ccrypto-java 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.java-version +1 -1
- data/.release_history.yml +4 -0
- data/.ruby-version +1 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +68 -53
- data/Rakefile +2 -1
- data/bin/console +14 -0
- data/jars/bcjmail-jdk18on-172.jar +0 -0
- data/jars/bcmail-jdk18on-172.jar +0 -0
- data/jars/bcpg-jdk18on-172.1.jar +0 -0
- data/jars/bcpkix-jdk18on-172.jar +0 -0
- data/jars/bcprov-ext-jdk18on-172.jar +0 -0
- data/jars/bcprov-jdk18on-172.jar +0 -0
- data/jars/bctls-jdk18on-172.jar +0 -0
- data/jars/bcutil-jdk18on-172.jar +0 -0
- data/lib/ccrypto/java/bc_const_mapping.rb +42 -0
- data/lib/ccrypto/java/data_conversion.rb +23 -2
- data/lib/ccrypto/java/engines/argon2_engine.rb +95 -0
- data/lib/ccrypto/java/engines/asn1_engine.rb +2 -1
- data/lib/ccrypto/java/engines/bcrypt_engine.rb +56 -0
- data/lib/ccrypto/java/engines/cipher_engine.rb +462 -130
- data/lib/ccrypto/java/engines/compression_engine.rb +7 -28
- data/lib/ccrypto/java/engines/crystal_dilithium_engine.rb +226 -0
- data/lib/ccrypto/java/engines/crystal_kyber_engine.rb +260 -0
- data/lib/ccrypto/java/engines/decompression_engine.rb +5 -4
- data/lib/ccrypto/java/engines/digest_engine.rb +221 -139
- data/lib/ccrypto/java/engines/ecc_engine.rb +249 -96
- data/lib/ccrypto/java/engines/ed25519_engine.rb +211 -0
- data/lib/ccrypto/java/engines/hkdf_engine.rb +82 -23
- data/lib/ccrypto/java/engines/hmac_engine.rb +98 -23
- data/lib/ccrypto/java/engines/pbkdf2_engine.rb +82 -33
- data/lib/ccrypto/java/engines/pkcs7_engine.rb +44 -33
- data/lib/ccrypto/java/engines/rsa_engine.rb +85 -31
- data/lib/ccrypto/java/engines/scrypt_engine.rb +12 -3
- data/lib/ccrypto/java/engines/secret_key_engine.rb +77 -12
- data/lib/ccrypto/java/engines/secret_sharing_engine.rb +17 -2
- data/lib/ccrypto/java/engines/x25519_engine.rb +249 -0
- data/lib/ccrypto/java/engines/x509_csr_engine.rb +141 -0
- data/lib/ccrypto/java/engines/x509_engine.rb +365 -71
- data/lib/ccrypto/java/ext/secret_key.rb +37 -25
- data/lib/ccrypto/java/ext/x509_cert.rb +429 -5
- data/lib/ccrypto/java/ext/x509_csr.rb +151 -0
- data/lib/ccrypto/java/jce_provider.rb +0 -11
- data/lib/ccrypto/java/keystore/jce_keystore.rb +205 -0
- data/lib/ccrypto/java/keystore/jks_keystore.rb +52 -0
- data/lib/ccrypto/java/keystore/keystore.rb +97 -0
- data/lib/ccrypto/java/keystore/pem_keystore.rb +147 -0
- data/lib/ccrypto/java/keystore/pkcs12_keystore.rb +56 -0
- data/lib/ccrypto/java/utils/comparator.rb +25 -2
- data/lib/ccrypto/java/version.rb +1 -1
- data/lib/ccrypto/java.rb +46 -0
- data/lib/ccrypto/provider.rb +139 -3
- metadata +40 -24
- data/ccrypto-java.gemspec +0 -44
- data/jars/bcmail-jdk15on-165.jar +0 -0
- data/jars/bcpg-jdk15on-165.jar +0 -0
- data/jars/bcpkix-jdk15on-165.jar +0 -0
- data/jars/bcprov-ext-jdk15on-165.jar +0 -0
- data/jars/bcprov-jdk15on-165.jar +0 -0
