ccrypto-java 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. checksums.yaml +4 -4
  2. data/.java-version +1 -1
  3. data/.release_history.yml +4 -0
  4. data/.ruby-version +1 -0
  5. data/Gemfile +1 -1
  6. data/Gemfile.lock +68 -53
  7. data/Rakefile +2 -1
  8. data/bin/console +14 -0
  9. data/jars/bcjmail-jdk18on-172.jar +0 -0
  10. data/jars/bcmail-jdk18on-172.jar +0 -0
  11. data/jars/bcpg-jdk18on-172.1.jar +0 -0
  12. data/jars/bcpkix-jdk18on-172.jar +0 -0
  13. data/jars/bcprov-ext-jdk18on-172.jar +0 -0
  14. data/jars/bcprov-jdk18on-172.jar +0 -0
  15. data/jars/bctls-jdk18on-172.jar +0 -0
  16. data/jars/bcutil-jdk18on-172.jar +0 -0
  17. data/lib/ccrypto/java/bc_const_mapping.rb +42 -0
  18. data/lib/ccrypto/java/data_conversion.rb +23 -2
  19. data/lib/ccrypto/java/engines/argon2_engine.rb +95 -0
  20. data/lib/ccrypto/java/engines/asn1_engine.rb +2 -1
  21. data/lib/ccrypto/java/engines/bcrypt_engine.rb +56 -0
  22. data/lib/ccrypto/java/engines/cipher_engine.rb +462 -130
  23. data/lib/ccrypto/java/engines/compression_engine.rb +7 -28
  24. data/lib/ccrypto/java/engines/crystal_dilithium_engine.rb +226 -0
  25. data/lib/ccrypto/java/engines/crystal_kyber_engine.rb +260 -0
  26. data/lib/ccrypto/java/engines/decompression_engine.rb +5 -4
  27. data/lib/ccrypto/java/engines/digest_engine.rb +221 -139
  28. data/lib/ccrypto/java/engines/ecc_engine.rb +249 -96
  29. data/lib/ccrypto/java/engines/ed25519_engine.rb +211 -0
  30. data/lib/ccrypto/java/engines/hkdf_engine.rb +82 -23
  31. data/lib/ccrypto/java/engines/hmac_engine.rb +98 -23
  32. data/lib/ccrypto/java/engines/pbkdf2_engine.rb +82 -33
  33. data/lib/ccrypto/java/engines/pkcs7_engine.rb +44 -33
  34. data/lib/ccrypto/java/engines/rsa_engine.rb +85 -31
  35. data/lib/ccrypto/java/engines/scrypt_engine.rb +12 -3
  36. data/lib/ccrypto/java/engines/secret_key_engine.rb +77 -12
  37. data/lib/ccrypto/java/engines/secret_sharing_engine.rb +17 -2
  38. data/lib/ccrypto/java/engines/x25519_engine.rb +249 -0
  39. data/lib/ccrypto/java/engines/x509_csr_engine.rb +141 -0
  40. data/lib/ccrypto/java/engines/x509_engine.rb +365 -71
  41. data/lib/ccrypto/java/ext/secret_key.rb +37 -25
  42. data/lib/ccrypto/java/ext/x509_cert.rb +429 -5
  43. data/lib/ccrypto/java/ext/x509_csr.rb +151 -0
  44. data/lib/ccrypto/java/jce_provider.rb +0 -11
  45. data/lib/ccrypto/java/keystore/jce_keystore.rb +205 -0
  46. data/lib/ccrypto/java/keystore/jks_keystore.rb +52 -0
  47. data/lib/ccrypto/java/keystore/keystore.rb +97 -0
  48. data/lib/ccrypto/java/keystore/pem_keystore.rb +147 -0
  49. data/lib/ccrypto/java/keystore/pkcs12_keystore.rb +56 -0
  50. data/lib/ccrypto/java/utils/comparator.rb +25 -2
  51. data/lib/ccrypto/java/version.rb +1 -1
  52. data/lib/ccrypto/java.rb +46 -0
  53. data/lib/ccrypto/provider.rb +139 -3
  54. metadata +40 -24
  55. data/ccrypto-java.gemspec +0 -44
  56. data/jars/bcmail-jdk15on-165.jar +0 -0
  57. data/jars/bcpg-jdk15on-165.jar +0 -0
  58. data/jars/bcpkix-jdk15on-165.jar +0 -0
  59. data/jars/bcprov-ext-jdk15on-165.jar +0 -0
  60. data/jars/bcprov-jdk15on-165.jar +0 -0
  61. data/jars/bctls-jdk15on-165.jar +0 -0
  62. data/lib/ccrypto/java/keybundle_store/pkcs12.rb +0 -125
@@ -5,71 +5,83 @@ module Ccrypto
5
5
  class SecretKey
6
6
  include Java::DataConversion
7
7
 
