jruby-openssl 0.10.0-java → 0.10.5-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +58 -0
- data/Mavenfile +45 -63
- data/README.md +6 -9
- data/Rakefile +4 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +13 -7
- data/lib/jopenssl/version.rb +8 -3
- data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
- data/lib/jopenssl22/openssl/ssl.rb +16 -16
- data/lib/jopenssl23/openssl.rb +1 -1
- data/lib/jopenssl23/openssl/bn.rb +2 -1
- data/lib/jopenssl23/openssl/buffering.rb +39 -35
- data/lib/jopenssl23/openssl/config.rb +65 -64
- data/lib/jopenssl23/openssl/digest.rb +1 -1
- data/lib/jopenssl23/openssl/pkey.rb +22 -34
- data/lib/jopenssl23/openssl/ssl.rb +205 -124
- data/lib/jopenssl23/openssl/x509.rb +76 -1
- data/lib/openssl/bn.rb +1 -3
- data/lib/openssl/buffering.rb +1 -3
- data/lib/openssl/cipher.rb +1 -3
- data/lib/openssl/config.rb +10 -4
- data/lib/openssl/digest.rb +1 -3
- data/lib/openssl/pkcs12.rb +1 -3
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/ssl-internal.rb +1 -3
- data/lib/openssl/ssl.rb +1 -3
- data/lib/openssl/x509-internal.rb +1 -3
- data/lib/openssl/x509.rb +1 -3
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.65/bcpkix-jdk15on-1.65.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.65/bcprov-jdk15on-1.65.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.65/bctls-jdk15on-1.65.jar +0 -0
- data/pom.xml +94 -283
- metadata +16 -63
- data/integration/1.47/pom.xml +0 -15
- data/integration/1.48/pom.xml +0 -15
- data/integration/1.49/pom.xml +0 -15
- data/integration/1.50/pom.xml +0 -15
- data/integration/Mavenfile +0 -57
- data/integration/pom.xml +0 -122
- data/lib/jopenssl24.rb +0 -112
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.59/bcpkix-jdk15on-1.59.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.59/bcprov-jdk15on-1.59.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.59/bctls-jdk15on-1.59.jar +0 -0
@@ -68,13 +68,13 @@ module OpenSSL
|
|
68
68
|
}.call
|
69
69
|
} unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
|
70
70
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
end
|
71
|
+
begin
|
72
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
73
|
+
DEFAULT_CERT_STORE.set_default_paths
|
74
|
+
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
75
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
76
|
+
end
|
77
|
+
end unless const_defined? :DEFAULT_CERT_STORE
|
78
78
|
|
79
79
|
##
|
80
80
|
# Sets the parameters for this SSL context to the values in +params+.
|
@@ -86,14 +86,14 @@ module OpenSSL
|
|
86
86
|
|
87
87
|
def set_params(params={})
|
88
88
|
params = DEFAULT_PARAMS.merge(params)
|
89
|
-
params.each{|name, value| self.__send__("#{name}=", value) }
|
89
|
+
params.each { |name, value| self.__send__("#{name}=", value) }
|
90
90
|
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
91
91
|
unless self.ca_file or self.ca_path or self.cert_store
|
92
92
|
self.cert_store = DEFAULT_CERT_STORE
|
93
93
|
end
|
94
94
|
end
|
95
95
|
return params
|
96
|
-
end unless method_defined? :set_params
|
96
|
+
end unless method_defined? :set_params
|
97
97
|
end
|
98
98
|
|
99
99
|
module SocketForwarder
|
@@ -124,7 +124,7 @@ module OpenSSL
|
|
124
124
|
def do_not_reverse_lookup=(flag)
|
125
125
|
to_io.do_not_reverse_lookup = flag
|
126
126
|
end
|
127
|
-
end
|
127
|
+
end
|
128
128
|
|
129
129
|
module Nonblock
|
130
130
|
def initialize(*args)
|
@@ -228,6 +228,12 @@ module OpenSSL
|
|
228
228
|
include SocketForwarder
|
229
229
|
include Nonblock
|
230
230
|
|
231
|
+
def sysclose
|
232
|
+
return if closed?
|
233
|
+
stop
|
234
|
+
io.close if sync_close
|
235
|
+
end unless method_defined? :sysclose
|
236
|
+
|
231
237
|
##
|
232
238
|
# Perform hostname verification after an SSL connection is established
|
233
239
|
#
|
@@ -248,12 +254,6 @@ module OpenSSL
|
|
248
254
|
return true
|
249
255
|
end
|
250
256
|
|
251
|
-
#def session
|
252
|
-
# SSL::Session.new(self)
|
253
|
-
#rescue SSL::Session::SessionError
|
254
|
-
# nil
|
255
|
-
#end
|
256
|
-
|
257
257
|
private
|
258
258
|
|
259
259
|
def using_anon_cipher?
