fast-rsa-engine 0.1.0-java → 0.2.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +16 -2
- data/Gemfile096 +7 -0
- data/Gemfile098 +6 -0
- data/README.md +4 -2
- data/Rakefile +13 -7
- data/fast-rsa-engine.gemspec +20 -15
- data/lib/fast-rsa-engine.rb +30 -11
- data/lib/fast-rsa-engine_jars.rb +1 -1
- data/spec/cipher_spec.rb +4 -1
- data/spec/security_helper_spec.rb +2 -1
- data/spec/setup.rb +8 -1
- data/spec/signature_spec.rb +3 -0
- data/src/main/java/com/github/lookout/fastrsa/FastCipherSpi.java +0 -1
- data/src/main/java/org/jruby/ext/openssl/SecurityHelper.java +751 -0
- metadata +25 -20
- data/src/main/java/com/github/lookout/fastrsa/SecurityHelperMap.java +0 -29
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 96d190a299f9af91de79effb8cdc6c4c13b5de79
|
4
|
+
data.tar.gz: 2c0e0d1b2c13cba7d3f23a8281562f65863ceb24
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 374093b969953632eef27bafaf22d4386979993b5d3577c2380d304924ce68a5325929fda792b76177b0c9a1dc0ac680520a2b5afb8fb8eb37865b5474fe14b1
|
7
|
+
data.tar.gz: 006515dd78e4186937745a885073f5197ab060caf43645e275ce0f08b0632b97a205e492cb5090a84ef7d97489358db26e3fe81d2fae98175b501a527433bd8f
|
data/.travis.yml
CHANGED
@@ -1,4 +1,18 @@
|
|
1
1
|
language: ruby
|
2
|
+
install: gem install bundler -v '~>1.10'; bundle install
|
3
|
+
gemfile:
|
4
|
+
- Gemfile
|
5
|
+
- Gemfile096
|
6
|
+
- Gemfile098
|
2
7
|
rvm:
|
3
|
-
- jruby
|
4
|
-
- jruby-
|
8
|
+
- jruby-1.7.19
|
9
|
+
- jruby-1.7.21
|
10
|
+
- jruby-9.0.0.0
|
11
|
+
jdk:
|
12
|
+
- openjdk7
|
13
|
+
- oraclejdk8
|
14
|
+
matrix:
|
15
|
+
include:
|
16
|
+
- rvm: 1.9.3
|
17
|
+
gemfile: Gemfile
|
18
|
+
jdk: openjdk7
|
data/Gemfile096
ADDED
data/Gemfile098
ADDED
data/README.md
CHANGED
@@ -1,10 +1,12 @@
|
|
1
1
|
# Fast RSA Engine for jruby-openssl gem
|
2
2
|
|
3
|
-
|
3
|
+
[![Build Status](https://travis-ci.org/lookout/fast-rsa-engine.svg?branch=master)](https://travis-ci.org/lookout/fast-rsa-engine)
|
4
|
+
|
5
|
+
This gem replaces the RSA signature and RSA ciphers from jruby-openssl by the much faster implementation of them. See [corner.squareup.com/2014/02/faster-rsa-jnagmp.html](https://corner.squareup.com/2014/02/faster-rsa-jnagmp.html)
|
4
6
|
|
5
7
|
but this works only for **darwin** and **linux-x84_64** platforms due to the library used from squareup.
|
6
8
|
|
7
|
-
|
9
|
+
The improvement in performance brings JRuby verify and decrypy using RSA close to MRI.
|
8
10
|
|
9
11
|
## installation
|
10
12
|
|
data/Rakefile
CHANGED
@@ -1,22 +1,28 @@
|
|
1
1
|
#-*- mode: ruby -*-
|
2
2
|
|
3
3
|
require 'bundler/gem_tasks'
|
4
|
-
require 'ruby-maven'
|
5
4
|
|
6
|
-
|
7
|
-
|
8
|
-
|
5
|
+
if RUBY_PLATFORM == 'java'
|
6
|
+
require 'ruby-maven'
|
7
|
+
|
8
|
+
desc "Pack fast-rsa-engine.jar with the compiled classes"
|
9
|
+
task :jar do
|
10
|
+
raise unless RubyMaven.exec('-f', 'fast-rsa-engine.gemspec', 'prepare-package', '-Dmaven.test.skip')
|
11
|
+
end
|
12
|
+
else
|
13
|
+
task :jar do
|
14
|
+
end
|
9
15
|
end
|
10
16
|
|
11
17
|
require "rspec/core/rake_task"
|
12
18
|
RSpec::Core::RakeTask.new
|
13
19
|
|
14
|
-
task :default => [ :jar, :spec ]
|
15
|
-
|
16
20
|
require 'rubygems/package_task'
|
17
21
|
Gem::PackageTask.new( eval File.read( './fast-rsa-engine.gemspec' ) ) do
|
18
|
-
desc 'Pack
|
22
|
+
desc 'Pack fast-rsa-engine.gem'
|
19
23
|
task :package => [:jar]
|
20
24
|
end
|
21
25
|
|
26
|
+
task :default => [ :jar, :spec ]
|
27
|
+
|
22
28
|
# vim: syntax=ruby
|
data/fast-rsa-engine.gemspec
CHANGED
@@ -2,28 +2,33 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = 'fast-rsa-engine'
|
5
|
-
s.version = '0.
