jruby-openssl 0.10.0-java → 0.10.5-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +58 -0
- data/Mavenfile +45 -63
- data/README.md +6 -9
- data/Rakefile +4 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +13 -7
- data/lib/jopenssl/version.rb +8 -3
- data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
- data/lib/jopenssl22/openssl/ssl.rb +16 -16
- data/lib/jopenssl23/openssl.rb +1 -1
- data/lib/jopenssl23/openssl/bn.rb +2 -1
- data/lib/jopenssl23/openssl/buffering.rb +39 -35
- data/lib/jopenssl23/openssl/config.rb +65 -64
- data/lib/jopenssl23/openssl/digest.rb +1 -1
- data/lib/jopenssl23/openssl/pkey.rb +22 -34
- data/lib/jopenssl23/openssl/ssl.rb +205 -124
- data/lib/jopenssl23/openssl/x509.rb +76 -1
- data/lib/openssl/bn.rb +1 -3
- data/lib/openssl/buffering.rb +1 -3
- data/lib/openssl/cipher.rb +1 -3
- data/lib/openssl/config.rb +10 -4
- data/lib/openssl/digest.rb +1 -3
- data/lib/openssl/pkcs12.rb +1 -3
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/ssl-internal.rb +1 -3
- data/lib/openssl/ssl.rb +1 -3
- data/lib/openssl/x509-internal.rb +1 -3
- data/lib/openssl/x509.rb +1 -3
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.65/bcpkix-jdk15on-1.65.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.65/bcprov-jdk15on-1.65.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.65/bctls-jdk15on-1.65.jar +0 -0
- data/pom.xml +94 -283
- metadata +16 -63
- data/integration/1.47/pom.xml +0 -15
- data/integration/1.48/pom.xml +0 -15
- data/integration/1.49/pom.xml +0 -15
- data/integration/1.50/pom.xml +0 -15
- data/integration/Mavenfile +0 -57
- data/integration/pom.xml +0 -122
- data/lib/jopenssl24.rb +0 -112
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.59/bcpkix-jdk15on-1.59.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.59/bcprov-jdk15on-1.59.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.59/bctls-jdk15on-1.59.jar +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d6499fed6e65be2c2ce456ff6aa60748cf25877
|
4
|
+
data.tar.gz: eb002de6cd119571cd27844029a92034deb0e585
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d720cada18be2c96df796c93fe545a72b58fc53d24d06781509f50751bafb340886840530b6b469c0c97b66aedff9a13bde58017cff5b1514330a1611ec31464
|
7
|
+
data.tar.gz: 9eb17b1809536887e1c7beef398bebce95c86ed5ed0d46e43c658396387cec56f7fafbd4098fa4c2f273960faf5cae12fe980131eb6ab56bee8a694fdc75eea5
|
data/History.md
CHANGED
@@ -1,3 +1,61 @@
|
|
1
|
+
## 0.10.5
|
2
|
+
|
3
|
+
* [fix] EC key sign/verify (#193)
|
4
|
+
* [feat] upgrade BC library to 1.65
|
5
|
+
* [refactor] clean security helpers to avoid reflection (#197)
|
6
|
+
* Just use normal getInstance to get KeyFactory (fixes #197)
|
7
|
+
* Allow multiple Certificates with the same SubjectDN in the store (#198)
|
8
|
+
* Try direct path for MessageDigest before invasive path (#194)
|
9
|
+
(relates to jruby/jruby#6098)
|
10
|
+
* [refactor] avoid NativeException usage (jruby/jruby#5646)
|
11
|
+
|
12
|
+
## 0.10.4
|
13
|
+
|
14
|
+
* Use CertificateFactory.getInstance rather than reflection
|
15
|
+
eliminates one of the module warnings we have been seeing (#161)
|
16
|
+
|
17
|
+
## 0.10.3
|
18
|
+
|
19
|
+