- data/jars/bctls-jdk15on-165.jar +0 -0
- data/lib/ccrypto/java/keybundle_store/pkcs12.rb +0 -125
@@ -5,71 +5,83 @@ module Ccrypto
|
|
5
5
|
class SecretKey
|
6
6
|
include Java::DataConversion
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
def initialize(algo, keysize, key)
|
9
|
+
@algo = algo
|
10
|
+
@keysize = keysize
|
11
|
+
@native_key = key
|
12
|
+
@native_key = to_jce_secret_key
|
13
|
+
end
|
10
14
|
|
11
15
|
def to_jce_secret_key
|
12
|
-
case @
|
16
|
+
case @native_key
|
13
17
|
when javax.crypto.spec.SecretKeySpec
|
14
|
-
@
|
18
|
+
@native_key
|
15
19
|
when ::Java::byte[]
|
16
|
-
javax.crypto.spec.SecretKeySpec.new(@
|
20
|
+
javax.crypto.spec.SecretKeySpec.new(@native_key, @algo.to_s)
|
21
|
+
|
22
|
+
when String
|
23
|
+
javax.crypto.spec.SecretKeySpec.new(to_java_bytes(@native_key), @algo.to_s)
|
17
24
|
|
18
25
|
else
|
19
|
-
case @
|
26
|
+
case @native_key.ccrypto_key
|
20
27
|
when javax.crypto.spec.SecretKeySpec
|
21
|
-
@
|
28
|
+
@native_key.ccrypto_key
|
22
29
|
when ::Java::byte[]
|
23
|
-
javax.crypto.spec.SecretKeySpec.new(@
|
30
|
+
javax.crypto.spec.SecretKeySpec.new(@native_key.ccrypto_key, @algo.to_s)
|
31
|
+
when Ccrypto::SecretKey
|
32
|
+
@native_key.ccrypto_key.native_key
|
24
33
|
else
|
25
|
-
raise Ccrypto::Error, "Unknown key to conver to jce #{@
|
34
|
+
raise Ccrypto::Error, "Unknown key to conver to jce #{@native_key.ccrypto_key}"
|
26
35
|
end
|
27
36
|
end
|
28
37
|
end
|
29
38
|
|
30
39
|
def to_bin
|
31
|
-
case @
|
40
|
+
case @native_key
|
32
41
|
when javax.crypto.spec.SecretKeySpec
|
33
|
-
@
|
42
|
+
@native_key.encoded
|
34
43
|
else
|
35
|
-
raise Ccrypto::Error, "Unsupported key type #{@
|
44
|
+
raise Ccrypto::Error, "Unsupported key type #{@native_key.class}"
|
36
45
|
end
|
37
46
|
end
|
38
47
|
|
39
48
|
def length
|
40
|
-
case @
|
49
|
+
case @native_key
|
41
50
|
when javax.crypto.spec.SecretKeySpec
|
42
|
-
@
|
43
|
-
when ::Java::byte[]
|
44
|
-
@
|
51
|
+
@native_key.encoded.length
|
52
|
+
when ::Java::byte[], String
|
53
|
+
@native_key.length
|
45
54
|
else
|
46
|
-
@
|
55
|
+
@native_key.key.encoded.length
|
47
56
|
end
|
48
57
|
end
|
49
58
|
|
50
59
|
def equals?(key)
|
51
60
|
case key
|
52
61
|
when Ccrypto::SecretKey
|
53
|
-
|
62
|
+
logger.debug "Given key is Ccrypto::SecretKey"
|
54
63
|
to_jce_secret_key.encoded == key.to_jce_secret_key.encoded
|
55
64
|
when javax.crypto.spec.SecretKeySpec
|
56
|
-
|
65
|
+
logger.debug "Given key is java SecretKeySpec"
|
57
66
|
to_jce_secret_key.encoded == key.encoded
|
58
67
|
when ::Java::byte[]
|
59
68
|
to_jce_secret_key.encoded == key
|
60
69
|
when String
|
61
70
|
to_jce_secret_key.encoded == to_java_bytes(key)
|
62
71
|
else
|
63
|
-
|
72
|
+
logger.debug "Not sure how to compare : #{self} / #{key}"
|
64
73
|
to_jce_secret_key == key
|
65
74
|
end
|
66
75
|
end
|
67
76
