diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2021-03-24 13:23:09 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-03-31 18:05:07 +0900 |
| commit | e2bf3659e184088d00d099a49e3263724f43ece2 (patch) | |
| tree | a6ccdd73438d26b680734f37611702bbbab3e4fb /test | |
| parent | 66d2fc7989d741bf5a73286233139901cecb4fc2 (diff) | |
[ruby/openssl] pkcs7: keep private key when duplicating PKCS7_SIGNER_INFO
ASN1_dup() will not copy the 'pkey' field of a PKCS7_SIGNER_INFO object
by design; it is a temporary field kept until the PKCS7 structure is
finalized. Let's bump reference counter of the pkey in the original
object and use it in the new object, too.
This commit also removes PKCS7#add_signer's routine to add the
content-type attribute as a signed attribute automatically. This
behavior was not documented or tested. This change should not break any
working user code since the method was completely useless without the
change above.
https://github.com/ruby/openssl/commit/20ca7a27a8
Diffstat (limited to 'test')
| -rw-r--r-- | test/openssl/test_pkcs7.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb index d0d9dcaf81..ba8b93d034 100644 --- a/test/openssl/test_pkcs7.rb +++ b/test/openssl/test_pkcs7.rb @@ -89,6 +89,24 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s) end + def test_signed_add_signer + data = "aaaaa\nbbbbb\nccccc\n" + psi = OpenSSL::PKCS7::SignerInfo.new(@ee1_cert, @rsa1024, "sha256") + p7 = OpenSSL::PKCS7.new + p7.type = :signed + p7.add_signer(psi) + p7.add_certificate(@ee1_cert) + p7.add_certificate(@ca_cert) + p7.add_data(data) + + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) + + assert_equal(true, p7.verify([], store)) + assert_equal(true, OpenSSL::PKCS7.new(p7.to_der).verify([], store)) + assert_equal(1, p7.signers.size) + end + def test_detached_sign store = OpenSSL::X509::Store.new store.add_cert(@ca_cert) |