* [fix] implement (missing) PKey::DSA#params
|
20
|
+
* [fix] authorityKeyIdentifier ext (general-name) value
|
21
|
+
* [fix] authority keyid extension's :always part optional (#174)
|
22
|
+
* [fix] work-around for not setting certificate serial
|
23
|
+
raise a more friendly error (jruby/jruby#1691)
|
24
|
+
* [fix] PKey.read not parsing RSA pub-key (#176)
|
25
|
+
* [feat] support reading DSA (public key) in full DER
|
26
|
+
* [fix] RSA key DER format to closely follow OpenSSL
|
27
|
+
* [fix] add missing ASN1 factory methods (Null, EndOfContent)
|
28
|
+
* [fix] support getting password from block for PKeys
|
29
|
+
* [fix] incorrect ASN.1 for wrapped Integer type
|
30
|
+
* [fix] correct public key for subjectKeyIdentifier ext (#173)
|
31
|
+
* [fix] invalid Cert#sign handling -> raise (instead of ClassCastException)
|
32
|
+
* [feat] more TLS (GCM) ciphers - supported on Java 8+
|
33
|
+
* [feat] add ECDHE-RSA-AES128-GCM-SHA256 as supported cipher (#185)
|
34
|
+
* [feat] add support for ECDHE-RSA-AES256-GCM-SHA384 (#187)
|
35
|
+
* [fix] try hard not to fail on unkown oids (OpenSSL::X509::Certificate#to_text)
|
36
|
+
* update Bouncy-Castle to 1.62 (and handle supported BC compatibility)
|
37
|
+
|
38
|
+
## 0.10.2
|
39
|
+
|
40
|
+
* update Bouncy-Castle to 1.61 (and handle supported BC compatibility)
|
41
|
+
* [fix] avoid NPE when CRL fails to parse (invalid str) (jruby/jruby#5619)
|
42
|
+
* hide (deprecated) Jopenssl constant
|
43
|
+
* default OpenSSL.warn to warnings-enabled flag
|
44
|
+
* only un-restrict jce when its restricted
|
45
|
+
* OpenSSL::Cipher#update additional buffer argument (#170) (jruby/jruby#5242)
|
46
|
+
|
47
|
+
## 0.10.1
|
48
|
+
|
49
|
+
* loading JOpenSSL's native ext part the JRuby 9.2 (internal) way
|
50
|
+
* avoid, once again, installing BC provider on boot (due OCSP support)
|
51
|
+
* [feat] support OpenSSL::KDF as a (semi) OpenSSL::PKCS5 replacement
|
52
|
+
* rename ugly-sh "Jopenssl" constant to **JOpenSSL**
|
53
|
+
* support PKCS7#decrypt with 1 argument (pkey only - without certificate)
|
54
|
+
* undo some of the call-sites in SSLSocket - account for sub-classes (#165)
|
55
|
+
* follow-up to provide == for X.509 types (like C-OpenSSL does in 2.1)
|
56
|
+
* validate iter parameter on Cipher#pkcs5_keyivgen (since OpenSSL 2.0.8)
|
57
|
+
* remove openssl/pkcs7.rb -> since 1.8 no longer supported
|
58
|
+
|
1
59
|
## 0.10.0
|
2
60
|
|
3
61
|
**NOTE:** dropped support for anything below ~ JRuby 1.7.20
|
data/Mavenfile
CHANGED
@@ -2,9 +2,6 @@
|
|
2
2
|
|
3
3
|
gemspec :jar => 'jopenssl', :include_jars => true
|
4
4
|
|
5
|
-
sonatype_url = 'https://oss.sonatype.org/content/repositories/snapshots/'
|
6
|
-
snapshot_repository :id => 'sonatype', :url => sonatype_url
|
7
|
-
|
8
5
|
distribution_management do
|
9
6
|
snapshot_repository :id => :ossrh, :url => 'https://oss.sonatype.org/content/repositories/snapshots'
|
10
7
|
repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
|
@@ -52,10 +49,11 @@ plugin( :compiler, '3.1',
|
|
52
49
|
:source => '1.7', :target => java_target,
|
53
50
|
:encoding => 'UTF-8', :debug => true,
|
54
51
|
:showWarnings => true, :showDeprecation => true,
