jruby-openssl-maven 0.7.4.1

data/History.txt

@@ -0,0 +1,171 @@
+== 0.7.4
+
+- JRUBY-5519: Avoid String encoding dependency in DER loading. PEM loading failed on JRuby 1.6.x. Fixed.
+- JRUBY-5510: Add debug information to released jar
+- JRUBY-5478: Update bouncycastle jars to the latest version. (1.46)
+
+== 0.7.3
+
+- JRUBY-5200: Net::IMAP + SSL(imaps) login could hang. Fixed.
+- JRUBY-5253: Allow to load the certificate file which includes private
+  key for activemarchant compatibility.
+- JRUBY-5267: Added SSL socket error-checks to avoid busy loop under an
+  unknown condition.
+- JRUBY-5316: Improvements for J9's IBMJCE support. Now all testcases
+  pass on J9 JDK 6.
+
+== 0.7.2
+
+- JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream
+  cipher (Net::SSH compatibility)
+- JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH
+  compatibility)
+- JRUBY-5096: Fixed inconsistent Certificate verification behavior
+- JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects
+- JRUBY-5059: SSLSocket ignores Timeout (Fixed)
+- JRUBY-4965: implemented OpenSSL::Config
+- JRUBY-5023: make Certificate#signature_algorithm return correct algo
+  name; "sha1WithRSAEncryption" instead of "SHA1"
+- JRUBY-5024: let HMAC.new accept a String as a digest name
+- JRUBY-5018: SSLSocket holds selectors, keys, preventing quick
+  cleanup of resources when dereferenced
+
+== 0.7.1
+
+- NOTE: Now BouncyCastle jars has moved out to its own gem
+  "bouncy-castle-java" (http://rubygems.org/gems/bouncy-castle-java).
+  You don't need to care about it because "jruby-openssl" gem depends
+  on it from now on.
+
+=== SSL bugfix
+
+- JRUBY-4826 net/https client possibly raises "rbuf_fill': End of file
+  reached (EOFError)" for HTTP chunked read.
+
+=== Misc
+
+- JRUBY-4900: Set proper String to OpenSSL::OPENSSL_VERSION. Make sure
+  it's not an OpenSSL artifact: "OpenSSL 0.9.8b 04 May 2006
+  (JRuby-OpenSSL fake)" -> "jruby-ossl 0.7.1"
+- JRUBY-4975: Moving BouncyCastle jars out to its own gem.
+
+== 0.7
+
+- Follow MRI 1.8.7 openssl API changes
+- Fixes so that jruby-openssl can run on appengine
+- Many bug and compatibility fixes, see below.
+- This is the last release that will be compatible with JRuby 1.4.x.
+- Compatibility issues
+-- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7.
+-- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7.
+-- JRUBY-4444: OpenSSL crash running RubyGems tests
+-- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message available"
+-- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris
+-- JRUBY-4541: jruby-openssl doesn't load on App Engine.
+-- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris
+-- JRUBY-4535: Issues with the BouncyCastle provider
+-- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov
+-- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 -> jdk15-144
+- Cipher issues
+-- JRUBY-4012: Initialization vector length handled differently than in MRI (longer IV sequence are trimmed to fit the required)
+-- JRUBY-4473: Implemented DSA key generation
+-- JRUBY-4472: Cipher does not support RC4 and CAST
+-- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or 168' for DES3 + SunJCE
+- SSL and X.509(PKIX) issues
+-- JRUBY-4384: TCP socket connection causes busy loop of SSL server
+-- JRUBY-4370: Implement SSLContext#ciphers
+-- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT'
+-- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented
+-- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca
+-- JRUBY-4684: SSLContext#verify_depth is ignored
+-- JRUBY-4398: SSLContext#options does not affect to SSL sessions
+-- JRUBY-4360: Implement SSLSocket#verify_result and dependents
+-- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating (ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when returning SOAP queries over a certain size)