8
- include TeLogger::TeLogHelper
9
- teLogger_tag :j_secretkey_ext
8
+ def initialize(algo, keysize, key)
9
+ @algo = algo
10
+ @keysize = keysize
11
+ @native_key = key
12
+ @native_key = to_jce_secret_key
13
+ end
10
14
 
11
15
  def to_jce_secret_key
12
- case @key
16
+ case @native_key
13
17
  when javax.crypto.spec.SecretKeySpec
14
- @key
18
+ @native_key
15
19
  when ::Java::byte[]
16
- javax.crypto.spec.SecretKeySpec.new(@key, @algo.to_s)
20
+ javax.crypto.spec.SecretKeySpec.new(@native_key, @algo.to_s)
21
+
22
+ when String
23
+ javax.crypto.spec.SecretKeySpec.new(to_java_bytes(@native_key), @algo.to_s)
17
24
 
18
25
  else
19
- case @key.key
26
+ case @native_key.ccrypto_key
20
27
  when javax.crypto.spec.SecretKeySpec
21
- @key.key
28
+ @native_key.ccrypto_key
22
29
  when ::Java::byte[]
23
- javax.crypto.spec.SecretKeySpec.new(@key.key, @algo.to_s)
30
+ javax.crypto.spec.SecretKeySpec.new(@native_key.ccrypto_key, @algo.to_s)
31
+ when Ccrypto::SecretKey
32
+ @native_key.ccrypto_key.native_key
24
33
  else
25
- raise Ccrypto::Error, "Unknown key to conver to jce #{@key.key}"
34
+ raise Ccrypto::Error, "Unknown key to conver to jce #{@native_key.ccrypto_key}"
26
35
  end
27
36
  end
28
37
  end
29
38
 
30
39
  def to_bin
31
- case @key
40
+ case @native_key
32
41
  when javax.crypto.spec.SecretKeySpec
33
- @key.encoded
42
+ @native_key.encoded
34
43
  else
35
- raise Ccrypto::Error, "Unsupported key type #{@key.class}"
44
+ raise Ccrypto::Error, "Unsupported key type #{@native_key.class}"
36
45
  end
37
46
  end
38
47
 
39
48
  def length
40
- case @key
49
+ case @native_key
41
50
  when javax.crypto.spec.SecretKeySpec
42
- @key.encoded.length
43
- when ::Java::byte[]
44
- @key.length
51
+ @native_key.encoded.length
52
+ when ::Java::byte[], String
53
+ @native_key.length
45
54
  else
46
- @key.key.encoded.length
55
+ @native_key.key.encoded.length
47
56
  end
48
57
  end
49
58
 
50
59
  def equals?(key)
51
60
  case key
52
61
  when Ccrypto::SecretKey
53
- teLogger.debug "Given key is Ccrypto::SecretKey"
62
+ logger.debug "Given key is Ccrypto::SecretKey"
54
63
  to_jce_secret_key.encoded == key.to_jce_secret_key.encoded
55
64
  when javax.crypto.spec.SecretKeySpec
56
- teLogger.debug "Given key is java SecretKeySpec"
65
+ logger.debug "Given key is java SecretKeySpec"
57
66
  to_jce_secret_key.encoded == key.encoded
58
67
  when ::Java::byte[]
59
68
  to_jce_secret_key.encoded == key
60
69
  when String
61
70
  to_jce_secret_key.encoded == to_java_bytes(key)
62
71
  else
63
- teLogger.debug "Not sure how to compare : #{self} / #{key}"
72
+ logger.debug "Not sure how to compare : #{self} / #{key}"
64
73
  to_jce_secret_key == key
65
74
  end
66
75
  end
67
76
 