|
52
|
+
:excludes => [ 'module-info.java' ],
|
53
|
+
#:jdkToolchain => { :version => '[1.7,11)' },
|
55
54
|
|
56
55
|
:generatedSourcesDirectory => gen_sources,
|
57
|
-
:annotationProcessors => [ 'org.jruby.anno.AnnotationBinder' ]
|
58
|
-
:compilerArgs => [ '-XDignore.symbol.file=true' ] ) do
|
56
|
+
:annotationProcessors => [ 'org.jruby.anno.AnnotationBinder' ]) do
|
59
57
|
|
60
58
|
#execute_goal :compile, :id => 'annotation-binder', :phase => 'compile',
|
61
59
|
# :generatedSourcesDirectory => gen_sources, #:outputDirectory => gen_sources,
|
@@ -64,10 +62,19 @@ plugin( :compiler, '3.1',
|
|
64
62
|
# :useIncrementalCompilation => false, :fork => true, :verbose => true,
|
65
63
|
# :compilerArgs => [ '-XDignore.symbol.file=true', '-J-Dfile.encoding=UTF-8' ]
|
66
64
|
|
67
|
-
execute_goal :compile,
|
68
|
-
|
69
|
-
|
70
|
-
|
65
|
+
execute_goal :compile,
|
66
|
+
:id => 'compile-populators', :phase => 'process-classes',
|
67
|
+
:includes => [ 'org/jruby/gen/**/*.java' ],
|
68
|
+
:optimize => true,
|
69
|
+
:compilerArgs => [ '', '-XDignore.symbol.file=true' ]
|
70
|
+
end
|
71
|
+
|
72
|
+
profile 'module-info' do
|
73
|
+
activation { jdk '[9,)' }
|
74
|
+
plugin :compiler, '3.8.1',
|
75
|
+
:source => '9', :target => java_target,
|
76
|
+
:release => '9',
|
77
|
+
:includes => [ 'module-info.java' ]
|
71
78
|
end
|
72
79
|
|
73
80
|
plugin :clean do
|
@@ -80,49 +87,53 @@ plugin :clean do
|
|
80
87
|
'failOnError' => 'false' )
|
81
88
|
end
|
82
89
|
|
83
|
-
|
84
|
-
# although we'd like to compile against 1.6 to make sure all is well
|
85
|
-
jar 'org.jruby:jruby-core', '1.7.17', :scope => :provided # 1.6.8
|
90
|
+
jar 'org.jruby:jruby-core', '1.7.20', :scope => :provided
|
86
91
|
jar 'junit:junit', '4.11', :scope => :test
|
87
92
|
|
93
|
+
# 9.1.17.0 is Java 7 compatible (till supporting JRuby 1.7)
|
94
|
+
# NOTE: to build on Java 11 - installing gems fails (due old jossl) with:
|
95
|
+
# load error: jopenssl/load -- java.lang.StringIndexOutOfBoundsException
|
96
|
+
MVN_JRUBY_VERSION = ENV_JAVA['java.version'].to_i >= 9 ? '9.2.9.0' : '9.1.17.0'
|
97
|
+
|
88
98
|
jruby_plugin! :gem do
|
89
|
-
# when installing dependent gems we want to use the built in openssl
|
90
|
-
#
|
91
|
-
# we compile against jruby-core-1.7.17 and want to keep this out of
|
92
|
-
# the plugin execution here
|
99
|
+
# when installing dependent gems we want to use the built in openssl not the one from this lib directory
|
100
|
+
# we compile against jruby-core-1.7.20 and want to keep this out of the plugin execution here
|
93
101
|
execute_goal :id => 'default-initialize', :addProjectClasspath => false, :libDirectory => 'something-which-does-not-exists'
|
94
102
|
execute_goals :id => 'default-push', :skip => true
|
95
103
|
end
|
96
104
|
|
97
|
-
# we want to have the snapshots on oss.sonatype.org and the released gems
|
98
|
-
# on maven central
|
105
|
+
# we want to have the snapshots on oss.sonatype.org and the released gems on maven central
|
99
106
|
plugin :deploy, '2.8.1' do
|
100
107
|
execute_goals( :deploy, :skip => false )
|
101
108
|
end
|
102
109
|
|
103
|
-
supported_bc_versions = %w{ 1.