+-- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel close
+-- JRUBY-4369: X509Store#verify_callback is not called
+-- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes certificates which have the same subject (problem with ruby-openid-apps-discovery (github jruby-openssl issue #2))
+-- JRUBY-4333: PKCS#8 formatted privkey read
+-- JRUBY-4454: Loading Key file as a Certificate causes NPE
+-- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized from PEM causes IllegalStateException
+- PKCS#7 issues
+-- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm
+-- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake test doesn't finish on JDK5 w/o policy files update)
+-  Misc
+-- JRUBY-4574: jruby-openssl deprecation warning cleanup
+-- JRUBY-4591: jruby-1.4 support
+
+== 0.6
+
+- This is a recommended upgrade to jruby-openssl. A security problem
+  involving peer certificate verification was found where failed
+  verification silently did nothing, making affected applications
+  vulnerable to attackers. Attackers could lead a client application
+  to believe that a secure connection to a rogue SSL server is
+  legitimate. Attackers could also penetrate client-validated SSL
+  server applications with a dummy certificate. Your application would
+  be vulnerable if you're using the 'net/https' library with
+  OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl
+  prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the
+  problem and providing the fix. See
+  http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html
+  for details.
+- This release addresses CVE-2009-4123 which was reserved for the
+  above vulnerability.
+- Many fixes from NaHi, including issues related to certificate
+  verification and certificate store purpose verification.
+  - implement OpenSSL::X509::Store#set_default_paths
+  - MRI compat. fix: OpenSSL::X509::Store#add_file
+  - Fix nsCertType handling.
+  - Fix Cipher#key_len for DES-EDE3: 16 should be 24.
+  - Modified test expectations around Cipher#final.
+- Public keys are lazily instantiated when the
+  X509::Certificate#public_key method is called (Dave Garcia)
+
+== 0.5.2
+
+* Multiple bugs fixed:
+** JRUBY-3895	Could not verify server signature with net-ssh against Cygwin
+** JRUBY-3864	jruby-openssl depends on Base64Coder from JvYAMLb
+** JRUBY-3790	JRuby-OpenSSL test_post_connection_check is not passing
+** JRUBY-3767	OpenSSL ssl implementation doesn't support client auth
+** JRUBY-3673	jRuby-OpenSSL does not properly load certificate authority file
+
+== 0.5.1
+
+* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100%
+* Fix by Frederic Jean for a character-decoding issue for some certificates
+
+== 0.5
+
+* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
+* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert Validation Error, when there should be no error
+* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
+* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
+* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating digest
+* Misc code cleanup
+
+== 0.2
+
+- Enable remaining tests; fix a nil string issue in SSLSocket.sysread (JRUBY-1888)
+- Fix socket buffering issue by setting socket IO sync = true
+- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
+- Fix AES key length (JRUBY-2187)
+- Fix cipher initialization (JRUBY-1100)
+- Now, only compatible with JRuby 1.1
+
+== 0.1.1
+
+- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)
+
+== 0.1
+
+- PLEASE NOTE: This release is not compatible with JRuby releases earlier than
+  1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
+  0.6 release.
+- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
+- Simultaneous support for JRuby trunk and 1.0 branch
+- Start of support for OpenSSL::BN
+
+== 0.0.5 and prior
+
+- Initial versions with maintenance updates

