jruby-openssl 0.11.0-java → 0.12.1-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +20 -0
  3. data/Mavenfile +21 -26
  4. data/README.md +3 -0
  5. data/Rakefile +21 -35
  6. data/lib/jopenssl/load.rb +0 -14
  7. data/lib/jopenssl/version.rb +1 -1
  8. data/lib/jopenssl.jar +0 -0
  9. data/lib/openssl/bn.rb +40 -9
  10. data/lib/openssl/buffering.rb +478 -9
  11. data/lib/openssl/cipher.rb +67 -9
  12. data/lib/openssl/config.rb +496 -12
  13. data/lib/openssl/digest.rb +73 -9
  14. data/lib/openssl/hmac.rb +13 -0
  15. data/lib/openssl/marshal.rb +30 -0
  16. data/lib/openssl/pkcs5.rb +3 -3
  17. data/lib/openssl/pkey.rb +42 -5
  18. data/lib/openssl/ssl.rb +543 -9
  19. data/lib/openssl/x509.rb +369 -9
  20. data/lib/openssl.rb +43 -1
  21. data/pom.xml +35 -127
  22. metadata +8 -42
  23. data/lib/jopenssl19/openssl/bn.rb +0 -29
  24. data/lib/jopenssl19/openssl/buffering.rb +0 -449
  25. data/lib/jopenssl19/openssl/cipher.rb +0 -28
  26. data/lib/jopenssl19/openssl/config.rb +0 -472
  27. data/lib/jopenssl19/openssl/digest.rb +0 -32
  28. data/lib/jopenssl19/openssl/ssl-internal.rb +0 -223
  29. data/lib/jopenssl19/openssl/ssl.rb +0 -2
  30. data/lib/jopenssl19/openssl/x509-internal.rb +0 -115
  31. data/lib/jopenssl19/openssl/x509.rb +0 -2
  32. data/lib/jopenssl19/openssl.rb +0 -22
  33. data/lib/jopenssl21/openssl/bn.rb +0 -28
  34. data/lib/jopenssl21/openssl/buffering.rb +0 -1
  35. data/lib/jopenssl21/openssl/cipher.rb +0 -1
  36. data/lib/jopenssl21/openssl/config.rb +0 -1
  37. data/lib/jopenssl21/openssl/digest.rb +0 -1
  38. data/lib/jopenssl21/openssl/ssl.rb +0 -1
  39. data/lib/jopenssl21/openssl/x509.rb +0 -119
  40. data/lib/jopenssl21/openssl.rb +0 -22
  41. data/lib/jopenssl22/openssl/bn.rb +0 -39
  42. data/lib/jopenssl22/openssl/buffering.rb +0 -456
  43. data/lib/jopenssl22/openssl/cipher.rb +0 -28
  44. data/lib/jopenssl22/openssl/config.rb +0 -313
  45. data/lib/jopenssl22/openssl/digest.rb +0 -54
  46. data/lib/jopenssl22/openssl/ssl.rb +0 -330
  47. data/lib/jopenssl22/openssl/x509.rb +0 -139
  48. data/lib/jopenssl22/openssl.rb +0 -22
  49. data/lib/jopenssl23/openssl/bn.rb +0 -38
  50. data/lib/jopenssl23/openssl/buffering.rb +0 -455
  51. data/lib/jopenssl23/openssl/cipher.rb +0 -25
  52. data/lib/jopenssl23/openssl/config.rb +0 -474
  53. data/lib/jopenssl23/openssl/digest.rb +0 -43
  54. data/lib/jopenssl23/openssl/pkey.rb +0 -25
  55. data/lib/jopenssl23/openssl/ssl.rb +0 -508
  56. data/lib/jopenssl23/openssl/x509.rb +0 -208
  57. data/lib/jopenssl23/openssl.rb +0 -19
  58. data/lib/openssl/ssl-internal.rb +0 -5
  59. data/lib/openssl/x509-internal.rb +0 -5
@@ -1,223 +0,0 @@
1
- =begin
2
- = $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id$