|
110
|
+
supported_bc_versions = %w{ 1.58 1.59 1.60 1.61 1.62 1.63 1.64 1.65 }
|
104
111
|
|
105
|
-
default_bc_version = File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
|
112
|
+
default_bc_version = File.read File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
|
106
113
|
default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
|
107
114
|
|
108
|
-
properties( 'jruby.plugins.version' => '1.
|
109
|
-
'jruby.
|
115
|
+
properties( 'jruby.plugins.version' => '1.1.8',
|
116
|
+
'jruby.switches' => '-W0', # https://github.com/torquebox/jruby-maven-plugins/issues/94
|
110
117
|
'bc.versions' => default_bc_version,
|
111
118
|
'invoker.test' => '${bc.versions}',
|
112
119
|
# allow to skip all tests with -Dmaven.test.skip
|
113
120
|
'invoker.skip' => '${maven.test.skip}',
|
114
121
|
'runit.dir' => 'src/test/ruby/**/test_*.rb',
|
115
|
-
|
116
|
-
'
|
122
|
+
'mavengem.wagon.version' => '1.0.3', # for jruby plugin
|
123
|
+
'mavengem-wagon.version' => '1.0.3', # for polyglot-ruby
|
124
|
+
# use this version of jruby for the jruby-maven-plugins
|
125
|
+
'jruby.versions' => MVN_JRUBY_VERSION, 'jruby.version' => MVN_JRUBY_VERSION,
|
117
126
|
# dump pom.xml as readonly when running 'rmvn'
|
118
127
|
'polyglot.dump.pom' => 'pom.xml',
|
119
|
-
'polyglot.dump.readonly' => true
|
120
|
-
'tesla.dump.pom' => 'pom.xml',
|
121
|
-
'tesla.dump.readonly' => true )
|
128
|
+
'polyglot.dump.readonly' => true )
|
122
129
|
|
123
130
|
# make sure we have the embedded jars in place before we run runit plugin
|
124
131
|
plugin! :dependency do
|
125
|
-
execute_goal 'copy-dependencies',
|
132
|
+
execute_goal 'copy-dependencies',
|
133
|
+
:phase => 'generate-test-resources',
|
134
|
+
:outputDirectory => '${basedir}/lib',
|
135
|
+
:useRepositoryLayout => true,
|
136
|
+
:includeGroupIds => 'org.bouncycastle'
|
126
137
|
end
|
127
138
|
|
128
139
|
jruby_plugin(:runit) { execute_goal( :test, :runitDirectory => '${runit.dir}' ) }
|
@@ -141,53 +152,24 @@ invoker_run_options = {
|
|
141
152
|
'runit.dir' => '${runit.dir}' }
|
142
153
|
}
|
143
154
|
|
144
|
-
|
145
|
-
|
146
|
-
# execute_goals( :install, :run, invoker_run_options )
|
147
|
-
# end
|
148
|
-
# properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
|
149
|
-
# 'bc.versions' => supported_bc_versions.join(',')
|
150
|
-
# end
|
151
|
-
#
|
152
|
-
# profile :id => 'test-1.7.4' do
|
153
|
-
# plugin :invoker, '1.8' do
|
154
|
-
# execute_goals( :install, :run, invoker_run_options )
|
155
|
-
# end
|
156
|
-
# properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
|
157
|
-
# 'bc.versions' => supported_bc_versions.join(',')
|
