[ruby/openssl] pkcs7: add a test case for the data content type

While it is not useful alone, it is still a valid content type. Some methods on OpenSSL::PKCS7 are only meant to work with the signed-data or enveloped-data content type. Add some assertions for their behavior with unsupported content types. The next patches will update the relevant code. https://github.com/ruby/openssl/commit/adb42b5b84
2025-02-09 19:37:41 +09:00 · 2025-02-09 19:37:41 +09:00 · dedd05e9c8
commit dedd05e9c8
parent 06faf28558
1 changed files with 28 additions and 0 deletions
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@ -160,6 +160,34 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
    }
  end

+  def test_data
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::ObjectId("pkcs7-data"),
+      OpenSSL::ASN1::OctetString("content", 0, :EXPLICIT),
+    ])
+    p7 = OpenSSL::PKCS7.new
+    p7.type = :data
+    p7.data = "content"
+    assert_raise(OpenSSL::PKCS7::PKCS7Error) { p7.add_certificate(@ee1_cert) }
+    assert_raise(OpenSSL::PKCS7::PKCS7Error) { p7.certificates = [@ee1_cert] }
+    assert_raise(OpenSSL::PKCS7::PKCS7Error) { p7.cipher = "aes-128-cbc" }
+    assert_equal(asn1.to_der, p7.to_der)
+
+    p7 = OpenSSL::PKCS7.new(asn1)
+    assert_equal(:data, p7.type)
+    assert_equal(false, p7.detached?)
+    # Not applicable
+    assert_nil(p7.certificates)
+    assert_nil(p7.crls)
+    # Not applicable. Should they return nil or raise an exception instead?
+    assert_equal([], p7.signers)
+    assert_equal([], p7.recipients)
+    # PKCS7#verify can't distinguish verification failure and other errors
+    store = OpenSSL::X509::Store.new
+    assert_equal(false, p7.verify([@ee1_cert], store))
+    assert_raise(OpenSSL::PKCS7::PKCS7Error) { p7.decrypt(@rsa1024) }
+  end
+
  def test_empty_signed_data_ruby_bug_19974
    data = "-----BEGIN PKCS7-----\nMAsGCSqGSIb3DQEHAg==\n-----END PKCS7-----\n"
    assert_raise(ArgumentError) { OpenSSL::PKCS7.new(data) }