jruby-openssl 0.11.0-java → 0.12.1-java

data/lib/jopenssl22/openssl/config.rb

@@ -1,313 +0,0 @@
-=begin
-= Ruby-space definitions that completes C-space funcs for Config
-
-= Info
-  Copyright (C) 2010  Hiroshi Nakamura <nahi@ruby-lang.org>
-
-= Licence
-  This program is licenced under the same licence as Ruby.
-  (See the file 'LICENCE'.)
-
-=end
-
-require 'stringio'
-
-module OpenSSL
-  class Config
-    include Enumerable
-
-    class << self
-      def parse(str)
-        c = new()
-        parse_config(StringIO.new(str)).each do |section, hash|
-          c[section] = hash
-        end
-        c
-      end
-
-      alias load new
-
-      def parse_config(io)
-        begin
-          parse_config_lines(io)
-        rescue ConfigError => e
-          e.message.replace("error in line #{io.lineno}: " + e.message)
-          raise
-        end
-      end
-
-      def get_key_string(data, section, key) # :nodoc:
-        if v = data[section] && data[section][key]
-          return v
-        elsif section == 'ENV'
-          if v = ENV[key]
-            return v
-          end
-        end
-        if v = data['default'] && data['default'][key]
-          return v
-        end
-      end
-
-    private
-
-      def parse_config_lines(io)
-        section = 'default'
-        data = {section => {}}
-        while definition = get_definition(io)
-          definition = clear_comments(definition)
-          next if definition.empty?
-          if definition[0] == ?[
-            if /\[([^\]]*)\]/ =~ definition
-              section = $1.strip
-              data[section] ||= {}
-            else
-              raise ConfigError, "missing close square bracket"
-            end
-          else
-            if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
-              if $2
-                section = $1
-                key = $2
-              else
-                key = $1
-              end
-              value = unescape_value(data, section, $3)
-              (data[section] ||= {})[key] = value.strip
-            else
-              raise ConfigError, "missing equal sign"
-            end
-          end
-        end
-        data
-      end
-
-      # escape with backslash
-      QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
-      # escape with backslash and doubled dq
-      QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
-      # escaped char map
-      ESCAPE_MAP = {
-        "r" => "\r",
-        "n" => "\n",
-        "b" => "\b",
-        "t" => "\t",
-      }
-
-      def unescape_value(data, section, value)
-        scanned = []
-        while m = value.match(/['"\\$]/)
-          scanned << m.pre_match
-          c = m[0]
-          value = m.post_match
-          case c
-          when "'"
-            if m = value.match(QUOTE_REGEXP_SQ)
-              scanned << m[1].gsub(/\\(.)/, '\\1')
-              value = m.post_match
-            else
-              break
-            end
-          when '"'
-            if m = value.match(QUOTE_REGEXP_DQ)
-              scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
-              value = m.post_match
-            else
-              break
-            end
-          when "\\"
-            c = value.slice!(0, 1)
-            scanned << (ESCAPE_MAP[c] || c)
-          when "$"
-            ref, value = extract_reference(value)
-            refsec = section
-            if ref.index('::')
-              refsec, ref = ref.split('::', 2)
-            end
-            if v = get_key_string(data, refsec, ref)
-              scanned << v
-            else
-              raise ConfigError, "variable has no value"
-            end
-          else
-            raise 'must not reaced'
-          end
-        end
-        scanned << value
-        scanned.join
-      end
-
-      def extract_reference(value)
-        rest = ''
-        if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
-          value = m[1] || m[2]
-          rest = m.post_match
-        elsif [?(, ?{].include?(value[0])
-          raise ConfigError, "no close brace"
-        end
-        if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
-          return m[0], m.post_match + rest
-        else
-          raise
-        end
-      end
-
-      def clear_comments(line)
-        # FCOMMENT
-        if m = line.match(/\A([\t\n\f ]*);.*\z/)
-          return m[1]
-        end
-        # COMMENT
-        scanned = []
-        while m = line.match(/[#'"\\]/)
-          scanned << m.pre_match
-          c = m[0]
-          line = m.post_match
-          case c
-          when '#'
-            line = nil
-            break
-          when "'", '"'
-            regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
-            scanned << c
-            if m = line.match(regexp)
-              scanned << m[0]
-              line = m.post_match
-            else
-              scanned << line
-              line = nil
-              break
-            end
-          when "\\"
-            scanned << c
-            scanned << line.slice!(0, 1)
-          else
-            raise 'must not reaced'
-          end
-        end
-        scanned << line
-        scanned.join
-      end
-
-      def get_definition(io)
-        if line = get_line(io)
-          while /[^\\]\\\z/ =~ line
-            if extra = get_line(io)
-              line += extra
-            else
-              break
-            end
-          end
-          return line.strip
-        end
-      end
-
-      def get_line(io)
-        if line = io.gets
-          line.gsub(/[\r\n]*/, '')
-        end
-      end
-    end
-
-    def initialize(filename = nil)
-      @data = {}
-      if filename
-        File.open(filename.to_s) do |file|
-          Config.parse_config(file).each do |section, hash|
-            self[section] = hash
-          end
-        end
-      end
-    end
-
-    def get_value(section, key)
-      if section.nil?
