsjlLh5wsHzsZEMmtEfP59TdCZ/HbW2WIbdoij+GsK3uoITjhLNyO
|
317
|
-
RK/XeuBwnaksrBiIeCfVQxNHriTPL/4xolOAWVtlhJOj+i8iMPJnbi9M3lVO5fLd
|
318
|
-
9ShiZDCCA1gwggJAoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT
|
319
|
-
8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwC
|
320
|
-
Q0EwHhcNMDkxMjE2MTU0NjE4WhcNMDkxMjE2MTY0NjE4WjA9MRMwEQYKCZImiZPy
|
321
|
-
LGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJD
|
322
|
-
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlfYbfSe5ODQbN/Izl7
|
323
|
-
70ymPYFvJyyAkp6ORBE0dXLhe4uKTbPSNUCRgBQF9ARDuCm815rjr3wqQ9wlPkpa
|
324
|
-
dXp3p386v7f3v9SEVtMJCVCVBUIoJ+Ara5CS/j9O8sdfFI8j5QV2/NQKRJgAeZqy
|
325
|
-
VUq1pqm47NOyW7kuEEBhly3Pkrveg5GCpkjVYwYi8VVUqcmXwGN4Q9+3etLhvl/M
|
326
|
-
XVub+vCZERSIXRpW+iS/H5ZX/wP25TcHSToVa/ZhEh4cBo8H0nkwz33fGSxNNuxO
|
327
|
-
ZcgFV/SmWHFNNJjl/n3cTkpxqkv/CQ0YdBDxwy9eUXCY1dier2Yz29KzmBg6DHB/
|
328
|
-
veMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
|
329
|
-
VR0OBBYEFJc5ncP7zbqPVAyQe0Y/6tZDdbHLMB8GA1UdIwQYMBYEFJc5ncP7zbqP
|
330
|
-
VAyQe0Y/6tZDdbHLMA0GCSqGSIb3DQEBBQUAA4IBAQBK/6fISsbbIY1uCX4WMENG
|
331
|
-
V1dCmDAFaZwgewhg09n3rgs4lWKVOWG6X57oML9YSVuz05kkFaSIox+vi36awVf6
|
332
|
-
7YY0V+JdNEQRle/0ptLxmEY8gGD1HvM8JAsQdotMl6hFfzMQ8Uu0IHePYFMyU9aU
|
333
|
-
9Z4k1kCEPc222Uyt7whCWHloWMgjKNeCRjMLUvw9HUxGeq/2Y+t8d65SrqsxpHJd
|
334
|
-
dszJvG+fl0UPoAdB0c4jCGWIzfoGP74CXVAGcuuFZlImmV5cY0+sDo7dtwRDp0DF
|
335
|
-
307/n8+qlsMqpIummFV2mhZTGrtgW+bTZSYQsSJTJZ6nK3c0rQCH4wyUP3rBNhRf
|
336
|
-
MYIBmDCCAZQCAQEwQjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
|
337
|
-
LGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQQIBAjAHBgUrDgMCGqCBsTAYBgkq
|
338
|
-
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ2
|
339
|
-
MTlaMCMGCSqGSIb3DQEJBDEWBBROpGJDGF7MmV+1p3l5nq7uE1pxXTBSBgkqhkiG
|
340
|
-
9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
|
341
|
-
AgIBQDANBggqhkiG9w0DAgIBKDAHBgUrDgMCBzALBgkqhkiG9w0BAQEEgYBygH60
|
342
|
-
/1zLRnXaPKh8fTaQtQCTobefRqGLxbWJaTmO83UeDEmS8HXyr6t5KkZ4qZL6BA50
|
343
|
-
bQSlVx3I9SiqevP0vEiXGzmb4m1blFzdH5HHZk4ZUWqWYyTqOdXTSfwFp53VAUhi
|
344
|
-
9d8f3IBfFoxCvORtzYZKCzW/ZRvEqBO3xJlVuQ==
|
345
|
-
-----END PKCS7-----
|
346
|
-
EOP
|
347
|
-
store = OpenSSL::X509::Store.new
|
348
|
-
store.add_cert(@ca_cert)