|
6
|
-
s.author = 'Christian
|
7
|
-
s.email = [ 'christian.meier@lookout.com' ]
|
8
|
-
s.platform = 'java'
|
5
|
+
s.version = '0.2.0'
|
6
|
+
s.author = 'Christian Meier'
|
7
|
+
s.email = [ 'christian.meier@lookout.com', 'rtyler.croy@lookout.com' ]
|
9
8
|
|
10
9
|
s.license = 'MIT'
|
11
|
-
s.summary = %q(replaces the RSA signature and RSA ciphers from jruby-openssl by
|
10
|
+
s.summary = %q(replaces the RSA signature and RSA ciphers from jruby-openssl by a faster implementation of them)
|
12
11
|
s.homepage = 'https://github.com/lookout/fast-rsa-engine'
|
13
|
-
s.description = %q(this gem replaces the RSA signature and RSA ciphers from jruby-openssl by
|
12
|
+
s.description = %q(this gem replaces the RSA signature and RSA ciphers from jruby-openssl by a faster implementation of them. see https://corner.squareup.com/2014/02/faster-rsa-jnagmp.html)
|
14
13
|
|
15
14
|
s.files = `git ls-files`.split($/)
|
16
15
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
16
|
+
if RUBY_PLATFORM == 'java'
|
17
|
+
unless defined?(BC_VERSION)
|
18
|
+
BC_VERSION = '1.50'
|
19
|
+
end
|
20
|
+
s.platform = 'java'
|
21
|
+
# needed for runtime
|
22
|
+
s.requirements << "jar com.squareup.jnagmp:bouncycastle-rsa, 1.0.0"
|
23
|
+
# needed for compilation
|
24
|
+
s.requirements << "jar org.bouncycastle:bcpkix-jdk15on, #{BC_VERSION}, :scope => :provided"
|
25
|
+
s.requirements << "jar org.bouncycastle:bcprov-jdk15on, #{BC_VERSION}, :scope => :provided"
|
26
|
+
s.requirements << "pom org.jruby:jruby-core, 1.7.21, :scope => :provided"
|
27
|
+
|
28
|
+
s.add_runtime_dependency 'jar-dependencies', '~> 0.1'
|
29
|
+
s.add_development_dependency 'ruby-maven', '~> 3.3'
|
30
|
+
end
|
24
31
|
|
25
|
-
s.add_runtime_dependency 'jar-dependencies', '~> 0.1'
|
26
|
-
s.add_development_dependency 'ruby-maven', '~> 3.3'
|
27
32
|
s.add_development_dependency 'rspec', '~> 3.3'
|
28
33
|
s.add_development_dependency 'rake', '~> 10.2'
|
29
34
|
end
|
data/lib/fast-rsa-engine.rb
CHANGED
@@ -1,13 +1,32 @@
|
|
1
|
-
|
2
|
-
require 'fast-rsa-
|
3
|
-
|
1
|
+
if RUBY_PLATFORM == 'java'
|
2
|
+
require 'fast-rsa-engine_jars.rb'
|
3
|
+
begin
|
4
|
+
Java::OrgJrubyExtOpenssl::SecurityHelper
|
5
|
+
warn 'openssl loaded before fast-rsa-engine'
|
6
|
+
rescue NameError
|
7
|
+
require 'fast-rsa-engine.jar'
|
8
|
+
end
|
9
|
+
require 'openssl'
|
4
10
|
|
5
|
-
#
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
11
|
+
# lexical compare is sufficient here
|
12
|
+
if Jopenssl::Version::VERSION > '0.9.5'
|
13
|
+
# keep the default name space clean and use tap
|
14
|
+
tap do
|
15
|
+
sign_names = [ "MD2", "MD4", "MD5",
|
16
|
+
"RIPEMD128", "RIPEMD160", "RIPEMD256",
|
17
|
+
"SHA1", "SHA224", "SHA256", "SHA384", "SHA512" ]
|
18
|
+
sign_names.each do |name|
|
19
|
+
full = "#{name}WITHRSA"
|
20
|
+
clazz = JRuby.runtime.jruby_class_loader.load_class( "com.github.lookout.fastrsa.FastDigestSignatureSpi$#{name}" )
|
21
|
+
Java::OrgJrubyExtOpenssl::SecurityHelper.add_signature(full, clazz)
|
22
|
+
end
|
23
|
+
|
24
|
+
Java::OrgJrubyExtOpenssl::SecurityHelper.add_cipher('RSA',
|
25
|
+
com.github.lookout.fastrsa.FastCipherSpi::NoPadding.java_class)
|
26
|
+
end
|
27
|
+
else
|
28
|
+
warn "jruby-openssl gem #{Jopenssl::Version::VERSION} is too old"
|
29
|
+
end
|
30
|
+
else
|
31
|
+
warn "fast-rsa-engine does not affect MRI"
|
13
32
|
end
|
data/lib/fast-rsa-engine_jars.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# this is a generated file, to avoid over-writing it just delete this comment
|
2
2
|
require 'jar_dependencies'
|
3
3
|
|
4
|
-
require_jar( 'net.java.dev.jna', 'jna', '4.0.0' )
|
5
4
|
require_jar( 'com.squareup.jnagmp', 'bouncycastle-rsa', '1.0.0' )
|
5
|
+
require_jar( 'net.java.dev.jna', 'jna', '4.0.0' )
|
6
6
|
require_jar( 'com.squareup.jnagmp', 'jnagmp', '1.0.0' )
|
data/spec/cipher_spec.rb
CHANGED
@@ -15,9 +15,10 @@ describe 'Cipher' do
|
|
15
15
|
public_key.public_encrypt("THIS IS A TEST")
|
16
16
|
}
|
17
17
|
|
18
|
-
let( :rounds ) {
|
18
|
+
let( :rounds ) { 100 }
|
19
19
|
|
20
20
|
it 'is faster the regular cipher' do
|
21
|
+
skip( 'jruby too old' ) if too_old
|
21
22
|
# clear the fast engines
|
22
23
|
engines.clear
|
23
24
|
|
@@ -28,6 +29,8 @@ describe 'Cipher' do
|
|
28
29
|
delta1 = Time.new.to_f - start
|
29
30
|
|
30
31
|
# setup the fast engines
|
32
|
+
engines.clear
|
33
|
+
# this creates a warning
|
31
34
|
load( "${this}/../lib/fast-rsa-engine.rb" )
|
32
35
|
|
33
36
|
start = Time.new.to_f
|
@@ -3,9 +3,10 @@ require_relative 'setup'
|
|
3
3
|
describe 'SecurityHelper' do
|
4
4
|
|
5
5
|
it 'registers signatures with SecurityHelper' do
|
6
|
+
skip( 'jruby too old' ) if too_old
|
6
7
|
# clear the fast engines
|
7
8
|
engines.clear
|
8
|
-
# setup the fast engines
|
9
|
+
# setup the fast engines - this creates a warning
|
9
10
|
load( "${this}/../lib/fast-rsa-engine.rb" )
|
10
11
|
|
11
12
|
expect( engines.size ).to eq( 12 )
|
data/spec/setup.rb
CHANGED
@@ -1,8 +1,15 @@
|
|
1
1
|
$: << File.expand_path( '../../lib', __FILE__ )
|
2
2
|
require 'fast-rsa-engine'
|
3
3
|
|
4
|
+
def too_old
|
5
|
+
if defined? Jopenssl::Version
|
6
|
+
Jopenssl::Version::VERSION < '0.9.6'
|
7
|
+
else
|
8
|
+
true # we are in MRI
|
9
|
+
end
|
10
|
+
end
|
4
11
|
def engines
|
5
12
|
engines = Java::OrgJrubyExtOpenssl::SecurityHelper.java_class.declared_field 'implEngines'
|
6
13
|
engines.accessible = true
|
7
14
|
engines.value( Java::OrgJrubyExtOpenssl::SecurityHelper )
|
8
|
-
end
|
15
|
+
end unless too_old
|
data/spec/signature_spec.rb
CHANGED
@@ -11,6 +11,7 @@ describe 'Signature' do
|
|
11
11
|
let( :rounds ) { 10 }
|
12
12
|
|
13
13
|
it 'is faster the regular signature' do
|
14
|
+
skip( 'jruby too old' ) if too_old
|
14
15
|
# clear the fast engines
|
15
16
|
engines.clear
|
16
17
|
|
@@ -21,6 +22,8 @@ describe 'Signature' do
|
|
21
22
|
delta1 = Time.new.to_f - start
|
22
23
|
|
23
24
|
# setup the fast engines
|
25
|
+
engines.clear
|
26
|
+
# this creates a warning
|
24
27
|
load( "${this}/../lib/fast-rsa-engine.rb" )
|
25
28
|
|
26
29
|
start = Time.new.to_f
|
@@ -0,0 +1,751 @@
|
|
1
|
+
/*
|
2
|
+
* The MIT License
|
3
|
+
*
|
4
|
+
* Copyright 2014 Karol Bucek.
|
5
|
+
*
|
6
|
+
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
7
|
+
* of this software and associated documentation files (the "Software"), to deal
|
8
|
+
* in the Software without restriction, including without limitation the rights
|
9
|
+
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
10
|
+
* copies of the Software, and to permit persons to whom the Software is
|
11
|
+
* furnished to do so, subject to the following conditions:
|
12
|
+
*
|
13
|
+
* The above copyright notice and this permission notice shall be included in
|
14
|
+
* all copies or substantial portions of the Software.