-        raise TypeError.new('nil not allowed')
-      end
-      section = 'default' if section.empty?
-      get_key_string(section, key)
-    end
-
-    def value(arg1, arg2 = nil)
-      warn('Config#value is deprecated; use Config#get_value')
-      if arg2.nil?
-        section, key = 'default', arg1
-      else
-        section, key = arg1, arg2
-      end
-      section ||= 'default'
-      section = 'default' if section.empty?
-      get_key_string(section, key)
-    end
-
-    def add_value(section, key, value)
-      check_modify
-      (@data[section] ||= {})[key] = value
-    end
-
-    def [](section)
-      @data[section] || {}
-    end
-
-    def section(name)
-      warn('Config#section is deprecated; use Config#[]')
-      @data[name] || {}
-    end
-
-    def []=(section, pairs)
-      check_modify
-      @data[section] ||= {}
-      pairs.each do |key, value|
-        self.add_value(section, key, value)
-      end
-    end
-
-    def sections
-      @data.keys
-    end
-
-    def to_s
-      ary = []
-      @data.keys.sort.each do |section|
-        ary << "[ #{section} ]\n"
-        @data[section].keys.each do |key|
-          ary << "#{key}=#{@data[section][key]}\n"
-        end
-        ary << "\n"
-      end
-      ary.join
-    end
-
-    def each
-      @data.each do |section, hash|
-        hash.each do |key, value|
-          yield [section, key, value]
-        end
-      end
-    end
-
-    def inspect
-      "#<#{self.class.name} sections=#{sections.inspect}>"
-    end
-
-  protected
-
-    def data
-      @data
-    end
-
-  private
-
-    def initialize_copy(other)
-      @data = other.data.dup
-    end
-
-    def check_modify
-      raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
-    end
-
-    def get_key_string(section, key)
-      Config.get_key_string(@data, section, key)
-    end
-  end
-end

data/lib/jopenssl22/openssl/digest.rb

@@ -1,54 +0,0 @@
-#--
-#
-# $RCSfile$
-#
-# = Ruby-space predefined Digest subclasses
-#
-# = Info
-# 'OpenSSL for Ruby 2' project
-# Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
-# All rights reserved.
-#
-# = Licence
-# This program is licenced under the same licence as Ruby.
-# (See the file 'LICENCE'.)
-#
-# = Version
-# $Id$
-#
-#++
-
-module OpenSSL
-  class Digest
-    # Deprecated.
-    #
-    # This class is only provided for backwards compatibility.
-    class Digest < Digest # :nodoc:
-      # Deprecated.
-      #
-      # See OpenSSL::Digest.new
-      def initialize(*args)
-        warn('Digest::Digest is deprecated; use Digest')
-        super(*args)
-      end
-    end
-
-  end # Digest
-
-  # Returns a Digest subclass by +name+.
-  #
-  #   require 'openssl'
-  #
-  #   OpenSSL::Digest("MD5")
-  #   # => OpenSSL::Digest::MD5
-  #
-  #   Digest("Foo")
-  #   # => NameError: wrong constant name Foo
-
-  def Digest(name)
-    OpenSSL::Digest.const_get(name)
-  end
-
-  module_function :Digest
-
-end # OpenSSL

data/lib/jopenssl22/openssl/ssl.rb

@@ -1,330 +0,0 @@
-=begin
-= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
-
-= Info
-  'OpenSSL for Ruby 2' project
-  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
-  All rights reserved.
-
-= Licence
-  This program is licenced under the same licence as Ruby.
-  (See the file 'LICENCE'.)
