summaryrefslogtreecommitdiff
path: root/test/openssl/test_pkcs7.rb
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2021-03-24 13:23:09 +0900
committerKazuki Yamaguchi <k@rhe.jp>2021-03-31 18:05:07 +0900
commite2bf3659e184088d00d099a49e3263724f43ece2 (patch)
treea6ccdd73438d26b680734f37611702bbbab3e4fb /test/openssl/test_pkcs7.rb
parent66d2fc7989d741bf5a73286233139901cecb4fc2 (diff)
[ruby/openssl] pkcs7: keep private key when duplicating PKCS7_SIGNER_INFO
ASN1_dup() will not copy the 'pkey' field of a PKCS7_SIGNER_INFO object by design; it is a temporary field kept until the PKCS7 structure is finalized. Let's bump reference counter of the pkey in the original object and use it in the new object, too. This commit also removes PKCS7#add_signer's routine to add the content-type attribute as a signed attribute automatically. This behavior was not documented or tested. This change should not break any working user code since the method was completely useless without the change above. https://github.com/ruby/openssl/commit/20ca7a27a8
Diffstat (limited to 'test/openssl/test_pkcs7.rb')
-rw-r--r--test/openssl/test_pkcs7.rb18
1 files changed, 18 insertions, 0 deletions
diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
index d0d9dcaf81..ba8b93d034 100644
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@@ -89,6 +89,24 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
end
+ def test_signed_add_signer
+ data = "aaaaa\nbbbbb\nccccc\n"
+ psi = OpenSSL::PKCS7::SignerInfo.new(@ee1_cert, @rsa1024, "sha256")
+ p7 = OpenSSL::PKCS7.new
+ p7.type = :signed
+ p7.add_signer(psi)
+ p7.add_certificate(@ee1_cert)
+ p7.add_certificate(@ca_cert)
+ p7.add_data(data)
+
+ store = OpenSSL::X509::Store.new
+ store.add_cert(@ca_cert)
+
+ assert_equal(true, p7.verify([], store))
+ assert_equal(true, OpenSSL::PKCS7.new(p7.to_der).verify([], store))
+ assert_equal(1, p7.signers.size)
+ end
+
def test_detached_sign
store = OpenSSL::X509::Store.new
store.add_cert(@ca_cert)