68
- #def each_char(&block)
69
- # to_bin.each do |b|
70
- # block.call(b)
71
- # end
72
- #end
77
+ def ==(val)
78
+ self.equals?(val)
79
+ end
80
+
81
+ private
82
+ def logger
83
+ Ccrypto::Java.logger(:seckey)
84
+ end
73
85
 
74
86
  end
75
87
  end
@@ -1,15 +1,399 @@
1
1
 
2
2
 
3
+ require_relative '../bc_const_mapping'
4
+
5
+ java_import org.bouncycastle.asn1.x500.style.BCStyle
6
+ java_import org.bouncycastle.asn1.x500.style.IETFUtils
7
+ java_import org.bouncycastle.asn1.x509.Extension
8
+ java_import org.bouncycastle.asn1.x509.KeyUsage
9
+
3
10
  module Ccrypto
11
+ class X509NameInfo
12
+ include TR::CondUtils
13
+
14
+ attr_reader :name, :org_unit, :org
15
+
16
+ def initialize(x500name)
17
+ @x500Name = x500name
18
+ extract
19
+ end
20
+
21
+ def email=(val)
22
+ if val.is_a?(Array)
23
+ emails.concat(val)
24
+ else
25
+ emails << val
26
+ end
27
+ end
28
+
29
+ def emails
30
+ if @_emails.nil?
31
+ @_emails = []
32
+ end
33
+ @_emails
34
+ end
35
+
36
+ def has_email?(name)
37
+ emails.include?(name)
38
+ end
39
+
40
+ def to_s
41
+ @x500Name.toString
42
+ end
43
+
44
+ private
45
+ def extract
46
+ name = @x500Name.getRDNs(BCStyle::CN)[0]
47
+ @name = IETFUtils.valueToString(name.first.value) if not_empty?(name)
48
+
49
+ ou = @x500Name.getRDNs(BCStyle::OU)
50
+ if not_empty?(ou)
51
+ @org_unit = []
52
+ ou.each do |o|
53
+ @org_unit << IETFUtils.valueToString(o.first.value)
54
+ end
55
+ end
56
+
57
+ org = @x500Name.getRDNs(BCStyle::O)
58
+ if not_empty?(org)
59
+ org = org[0]
60
+ @org = IETFUtils.valueToString(org.first.value)
61
+ end
62
+
63
+ e = @x500Name.getRDNs(BCStyle::E)
64
+ if not_empty?(e)
65
+ e.each do |o|
66
+ email << IETFUtils.valueToString(o.first.value)
67
+ end
68
+ end
69
+
70
+ e2 = @x500Name.getRDNs(BCStyle::EmailAddress)
71
+ if not_empty?(e2)
72
+ e2.each do |o|
73
+ email << IETFUtils.valueToString(o.first.value)
74
+ end
75
+ end
76
+
77
+ end # extract
78
+
79
+ end # X509NameInfo
80
+
81
+ class X509CertInfo
82
+ include TR::CondUtils
83
+ include Ccrypto::Java::DataConversion
84
+
85
+ attr_reader :owner # X509NameInfo structure
86
+ attr_reader :issuer # X509NameInfo structure
87
+ attr_reader :serial
88
+ attr_reader :not_before, :not_after
89
+ # extension
90
+ attr_reader :dns_name, :ip_addr, :uri
91
+ attr_reader :crl_dist_point, :ocsp_url, :issuer_url
92
+
93
+ def initialize(cert)
94
+ raise X509CertException, "Given certificate to extract cannot be nil" if cert.nil?
95
+ @cert = cert
96
+
97
+ @ku = []
98
+ @eku = []
99
+ @dns_name = []
100
+ @ip_addr = []
101
+ @uri = []
102
+ @crl_dist_point = []
103
+ @ocsp_url = []
104
+ @issuer_url = []
105
+
106
+ @domain_key_usage = []
107
+ @all_cert_exts = []
108
+
109
+ extract
110
+ end
111
+
112
+ def serial_no(outForm = :hex)
113
+ if not_empty?(@serial)
114
+ case outForm
115
+ when :b64, :base64
116
+ to_b64(@serial.to_s)
117
+ when :hex
118
+ @serial.to_s(16)
119
+ else