|
15
|
+
*
|
16
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
17
|
+
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
18
|
+
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
19
|
+
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
20
|
+
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
21
|
+
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
22
|
+
* THE SOFTWARE.
|
23
|
+
*/
|
24
|
+
package org.jruby.ext.openssl;
|
25
|
+
|
26
|
+
import java.io.IOException;
|
27
|
+
import java.lang.reflect.Constructor;
|
28
|
+
import java.lang.reflect.Field;
|
29
|
+
import java.lang.reflect.InvocationTargetException;
|
30
|
+
import java.lang.reflect.Method;
|
31
|
+
import java.math.BigInteger;
|
32
|
+
import java.security.InvalidKeyException;
|
33
|
+
import java.security.KeyFactory;
|
34
|
+
import java.security.KeyFactorySpi;
|
35
|
+
import java.security.KeyPairGenerator;
|
36
|
+
import java.security.KeyPairGeneratorSpi;
|
37
|
+
import java.security.KeyStore;
|
38
|
+
import java.security.KeyStoreException;
|
39
|
+
import java.security.MessageDigest;
|
40
|
+
import java.security.MessageDigestSpi;
|
41
|
+
import java.security.NoSuchAlgorithmException;
|
42
|
+
import java.security.Provider;
|
43
|
+
import java.security.PublicKey;
|
44
|
+
import java.security.SecureRandom;
|
45
|
+
import java.security.SecureRandomSpi;
|
46
|
+
import java.security.Security;
|
47
|
+
import java.security.Signature;
|
48
|
+
import java.security.SignatureException;
|
49
|
+
import java.security.SignatureSpi;
|
50
|
+
import java.security.cert.CRLException;
|
51
|
+
import java.security.cert.CertificateException;
|
52
|
+
import java.security.cert.CertificateFactory;
|
53
|
+
import java.security.cert.CertificateFactorySpi;
|
54
|
+
import java.security.cert.X509CRL;
|
55
|
+
import java.security.interfaces.DSAParams;
|
56
|
+
import java.security.interfaces.DSAPublicKey;
|
57
|
+
import java.security.interfaces.RSAPublicKey;
|
58
|
+
import java.util.Locale;
|
59
|
+
import java.util.Map;
|
60
|
+
import java.util.StringTokenizer;
|
61
|
+
import java.util.concurrent.ConcurrentHashMap;
|
62
|
+
|
63
|
+
import javax.crypto.Cipher;
|
64
|
+
import javax.crypto.CipherSpi;
|
65
|
+
import javax.crypto.KeyGenerator;
|
66
|
+
import javax.crypto.KeyGeneratorSpi;
|
67
|
+
import javax.crypto.Mac;
|
68
|
+
import javax.crypto.MacSpi;
|
69
|
+
import javax.crypto.NoSuchPaddingException;
|
70
|
+
import javax.crypto.SecretKeyFactory;
|
71
|
+
import javax.crypto.SecretKeyFactorySpi;
|
72
|
+
import javax.net.ssl.SSLContext;
|
73
|
+
|
74
|
+
import com.sun.crypto.provider.CipherWithWrappingSpi;
|
75
|
+
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
|
76
|
+
import org.bouncycastle.asn1.x509.CertificateList;
|
77
|
+
import org.bouncycastle.cert.CertException;
|
78
|
+
import org.bouncycastle.cert.X509CRLHolder;
|
79
|
+
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
|
80
|
+
import org.bouncycastle.crypto.params.DSAParameters;
|
81
|
+
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
|
82
|
+
import org.bouncycastle.crypto.params.RSAKeyParameters;
|
83
|
+
import org.bouncycastle.jce.provider.X509CRLObject;
|
84
|
+
import org.bouncycastle.operator.ContentVerifierProvider;
|
85
|
+
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
|
86
|
+
import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
|
87
|
+
import org.bouncycastle.operator.OperatorException;
|
88
|
+
import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
|
89
|
+
import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
|
90
|
+
|
91
|
+
/**
|
92
|
+
* Java Security (and JCE) helpers.
|
93
|
+
*
|
94
|
+
* @author kares
|
95
|
+
*/
|
96
|
+
public abstract class SecurityHelper {
|
97
|
+
|
98
|
+
private static String BC_PROVIDER_CLASS = "org.bouncycastle.jce.provider.BouncyCastleProvider";
|
99
|
+
static boolean setBouncyCastleProvider = true; // (package access for tests)
|
100
|
+
static Provider securityProvider; // 'BC' provider (package access for tests)
|
101
|
+
private static Boolean registerProvider = null;
|
102
|
+
private static final Map<String, Class> implEngines = new ConcurrentHashMap<String, Class>(16, 0.75f, 1);
|
103
|
+
|
104
|
+
public static void addCipher(String name, Class<? extends CipherSpi> clazz) {
|
105
|
+
implEngines.put("Cipher:" + name, clazz);
|
106
|
+
tryCipherInternal = true;
|
107
|
+
}
|
108
|
+
|
109
|
+
public static void addSignature(String name, Class<? extends SignatureSpi> clazz) {
|
110
|
+
implEngines.put("Signature:" + name, clazz);
|
111
|
+
}
|
112
|
+
|
113
|
+
public static Provider getSecurityProvider() {
|
114
|
+
if ( setBouncyCastleProvider && securityProvider == null ) {
|
115
|
+
synchronized(SecurityHelper.class) {
|
116
|
+
if ( setBouncyCastleProvider && securityProvider == null ) {
|
117
|
+
setBouncyCastleProvider(); setBouncyCastleProvider = false;
|
118
|
+
}
|
119
|
+
}
|
120
|
+
}
|
121
|
+
doRegisterProvider();
|
122
|
+
return securityProvider;
|
123
|
+
}
|
124
|
+
|
125
|
+
public static synchronized void setSecurityProvider(final Provider provider) {
|
126
|
+
securityProvider = provider;
|
127
|
+
}
|
128
|
+
|
129
|
+
static synchronized void setBouncyCastleProvider() {
|
130
|
+
setSecurityProvider( newBouncyCastleProvider() );
|
131
|
+
}
|
132
|
+
|
133
|
+
private static Provider newBouncyCastleProvider() {
|
134
|
+
try {
|
135
|
+
return (Provider) Class.forName(BC_PROVIDER_CLASS).newInstance();
|
136
|
+
}
|
137
|
+
catch (Throwable ignored) { /* no bouncy castle available */ }
|
138
|
+
return null;
|
139
|
+
}
|
140
|
+
|
141
|
+
public static synchronized void setRegisterProvider(boolean register) {
|
142
|
+
registerProvider = Boolean.valueOf(register); doRegisterProvider();
|
143
|
+
}
|
144
|
+
|
145
|
+
static boolean isProviderAvailable(final String name) {
|
146
|
+
return Security.getProvider(name) != null;
|
147
|
+
}
|
148
|
+
|
149
|
+
static boolean isProviderRegistered() {
|
150
|
+
if ( securityProvider == null ) return false;
|
151
|
+
return Security.getProvider(securityProvider.getName()) != null;
|
152
|
+
}
|
153
|
+
|
154
|
+
private static void doRegisterProvider() {
|
155
|
+
if ( registerProvider != null ) {
|
156
|
+
synchronized(SecurityHelper.class) {
|
157
|
+
if ( registerProvider != null && registerProvider.booleanValue() ) {
|
158
|
+
if ( securityProvider != null ) {
|
159
|
+
Security.addProvider(securityProvider);
|
160
|
+
}
|
161
|
+
}
|
162
|
+
}
|
163
|
+
registerProvider = null;
|
164
|
+
}
|
165
|
+
}
|
166
|
+
|
167
|
+
/**
|
168
|
+
* @note code calling this should not assume BC provider internals !
