jruby-openssl 0.11.0-java → 0.12.1-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +20 -0
  3. data/Mavenfile +21 -26
  4. data/README.md +3 -0
  5. data/Rakefile +21 -35
  6. data/lib/jopenssl/load.rb +0 -14
  7. data/lib/jopenssl/version.rb +1 -1
  8. data/lib/jopenssl.jar +0 -0
  9. data/lib/openssl/bn.rb +40 -9
  10. data/lib/openssl/buffering.rb +478 -9
  11. data/lib/openssl/cipher.rb +67 -9
  12. data/lib/openssl/config.rb +496 -12
  13. data/lib/openssl/digest.rb +73 -9
  14. data/lib/openssl/hmac.rb +13 -0
  15. data/lib/openssl/marshal.rb +30 -0
  16. data/lib/openssl/pkcs5.rb +3 -3
  17. data/lib/openssl/pkey.rb +42 -5
  18. data/lib/openssl/ssl.rb +543 -9
  19. data/lib/openssl/x509.rb +369 -9
  20. data/lib/openssl.rb +43 -1
  21. data/pom.xml +35 -127
  22. metadata +8 -42
  23. data/lib/jopenssl19/openssl/bn.rb +0 -29
  24. data/lib/jopenssl19/openssl/buffering.rb +0 -449
  25. data/lib/jopenssl19/openssl/cipher.rb +0 -28
  26. data/lib/jopenssl19/openssl/config.rb +0 -472
  27. data/lib/jopenssl19/openssl/digest.rb +0 -32
  28. data/lib/jopenssl19/openssl/ssl-internal.rb +0 -223
  29. data/lib/jopenssl19/openssl/ssl.rb +0 -2
  30. data/lib/jopenssl19/openssl/x509-internal.rb +0 -115
  31. data/lib/jopenssl19/openssl/x509.rb +0 -2
  32. data/lib/jopenssl19/openssl.rb +0 -22
  33. data/lib/jopenssl21/openssl/bn.rb +0 -28
  34. data/lib/jopenssl21/openssl/buffering.rb +0 -1
  35. data/lib/jopenssl21/openssl/cipher.rb +0 -1
  36. data/lib/jopenssl21/openssl/config.rb +0 -1
  37. data/lib/jopenssl21/openssl/digest.rb +0 -1
  38. data/lib/jopenssl21/openssl/ssl.rb +0 -1
  39. data/lib/jopenssl21/openssl/x509.rb +0 -119
  40. data/lib/jopenssl21/openssl.rb +0 -22
  41. data/lib/jopenssl22/openssl/bn.rb +0 -39
  42. data/lib/jopenssl22/openssl/buffering.rb +0 -456
  43. data/lib/jopenssl22/openssl/cipher.rb +0 -28
  44. data/lib/jopenssl22/openssl/config.rb +0 -313
  45. data/lib/jopenssl22/openssl/digest.rb +0 -54
  46. data/lib/jopenssl22/openssl/ssl.rb +0 -330
  47. data/lib/jopenssl22/openssl/x509.rb +0 -139
  48. data/lib/jopenssl22/openssl.rb +0 -22
  49. data/lib/jopenssl23/openssl/bn.rb +0 -38
  50. data/lib/jopenssl23/openssl/buffering.rb +0 -455
  51. data/lib/jopenssl23/openssl/cipher.rb +0 -25
  52. data/lib/jopenssl23/openssl/config.rb +0 -474
  53. data/lib/jopenssl23/openssl/digest.rb +0 -43
  54. data/lib/jopenssl23/openssl/pkey.rb +0 -25
  55. data/lib/jopenssl23/openssl/ssl.rb +0 -508
  56. data/lib/jopenssl23/openssl/x509.rb +0 -208
  57. data/lib/jopenssl23/openssl.rb +0 -19
  58. data/lib/openssl/ssl-internal.rb +0 -5
  59. data/lib/openssl/x509-internal.rb +0 -5
@@ -1,223 +0,0 @@
1
- =begin
2
- = $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id$