-
-= Version
-  $Id$
-=end
-
-require "openssl/buffering"
-require "fcntl"
-
-module OpenSSL
-  module SSL
-    class SSLContext
-      DEFAULT_PARAMS = {
-        :ssl_version => "SSLv23",
-        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-        :ciphers => %w{
-          ECDHE-ECDSA-AES128-GCM-SHA256
-          ECDHE-RSA-AES128-GCM-SHA256
-          ECDHE-ECDSA-AES256-GCM-SHA384
-          ECDHE-RSA-AES256-GCM-SHA384
-          DHE-RSA-AES128-GCM-SHA256
-          DHE-DSS-AES128-GCM-SHA256
-          DHE-RSA-AES256-GCM-SHA384
-          DHE-DSS-AES256-GCM-SHA384
-          ECDHE-ECDSA-AES128-SHA256
-          ECDHE-RSA-AES128-SHA256
-          ECDHE-ECDSA-AES128-SHA
-          ECDHE-RSA-AES128-SHA
-          ECDHE-ECDSA-AES256-SHA384
-          ECDHE-RSA-AES256-SHA384
-          ECDHE-ECDSA-AES256-SHA
-          ECDHE-RSA-AES256-SHA
-          DHE-RSA-AES128-SHA256
-          DHE-RSA-AES256-SHA256
-          DHE-RSA-AES128-SHA
-          DHE-RSA-AES256-SHA
-          DHE-DSS-AES128-SHA256
-          DHE-DSS-AES256-SHA256
-          DHE-DSS-AES128-SHA
-          DHE-DSS-AES256-SHA
-          AES128-GCM-SHA256
-          AES256-GCM-SHA384
-          AES128-SHA256
-          AES256-SHA256
-          AES128-SHA
-          AES256-SHA
-          ECDHE-ECDSA-RC4-SHA
-          ECDHE-RSA-RC4-SHA
-          RC4-SHA
-        }.join(":"),
-        :options => -> {
-          opts = OpenSSL::SSL::OP_ALL
-          opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
-          opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-          opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
-          opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
-          opts
-        }.call
-      } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
-
-      begin
-        DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
-        DEFAULT_CERT_STORE.set_default_paths
-        if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
-          DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-        end
-      end unless const_defined? :DEFAULT_CERT_STORE
-
-      ##
-      # Sets the parameters for this SSL context to the values in +params+.
-      # The keys in +params+ must be assignment methods on SSLContext.
-      #
-      # If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
-      # cert_store are not set then the system default certificate store is
-      # used.
-      
-      def set_params(params={})
-        params = DEFAULT_PARAMS.merge(params)
-        params.each { |name, value| self.__send__("#{name}=", value) }
-        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
-          unless self.ca_file or self.ca_path or self.cert_store
-            self.cert_store = DEFAULT_CERT_STORE
-          end
-        end
-        return params
-      end unless method_defined? :set_params
-    end
-
-    module SocketForwarder
-      def addr
-        to_io.addr
-      end
-
-      def peeraddr
-        to_io.peeraddr
-      end
-
-      def setsockopt(level, optname, optval)
-        to_io.setsockopt(level, optname, optval)
-      end
-
-      def getsockopt(level, optname)
-        to_io.getsockopt(level, optname)
-      end
-
-      def fcntl(*args)
-        to_io.fcntl(*args)
-      end
-
-      def closed?
-        to_io.closed?
-      end
-
-      def do_not_reverse_lookup=(flag)
-        to_io.do_not_reverse_lookup = flag
-      end
-    end
-
-    module Nonblock
-      def initialize(*args)
-        flag = File::NONBLOCK
-        flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
-        @io.fcntl(Fcntl::F_SETFL, flag)
-        super
-      end
-    end unless const_defined? :Nonblock # JRuby: hooked up in "native" Java
-
-    def verify_certificate_identity(cert, hostname)
-      should_verify_common_name = true
-      cert.extensions.each { |ext|
-        next if ext.oid != "subjectAltName"
-        ext.value.split(/,\s+/).each { |general_name|
-          #case san.tag
-          # MRI 2.2.3 (JRuby parses ASN.1 differently)
-          #when 2 # dNSName in GeneralName (RFC5280)
-          if /\ADNS:(.*)/ =~ general_name
-            should_verify_common_name = false
-            return true if verify_hostname(hostname, $1)
-          # MRI 2.2.3 (JRuby parses ASN.1 differently)
-          #when 7 # iPAddress in GeneralName (RFC5280)
-          elsif /\AIP(?: Address)?:(.*)/ =~ general_name
-            should_verify_common_name = false
-            return true if $1 == hostname
-            # NOTE: bellow logic makes little sense JRuby reads exts differently
-            # follows GENERAL_NAME_print() in x509v3/v3_alt.c
-            #if san.value.size == 4
-            #  return true if san.value.unpack('C*').join('.') == hostname
-            #elsif san.value.size == 16
-            #  return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
-            #end
-          end
-        }
-      }
-      if should_verify_common_name
-        cert.subject.to_a.each{|oid, value|
-          if oid == "CN"
-            return true if verify_hostname(hostname, value)
-          end
-        }
-      end
-      return false
-    end
-    module_function :verify_certificate_identity
-
-    def verify_hostname(hostname, san) # :nodoc:
-      # RFC 5280, IA5String is limited to the set of ASCII characters
-      return false unless san.ascii_only?