|
169
|
+
*/
|
170
|
+
public static CertificateFactory getCertificateFactory(final String type)
|
171
|
+
throws CertificateException {
|
172
|
+
try {
|
173
|
+
final Provider provider = getSecurityProvider();
|
174
|
+
if ( provider != null ) return getCertificateFactory(type, provider);
|
175
|
+
}
|
176
|
+
catch (CertificateException e) { }
|
177
|
+
return CertificateFactory.getInstance(type);
|
178
|
+
}
|
179
|
+
|
180
|
+
static CertificateFactory getCertificateFactory(final String type, final Provider provider)
|
181
|
+
throws CertificateException {
|
182
|
+
final CertificateFactorySpi spi = (CertificateFactorySpi) getImplEngine("CertificateFactory", type);
|
183
|
+
if ( spi == null ) throw new CertificateException(type + " not found");
|
184
|
+
return newInstance(CertificateFactory.class,
|
185
|
+
new Class[]{ CertificateFactorySpi.class, Provider.class, String.class },
|
186
|
+
new Object[]{ spi, provider, type }
|
187
|
+
);
|
188
|
+
}
|
189
|
+
|
190
|
+
/**
|
191
|
+
* @note code calling this should not assume BC provider internals !
|
192
|
+
*/
|
193
|
+
public static KeyFactory getKeyFactory(final String algorithm)
|
194
|
+
throws NoSuchAlgorithmException {
|
195
|
+
try {
|
196
|
+
final Provider provider = getSecurityProvider();
|
197
|
+
if ( provider != null ) return getKeyFactory(algorithm, provider);
|
198
|
+
}
|
199
|
+
catch (NoSuchAlgorithmException e) { }
|
200
|
+
return KeyFactory.getInstance(algorithm);
|
201
|
+
}
|
202
|
+
|
203
|
+
static KeyFactory getKeyFactory(final String algorithm, final Provider provider)
|
204
|
+
throws NoSuchAlgorithmException {
|
205
|
+
KeyFactorySpi spi = (KeyFactorySpi) getImplEngine("KeyFactory", algorithm);
|
206
|
+
if ( spi == null ) throw new NoSuchAlgorithmException(algorithm + " not found");
|
207
|
+
return newInstance(KeyFactory.class,
|
208
|
+
new Class[] { KeyFactorySpi.class, Provider.class, String.class },
|
209
|
+
new Object[] { spi, provider, algorithm }
|
210
|
+
);
|
211
|
+
}
|
212
|
+
|
213
|
+
/**
|
214
|
+
* @note code calling this should not assume BC provider internals !
|
215
|
+
*/
|
216
|
+
public static KeyPairGenerator getKeyPairGenerator(final String algorithm)
|
217
|
+
throws NoSuchAlgorithmException {
|
218
|
+
try {
|
219
|
+
final Provider provider = getSecurityProvider();
|
220
|
+
if ( provider != null ) return getKeyPairGenerator(algorithm, provider);
|
221
|
+
}
|
222
|
+
catch (NoSuchAlgorithmException e) { }
|
223
|
+
return KeyPairGenerator.getInstance(algorithm);
|
224
|
+
}
|
225
|
+
|
226
|
+
@SuppressWarnings("unchecked")
|
227
|
+
static KeyPairGenerator getKeyPairGenerator(final String algorithm, final Provider provider)
|
228
|
+
throws NoSuchAlgorithmException {
|
229
|
+
final Object spi = getImplEngine("KeyPairGenerator", algorithm);
|
230
|
+
if ( spi == null ) {
|
231
|
+
throw new NoSuchAlgorithmException(algorithm + " KeyPairGenerator not available");
|
232
|
+
}
|
233
|
+
|
234
|
+
final KeyPairGenerator keyPairGenerator;
|
235
|
+
if ( spi instanceof KeyPairGenerator ) {
|
236
|
+
keyPairGenerator = (KeyPairGenerator) spi;
|
237
|
+
}
|
238
|
+
else {
|
239
|
+
final Class<? extends KeyPairGenerator> delegate;
|
240
|
+
try {
|
241
|
+
delegate = (Class<? extends KeyPairGenerator>)
|
242
|
+
Class.forName(KeyPairGenerator.class.getName() + "$Delegate");
|
243
|
+
} catch (ClassNotFoundException e) { throw new RuntimeException(e); }
|
244
|
+
|
245
|
+
keyPairGenerator = newInstance(delegate,
|
246
|
+
new Class[] { KeyPairGeneratorSpi.class, String.class }, spi, algorithm
|
247
|
+
);
|
248
|
+
}
|
249
|
+
setField(keyPairGenerator, KeyPairGenerator.class, "provider", provider);
|
250
|
+
return keyPairGenerator;
|
251
|
+
}
|
252
|
+
|
253
|
+
/**
|
254
|
+
* @note code calling this should not assume BC provider internals !
|
255
|
+
*/
|
256
|
+
public static KeyStore getKeyStore(final String type)
|
257
|
+
throws KeyStoreException {
|
258
|
+
try {
|
259
|
+
final Provider provider = getSecurityProvider();
|
260
|
+
if ( provider != null ) return getKeyStore(type, provider);
|
261
|
+
}
|
262
|
+
catch (KeyStoreException e) { }
|
263
|
+
return KeyStore.getInstance(type);
|
264
|
+
}
|
265
|
+
|
266
|
+
static KeyStore getKeyStore(final String type, final Provider provider)
|
267
|
+
throws KeyStoreException {
|
268
|
+
return KeyStore.getInstance(type, provider);
|
269
|
+
}
|
270
|
+
|
271
|
+
/**
|
272
|
+
* @note code calling this should not assume BC provider internals !
