[ruby/openssl] pkcs7: add a test case for the data content type

While it is not useful alone, it is still a valid content type. Some
methods on OpenSSL::PKCS7 are only meant to work with the signed-data
or enveloped-data content type. Add some assertions for their behavior
with unsupported content types. The next patches will update the
relevant code.

https://github.com/ruby/openssl/commit/adb42b5b84

1 files changed, 28 insertions, 0 deletions

diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
index 862716b4d8..7e5bd6f17c 100644
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@@ -160,6 +160,34 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
     }
   end
 
+  def test_data
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::ObjectId("pkcs7-data"),
+      OpenSSL::ASN1::OctetString("content", 0, :EXPLICIT),
+    ])
+    p7 = OpenSSL::PKCS7.new
+    p7.type = :data
+    p7.data = "content"
+    assert_raise(OpenSSL::PKCS7::PKCS7Error) { p7.add_certificate(@ee1_cert) }
+    assert_raise(OpenSSL::PKCS7::PKCS7Error) { p7.certificates = [@ee1_cert] }
+    assert_raise(OpenSSL::PKCS7::PKCS7Error) { p7.cipher = "aes-128-cbc" }
+    assert_equal(asn1.to_der, p7.to_der)
+
+    p7 = OpenSSL::PKCS7.new(asn1)
+    assert_equal(:data, p7.type)
+    assert_equal(false, p7.detached?)
+    # Not applicable
+    assert_nil(p7.certificates)
+    assert_nil(p7.crls)
+    # Not applicable. Should they return nil or raise an exception instead?
+    assert_equal([], p7.signers)
+    assert_equal([], p7.recipients)
+    # PKCS7#verify can't distinguish verification failure and other errors
+    store = OpenSSL::X509::Store.new
+    assert_equal(false, p7.verify([@ee1_cert], store))
+    assert_raise(OpenSSL::PKCS7::PKCS7Error) { p7.decrypt(@rsa1024) }
+  end
+
   def test_empty_signed_data_ruby_bug_19974
     data = "-----BEGIN PKCS7-----\nMAsGCSqGSIb3DQEHAg==\n-----END PKCS7-----\n"
     assert_raise(ArgumentError) { OpenSSL::PKCS7.new(data) }