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
77
|
+
def ==(val)
|
78
|
+
self.equals?(val)
|
79
|
+
end
|
80
|
+
|
81
|
+
private
|
82
|
+
def logger
|
83
|
+
Ccrypto::Java.logger(:seckey)
|
84
|
+
end
|
73
85
|
|
74
86
|
end
|
75
87
|
end
|
@@ -1,15 +1,399 @@
|
|
1
1
|
|
2
2
|
|
3
|
+
require_relative '../bc_const_mapping'
|
4
|
+
|
5
|
+
java_import org.bouncycastle.asn1.x500.style.BCStyle
|
6
|
+
java_import org.bouncycastle.asn1.x500.style.IETFUtils
|
7
|
+
java_import org.bouncycastle.asn1.x509.Extension
|
8
|
+
java_import org.bouncycastle.asn1.x509.KeyUsage
|
9
|
+
|
3
10
|
module Ccrypto
|
11
|
+
class X509NameInfo
|
12
|
+
include TR::CondUtils
|
13
|
+
|
14
|
+
attr_reader :name, :org_unit, :org
|
15
|
+
|
16
|
+
def initialize(x500name)
|
17
|
+
@x500Name = x500name
|
18
|
+
extract
|
19
|
+
end
|
20
|
+
|
21
|
+
def email=(val)
|
22
|
+
if val.is_a?(Array)
|
23
|
+
emails.concat(val)
|
24
|
+
else
|
25
|
+
emails << val
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def emails
|
30
|
+
if @_emails.nil?
|
31
|
+
@_emails = []
|
32
|
+
end
|
33
|
+
@_emails
|
34
|
+
end
|
35
|
+
|
36
|
+
def has_email?(name)
|
37
|
+
emails.include?(name)
|
38
|
+
end
|
39
|
+
|
40
|
+
def to_s
|
41
|
+
@x500Name.toString
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
def extract
|
46
|
+
name = @x500Name.getRDNs(BCStyle::CN)[0]
|
47
|
+
@name = IETFUtils.valueToString(name.first.value) if not_empty?(name)
|
48
|
+
|
49
|
+
ou = @x500Name.getRDNs(BCStyle::OU)
|
50
|
+
if not_empty?(ou)
|
51
|
+
@org_unit = []
|
52
|
+
ou.each do |o|
|
53
|
+
@org_unit << IETFUtils.valueToString(o.first.value)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
org = @x500Name.getRDNs(BCStyle::O)
|
58
|
+
if not_empty?(org)
|
59
|
+
org = org[0]
|
60
|
+
@org = IETFUtils.valueToString(org.first.value)
|
61
|
+
end
|
62
|
+
|
63
|
+
e = @x500Name.getRDNs(BCStyle::E)
|
64
|
+
if not_empty?(e)
|
65
|
+
e.each do |o|
|
66
|
+
email << IETFUtils.valueToString(o.first.value)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
e2 = @x500Name.getRDNs(BCStyle::EmailAddress)
|
71
|
+
if not_empty?(e2)
|
72
|
+
e2.each do |o|
|
73
|
+
email << IETFUtils.valueToString(o.first.value)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
end # extract
|
78
|
+
|
79
|
+
end # X509NameInfo
|
80
|
+
|
81
|
+
class X509CertInfo
|
82
|
+
include TR::CondUtils
|
83
|
+
include Ccrypto::Java::DataConversion
|
84
|
+
|
85
|
+
attr_reader :owner # X509NameInfo structure
|
86
|
+
attr_reader :issuer # X509NameInfo structure
|
87
|
+
attr_reader :serial
|
88
|
+
attr_reader :not_before, :not_after
|
89
|
+
# extension
|
90
|
+
attr_reader :dns_name, :ip_addr, :uri
|
91
|
+
attr_reader :crl_dist_point, :ocsp_url, :issuer_url
|
92
|
+
|
93
|
+
def initialize(cert)
|
94
|
+
raise X509CertException, "Given certificate to extract cannot be nil" if cert.nil?