15
- =end
16
-
17
- require "openssl/buffering"
18
- require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
19
-
20
- module OpenSSL
21
- module SSL
22
- class SSLContext
23
- DEFAULT_PARAMS = {
24
- :ssl_version => "SSLv23",
25
- :verify_mode => OpenSSL::SSL::VERIFY_PEER,
26
- :ciphers => %w{
27
- ECDHE-ECDSA-AES128-GCM-SHA256
28
- ECDHE-RSA-AES128-GCM-SHA256
29
- ECDHE-ECDSA-AES256-GCM-SHA384
30
- ECDHE-RSA-AES256-GCM-SHA384
31
- DHE-RSA-AES128-GCM-SHA256
32
- DHE-DSS-AES128-GCM-SHA256
33
- DHE-RSA-AES256-GCM-SHA384
34
- DHE-DSS-AES256-GCM-SHA384
35
- ECDHE-ECDSA-AES128-SHA256
36
- ECDHE-RSA-AES128-SHA256
37
- ECDHE-ECDSA-AES128-SHA
38
- ECDHE-RSA-AES128-SHA
39
- ECDHE-ECDSA-AES256-SHA384
40
- ECDHE-RSA-AES256-SHA384
41
- ECDHE-ECDSA-AES256-SHA
42
- ECDHE-RSA-AES256-SHA
43
- DHE-RSA-AES128-SHA256
44
- DHE-RSA-AES256-SHA256
45
- DHE-RSA-AES128-SHA
46
- DHE-RSA-AES256-SHA
47
- DHE-DSS-AES128-SHA256
48
- DHE-DSS-AES256-SHA256
49
- DHE-DSS-AES128-SHA
50
- DHE-DSS-AES256-SHA
51
- AES128-GCM-SHA256
52
- AES256-GCM-SHA384
53
- AES128-SHA256
54
- AES256-SHA256
55
- AES128-SHA
56
- AES256-SHA
57
- ECDHE-ECDSA-RC4-SHA
58
- ECDHE-RSA-RC4-SHA
59
- RC4-SHA
60
- }.join(":"),
61
- :options => -> {
62
- opts = OpenSSL::SSL::OP_ALL
63
- opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
64
- opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
65
- opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
66
- opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
67
- opts
68
- }.call
69
- } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
70
-
71
- begin
72
- DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
73
- DEFAULT_CERT_STORE.set_default_paths
74
- if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
75
- DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
76
- end
77
- end unless const_defined? :DEFAULT_CERT_STORE
78
-
79
- def set_params(params={})
80
- params = DEFAULT_PARAMS.merge(params)
81
- params.each{|name, value| self.__send__("#{name}=", value) }
82
- if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
83
- unless self.ca_file or self.ca_path or self.cert_store
84
- self.cert_store = DEFAULT_CERT_STORE
85
- end
86
- end
87
- return params
88
- end unless method_defined? :set_params
89
- end
90
-
91
- module SocketForwarder
92
- def addr
93
- to_io.addr
94
- end
95
-
96
- def peeraddr
97
- to_io.peeraddr
98
- end
99
-
100
- def setsockopt(level, optname, optval)
101
- to_io.setsockopt(level, optname, optval)
102
- end
103
-
104
- def getsockopt(level, optname)
105
- to_io.getsockopt(level, optname)
106
- end
107
-
108
- def fcntl(*args)
109
- to_io.fcntl(*args)
110
- end
111
-
112
- def closed?
113
- to_io.closed?