|
273
|
+
*/
|
274
|
+
public static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException {
|
275
|
+
try {
|
276
|
+
final Provider provider = getSecurityProvider();
|
277
|
+
if ( provider != null ) return getMessageDigest(algorithm, provider);
|
278
|
+
}
|
279
|
+
catch (NoSuchAlgorithmException e) { }
|
280
|
+
return MessageDigest.getInstance(algorithm);
|
281
|
+
}
|
282
|
+
|
283
|
+
@SuppressWarnings("unchecked")
|
284
|
+
static MessageDigest getMessageDigest(final String algorithm, final Provider provider)
|
285
|
+
throws NoSuchAlgorithmException {
|
286
|
+
final Object spi = getImplEngine("MessageDigest", algorithm);
|
287
|
+
if ( spi == null ) throw new NoSuchAlgorithmException(algorithm + " not found");
|
288
|
+
|
289
|
+
final MessageDigest messageDigest;
|
290
|
+
if ( spi instanceof MessageDigest ) {
|
291
|
+
messageDigest = (MessageDigest) spi;
|
292
|
+
}
|
293
|
+
else {
|
294
|
+
final Class<? extends MessageDigest> delegate;
|
295
|
+
try {
|
296
|
+
delegate = (Class<? extends MessageDigest>)
|
297
|
+
Class.forName(MessageDigest.class.getName() + "$Delegate");
|
298
|
+
} catch (ClassNotFoundException e) { throw new RuntimeException(e); }
|
299
|
+
|
300
|
+
messageDigest = newInstance(delegate,
|
301
|
+
new Class[] { MessageDigestSpi.class, String.class }, spi, algorithm
|
302
|
+
);
|
303
|
+
}
|
304
|
+
setField(messageDigest, MessageDigest.class, "provider", provider);
|
305
|
+
return messageDigest;
|
306
|
+
}
|
307
|
+
|
308
|
+
public static SecureRandom getSecureRandom() {
|
309
|
+
try {
|
310
|
+
final Provider provider = getSecurityProvider();
|
311
|
+
if ( provider != null ) {
|
312
|
+
final String algorithm = getSecureRandomAlgorithm(provider);
|
313
|
+
if ( algorithm != null ) {
|
314
|
+
return getSecureRandom(algorithm, provider);
|
315
|
+
}
|
316
|
+
}
|
317
|
+
}
|
318
|
+
catch (NoSuchAlgorithmException e) { }
|
319
|
+
return new SecureRandom(); // likely "SHA1PRNG" from SPI sun.security.provider.SecureRandom
|
320
|
+
}
|
321
|
+
|
322
|
+
private static SecureRandom getSecureRandom(final String algorithm, final Provider provider)
|
323
|
+
throws NoSuchAlgorithmException {
|
324
|
+
final SecureRandomSpi spi = (SecureRandomSpi) getImplEngine("SecureRandom", algorithm);
|
325
|
+
if ( spi == null ) throw new NoSuchAlgorithmException(algorithm + " not found");
|
326
|
+
|
327
|
+
return newInstance(SecureRandom.class,
|
328
|
+
new Class[] { SecureRandomSpi.class, Provider.class, String.class },
|
329
|
+
new Object[] { spi, provider, algorithm }
|
330
|
+
);
|
331
|
+
}
|
332
|
+
|
333
|
+
// NOTE: none (at least for BC 1.47)
|
334
|
+
private static String getSecureRandomAlgorithm(final Provider provider) {
|
335
|
+
for ( Provider.Service service : provider.getServices() ) {
|
336
|
+
if ( "SecureRandom".equals( service.getType() ) ) {
|
337
|
+
return service.getAlgorithm();
|
338
|
+
}
|
339
|
+
}
|
340
|
+
return null;
|
341
|
+
}
|
342
|
+
|
343
|
+
static void debugStackTrace(Exception e){
|
344
|
+
e.printStackTrace();
|
345
|
+
}
|
346
|
+
private static Boolean tryCipherInternal = Boolean.FALSE;
|
347
|
+
|
348
|
+
/**
|
349
|
+
* @note code calling this should not assume BC provider internals !
|
350
|
+
*/
|
351
|
+
public static Cipher getCipher(final String transformation)
|
352
|
+
throws NoSuchAlgorithmException, NoSuchPaddingException {
|
353
|
+
try {
|
354
|
+
if ( tryCipherInternal == Boolean.FALSE ) {
|
355
|
+
final Provider provider = getSecurityProvider();
|
356
|
+
if ( provider != null ) {
|
357
|
+
return getCipher(transformation, provider);
|
358
|
+
}
|
359
|
+
}
|
360
|
+
}
|
361
|
+
catch (NoSuchAlgorithmException e) { }
|
362
|
+
catch (NoSuchPaddingException e) { }
|
363
|
+
catch (SecurityException e) {
|
364
|
+
// java.lang.SecurityException: JCE cannot authenticate the provider BC
|
365
|
+
if ( tryCipherInternal != null ) tryCipherInternal = Boolean.TRUE;
|
366
|
+
debugStackTrace(e);
|
367
|
+
}
|
368
|
+
if ( tryCipherInternal == Boolean.TRUE ) {
|
369
|
+
try {
|
370
|
+
final Provider provider = getSecurityProvider();
|
371
|
+
if ( provider != null ) {
|
372
|
+
return getCipherInternal(transformation, provider);
|
373
|
+
}
|
374
|
+
}
|
375
|
+
catch (NoSuchAlgorithmException e) { }
|
376
|
+
catch (RuntimeException e) {
|
377
|
+
// likely javax.crypto.JceSecurityManager.isCallerTrusted gets
|
378
|
+
// us a NPE from javax.crypto.Cipher.<init>(Cipher.java:264)
|
379
|
+
tryCipherInternal = null; // do not try BC at all
|
380
|
+
debugStackTrace(e);
|
381
|
+
}
|
382
|
+
}
|
383
|
+
return Cipher.getInstance(transformation);
|
384
|
+
}
|
385
|
+
|
386
|
+
static Cipher getCipher(final String transformation, final Provider provider)
|
387
|
+
throws NoSuchAlgorithmException, NoSuchPaddingException {
|
388
|
+
return Cipher.getInstance(transformation, provider);
|
389
|
+
}
|
390
|
+
|
391
|
+
private static final Class<?>[] STRING_PARAM = { String.class };
|
392
|
+
|
393
|
+
private static Cipher getCipherInternal(String transformation, final Provider provider)
|
394
|
+
throws NoSuchAlgorithmException {
|
395
|
+
CipherSpi spi = (CipherSpi) getImplEngine("Cipher", transformation);
|
396
|
+
if ( spi == null ) {
|
397
|
+
//
|
398
|
+
// try the long way
|
399
|
+
//
|
400
|
+
StringTokenizer tok = new StringTokenizer(transformation, "/");
|
401
|
+
final String algorithm = tok.nextToken();
|
402
|
+
|
403
|
+
spi = (CipherSpi) getImplEngine("Cipher", algorithm);
|
404
|
+
if ( spi == null ) {
|
405
|
+
// if ( silent ) return null;
|
406
|
+
throw new NoSuchAlgorithmException(transformation + " not found");
|
407
|
+
}
|
408
|
+
|
409
|
+
//
|
410
|
+
// make sure we don't get fooled by a "//" in the string
|
411
|
+
//
|
412
|
+
if ( tok.hasMoreTokens() && ! transformation.regionMatches(algorithm.length(), "//", 0, 2) ) {
|
413
|
+
// spi.engineSetMode(tok.nextToken()) :
|
414
|
+
invoke(spi, CipherSpi.class, "engineSetMode", STRING_PARAM, tok.nextToken());
|
415
|
+
}
|
416
|
+
if ( tok.hasMoreTokens() ) {
|
417
|
+
// spi.engineSetPadding(tok.nextToken()) :
|
418
|
+
invoke(spi, CipherSpi.class, "engineSetPadding", STRING_PARAM, tok.nextToken());
|
419
|
+
}
|
420
|
+
|
421
|
+
}
|
422
|
+
try {
|
423
|
+
return newInstance(Cipher.class,
|
424
|
+
new Class[] { CipherSpi.class, Provider.class, String.class },
|
425
|
+
new Object[] { spi, provider, transformation }
|
426
|
+
);
|
427
|
+
}
|
428
|
+
catch( IllegalStateException e ) {
|
429
|
+
// this can be due to trusted check in Cipher constructor
|
430
|
+
if (e.getCause().getClass() == NullPointerException.class) {
|
431
|
+
Cipher cipher = newInstance(Cipher.class,
|
432
|
+
new Class[] { CipherSpi.class, String.class },
|
433
|
+
new Object[] { spi, transformation }
|
434
|
+
);
|
435
|
+
setField(cipher, Cipher.class, "provider", provider);
|
436
|
+
return cipher;
|
437
|
+
}
|
438
|
+
throw e;
|
439
|
+
}
|
440
|
+
}
|
441
|
+
|
442
|
+
/**
|
443
|
+
* @note code calling this should not assume BC provider internals !