|
95
|
+
@cert = cert
|
96
|
+
|
97
|
+
@ku = []
|
98
|
+
@eku = []
|
99
|
+
@dns_name = []
|
100
|
+
@ip_addr = []
|
101
|
+
@uri = []
|
102
|
+
@crl_dist_point = []
|
103
|
+
@ocsp_url = []
|
104
|
+
@issuer_url = []
|
105
|
+
|
106
|
+
@domain_key_usage = []
|
107
|
+
@all_cert_exts = []
|
108
|
+
|
109
|
+
extract
|
110
|
+
end
|
111
|
+
|
112
|
+
def serial_no(outForm = :hex)
|
113
|
+
if not_empty?(@serial)
|
114
|
+
case outForm
|
115
|
+
when :b64, :base64
|
116
|
+
to_b64(@serial.to_s)
|
117
|
+
when :hex
|
118
|
+
@serial.to_s(16)
|
119
|
+
else
|
120
|
+
@serial
|
121
|
+
end
|
122
|
+
|
123
|
+
else
|
124
|
+
raise X509CertException, "Serial not yet loaded"
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
#
|
129
|
+
# const taken from Ccrypto::X509::CertProfile::KeyUsage::Usages
|
130
|
+
#
|
131
|
+
def has_key_usage?(const)
|
132
|
+
@ku.include?(const)
|
133
|
+
end
|
134
|
+
|
135
|
+
#
|
136
|
+
# const taken from Ccrypto::X509::CertProfile::ExtKeyUsage::Usages
|
137
|
+
#
|
138
|
+
def has_ext_key_usage?(const)
|
139
|
+
@eku.include?(const)
|
140
|
+
end
|
141
|
+
|
142
|
+
def is_CA?
|
143
|
+
@isCa
|
144
|
+
end
|
145
|
+
|
146
|
+
def has_dns?(dns = nil)
|
147
|
+
if dns.nil?
|
148
|
+
@dns_name.length > 0
|
149
|
+
else
|
150
|
+
@dns_name.include?(dns)
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
def has_ip_addr?(ip = nil)
|
155
|
+
if ip.nil?
|
156
|
+
@ip_addr.length > 0
|
157
|
+
else
|
158
|
+
@ip_addr.include?(ip)
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
def has_uri?(uri = nil)
|
163
|
+
if uri.nil?
|
164
|
+
@uri.length > 0
|
165
|
+
else
|
166
|
+
@uri.include?(uri)
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
def has_crl_dist_point?(uri = nil)
|
171
|
+
if uri.nil?
|
172
|
+
@crl_dist_point.length > 0
|
173
|
+
else
|
174
|
+
@crl_dist_point.include?(uri)
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
178
|
+
def has_ocsp_url?(url = nil)
|
179
|
+
if url.nil?
|
180
|
+
@ocsp_url.length > 0
|
181
|
+
else
|
182
|
+
@ocsp_url.include?(url)
|
183
|
+
end
|
184
|
+
end
|
185
|
+
|
186
|
+
def has_issuer_url?(url = nil)
|
187
|
+
if url.nil?
|
188
|
+
@issuer_url.length > 0
|
189
|
+
else
|
190
|
+
@issuer_url.include?(url)
|
191
|
+
end
|
192
|
+
end
|
193
|
+
|
194
|
+
def has_domain_key_usage?(usage = nil)
|
195
|
+
if usage.nil?
|
196
|
+
@domain_key_usage.length > 0
|
197
|
+
else
|
198
|
+
@domain_key_usage.include?(usage)
|
199
|
+
end
|
200
|
+
end
|
201
|
+
|
202
|
+
def has_domain_extension?(ext)
|
203
|
+
@all_cert_exts.include?(ext)
|
204
|
+
end
|
205
|
+
|
206
|
+
def domain_extension(ext)
|
207
|
+
co = org.bouncycastle.cert.jcajce.JcaX509CertificateHolder.new(@cert)
|
208
|
+
extVal = co.getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier.new(ext))
|
209
|
+
extVal.getExtnValue.octets
|
210
|
+
end
|
211
|
+
|
212
|
+
private
|
213
|
+
# extract certificate info
|
214
|
+
def extract
|
215
|
+
co = org.bouncycastle.cert.jcajce.JcaX509CertificateHolder.new(@cert)
|
216
|
+
@owner = X509NameInfo.new(co.subject)
|
217
|
+
@issuer = X509NameInfo.new(co.issuer)
|
218
|
+
@not_before = co.not_before
|
219
|
+
@not_after = co.not_after
|
220
|
+
@serial = co.serial_number
|
221
|
+
|
222
|
+
@all_cert_exts = co.getExtensionOIDs.collect { |e| e.id }
|
223
|
+
|
224
|
+
bcToConst = Ccrypto::Java::BCConstMapping::KeyUsageMapping.invert
|
225
|
+
ku = org.bouncycastle.asn1.x509::KeyUsage.from_extensions(co.extensions)
|
226
|
+
if not ku.nil?