120
+ @serial
121
+ end
122
+
123
+ else
124
+ raise X509CertException, "Serial not yet loaded"
125
+ end
126
+ end
127
+
128
+ #
129
+ # const taken from Ccrypto::X509::CertProfile::KeyUsage::Usages
130
+ #
131
+ def has_key_usage?(const)
132
+ @ku.include?(const)
133
+ end
134
+
135
+ #
136
+ # const taken from Ccrypto::X509::CertProfile::ExtKeyUsage::Usages
137
+ #
138
+ def has_ext_key_usage?(const)
139
+ @eku.include?(const)
140
+ end
141
+
142
+ def is_CA?
143
+ @isCa
144
+ end
145
+
146
+ def has_dns?(dns = nil)
147
+ if dns.nil?
148
+ @dns_name.length > 0
149
+ else
150
+ @dns_name.include?(dns)
151
+ end
152
+ end
153
+
154
+ def has_ip_addr?(ip = nil)
155
+ if ip.nil?
156
+ @ip_addr.length > 0
157
+ else
158
+ @ip_addr.include?(ip)
159
+ end
160
+ end
161
+
162
+ def has_uri?(uri = nil)
163
+ if uri.nil?
164
+ @uri.length > 0
165
+ else
166
+ @uri.include?(uri)
167
+ end
168
+ end
169
+
170
+ def has_crl_dist_point?(uri = nil)
171
+ if uri.nil?
172
+ @crl_dist_point.length > 0
173
+ else
174
+ @crl_dist_point.include?(uri)
175
+ end
176
+ end
177
+
178
+ def has_ocsp_url?(url = nil)
179
+ if url.nil?
180
+ @ocsp_url.length > 0
181
+ else
182
+ @ocsp_url.include?(url)
183
+ end
184
+ end
185
+
186
+ def has_issuer_url?(url = nil)
187
+ if url.nil?
188
+ @issuer_url.length > 0
189
+ else
190
+ @issuer_url.include?(url)
191
+ end
192
+ end
193
+
194
+ def has_domain_key_usage?(usage = nil)
195
+ if usage.nil?
196
+ @domain_key_usage.length > 0
197
+ else
198
+ @domain_key_usage.include?(usage)
199
+ end
200
+ end
201
+
202
+ def has_domain_extension?(ext)
203
+ @all_cert_exts.include?(ext)
204
+ end
205
+
206
+ def domain_extension(ext)
207
+ co = org.bouncycastle.cert.jcajce.JcaX509CertificateHolder.new(@cert)
208
+ extVal = co.getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier.new(ext))
209
+ extVal.getExtnValue.octets
210
+ end
211
+
212
+ private
213
+ # extract certificate info
214
+ def extract
215
+ co = org.bouncycastle.cert.jcajce.JcaX509CertificateHolder.new(@cert)
216
+ @owner = X509NameInfo.new(co.subject)
217
+ @issuer = X509NameInfo.new(co.issuer)
218
+ @not_before = co.not_before
219
+ @not_after = co.not_after
220
+ @serial = co.serial_number
221
+
222
+ @all_cert_exts = co.getExtensionOIDs.collect { |e| e.id }
223
+
224
+ bcToConst = Ccrypto::Java::BCConstMapping::KeyUsageMapping.invert
225
+ ku = org.bouncycastle.asn1.x509::KeyUsage.from_extensions(co.extensions)
226
+ if not ku.nil?
227
+ Ccrypto::Java::BCConstMapping::KeyUsageMapping.values.each do |id|
228
+ if ku.has_usages?(id)
229
+ @ku << bcToConst[id]
230
+ end
231
+ end
232
+ end
233
+
234
+ bcToConstExt = Ccrypto::Java::BCConstMapping::ExtKeyUsageMapping.invert
235
+ #eku = org.bouncycastle.asn1.x509::ExtendedKeyUsage.from_extensions(co.extensions)
236
+ #if not eku.nil?
237
+ # Ccrypto::Java::BCConstMapping::ExtKeyUsageMapping.values.each do |id|
238
+ # if eku.has_key_purpose_id?(id)