|
data/lib/jopenssl23/openssl.rb
CHANGED
@@ -63,7 +63,7 @@ module OpenSSL::Buffering
|
|
63
63
|
end
|
64
64
|
|
65
65
|
##
|
66
|
-
# Consumes
|
66
|
+
# Consumes _size_ bytes from the buffer
|
67
67
|
|
68
68
|
def consume_rbuff(size=nil)
|
69
69
|
if @rbuffer.empty?
|
@@ -79,7 +79,7 @@ module OpenSSL::Buffering
|
|
79
79
|
public
|
80
80
|
|
81
81
|
##
|
82
|
-
# Reads
|
82
|
+
# Reads _size_ bytes from the stream. If _buf_ is provided it must
|
83
83
|
# reference a string which will receive the data.
|
84
84
|
#
|
85
85
|
# See IO#read for full details.
|
@@ -106,7 +106,7 @@ module OpenSSL::Buffering
|
|
106
106
|
end
|
107
107
|
|
108
108
|
##
|
109
|
-
# Reads at most
|
109
|
+
# Reads at most _maxlen_ bytes from the stream. If _buf_ is provided it
|
110
110
|
# must reference a string which will receive the data.
|
111
111
|
#
|
112
112
|
# See IO#readpartial for full details.
|
@@ -136,7 +136,7 @@ module OpenSSL::Buffering
|
|
136
136
|
end
|
137
137
|
|
138
138
|
##
|
139
|
-
# Reads at most
|
139
|
+
# Reads at most _maxlen_ bytes in the non-blocking manner.
|
140
140
|
#
|
141
141
|
# When no data can be read without blocking it raises
|
142
142
|
# OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
|
@@ -163,6 +163,11 @@ module OpenSSL::Buffering
|
|
163
163
|
# Note that one reason that read_nonblock writes to the underlying IO is
|
164
164
|
# when the peer requests a new TLS/SSL handshake. See openssl the FAQ for
|
165
165
|
# more details. http://www.openssl.org/support/faq.html
|
166
|
+
#
|
167
|
+
# By specifying a keyword argument _exception_ to +false+, you can indicate
|
168
|
+
# that read_nonblock should not raise an IO::Wait*able exception, but
|
169
|
+
# return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
|
170
|
+
# it will return +nil+ instead of raising EOFError.
|
166
171
|
|
167
172
|
def read_nonblock(maxlen, buf=nil, exception: true)
