jruby-jruby-openssl 0.5.0.4

data/lib/openssl/digest.rb

@@ -0,0 +1,48 @@
+=begin
+= $RCSfile: digest.rb,v $ -- Ruby-space predefined Digest subclasses
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id: digest.rb,v 1.1.2.2 2006/06/20 11:18:15 gotoyuzo Exp $
+=end
+
+##
+# Should we care what if somebody require this file directly?
+#require 'openssl'
+
+module OpenSSL
+  module Digest
+
+    alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
+    if OPENSSL_VERSION_NUMBER > 0x00908000
+      alg += %w(SHA224 SHA256 SHA384 SHA512)
+    end
+    alg.each{|name|
+      klass = Class.new(Digest){
+        define_method(:initialize){|*data|
+          if data.length > 1
+            raise ArgumentError,
+              "wrong number of arguments (#{data.length} for 1)"
+          end
+          super(name, data.first)
+        }
+      }
+      singleton = (class <<klass; self; end)
+      singleton.class_eval{
+        define_method(:digest){|data| Digest.digest(name, data) }
+        define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
+      }
+      const_set(name, klass)
+    }
+
+  end # Digest
+end # OpenSSL
+

data/lib/openssl/dummy.rb

@@ -0,0 +1,34 @@
+warn "Warning: OpenSSL ASN1/PKey/X509/Netscape/PKCS7 implementation unavailable"
+warn "You need to download or install BouncyCastle jars (bc-prov-*.jar, bc-mail-*.jar)"
+warn "to fix this."
+module OpenSSL
+  module ASN1
+    class ASN1Error < OpenSSLError; end
+    class ASN1Data; end
+    class Primitive; end
+    class Constructive; end
+  end
+  module PKey
+    class PKeyError < OpenSSLError; end
+    class PKey; def initialize(*args); end; end
+    class RSA < PKey; end
+    class DSA < PKey; end
+    class DH < PKey; end
+  end
+  module X509
+    class Name; end
+    class Certificate; end
+    class Extension; end
+    class CRL; end
+    class Revoked; end
+    class Store; end
+    class Request; end
+    class Attribute; end
+  end
+  module Netscape
+    class SPKI; end
+  end
+  module PKCS7
+    class PKCS7; end
+  end
+end

data/lib/openssl/dummyssl.rb

@@ -0,0 +1,13 @@
+warn "Warning: OpenSSL SSL implementation unavailable"
+warn "You must run on JDK 1.5 (Java 5) or higher to use SSL"
+module OpenSSL
+  module SSL
+    class SSLError < OpenSSLError; end
+    class SSLContext; end
+    class SSLSocket; end
+    VERIFY_NONE = 0
+    VERIFY_PEER = 1
+    VERIFY_FAIL_IF_NO_PEER_CERT = 2
+    VERIFY_CLIENT_ONCE = 4
+  end
+end