data/License.txt

@@ -0,0 +1,30 @@
+JRuby-OpenSSL is distributed under the same license as JRuby (http://www.jruby.org/).
+
+Version: CPL 1.0/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Common Public
+License Version 1.0 (the "License"); you may not use this file
+except in compliance with the License. You may obtain a copy of
+the License at http://www.eclipse.org/legal/cpl-v10.html
+
+Software distributed under the License is distributed on an "AS
+IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+implied. See the License for the specific language governing
+rights and limitations under the License.
+
+Copyright (C) 2007 Ola Bini <ola.bini@gmail.com>
+
+Alternatively, the contents of this file may be used under the terms of
+either of the GNU General Public License Version 2 or later (the "GPL"),
+or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the CPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the CPL, the GPL or the LGPL.
+
+JRuby-OpenSSL includes software by the Legion of the Bouncy Castle
+(http://bouncycastle.org/license.html).

data/Manifest.txt

@@ -0,0 +1,115 @@
+Rakefile
+History.txt
+Manifest.txt
+README.txt
+License.txt
+lib/jopenssl.jar
+lib/openssl
+lib/jopenssl
+lib/jopenssl.jar
+lib/openssl.rb
+lib/openssl/dummy.rb
+lib/openssl/dummyssl.rb
+lib/openssl/config.rb
+lib/openssl/cipher.rb
+lib/openssl/ssl.rb
+lib/openssl/bn.rb
+lib/openssl/x509.rb
+lib/openssl/digest.rb
+lib/openssl/buffering.rb
+lib/openssl/pkcs7.rb
+lib/jopenssl/version.rb
+test/test_imaps.rb
+test/test_all.rb
+test/test_integration.rb
+test/ut_eof.rb
+test/openssl
+test/test_java.rb
+test/test_openssl.rb
+test/test_pkey.rb
+test/ref
+test/test_cipher.rb
+test/cert_with_ec_pk.cer
+test/fixture
+test/test_pkcs7.rb
+test/test_x509store.rb
+test/test_certificate.rb
+test/test_parse_certificate.rb
+test/test_ssl.rb
+test/java
+test/openssl/test_x509name.rb
+test/openssl/test_ns_spki.rb
+test/openssl/test_x509cert.rb
+test/openssl/ssl_server.rb
+test/openssl/test_pair.rb
+test/openssl/test_ec.rb
+test/openssl/test_config.rb
+test/openssl/utils.rb
+test/openssl/test_x509req.rb
+test/openssl/test_cipher.rb
+test/openssl/test_digest.rb
+test/openssl/test_x509ext.rb
+test/openssl/test_asn1.rb
+test/openssl/test_pkcs7.rb
+test/openssl/test_x509store.rb
+test/openssl/test_pkey_rsa.rb
+test/openssl/test_ssl.rb
+test/openssl/test_x509crl.rb
+test/openssl/test_hmac.rb
+test/ref/compile.rb
+test/ref/a.out
+test/ref/pkcs1
+test/ref/pkcs1.c
+test/fixture/cacert.pem
+test/fixture/ca-bundle.crt
+test/fixture/common.pem
+test/fixture/key_then_cert.pem
+test/fixture/verisign.pem
+test/fixture/cert_localhost.pem
+test/fixture/localhost_keypair.pem
+test/fixture/verisign_c3.pem
+test/fixture/selfcert.pem
+test/fixture/max.pem
+test/fixture/keypair.pem
+test/fixture/purpose
+test/fixture/imaps
+test/fixture/ca_path
+test/fixture/purpose/cacert.pem
+test/fixture/purpose/sslclient
+test/fixture/purpose/b70a5bc1.0
+test/fixture/purpose/ca
+test/fixture/purpose/sslclient.pem
+test/fixture/purpose/sslserver.pem
+test/fixture/purpose/scripts
+test/fixture/purpose/sslserver
+test/fixture/purpose/sslclient/sslclient.pem
+test/fixture/purpose/sslclient/csr.pem
+test/fixture/purpose/sslclient/keypair.pem
+test/fixture/purpose/ca/cacert.pem
+test/fixture/purpose/ca/newcerts
+test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234
+test/fixture/purpose/ca/ca_config.rb
+test/fixture/purpose/ca/serial
+test/fixture/purpose/ca/private
+test/fixture/purpose/ca/newcerts/2_cert.pem
+test/fixture/purpose/ca/newcerts/3_cert.pem
+test/fixture/purpose/ca/private/cakeypair.pem
+test/fixture/purpose/scripts/gen_cert.rb
+test/fixture/purpose/scripts/init_ca.rb
+test/fixture/purpose/scripts/gen_csr.rb
+test/fixture/purpose/sslserver/sslserver.pem
+test/fixture/purpose/sslserver/csr.pem
+test/fixture/purpose/sslserver/keypair.pem
+test/fixture/imaps/cacert.pem
+test/fixture/imaps/server.crt
+test/fixture/imaps/server.key
+test/fixture/ca_path/verisign.pem
+test/fixture/ca_path/72fa7371.0
+test/java/pkcs7_mime_enveloped.message
+test/java/pkcs7_mime_signed.message
+test/java/test_java_pkcs7.rb
+test/java/test_java_bio.rb
+test/java/pkcs7_multipart_signed.message
+test/java/test_java_mime.rb
+test/java/test_java_attribute.rb
+test/java/test_java_smime.rb

data/README.txt

@@ -0,0 +1,13 @@
+= JRuby-OpenSSL
+
+* http://jruby-extras.rubyforge.org/jruby-openssl
+
+== DESCRIPTION:
+
+JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.
+
+Please report bugs and incompatibilities (preferably with testcases) to either the JRuby 
+mailing list [1] or the JRuby bug tracker [2].
+
+[1]: http://xircles.codehaus.org/projects/jruby/lists
+[2]: http://jira.codehaus.org/browse/JRUBY