239
+ # @eku << bcToConstExt[id]
240
+ # end
241
+ # end
242
+ #end
243
+
244
+ eku = co.getExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage)
245
+ if not eku.nil?
246
+ eku.parsed_value.to_a.each do |v|
247
+ if bcToConstExt.keys.include?(v)
248
+ @eku << bcToConstExt[v]
249
+ else
250
+ @domain_key_usage << v.id
251
+ end
252
+ end
253
+ end
254
+
255
+
256
+ bc = org.bouncycastle.asn1.x509::BasicConstraints.from_extensions(co.extensions)
257
+ if not bc.nil?
258
+ @isCa = bc.isCA
259
+ if @isCa
260
+ @caPathLen = bc.path_len_constraint
261
+ end
262
+ else
263
+ @isCa = false
264
+ end
265
+
266
+ sans = co.getExtension(org.bouncycastle.asn1.x509.Extension::subjectAlternativeName)
267
+ if not sans.nil?
268
+ sans.parsed_value.to_a.each do |a|
269
+ case a.tag_no
270
+ when org.bouncycastle.asn1.x509.GeneralName::rfc822Name
271
+ val = java.lang.String.new(a.contents)
272
+ @owner.email = val
273
+ when org.bouncycastle.asn1.x509.GeneralName::dNSName
274
+ val = java.lang.String.new(a.contents)
275
+ @dns_name << val
276
+ when org.bouncycastle.asn1.x509.GeneralName::iPAddress
277
+ @ip_addr << java.net.InetAddress.getByAddress(a.contents).host_address
278
+ when org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
279
+ val = java.lang.String.new(a.contents)
280
+ @uri << val
281
+ end
282
+ end
283
+ end
284
+
285
+ cdp = org.bouncycastle.asn1.x509::CRLDistPoint.from_extensions(co.extensions)
286
+ if not cdp.nil?
287
+ cdp.getDistributionPoints.each do |dp|
288
+ dpName = dp.distribution_point
289
+ if not dpName.nil?
290
+ if dpName.type == org.bouncycastle.asn1.x509.DistributionPointName::FULL_NAME
291
+ org.bouncycastle.asn1.x509.GeneralNames::getInstance(dpName.getName).names.each do |n|
292
+ if n.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
293
+ @crl_dist_point << org.bouncycastle.asn1.DERIA5String.getInstance(n.name).getString()
294
+ end
295
+ end
296
+ end
297
+ end
298
+ end
299
+ end
300
+
301
+ aia = org.bouncycastle.asn1.x509::AuthorityInformationAccess.from_extensions(co.extensions)
302
+ if not aia.nil?
303
+ aia.getAccessDescriptions.each do |ad|
304
+ case ad.access_method.id
305
+ when org.bouncycastle.asn1.x509.AccessDescription.id_ad_ocsp.id
306
+ if ad.access_location.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
307
+ @ocsp_url << org.bouncycastle.asn1.DERIA5String.getInstance(ad.access_location.name).getString()
308
+ end
309
+ when org.bouncycastle.asn1.x509.AccessDescription.id_ad_caIssuers.id
310
+ if ad.access_location.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
311
+ @issuer_url << org.bouncycastle.asn1.DERIA5String.getInstance(ad.access_location.name).getString()
312
+ end
313
+ end
314
+ end
315
+ end
316
+
317
+ end # extract
318
+
319
+ end # class X509CertInfo
320
+
321
+ #
322
+ # X509Cert object
323
+ #
4
324
  class X509Cert
5
325
  include TR::CondUtils
326
+ include Java::DataConversion
6
327
 