data/lib/openssl/ssl.rb

@@ -0,0 +1,135 @@
+=begin
+= $RCSfile: ssl.rb,v $ -- Ruby-space definitions that completes C-space funcs for SSL
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id: ssl.rb,v 1.5.2.6 2006/05/23 18:14:05 gotoyuzo Exp $
+=end
+
+require "openssl"
+require "openssl/buffering"
+require "fcntl"
+
+module OpenSSL
+  module SSL
+    module SocketForwarder
+      def addr
+        to_io.addr
+      end
+
+      def peeraddr
+        to_io.peeraddr
+      end
+
+      def setsockopt(level, optname, optval)
+        to_io.setsockopt(level, optname, optval)
+      end
+
+      def getsockopt(level, optname)
+        to_io.getsockopt(level, optname)
+      end
+
+      def fcntl(*args)
+        to_io.fcntl(*args)
+      end
+
+      def closed?
+        to_io.closed?
+      end
+
+      def do_not_reverse_lookup=(flag)
+        to_io.do_not_reverse_lookup = flag
+      end
+    end
+
+    module Nonblock
+      def initialize(*args)
+        flag = File::NONBLOCK
+        flag |= @io.fcntl(Fcntl::F_GETFL, nil) if defined?(Fcntl::F_GETFL)
+        @io.fcntl(Fcntl::F_SETFL, flag)
+        super
+      end
+    end
+
+    class SSLSocket
+      include Buffering
+      include SocketForwarder
+      include Nonblock
+
+      def post_connection_check(hostname)
+        check_common_name = true
+        cert = peer_cert
+        cert.extensions.each{|ext|
+          next if ext.oid != "subjectAltName"
+          ext.value.split(/,\s+/).each{|general_name|
+            if /\ADNS:(.*)/ =~ general_name
+              check_common_name = false
+              reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
+              return true if /\A#{reg}\z/i =~ hostname
+            elsif /\AIP Address:(.*)/ =~ general_name
+              check_common_name = false
+              return true if $1 == hostname
+            end
+          }
+        }
+        if check_common_name
+          cert.subject.to_a.each{|oid, value|
+            if oid == "CN"
+              reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
+              return true if /\A#{reg}\z/i =~ hostname
+            end
+          }
+        end
+        raise SSLError, "hostname not match"
+      end
+    end
+
+    class SSLServer
+      include SocketForwarder
+      attr_accessor :start_immediately
+
+      def initialize(svr, ctx)
+        @svr = svr
+        @ctx = ctx
+        unless ctx.session_id_context
+          session_id = OpenSSL::Digest::MD5.hexdigest($0)
+          @ctx.session_id_context = session_id
+        end
+        @start_immediately = true
+      end
+
+      def to_io
+        @svr
+      end
+
+      def listen(backlog=5)
+        @svr.listen(backlog)
+      end
+
+      def accept
+        sock = @svr.accept
+        begin
+          ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
+          ssl.sync_close = true
+          ssl.accept if @start_immediately
+          ssl
+        rescue SSLError => ex
+          sock.close
+          raise ex
+        end
+      end
+
+      def close
+        @svr.close
+      end
+    end
+  end
+end

data/lib/openssl/x509.rb

@@ -0,0 +1,154 @@
+=begin
+= $RCSfile: x509.rb,v $ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id: x509.rb,v 1.4.2.2 2004/12/19 08:28:33 gotoyuzo Exp $
+=end
+
+require "openssl"
+
+module OpenSSL
+  module X509
+    class ExtensionFactory
+      def create_extension(*arg)
+        if arg.size > 1
+          create_ext(*arg)
+        else
+          send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
+        end
+      end
+
+      def create_ext_from_array(ary)
+        raise ExtensionError, "unexpected array form" if ary.size > 3 
+        create_ext(ary[0], ary[1], ary[2])
+      end
+
+      def create_ext_from_string(str) # "oid = critical, value"
+        oid, value = str.split(/=/, 2)
+        oid.strip!
+        value.strip!
+        create_ext(oid, value)
+      end
+      
+      def create_ext_from_hash(hash)
+        create_ext(hash["oid"], hash["value"], hash["critical"])
+      end
+    end
+    
+    class Extension
+      def to_s # "oid = critical, value"
+        str = self.oid
+        str << " = "
+        str << "critical, " if self.critical?
+        str << self.value.gsub(/\n/, ", ")
+      end
+        
+      def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
+        {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
+      end
+
+      def to_a
+        [ self.oid, self.value, self.critical? ]
+      end
+    end
+
+    class Name
+      module RFC2253DN
+        Special = ',=+<>#;'
+        HexChar = /[0-9a-fA-F]/
+        HexPair = /#{HexChar}#{HexChar}/
+        HexString = /#{HexPair}+/
+        Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
+        StringChar = /[^#{Special}\\"]/
+        QuoteChar = /[^\\"]/
+        AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
+        AttributeValue = /
+          (?!["#])((?:#{StringChar}|#{Pair})*)|
+          \#(#{HexString})|
+          "((?:#{QuoteChar}|#{Pair})*)"
+        /x
+        TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
+
+        module_function
+
+        def expand_pair(str)
+          return nil unless str
+          return str.gsub(Pair){|pair|
+            case pair.size
+            when 2 then pair[1,1]
+            when 3 then Integer("0x#{pair[1,2]}").chr
+            else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
+            end
+          }
+        end
+
+        def expand_hexstring(str)
+          return nil unless str
+          der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
+          a1 = OpenSSL::ASN1.decode(der)
+          return a1.value, a1.tag
+        end
+
+        def expand_value(str1, str2, str3)
+          value = expand_pair(str1)
+          value, tag = expand_hexstring(str2) unless value
+          value = expand_pair(str3) unless value
+          return value, tag
+        end
+
+        def scan(dn)
+          str = dn
+          ary = []
+          while true
+            if md = TypeAndValue.match(str)
+              matched = md.to_s
+              remain = md.post_match
+              type = md[1]
+              value, tag = expand_value(md[2], md[3], md[4]) rescue nil
+              if value
+                type_and_value = [type, value]
+                type_and_value.push(tag) if tag
+                ary.unshift(type_and_value)
+                if remain.length > 2 && remain[0] == ?,
+                  str = remain[1..-1]
+                  next
+                elsif remain.length > 2 && remain[0] == ?+
+                  raise OpenSSL::X509::NameError,
+                    "multi-valued RDN is not supported: #{dn}"
+                elsif remain.empty?
+                  break
+                end
+              end
+            end
+            msg_dn = dn[0, dn.length - str.length] + " =>" + str
+            raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
+          end
+          return ary
+        end
+      end
+
+      class <<self
+        def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
+          ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
+          self.new(ary, template)
+        end
+
+        def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
+          ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
+          self.new(ary, template)
+        end
+
+        alias parse parse_openssl
+      end
+    end
+  end
+end

