PageRenderTime 30ms CodeModel.GetById 0ms RepoModel.GetById 0ms app.codeStats 1ms

/projects/jruby-1.7.3/test/externals/ruby1.8/openssl/test_pkcs7.rb

https://gitlab.com/essere.lab.public/qualitas.class-corpus
Ruby | 489 lines | 426 code | 30 blank | 33 comment | 2 complexity | 900df4fa1f958844d4d10fed19be8710 MD5 | raw file
    

  1. begin
    2. 

  2.   require "openssl"
    3. 

  3.   require File.join(File.dirname(__FILE__), "utils.rb")
    4. 

  4. rescue LoadError
    5. 

  5. end
    6. 

  6. require "test/unit"
    7. 

  7. 

  8. if defined?(OpenSSL)
    9. 

  9. 

  10. class OpenSSL::TestPKCS7 < Test::Unit::TestCase
    11. 

  11.   def setup
    12. 

  12.     @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
    13. 

  13.     @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
    14. 

  14.     ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
    15. 

  15.     ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
    16. 

  16.     ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
    17. 

  17. 

  18.     now = Time.now
    19. 

  19.     ca_exts = [
    20. 

  20.       ["basicConstraints","CA:TRUE",true],
    21. 

  21.       ["keyUsage","keyCertSign, cRLSign",true],
    22. 

  22.       ["subjectKeyIdentifier","hash",false],
    23. 

  23.       ["authorityKeyIdentifier","keyid:always",false],
    24. 

  24.     ]
    25. 

  25.     @ca_cert = issue_cert(ca, @rsa2048, 1, Time.now, Time.now+3600, ca_exts,
    26. 

  26.                            nil, nil, OpenSSL::Digest::SHA1.new)
    27. 

  27.     ee_exts = [
    28. 

  28.       ["keyUsage","Non Repudiation, Digital Signature, Key Encipherment",true],
    29. 

  29.       ["authorityKeyIdentifier","keyid:always",false],
    30. 

  30.       ["extendedKeyUsage","clientAuth, emailProtection, codeSigning",false],
    31. 

  31.       ["nsCertType","client,email",false],
    32. 

  32.     ]
    33. 

  33.     @ee1_cert = issue_cert(ee1, @rsa1024, 2, Time.now, Time.now+1800, ee_exts,
    34. 

  34.                            @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
    35. 

  35.     @ee2_cert = issue_cert(ee2, @rsa1024, 3, Time.now, Time.now+1800, ee_exts,
    36. 

  36.                            @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
    37. 

  37.   end
    38. 

  38. 

  39.   def issue_cert(*args)
    40. 

  40.     OpenSSL::TestUtils.issue_cert(*args)
    41. 

  41.   end
    42. 

  42. 

  43.   def test_signed
    44. 

  44.     store = OpenSSL::X509::Store.new
    45. 

  45.     store.add_cert(@ca_cert)
    46. 

  46.     ca_certs = [@ca_cert]
    47. 

  47. 

  48.     data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
    49. 

  49.     tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
    50. 

  50.     p7 = OpenSSL::PKCS7.new(tmp.to_der)
    51. 

  51.     certs = p7.certificates
    52. 

  52.     signers = p7.signers
    53. 

  53.     assert(p7.verify([], store))
    54. 

  54.     assert_equal(data, p7.data)
    55. 

  55.     assert_equal(2, certs.size)
    56. 

  56.     assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
    57. 

  57.     assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
    58. 

  58.     assert_equal(1, signers.size)
    59. 

  59.     assert_equal(@ee1_cert.serial, signers[0].serial)
    60. 

  60.     assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
    61. 

  61. 

  62.     # Normaly OpenSSL tries to translate the supplied content into canonical
    63. 

  63.     # MIME format (e.g. a newline character is converted into CR+LF).
    64. 

  64.     # If the content is a binary, PKCS7::BINARY flag should be used.
    65. 

  65. 

  66.     data = "aaaaa\nbbbbb\nccccc\n"
    67. 

  67.     flag = OpenSSL::PKCS7::BINARY
    68. 

  68.     tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
    69. 

  69.     p7 = OpenSSL::PKCS7.new(tmp.to_der)
    70. 

  70.     certs = p7.certificates
    71. 

  71.     signers = p7.signers
    72. 

  72.     assert(p7.verify([], store))
    73. 

  73.     assert_equal(data, p7.data)
    74. 

  74.     assert_equal(2, certs.size)
    75. 

  75.     assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
    76. 

  76.     assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
    77. 

  77.     assert_equal(1, signers.size)
    78. 

  78.     assert_equal(@ee1_cert.serial, signers[0].serial)
    79. 

  79.     assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
    80. 

  80. 

  81.     # A signed-data which have multiple signatures can be created
    82. 

  82.     # through the following steps.
    83. 

  83.     #   1. create two signed-data
    84. 

  84.     #   2. copy signerInfo and certificate from one to another
    85. 

  85. 

  86.     tmp1 = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, [], flag)
    87. 

  87.     tmp2 = OpenSSL::PKCS7.sign(@ee2_cert, @rsa1024, data, [], flag)
    88. 

  88.     tmp1.add_signer(tmp2.signers[0])
    89. 

  89.     tmp1.add_certificate(@ee2_cert)
    90. 

  90. 

  91.     p7 = OpenSSL::PKCS7.new(tmp1.to_der)
    92. 

  92.     certs = p7.certificates
    93. 

  93.     signers = p7.signers
    94. 

  94.     assert(p7.verify([], store))
    95. 

