jruby-openssl 0.7.1 → 0.7.2

data/History.txt

@@ -1,3 +1,19 @@
+== 0.7.2
+
+- JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream
+  cipher (Net::SSH compatibility)
+- JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH
+  compatibility)
+- JRUBY-5096: Fixed inconsistent Certificate verification behavior
+- JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects
+- JRUBY-5059: SSLSocket ignores Timeout (Fixed)
+- JRUBY-4965: implemented OpenSSL::Config
+- JRUBY-5023: make Certificate#signature_algorithm return correct algo
+  name; "sha1WithRSAEncryption" instead of "SHA1"
+- JRUBY-5024: let HMAC.new accept a String as a digest name
+- JRUBY-5018: SSLSocket holds selectors, keys, preventing quick
+  cleanup of resources when dereferenced
+
 == 0.7.1
 
 - NOTE: Now BouncyCastle jars has moved out to its own gem

data/Manifest.txt

@@ -12,6 +12,7 @@ lib/jopenssl/version.rb
 lib/openssl/bn.rb
 lib/openssl/buffering.rb
 lib/openssl/cipher.rb
+lib/openssl/config.rb
 lib/openssl/digest.rb
 lib/openssl/dummy.rb
 lib/openssl/dummyssl.rb
@@ -86,6 +87,7 @@ test/java/test_java_smime.rb
 test/openssl/ssl_server.rb
 test/openssl/test_asn1.rb
 test/openssl/test_cipher.rb
+test/openssl/test_config.rb
 test/openssl/test_digest.rb
 test/openssl/test_ec.rb
 test/openssl/test_hmac.rb

data/Rakefile

@@ -53,6 +53,7 @@ require File.dirname(__FILE__) + "/lib/jopenssl/version"
 begin
   require 'hoe'
   Hoe.plugin :gemcutter
+  Hoe.add_include_dirs('build_lib')
   hoe = Hoe.spec("jruby-openssl") do |p|
     p.version = Jopenssl::Version::VERSION
     p.rubyforge_name = "jruby-extras"

data/lib/jopenssl/version.rb

@@ -1,5 +1,5 @@
 module Jopenssl
   module Version
-    VERSION = "0.7.1"
+    VERSION = "0.7.2"
   end
 end

data/lib/openssl.rb

@@ -68,6 +68,7 @@ require 'jopenssl'
 
 require 'openssl/bn'
 require 'openssl/cipher'
+require 'openssl/config'
 require 'openssl/digest'
 require 'openssl/pkcs7'
 require 'openssl/ssl'