data/test/fixture/cacert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsSgAwIBAgIBADANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEJ
+MAcGA1UECgwAMRkwFwYDVQQLDBBwb2xhcmZveC1sYXB0b3AKMQswCQYDVQQDDAJD
+QTAeFw0wODA0MjkxNTIzNDlaFw0xMzA0MjgxNTIzNDlaMEAxCzAJBgNVBAYTAlVT
+MQkwBwYDVQQKDAAxGTAXBgNVBAsMEHBvbGFyZm94LWxhcHRvcAoxCzAJBgNVBAMM
+AkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUxEs2y3huzcV+Z9
+VqCJ7CZQn3pE25Gmc+mHyrDfjX65hUsfd0oTWMlGGXHTH3kas25rq4s7iznhLJRM
+b4OUAdSjlIdWLQVe/N9i3MuekHKIcNoiKKtN2IDjIdnveMr65p2BaGKPYrwVASWE
+tj2T4tLplfWqUYv1TPJBcpLSt1zxlAeXhUn7z5h1gMrN0YUCWwPnz8gEhnMsmW8n
+Ev5um8niq8cqC1BDtHtYpKgLNJ5TKG7dnsquX9PIe22xVz936Ga20ScS9VU8QYod
+rPjDq9aT4tGqOJVv2HhUPlRqv3pVahxLQoi8fFXOzuCgzYJZFswqo8KijXlQrYfB
+7sIU0wIDAQABo4HgMIHdMA8GA1UdEwEB/wQFMAMBAf8wMQYJYIZIAYb4QgENBCQW
+IlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOA5
+LUlqCS/CSv0hsB1yVrvE/SfNMA4GA1UdDwEB/wQEAwIBBjBoBgNVHSMEYTBfgBTg
+OS1Jagkvwkr9IbAdcla7xP0nzaFEpEIwQDELMAkGA1UEBhMCVVMxCTAHBgNVBAoM
+ADEZMBcGA1UECwwQcG9sYXJmb3gtbGFwdG9wCjELMAkGA1UEAwwCQ0GCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBAAVa+1G09IwMedFGWGp7mHr8NS+xcXGmQq4g2NsJV0f4
+Aw+K6F7Km65xIUTjO9rfiFmuggT3KeSo/gsRwmRwPRQQWv3Lxv3bvcWyhZ9RMo3V
+5PMQRwJnc5cM4CGACjmusK62v36zrtXJlvNM8fGNSn7tF5i+1Wo4hKJoDwIpKN9X
+tjg1FfQdUsqnLWCFU50vZFM2UwLJczVk+8TAcd9LfZpakMNY7RbGxL4izhAojTow
+M3LieY0bNg9T+8R0A/QtAgImx3SzrLJqKspPZK7cAaXrfvnRQuOzEdTnTloS9VbE
+jjwmik9rpqUfcCtTS2gzqhKaR/HJ4nUiiNbT9pwRp68=
+-----END CERTIFICATE-----