7
328
  def to_der
8
329
  @nativeX509.encoded
9
330
  end
10
331
 
332
+ def self.to_cert_from_file(path)
333
+ if File.exist?(path)
334
+ to_java_cert(java.io.FileInputStream.new(path))
335
+ else
336
+ raise Error, "Given file to load '#{path}' does not exist"
337
+ end
338
+ end
339
+
340
+ def self.from_pem(str)
341
+ case str
342
+ when String
343
+ sstr = str.lines
344
+ if sstr[0] =~ /BEGIN CERTIFICATE/
345
+ certBin = from_b64_mime(sstr[1..-2].join)
346
+ baos = java.io.ByteArrayOutputStream.new
347
+ baos.write(certBin)
348
+ to_java_cert(baos.toByteArray)
349
+ else
350
+ raise Error, "Not a certificate PEM"
351
+ end
352
+ else
353
+ if str.to_java.is_a?(Java::byte[])
354
+ else
355
+ raise Error, "Unsupported input '#{str.class}' to read PEM format"
356
+ end
357
+ end
358
+ end
359
+
360
+ def to_pem
361
+ out = []
362
+ out << "-----BEGIN CERTIFICATE-----"
363
+ out << to_b64_mime(@nativeX509.encoded)
364
+ out << "-----END CERTIFICATE-----"
365
+ out.join("\n")
366
+ end
367
+
368
+ def self.from_storage(input, opts = { format: :b64 })
369
+ defOpts = {
370
+ jce_provider: Java::JCEProvider::DEFProv
371
+ }
372
+
373
+ defOpts.merge!(opts)
374
+
375
+ case defOpts[:format]
376
+ when :b64, :base64
377
+ bin = from_b64(input)
378
+ when :hex
379
+ # hex
380
+ bin = from_hex(input)
381
+ else
382
+ # binary
383
+ bin = input
384
+ end
385
+
386
+ to_java_cert(bin, defOpts[:jce_provider])
387
+ end
388
+
11
389
  def method_missing(mtd, *args, &block)
12
- @nativeX509.send(mtd, *args, &block)
390
+ if cert_info.respond_to?(mtd)
391
+ cert_info.send(mtd, *args, &block)
392
+ elsif @nativeX509.respond_to?(mtd)
393
+ @nativeX509.send(mtd, *args, &block)
394
+ else
395
+ super
396
+ end
13
397
  end
14
398
 
15
399
  def equal?(cert)
@@ -27,22 +411,62 @@ module Ccrypto
27
411
  tcert.encoded == @nativeX509.encoded
28
412
  end
29
413
  end
414
+ alias_method :equals?, :equal?
30
415
 
31
- def self.to_java_cert(cert)
416
+
417
+ def owner
418
+ cert_info.owner
419
+ end
420
+
421
+ def self.to_java_cert(cert, prov = Java::JCEProvider::DEFProv)
32
422
  raise X509CertException, "Given certificate to convert to Java certificate object is empty" if is_empty?(cert)
33
423
 
34
424
  case cert
425
+ when org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject
426
+ #Ccrypto.logger(:x509_cert).debug "Given X509CertificateObject to convert"
427
+ cert.to_java(java.security.cert.Certificate)
428
+
35
429
  when java.security.cert.Certificate
430
+ #Ccrypto.logger(:x509_cert).debug "Given java certificate object to convert"
36
431
  cert
37
432
  when org.bouncycastle.cert.X509CertificateHolder
38
- cert.to_java_cert
433
+ #Ccrypto.logger(:x509_cert).debug "Given BC certificate holder to convert"
434
+ org.bouncycastle.cert.jcajce.JcaX509CertificateConverter.new.get_certificate(cert)
435
+ #cert.to_java_cert
39
436
  when Ccrypto::X509Cert
437
+ #Ccrypto.logger(:x509_cert).debug "Given Ccrypto::X509Cert to convert"
40
438
  to_java_cert(cert.nativeX509)
439
+
440
+ when String
441
+ #Ccrypto.logger(:x509_cert).debug "Given String to convert"
442
+ cf = java.security.cert.CertificateFactory.getInstance("X.509", prov)
443
+ c = cf.generateCertificate(java.io.ByteArrayInputStream.new(cert))
444
+ Ccrypto::X509Cert.new(c)
445
+
41
446
  else
42
- raise X509CertException, "Unknown certificate type #{cert} for conversion"
447
+
448
+ if cert.to_java.is_a?(::Java::byte[])
449
+ #Ccrypto.logger(:x509_cert).debug "Given java byte array to convert"
450
+ cf = java.security.cert.CertificateFactory.getInstance("X.509", prov)
451
+ c = cf.generateCertificate(java.io.ByteArrayInputStream.new(cert)).to_java(java.security.cert.X509Certificate)
452
+ Ccrypto::X509Cert.new(c)
453
+ else
454
+ raise X509CertException, "Unknown certificate type #{cert.class} for conversion"
455
+ end
456
+
43
457
  end
44
458
 
45
459
  end
46
460
 
47
- end
461
+ def cert_info
462
+ raise X509CertException, "Certificate not given to extract cert info" if @nativeX509.nil?
463
+
464
+ if @_cert_info.nil?
465
+ @_cert_info = X509CertInfo.new(@nativeX509)
466
+ end
467
+ @_cert_info
468
+ end
469
+
470
+ end # end X509Cert
471
+
48
472
  end