15
- =end
16
-
17
- require "openssl/buffering"
18
- require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
19
-
20
- module OpenSSL
21
- module SSL
22
- class SSLContext
23
- DEFAULT_PARAMS = {
24
- :ssl_version => "SSLv23",
25
- :verify_mode => OpenSSL::SSL::VERIFY_PEER,
26
- :ciphers => %w{
27
- ECDHE-ECDSA-AES128-GCM-SHA256
28
- ECDHE-RSA-AES128-GCM-SHA256
29
- ECDHE-ECDSA-AES256-GCM-SHA384
30
- ECDHE-RSA-AES256-GCM-SHA384
31
- DHE-RSA-AES128-GCM-SHA256
32
- DHE-DSS-AES128-GCM-SHA256
33
- DHE-RSA-AES256-GCM-SHA384
34
- DHE-DSS-AES256-GCM-SHA384
35
- ECDHE-ECDSA-AES128-SHA256
36
- ECDHE-RSA-AES128-SHA256
37
- ECDHE-ECDSA-AES128-SHA
38
- ECDHE-RSA-AES128-SHA
39
- ECDHE-ECDSA-AES256-SHA384
40
- ECDHE-RSA-AES256-SHA384
41
- ECDHE-ECDSA-AES256-SHA
42
- ECDHE-RSA-AES256-SHA
43
- DHE-RSA-AES128-SHA256
44
- DHE-RSA-AES256-SHA256
45
- DHE-RSA-AES128-SHA
46
- DHE-RSA-AES256-SHA
47
- DHE-DSS-AES128-SHA256
48
- DHE-DSS-AES256-SHA256
49
- DHE-DSS-AES128-SHA
50
- DHE-DSS-AES256-SHA
51
- AES128-GCM-SHA256
52
- AES256-GCM-SHA384
53
- AES128-SHA256
54
- AES256-SHA256
55
- AES128-SHA
56
- AES256-SHA
57
- ECDHE-ECDSA-RC4-SHA
58
- ECDHE-RSA-RC4-SHA
59
- RC4-SHA
60
- }.join(":"),
61
- :options => -> {
62
- opts = OpenSSL::SSL::OP_ALL
63
- opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
64
- opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
65
- opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
66
- opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
67
- opts
68
- }.call
69
- } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
70
-
71
- begin
72
- DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
73
- DEFAULT_CERT_STORE.set_default_paths
74
- if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
75
- DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
76
- end
77
- end unless const_defined? :DEFAULT_CERT_STORE
78
-
79
- def set_params(params={})
80
- params = DEFAULT_PARAMS.merge(params)
81
- params.each{|name, value| self.__send__("#{name}=", value) }
82
- if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
83
- unless self.ca_file or self.ca_path or self.cert_store
84
- self.cert_store = DEFAULT_CERT_STORE
85
- end
86
- end
87
- return params
88
- end unless method_defined? :set_params
89
- end
90
-
91
- module SocketForwarder
92
- def addr
93
- to_io.addr
94
- end
95
-
96
- def peeraddr
97
- to_io.peeraddr
98
- end
99
-
100
- def setsockopt(level, optname, optval)
101
- to_io.setsockopt(level, optname, optval)
102
- end
103
-
104
- def getsockopt(level, optname)
105
- to_io.getsockopt(level, optname)
106
- end
107
-
108
- def fcntl(*args)
109
- to_io.fcntl(*args)
110
- end
111
-
112
- def closed?
113
- to_io.closed?