|
227
|
+
Ccrypto::Java::BCConstMapping::KeyUsageMapping.values.each do |id|
|
228
|
+
if ku.has_usages?(id)
|
229
|
+
@ku << bcToConst[id]
|
230
|
+
end
|
231
|
+
end
|
232
|
+
end
|
233
|
+
|
234
|
+
bcToConstExt = Ccrypto::Java::BCConstMapping::ExtKeyUsageMapping.invert
|
235
|
+
#eku = org.bouncycastle.asn1.x509::ExtendedKeyUsage.from_extensions(co.extensions)
|
236
|
+
#if not eku.nil?
|
237
|
+
# Ccrypto::Java::BCConstMapping::ExtKeyUsageMapping.values.each do |id|
|
238
|
+
# if eku.has_key_purpose_id?(id)
|
239
|
+
# @eku << bcToConstExt[id]
|
240
|
+
# end
|
241
|
+
# end
|
242
|
+
#end
|
243
|
+
|
244
|
+
eku = co.getExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage)
|
245
|
+
if not eku.nil?
|
246
|
+
eku.parsed_value.to_a.each do |v|
|
247
|
+
if bcToConstExt.keys.include?(v)
|
248
|
+
@eku << bcToConstExt[v]
|
249
|
+
else
|
250
|
+
@domain_key_usage << v.id
|
251
|
+
end
|
252
|
+
end
|
253
|
+
end
|
254
|
+
|
255
|
+
|
256
|
+
bc = org.bouncycastle.asn1.x509::BasicConstraints.from_extensions(co.extensions)
|
257
|
+
if not bc.nil?
|
258
|
+
@isCa = bc.isCA
|
259
|
+
if @isCa
|
260
|
+
@caPathLen = bc.path_len_constraint
|
261
|
+
end
|
262
|
+
else
|
263
|
+
@isCa = false
|
264
|
+
end
|
265
|
+
|
266
|
+
sans = co.getExtension(org.bouncycastle.asn1.x509.Extension::subjectAlternativeName)
|
267
|
+
if not sans.nil?
|
268
|
+
sans.parsed_value.to_a.each do |a|
|
269
|
+
case a.tag_no
|
270
|
+
when org.bouncycastle.asn1.x509.GeneralName::rfc822Name
|
271
|
+
val = java.lang.String.new(a.contents)
|
272
|
+
@owner.email = val
|
273
|
+
when org.bouncycastle.asn1.x509.GeneralName::dNSName
|
274
|
+
val = java.lang.String.new(a.contents)
|
275
|
+
@dns_name << val
|
276
|
+
when org.bouncycastle.asn1.x509.GeneralName::iPAddress
|
277
|
+
@ip_addr << java.net.InetAddress.getByAddress(a.contents).host_address
|
278
|
+
when org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
|
279
|
+
val = java.lang.String.new(a.contents)
|
280
|
+
@uri << val
|
281
|
+
end
|
282
|
+
end
|
283
|
+
end
|
284
|
+
|
285
|
+
cdp = org.bouncycastle.asn1.x509::CRLDistPoint.from_extensions(co.extensions)
|
286
|
+
if not cdp.nil?
|
287
|
+
cdp.getDistributionPoints.each do |dp|
|
288
|
+
dpName = dp.distribution_point
|
289
|
+
if not dpName.nil?
