ccrypto-java 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.java-version +1 -1
- data/.release_history.yml +4 -0
- data/.ruby-version +1 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +68 -53
- data/Rakefile +2 -1
- data/bin/console +14 -0
- data/jars/bcjmail-jdk18on-172.jar +0 -0
- data/jars/bcmail-jdk18on-172.jar +0 -0
- data/jars/bcpg-jdk18on-172.1.jar +0 -0
- data/jars/bcpkix-jdk18on-172.jar +0 -0
- data/jars/bcprov-ext-jdk18on-172.jar +0 -0
- data/jars/bcprov-jdk18on-172.jar +0 -0
- data/jars/bctls-jdk18on-172.jar +0 -0
- data/jars/bcutil-jdk18on-172.jar +0 -0
- data/lib/ccrypto/java/bc_const_mapping.rb +42 -0
- data/lib/ccrypto/java/data_conversion.rb +23 -2
- data/lib/ccrypto/java/engines/argon2_engine.rb +95 -0
- data/lib/ccrypto/java/engines/asn1_engine.rb +2 -1
- data/lib/ccrypto/java/engines/bcrypt_engine.rb +56 -0
- data/lib/ccrypto/java/engines/cipher_engine.rb +462 -130
- data/lib/ccrypto/java/engines/compression_engine.rb +7 -28
- data/lib/ccrypto/java/engines/crystal_dilithium_engine.rb +226 -0
- data/lib/ccrypto/java/engines/crystal_kyber_engine.rb +260 -0
- data/lib/ccrypto/java/engines/decompression_engine.rb +5 -4
- data/lib/ccrypto/java/engines/digest_engine.rb +221 -139
- data/lib/ccrypto/java/engines/ecc_engine.rb +249 -96
- data/lib/ccrypto/java/engines/ed25519_engine.rb +211 -0
- data/lib/ccrypto/java/engines/hkdf_engine.rb +82 -23
- data/lib/ccrypto/java/engines/hmac_engine.rb +98 -23
- data/lib/ccrypto/java/engines/pbkdf2_engine.rb +82 -33
- data/lib/ccrypto/java/engines/pkcs7_engine.rb +44 -33
- data/lib/ccrypto/java/engines/rsa_engine.rb +85 -31
- data/lib/ccrypto/java/engines/scrypt_engine.rb +12 -3
- data/lib/ccrypto/java/engines/secret_key_engine.rb +77 -12
- data/lib/ccrypto/java/engines/secret_sharing_engine.rb +17 -2
- data/lib/ccrypto/java/engines/x25519_engine.rb +249 -0
- data/lib/ccrypto/java/engines/x509_csr_engine.rb +141 -0
- data/lib/ccrypto/java/engines/x509_engine.rb +365 -71
- data/lib/ccrypto/java/ext/secret_key.rb +37 -25
- data/lib/ccrypto/java/ext/x509_cert.rb +429 -5
- data/lib/ccrypto/java/ext/x509_csr.rb +151 -0
- data/lib/ccrypto/java/jce_provider.rb +0 -11
- data/lib/ccrypto/java/keystore/jce_keystore.rb +205 -0
- data/lib/ccrypto/java/keystore/jks_keystore.rb +52 -0
- data/lib/ccrypto/java/keystore/keystore.rb +97 -0
- data/lib/ccrypto/java/keystore/pem_keystore.rb +147 -0
- data/lib/ccrypto/java/keystore/pkcs12_keystore.rb +56 -0
- data/lib/ccrypto/java/utils/comparator.rb +25 -2
- data/lib/ccrypto/java/version.rb +1 -1
- data/lib/ccrypto/java.rb +46 -0
- data/lib/ccrypto/provider.rb +139 -3
- metadata +40 -24
- data/ccrypto-java.gemspec +0 -44
- data/jars/bcmail-jdk15on-165.jar +0 -0
- data/jars/bcpg-jdk15on-165.jar +0 -0
- data/jars/bcpkix-jdk15on-165.jar +0 -0
- data/jars/bcprov-ext-jdk15on-165.jar +0 -0
- data/jars/bcprov-jdk15on-165.jar +0 -0