  95.     assert_equal(data, p7.data)
    96. 

  96.     assert_equal(2, certs.size)
    97. 

  97.     assert_equal(2, signers.size)
    98. 

  98.     assert_equal(@ee1_cert.serial, signers[0].serial)
    99. 

  99.     assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
    100. 

  100.     assert_equal(@ee2_cert.serial, signers[1].serial)
    101. 

  101.     assert_equal(@ee2_cert.issuer.to_s, signers[1].issuer.to_s)
    102. 

  102.   end
    103. 

  103. 

  104.   def test_detached_sign
    105. 

  105.     store = OpenSSL::X509::Store.new
    106. 

  106.     store.add_cert(@ca_cert)
    107. 

  107.     ca_certs = [@ca_cert]
    108. 

  108. 

  109.     data = "aaaaa\nbbbbb\nccccc\n"
    110. 

  110.     flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
    111. 

  111.     tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
    112. 

  112.     p7 = OpenSSL::PKCS7.new(tmp.to_der)
    113. 

  113.     a1 = OpenSSL::ASN1.decode(p7)
    114. 

  114. 

  115.     certs = p7.certificates
    116. 

  116.     signers = p7.signers
    117. 

  117.     assert(!p7.verify([], store))
    118. 

  118.     assert(p7.verify([], store, data))
    119. 

  119.     assert_equal(data, p7.data)
    120. 

  120.     assert_equal(2, certs.size)
    121. 

  121.     assert_equal(@ee1_cert.subject.to_s, certs[0].subject.to_s)
    122. 

  122.     assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
    123. 

  123.     assert_equal(1, signers.size)
    124. 

  124.     assert_equal(@ee1_cert.serial, signers[0].serial)
    125. 

  125.     assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
    126. 

  126.   end
    127. 

  127. 

  128.   def test_enveloped
    129. 

  129.     if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
    130. 

  130.       # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
    131. 

  131.       # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
    132. 

  132.       return
    133. 

  133.     end
    134. 

  134. 

  135.     certs = [@ee1_cert, @ee2_cert]
    136. 

  136.     cipher = OpenSSL::Cipher::AES.new("128-CBC")
    137. 

  137.     data = "aaaaa\nbbbbb\nccccc\n"
    138. 

  138. 

  139.     tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
    140. 

  140.     p7 = OpenSSL::PKCS7.new(tmp.to_der)
    141. 

  141.     recip = p7.recipients
    142. 

  142.     assert_equal(:enveloped, p7.type)
    143. 

  143.     assert_equal(2, recip.size)
    144. 

  144. 

  145.     assert_equal(@ca_cert.subject.to_s, recip[0].issuer.to_s)
    146. 

  146.     assert_equal(2, recip[0].serial)
    147. 

  147.     assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
    148. 

  148. 

  149.     assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
    150. 

  150.     assert_equal(3, recip[1].serial)
    151. 

  151.     assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
    152. 

  152.   end
    153. 

  153. 

  154.   def test_envelope_des3
    155. 

  155.     certs = [@ee1_cert]
    156. 

  156.     cipher = OpenSSL::Cipher.new("des-ede3-cbc")
    157. 

  157.     data = "aaaaa\nbbbbb\nccccc\n"
    158. 

  158.     tmp = OpenSSL::PKCS7.encrypt(certs, data, cipher, OpenSSL::PKCS7::BINARY)
    159. 

  159.     p7 = OpenSSL::PKCS7.new(tmp.to_der)
    160. 

  160.     assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
    161. 

  161.   end
    162. 

  162. 

  163.   def test_envelope_nil # RC2-40-CBC by default
    164. 

  164.     certs = [@ee1_cert]
    165. 

  165.     data = "aaaaa\nbbbbb\nccccc\n"
    166. 

  166.     tmp = OpenSSL::PKCS7.encrypt(certs, data, nil, OpenSSL::PKCS7::BINARY)
    167. 

  167.     p7 = OpenSSL::PKCS7.new(tmp.to_der)
    168. 

  168.     assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
    169. 

  169.   end
    170. 

  170. 

  171.   def test_envelope_des3_compat
    172. 

  172.     data = "aaaaa\nbbbbb\nccccc\n"
    173. 

  173.     cruby_envelope = <<EOP
    174. 

  174. -----BEGIN PKCS7-----
    175. 

  175. MIIBMgYJKoZIhvcNAQcDoIIBIzCCAR8CAQAxgdwwgdkCAQAwQjA9MRMwEQYKCZIm
    176. 

  176. iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
    177. 

  177. DAJDQQIBAjANBgkqhkiG9w0BAQEFAASBgECDOPwRb0Vimo3bXAypvnhB/JvHZ0hV
    178. 

  178. 5CWFdAmovioiu1fnMEqawJWudznUZ1rsCKKX4qzqfvSXk+8w7IZ5rqEFoGmLRQQ+
    179. 

  179. GR8yPJnDwNyQJwRjvcX2WzJnFDFIfROb+ySu8UCmxkTd/5jB3jsREXVqSIxezTif
    180. 

  180. IT8Q8X7CCx8+MDsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIaH1JJe6+hX+AGD8E
    181. 

  181. j3/kwFY3IOUxly+lPJNEQLpWBoSHZA==
    182. 

  182. -----END PKCS7-----
    183. 

  183. EOP
    184. 

  184.     p7 = OpenSSL::PKCS7.new(cruby_envelope)
    185. 

  185.     assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
    186. 

  186.     #
    187. 

  187.     jruby_envelope = <<EOP
    188. 