158
|
-
# end
|
159
|
-
|
160
|
-
jruby_1_7_versions = %w{ 1.7.18 1.7.20 1.7.22 1.7.23 1.7.24 1.7.25 1.7.26 1.7.27 }
|
161
|
-
|
162
|
-
jruby_1_7_versions.each { |version|
|
163
|
-
|
164
|
-
profile :id => "test-#{version}" do
|
165
|
-
plugin :invoker, '1.8' do
|
166
|
-
execute_goals( :install, :run, invoker_run_options )
|
167
|
-
end
|
168
|
-
properties 'jruby.versions' => version, 'jruby.modes' => '1.9,2.0',
|
169
|
-
'bc.versions' => supported_bc_versions.join(',')
|
170
|
-
end
|
171
|
-
|
172
|
-
}
|
173
|
-
|
174
|
-
jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 9.1.13.0 9.1.16.0 9.1.17.0 }
|
155
|
+
jruby_9_K_versions = %w{ 9.0.5.0 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 }
|
156
|
+
jruby_9_K_versions += %w{ 9.2.0.0 9.2.5.0 9.2.6.0 9.2.7.0 9.2.8.0 9.2.9.0 }
|
175
157
|
|
176
158
|
jruby_9_K_versions.each { |version|
|
177
159
|
profile :id => "test-#{version}" do
|
178
160
|
plugin :invoker, '1.8' do
|
179
161
|
execute_goals( :install, :run, invoker_run_options )
|
180
162
|
end
|
181
|
-
|
182
|
-
|
183
|
-
properties 'jruby.version' => version, 'jruby.versions' => version,
|
163
|
+
properties 'jruby.version' => version,
|
164
|
+
'jruby.versions' => version,
|
184
165
|
'bc.versions' => supported_bc_versions.join(',')
|
185
166
|
end
|
186
167
|
}
|
187
168
|
|
188
169
|
profile :id => 'release' do
|
189
|
-
plugin :gpg, '1.
|
170
|
+
plugin :gpg, '1.6' do
|
190
171
|
execute_goal :sign, :phase => :verify
|
191
172
|
end
|
192
173
|
end
|
174
|
+
|
193
175
|
# vim: syntax=Ruby
|
data/README.md
CHANGED
@@ -23,6 +23,7 @@ the JRuby [mailing list][1] or the [bug tracker][2].
|
|
23
23
|
| 0.9.17 | 1.6.8-9.1.5 | Java 6-8 | 1.50-1.54 |
|
24
24
|
| ~>0.9.18 | 1.6.8-9.1.x | Java 6-8 | 1.50-1.55 |
|
25
25
|
| 0.10.0 | 1.7.20-9.2.x | Java 7-10 | 1.55-1.59 |
|
26
|
+
| 0.10.3 | 1.7.20-9.2.x | Java 7-11 | 1.56-1.62 |
|
26
27
|
|
27
28
|
NOTE: backwards JRuby compatibility was not handled for versions <= **0.9.6**
|
28
29
|
|
@@ -42,28 +43,24 @@ any of OpenSSL's C code, only Ruby parts (*.rb) are the same as in MRI's OpenSSL
|
|
42
43
|
mvn test
|
43
44
|
|
44
45
|
will run (junit as well as ruby) tests and a some ruby tests against the default
|
45
|
-
jruby version. to pick a different version
|
46
|
+
jruby version. to pick a different JRuby version run
|
46
47
|
|
47
|
-
mvn test -Djruby.versions=
|
48
|
+
mvn test -Djruby.versions=9.2.8.0
|
48
49
|
|
49
50
|
for running integration-tests the gem will be first installed and then the same
|
50
51
|
tests run for each possible bouncy-castle version (see [listing][3]), run with
|
51
52
|
|
52
|
-
mvn verify -P test-9.