|
168
173
|
if maxlen == 0
|
@@ -185,11 +190,11 @@ module OpenSSL::Buffering
|
|
185
190
|
end
|
186
191
|
|
187
192
|
##
|
188
|
-
# Reads the next "line
|
189
|
-
#
|
193
|
+
# Reads the next "line" from the stream. Lines are separated by _eol_. If
|
194
|
+
# _limit_ is provided the result will not be longer than the given number of
|
190
195
|
# bytes.
|
191
196
|
#
|
192
|
-
#
|
197
|
+
# _eol_ may be a String or Regexp.
|
193
198
|
#
|
194
199
|
# Unlike IO#gets the line read will not be assigned to +$_+.
|
195
200
|
#
|
@@ -215,7 +220,7 @@ module OpenSSL::Buffering
|
|
215
220
|
|
216
221
|
##
|
217
222
|
# Executes the block for every line in the stream where lines are separated
|
218
|
-
# by
|
223
|
+
# by _eol_.
|
219
224
|
#
|
220
225
|
# See also #gets
|
221
226
|
|
@@ -227,7 +232,7 @@ module OpenSSL::Buffering
|
|
227
232
|
alias each_line each
|
228
233
|
|
229
234
|
##
|
230
|
-
# Reads lines from the stream which are separated by
|
235
|
+
# Reads lines from the stream which are separated by _eol_.
|
231
236
|
#
|
232
237
|
# See also #gets
|
233
238
|
|
@@ -240,7 +245,7 @@ module OpenSSL::Buffering
|
|
240
245
|
end
|
241
246
|
|
242
247
|
##
|
243
|
-
# Reads a line from the stream which is separated by
|
248
|
+
# Reads a line from the stream which is separated by _eol_.
|
244
249
|
#
|
245
250
|
# Raises EOFError if at end of file.
|
246
251
|
|
@@ -276,7 +281,7 @@ module OpenSSL::Buffering
|
|
276
281
|
end
|
277
282
|
|
278
283
|
##
|
279
|
-
# Pushes character
|
284
|
+
# Pushes character _c_ back onto the stream such that a subsequent buffered
|
280
285
|
# character read will return it.
|
281
286
|
#
|
282
287
|
# Unlike IO#getc multiple bytes may be pushed back onto the stream.
|
@@ -303,7 +308,7 @@ module OpenSSL::Buffering
|
|
303
308
|
private
|
304
309
|
|
305
310
|
##
|
306
|
-
# Writes
|
311
|
+
# Writes _s_ to the buffer. When the buffer is full or #sync is true the
|
307
312
|
# buffer is flushed to the underlying socket.
|
308
313
|
|
309
314
|
def do_write(s)
|
@@ -311,36 +316,33 @@ module OpenSSL::Buffering
|
|
311
316
|
@wbuffer << s
|
312
317
|
@wbuffer.force_encoding(Encoding::BINARY)
|
313
318
|
@sync ||= false
|
314
|
-
if @sync or @wbuffer.size > BLOCK_SIZE
|
315
|
-
|
316
|
-
nwritten = 0
|
317
|
-
while remain > 0
|
318
|
-
str = @wbuffer[nwritten,remain]
|
319
|
+
if @sync or @wbuffer.size > BLOCK_SIZE
|
320
|
+
until @wbuffer.empty?
|
319
321
|
begin
|
320
|
-
nwrote = syswrite(
|
322
|
+
nwrote = syswrite(@wbuffer)
|
321
323
|
rescue Errno::EAGAIN
|
322
324
|
retry
|
323
325
|
end
|
324
|
-
|
325
|
-
nwritten += nwrote
|
326
|
+
@wbuffer[0, nwrote] = ""
|
326
327
|
end
|
327
|
-
@wbuffer[0,nwritten] = ""
|
328
328
|
end
|
329
329
|
end
|
330
330
|
|
331
331
|
public
|
332
332
|
|
333
333
|
##
|
334
|
-
# Writes
|
335
|
-
# converted using
|
334
|
+
# Writes _s_ to the stream. If the argument is not a String it will be
|
335
|
+
# converted using +.to_s+ method. Returns the number of bytes written.
|
336
336
|
|
337
|
-
def write(s)
|
338
|
-
|
339
|
-
|
337
|
+
def write(*s)
|
338
|
+
s.inject(0) do |written, str|
|
339
|
+
do_write(str)
|
340
|
+
written + str.bytesize
|
341
|
+
end
|
340
342
|
end
|
341
343
|
|
342
344
|
##
|
343
|
-
# Writes
|
345
|
+
# Writes _s_ in the non-blocking manner.
|
344
346
|
#
|
345
347
|
# If there is buffered data, it is flushed first. This may block.
|
346
348
|
#
|
@@ -371,6 +373,10 @@ module OpenSSL::Buffering
|
|
371
373
|
# Note that one reason that write_nonblock reads from the underlying IO
|
372
374
|
# is when the peer requests a new TLS/SSL handshake. See the openssl FAQ
|
373
375
|
# for more details. http://www.openssl.org/support/faq.html
|
376
|
+
#
|
377
|
+
# By specifying a keyword argument _exception_ to +false+, you can indicate
|
378
|
+
# that write_nonblock should not raise an IO::Wait*able exception, but
|
379
|
+
# return the symbol +:wait_writable+ or +:wait_readable+ instead.
|
374
380
|
|
375
381
|
def write_nonblock(s, exception: true)
|
376
382
|
flush
|
@@ -378,16 +384,16 @@ module OpenSSL::Buffering
|
|
378
384
|
end
|
379
385
|
|
380
386
|
##
|
381
|
-
# Writes
|
382
|
-
#
|
387
|
+
# Writes _s_ to the stream. _s_ will be converted to a String using
|
388
|
+
# +.to_s+ method.
|
383
389
|
|
384
|
-
def <<
|
390
|
+
def <<(s)
|
385
391
|
do_write(s)