  188. -----BEGIN PKCS7-----
    189. 

  189. MIIBMAYJKoZIhvcNAQcDoIIBITCCAR0CAQAxgdowgdcCAQAwQjA9MRMwEQYKCZIm
    190. 

  190. iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
    191. 

  191. DAJDQQIBAjALBgkqhkiG9w0BAQEEgYBqCQY/oP0Gv1XbAJ5HjZ9HNZN9gBFlmMDx
    192. 

  192. fb9YWDQZH24KrTUEssr6jyJuyMsONTdaYWIfG/RWHxw970AkXUXcXDeO8Ze+vSVh
    193. 

  193. 8tohLGLTsBKdvizuC/5jFHLAoNaa5qJZEFanmqMXlO5HiImUZB2BHwJddRuRTg0y
    194. 

  194. UuAnFtLd+DA7BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECP1rHLNHCtyWgBgFQDex
    195. 

  195. XDgcukPOkDwRcUQJAKu3x5HtQpw=
    196. 

  196. -----END PKCS7-----
    197. 

  197. EOP
    198. 

  198.     p7 = OpenSSL::PKCS7.new(jruby_envelope)
    199. 

  199.     assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
    200. 

  200.   end
    201. 

  201. 

  202.   def test_envelope_aes_compat
    203. 

  203.     data = "aaaaa\nbbbbb\nccccc\n"
    204. 

  204.     cruby_envelope = <<EOP
    205. 

  205. -----BEGIN PKCS7-----
    206. 

  206. MIICIAYJKoZIhvcNAQcDoIICETCCAg0CAQAxggG4MIHZAgEAMEIwPTETMBEGCgmS
    207. 

  207. JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
    208. 

  208. AwwCQ0ECAQIwDQYJKoZIhvcNAQEBBQAEgYCHIMVl+WKzjnTuslePlItMq4A+klIZ
    209. 

  209. rU+5U0UvaOPPpr2UgjD3J1OL09W19De7pKNSSZUd0QWQBB3IG4IzefWzYxt2ejZY
    210. 

  210. rJDO/wdHa6Mdq1ZsdbLP1sIRxTyWskc3O8VJvo5boFG/bZxLHA6CPnhifnfqEkkq
    211. 

  211. wVbjAbBGI61HxTCB2QIBADBCMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJ
    212. 

  212. kiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBAgEDMA0GCSqGSIb3DQEB
    213. 

  213. AQUABIGASvO7jsPCAB/TcRgmIKEHRDqPThQrSAJRE+uDVeiPlIHsCaUDspGX8niH
    214. 

  214. 4+UPsLhdd6H68Ecay93Hi78SYR/w0NbrwwMBGRlU3/AFhq/OseosuBb303mAqnoz
    215. 

  215. kU6qlNwJuy/4NIReldsaVJJuZ4nkEBfZAw+99Mxh7IQYx069fwIwTAYJKoZIhvcN
    216. 

  216. AQcBMB0GCWCGSAFlAwQBAgQQf1IrOpN2OmqMHz1t7biX/oAgubIiBzarCuTKPMby
    217. 

  217. eg4/+hy0xJsT0IkF1O0G1XTOWcE=
    218. 

  218. -----END PKCS7-----
    219. 

  219. EOP
    220. 

  220.     p7 = OpenSSL::PKCS7.new(cruby_envelope)
    221. 

  221.     assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
    222. 

  222.     #
    223. 

  223.     jruby_envelope = <<EOP
    224. 

  224. -----BEGIN PKCS7-----
    225. 

  225. MIICHAYJKoZIhvcNAQcDoIICDTCCAgkCAQAxggG0MIHXAgEAMEIwPTETMBEGCgmS
    226. 

  226. JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
    227. 

  227. AwwCQ0ECAQIwCwYJKoZIhvcNAQEBBIGAg0Yz54LwCKM9l128jjh0FlA5Wvzfsjd2
    228. 

  228. S3dYESzxnxqdhKkSDya16lkYyZZ+aVWmC8XOgkGGwGJTudq3gGn2p3wsgx63J4Ar
    229. 

  229. PfslsDslIaddp8op4i+ifDi15qCjWXIyQaYMSN/DsFN8DlB8jMjPAlQO3MFtifb2
    230. 

  230. D7vFjLjSrogwgdcCAQAwQjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZIm
    231. 

  231. iZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQQIBAzALBgkqhkiG9w0BAQEE
    232. 

  232. gYCfAEL80vCsFo9kalePlb73lL2iDPbbDfjpWs0nnlXX8BhS/H781kvUkDpwl/qT
    233. 

  233. 9KcFCaPGJ2IYgEjys6VPK9ho/hIIIz+BX8MIuWbweQTn1Y0TTlTL91Zr66xyZP1p
    234. 

  234. zyStG6Zc1u26hiX31hk1P6ihhhXu+I5bserKNYUnYsxJSjBMBgkqhkiG9w0BBwEw
    235. 

  235. HQYJYIZIAWUDBAECBBD42Hndr47SEdUoc6SWOKsbgCCylxb34kE14eBc9nN9MnC+
    236. 

  236. SaVrDPgso584FIimP6o+Fw==
    237. 

  237. -----END PKCS7-----
    238. 

  238. EOP
    239. 

  239.     p7 = OpenSSL::PKCS7.new(jruby_envelope)
    240. 

  240.     assert_equal(data, p7.decrypt(@rsa1024, @ee1_cert))
    241. 

  241.   end
    242. 

  242. 

  243.   def test_signed_compat
    244. 