|
53
|
+
mvn verify -P test-9.2.9.0,test-9.1.17.0
|
53
54
|
|
54
55
|
or pick a bouncy-castle version
|
55
56
|
|
56
|
-
mvn verify -P test-
|
57
|
-
|
58
|
-
or simply be more picky
|
59
|
-
|
60
|
-
mvn verify -P test-1.7.4 -Dbc.versions=1.49 -Djruby.modes=1.9
|
57
|
+
mvn verify -P test-9.2.9.0 -Dbc.versions=1.60
|
61
58
|
|
62
59
|
NOTE: you can pick any jruby version which is on [central][4] or on [ci.jruby][5]
|
63
60
|
|
64
61
|
## License
|
65
62
|
|
66
|
-
(c) 2009-
|
63
|
+
(c) 2009-2020 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
|
67
64
|
|
68
65
|
[0]: https://secure.travis-ci.org/jruby/jruby-openssl.svg
|
69
66
|
[1]: http://xircles.codehaus.org/projects/jruby/lists
|
data/Rakefile
CHANGED
@@ -27,6 +27,10 @@ else
|
|
27
27
|
RubyMaven.exec( 'package -Dmaven.test.skip=true' )
|
28
28
|
end
|
29
29
|
end
|
30
|
+
task :test_prepare do
|
31
|
+
RubyMaven.exec( 'prepare-package -Dmaven.test.skip=true' )
|
32
|
+
RubyMaven.exec( 'test-compile' ) # separate step due -Dmaven.test.skip=true
|
33
|
+
end
|
30
34
|
end
|
31
35
|
|
32
36
|
task :build do
|
data/lib/jopenssl.jar
CHANGED
Binary file
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# frozen_string_literal: false
|
2
|
+
|
3
|
+
module OpenSSL
|
4
|
+
|
5
|
+
module PKey
|
6
|
+
|
7
|
+
class DH
|
8
|
+
|
9
|
+
def set_key(pub_key, priv_key)
|
10
|
+
self.pub_key = pub_key
|
11
|
+
self.priv_key = priv_key
|
12
|
+
self
|
13
|
+
end
|
14
|
+
|
15
|
+
def set_pqg(p, q, g)
|
16
|
+
self.p = p
|
17
|
+
if respond_to?(:q)
|
18
|
+
self.q = q
|
19
|
+
else # TODO self.q = q
|
20
|
+
OpenSSL.warn "JRuby-OpenSSL does not support setting q param on #{inspect}" if q
|
21
|
+
end
|
22
|
+
self.g = g
|
23
|
+
self
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
|
28
|
+
class DSA
|
29
|
+
|
30
|
+
def set_key(pub_key, priv_key)
|
31
|
+
self.pub_key = pub_key
|
32
|
+
self.priv_key = priv_key
|
33
|
+
self
|
34
|
+
end
|
35
|
+
|
36
|
+
def set_pqg(p, q, g)
|
37
|
+
self.p = p
|
38
|
+
self.q = q
|
39
|
+
self.g = g
|
40
|
+
self
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
|
45
|
+
class RSA
|
46
|
+
|
47
|
+
def set_key(n, e, d)
|
48
|
+
self.n = n
|
49
|
+
self.e = e
|
50
|
+
self.d = d
|
51
|
+
self
|
52
|
+
end
|
53
|
+
|
54
|
+
def set_factors(p, q)
|
55
|
+
self.p = p
|
56
|
+
self.q = q
|
57
|
+
self
|
58
|
+
end
|
59
|
+
|
60
|
+
def set_crt_params(dmp1, dmq1, iqmp)
|
61
|
+
self.dmp1 = dmp1
|
62
|
+
self.dmq1 = dmq1
|
63
|
+
self.iqmp = iqmp
|
64
|
+
self
|
65
|
+
end
|
66
|
+
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
|
71
|
+
end
|
data/lib/jopenssl/load.rb
CHANGED
@@ -1,13 +1,12 @@
|
|
1
1
|
warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUBY_VERSION
|
2
2
|
|
3
|
-
require 'java'
|
4
3
|
require 'jopenssl/version'