- data/jars/bctls-jdk15on-165.jar +0 -0
- data/lib/ccrypto/java/keybundle_store/pkcs12.rb +0 -125
@@ -5,71 +5,83 @@ module Ccrypto
|
|
5
5
|
class SecretKey
|
6
6
|
include Java::DataConversion
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
def initialize(algo, keysize, key)
|
9
|
+
@algo = algo
|
10
|
+
@keysize = keysize
|
11
|
+
@native_key = key
|
12
|
+
@native_key = to_jce_secret_key
|
13
|
+
end
|
10
14
|
|
11
15
|
def to_jce_secret_key
|
12
|
-
case @
|
16
|
+
case @native_key
|
13
17
|
when javax.crypto.spec.SecretKeySpec
|
14
|
-
@
|
18
|
+
@native_key
|
15
19
|
when ::Java::byte[]
|
16
|
-
javax.crypto.spec.SecretKeySpec.new(@
|
20
|
+
javax.crypto.spec.SecretKeySpec.new(@native_key, @algo.to_s)
|
21
|
+
|
22
|
+
when String
|
23
|
+
javax.crypto.spec.SecretKeySpec.new(to_java_bytes(@native_key), @algo.to_s)
|
17
24
|
|
18
25
|
else
|
19
|
-
case @
|
26
|
+
case @native_key.ccrypto_key
|
20
27
|
when javax.crypto.spec.SecretKeySpec
|
21
|
-
@
|
28
|
+
@native_key.ccrypto_key
|
22
29
|
when ::Java::byte[]
|
23
|
-
javax.crypto.spec.SecretKeySpec.new(@
|
30
|
+
javax.crypto.spec.SecretKeySpec.new(@native_key.ccrypto_key, @algo.to_s)
|
31
|
+
when Ccrypto::SecretKey
|
32
|
+
@native_key.ccrypto_key.native_key
|
24
33
|
else
|
25
|
-
raise Ccrypto::Error, "Unknown key to conver to jce #{@
|
34
|
+
raise Ccrypto::Error, "Unknown key to conver to jce #{@native_key.ccrypto_key}"
|
26
35
|
end
|
27
36
|
end
|
28
37
|
end
|
29
38
|
|
30
39
|
def to_bin
|
31
|
-
case @
|
40
|
+
case @native_key
|
32
41
|
when javax.crypto.spec.SecretKeySpec
|
33
|
-
@
|
42
|
+
@native_key.encoded
|
34
43
|
else
|
35
|
-
raise Ccrypto::Error, "Unsupported key type #{@
|
44
|
+
raise Ccrypto::Error, "Unsupported key type #{@native_key.class}"
|
36
45
|
end
|
37
46
|
end
|
38
47
|
|
39
48
|
def length
|
40
|
-
case @
|
49
|
+
case @native_key
|
41
50
|
when javax.crypto.spec.SecretKeySpec
|
42
|
-
@
|
43
|
-
when ::Java::byte[]
|
44
|
-
@
|
51
|
+
@native_key.encoded.length
|
52
|
+
when ::Java::byte[], String
|
53
|
+
@native_key.length
|
45
54
|
else
|
46
|
-
@
|
55
|
+
@native_key.key.encoded.length
|
47
56
|
end
|
48
57
|
end
|
49
58
|
|
50
59
|
def equals?(key)
|
51
60
|
case key
|
52
61
|
when Ccrypto::SecretKey
|
53
|
-
|
62
|
+
logger.debug "Given key is Ccrypto::SecretKey"
|
54
63
|
to_jce_secret_key.encoded == key.to_jce_secret_key.encoded
|
55
64
|
when javax.crypto.spec.SecretKeySpec
|
56
|
-
|
65
|
+
logger.debug "Given key is java SecretKeySpec"
|
57
66
|
to_jce_secret_key.encoded == key.encoded
|
58
67
|
when ::Java::byte[]
|
59
68
|
to_jce_secret_key.encoded == key
|
60
69
|
when String
|
61
70
|
to_jce_secret_key.encoded == to_java_bytes(key)
|
62
71
|
else
|
63
|
-
|
72
|
+
logger.debug "Not sure how to compare : #{self} / #{key}"
|
64
73
|
to_jce_secret_key == key
|
65
74
|
end
|
66
75
|
end
|
67
76