-      return false unless hostname.ascii_only?
-
-      # See RFC 6125, section 6.4.1
-      # Matching is case-insensitive.
-      san_parts = san.downcase.split(".")
-
-      # TODO: this behavior should probably be more strict
-      return san == hostname if san_parts.size < 2
-
-      # Matching is case-insensitive.
-      host_parts = hostname.downcase.split(".")
-
-      # RFC 6125, section 6.4.3, subitem 2.
-      # If the wildcard character is the only character of the left-most
-      # label in the presented identifier, the client SHOULD NOT compare
-      # against anything but the left-most label of the reference
-      # identifier (e.g., *.example.com would match foo.example.com but
-      # not bar.foo.example.com or example.com).
-      return false unless san_parts.size == host_parts.size
-
-      # RFC 6125, section 6.4.3, subitem 1.
-      # The client SHOULD NOT attempt to match a presented identifier in
-      # which the wildcard character comprises a label other than the
-      # left-most label (e.g., do not match bar.*.example.net).
-      return false unless verify_wildcard(host_parts.shift, san_parts.shift)
-
-      san_parts.join(".") == host_parts.join(".")
-    end
-    module_function :verify_hostname
-
-    def verify_wildcard(domain_component, san_component) # :nodoc:
-      parts = san_component.split("*", -1)
-
-      return false if parts.size > 2
-      return san_component == domain_component if parts.size == 1
-
-      # RFC 6125, section 6.4.3, subitem 3.
-      # The client SHOULD NOT attempt to match a presented identifier
-      # where the wildcard character is embedded within an A-label or
-      # U-label of an internationalized domain name.
-      return false if domain_component.start_with?("xn--") && san_component != "*"
-
-      parts[0].length + parts[1].length < domain_component.length &&
-      domain_component.start_with?(parts[0]) &&
-      domain_component.end_with?(parts[1])
-    end
-    module_function :verify_wildcard
-
-    class SSLSocket
-      include Buffering
-      include SocketForwarder
-      include Nonblock
-
-      def sysclose
-        return if closed?
-        stop
-        io.close if sync_close
-      end unless method_defined? :sysclose
-
-      ##
-      # Perform hostname verification after an SSL connection is established
-      #
-      # This method MUST be called after calling #connect to ensure that the
-      # hostname of a remote peer has been verified.
-      def post_connection_check(hostname)
-        if peer_cert.nil?
-          msg = "Peer verification enabled, but no certificate received."
-          if using_anon_cipher?
-            msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
-          end
-          raise SSLError, msg
-        end
-
-        unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
-          raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
-        end
-        return true
-      end
-
-      private
-
-      def using_anon_cipher?
-        ctx = OpenSSL::SSL::SSLContext.new
-        ctx.ciphers = "aNULL"
-        ctx.ciphers.include?(cipher)
-      end
-    end
-
-    ##
-    # SSLServer represents a TCP/IP server socket with Secure Sockets Layer.
-    class SSLServer
-      include SocketForwarder
-      # When true then #accept works exactly the same as TCPServer#accept
-      attr_accessor :start_immediately
-
-      # Creates a new instance of SSLServer.
-      # * +srv+ is an instance of TCPServer.
-      # * +ctx+ is an instance of OpenSSL::SSL::SSLContext.
-      def initialize(svr, ctx)
-        @svr = svr
-        @ctx = ctx
-        unless ctx.session_id_context
-          # see #6137 - session id may not exceed 32 bytes
-          prng = ::Random.new($0.hash)
-          session_id = prng.bytes(16).unpack('H*')[0]
-          @ctx.session_id_context = session_id
-        end
-        @start_immediately = true
-      end
-
-      # Returns the TCPServer passed to the SSLServer when initialized.
-      def to_io
-        @svr
-      end
-
-      # See TCPServer#listen for details.
-      def listen(backlog=5)
-        @svr.listen(backlog)
-      end
-
-      # See BasicSocket#shutdown for details.
-      def shutdown(how=Socket::SHUT_RDWR)
-        @svr.shutdown(how)
-      end
-
-      # Works similar to TCPServer#accept.
-      def accept
-        # Socket#accept returns [socket, addrinfo].
-        # TCPServer#accept returns a socket.
-        # The following comma strips addrinfo.
-        sock, = @svr.accept
-        begin
-          ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
-          ssl.sync_close = true
-          ssl.accept if @start_immediately
-          ssl
-        rescue Exception => ex
-          if ssl
-            ssl.close
-          else
-            sock.close
-          end
-          raise ex
-        end
-      end
-
-      # See IO#close for details.
-      def close
-        @svr.close
-      end
-    end
-  end
-end