data/lib/openssl/config.rb

@@ -0,0 +1,316 @@
+=begin
+= Ruby-space definitions that completes C-space funcs for Config
+
+= Info
+  Copyright (C) 2010  Hiroshi Nakamura <nahi@ruby-lang.org>
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+=end
+
+##
+# Should we care what if somebody require this file directly?
+#require 'openssl'
+require 'stringio'
+
+module OpenSSL
+  class Config
+    include Enumerable
+
+    class << self
+      def parse(str)
+        c = new()
+        parse_config(StringIO.new(str)).each do |section, hash|
+          c[section] = hash
+        end
+        c
+      end
+
+      alias load new
+
+      def parse_config(io)
+        begin
+          parse_config_lines(io)
+        rescue ConfigError => e
+          e.message.replace("error in line #{io.lineno}: " + e.message)
+          raise
+        end
+      end
+
+      def get_key_string(data, section, key) # :nodoc:
+        if v = data[section] && data[section][key]
+          return v
+        elsif section == 'ENV'
+          if v = ENV[key]
+            return v
+          end
+        end
+        if v = data['default'] && data['default'][key]
+          return v
+        end
+      end
+
+    private
+
+      def parse_config_lines(io)
+        section = 'default'
+        data = {section => {}}
+        while definition = get_definition(io)
+          definition = clear_comments(definition)
+          next if definition.empty?
+          if definition[0] == ?[
+            if /\[([^\]]*)\]/ =~ definition
+              section = $1.strip
+              data[section] ||= {}
+            else
+              raise ConfigError, "missing close square bracket"
+            end
+          else
+            if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
+              if $2
+                section = $1
+                key = $2
+              else
+                key = $1
+              end
+              value = unescape_value(data, section, $3)
+              (data[section] ||= {})[key] = value.strip
+            else
+              raise ConfigError, "missing equal sign"
+            end
+          end
+        end
+        data
+      end
+
+      # escape with backslash
+      QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
+      # escape with backslash and doubled dq
+      QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
+      # escaped char map
+      ESCAPE_MAP = {
+        "r" => "\r",
+        "n" => "\n",
+        "b" => "\b",
+        "t" => "\t",
+      }
+
+      def unescape_value(data, section, value)
+        scanned = []
+        while m = value.match(/['"\\$]/)
+          scanned << m.pre_match
+          c = m[0]
+          value = m.post_match
+          case c
+          when "'"
+            if m = value.match(QUOTE_REGEXP_SQ)
+              scanned << m[1].gsub(/\\(.)/, '\\1')
+              value = m.post_match
+            else
+              break
+            end
+          when '"'
+            if m = value.match(QUOTE_REGEXP_DQ)
+              scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
+              value = m.post_match
+            else
+              break
+            end
+          when "\\"
+            c = value.slice!(0, 1)
+            scanned << (ESCAPE_MAP[c] || c)
+          when "$"
+            ref, value = extract_reference(value)
+            refsec = section
+            if ref.index('::')
+              refsec, ref = ref.split('::', 2)
+            end
+            if v = get_key_string(data, refsec, ref)
+              scanned << v
+            else
+              raise ConfigError, "variable has no value"
+            end
+          else
+            raise 'must not reaced'
+          end
+        end
+        scanned << value
+        scanned.join
+      end
+
+      def extract_reference(value)
+        rest = ''
+        if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
+          value = m[1] || m[2]
+          rest = m.post_match
+        elsif [?(, ?{].include?(value[0])
+          raise ConfigError, "no close brace"
+        end
+        if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
+          return m[0], m.post_match + rest
+        else
+          raise
+        end
+      end
+
+      def clear_comments(line)
+        # FCOMMENT
+        if m = line.match(/\A([\t\n\f ]*);.*\z/)
+          return m[1]
+        end
+        # COMMENT
+        scanned = []
+        while m = line.match(/[#'"\\]/)
+          scanned << m.pre_match
+          c = m[0]
+          line = m.post_match
+          case c
+          when '#'
+            line = nil
+            break
+          when "'", '"'
+            regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
+            scanned << c
+            if m = line.match(regexp)
+              scanned << m[0]
+              line = m.post_match
+            else
+              scanned << line
+              line = nil
+              break
+            end
+          when "\\"
+            scanned << c
+            scanned << line.slice!(0, 1)
+          else
+            raise 'must not reaced'
+          end
+        end
+        scanned << line
+        scanned.join
+      end
+
+      def get_definition(io)
+        if line = get_line(io)
+          while /[^\\]\\\z/ =~ line
+            if extra = get_line(io)
+              line += extra
+            else
+              break
+            end
+          end
+          return line.strip
+        end
+      end
+
+      def get_line(io)
+        if line = io.gets
+          line.gsub(/[\r\n]*/, '')
+        end
+      end
+    end
+
+    def initialize(filename = nil)
+      @data = {}
+      if filename
+        File.open(filename.to_s) do |file|
+          Config.parse_config(file).each do |section, hash|
+            self[section] = hash
+          end
+        end
+      end
+    end
+
+    def get_value(section, key)
+      if section.nil?
+        raise TypeError.new('nil not allowed')
+      end
+      section = 'default' if section.empty?
+      get_key_string(section, key)
+    end
+
+    def value(arg1, arg2 = nil)
+      warn('Config#value is deprecated; use Config#get_value')
+      if arg2.nil?
+        section, key = 'default', arg1
+      else
+        section, key = arg1, arg2
+      end
+      section ||= 'default'
+      section = 'default' if section.empty?
+      get_key_string(section, key)
+    end
+
+    def add_value(section, key, value)
+      check_modify
+      (@data[section] ||= {})[key] = value
+    end
+
+    def [](section)
+      @data[section] || {}
+    end
+
+    def section(name)
+      warn('Config#section is deprecated; use Config#[]')
+      @data[name] || {}
+    end
+
+    def []=(section, pairs)
+      check_modify
+      @data[section] ||= {}
+      pairs.each do |key, value|
+        self.add_value(section, key, value)
+      end
+    end
+
+    def sections
+      @data.keys
+    end
+
+    def to_s
+      ary = []
+      @data.keys.sort.each do |section|
+        ary << "[ #{section} ]\n"
+        @data[section].keys.each do |key|
+          ary << "#{key}=#{@data[section][key]}\n"
+        end
+        ary << "\n"
+      end
+      ary.join
+    end
+
+    def each
+      @data.each do |section, hash|
+        hash.each do |key, value|
+          yield [section, key, value]
+        end
+      end
+    end
+
+    def inspect
+      "#<#{self.class.name} sections=#{sections.inspect}>"
+    end
+
+  protected
+
+    def data
+      @data
+    end
+
+  private
+
+    def initialize_copy(other)
+      @data = other.data.dup
+    end
+
+    def check_modify
+      raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
+    end
+
+    def get_key_string(section, key)
+      Config.get_key_string(@data, section, key)
+    end
+  end
+end