|
5
4
|
|
6
|
-
warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{
|
5
|
+
warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{JOpenSSL::VERSION}" if JRUBY_VERSION < '1.7.20'
|
7
6
|
|
8
7
|
# NOTE: assuming user does pull in BC .jars from somewhere else on the CP
|
9
8
|
unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
|
10
|
-
version =
|
9
|
+
version = JOpenSSL::BOUNCY_CASTLE_VERSION
|
11
10
|
bc_jars = nil
|
12
11
|
begin
|
13
12
|
require 'jar-dependencies'
|
@@ -26,13 +25,17 @@ unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
|
|
26
25
|
end
|
27
26
|
end
|
28
27
|
|
29
|
-
require 'jruby'
|
30
28
|
require 'jopenssl.jar'
|
31
|
-
|
29
|
+
|
30
|
+
if JRuby::Util.respond_to?(:load_ext) # JRuby 9.2
|
31
|
+
JRuby::Util.load_ext('org.jruby.ext.openssl.OpenSSL')
|
32
|
+
else; require 'jruby'
|
33
|
+
org.jruby.ext.openssl.OpenSSL.load(JRuby.runtime)
|
34
|
+
end
|
32
35
|
|
33
36
|
if RUBY_VERSION > '2.3'
|
34
37
|
load 'jopenssl23/openssl.rb'
|
35
|
-
load '
|
38
|
+
load 'jopenssl/_compat23.rb'
|
36
39
|
elsif RUBY_VERSION > '2.2'
|
37
40
|
load 'jopenssl22/openssl.rb'
|
38
41
|
elsif RUBY_VERSION > '2.1'
|
@@ -41,4 +44,7 @@ else
|
|
41
44
|
load 'jopenssl19/openssl.rb'
|
42
45
|
end
|
43
46
|
|
44
|
-
|
47
|
+
module OpenSSL
|
48
|
+
autoload :Config, 'openssl/config' unless const_defined?(:Config, false)
|
49
|
+
autoload :PKCS12, 'openssl/pkcs12'
|
50
|
+
end
|
data/lib/jopenssl/version.rb
CHANGED
@@ -1,4 +1,9 @@
|
|
1
|
-
module
|
2
|
-
VERSION = '0.10.
|
3
|
-
BOUNCY_CASTLE_VERSION = '1.
|
1
|
+
module JOpenSSL
|
2
|
+
VERSION = '0.10.5'
|
3
|
+
BOUNCY_CASTLE_VERSION = '1.65'
|
4
|
+
end
|
5
|
+
|
6
|
+
Object.class_eval do
|
7
|
+
Jopenssl = JOpenSSL
|
8
|
+
private_constant :Jopenssl if respond_to?(:private_constant)
|
4
9
|
end
|
@@ -19,6 +19,104 @@ require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
|
|
19
19
|
|
20
20
|
module OpenSSL
|
21
21
|
module SSL
|
22
|
+
class SSLContext
|
23
|
+
DEFAULT_PARAMS = {
|
24
|
+
:ssl_version => "SSLv23",
|
25
|
+
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
26
|
+
:ciphers => %w{
|
27
|
+
ECDHE-ECDSA-AES128-GCM-SHA256
|
28
|
+
ECDHE-RSA-AES128-GCM-SHA256
|
29
|
+
ECDHE-ECDSA-AES256-GCM-SHA384
|
30
|
+
ECDHE-RSA-AES256-GCM-SHA384
|
31
|
+
DHE-RSA-AES128-GCM-SHA256
|
32
|
+
DHE-DSS-AES128-GCM-SHA256
|
33
|
+
DHE-RSA-AES256-GCM-SHA384
|
34
|
+
DHE-DSS-AES256-GCM-SHA384
|
35
|
+
ECDHE-ECDSA-AES128-SHA256
|
36
|
+
ECDHE-RSA-AES128-SHA256
|
37
|
+
ECDHE-ECDSA-AES128-SHA
|
38
|
+
ECDHE-RSA-AES128-SHA
|
39
|
+
ECDHE-ECDSA-AES256-SHA384
|
40
|
+
ECDHE-RSA-AES256-SHA384
|
41
|
+
ECDHE-ECDSA-AES256-SHA
|
42
|
+
ECDHE-RSA-AES256-SHA
|
43
|
+
DHE-RSA-AES128-SHA256
|
44
|
+
DHE-RSA-AES256-SHA256
|
45
|
+
DHE-RSA-AES128-SHA
|
46
|