data/Rakefile

@@ -0,0 +1,79 @@
+require 'rake'
+require 'rake/testtask'
+
+MANIFEST = FileList["Rakefile", "History.txt", "Manifest.txt", "README.txt", "License.txt", "lib/jopenssl.jar", "lib/**/*", "test/**/*"]
+BC_JARS = FileList["build_lib/bc*.jar"]
+
+task :default => [:java_compile, :test]
+
+def java_classpath_arg # myriad of ways to discover JRuby classpath
+  begin
+    cpath  = Java::java.lang.System.getProperty('java.class.path').split(File::PATH_SEPARATOR)
+    cpath += Java::java.lang.System.getProperty('sun.boot.class.path').split(File::PATH_SEPARATOR)
+    jruby_cpath = cpath.compact.join(File::PATH_SEPARATOR)
+  rescue => e
+  end
+  unless jruby_cpath
+    jruby_cpath = ENV['JRUBY_PARENT_CLASSPATH'] || ENV['JRUBY_HOME'] &&
+      FileList["#{ENV['JRUBY_HOME']}/lib/*.jar"].join(File::PATH_SEPARATOR)
+  end
+  bc_jars = BC_JARS.join(File::PATH_SEPARATOR)
+  jruby_cpath ? "-cp \"#{jruby_cpath.gsub('\\', '/')}#{File::PATH_SEPARATOR}#{bc_jars}\"" : "-cp \"#{bc_jars}\""
+end
+
+desc "Compile the native Java code."
+task :java_compile do
+  mkdir_p "pkg/classes"
+
+  File.open("pkg/compile_options", "w") do |f|
+    f << "-g -target 1.5 -source 1.5 -Xlint:unchecked -Xlint:deprecation -d pkg/classes"
+  end
+
+  File.open("pkg/compile_classpath", "w") do |f|
+    f << java_classpath_arg
+  end
+
+  File.open("pkg/compile_sourcefiles", "w") do |f|
+    f << FileList['src/java/**/*.java'].join(' ')
+  end
+
+  sh "javac @pkg/compile_options @pkg/compile_classpath @pkg/compile_sourcefiles"
+  sh "jar cf lib/jopenssl.jar -C pkg/classes/ ."
+end
+file "lib/jopenssl.jar" => :java_compile
+
+task :more_clean do
+  rm_f FileList['lib/jopenssl.jar']
+end
+task :clean => :more_clean
+
+File.open("Manifest.txt", "w") {|f| MANIFEST.each {|n| f.puts n } }
+
+begin
+  require 'hoe'
+  Hoe.plugin :gemcutter
+  Hoe.add_include_dirs('build_lib')
+  hoe = Hoe.spec("jruby-openssl") do |p|
+    load File.dirname(__FILE__) + "/lib/jopenssl/version.rb"
+    p.version = Jopenssl::Version::VERSION
+    p.rubyforge_name = "jruby-extras"
+    p.url = "http://jruby-extras.rubyforge.org/jruby-openssl"
+    p.author = "Ola Bini and JRuby contributors"
+    p.email = "ola.bini@gmail.com"
+    p.summary = "OpenSSL add-on for JRuby"
+    p.changes = p.paragraphs_of('History.txt', 0..1).join("\n\n")
+    p.description = p.paragraphs_of('README.txt', 3...4).join("\n\n")
+    p.test_globs = ENV["TEST"] || ["test/test_all.rb"]
+    p.extra_deps << ['bouncy-castle-java', '>= 0']
+  end
+  hoe.spec.dependencies.delete_if { |dep| dep.name == "hoe" }
+
+  task :gemspec do
+    File.open("#{hoe.name}.gemspec", "w") {|f| f << hoe.spec.to_ruby }
+  end
+  task :package => :gemspec
+rescue LoadError
+  puts "You really need Hoe installed to be able to package this gem"
+rescue => e
+  puts "ignoring error while loading hoe: #{e.to_s}"
+end

data/lib/jopenssl/version.rb

@@ -0,0 +1,5 @@
+module Jopenssl
+  module Version
+    VERSION = "0.7.4"
+  end
+end

data/lib/openssl.rb

@@ -0,0 +1,76 @@
+=begin
+= $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id: openssl.rb 12496 2007-06-08 15:02:04Z technorama $
+=end
+
+# TODO: remove this chunk after 1.4 support is dropped
+require 'digest'
+unless defined?(::Digest::Class)
+  # restricted support for jruby <= 1.4 (1.8.6 Digest compat)
+  module Digest
+    class Class
+      def self.hexdigest(name, data)
+        digest(name, data).unpack('H*')[0]
+      end
+
+      def self.digest(data, name)
+        digester = const_get(name).new
+        digester.update(data)
+        digester.finish
+      end
+
+      def hexdigest
+        digest.unpack('H*')[0]
+      end
+
+      def digest
+        dup.finish
+      end
+
+      def ==(oth)
+        digest == oth.digest
+      end
+
+      def to_s
+        hexdigest
+      end
+
+      def size
+        digest_length
+      end
+
+      def length
+        digest_length
+      end
+    end
+  end
+end
+# end of compat chunk.
+
+begin
+#  require 'bouncy-castle-java'
+rescue LoadError
+  # runs under restricted mode.
+end
+require 'jopenssl'
+
+
+require 'openssl/bn'
+require 'openssl/cipher'
+require 'openssl/config'
+require 'openssl/digest'
+require 'openssl/pkcs7'
+require 'openssl/ssl'
+require 'openssl/x509'
+