114
- end
115
-
116
- def do_not_reverse_lookup=(flag)
117
- to_io.do_not_reverse_lookup = flag
118
- end
119
- end
120
-
121
- def verify_certificate_identity(cert, hostname)
122
- should_verify_common_name = true
123
- cert.extensions.each { |ext|
124
- next if ext.oid != "subjectAltName"
125
- ext.value.split(/,\s+/).each { |general_name|
126
- # MRI 1.9.3 (since we parse ASN.1 differently)
127
- # when 2 # dNSName in GeneralName (RFC5280)
128
- if /\ADNS:(.*)/ =~ general_name
129
- should_verify_common_name = false
130
- reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
131
- return true if /\A#{reg}\z/i =~ hostname
132
- # MRI 1.9.3 (since we parse ASN.1 differently)
133
- # when 7 # iPAddress in GeneralName (RFC5280)
134
- elsif /\AIP(?: Address)?:(.*)/ =~ general_name
135
- should_verify_common_name = false
136
- return true if $1 == hostname
137
- # NOTE: bellow logic makes little sense as we read exts differently
138
- #value = $1 # follows GENERAL_NAME_print() in x509v3/v3_alt.c
139
- #if value.size == 4
140
- # return true if value.unpack('C*').join('.') == hostname
141
- #elsif value.size == 16
142
- # return true if value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
143
- #end
144
- end
145
- }
146
- }
147
- if should_verify_common_name
148
- cert.subject.to_a.each { |oid, value|
149
- if oid == "CN"
150
- reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
151
- return true if /\A#{reg}\z/i =~ hostname
152
- end
153
- }
154
- end
155
- return false
156
- end
157
- module_function :verify_certificate_identity
158
-
159
- class SSLSocket
160
- include Buffering
161
- include SocketForwarder
162
- include Nonblock
163
-
164
- def sysclose
165
- return if closed?
166
- stop
167
- io.close if sync_close
168
- end unless method_defined? :sysclose
169
-
170
- def post_connection_check(hostname)
171
- unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
172
- raise SSLError, "hostname does not match the server certificate"
173
- end
174
- return true
175
- end
176
-
177
- end
178
-
179
- class SSLServer
180
- include SocketForwarder
181
- attr_accessor :start_immediately
182
-
183
- def initialize(svr, ctx)
184
- @svr = svr
185
- @ctx = ctx
186
- unless ctx.session_id_context
187
- session_id = OpenSSL::Digest::MD5.hexdigest($0)
188
- @ctx.session_id_context = session_id
189
- end
190
- @start_immediately = true
191
- end
192
-
193
- def to_io
194
- @svr
195
- end
196
-
197
- def listen(backlog=5)
198
- @svr.listen(backlog)
199
- end
200
-
201
- def shutdown(how=Socket::SHUT_RDWR)
202
- @svr.shutdown(how)
203
- end
204
-
205
- def accept
206
- sock = @svr.accept
207
- begin
208
- ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
209
- ssl.sync_close = true
210
- ssl.accept if @start_immediately
211
- ssl
212
- rescue SSLError => ex
213
- sock.close
214
- raise ex
215
- end
216
- end
217
-
218
- def close
219
- @svr.close
220
- end
221
- end
222
- end
223
- end
@@ -1,2 +0,0 @@
1
- warn 'deprecated openssl/ssl use: require "openssl" instead of "openssl/ssl"'
2
- require 'openssl'
@@ -1,115 +0,0 @@
1
- =begin
2
- = $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id$
15
- =end
16
-
17
- module OpenSSL
18
- module X509
19
- class Name
20
- module RFC2253DN
21
- Special = ',=+<>#;'
22
- HexChar = /[0-9a-fA-F]/
23
- HexPair = /#{HexChar}#{HexChar}/
24
- HexString = /#{HexPair}+/
25
- Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
26
- StringChar = /[^#{Special}\\"]/
27
- QuoteChar = /[^\\"]/
28
- AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
29
- AttributeValue = /
30
- (?!["#])((?:#{StringChar}|#{Pair})*)|
31
- \#(#{HexString})|
32
- "((?:#{QuoteChar}|#{Pair})*)"
33
- /x
34
- TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