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
77
|
+
def ==(val)
|
78
|
+
self.equals?(val)
|
79
|
+
end
|
80
|
+
|
81
|
+
private
|
82
|
+
def logger
|
83
|
+
Ccrypto::Java.logger(:seckey)
|
84
|
+
end
|
73
85
|
|
74
86
|
end
|
75
87
|
end
|
@@ -1,15 +1,399 @@
|
|
1
1
|
|
2
2
|
|
3
|
+
require_relative '../bc_const_mapping'
|
4
|
+
|
5
|
+
java_import org.bouncycastle.asn1.x500.style.BCStyle
|
6
|
+
java_import org.bouncycastle.asn1.x500.style.IETFUtils
|
7
|
+
java_import org.bouncycastle.asn1.x509.Extension
|
8
|
+
java_import org.bouncycastle.asn1.x509.KeyUsage
|
9
|
+
|
3
10
|
module Ccrypto
|
11
|
+
class X509NameInfo
|
12
|
+
include TR::CondUtils
|
13
|
+
|
14
|
+
attr_reader :name, :org_unit, :org
|
15
|
+
|
16
|
+
def initialize(x500name)
|
17
|
+
@x500Name = x500name
|
18
|
+
extract
|
19
|
+
end
|
20
|
+
|
21
|
+
def email=(val)
|
22
|
+
if val.is_a?(Array)
|
23
|
+
emails.concat(val)
|
24
|
+
else
|
25
|
+
emails << val
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def emails
|
30
|
+
if @_emails.nil?
|
31
|
+
@_emails = []
|
32
|
+
end
|
33
|
+
@_emails
|
34
|
+
end
|
35
|
+
|
36
|
+
def has_email?(name)
|
37
|
+
emails.include?(name)
|
38
|
+
end
|
39
|
+
|
40
|
+
def to_s
|
41
|
+
@x500Name.toString
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
def extract
|
46
|
+
name = @x500Name.getRDNs(BCStyle::CN)[0]
|
47
|
+
@name = IETFUtils.valueToString(name.first.value) if not_empty?(name)
|
48
|
+
|
49
|
+
ou = @x500Name.getRDNs(BCStyle::OU)
|
50
|
+
if not_empty?(ou)
|
51
|
+
@org_unit = []
|
52
|
+
ou.each do |o|
|
53
|
+
@org_unit << IETFUtils.valueToString(o.first.value)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
org = @x500Name.getRDNs(BCStyle::O)
|
58
|
+
if not_empty?(org)
|
59
|
+
org = org[0]
|
60
|
+
@org = IETFUtils.valueToString(org.first.value)
|
61
|
+
end
|
62
|
+
|
63
|
+
e = @x500Name.getRDNs(BCStyle::E)
|
64
|
+
if not_empty?(e)
|
65
|
+
e.each do |o|
|
66
|
+
email << IETFUtils.valueToString(o.first.value)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
e2 = @x500Name.getRDNs(BCStyle::EmailAddress)
|
71
|
+
if not_empty?(e2)
|
72
|
+
e2.each do |o|
|
73
|
+
email << IETFUtils.valueToString(o.first.value)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
end # extract
|
78
|
+
|
79
|
+
end # X509NameInfo
|
80
|
+
|
81
|
+
class X509CertInfo
|
82
|
+
include TR::CondUtils
|
83
|
+
include Ccrypto::Java::DataConversion
|
84
|
+
|
85
|
+
attr_reader :owner # X509NameInfo structure
|
86
|
+
attr_reader :issuer # X509NameInfo structure
|
87
|
+
attr_reader :serial
|
88
|
+
attr_reader :not_before, :not_after
|
89
|
+
# extension
|
90
|
+
attr_reader :dns_name, :ip_addr, :uri
|
91
|
+
attr_reader :crl_dist_point, :ocsp_url, :issuer_url
|
92
|
+
|
93
|
+
def initialize(cert)
|
94
|
+
raise X509CertException, "Given certificate to extract cannot be nil" if cert.nil?
