Permalink
Browse files

test/openssl, Add unit tests for ecc pkcs7 signing

  • Loading branch information...
1 parent 67261a3 commit afc1582a0000a021f4ee24d3cd3520f010f7f666 Jacob 640 committed Mar 26, 2013
Showing with 34 additions and 1 deletion.
  1. +23 −0 test/openssl/test_pkcs7.rb
  2. +11 −1 test/openssl/utils.rb
View
@@ -9,6 +9,12 @@ def setup
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
+ ee3 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE3")
+
+ # Generate EC Key
+ group_name = 'secp521r1'
+ @ec_key = OpenSSL::PKey::EC.new(group_name)
+ @ec_key = @ec_key.generate_key
now = Time.now
ca_exts = [
@@ -28,6 +34,8 @@ def setup
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
@ee2_cert = issue_cert(ee2, @rsa1024, 3, now, now+1800, ee_exts,
@ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+ @ee3_cert = issue_cert(ee3, @ec_key, 4, now, now+1800, ee_exts,
+ @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
end
def issue_cert(*args)
@@ -53,6 +61,21 @@ def test_signed
assert_equal(@ee1_cert.serial, signers[0].serial)
assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
+ #Test EC signing
+ data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
+ tmp = OpenSSL::PKCS7.sign(@ee3_cert, @ec_key, data, ca_certs)
+ p7 = OpenSSL::PKCS7.new(tmp.to_der)
+ certs = p7.certificates
+ signers = p7.signers
+ assert(p7.verify([], store))
+ assert_equal(data, p7.data)
+ assert_equal(2, certs.size)
+ assert_equal(@ee3_cert.subject.to_s, certs[0].subject.to_s)
+ assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
+ assert_equal(1, signers.size)
+ assert_equal(@ee3_cert.serial, signers[0].serial)
+ assert_equal(@ee3_cert.issuer.to_s, signers[0].issuer.to_s)
+
# Normaly OpenSSL tries to translate the supplied content into canonical
# MIME format (e.g. a newline character is converted into CR+LF).
# If the content is a binary, PKCS7::BINARY flag should be used.
View
@@ -129,7 +129,17 @@ def issue_cert(dn, key, serial, not_before, not_after, extensions,
cert.serial = serial
cert.subject = dn
cert.issuer = issuer.subject
- cert.public_key = key.public_key
+
+ # EC keys need special handeling
+ case key.is_a?(OpenSSL::PKey::EC)
+ when true
+ ec_pub_key = OpenSSL::PKey::EC.new(key.group)
+ ec_pub_key.public_key = key.public_key
+ cert.public_key = ec_pub_key
+ else
+ cert.public_key = key.public_key
+ end
+
cert.not_before = not_before
cert.not_after = not_after
ef = OpenSSL::X509::ExtensionFactory.new

0 comments on commit afc1582

Please sign in to comment.