|
290
|
+
if dpName.type == org.bouncycastle.asn1.x509.DistributionPointName::FULL_NAME
|
291
|
+
org.bouncycastle.asn1.x509.GeneralNames::getInstance(dpName.getName).names.each do |n|
|
292
|
+
if n.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
|
293
|
+
@crl_dist_point << org.bouncycastle.asn1.DERIA5String.getInstance(n.name).getString()
|
294
|
+
end
|
295
|
+
end
|
296
|
+
end
|
297
|
+
end
|
298
|
+
end
|
299
|
+
end
|
300
|
+
|
301
|
+
aia = org.bouncycastle.asn1.x509::AuthorityInformationAccess.from_extensions(co.extensions)
|
302
|
+
if not aia.nil?
|
303
|
+
aia.getAccessDescriptions.each do |ad|
|
304
|
+
case ad.access_method.id
|
305
|
+
when org.bouncycastle.asn1.x509.AccessDescription.id_ad_ocsp.id
|
306
|
+
if ad.access_location.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
|
307
|
+
@ocsp_url << org.bouncycastle.asn1.DERIA5String.getInstance(ad.access_location.name).getString()
|
308
|
+
end
|
309
|
+
when org.bouncycastle.asn1.x509.AccessDescription.id_ad_caIssuers.id
|
310
|
+
if ad.access_location.tag_no == org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier
|
311
|
+
@issuer_url << org.bouncycastle.asn1.DERIA5String.getInstance(ad.access_location.name).getString()
|
312
|
+
end
|
313
|
+
end
|
314
|
+
end
|
315
|
+
end
|
316
|
+
|
317
|
+
end # extract
|
318
|
+
|
319
|
+
end # class X509CertInfo
|
320
|
+
|
321
|
+
#
|
322
|
+
# X509Cert object
|
323
|
+
#
|
4
324
|
class X509Cert
|
5
325
|
include TR::CondUtils
|
326
|
+
include Java::DataConversion
|
6
327
|
|
7
328
|
def to_der
|
8
329
|
@nativeX509.encoded
|
9
330
|
end
|
10
331
|
|
332
|
+
def self.to_cert_from_file(path)
|
333
|
+
if File.exist?(path)
|
334
|
+
to_java_cert(java.io.FileInputStream.new(path))
|
335
|
+
else
|
336
|
+
raise Error, "Given file to load '#{path}' does not exist"
|
337
|
+
end
|
338
|
+
end
|
339
|
+
|
340
|
+
def self.from_pem(str)
|
341
|
+
case str
|
342
|
+
when String
|
343
|
+
sstr = str.lines
|
344
|
+
if sstr[0] =~ /BEGIN CERTIFICATE/
|
345
|
+
certBin = from_b64_mime(sstr[1..-2].join)
|
346
|
+
baos = java.io.ByteArrayOutputStream.new
|
347
|
+
baos.write(certBin)
|
348
|
+
to_java_cert(baos.toByteArray)
|
349
|
+
else
|
350
|
+
raise Error, "Not a certificate PEM"
|
351
|
+
end
|
352
|
+
else
|
353
|
+
if str.to_java.is_a?(Java::byte[])
|
354
|
+
else
|
355
|
+
raise Error, "Unsupported input '#{str.class}' to read PEM format"
|
356
|
+
end
|
357
|
+
end
|
358
|
+
end
|
359
|
+
|
360
|
+
def to_pem
|
361
|
+
out = []
|
362
|
+
out << "-----BEGIN CERTIFICATE-----"
|
363
|
+
out << to_b64_mime(@nativeX509.encoded)
|
364
|
+
out << "-----END CERTIFICATE-----"
|
365
|
+
out.join("\n")
|
366
|
+
end
|
367
|
+
|
368
|
+
def self.from_storage(input, opts = { format: :b64 })
|
369
|
+
defOpts = {
|
370
|
+
jce_provider: Java::JCEProvider::DEFProv
|
371
|
+
}
|
372
|
+
|
373
|
+
defOpts.merge!(opts)
|
374
|
+
|
375
|
+
case defOpts[:format]
|
376
|
+
when :b64, :base64
|
377
|
+
bin = from_b64(input)
|
378
|
+
when :hex
|
379
|
+
# hex
|
380
|
+
bin = from_hex(input)
|
381
|
+
else
|
382
|
+
# binary
|
383
|
+
bin = input
|
384
|
+
end
|
385
|
+
|
386
|
+
to_java_cert(bin, defOpts[:jce_provider])
|
387
|
+
end
|
388
|
+
|
11
389
|
def method_missing(mtd, *args, &block)
|
12
|
-
|
390
|
+
if cert_info.respond_to?(mtd)
|
391
|
+
cert_info.send(mtd, *args, &block)
|
392
|
+
elsif @nativeX509.respond_to?(mtd)
|
393
|
+
@nativeX509.send(mtd, *args, &block)
|
394
|
+
else
|
395
|
+
super
|
396
|
+
end
|
13
397
|
end
|
14
398
|
|
15
399
|
def equal?(cert)
|
@@ -27,22 +411,62 @@ module Ccrypto
|
|
27
411
|
tcert.encoded == @nativeX509.encoded
|
28
412
|
end
|
29
413
|
end
|
414
|
+
alias_method :equals?, :equal?