  244. =begin
    245. 

  245.     # how to generate signature
    246. 

  246.     ca_certs = [@ca_cert]
    247. 

  247.     data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
    248. 

  248.     tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs)
    249. 

  249.     puts tmp
    250. 

  250. =end
    251. 

  251.     cruby_sign = <<EOP
    252. 

  252. -----BEGIN PKCS7-----
    253. 

  253. MIIILgYJKoZIhvcNAQcCoIIIHzCCCBsCAQExCzAJBgUrDgMCGgUAMCQGCSqGSIb3
    254. 

  254. DQEHAaAXBBVhYWFhYQ0KYmJiYmINCmNjY2NjDQqgggZBMIIC4TCCAcmgAwIBAgIB
    255. 

  255. AjANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZIm
    256. 

  256. iZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAeFw0wOTEyMTYxNTQ1MzRa
    257. 

  257. Fw0wOTEyMTYxNjE1MzRaMD4xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJ
    258. 

  258. k/IsZAEZFglydWJ5LWxhbmcxDDAKBgNVBAMMA0VFMTCBnzANBgkqhkiG9w0BAQEF
    259. 

  259. AAOBjQAwgYkCgYEAy8LEsNRApz7U/j5DoB4XBgO9Z8Atv5y/OVQRp0ag8Tqo1Yew
    260. 

  260. sWijxEWB7JOATwpBN267U4T1nPZIxxEEO7n/WNa2ws9JWsjah8ssEBFSxZqdXKSL
    261. 

  261. f0N4Hi7/GQ/aYoaMCiQ8jA4jegK2FJmXM71uPe+jFN/peeBOpRfyXxRFOYcCAwEA
    262. 

  262. AaNvMG0wDgYDVR0PAQH/BAQDAgXgMB8GA1UdIwQYMBaAFJc5ncP7zbqPVAyQe0Y/
    263. 

  263. 6tZDdbHLMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwMw
    264. 

  264. EQYJYIZIAYb4QgEBBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4IBAQB9jL0H9qAeWZmA
    265. 

  265. lmEr7WbVibFwod6ZgNmbFhoP6a9PANDdYwp1EQ7J2o3Dzw1hNjsxDVE5uf3qgA0F
    266. 

  266. df/YoFkfi4xoL1pKdZv9ZMOlctC1po7MbFakjeHdxMtdIM70DMxbS4o4HzXrKtC3
    267. 

  267. of1SmKh+g+r4R1YHCrbBCspEX+s2Y4mKD0IP0XkVvv1d4YICAnKYGCYEC9OS4fr7
    268. 

  268. JPB2cL1yXnjPL0OOvSeAOC2uIkDq1SVZk6Xq4sSaHAKwBNGg0HrqOhrdgcB0Ftpi
    269. 

  269. 7Paty9PUmSIjoqre/WzfGNF1MrtTC0wf0PDw/aUzWgInlIXJhcbJOMyhWM/SO5ok
    270. 

  270. 50rcYfObMIIDWDCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZIm
    271. 

  271. iZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQD
    272. 

  272. DAJDQTAeFw0wOTEyMTYxNTQ1MzRaFw0wOTEyMTYxNjQ1MzRaMD0xEzARBgoJkiaJ
    273. 

  273. k/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMM
    274. 

  274. AkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38j
    275. 

  275. OXvvTKY9gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+
    276. 

  276. Slp1enenfzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5
    277. 

  277. mrJVSrWmqbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+
    278. 

  278. X8xdW5v68JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE02
    279. 

  279. 7E5lyAVX9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoM
    280. 

  280. cH+94wIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
    281. 

  281. BgNVHQ4EFgQUlzmdw/vNuo9UDJB7Rj/q1kN1scswHwYDVR0jBBgwFoAUlzmdw/vN
    282. 

  282. uo9UDJB7Rj/q1kN1scswDQYJKoZIhvcNAQEFBQADggEBAFa1X5xX5+NlXOI3z2vh
    283. 

  283. Vp9tPvIAtftqkhdMbfS1dAAIIZKVLPfvQ+ZLqx/AzQXmDajg3Pg9YoBB3RRDx1xh
    284. 

  284. A9ECO4Lpbv5fYAkIul6XQ2D3U1IjnkhdfYHcU5iRl58nhjlDNd+3vOp1/h9D9Pp6
    285. 

  285. lRILuFCoRcOogcXzChuDA06CDbMao1dDcwdNe1SdV54hzZs1DVqoKIjj4182HUST
    286. 

  286. getU2RDFXh76VtF35iYDzdA+iCAWOqXSMAq7GnZJvL//0Ndffc7Oc6QXCicwiUSw
    287. 

  287. Wrj72gEakBOeC8XxlYaP7TSXFkasdg1Eccz7+U6LgWaYrgwgTdGXarT3ewjs/mvb
    288. 

  288. sgsxggGcMIIBmAIBATBCMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJ
    289. 

  289. k/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBAgECMAkGBSsOAwIaBQCggbEw
    290. 

  290. GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkxMjE2
    291. 

  291. MTU0NTM0WjAjBgkqhkiG9w0BCQQxFgQUTqRiQxhezJlftad5eZ6u7hNacV0wUgYJ
    292. 

  292. KoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI
    293. 

  293. hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAE
    294. 

  294. gYCMPxJNaR29Yeo/3JWtUTTRq+IlUWHP4bHoZJHQzyFkFPS3fk+9q9KjlTcFY1rT
    295. 

