Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

test/openssl, Add unit tests for ecc pkcs7 signing

  • Loading branch information...
commit afc1582a0000a021f4ee24d3cd3520f010f7f666 1 parent 67261a3
authored March 26, 2013
23  test/openssl/test_pkcs7.rb
@@ -9,6 +9,12 @@ def setup
9 9
     ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
10 10
     ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
11 11
     ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
  12
+    ee3 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE3")
  13
+
  14
+    # Generate EC Key
  15
+    group_name = 'secp521r1'
  16
+    @ec_key = OpenSSL::PKey::EC.new(group_name)
  17
+    @ec_key = @ec_key.generate_key
12 18
 
13 19
     now = Time.now
14 20
     ca_exts = [
@@ -28,6 +34,8 @@ def setup
28 34
                            @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
29 35
     @ee2_cert = issue_cert(ee2, @rsa1024, 3, now, now+1800, ee_exts,
30 36
                            @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
  37
+    @ee3_cert = issue_cert(ee3, @ec_key, 4, now, now+1800, ee_exts,
  38
+                           @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
31 39
   end
32 40
 
33 41
   def issue_cert(*args)
@@ -53,6 +61,21 @@ def test_signed
53 61
     assert_equal(@ee1_cert.serial, signers[0].serial)
54 62
     assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
55 63
 
  64
+    #Test EC signing
  65
+    data = "aaaaa\r\nbbbbb\r\nccccc\r\n"
  66
+    tmp = OpenSSL::PKCS7.sign(@ee3_cert, @ec_key, data, ca_certs)
  67
+    p7 = OpenSSL::PKCS7.new(tmp.to_der)
  68
+    certs = p7.certificates
  69
+    signers = p7.signers
  70
+    assert(p7.verify([], store))
  71
+    assert_equal(data, p7.data)
  72
+    assert_equal(2, certs.size)
  73
+    assert_equal(@ee3_cert.subject.to_s, certs[0].subject.to_s)
  74
+    assert_equal(@ca_cert.subject.to_s, certs[1].subject.to_s)
  75
+    assert_equal(1, signers.size)
  76
+    assert_equal(@ee3_cert.serial, signers[0].serial)
  77
+    assert_equal(@ee3_cert.issuer.to_s, signers[0].issuer.to_s)
  78
+
56 79
     # Normaly OpenSSL tries to translate the supplied content into canonical
57 80
     # MIME format (e.g. a newline character is converted into CR+LF).
58 81
     # If the content is a binary, PKCS7::BINARY flag should be used.
12  test/openssl/utils.rb
@@ -129,7 +129,17 @@ def issue_cert(dn, key, serial, not_before, not_after, extensions,
129 129
     cert.serial = serial
130 130
     cert.subject = dn
131 131
     cert.issuer = issuer.subject
132  
-    cert.public_key = key.public_key
  132
+
  133
+    # EC keys need special handeling 
  134
+    case key.is_a?(OpenSSL::PKey::EC)
  135
+    when true
  136
+        ec_pub_key = OpenSSL::PKey::EC.new(key.group)
  137
+        ec_pub_key.public_key = key.public_key
  138
+        cert.public_key = ec_pub_key
  139
+    else
  140
+        cert.public_key = key.public_key
  141
+    end
  142
+
133 143
     cert.not_before = not_before
134 144
     cert.not_after = not_after
135 145
     ef = OpenSSL::X509::ExtensionFactory.new

0 notes on commit afc1582

Please sign in to comment.
Something went wrong with that request. Please try again.