|
30
415
|
|
31
|
-
|
416
|
+
|
417
|
+
def owner
|
418
|
+
cert_info.owner
|
419
|
+
end
|
420
|
+
|
421
|
+
def self.to_java_cert(cert, prov = Java::JCEProvider::DEFProv)
|
32
422
|
raise X509CertException, "Given certificate to convert to Java certificate object is empty" if is_empty?(cert)
|
33
423
|
|
34
424
|
case cert
|
425
|
+
when org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject
|
426
|
+
#Ccrypto.logger(:x509_cert).debug "Given X509CertificateObject to convert"
|
427
|
+
cert.to_java(java.security.cert.Certificate)
|
428
|
+
|
35
429
|
when java.security.cert.Certificate
|
430
|
+
#Ccrypto.logger(:x509_cert).debug "Given java certificate object to convert"
|
36
431
|
cert
|
37
432
|
when org.bouncycastle.cert.X509CertificateHolder
|
38
|
-
|
433
|
+
#Ccrypto.logger(:x509_cert).debug "Given BC certificate holder to convert"
|
434
|
+
org.bouncycastle.cert.jcajce.JcaX509CertificateConverter.new.get_certificate(cert)
|
435
|
+
#cert.to_java_cert
|
39
436
|
when Ccrypto::X509Cert
|
437
|
+
#Ccrypto.logger(:x509_cert).debug "Given Ccrypto::X509Cert to convert"
|
40
438
|
to_java_cert(cert.nativeX509)
|
439
|
+
|
440
|
+
when String
|
441
|
+
#Ccrypto.logger(:x509_cert).debug "Given String to convert"
|
442
|
+
cf = java.security.cert.CertificateFactory.getInstance("X.509", prov)
|
443
|
+
c = cf.generateCertificate(java.io.ByteArrayInputStream.new(cert))
|
444
|
+
Ccrypto::X509Cert.new(c)
|
445
|
+
|
41
446
|
else
|
42
|
-
|
447
|
+
|
448
|
+
if cert.to_java.is_a?(::Java::byte[])
|
449
|
+
#Ccrypto.logger(:x509_cert).debug "Given java byte array to convert"
|
450
|
+
cf = java.security.cert.CertificateFactory.getInstance("X.509", prov)
|
451
|
+
c = cf.generateCertificate(java.io.ByteArrayInputStream.new(cert)).to_java(java.security.cert.X509Certificate)
|
452
|
+
Ccrypto::X509Cert.new(c)
|
453
|
+
else
|
454
|
+
raise X509CertException, "Unknown certificate type #{cert.class} for conversion"
|
455
|
+
end
|
456
|
+
|
43
457
|
end
|
44
458
|
|
45
459
|
end
|
46
460
|
|
47
|
-
|
461
|
+
def cert_info
|
462
|
+
raise X509CertException, "Certificate not given to extract cert info" if @nativeX509.nil?
|
463
|
+
|
464
|
+
if @_cert_info.nil?
|
465
|
+
@_cert_info = X509CertInfo.new(@nativeX509)
|
466
|
+
end
|
467
|
+
@_cert_info
|
468
|
+
end
|
469
|
+
|
470
|
+
end # end X509Cert
|
471
|
+
|
48
472
|
end
|