|
386
392
|
self
|
387
393
|
end
|
388
394
|
|
389
395
|
##
|
390
|
-
# Writes
|
396
|
+
# Writes _args_ to the stream along with a record separator.
|
391
397
|
#
|
392
398
|
# See IO#puts for full details.
|
393
399
|
|
@@ -398,16 +404,14 @@ module OpenSSL::Buffering
|
|
398
404
|
end
|
399
405
|
args.each{|arg|
|
400
406
|
s << arg.to_s
|
401
|
-
|
402
|
-
s << "\n"
|
403
|
-
end
|
407
|
+
s.sub!(/(?<!\n)\z/, "\n")
|
404
408
|
}
|
405
409
|
do_write(s)
|
406
410
|
nil
|
407
411
|
end
|
408
412
|
|
409
413
|
##
|
410
|
-
# Writes
|
414
|
+
# Writes _args_ to the stream.
|
411
415
|
#
|
412
416
|
# See IO#print for full details.
|
413
417
|
|
@@ -30,7 +30,8 @@ module OpenSSL
|
|
30
30
|
class << self
|
31
31
|
|
32
32
|
##
|
33
|
-
# Parses a given
|
33
|
+
# Parses a given _string_ as a blob that contains configuration for
|
34
|
+
# OpenSSL.
|
34
35
|
#
|
35
36
|
# If the source of the IO is a file, then consider using #parse_config.
|
36
37
|
def parse(string)
|
@@ -46,7 +47,7 @@ module OpenSSL
|
|
46
47
|
alias load new
|
47
48
|
|
48
49
|
##
|
49
|
-
# Parses the configuration data read from
|
50
|
+
# Parses the configuration data read from _io_, see also #parse.
|
50
51
|
#
|
51
52
|
# Raises a ConfigError on invalid configuration data.
|
52
53
|
def parse_config(io)
|
@@ -71,7 +72,7 @@ module OpenSSL
|
|
71
72
|
end
|
72
73
|
end
|
73
74
|
|
74
|
-
|
75
|
+
private
|
75
76
|
|
76
77
|
def parse_config_lines(io)
|
77
78
|
section = 'default'
|
@@ -110,10 +111,10 @@ module OpenSSL
|
|
110
111
|
QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
|
111
112
|
# escaped char map
|
112
113
|
ESCAPE_MAP = {
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
114
|
+
"r" => "\r",
|
115
|
+
"n" => "\n",
|
116
|
+
"b" => "\b",
|
117
|
+
"t" => "\t",
|
117
118
|
}
|
118
119
|
|
119
120
|
def unescape_value(data, section, value)
|
@@ -123,36 +124,36 @@ module OpenSSL
|
|
123
124
|
c = m[0]
|
124
125
|
value = m.post_match
|
125
126
|
case c
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
else
|
152
|
-
raise ConfigError, "variable has no value"
|
153
|
-
end
|
127
|
+
when "'"
|
128
|
+
if m = value.match(QUOTE_REGEXP_SQ)
|
129
|
+
scanned << m[1].gsub(/\\(.)/, '\\1')
|
130
|
+
value = m.post_match
|
131
|
+
else
|
132
|
+
break
|
133
|
+
end
|
134
|
+
when '"'
|
135
|
+
if m = value.match(QUOTE_REGEXP_DQ)
|
136
|
+
scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
|
137
|
+
value = m.post_match
|
138
|
+
else
|
139
|
+
break
|
140
|
+
end
|
141
|
+
when "\\"
|
142
|
+
c = value.slice!(0, 1)
|
143
|
+
scanned << (ESCAPE_MAP[c] || c)
|
144
|
+
when "$"
|
145
|
+
ref, value = extract_reference(value)
|
146
|
+
refsec = section
|
147
|
+
if ref.index('::')
|
148
|
+
refsec, ref = ref.split('::', 2)
|
149
|
+
end
|
150
|
+
if v = get_key_string(data, refsec, ref)
|
151
|
+
scanned << v
|
154
152
|
else
|
155
|
-
raise
|
153
|
+
raise ConfigError, "variable has no value"
|
154
|
+
end
|
155
|
+
else
|
156
|
+
raise 'must not reaced'
|
156
157
|
end
|
157
158
|
end
|
158
159
|
scanned << value
|
@@ -186,25 +187,25 @@ module OpenSSL
|
|
186
187
|
c = m[0]
|
187
188
|
line = m.post_match
|
188
189
|
case c
|
189
|
-
|
190
|
+
when '#'
|
191
|
+
line = nil
|
192
|
+
break
|
193
|
+
when "'", '"'
|
194
|
+
regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
|
195
|
+
scanned << c
|
196
|
+
if m = line.match(regexp)
|
197
|
+
scanned << m[0]
|
198
|
+
line = m.post_match
|
199
|
+
else
|
200
|
+
scanned << line
|
190
201
|
line = nil
|
191
202
|
break
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
else
|
199
|
-
scanned << line
|
200
|
-
line = nil
|
201
|
-
break
|
202
|
-
end
|
203
|
-
when "\\"
|
204
|
-
scanned << c
|
205
|
-
scanned << line.slice!(0, 1)
|
206
|
-
else
|
207
|
-
raise 'must not reaced'
|
203
|
+
end
|
204
|
+
when "\\"
|
205
|
+
scanned << c
|
206
|
+
scanned << line.slice!(0, 1)
|
207
|
+
else
|
208
|
+
raise 'must not reaced'