|
95
|
+
@cert = cert
|
96
|
+
|
97
|
+
@ku = []
|
98
|
+
@eku = []
|
99
|
+
@dns_name = []
|
100
|
+
@ip_addr = []
|
101
|
+
@uri = []
|
102
|
+
@crl_dist_point = []
|
103
|
+
@ocsp_url = []
|
104
|
+
@issuer_url = []
|
105
|
+
|
106
|
+
@domain_key_usage = []
|
107
|
+
@all_cert_exts = []
|
108
|
+
|
109
|
+
extract
|
110
|
+
end
|
111
|
+
|
112
|
+
def serial_no(outForm = :hex)
|
113
|
+
if not_empty?(@serial)
|
114
|
+
case outForm
|
115
|
+
when :b64, :base64
|
116
|
+
to_b64(@serial.to_s)
|
117
|
+
when :hex
|
118
|
+
@serial.to_s(16)
|
119
|
+
else
|
120
|
+
@serial
|
121
|
+
end
|
122
|
+
|
123
|
+
else
|
124
|
+
raise X509CertException, "Serial not yet loaded"
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
#
|
129
|
+
# const taken from Ccrypto::X509::CertProfile::KeyUsage::Usages
|
130
|
+
#
|
131
|
+
def has_key_usage?(const)
|
132
|
+
@ku.include?(const)
|
133
|
+
end
|
134
|
+
|
135
|
+
#
|
136
|
+
# const taken from Ccrypto::X509::CertProfile::ExtKeyUsage::Usages
|
137
|
+
#
|
138
|
+
def has_ext_key_usage?(const)
|
139
|
+
@eku.include?(const)
|
140
|
+
end
|
141
|
+
|
142
|
+
def is_CA?
|
143
|
+
@isCa
|
144
|
+
end
|
145
|
+
|
146
|
+
def has_dns?(dns = nil)
|
147
|
+
if dns.nil?
|
148
|
+
@dns_name.length > 0
|
149
|
+
else
|
150
|
+
@dns_name.include?(dns)
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
def has_ip_addr?(ip = nil)
|
155
|
+
if ip.nil?
|
156
|
+
@ip_addr.length > 0
|
157
|
+
else
|
158
|
+
@ip_addr.include?(ip)
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
def has_uri?(uri = nil)
|
163
|
+
if uri.nil?
|
164
|
+
@uri.length > 0
|
165
|
+
else
|
166
|
+
@uri.include?(uri)
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
def has_crl_dist_point?(uri = nil)
|
171
|
+
if uri.nil?
|
172
|
+
@crl_dist_point.length > 0
|
173
|
+
else
|
174
|
+
@crl_dist_point.include?(uri)
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
178
|
+
def has_ocsp_url?(url = nil)
|
179
|
+
if url.nil?
|
180
|
+
@ocsp_url.length > 0
|
181
|
+
else
|
182
|
+
@ocsp_url.include?(url)
|
183
|
+
end
|
184
|
+
end
|
185
|
+
|
186
|
+
def has_issuer_url?(url = nil)
|
187
|
+
if url.nil?
|
188
|
+
@issuer_url.length > 0
|
189
|
+
else
|
190
|
+
@issuer_url.include?(url)
|
191
|
+
end
|
192
|
+
end
|
193
|
+
|
194
|
+
def has_domain_key_usage?(usage = nil)
|
195
|
+
if usage.nil?
|
196
|
+
@domain_key_usage.length > 0
|
197
|
+
else
|
198
|
+
@domain_key_usage.include?(usage)
|
199
|
+
end
|
200
|
+
end
|
201
|
+
|
202
|
+
def has_domain_extension?(ext)
|
203
|
+
@all_cert_exts.include?(ext)
|
204
|
+
end
|
205
|
+
|
206
|
+
def domain_extension(ext)
|
207
|
+
co = org.bouncycastle.cert.jcajce.JcaX509CertificateHolder.new(@cert)
|
208
|
+
extVal = co.getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier.new(ext))
|
209
|
+
extVal.getExtnValue.octets
|
210
|
+
end
|
211
|
+
|
212
|
+
private
|
213
|
+
# extract certificate info
|
214
|
+
def extract
|
215
|
+
co = org.bouncycastle.cert.jcajce.JcaX509CertificateHolder.new(@cert)
|
216
|
+
@owner = X509NameInfo.new(co.subject)
|
217
|
+
@issuer = X509NameInfo.new(co.issuer)
|
218
|
+
@not_before = co.not_before
|
219
|
+
@not_after = co.not_after
|
220
|
+
@serial = co.serial_number
|
221
|
+
|
222
|
+
@all_cert_exts = co.getExtensionOIDs.collect { |e| e.id }
|
223
|
+
|
224
|
+
bcToConst = Ccrypto::Java::BCConstMapping::KeyUsageMapping.invert
|
225
|
+
ku = org.bouncycastle.asn1.x509::KeyUsage.from_extensions(co.extensions)
|
226
|
+
if not ku.nil?