114
- end
115
-
116
- def do_not_reverse_lookup=(flag)
117
- to_io.do_not_reverse_lookup = flag
118
- end
119
- end
120
-
121
- def verify_certificate_identity(cert, hostname)
122
- should_verify_common_name = true
123
- cert.extensions.each { |ext|
124
- next if ext.oid != "subjectAltName"
125
- ext.value.split(/,\s+/).each { |general_name|
126
- # MRI 1.9.3 (since we parse ASN.1 differently)
127
- # when 2 # dNSName in GeneralName (RFC5280)
128
- if /\ADNS:(.*)/ =~ general_name
129
- should_verify_common_name = false
130
- reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
131
- return true if /\A#{reg}\z/i =~ hostname
132
- # MRI 1.9.3 (since we parse ASN.1 differently)
133
- # when 7 # iPAddress in GeneralName (RFC5280)
134
- elsif /\AIP(?: Address)?:(.*)/ =~ general_name
135
- should_verify_common_name = false
136
- return true if $1 == hostname
137
- # NOTE: bellow logic makes little sense as we read exts differently
138
- #value = $1 # follows GENERAL_NAME_print() in x509v3/v3_alt.c
139
- #if value.size == 4
140
- # return true if value.unpack('C*').join('.') == hostname
141
- #elsif value.size == 16
142
- # return true if value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
143
- #end
144
- end
145
- }
146
- }
147
- if should_verify_common_name
148
- cert.subject.to_a.each { |oid, value|
149
- if oid == "CN"
150
- reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
151
- return true if /\A#{reg}\z/i =~ hostname
152
- end
153
- }
154
- end
155
- return false
156
- end
157
- module_function :verify_certificate_identity
158
-
159
- class SSLSocket
160
- include Buffering
161
- include SocketForwarder
162
- include Nonblock
163
-
164
- def sysclose
165
- return if closed?
166
- stop
167
- io.close if sync_close
168
- end unless method_defined? :sysclose
169
-
170
- def post_connection_check(hostname)
171
- unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
172
- raise SSLError, "hostname does not match the server certificate"
173
- end
174
- return true
175
- end
176
-
177
- end
178
-
179
- class SSLServer
180
- include SocketForwarder
181
- attr_accessor :start_immediately
182
-
183
- def initialize(svr, ctx)
184
- @svr = svr
185
- @ctx = ctx
186
- unless ctx.session_id_context
187
- session_id = OpenSSL::Digest::MD5.hexdigest($0)
188
- @ctx.session_id_context = session_id
189
- end
190
- @start_immediately = true
191
- end
192
-
193
- def to_io
194
- @svr
195
- end
196
-
197
- def listen(backlog=5)
198
- @svr.listen(backlog)
199
- end
200
-
201
- def shutdown(how=Socket::SHUT_RDWR)
202
- @svr.shutdown(how)
203
- end
204
-
205
- def accept
206
- sock = @svr.accept
207
- begin
208
- ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
209
- ssl.sync_close = true
210
- ssl.accept if @start_immediately
211
- ssl
212
- rescue SSLError => ex
213
- sock.close
214
- raise ex
215
- end
216
- end
217
-
218
- def close
219
- @svr.close
220
- end
221
- end
222
- end
223
- end
@@ -1,2 +0,0 @@
1
- warn 'deprecated openssl/ssl use: require "openssl" instead of "openssl/ssl"'
2
- require 'openssl'
@@ -1,115 +0,0 @@
1
- =begin
2
- = $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id$
15
- =end
16
-
17
- module OpenSSL
18
- module X509
19
- class Name
20
- module RFC2253DN
21
- Special = ',=+<>#;'
22
- HexChar = /[0-9a-fA-F]/
23
- HexPair = /#{HexChar}#{HexChar}/
24
- HexString = /#{HexPair}+/
25
- Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
26
- StringChar = /[^#{Special}\\"]/
27
- QuoteChar = /[^\\"]/
28
- AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
29
- AttributeValue = /
30
- (?!["#])((?:#{StringChar}|#{Pair})*)|
31
- \#(#{HexString})|
32
- "((?:#{QuoteChar}|#{Pair})*)"
33
- /x
34
- TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