|
444
|
+
*/
|
445
|
+
public static Signature getSignature(final String algorithm) throws NoSuchAlgorithmException {
|
446
|
+
try {
|
447
|
+
final Provider provider = getSecurityProvider();
|
448
|
+
if ( provider != null ) return getSignature(algorithm, provider);
|
449
|
+
}
|
450
|
+
catch (NoSuchAlgorithmException e) { }
|
451
|
+
return Signature.getInstance(algorithm);
|
452
|
+
}
|
453
|
+
|
454
|
+
@SuppressWarnings("unchecked")
|
455
|
+
static Signature getSignature(final String algorithm, final Provider provider)
|
456
|
+
throws NoSuchAlgorithmException {
|
457
|
+
final Object spi = getImplEngine("Signature", algorithm);
|
458
|
+
if ( spi == null ) throw new NoSuchAlgorithmException(algorithm + " Signature not available");
|
459
|
+
|
460
|
+
final Signature signature;
|
461
|
+
if ( spi instanceof Signature ) {
|
462
|
+
signature = (Signature) spi;
|
463
|
+
} else {
|
464
|
+
final Class<? extends Signature> delegate;
|
465
|
+
try {
|
466
|
+
delegate = (Class<? extends Signature>)
|
467
|
+
Class.forName(Signature.class.getName() + "$Delegate");
|
468
|
+
} catch (ClassNotFoundException e) { throw new RuntimeException(e); }
|
469
|
+
|
470
|
+
signature = newInstance(delegate,
|
471
|
+
new Class[] { SignatureSpi.class, String.class }, spi, algorithm
|
472
|
+
);
|
473
|
+
}
|
474
|
+
setField(signature, Signature.class, "provider", provider);
|
475
|
+
return signature;
|
476
|
+
}
|
477
|
+
|
478
|
+
/**
|
479
|
+
* @note code calling this should not assume BC provider internals !
|
480
|
+
*/
|
481
|
+
public static Mac getMac(final String algorithm) throws NoSuchAlgorithmException {
|
482
|
+
Mac mac = null;
|
483
|
+
final Provider provider = getSecurityProvider();
|
484
|
+
if ( provider != null ) {
|
485
|
+
mac = getMac(algorithm, provider, true);
|
486
|
+
}
|
487
|
+
if ( mac == null ) mac = Mac.getInstance(algorithm);
|
488
|
+
return mac;
|
489
|
+
}
|
490
|
+
|
491
|
+
static Mac getMac(final String algorithm, final Provider provider)
|
492
|
+
throws NoSuchAlgorithmException {
|
493
|
+
return getMac(algorithm, provider, false);
|
494
|
+
}
|
495
|
+
|
496
|
+
private static Mac getMac(final String algorithm, final Provider provider, boolean silent)
|
497
|
+
throws NoSuchAlgorithmException {
|
498
|
+
MacSpi spi = (MacSpi) getImplEngine("Mac", algorithm);
|
499
|
+
if ( spi == null ) {
|
500
|
+
if ( silent ) return null;
|
501
|
+
throw new NoSuchAlgorithmException(algorithm + " not found");
|
502
|
+
}
|
503
|
+
return newInstance(Mac.class,
|
504
|
+
new Class[] { MacSpi.class, Provider.class, String.class },
|
505
|
+
new Object[] { spi, provider, algorithm }
|
506
|
+
);
|
507
|
+
}
|
508
|
+
|
509
|
+
/**
|
510
|
+
* @note code calling this should not assume BC provider internals !
|
511
|
+
*/
|
512
|
+
public static KeyGenerator getKeyGenerator(final String algorithm) throws NoSuchAlgorithmException {
|
513
|
+
try {
|
514
|
+
final Provider provider = getSecurityProvider();
|
515
|
+
if ( provider != null ) return getKeyGenerator(algorithm, provider);
|
516
|
+
}
|
517
|
+
catch (NoSuchAlgorithmException e) { }
|
518
|
+
catch (SecurityException e) { debugStackTrace(e); }
|
519
|
+
return KeyGenerator.getInstance(algorithm);
|
520
|
+
}
|
521
|
+
|
522
|
+
static KeyGenerator getKeyGenerator(final String algorithm, final Provider provider)
|
523
|
+
throws NoSuchAlgorithmException {
|
524
|
+
final KeyGeneratorSpi spi = (KeyGeneratorSpi) getImplEngine("KeyGenerator", algorithm);
|
525
|
+
if ( spi == null ) throw new NoSuchAlgorithmException(algorithm + " not found");
|
526
|
+
|
527
|
+
return newInstance(KeyGenerator.class,
|
528
|
+
new Class[] { KeyGeneratorSpi.class, Provider.class, String.class },
|
529
|
+
new Object[] { spi, provider, algorithm }
|
530
|
+
);
|
531
|
+
}
|
532
|
+
|
533
|
+
/**
|
534
|
+
* @note code calling this should not assume BC provider internals !
|
535
|
+
*/
|
536
|
+
public static SecretKeyFactory getSecretKeyFactory(final String algorithm) throws NoSuchAlgorithmException {
|
537
|
+
try {
|
538
|
+
final Provider provider = getSecurityProvider();
|
539
|
+
if ( provider != null ) return getSecretKeyFactory(algorithm, provider);
|
540
|
+
}
|
541
|
+
catch (NoSuchAlgorithmException e) { }
|
542
|
+
catch (SecurityException e) { debugStackTrace(e); }
|
543
|
+
return SecretKeyFactory.getInstance(algorithm);
|
544
|
+
}
|
545
|
+
|
546
|
+
static SecretKeyFactory getSecretKeyFactory(final String algorithm, final Provider provider)
|
547
|
+
throws NoSuchAlgorithmException {
|
548
|
+
final SecretKeyFactorySpi spi = (SecretKeyFactorySpi) getImplEngine("SecretKeyFactory", algorithm);
|
549
|
+
if ( spi == null ) throw new NoSuchAlgorithmException(algorithm + " not found");
|
550
|
+
|
551
|
+
return newInstance(SecretKeyFactory.class,
|
552
|
+
new Class[] { SecretKeyFactorySpi.class, Provider.class, String.class },
|
553
|
+
new Object[] { spi, provider, algorithm }
|
554
|
+
);
|
555
|
+
}
|
556
|
+
|
557
|
+
private static boolean providerSSLContext = false; // BC does not implement + JDK default is fine
|
558
|
+
|
559
|
+
public static SSLContext getSSLContext(final String protocol)
|
560
|
+
throws NoSuchAlgorithmException {
|
561
|
+
try {
|
562
|
+
if ( providerSSLContext ) {
|
563
|
+
final Provider provider = getSecurityProvider();
|
564
|
+
if ( provider != null ) {
|
565
|
+
return getSSLContext(protocol, provider);
|
566
|
+
}
|
567
|
+
}
|
568
|
+
}
|
569
|
+
catch (NoSuchAlgorithmException e) { }
|
570
|
+
return SSLContext.getInstance(protocol);
|
571
|
+
}
|
572
|
+
|
573
|
+
private static SSLContext getSSLContext(final String protocol, final Provider provider)
|
574
|
+
throws NoSuchAlgorithmException {
|
575
|
+
return SSLContext.getInstance(protocol, provider);
|
576
|
+
}
|
577
|
+
|
578
|
+
public static boolean verify(final X509CRL crl, final PublicKey publicKey)
|
579
|
+
throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
|
580
|
+
return verify(crl, publicKey, false);
|
581
|
+
}
|
582
|
+
|
583
|
+
static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent)
|
584
|
+
throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
|
585
|
+
|
586
|
+
if ( crl instanceof X509CRLObject ) {
|
587
|
+
final CertificateList crlList = (CertificateList) getCertificateList(crl);
|
588
|
+
final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
|
589
|
+
if ( ! crlList.getSignatureAlgorithm().equals(tbsSignatureId) ) {
|
590
|
+
if ( silent ) return false;
|
591
|
+
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
|
592
|
+
}
|
593
|
+
|
594
|
+
final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
|
595
|
+
|
596
|
+
signature.initVerify(publicKey);
|
597
|
+
signature.update(crl.getTBSCertList());
|
598
|
+
|
599
|
+
if ( ! signature.verify( crl.getSignature() ) ) {
|
600
|
+
if ( silent ) return false;
|
601
|
+
throw new SignatureException("CRL does not verify with supplied public key.");
|
602
|
+
}
|
603
|
+
return true;
|
604
|
+
}
|
605
|
+
else {
|
606
|
+
try {
|
607
|
+
final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
|
608
|
+
final ContentVerifierProvider verifierProvider;
|
609
|
+
if ( "DSA".equalsIgnoreCase( publicKey.getAlgorithm() )) {
|
610
|
+
BigInteger y = ((DSAPublicKey) publicKey).getY();
|
611
|
+
DSAParams params = ((DSAPublicKey) publicKey).getParams();
|
612
|
+
DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
|
613
|
+
AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
|
614
|
+
verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
|
615
|
+
}
|
616
|
+
else {
|
617
|
+
BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
|
618
|
+
BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
|
619
|
+
AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
|
620
|
+
verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
|
621
|
+
}
|
622
|
+
return new X509CRLHolder(crl.getEncoded()).isSignatureValid( verifierProvider );
|
623
|
+
}
|
624
|
+
catch (OperatorException e) {
|
625
|
+
throw new SignatureException(e);
|
626
|
+
}
|
627
|
+
catch (CertException e) {
|
628
|
+
throw new SignatureException(e);
|
629
|
+
}
|
630
|
+
// can happen if the input is DER but does not match expected strucure
|
631
|
+
catch (ClassCastException e) {
|
632
|
+
throw new SignatureException(e);
|
633
|
+
}
|
634
|
+
catch (IOException e) {
|
635
|
+
throw new SignatureException(e);
|
636
|
+
}
|
637
|
+
}
|
638
|
+
}
|
639
|
+
|
640
|
+
private static Object getCertificateList(final Object crl) { // X509CRLObject
|
641
|
+
try { // private CertificateList c;
|
642
|
+
final Field cField = X509CRLObject.class.getDeclaredField("c");
|
643
|
+
cField.setAccessible(true);
|
644
|
+
return cField.get(crl);
|
645
|
+
}
|
646
|
+
catch (NoSuchFieldException e) {
|
647
|
+
debugStackTrace(e); return null;
|
648
|
+
}
|
649
|
+
catch (IllegalAccessException e) { return null; }
|
650
|
+
catch (SecurityException e) { return null; }
|
651
|
+
}
|
652
|
+
|
653
|
+
// these are BC JCE (@see javax.crypto.JCEUtil) inspired internals :
|
654
|
+
// https://github.com/bcgit/bc-java/blob/master/jce/src/main/java/javax/crypto/JCEUtil.java
|
655
|
+
|
656
|
+
private static Object getImplEngine(String baseName, String algorithm) {
|
657
|
+
Object engine = findImplEngine(baseName, algorithm.toUpperCase(Locale.ENGLISH));
|
658
|
+
if (engine == null) {
|
659
|
+
engine = findImplEngine(baseName, algorithm);
|
660
|
+
}
|
661
|
+
return engine;
|
662
|
+
}
|
663
|
+
|
664
|
+
private static Object findImplEngine(final String baseName, String algorithm) {
|
665
|
+
Class implEngineClass = implEngines.get(baseName + ":" + algorithm);
|
666
|
+
|
667
|
+
if (implEngineClass == null) {
|
668
|
+
final Provider bcProvider = securityProvider;
|
669
|
+
String alias;
|
670
|
+
while ((alias = bcProvider.getProperty("Alg.Alias." + baseName + "." + algorithm)) != null) {
|
671
|
+
algorithm = alias;
|
672
|
+
}
|
673
|
+
final String className = bcProvider.getProperty(baseName + "." + algorithm);
|
674
|
+
if (className != null) {
|
675
|
+
try {
|
676
|
+
ClassLoader loader = bcProvider.getClass().getClassLoader();
|
677
|
+
if (loader != null) {
|
678
|
+
implEngineClass = loader.loadClass(className);
|
679
|
+
} else {
|
680
|
+
implEngineClass = Class.forName(className);
|
681
|
+
}
|
682
|
+
implEngineClass.newInstance(); // this instance is thrown away to test newInstance, but only once
|
683
|
+
} catch (ClassNotFoundException e) {
|
684
|
+
throw new IllegalStateException("algorithm " + algorithm + " in provider " + bcProvider.getName() + " but no class \"" + className + "\" found!");
|
685
|
+
} catch (Exception e) {
|
686
|
+
throw new IllegalStateException("algorithm " + algorithm + " in provider " + bcProvider.getName() + " but class \"" + className + "\" inaccessible!");
|
687
|
+
}
|
688
|
+
} else {
|
689
|
+
return null;
|
690
|
+
}
|
691
|
+
|
692
|
+
implEngines.put(baseName + ":" + algorithm, implEngineClass);
|
693
|
+
}
|
694
|
+
|
695
|
+
try {
|
696
|
+
return implEngineClass.newInstance();
|
697
|
+
} catch (Exception e) {
|
698
|
+
final Provider bcProvider = securityProvider;
|
699
|
+
String className = implEngineClass.getName();
|
700
|
+
throw new IllegalStateException("algorithm " + algorithm + " in provider " + bcProvider.getName() + " but class \"" + className + "\" inaccessible!");
|
701
|
+
}
|
702
|
+
}
|
703
|
+
|
704
|
+
// the obligratory "reflection crap" :
|
705
|
+
|
706
|
+
private static <T> T newInstance(Class<T> klass, Class<?>[] paramTypes, Object... params) {
|
707
|
+
final Constructor<T> constructor;
|
708
|
+
try {
|
709
|
+
constructor = klass.getDeclaredConstructor(paramTypes);
|
710
|
+
constructor.setAccessible(true);
|
711
|
+
return constructor.newInstance(params);
|
712
|
+
} catch (NoSuchMethodException e) {
|
713
|
+
throw new IllegalStateException(e.getMessage(), e);
|
714
|
+
} catch (InvocationTargetException e) {
|
715
|
+
throw new IllegalStateException(e.getTargetException());
|
716
|
+
} catch (InstantiationException e) {
|
717
|
+
throw new IllegalStateException(e);
|
718
|
+
} catch (IllegalAccessException e) {
|
719
|
+
throw new IllegalStateException(e);
|
720
|
+
}
|
721
|
+
}
|
722
|
+
|
723
|
+
