|
|
|
|
|
# create a certificate with openssl command line tool
|
|
$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
|
|
|
|
# Pry session
|
|
[1] pry(main)> require 'openssl'
|
|
=> true
|
|
[2] pry(main)> RUBY_VERSION
|
|
=> "2.3.0"
|
|
[3] pry(main)> OpenSSL::OPENSSL_VERSION
|
|
=> "OpenSSL 1.0.2d 9 Jul 2015"
|
|
[4] pry(main)> cert_pem_str=File.read("mycert.pem")
|
|
=> "-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALYwA4a/vvxkTP98\nieu6KB1bbfQ4LPWVg9U4jijNhBR5fEWGK5eh7R0SBhmHBLQF73XSq5agFFkVnOI+\n+8EXMmfMLmFrGSDXalOWQYNs11l989mob4ForPZQ7mCtmzF/lwz14zyLuMIYRZLf\nFGx70KSkb7V8Lwc26synN1P0tiKHAgMBAAECgYBaTNQCntlnucMcQrsNlpg5bM7D\n5HAMTU4pib2UZcDYcRpyTz0eDAk9hmh1kKF5JRP6PzADGVbcjMTUsskPfJLjX43Q\nxmoZW7tJfsfkthLqMXsXuj1qMOo677j8Z8+1V2iGz7iDrpmWvBCkbN+6zyAPOkcR\nDYxpOloCtlTj3XhJQQJBANnTM497J7z0pr6XiGobXN3p2gVq7FHT+F8FziOoFk+S\nBIIzR8cEy7fbh1SCkuOSSvsdblXTvdU8RMkPVDA4FaECQQDWHezQVRlMe8Py+gQ7\nVMA6xfO1zBx9qxYHoRcfkAA3vHp3DMqqu5i0ipsPFpnOgW5Qojh8ehx2I5powWTq\n/XcnAkBMpB4pJsj1mBMvTjvmMZh8UDKw400hAXcLYAyGyTaIarUBZq+jm9Fd8HTu\nTD8IqUmOj21p72WEqH7/S1Bw4trhAkEAxo8TuBLilhnEGgQefoLWjOpbWgDBfwx0\nLnkFv4BDo2xGyTX0j6XOM8bBiplz4pwGmAIHje+Tiz7zBygpFP4eSwJBAMXvwqSK\n20L2/LSQmYrBmYbYyYIEgUssJkBBwzwzbwdvLqWbRtS3a+lI/iE5TIQDqrUQDZDn\nZ33GEOqNh+Z1/Ps=\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIICWDCCAcGgAwIBAgIJALD8WZ17qxjZMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwMzAzMTUwNDM2WhcNMTcwMzAzMTUwNDM2WjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\ngQC2MAOGv778ZEz/fInruigdW230OCz1lYPVOI4ozYQUeXxFhiuXoe0dEgYZhwS0\nBe910quWoBRZFZziPvvBFzJnzC5haxkg12pTlkGDbNdZffPZqG+BaKz2UO5grZsx\nf5cM9eM8i7jCGEWS3xRse9CkpG+1fC8HNurMpzdT9LYihwIDAQABo1AwTjAdBgNV\nHQ4EFgQUPVtWb3LwBSK8RvPnC0RO1pLIxaowHwYDVR0jBBgwFoAUPVtWb3LwBSK8\nRvPnC0RO1pLIxaowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBfmdEp\n42rFLI+daX0Xo+lvE5fdQ4MOmFwMdTxH8gTrTm8cXLx7E15/pA2C2d3Zp7gn4ClP\nSEzFLUnED6txVysqCLsT3OOPaRnWhZL3uAJST8xTdlQkbASB9wWkdYwsjIAlwxbU\n58zecwLCcmJ2PS240WcC7fP8aI9HeuT1P39XnA==\n-----END CERTIFICATE-----\n"
|
|
[5] pry(main)> OpenSSL::X509::Certificate.new(cert_pem_str)
|
|
=> #<OpenSSL::X509::Certificate
|
|
subject=#<OpenSSL::X509::Name O=Internet Widgits Pty Ltd,ST=Some-State,C=AU>,
|
|
issuer=#<OpenSSL::X509::Name O=Internet Widgits Pty Ltd,ST=Some-State,C=AU>,
|
|
serial=#<OpenSSL::BN 12753166777725950169>,
|
|
not_before=2016-03-03 15:04:36 UTC,
|
|
not_after=2017-03-03 15:04:36 UTC>
|
|
[6] pry(main)> cert_pem_obj = OpenSSL::X509::Certificate.new(cert_pem_str)
|
|
=> #<OpenSSL::X509::Certificate
|
|
subject=#<OpenSSL::X509::Name O=Internet Widgits Pty Ltd,ST=Some-State,C=AU>,
|
|
issuer=#<OpenSSL::X509::Name O=Internet Widgits Pty Ltd,ST=Some-State,C=AU>,
|
|
serial=#<OpenSSL::BN 12753166777725950169>,
|
|
not_before=2016-03-03 15:04:36 UTC,
|
|
not_after=2017-03-03 15:04:36 UTC>
|
|
[7] pry(main)> cert_p7b_obj = OpenSSL::PKCS7.new()
|
|
=> #<OpenSSL::PKCS7:0x007febb09595b8>
|
|
[8] pry(main)> cert_p7b_obj.type = :signed
|
|
=> :signed
|
|
[9] pry(main)> cert_p7b_obj.add_certificate(cert_pem_obj)
|
|
=> #<OpenSSL::PKCS7:0x007febb09595b8>
|
|
[10] pry(main)> OpenSSL::PKCS7.new(cert_p7b_obj.to_s)
|
|
ArgumentError: Could not parse the PKCS7: nested asn1 error
|
|
from (pry):10:in `initialize'
|
|
|
|
- also checked with the latest ruby head version (2.4.0) and got the same error
|
|
|
|
# checking with openssl command line tool
|
|
- first, write the PKCS7 certificate to file from the Pry session:
|
|
[11] pry(main)> File.open("mycert-from_pem_ruby.pb7", 'w+') {|file| file.write(cert_p7b_obj)}
|
|
- check with openssl tool:
|
|
$ openssl pkcs7 -in mycert-from_pem_ruby.pb7 -noout -text -print_certs
|
|
unable to load PKCS7 object
|
|
140735278825552:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:283:
|
|
140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694:Field=type, Type=PKCS7
|
|
140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694:Field=contents, Type=PKCS7_SIGNED
|
|
140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694:
|
|
140735278825552:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:557:Field=d.sign, Type=PKCS7
|
|
140735278825552:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
|
|
|