  295. YbBOUD+QxwU/jlks6Y5PZByIpnWvVy0RujcCzGcMyEY6xKBBkps9X5VuezMB0nbW
    296. 

  296. xM2k+0e3B7V0KU8fMcO8Ajq9jGn8/hVixbUkyvhq3Xx2Nw==
    297. 

  297. -----END PKCS7-----
    298. 

  298. EOP
    299. 

  299.     jruby_sign = <<EOP
    300. 

  300. -----BEGIN PKCS7-----
    301. 

  301. MIIIKAYJKoZIhvcNAQcCoIIIGTCCCBUCAQExCTAHBgUrDgMCGjAkBgkqhkiG9w0B
    302. 

  302. BwGgFwQVYWFhYWENCmJiYmJiDQpjY2NjYw0KoIIGQTCCAuEwggHJoAMCAQICAQIw
    303. 

  303. DQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT
    304. 

  304. 8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwHhcNMDkxMjE2MTU0NjE5WhcN
    305. 

  305. MDkxMjE2MTYxNjE5WjA+MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
    306. 

  306. LGQBGRYJcnVieS1sYW5nMQwwCgYDVQQDDANFRTEwgZ8wDQYJKoZIhvcNAQEBBQAD
    307. 

  307. gY0AMIGJAoGBAMvCxLDUQKc+1P4+Q6AeFwYDvWfALb+cvzlUEadGoPE6qNWHsLFo
    308. 

  308. o8RFgeyTgE8KQTduu1OE9Zz2SMcRBDu5/1jWtsLPSVrI2ofLLBARUsWanVyki39D
    309. 

  309. eB4u/xkP2mKGjAokPIwOI3oCthSZlzO9bj3voxTf6XngTqUX8l8URTmHAgMBAAGj
    310. 

  310. bzBtMA4GA1UdDwEB/wQEAwIF4DAfBgNVHSMEGDAWBBSXOZ3D+826j1QMkHtGP+rW
    311. 

  311. Q3WxyzAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMDMBEG
    312. 

  312. CWCGSAGG+EIBAQQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAZPqFEX/azn4squHn
    313. 

  313. mh+o3tulK/XqdnPA+mx+yvhg53QqWewpSeNQnhH/Y/wnGva6bEFqDd7WTlhkSp0P
    314. 

  314. 2qtCP3C5MI2aLPZBUjFJq6cxEC+CUAD7ggIoV8/Z3XCGOa1z/m+QKpBq5t13Hewb
    315. 

  315. Kd8Ab5lojN15XYyLFQ8wJsrkvjA+z943Ux+4aAv2DoOv0Y+GuvgOuqNCs+frZYHR
    316. 

  316. OdOsnhg48A+UsjlLh5wsHzsZEMmtEfP59TdCZ/HbW2WIbdoij+GsK3uoITjhLNyO
    317. 

  317. RK/XeuBwnaksrBiIeCfVQxNHriTPL/4xolOAWVtlhJOj+i8iMPJnbi9M3lVO5fLd
    318. 

  318. 9ShiZDCCA1gwggJAoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT
    319. 

  319. 8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwC
    320. 

  320. Q0EwHhcNMDkxMjE2MTU0NjE4WhcNMDkxMjE2MTY0NjE4WjA9MRMwEQYKCZImiZPy
    321. 

  321. LGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJD
    322. 

  322. QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlfYbfSe5ODQbN/Izl7
    323. 

  323. 70ymPYFvJyyAkp6ORBE0dXLhe4uKTbPSNUCRgBQF9ARDuCm815rjr3wqQ9wlPkpa
    324. 

  324. dXp3p386v7f3v9SEVtMJCVCVBUIoJ+Ara5CS/j9O8sdfFI8j5QV2/NQKRJgAeZqy
    325. 

  325. VUq1pqm47NOyW7kuEEBhly3Pkrveg5GCpkjVYwYi8VVUqcmXwGN4Q9+3etLhvl/M
    326. 

  326. XVub+vCZERSIXRpW+iS/H5ZX/wP25TcHSToVa/ZhEh4cBo8H0nkwz33fGSxNNuxO
    327. 

  327. ZcgFV/SmWHFNNJjl/n3cTkpxqkv/CQ0YdBDxwy9eUXCY1dier2Yz29KzmBg6DHB/
    328. 

  328. veMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
    329. 

  329. VR0OBBYEFJc5ncP7zbqPVAyQe0Y/6tZDdbHLMB8GA1UdIwQYMBYEFJc5ncP7zbqP
    330. 

  330. VAyQe0Y/6tZDdbHLMA0GCSqGSIb3DQEBBQUAA4IBAQBK/6fISsbbIY1uCX4WMENG
    331. 

  331. V1dCmDAFaZwgewhg09n3rgs4lWKVOWG6X57oML9YSVuz05kkFaSIox+vi36awVf6
    332. 

  332. 7YY0V+JdNEQRle/0ptLxmEY8gGD1HvM8JAsQdotMl6hFfzMQ8Uu0IHePYFMyU9aU
    333. 

  333. 9Z4k1kCEPc222Uyt7whCWHloWMgjKNeCRjMLUvw9HUxGeq/2Y+t8d65SrqsxpHJd
    334. 

  334. dszJvG+fl0UPoAdB0c4jCGWIzfoGP74CXVAGcuuFZlImmV5cY0+sDo7dtwRDp0DF
    335. 

  335. 307/n8+qlsMqpIummFV2mhZTGrtgW+bTZSYQsSJTJZ6nK3c0rQCH4wyUP3rBNhRf
    336. 

  336. MYIBmDCCAZQCAQEwQjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
    337. 

  337. LGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQQIBAjAHBgUrDgMCGqCBsTAYBgkq
    338. 

  338. hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ2
    339. 

  339. MTlaMCMGCSqGSIb3DQEJBDEWBBROpGJDGF7MmV+1p3l5nq7uE1pxXTBSBgkqhkiG
    340. 

  340. 9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
    341. 

  341. AgIBQDANBggqhkiG9w0DAgIBKDAHBgUrDgMCBzALBgkqhkiG9w0BAQEEgYBygH60
    342. 

  342. /1zLRnXaPKh8fTaQtQCTobefRqGLxbWJaTmO83UeDEmS8HXyr6t5KkZ4qZL6BA50
    343. 

  343. bQSlVx3I9SiqevP0vEiXGzmb4m1blFzdH5HHZk4ZUWqWYyTqOdXTSfwFp53VAUhi
    344. 

  344. 9d8f3IBfFoxCvORtzYZKCzW/ZRvEqBO3xJlVuQ==
    345. 

  345. -----END PKCS7-----
    346. 

  346. EOP
    347. 

  347.     store = OpenSSL::X509::Store.new
    348. 

  348.     store.add_cert(@ca_cert)
    349. 

  349.     # just checks pubkey's n to avoid certificate expiration.
    350. 

  350.     # this test is for PKCS#7, not for certificate verification.
    351. 

  351.     store.verify_callback = proc { |ok, ctx|
    352. 

  352.       # !! CAUTION: NEVER DO THIS KIND OF NEGLIGENCE !!
    353. 

  353.       [@ca_cert.public_key.n, @ee1_cert.public_key.n].include?(ctx.current_cert.public_key.n)
    354. 

  354.       # should return 'ok' here
    355. 

  355.     }
    356. 

  356. 

  357.     p7 = OpenSSL::PKCS7.new(cruby_sign)
    358. 

  358.     assert(p7.verify([], store))
    359. 

  359. 

  360.     p7 = OpenSSL::PKCS7.new(jruby_sign)
    361. 

  361.     assert(p7.verify([], store))
    362. 

  362.   end
    363. 

  363. 

  364.   def test_detached_sign_compat
    365. 

  365. =begin
    366. 

  366.     # how to generate signature
    367. 

  367.     ca_certs = [@ca_cert]
    368. 

  368.     flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
    369. 

  369.     tmp = OpenSSL::PKCS7.sign(@ee1_cert, @rsa1024, data, ca_certs, flag)
    370. 

  370.     puts tmp
    371. 

  371. =end
    372. 

  372.     cruby_sign = <<EOP
    373. 

  373. -----BEGIN PKCS7-----
    374. 

  374. MIIIFQYJKoZIhvcNAQcCoIIIBjCCCAICAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
    375. 

  375. DQEHAaCCBkEwggLhMIIByaADAgECAgECMA0GCSqGSIb3DQEBBQUAMD0xEzARBgoJ
    376. 

  376. kiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNV
    377. 

  377. BAMMAkNBMB4XDTA5MTIxNjE1NDkyN1oXDTA5MTIxNjE2MTkyN1owPjETMBEGCgmS
    378. 

  378. JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzEMMAoGA1UE
    379. 

  379. AwwDRUUxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLwsSw1ECnPtT+PkOg
    380. 

  380. HhcGA71nwC2/nL85VBGnRqDxOqjVh7CxaKPERYHsk4BPCkE3brtThPWc9kjHEQQ7
    381. 

  381. uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/Q3geLv8ZD9pihowKJDyMDiN6ArYUmZcz
    382. 

  382. vW4976MU3+l54E6lF/JfFEU5hwIDAQABo28wbTAOBgNVHQ8BAf8EBAMCBeAwHwYD
    383. 

  383. VR0jBBgwFoAUlzmdw/vNuo9UDJB7Rj/q1kN1scswJwYDVR0lBCAwHgYIKwYBBQUH
    384. 

  384. AwIGCCsGAQUFBwMEBggrBgEFBQcDAzARBglghkgBhvhCAQEEBAMCBaAwDQYJKoZI
    385. 

  385. hvcNAQEFBQADggEBAJ4qQEkUVLW7s3JNKWVOxDwPmDGQsN9uG5ULT3ub76gaC8XH
    386. 

  386. Ljh59zzN2o3bJ5yH4oW+zejcDtGP2R2RBDCu5X7uuLhEbjv4xarSSgLeQHAXhEXa
    387. 

  387. pXY3nXa6DM6HVWKL176FQfN+B7ouejR17ESeMMVAgYjTrr7jjVpaZxXGKXnLeqVv
    388. 

  388. qd4TojjibzoeRw7BxIjmoa+74KO+N6Z+d0R5bNBh+40HyTpCww0O7RjGsOV2ANxW
    389. 

  389. sPREa3KmGmKdlyXsZP1VJyBDymSJSee1zCYmmc+S532+537ygGZEGk8FysRtJXPc
    390. 

  390. 71XhPEXMjimn3wVSt1jPhzk4HmXoYwcCI2pKVfMwggNYMIICQKADAgECAgEBMA0G
    391. 

  391. CSqGSIb3DQEBBQUAMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/Is
    392. 

  392. ZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMB4XDTA5MTIxNjE1NDkyNloXDTA5
    393. 

  393. MTIxNjE2NDkyNlowPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixk
    394. 

  394. ARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
    395. 

  395. DwAwggEKAoIBAQC5X2G30nuTg0GzfyM5e+9Mpj2BbycsgJKejkQRNHVy4XuLik2z
    396. 

  396. 0jVAkYAUBfQEQ7gpvNea4698KkPcJT5KWnV6d6d/Or+397/UhFbTCQlQlQVCKCfg
    397. 