|
208
209
|
end
|
209
210
|
end
|
210
211
|
scanned << line
|
@@ -236,7 +237,7 @@ module OpenSSL
|
|
236
237
|
#
|
237
238
|
# This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
|
238
239
|
#
|
239
|
-
# If the optional
|
240
|
+
# If the optional _filename_ parameter is provided, then it is read in and
|
240
241
|
# parsed via #parse_config.
|
241
242
|
#
|
242
243
|
# This can raise IO exceptions based on the access, or availability of the
|
@@ -255,7 +256,7 @@ module OpenSSL
|
|
255
256
|
end
|
256
257
|
|
257
258
|
##
|
258
|
-
# Gets the value of
|
259
|
+
# Gets the value of _key_ from the given _section_
|
259
260
|
#
|
260
261
|
# Given the following configurating file being loaded:
|
261
262
|
#
|
@@ -265,8 +266,8 @@ module OpenSSL
|
|
265
266
|
# #=> [ default ]
|
266
267
|
# # foo=bar
|
267
268
|
#
|
268
|
-
# You can get a specific value from the config if you know the
|
269
|
-
# and
|
269
|
+
# You can get a specific value from the config if you know the _section_
|
270
|
+
# and _key_ like so:
|
270
271
|
#
|
271
272
|
# config.get_value('default','foo')
|
272
273
|
# #=> "bar"
|
@@ -297,7 +298,7 @@ module OpenSSL
|
|
297
298
|
end
|
298
299
|
|
299
300
|
##
|
300
|
-
# Set the target
|
301
|
+
# Set the target _key_ with a given _value_ under a specific _section_.
|
301
302
|
#
|
302
303
|
# Given the following configurating file being loaded:
|
303
304
|
#
|
@@ -307,7 +308,7 @@ module OpenSSL
|
|
307
308
|
# #=> [ default ]
|
308
309
|
# # foo=bar
|
309
310
|
#
|
310
|
-
# You can set the value of
|
311
|
+
# You can set the value of _foo_ under the _default_ section to a new
|
311
312
|
# value:
|
312
313
|
#
|
313
314
|
# config.add_value('default', 'foo', 'buzz')
|
@@ -322,7 +323,7 @@ module OpenSSL
|
|
322
323
|
end
|
323
324
|
|
324
325
|
##
|
325
|
-
# Get a specific
|
326
|
+
# Get a specific _section_ from the current configuration
|
326
327
|
#
|
327
328
|
# Given the following configurating file being loaded:
|
328
329
|
#
|
@@ -351,7 +352,7 @@ module OpenSSL
|
|
351
352
|
end
|
352
353
|
|
353
354
|
##
|
354
|
-
# Sets a specific
|
355
|
+
# Sets a specific _section_ name with a Hash _pairs_.
|
355
356
|
#
|
356
357
|
# Given the following configuration being created:
|
357
358
|
#
|
@@ -365,7 +366,7 @@ module OpenSSL
|
|
365
366
|
# # baz=buz
|
366
367
|
#
|
367
368
|
# It's important to note that this will essentially merge any of the keys
|
368
|
-
# in
|
369
|
+
# in _pairs_ with the existing _section_. For example:
|
369
370
|
#
|
370
371
|
# config['default']
|
371
372
|
# #=> {"foo"=>"bar", "baz"=>"buz"}
|
@@ -450,13 +451,13 @@ module OpenSSL
|
|
450
451
|
"#<#{self.class.name} sections=#{sections.inspect}>"
|
451
452
|
end
|
452
453
|
|
453
|
-
|
454
|
+
protected
|
454
455
|
|
455
456
|
def data # :nodoc:
|
456
457
|
@data
|
457
458
|
end
|
458
459
|
|
459
|
-
|
460
|
+
private
|
460
461
|
|
461
462
|
def initialize_copy(other)
|
462
463
|
@data = other.data.dup
|