data/test/fixture/cert_localhost.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDETCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEJ
+MAcGA1UECgwAMRkwFwYDVQQLDBBwb2xhcmZveC1sYXB0b3AKMQswCQYDVQQDDAJD
+QTAeFw0wODA0MjkxNTIzNTBaFw0wOTA0MjkxNTIzNTBaMFQxCzAJBgNVBAYTAlVT
+MQkwBwYDVQQKDAAxGTAXBgNVBAsMEHBvbGFyZm94LWxhcHRvcAoxCzAJBgNVBAsM
+AkNBMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBALwjGdTLBORgDSx56V5Pr2eykXmxNeZ6/MG/KZcjHxE8F5v5MWrwqIE1RURv
+WGruSh3KNjusP/EeofmHYlgXGMsED5JSVMe9jRH+ewG4dNwcqQPbeGhUE0L3F7Ls
+AaR9m9jsDT5ZIu5uNipbbCf3Z7Z3VkDu5RMn0QYt3gP3Y0TTAgMBAAGjgYUwgYIw
+DAYDVR0TAQH/BAIwADAxBglghkgBhvhCAQ0EJBYiUnVieS9PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHoNAq7GhjaikqPHGtiwGCPMoDysw
+CwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUA
+A4IBAQAgPF1pOQCLFr4YlXzrXV8ieptCNBPMfSjx1V6sxf+1RYhfPabnvV7vaRvj
+0WiPdtdUjBTqaDPohHI9ucyrX6CgcPqtmXcH0XxHkPNZB71DIE78DO+DbFtxKt3I
+tAEGLooERC1ZFiWbWkCdKFcwfqn+5CoN/PYulWmhwOoHrEeQU41coLHFZZjwPYga
+cJSKY4YoCkyYW28MrjMwA4DnGDCgUPENSxZumbW+XEt9IbtZ5eWou9w33BAa33L8
+L6p7CISUJmghVyfVIjVii3fC/CpS6lnL1XB1TNN9P4W3QRJR18gOlXWkPCS7vKF0
+03tfXiG1SDx4vShLX3Go9++cYUVj
+-----END CERTIFICATE-----

data/test/fixture/localhost_keypair.pem

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A4D3615618A2B1CF
+
+FPXTNlUO1RcNmNhLp+oNC0JIAInRE7p6OWBBuBGSyfRr891IZnFkGMzxlnZsvHmh
+TKTq2rVcN3yHK4bc+6vQkc2JZMp7nB04RHU3vBwy29k7Tyz8Ee+RQwBSOahNfDt+
+mJTArnDidmMcpxb3lCLbuxjM9IqCC4PWaNloCGslZb/qlwNUdAeFdQsiFBrdn2SY
+XQySczZnVBzQJv0YjlVJ6guBFtCjnCp8yUaOfIOfOUEgC1hCpjv41tfGDF2+eCiq
+4gEVB4D7Wy0s0kFf3icuhxSYcZLavpLa3dg8pG5YhoX9a+M+1164cTo+fbIdMUp7
+zrzIVSWPcgPzypjGPj/Vfo3K6B/XygLhxhL3Nf+3UVixLRERk0yBksLqPDsfifkj
+BDzMsD3vI4BteZUsbnae/w+LT3VFP+BrkhTUxvPZMzDlS8KKr50cm9Ubbx1R/beY
+uNPx7YyH8oqt70VAciqKL0G2q9DFAfjpqnLaH2toM0vp6iVG4JmI49DFgrV1AHBb
+hrn1FcmkhATfEFMbnm+hpadQxnMzPh/YB1yg7yiuicrJdTs5CJQPp5H0ES0AQhlg
+dYxGoggTic7T586JIpF9YG1yvrau5kVsbP0kqOfHR6BB7hU1XXvQeIa6GSfZVNZY
+zG6u715WH7hrQoXFAGxF6/wd575M2mLQpOWKRKvE/jrsSQHUy4vryQfozaPwPskx
+r+vXVZp9T5XiGx9Bm9m0wwTYYIRo2b7KsD5rjY0D0ZhemjPhKy6B89Y2NLYxuF8j
+kH0ockiSgexYGvWAkhh/5dxR+zCzqmKI6KFpYPkAfOfuvGqggJ3g2Q==
+-----END RSA PRIVATE KEY-----