  397. K2uQkv4/TvLHXxSPI+UFdvzUCkSYAHmaslVKtaapuOzTslu5LhBAYZctz5K73oOR
    398. 

  398. gqZI1WMGIvFVVKnJl8BjeEPft3rS4b5fzF1bm/rwmREUiF0aVvokvx+WV/8D9uU3
    399. 

  399. B0k6FWv2YRIeHAaPB9J5MM993xksTTbsTmXIBVf0plhxTTSY5f593E5KcapL/wkN
    400. 

  400. GHQQ8cMvXlFwmNXYnq9mM9vSs5gYOgxwf73jAgMBAAGjYzBhMA8GA1UdEwEB/wQF
    401. 

  401. MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSXOZ3D+826j1QMkHtGP+rW
    402. 

  402. Q3WxyzAfBgNVHSMEGDAWgBSXOZ3D+826j1QMkHtGP+rWQ3WxyzANBgkqhkiG9w0B
    403. 

  403. AQUFAAOCAQEAicOGMs494jNo6buyvWgYwCMEHTgf8snOR6F5Xs7R4CsIfF+Y1Q8S
    404. 

  404. urL2ZrabYP0bWNZO0eYyUwNi9QCYn8n5UsYPu5HoC04maVlimAnf8kUoWK4/Es4F
    405. 

  405. 0geMJGG7TOn17aQYj4v8CMBuYBAuO/poQgbpjxZnNLBqSkWz3uSl+LF6Zwlu/jIa
    406. 

  406. jcRNTix/soQwTO02EtG3ZhNFmSLwL4cMljjXHuVgTl++mO7w/3qzGgtldkot9W87
    407. 

  407. pnx0u9UgZkgsRVhIkvSsTNaTe0ylA3Lqa5COd89PrCjm66IdAjyND3puWP4etFP6
    408. 

  408. ycc7rtc0302ndadSEJRgul9pFJ4xtuAN5jGCAZwwggGYAgEBMEIwPTETMBEGCgmS
    409. 

  409. JomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkGA1UE
    410. 

  410. AwwCQ0ECAQIwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
    411. 

  411. MBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ5MjdaMCMGCSqGSIb3DQEJBDEWBBT2
    412. 

  412. oG8gOR1i/LHuubBgBOVTjSF6lzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH
    413. 

  413. MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
    414. 

  414. 9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgCPxDWHnvO3pMg0XUDGtisZgbjFG+sJy
    415. 

  415. brFi2QG0IR+iQ6kOrBWkBW15SDgj0te1ze6ddLx3VT0aaOHMzGS103oWQT6l+xqV
    416. 

  416. C+A/FA5O+hefjqusgl289gFvApuGVSaMisHBcMAN059E1rsSTnG3LoHqkKjOgKkJ
    417. 

  417. zyAlR+YeT270
    418. 

  418. -----END PKCS7-----
    419. 

  419. EOP
    420. 

  420.     jruby_sign = <<EOP
    421. 

  421. -----BEGIN PKCS7-----
    422. 

  422. MIIIEwYJKoZIhvcNAQcCoIIIBDCCCAACAQExCTAHBgUrDgMCGjAPBgkqhkiG9w0B
    423. 

  423. BwGgAgQAoIIGQTCCAuEwggHJoAMCAQICAQIwDQYJKoZIhvcNAQEFBQAwPTETMBEG
    424. 

  424. CgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1YnktbGFuZzELMAkG
    425. 

  425. A1UEAwwCQ0EwHhcNMDkxMjE2MTU0OTU3WhcNMDkxMjE2MTYxOTU3WjA+MRMwEQYK
    426. 

  426. CZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQwwCgYD
    427. 

  427. VQQDDANFRTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvCxLDUQKc+1P4+
    428. 

  428. Q6AeFwYDvWfALb+cvzlUEadGoPE6qNWHsLFoo8RFgeyTgE8KQTduu1OE9Zz2SMcR
    429. 

  429. BDu5/1jWtsLPSVrI2ofLLBARUsWanVyki39DeB4u/xkP2mKGjAokPIwOI3oCthSZ
    430. 

  430. lzO9bj3voxTf6XngTqUX8l8URTmHAgMBAAGjbzBtMA4GA1UdDwEB/wQEAwIF4DAf
    431. 

  431. BgNVHSMEGDAWBBSXOZ3D+826j1QMkHtGP+rWQ3WxyzAnBgNVHSUEIDAeBggrBgEF
    432. 

  432. BQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIFoDANBgkq
    433. 

  433. hkiG9w0BAQUFAAOCAQEAAVeRavmpW+ez0dpDs1ksEZSKIr+JQHPIfgyF1P0x/uLH
    434. 

  434. tkUssR1puDsYB9bWQncYz2PyFzDdXHUneKLu01hSrY9fS85S3w/sa6scGtMD1SDS
    435. 

  435. Ptm93a67pvNoXY8rrdW67Wughyix78TOpe7F/D8tLxm7dRfZVLCtV/OIgnjTKK36
    436. 

  436. NNBAX4Ef0+43EDUZYQIbEudqcjjYN0Dti0dH4FuUW5PPTAs9nuNfkAWr0hTyBwlC
    437. 

  437. qhlgFY3ParJ9Yug7BVZj99vrI4F9KFzWkoSd5pIl+mR1aNQ3uQgks7aNqnZ8PeJo
    438. 