35
-
36
- module_function
37
-
38
- def expand_pair(str)
39
- return nil unless str
40
- return str.gsub(Pair){
41
- pair = $&
42
- case pair.size
43
- when 2 then pair[1,1]
44
- when 3 then Integer("0x#{pair[1,2]}").chr
45
- else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
46
- end
47
- }
48
- end
49
-
50
- def expand_hexstring(str)
51
- return nil unless str
52
- der = str.gsub(HexPair){$&.to_i(16).chr }
53
- a1 = OpenSSL::ASN1.decode(der)
54
- return a1.value, a1.tag
55
- end
56
-
57
- def expand_value(str1, str2, str3)
58
- value = expand_pair(str1)
59
- value, tag = expand_hexstring(str2) unless value
60
- value = expand_pair(str3) unless value
61
- return value, tag
62
- end
63
-
64
- def scan(dn)
65
- str = dn
66
- ary = []
67
- while true
68
- if md = TypeAndValue.match(str)
69
- remain = md.post_match
70
- type = md[1]
71
- value, tag = expand_value(md[2], md[3], md[4]) rescue nil
72
- if value
73
- type_and_value = [type, value]
74
- type_and_value.push(tag) if tag
75
- ary.unshift(type_and_value)
76
- if remain.length > 2 && remain[0] == ?,
77
- str = remain[1..-1]
78
- next
79
- elsif remain.length > 2 && remain[0] == ?+
80
- raise OpenSSL::X509::NameError,
81
- "multi-valued RDN is not supported: #{dn}"
82
- elsif remain.empty?
83
- break
84
- end
85
- end
86
- end
87
- msg_dn = dn[0, dn.length - str.length] + " =>" + str
88
- raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
89
- end
90
- return ary
91
- end
92
- end
93
-
94
- class << self
95
- def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
96
- ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
97
- self.new(ary, template)
98
- end
99
-
100
- def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
101
- ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
102
- self.new(ary, template)
103
- end
104
-
105
- alias parse parse_openssl
106
- end
107
- end
108
-
109
- class StoreContext
110
- def cleanup
111
- warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
112
- end
113
- end
114
- end
115
- end
@@ -1,2 +0,0 @@
1
- warn 'deprecated openssl/x509 use: require "openssl" instead of "openssl/x509"'
2
- require 'openssl'
@@ -1,22 +0,0 @@
1
- =begin
2
- = $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id$
15
- =end
16
-
17
- require 'openssl/bn'
18
- require 'openssl/cipher'
19
- require 'openssl/config'
20
- require 'openssl/digest'
21
- require 'openssl/ssl-internal'
22
- require 'openssl/x509-internal'
@@ -1,28 +0,0 @@
1
- #--
2
- #
3
- # $RCSfile$
4
- #
5
- # = Ruby-space definitions that completes C-space funcs for BN
6
- #
7
- # = Info
8
- # 'OpenSSL for Ruby 2' project
9
- # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
- # All rights reserved.
11
- #
12
- # = Licence
13
- # This program is licenced under the same licence as Ruby.
14
- # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id$
18
- #
19
- #++
20
-
21
- ##
22
- # Add double dispatch to Integer
23
- #
24
- class Integer
25
- def to_bn
26
- OpenSSL::BN::new(self)
27
- end
28
- end # Integer
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/buffering.rb'
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/cipher.rb'
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/config.rb'
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/digest.rb'
@@ -1 +0,0 @@
1
- load 'jopenssl22/openssl/ssl.rb'
@@ -1,119 +0,0 @@
1
- #--
2
- #
3
- # $RCSfile$
4
- #
5
- # = Ruby-space definitions that completes C-space funcs for X509 and subclasses
6
- #
7
- # = Info
8
- # 'OpenSSL for Ruby 2' project
9
- # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
- # All rights reserved.
11
- #
12
- # = Licence
13
- # This program is licenced under the same licence as Ruby.