@SuppressWarnings("unchecked")
|
724
|
+
private static <T> T invoke(Object object, Class<?> klass, String methodName, Class<?>[] paramTypes, Object... params) {
|
725
|
+
final Method method;
|
726
|
+
try {
|
727
|
+
method = klass.getDeclaredMethod(methodName, paramTypes);
|
728
|
+
method.setAccessible(true);
|
729
|
+
return (T) method.invoke(object, params);
|
730
|
+
} catch (NoSuchMethodException e) {
|
731
|
+
throw new IllegalStateException(e.getMessage(), e);
|
732
|
+
} catch (InvocationTargetException e) {
|
733
|
+
throw new IllegalStateException(e.getTargetException());
|
734
|
+
} catch (IllegalAccessException e) {
|
735
|
+
throw new IllegalStateException(e);
|
736
|
+
}
|
737
|
+
}
|
738
|
+
|
739
|
+
private static void setField(Object obj, Class<?> fieldOwner, String fieldName, Object value) {
|
740
|
+
final Field field;
|
741
|
+
try {
|
742
|
+
field = fieldOwner.getDeclaredField(fieldName);
|
743
|
+
field.setAccessible(true);
|
744
|
+
field.set(obj, value);
|
745
|
+
} catch (NoSuchFieldException e) {
|
746
|
+
throw new IllegalStateException("no field '" + fieldName + "' declared in " + fieldOwner + "", e);
|
747
|
+
} catch (IllegalAccessException e) {
|
748
|
+
throw new IllegalStateException(e);
|
749
|
+
}
|
750
|
+
}
|
751
|
+
}
|
metadata
CHANGED
@@ -1,74 +1,75 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fast-rsa-engine
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
|
-
- Christian
|
7
|
+
- Christian Meier
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-08-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name: jar-dependencies
|
15
|
-
version_requirements: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - ~>
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '0.1'
|
20
14
|
requirement: !ruby/object:Gem::Requirement
|
21
15
|
requirements:
|
22
16
|
- - ~>
|
23
17
|
- !ruby/object:Gem::Version
|
24
18
|
version: '0.1'
|
19
|
+
name: jar-dependencies
|
25
20
|
prerelease: false
|
26
21
|
type: :runtime
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: ruby-maven
|
29
22
|
version_requirements: !ruby/object:Gem::Requirement
|
30
23
|
requirements:
|
31
24
|
- - ~>
|
32
25
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
26
|
+
version: '0.1'
|
27
|
+
- !ruby/object:Gem::Dependency
|
34
28
|
requirement: !ruby/object:Gem::Requirement
|
35
29
|
requirements:
|
36
30
|
- - ~>
|
37
31
|
- !ruby/object:Gem::Version
|
38
32
|
version: '3.3'
|
33
|
+
name: ruby-maven
|
39
34
|
prerelease: false
|
40
35
|
type: :development
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: rspec
|
43
36
|
version_requirements: !ruby/object:Gem::Requirement
|
44
37
|
requirements:
|
45
38
|
- - ~>
|
46
39
|
- !ruby/object:Gem::Version
|
47
40
|
version: '3.3'
|
41
|
+
- !ruby/object:Gem::Dependency
|
48
42
|
requirement: !ruby/object:Gem::Requirement
|
49
43
|
requirements:
|
50
44
|
- - ~>
|
51
45
|
- !ruby/object:Gem::Version
|
52
46
|
version: '3.3'
|
47
|
+
name: rspec
|
53
48
|
prerelease: false
|
54
49
|
type: :development
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: rake
|
57
50
|
version_requirements: !ruby/object:Gem::Requirement
|
58
51
|
requirements:
|
59
52
|
- - ~>
|
60
53
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
54
|
+
version: '3.3'
|
55
|
+
- !ruby/object:Gem::Dependency
|
62
56
|
requirement: !ruby/object:Gem::Requirement
|
63
57
|
requirements:
|
64
58
|
- - ~>
|
65
59
|
- !ruby/object:Gem::Version
|
66
60
|
version: '10.2'
|
61
|
+
name: rake
|
67
62
|
prerelease: false
|
68
63
|
type: :development
|
69
|
-
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ~>
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '10.2'
|
69
|
+
description: this gem replaces the RSA signature and RSA ciphers from jruby-openssl by a faster implementation of them. see https://corner.squareup.com/2014/02/faster-rsa-jnagmp.html
|
70
70
|
email:
|
71
71
|
- christian.meier@lookout.com
|
72
|
+
- rtyler.croy@lookout.com
|
72
73
|
executables: []
|
73
74
|
extensions: []
|
74
75
|
extra_rdoc_files: []
|
@@ -76,6 +77,10 @@ files:
|
|
76
77
|
- .gitignore
|
77
78
|
- .travis.yml
|
78
79
|
- Gemfile
|
80
|
+
- Gemfile096
|
81
|
+
- Gemfile096.lock
|
82
|
+
- Gemfile098
|
83
|
+
- Gemfile098.lock
|
79
84
|
- LICENSE
|
80
85
|
- README.md
|
81
86
|
- Rakefile
|
@@ -95,7 +100,7 @@ files:
|
|
95
100
|
- spec/signature_spec.rb
|
96
101
|
- src/main/java/com/github/lookout/fastrsa/FastCipherSpi.java
|
97
102
|
- src/main/java/com/github/lookout/fastrsa/FastDigestSignatureSpi.java
|
98
|
-
- src/main/java/
|
103
|
+
- src/main/java/org/jruby/ext/openssl/SecurityHelper.java
|
99
104
|
homepage: https://github.com/lookout/fast-rsa-engine
|
100
105
|
licenses:
|
101
106
|
- MIT
|
@@ -123,5 +128,5 @@ rubyforge_project:
|
|
123
128
|
rubygems_version: 2.4.8
|
124
129
|
signing_key:
|
125
130
|
specification_version: 4
|
126
|
-
summary: replaces the RSA signature and RSA ciphers from jruby-openssl by
|
131
|
+
summary: replaces the RSA signature and RSA ciphers from jruby-openssl by a faster implementation of them
|
127
132
|
test_files: []
|
@@ -1,29 +0,0 @@
|
|
1
|
-
package com.github.lookout.fastrsa;
|
2
|
-
|
3
|
-
import java.util.Map;
|
4
|
-
|
5
|
-
public class SecurityHelperMap {
|
6
|
-
|
7
|
-
private SecurityHelperMap() {}
|
8
|
-
|
9
|
-
public static void setup( Map<String, Class<?>> engines ) {
|
10
|
-
String[] names = {
|
11
|
-
"MD2", "MD4", "MD5",
|
12
|
-
"RIPEMD128", "RIPEMD160", "RIPEMD256",
|
13
|
-
"SHA1", "SHA224", "SHA256", "SHA384", "SHA512"
|
14
|
-
};
|
15
|
-
|
16
|
-
ClassLoader classLoader = SecurityHelperMap.class.getClassLoader();
|
17
|
-
for (String name : names ) {
|
18
|
-
try {
|
19
|
-
engines.put( "Signature:" + name + "WITHRSA",
|
20
|
-
classLoader.loadClass( FastDigestSignatureSpi.class.getName() + "$" + name ) );
|
21
|
-
}
|
22
|
-
catch( ClassNotFoundException e ) {
|
23
|
-
System.err.println( "signature class not found for: " + name + " ( " + e.getMessage() + " )" );
|
24
|
-
}
|
25
|
-
}
|
26
|
-
|
27
|
-
engines.put( "Cipher:RSA", FastCipherSpi.NoPadding.class );
|
28
|
-
}
|
29
|
-
}
|