|
349
|
-
# just checks pubkey's n to avoid certificate expiration.
|
350
|
-
# this test is for PKCS#7, not for certificate verification.
|
351
|
-
store.verify_callback = proc { |ok, ctx|
|
352
|
-
# !! CAUTION: NEVER DO THIS KIND OF NEGLIGENCE !!
|
353
|
-
[@ca_cert.public_key.n, @ee1_cert.public_key.n].include?(ctx.current_cert.public_key.n)
|
354
|
-
# should return 'ok' here
|
355
|
-
}
|
356
|
-
|
357
|
-
p7 = OpenSSL::PKCS7.new(cruby_sign)
|
358
|
-
assert(p7.verify([], store))
|
359
|
-
|
360
|
-
p7 = OpenSSL::PKCS7.new(jruby_sign)
|
361
|
-
assert(p7.verify([], store))
|
362
|
-
end
|
363
|
-
|
364
|
-
def test_detached_sign_compat
|
365
|
-
=begin
|
366
|
-
# how to generate signature
|
367
|
-
ca_certs = [@ca_cert]
|
368
|
-
flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
|
369
|
-
tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
|
370
|
-
puts tmp
|
371
|
-
=end
|
372
|
-
cruby_sign = <<EOP
|
373
|
-
-----BEGIN PKCS7-----
|
374
|
-
MIIIFQYJKoZIhvcNAQcCoIIIBjCCCAICAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
|
375
|
-
DQEHAaCCBkEwggLhMIIByaADAgECAgECMA0GCSqGSIb3DQEBBQUAMD0xEzARBgoJ
|
376
|
-
kiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNV
|
377
|
-
BAMMAkNBMB4XDTA5MTIxNjE1NDkyN1oXDTA5MTIxNjE2MTkyN1owPjETMBEGCgmS
|
378
|
-
JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzEMMAoGA1UE
|
379
|
-
AwwDRUUxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLwsSw1ECnPtT+PkOg
|
380
|
-
HhcGA71nwC2/nL85VBGnRqDxOqjVh7CxaKPERYHsk4BPCkE3brtThPWc9kjHEQQ7
|
381
|
-
uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/Q3geLv8ZD9pihowKJDyMDiN6ArYUmZcz
|
382
|
-
vW4976MU3+l54E6lF/JfFEU5hwIDAQABo28wbTAOBgNVHQ8BAf8EBAMCBeAwHwYD
|
383
|
-
VR0jBBgwFoAUlzmdw/vNuo9UDJB7Rj/q1kN1scswJwYDVR0lBCAwHgYIKwYBBQUH
|
384
|
-
AwIGCCsGAQUFBwMEBggrBgEFBQcDAzARBglghkgBhvhCAQEEBAMCBaAwDQYJKoZI
|
385
|
-
hvcNAQEFBQADggEBAJ4qQEkUVLW7s3JNKWVOxDwPmDGQsN9uG5ULT3ub76gaC8XH
|
386
|
-
Ljh59zzN2o3bJ5yH4oW+zejcDtGP2R2RBDCu5X7uuLhEbjv4xarSSgLeQHAXhEXa
|
387
|
-
pXY3nXa6DM6HVWKL176FQfN+B7ouejR17ESeMMVAgYjTrr7jjVpaZxXGKXnLeqVv
|
388
|
-
qd4TojjibzoeRw7BxIjmoa+74KO+N6Z+d0R5bNBh+40HyTpCww0O7RjGsOV2ANxW
|
389
|
-
sPREa3KmGmKdlyXsZP1VJyBDymSJSee1zCYmmc+S532+537ygGZEGk8FysRtJXPc
|
390
|
-
71XhPEXMjimn3wVSt1jPhzk4HmXoYwcCI2pKVfMwggNYMIICQKADAgECAgEBMA0G
|
391
|
-
CSqGSIb3DQEBBQUAMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/Is
|
392
|
-
ZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMB4XDTA5MTIxNjE1NDkyNloXDTA5
|
393
|
-
MTIxNjE2NDkyNlowPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixk
|
394
|
-
ARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
395
|
-
DwAwggEKAoIBAQC5X2G30nuTg0GzfyM5e+9Mpj2BbycsgJKejkQRNHVy4XuLik2z
|
396
|
-
0jVAkYAUBfQEQ7gpvNea4698KkPcJT5KWnV6d6d/Or+397/UhFbTCQlQlQVCKCfg
|
397
|
-
K2uQkv4/TvLHXxSPI+UFdvzUCkSYAHmaslVKtaapuOzTslu5LhBAYZctz5K73oOR
|
398
|
-
gqZI1WMGIvFVVKnJl8BjeEPft3rS4b5fzF1bm/rwmREUiF0aVvokvx+WV/8D9uU3