|
227
|
+
Ccrypto::Java::BCConstMapping::KeyUsageMapping.values.each do |id|
|
228
|
+
if ku.has_usages?(id)
|
229
|
+
@ku << bcToConst[id]
|
230
|
+
end
|
231
|
+
end
|
232
|
+
end
|
233
|
+
|
234
|
+
bcToConstExt = Ccrypto::Java::BCConstMapping::ExtKeyUsageMapping.invert
|
235
|
+
#eku = org.bouncycastle.asn1.x509::ExtendedKeyUsage.from_extensions(co.extensions)
|
236
|
+
#if not eku.nil?
|
237
|
+
# Ccrypto::Java::BCConstMapping::ExtKeyUsageMapping.values.each do |id|
|
238
|
+
# if eku.has_key_purpose_id?(id)
|
239
|
+
# @eku << bcToConstExt[id]
|
240
|
+
# end
|
241
|
+
# end
|
242
|
+
#end
|
243
|
+
|
244
|
+
eku = co.getExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage)
|
245
|
+
if not eku.nil?
|
246
|
+
eku.parsed_value.to_a.each do |v|
|
247
|
+
if bcToConstExt.keys.include?(v)
|
248
|
+
@eku << bcToConstExt[v]
|
249
|
+
else
|
250
|
+
@domain_key_usage << v.id
|
251
|
+
end
|
252
|
+
end
|
253
|
+
end
|
254
|
+
|
255
|
+
|
256
|
+
bc = org.bouncycastle.asn1.x509::BasicConstraints.from_extensions(co.extensions)
|
257
|
+
if not bc.nil?
|
258
|
+
@isCa = bc.isCA
|
259
|
+
if @isCa
|
260
|
+
@caPathLen = bc.path_len_constraint
|
261
|
+
end
|
262
|
+
else
|
263
|
+
@isCa = false
|
264
|
+
end
|
265
|
+
|
266
|
+
sans = co.getExtension(org.bouncycastle.asn1.x509.Extension::subjectAlternativeName)
|
267
|
+
if not sans.nil?
|
268
|
+
sans.parsed_value.to_a.each do |a|
|
269
|
+
case a.tag_no
|
270
|
+
when org.bouncycastle.asn1.x509.GeneralName::rfc822Name
|
271
|
+
val = java.lang.String.new(a.contents)
|
272
|
+
@owner.email = val
|
273
|
+
when org.bouncycastle.asn1.x509.GeneralName::dNSName
|
274
|
+
val = java.lang.String.new(a.contents)
|
275
|
+
@dns_name << val
|
276
|
+
when org.bouncycastle.asn1.x509.GeneralName::iPAddress
|
277
|
+
@ip_addr << java.net.InetAddress.getByAddress(a.contents).host_address
|
278
|
+
when org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
|
279
|
+
val = java.lang.String.new(a.contents)
|
280
|
+
@uri << val
|
281
|
+
end
|
282
|
+
end
|
283
|
+
end
|
284
|
+
|
285
|
+
cdp = org.bouncycastle.asn1.x509::CRLDistPoint.from_extensions(co.extensions)
|
286
|
+
if not cdp.nil?
|
287
|
+
cdp.getDistributionPoints.each do |dp|
|
288
|
+
dpName = dp.distribution_point
|
289
|
+
if not dpName.nil?