  438. gP9zcZqZniuj7sa92t1bPxn5JmLy+vnxeWiQPw8fhDCCA1gwggJAoAMCAQICAQEw
    439. 

  439. DQYJKoZIhvcNAQEFBQAwPTETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT
    440. 

  440. 8ixkARkWCXJ1YnktbGFuZzELMAkGA1UEAwwCQ0EwHhcNMDkxMjE2MTU0OTU3WhcN
    441. 

  441. MDkxMjE2MTY0OTU3WjA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPy
    442. 

  442. LGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTCCASIwDQYJKoZIhvcNAQEBBQAD
    443. 

  443. ggEPADCCAQoCggEBALlfYbfSe5ODQbN/Izl770ymPYFvJyyAkp6ORBE0dXLhe4uK
    444. 

  444. TbPSNUCRgBQF9ARDuCm815rjr3wqQ9wlPkpadXp3p386v7f3v9SEVtMJCVCVBUIo
    445. 

  445. J+Ara5CS/j9O8sdfFI8j5QV2/NQKRJgAeZqyVUq1pqm47NOyW7kuEEBhly3Pkrve
    446. 

  446. g5GCpkjVYwYi8VVUqcmXwGN4Q9+3etLhvl/MXVub+vCZERSIXRpW+iS/H5ZX/wP2
    447. 

  447. 5TcHSToVa/ZhEh4cBo8H0nkwz33fGSxNNuxOZcgFV/SmWHFNNJjl/n3cTkpxqkv/
    448. 

  448. CQ0YdBDxwy9eUXCY1dier2Yz29KzmBg6DHB/veMCAwEAAaNjMGEwDwYDVR0TAQH/
    449. 

  449. BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJc5ncP7zbqPVAyQe0Y/
    450. 

  450. 6tZDdbHLMB8GA1UdIwQYMBYEFJc5ncP7zbqPVAyQe0Y/6tZDdbHLMA0GCSqGSIb3
    451. 

  451. DQEBBQUAA4IBAQBxj2quNTT3/vKTM6bFtEDmXUcruEnbM+VQ1oaDGc8Zh1c/0GIh
    452. 

  452. l4AGnoD611tdUazZbz7EtLLwfjhEFFJtwxro4Hdc0YEeBwO/ehx8mdclbMzbfQVF
    453. 

  453. l+wyPpcsWYH8aRAZ/AKY31lS/vPp/vDOJ+SAkYgT3f3g8NCOLCXeivkWze5CDzME
    454. 

  454. Qj9GGl8BzhxQAMwzXVkmBNmdsTBlpWE1fJBUNCyvFLVRn09LphQ2SDOXr16af9v0
    455. 

  455. 4K8WBTi0/qYcrGvgpl5DIqOg0bfjEwz9Ze5XKa1aem0DdEcM91eEbe5VkakIXvTX
    456. 

  456. 0jUoDm9R5iJ7fAt+vmW/Kcif4VK/nDzJnPx+MYIBmDCCAZQCAQEwQjA9MRMwEQYK
    457. 

  457. CZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYD
    458. 

  458. VQQDDAJDQQIBAjAHBgUrDgMCGqCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
    459. 

  459. MBwGCSqGSIb3DQEJBTEPFw0wOTEyMTYxNTQ5NTdaMCMGCSqGSIb3DQEJBDEWBBT2
    460. 

  460. oG8gOR1i/LHuubBgBOVTjSF6lzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH
    461. 

  461. MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDAH
    462. 

  462. BgUrDgMCBzALBgkqhkiG9w0BAQEEgYBPjfO6ZkzbNhlRI9Y58QpOxdqdF/NmWBJE
    463. 

  463. rYoqlDUeMcH5RHb+MLUBEeo666u0xIXYzG9CWrlVjJa42FDNEl5sGRB1Oic6LNIB
    464. 

  464. YBFvB2CAX9R3+d34WMLXKwl6ikeN6VVud+TeB5SpLR/hltWIb1FJMeJ4wM8fNI/t
    465. 

  465. RfHXsdxTuA==
    466. 

  466. -----END PKCS7-----
    467. 

  467. EOP
    468. 

  468.     data = "aaaaa\nbbbbb\nccccc\n"
    469. 

  469.     store = OpenSSL::X509::Store.new
    470. 

  470.     store.add_cert(@ca_cert)
    471. 

  471.     # just checks pubkey's n to avoid certificate expiration.
    472. 

  472.     # this test is for PKCS#7, not for certificate verification.
    473. 

  473.     store.verify_callback = proc { |ok, ctx|
    474. 

  474.       # !! CAUTION: NEVER DO THIS KIND OF NEGLIGENCE !!
    475. 

  475.       [@ca_cert.public_key.n, @ee1_cert.public_key.n].include?(ctx.current_cert.public_key.n)
    476. 

  476.       # should return 'ok' here
    477. 

  477.     }
    478. 

  478. 

  479.     p7 = OpenSSL::PKCS7.new(cruby_sign)
    480. 

  480.     assert(!p7.verify([], store))
    481. 

  481.     assert(p7.verify([], store, data))
    482. 

  482. 

  483.     p7 = OpenSSL::PKCS7.new(jruby_sign)
    484. 

  484.     assert(!p7.verify([], store))
    485. 

  485.     assert(p7.verify([], store, data))
    486. 

  486.   end
    487. 

  487. end
    488. 

  488. 

  489. end
    490. 

  490.