35
-
36
- module_function
37
-
38
- def expand_pair(str)
39
- return nil unless str
40
- return str.gsub(Pair){
41
- pair = $&
42
- case pair.size
43
- when 2 then pair[1,1]
44
- when 3 then Integer("0x#{pair[1,2]}").chr
45
- else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
46
- end
47
- }
48
- end
49
-
50
- def expand_hexstring(str)
51
- return nil unless str
52
- der = str.gsub(HexPair){$&.to_i(16).chr }
53
- a1 = OpenSSL::ASN1.decode(der)
54
- return a1.value, a1.tag
55
- end
56
-
57
- def expand_value(str1, str2, str3)
58
- value = expand_pair(str1)
59
- value, tag = expand_hexstring(str2) unless value
60
- value = expand_pair(str3) unless value
61
- return value, tag
62
- end
63
-
64
- def scan(dn)
65
- str = dn
66
- ary = []
67
- while true
68
- if md = TypeAndValue.match(str)
69
- remain = md.post_match
70
- type = md[1]
71
- value, tag = expand_value(md[2], md[3], md[4]) rescue nil
72
- if value
73
- type_and_value = [type, value]
74
- type_and_value.push(tag) if tag
75
- ary.unshift(type_and_value)
76
- if remain.length > 2 && remain[0] == ?,
77
- str = remain[1..-1]
78
- next
79
- elsif remain.length > 2 && remain[0] == ?+
80
- raise OpenSSL::X509::NameError,
81
- "multi-valued RDN is not supported: #{dn}"
82
- elsif remain.empty?
83
- break
84
- end
85
- end
86
- end
87
- msg_dn = dn[0, dn.length - str.length] + " =>" + str
88
- raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
89
- end
90
- return ary
91
- end
92
- end
93
-
94
- class << self
95
- def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
96
- ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
97
- self.new(ary, template)
98
- end
99
-
100
- def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
101
- ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
102
- self.new(ary, template)
103
- end
104
-
105
- alias parse parse_openssl
106
- end
107
- end
108
-
109
- class StoreContext
110
- def cleanup
111
- warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
112
- end
113
- end
114
- end
115
- end
@@ -1,2 +0,0 @@
1
- warn 'deprecated openssl/x509 use: require "openssl" instead of "openssl/x509"'
2
- require 'openssl'
@@ -1,22 +0,0 @@
1
- =begin
2
- = $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id$
15
- =end
16
-
17
- require 'openssl/bn'
18
- require 'openssl/cipher'
19
- require 'openssl/config'
20
- require 'openssl/digest'
21
- require 'openssl/ssl-internal'
22
- require 'openssl/x509-internal'
@@ -1,28 +0,0 @@
1
- #--
2
- #
3
- # $RCSfile$
4
- #
5
- # = Ruby-space definitions that completes C-space funcs for BN
6
- #
7
- # = Info
8
- # 'OpenSSL for Ruby 2' project
9
- # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
- # All rights reserved.
11
- #
12
- # = Licence
13
- # This program is licenced under the same licence as Ruby.
14
- # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id$
18
- #
19
- #++
20
-
21
- ##
22
- # Add double dispatch to Integer
23
- #
24
- class Integer
25
- def to_bn
26
- OpenSSL::BN::new(self)
27
- end
28
- end # Integer
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/buffering.rb'
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/cipher.rb'
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/config.rb'
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/digest.rb'
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/ssl.rb'
@@ -1,119 +0,0 @@
1
- #--
2
- #
3
- # $RCSfile$
4
- #
5
- # = Ruby-space definitions that completes C-space funcs for X509 and subclasses
6
- #
7
- # = Info
8
- # 'OpenSSL for Ruby 2' project
9
- # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
- # All rights reserved.
11
- #
12
- # = Licence
13
- # This program is licenced under the same licence as Ruby.