+
DHE-RSA-AES256-SHA
|
47
|
+
DHE-DSS-AES128-SHA256
|
48
|
+
DHE-DSS-AES256-SHA256
|
49
|
+
DHE-DSS-AES128-SHA
|
50
|
+
DHE-DSS-AES256-SHA
|
51
|
+
AES128-GCM-SHA256
|
52
|
+
AES256-GCM-SHA384
|
53
|
+
AES128-SHA256
|
54
|
+
AES256-SHA256
|
55
|
+
AES128-SHA
|
56
|
+
AES256-SHA
|
57
|
+
ECDHE-ECDSA-RC4-SHA
|
58
|
+
ECDHE-RSA-RC4-SHA
|
59
|
+
RC4-SHA
|
60
|
+
}.join(":"),
|
61
|
+
:options => -> {
|
62
|
+
opts = OpenSSL::SSL::OP_ALL
|
63
|
+
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
64
|
+
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
|
65
|
+
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
66
|
+
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
67
|
+
opts
|
68
|
+
}.call
|
69
|
+
} unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
|
70
|
+
|
71
|
+
begin
|
72
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
73
|
+
DEFAULT_CERT_STORE.set_default_paths
|
74
|
+
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
75
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
76
|
+
end
|
77
|
+
end unless const_defined? :DEFAULT_CERT_STORE
|
78
|
+
|
79
|
+
def set_params(params={})
|
80
|
+
params = DEFAULT_PARAMS.merge(params)
|
81
|
+
params.each{|name, value| self.__send__("#{name}=", value) }
|
82
|
+
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
83
|
+
unless self.ca_file or self.ca_path or self.cert_store
|
84
|
+
self.cert_store = DEFAULT_CERT_STORE
|
85
|
+
end
|
86
|
+
end
|
87
|
+
return params
|
88
|
+
end unless method_defined? :set_params
|
89
|
+
end
|
90
|
+
|
91
|
+
module SocketForwarder
|
92
|
+
def addr
|
93
|
+
to_io.addr
|
94
|
+
end
|
95
|
+
|
96
|
+
def peeraddr
|
97
|
+
to_io.peeraddr
|
98
|
+
end
|
99
|
+
|
100
|
+
def setsockopt(level, optname, optval)
|
101
|
+
to_io.setsockopt(level, optname, optval)
|
102
|
+
end
|
103
|
+
|
104
|
+
def getsockopt(level, optname)
|
105
|
+
to_io.getsockopt(level, optname)
|
106
|
+
end
|
107
|
+
|
108
|
+
def fcntl(*args)
|
109
|
+
to_io.fcntl(*args)
|
110
|
+
end
|
111
|
+
|
112
|
+
def closed?
|
113
|
+
to_io.closed?
|
114
|
+
end
|
115
|
+
|
116
|
+
def do_not_reverse_lookup=(flag)
|
117
|
+
to_io.do_not_reverse_lookup = flag
|
118
|
+
end
|
119
|
+
end
|
22
120
|
|
23
121
|
def verify_certificate_identity(cert, hostname)
|
24
122
|
should_verify_common_name = true
|
@@ -63,6 +161,12 @@ module OpenSSL
|
|
63
161
|
include SocketForwarder
|
64
162
|
include Nonblock
|
65
163
|
|
164
|
+
def sysclose
|
165
|
+
return if closed?
|
166
|
+
stop
|
167
|
+
io.close if sync_close
|
168
|
+
end unless method_defined? :sysclose
|
169
|
+
|
66
170
|
def post_connection_check(hostname)
|
67
171
|
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
68
172
|
raise SSLError, "hostname does not match the server certificate"
|