|
290
|
+
if dpName.type == org.bouncycastle.asn1.x509.DistributionPointName::FULL_NAME
|
291
|
+
org.bouncycastle.asn1.x509.GeneralNames::getInstance(dpName.getName).names.each do |n|
|
292
|
+
if n.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
|
293
|
+
@crl_dist_point << org.bouncycastle.asn1.DERIA5String.getInstance(n.name).getString()
|
294
|
+
end
|
295
|
+
end
|
296
|
+
end
|
297
|
+
end
|
298
|
+
end
|
299
|
+
end
|
300
|
+
|
301
|
+
aia = org.bouncycastle.asn1.x509::AuthorityInformationAccess.from_extensions(co.extensions)
|
302
|
+
if not aia.nil?
|
303
|
+
aia.getAccessDescriptions.each do |ad|
|
304
|
+
case ad.access_method.id
|
305
|
+
when org.bouncycastle.asn1.x509.AccessDescription.id_ad_ocsp.id
|
306
|
+
if ad.access_location.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
|
307
|
+
@ocsp_url << org.bouncycastle.asn1.DERIA5String.getInstance(ad.access_location.name).getString()
|
308
|
+
end
|
309
|
+
when org.bouncycastle.asn1.x509.AccessDescription.id_ad_caIssuers.id
|
310
|
+
if ad.access_location.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
|
311
|
+
@issuer_url << org.bouncycastle.asn1.DERIA5String.getInstance(ad.access_location.name).getString()
|
312
|
+
end
|
313
|
+
end
|
314
|
+
end
|
315
|
+
end
|
316
|
+
|
317
|
+
end # extract
|
318
|
+
|
319
|
+
end # class X509CertInfo
|
320
|
+
|
321
|
+
#
|
322
|
+
# X509Cert object
|
323
|
+
#
|
4
324
|
class X509Cert
|
5
325
|
include TR::CondUtils
|
326
|
+
include Java::DataConversion
|
6
327
|
|
7
328
|
def to_der
|
8
329
|
@nativeX509.encoded
|
9
330
|
end
|
10
331
|
|
332
|
+
def self.to_cert_from_file(path)
|
333
|
+
if File.exist?(path)
|
334
|
+
to_java_cert(java.io.FileInputStream.new(path))
|
335
|
+
else
|
336
|
+
raise Error, "Given file to load '#{path}' does not exist"
|
337
|
+
end
|
338
|
+
end
|
339
|
+
|
340
|
+
def self.from_pem(str)
|
341
|
+
case str
|
342
|
+
when String
|
343
|
+
sstr = str.lines
|
344
|
+
if sstr[0] =~ /BEGIN CERTIFICATE/
|
345
|
+
certBin = from_b64_mime(sstr[1..-2].join)
|
346
|
+
baos = java.io.ByteArrayOutputStream.new
|
347
|
+
baos.write(certBin)
|
348
|
+
to_java_cert(baos.toByteArray)
|
349
|
+
else
|
350
|
+
raise Error, "Not a certificate PEM"
|
351
|
+
end
|
352
|
+
else
|
353
|
+
if str.to_java.is_a?(Java::byte[])
|
354
|
+
else
|
355
|
+
raise Error, "Unsupported input '#{str.class}' to read PEM format"
|
356
|
+
end
|
357
|
+
end
|
358
|
+
end
|
359
|
+
|
360
|
+
def to_pem
|
361
|
+
out = []
|
362
|
+
out << "-----BEGIN CERTIFICATE-----"
|
363
|
+
out << to_b64_mime(@nativeX509.encoded)
|
364
|
+
out << "-----END CERTIFICATE-----"
|
365
|
+
out.join("\n")
|
366
|
+
end
|
367
|
+
|
368
|
+
def self.from_storage(input, opts = { format: :b64 })
|
369
|
+
defOpts = {
|
370
|
+
jce_provider: Java::JCEProvider::DEFProv
|
371
|
+
}
|
372
|
+
|
373
|
+
defOpts.merge!(opts)
|
374
|
+
|
375
|
+
case defOpts[:format]
|
376
|
+
when :b64, :base64
|
377
|
+
bin = from_b64(input)
|
378
|
+
when :hex
|
379
|
+
# hex
|
380
|
+
bin = from_hex(input)
|
381
|
+
else
|
382
|
+
# binary
|
383
|
+
bin = input
|
384
|
+
end
|
385
|
+
|
386
|
+
to_java_cert(bin, defOpts[:jce_provider])
|
387
|
+
end
|
388
|
+
|
11
389
|
def method_missing(mtd, *args, &block)
|
12
|
-
|
390
|
+
if cert_info.respond_to?(mtd)
|
391
|
+
cert_info.send(mtd, *args, &block)
|
392
|
+
elsif @nativeX509.respond_to?(mtd)
|
393
|
+
@nativeX509.send(mtd, *args, &block)
|
394
|
+
else
|
395
|
+
super
|
396
|
+
end
|
13
397
|
end
|
14
398
|
|
15
399
|
def equal?(cert)
|
@@ -27,22 +411,62 @@ module Ccrypto
|
|
27
411
|
tcert.encoded == @nativeX509.encoded
|
28
412
|
end
|
29
413
|
end
|
414
|
+
alias_method :equals?, :equal?