14
- # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id$
18
- #
19
- #++
20
-
21
- module OpenSSL
22
- module X509
23
- class Name
24
- module RFC2253DN
25
- Special = ',=+<>#;'
26
- HexChar = /[0-9a-fA-F]/
27
- HexPair = /#{HexChar}#{HexChar}/
28
- HexString = /#{HexPair}+/
29
- Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
30
- StringChar = /[^#{Special}\\"]/
31
- QuoteChar = /[^\\"]/
32
- AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
33
- AttributeValue = /
34
- (?!["#])((?:#{StringChar}|#{Pair})*)|
35
- \#(#{HexString})|
36
- "((?:#{QuoteChar}|#{Pair})*)"
37
- /x
38
- TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
39
-
40
- module_function
41
-
42
- def expand_pair(str)
43
- return nil unless str
44
- return str.gsub(Pair){
45
- pair = $&
46
- case pair.size
47
- when 2 then pair[1,1]
48
- when 3 then Integer("0x#{pair[1,2]}").chr
49
- else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
50
- end
51
- }
52
- end
53
-
54
- def expand_hexstring(str)
55
- return nil unless str
56
- der = str.gsub(HexPair){$&.to_i(16).chr }
57
- a1 = OpenSSL::ASN1.decode(der)
58
- return a1.value, a1.tag
59
- end
60
-
61
- def expand_value(str1, str2, str3)
62
- value = expand_pair(str1)
63
- value, tag = expand_hexstring(str2) unless value
64
- value = expand_pair(str3) unless value
65
- return value, tag
66
- end
67
-
68
- def scan(dn)
69
- str = dn
70
- ary = []
71
- while true
72
- if md = TypeAndValue.match(str)
73
- remain = md.post_match
74
- type = md[1]
75
- value, tag = expand_value(md[2], md[3], md[4]) rescue nil
76
- if value
77
- type_and_value = [type, value]
78
- type_and_value.push(tag) if tag
79
- ary.unshift(type_and_value)
80
- if remain.length > 2 && remain[0] == ?,
81
- str = remain[1..-1]
82
- next
83
- elsif remain.length > 2 && remain[0] == ?+
84
- raise OpenSSL::X509::NameError,
85
- "multi-valued RDN is not supported: #{dn}"
86
- elsif remain.empty?
87
- break
88
- end
89
- end
90
- end
91
- msg_dn = dn[0, dn.length - str.length] + " =>" + str
92
- raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
93
- end
94
- return ary
95
- end
96
- end
97
-
98
- class << self
99
- def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
100
- ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
101
- self.new(ary, template)
102
- end
103
-
104
- def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
105
- ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
106
- self.new(ary, template)
107
- end
108
-
109
- alias parse parse_openssl
110
- end
111
- end
112
-
113
- class StoreContext
114
- def cleanup
115
- warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
116
- end
117
- end
118
- end
119
- end
@@ -1,22 +0,0 @@
1
- =begin
2
- = $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id$
15
- =end
16
-
17
- require 'openssl/bn'
18
- require 'openssl/cipher'
19
- require 'openssl/config'
20
- require 'openssl/digest'
21
- require 'openssl/x509'
22
- require 'openssl/ssl'
@@ -1,39 +0,0 @@
1
- #--
2
- #
3
- # $RCSfile$
4
- #
5
- # = Ruby-space definitions that completes C-space funcs for BN
6
- #
7
- # = Info
8
- # 'OpenSSL for Ruby 2' project
9
- # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
- # All rights reserved.
11
- #
12
- # = Licence
13
- # This program is licenced under the same licence as Ruby.
14
- # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id$
18
- #
19
- #++
20
-
21
- module OpenSSL
22
- class BN
23
- def pretty_print(q)
24
- q.object_group(self) {
25
- q.text ' '
26
- q.text to_i.to_s
27
- }
28
- end
29
- end # BN
30
- end # OpenSSL
31
-
32
- ##
33
- # Add double dispatch to Integer
34
- #
35
- class Integer
36
- def to_bn
37
- OpenSSL::BN::new(self)
38
- end
39
- end # Integer