|
399
|
-
B0k6FWv2YRIeHAaPB9J5MM993xksTTbsTmXIBVf0plhxTTSY5f593E5KcapL/wkN
|
400
|
-
GHQQ8cMvXlFwmNXYnq9mM9vSs5gYOgxwf73jAgMBAAGjYzBhMA8GA1UdEwEB/wQF
|
401
|
-
MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSXOZ3D+826j1QMkHtGP+rW
|
402
|
-
Q3WxyzAfBgNVHSMEGDAWgBSXOZ3D+826j1QMkHtGP+rWQ3WxyzANBgkqhkiG9w0B
|
403
|
-
AQUFAAOCAQEAicOGMs494jNo6buyvWgYwCMEHTgf8snOR6F5Xs7R4CsIfF+Y1Q8S
|
404
|
-
urL2ZrabYP0bWNZO0eYyUwNi9QCYn8n5UsYPu5HoC04maVlimAnf8kUoWK4/Es4F
|
405
|
-
0geMJGG7TOn17aQYj4v8CMBuYBAuO/poQgbpjxZnNLBqSkWz3uSl+LF6Zwlu/jIa
|
406
|
-
jcRNTix/soQwTO02EtG3ZhNFmSLwL4cMljjXHuVgTl++mO7w/3qzGgtldkot9W87
|
407
|
-
pnx0u9UgZkgsRVhIkvSsTNaTe0ylA3Lqa5COd89PrCjm66IdAjyND3puWP4etFP6
|
408
|
-
ycc7rtc0302ndadSEJRgul9pFJ4xtuAN5jGCAZwwggGYAgEBMEIwPTETMBEGCgmS
|
409
|
-
JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
|
410
|
-
AwwCQ0ECAQIwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
|
411
|
-
MBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ5MjdaMCMGCSqGSIb3DQEJBDEWBBT2
|
412
|
-
oG8gOR1i/LHuubBgBOVTjSF6lzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH
|
413
|
-
MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
|
414
|
-
9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgCPxDWHnvO3pMg0XUDGtisZgbjFG+sJy
|
415
|
-
brFi2QG0IR+iQ6kOrBWkBW15SDgj0te1ze6ddLx3VT0aaOHMzGS103oWQT6l+xqV
|
416
|
-
C+A/FA5O+hefjqusgl289gFvApuGVSaMisHBcMAN059E1rsSTnG3LoHqkKjOgKkJ
|
417
|
-
zyAlR+YeT270
|
418
|
-
-----END PKCS7-----
|
419
|
-
EOP
|
420
|
-
jruby_sign = <<EOP
|
421
|
-
-----BEGIN PKCS7-----
|
422
|
-
MIIIEwYJKoZIhvcNAQcCoIIIBDCCCAACAQExCTAHBgUrDgMCGjAPBgkqhkiG9w0B
|
423
|
-
BwGgAgQAoIIGQTCCAuEwggHJoAMCAQICAQIwDQYJKoZIhvcNAQEFBQAwPTETMBEG
|
424
|
-
CgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkG
|
425
|
-
A1UEAwwCQ0EwHhcNMDkxMjE2MTU0OTU3WhcNMDkxMjE2MTYxOTU3WjA+MRMwEQYK
|
426
|
-
CZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQwwCgYD
|
427
|
-
VQQDDANFRTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvCxLDUQKc+1P4+
|
428
|
-
Q6AeFwYDvWfALb+cvzlUEadGoPE6qNWHsLFoo8RFgeyTgE8KQTduu1OE9Zz2SMcR
|
429
|
-
BDu5/1jWtsLPSVrI2ofLLBARUsWanVyki39DeB4u/xkP2mKGjAokPIwOI3oCthSZ
|
430
|
-
lzO9bj3voxTf6XngTqUX8l8URTmHAgMBAAGjbzBtMA4GA1UdDwEB/wQEAwIF4DAf
|
431
|
-
BgNVHSMEGDAWBBSXOZ3D+826j1QMkHtGP+rWQ3WxyzAnBgNVHSUEIDAeBggrBgEF
|
432
|
-
BQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIFoDANBgkq
|
433
|
-
hkiG9w0BAQUFAAOCAQEAAVeRavmpW+ez0dpDs1ksEZSKIr+JQHPIfgyF1P0x/uLH
|
434
|
-
tkUssR1puDsYB9bWQncYz2PyFzDdXHUneKLu01hSrY9fS85S3w/sa6scGtMD1SDS
|
435
|
-
Ptm93a67pvNoXY8rrdW67Wughyix78TOpe7F/D8tLxm7dRfZVLCtV/OIgnjTKK36
|
436
|
-
NNBAX4Ef0+43EDUZYQIbEudqcjjYN0Dti0dH4FuUW5PPTAs9nuNfkAWr0hTyBwlC
|
437
|
-
qhlgFY3ParJ9Yug7BVZj99vrI4F9KFzWkoSd5pIl+mR1aNQ3uQgks7aNqnZ8PeJo
|
438
|
-
gP9zcZqZniuj7sa92t1bPxn5JmLy+vnxeWiQPw8fhDCCA1gwggJAoAMCAQICAQEw
|
439
|
-
DQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT
|
440
|
-
8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwHhcNMDkxMjE2MTU0OTU3WhcN
|
441
|
-
MDkxMjE2MTY0OTU3WjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
|
442
|
-
LGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTCCASIwDQYJKoZIhvcNAQEBBQAD
|
443
|
-
ggEPADCCAQoCggEBALlfYbfSe5ODQbN/Izl770ymPYFvJyyAkp6ORBE0dXLhe4uK
|
444
|
-
TbPSNUCRgBQF9ARDuCm815rjr3wqQ9wlPkpadXp3p386v7f3v9SEVtMJCVCVBUIo
|
445
|
-
J+Ara5CS/j9O8sdfFI8j5QV2/NQKRJgAeZqyVUq1pqm47NOyW7kuEEBhly3Pkrve
|
446
|
-
g5GCpkjVYwYi8VVUqcmXwGN4Q9+3etLhvl/MXVub+vCZERSIXRpW+iS/H5ZX/wP2
|
447
|
-
5TcHSToVa/ZhEh4cBo8H0nkwz33fGSxNNuxOZcgFV/SmWHFNNJjl/n3cTkpxqkv/
|
448
|
-
CQ0YdBDxwy9eUXCY1dier2Yz29KzmBg6DHB/veMCAwEAAaNjMGEwDwYDVR0TAQH/
|
449
|
-
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJc5ncP7zbqPVAyQe0Y/
|
450
|
-
6tZDdbHLMB8GA1UdIwQYMBYEFJc5ncP7zbqPVAyQe0Y/6tZDdbHLMA0GCSqGSIb3
|
451
|
-
DQEBBQUAA4IBAQBxj2quNTT3/vKTM6bFtEDmXUcruEnbM+VQ1oaDGc8Zh1c/0GIh
|
452
|
-
l4AGnoD611tdUazZbz7EtLLwfjhEFFJtwxro4Hdc0YEeBwO/ehx8mdclbMzbfQVF
|
453
|
-
l+wyPpcsWYH8aRAZ/AKY31lS/vPp/vDOJ+SAkYgT3f3g8NCOLCXeivkWze5CDzME
|
454
|
-
Qj9GGl8BzhxQAMwzXVkmBNmdsTBlpWE1fJBUNCyvFLVRn09LphQ2SDOXr16af9v0
|
455
|
-
4K8WBTi0/qYcrGvgpl5DIqOg0bfjEwz9Ze5XKa1aem0DdEcM91eEbe5VkakIXvTX
|
456
|
-
0jUoDm9R5iJ7fAt+vmW/Kcif4VK/nDzJnPx+MYIBmDCCAZQCAQEwQjA9MRMwEQYK
|
457
|
-
CZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYD
|
458
|
-
VQQDDAJDQQIBAjAHBgUrDgMCGqCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
|
459
|
-
MBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ5NTdaMCMGCSqGSIb3DQEJBDEWBBT2
|
460
|
-
oG8gOR1i/LHuubBgBOVTjSF6lzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH
|
461
|
-
MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDAH
|
462
|
-
BgUrDgMCBzALBgkqhkiG9w0BAQEEgYBPjfO6ZkzbNhlRI9Y58QpOxdqdF/NmWBJE
|
463
|
-
rYoqlDUeMcH5RHb+MLUBEeo666u0xIXYzG9CWrlVjJa42FDNEl5sGRB1Oic6LNIB
|
464
|
-
YBFvB2CAX9R3+d34WMLXKwl6ikeN6VVud+TeB5SpLR/hltWIb1FJMeJ4wM8fNI/t
|
465
|
-
RfHXsdxTuA==
|
466
|
-
-----END PKCS7-----
|
467
|
-
EOP
|
468
|
-
data = "aaaaa\nbbbbb\nccccc\n"
|
469
|
-
store = OpenSSL::X509::Store.new
|
470
|
-
store.add_cert(@ca_cert)
|
471
|
-
# just checks pubkey's n to avoid certificate expiration.
|
472
|
-
# this test is for PKCS#7, not for certificate verification.
|
473
|
-
store.verify_callback = proc { |ok, ctx|
|
474
|
-
# !! CAUTION: NEVER DO THIS KIND OF NEGLIGENCE !!
|
475
|
-
[@ca_cert.public_key.n, @ee1_cert.public_key.n].include?(ctx.current_cert.public_key.n)
|
476
|
-
# should return 'ok' here
|
477
|
-
}
|
478
|
-
|
479
|
-
p7 = OpenSSL::PKCS7.new(cruby_sign)
|
480
|
-
assert(!p7.verify([], store))
|
481
|
-
assert(p7.verify([], store, data))
|
482
|
-
|
483
|
-
p7 = OpenSSL::PKCS7.new(jruby_sign)
|
484
|
-
assert(!p7.verify([], store))
|
485
|
-
assert(p7.verify([], store, data))
|
486
|
-
end
|
487
|
-
end
|
488
|
-
|
489
|
-
end
|