14
- # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id$
18
- #
19
- #++
20
-
21
- module OpenSSL
22
- module X509
23
- class Name
24
- module RFC2253DN
25
- Special = ',=+<>#;'
26
- HexChar = /[0-9a-fA-F]/
27
- HexPair = /#{HexChar}#{HexChar}/
28
- HexString = /#{HexPair}+/
29
- Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
30
- StringChar = /[^#{Special}\\"]/
31
- QuoteChar = /[^\\"]/
32
- AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
33
- AttributeValue = /
34
- (?!["#])((?:#{StringChar}|#{Pair})*)|
35
- \#(#{HexString})|
36
- "((?:#{QuoteChar}|#{Pair})*)"
37
- /x
38
- TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
39
-
40
- module_function
41
-
42
- def expand_pair(str)
43
- return nil unless str
44
- return str.gsub(Pair){
45
- pair = $&
46
- case pair.size
47
- when 2 then pair[1,1]
48
- when 3 then Integer("0x#{pair[1,2]}").chr
49
- else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
50
- end
51
- }
52
- end
53
-
54
- def expand_hexstring(str)
55
- return nil unless str
56
- der = str.gsub(HexPair){$&.to_i(16).chr }
57
- a1 = OpenSSL::ASN1.decode(der)
58
- return a1.value, a1.tag
59
- end
60
-
61
- def expand_value(str1, str2, str3)
62
- value = expand_pair(str1)
63
- value, tag = expand_hexstring(str2) unless value
64
- value = expand_pair(str3) unless value
65
- return value, tag
66
- end
67
-
68
- def scan(dn)
69
- str = dn
70
- ary = []
71
- while true
72
- if md = TypeAndValue.match(str)
73
- remain = md.post_match
74
- type = md[1]
75
- value, tag = expand_value(md[2], md[3], md[4]) rescue nil
76
- if value
77
- type_and_value = [type, value]
78
- type_and_value.push(tag) if tag
79
- ary.unshift(type_and_value)
80
- if remain.length > 2 && remain[0] == ?,
81
- str = remain[1..-1]
82
- next
83
- elsif remain.length > 2 && remain[0] == ?+
84
- raise OpenSSL::X509::NameError,
85
- "multi-valued RDN is not supported: #{dn}"
86
- elsif remain.empty?
87
- break
88
- end
89
- end
90
- end
91
- msg_dn = dn[0, dn.length - str.length] + " =>" + str
92
- raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
93
- end
94
- return ary
95
- end
96
- end
97
-
98
- class << self
99
- def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
100
- ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
101
- self.new(ary, template)
102
- end
103
-
104
- def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
105
- ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
106
- self.new(ary, template)
107
- end
108
-
109
- alias parse parse_openssl
110
- end
111
- end
112
-
113
- class StoreContext
114
- def cleanup
115
- warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
116
- end
117
- end
118
- end
119
- end
@@ -1,22 +0,0 @@
1
- =begin
2
- = $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id$
15
- =end
16
-
17
- require 'openssl/bn'
18
- require 'openssl/cipher'
19
- require 'openssl/config'
20
- require 'openssl/digest'
21
- require 'openssl/x509'
22
- require 'openssl/ssl'
@@ -1,39 +0,0 @@
1
- #--
2
- #
3
- # $RCSfile$
4
- #
5
- # = Ruby-space definitions that completes C-space funcs for BN
6
- #
7
- # = Info
8
- # 'OpenSSL for Ruby 2' project
9
- # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
- # All rights reserved.
11
- #
12
- # = Licence
13
- # This program is licenced under the same licence as Ruby.
14
- # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id$
18
- #
19
- #++
20
-
21
- module OpenSSL
22
- class BN
23
- def pretty_print(q)
24
- q.object_group(self) {
25
- q.text ' '
26
- q.text to_i.to_s
27
- }
28
- end
29
- end # BN
30
- end # OpenSSL
31
-
32
- ##
33
- # Add double dispatch to Integer
34
- #
35
- class Integer
36
- def to_bn
37
- OpenSSL::BN::new(self)
38
- end
39
- end # Integer