|
30
415
|
|
31
|
-
|
416
|
+
|
417
|
+
def owner
|
418
|
+
cert_info.owner
|
419
|
+
end
|
420
|
+
|
421
|
+
def self.to_java_cert(cert, prov = Java::JCEProvider::DEFProv)
|
32
422
|
raise X509CertException, "Given certificate to convert to Java certificate object is empty" if is_empty?(cert)
|
33
423
|
|
34
424
|
case cert
|
425
|
+
when org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject
|
426
|
+
#Ccrypto.logger(:x509_cert).debug "Given X509CertificateObject to convert"
|
427
|
+
cert.to_java(java.security.cert.Certificate)
|
428
|
+
|
35
429
|
when java.security.cert.Certificate
|
430
|
+
#Ccrypto.logger(:x509_cert).debug "Given java certificate object to convert"
|
36
431
|
cert
|
37
432
|
when org.bouncycastle.cert.X509CertificateHolder
|
38
|
-
|
433
|
+
#Ccrypto.logger(:x509_cert).debug "Given BC certificate holder to convert"
|
434
|
+
org.bouncycastle.cert.jcajce.JcaX509CertificateConverter.new.get_certificate(cert)
|
435
|
+
#cert.to_java_cert
|
39
436
|
when Ccrypto::X509Cert
|
437
|
+
#Ccrypto.logger(:x509_cert).debug "Given Ccrypto::X509Cert to convert"
|
40
438
|
to_java_cert(cert.nativeX509)
|
439
|
+
|
440
|
+
when String
|
441
|
+
#Ccrypto.logger(:x509_cert).debug "Given String to convert"
|
442
|
+
cf = java.security.cert.CertificateFactory.getInstance("X.509", prov)
|
443
|
+
c = cf.generateCertificate(java.io.ByteArrayInputStream.new(cert))
|
444
|
+
Ccrypto::X509Cert.new(c)
|
445
|
+
|
41
446
|
else
|
42
|
-
|
447
|
+
|
448
|
+
if cert.to_java.is_a?(::Java::byte[])
|
449
|
+
#Ccrypto.logger(:x509_cert).debug "Given java byte array to convert"
|
450
|
+
cf = java.security.cert.CertificateFactory.getInstance("X.509", prov)
|
451
|
+
c = cf.generateCertificate(java.io.ByteArrayInputStream.new(cert)).to_java(java.security.cert.X509Certificate)
|
452
|
+
Ccrypto::X509Cert.new(c)
|
453
|
+
else
|
454
|
+
raise X509CertException, "Unknown certificate type #{cert.class} for conversion"
|
455
|
+
end
|
456
|
+
|
43
457
|
end
|
44
458
|
|
45
459
|
end
|
46
460
|
|
47
|
-
|
461
|
+
def cert_info
|
462
|
+
raise X509CertException, "Certificate not given to extract cert info" if @nativeX509.nil?
|
463
|
+
|
464
|
+
if @_cert_info.nil?
|
465
|
+
@_cert_info = X509CertInfo.new(@nativeX509)
|
466
|
+
end
|
467
|
+
@_cert_info
|
468
|
+
end
|
469
|
+
|
470
|
+
end # end X509Cert
|
471
|
+
|
48
472
|
end
|