From 51c33b3578188054a37b37b8dc261f190c927246 Mon Sep 17 00:00:00 2001 From: Martin Ott Date: Tue, 23 Oct 2012 20:04:47 +0200 Subject: [PATCH] PKCS7 structures that have their content encapsulated in a sequence are not imported correctly The case to handle content which has been encapsulated in a sequence has been in place already but wasn't implemented. The fix is inspired by Pull Request: https://github.com/jruby/jruby-ossl/pull/9. The test case includes PKCS7 samples to showcase the issue. Credit goes to Jason Franklin [https://github.com/jamuc] for helping with the samples and the fix in general. --- .../jruby/ext/openssl/impl/EncContent.java | 12 ++- test/test_pkcs7.rb | 75 +++++++++++++++++++ 2 files changed, 86 insertions(+), 1 deletion(-) diff --git a/src/java/org/jruby/ext/openssl/impl/EncContent.java b/src/java/org/jruby/ext/openssl/impl/EncContent.java index a2d8a03..ed36970 100644 --- a/src/java/org/jruby/ext/openssl/impl/EncContent.java +++ b/src/java/org/jruby/ext/openssl/impl/EncContent.java @@ -27,15 +27,18 @@ ***** END LICENSE BLOCK *****/ package org.jruby.ext.openssl.impl; +import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.jruby.util.ByteList; /** PKCS7_ENC_CONTENT * @@ -157,7 +160,14 @@ public static EncContent fromASN1(DEREncodable content) { ec.setAlgorithm(AlgorithmIdentifier.getInstance(sequence.getObjectAt(1))); if(sequence.size() > 2 && sequence.getObjectAt(2) instanceof DERTaggedObject && ((DERTaggedObject)(sequence.getObjectAt(2))).getTagNo() == 0) { DEREncodable ee = ((DERTaggedObject)(sequence.getObjectAt(2))).getObject(); - if(ee instanceof ASN1Sequence) { + if(ee instanceof ASN1Sequence && ((ASN1Sequence)ee).size() > 0) { + ByteList combinedOctets = new ByteList(); + Enumeration enm = ((ASN1Sequence)ee).getObjects(); + while (enm.hasMoreElements()) { + byte[] octets = ((ASN1OctetString)enm.nextElement()).getOctets(); + combinedOctets.append(octets); + } + ec.setEncData(new DEROctetString(combinedOctets.bytes())); } else { ec.setEncData((ASN1OctetString)ee); } diff --git a/test/test_pkcs7.rb b/test/test_pkcs7.rb index 93b62ce..e6498b4 100644 --- a/test/test_pkcs7.rb +++ b/test/test_pkcs7.rb @@ -53,4 +53,79 @@ def test_load_empty_pkcs7 p7 = OpenSSL::PKCS7.new(EMPTY_PEM) assert_equal(EMPTY_PEM, p7.to_pem) end + + def test_split_content + pki_message_pem = <