data/test/openssl/test_cipher.rb

@@ -101,13 +101,13 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
     assert_equal(@data, decrypted_data[0...@data.size])
   end
 
-  if PLATFORM =~ /java/
+  if RUBY_PLATFORM =~ /java/
     # JRuby extension - using Java padding types
-    
+
     def test_disable_padding_javastyle
       test_disable_padding('NoPadding')
     end
-  
+
     def test_iso10126_padding
       @c1.encrypt
       @c1.key = @key
@@ -176,7 +176,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
     c1.key = key
     e = c1.update data
     e << c1.final
-    
+
     c2 = OpenSSL::Cipher::Cipher.new("DES-CBC")
     c2.padding = 0
     c2.iv = "0" * 8

data/test/openssl/test_config.rb

@@ -0,0 +1,290 @@
+require 'openssl'
+require "test/unit"
+require 'tempfile'
+require File.join(File.dirname(__FILE__), "utils.rb")
+
+class OpenSSL::TestConfig < Test::Unit::TestCase
+  def setup
+    file = Tempfile.open("openssl.cnf")
+    file << <<__EOD__
+HOME = .
+[ ca ]
+default_ca = CA_default
+[ CA_default ]
+dir = ./demoCA
+certs                =                  ./certs
+__EOD__
+    file.close
+    @it = OpenSSL::Config.new(file.path)
+  end
+
+  def TODO_test_constants
+    assert(defined?(OpenSSL::Config::DEFAULT_CONFIG_FILE))
+    assert_nothing_raised do
+      OpenSSL::Config.load(OpenSSL::Config::DEFAULT_CONFIG_FILE)
+    end
+  end
+
+  def test_s_parse
+    c = OpenSSL::Config.parse('')
+    assert_equal("[ default ]\n\n", c.to_s)
+    c = OpenSSL::Config.parse(@it.to_s)
+    assert_equal(['CA_default', 'ca', 'default'], c.sections.sort)
+  end
+
+  def test_s_parse_format
+    c = OpenSSL::Config.parse(<<__EOC__)
+ baz =qx\t                # "baz = qx"
+
+foo::bar = baz            # shortcut section::key format
+  default::bar = baz      # ditto
+a=\t \t                   # "a = ": trailing spaces are ignored
+ =b                       # " = b": empty key
+ =c                       # " = c": empty key (override the above line)
+    d=                    # "c = ": trailing comment is ignored
+
+sq = 'foo''b\\'ar'
+    dq ="foo""''\\""
+    dq2 = foo""bar
+esc=a\\r\\n\\b\\tb
+foo\\bar = foo\\b\\\\ar
+foo\\bar::foo\\bar = baz
+[default1  default2]\t\t  # space is allowed in section name
+          fo =b  ar       # space allowed in value
+[emptysection]
+ [doller ]
+foo=bar
+bar = $(foo)
+baz = 123$(default::bar)456${foo}798
+qux = ${baz}
+quxx = $qux.$qux
+__EOC__
+    assert_equal(['default', 'default1  default2', 'doller', 'emptysection', 'foo', 'foo\\bar'], c.sections.sort)
+    assert_equal(['', 'a', 'bar', 'baz', 'd', 'dq', 'dq2', 'esc', 'foo\\bar', 'sq'], c['default'].keys.sort)
+    assert_equal('c', c['default'][''])
+    assert_equal('', c['default']['a'])
+    assert_equal('qx', c['default']['baz'])
+    assert_equal('', c['default']['d'])
+    assert_equal('baz', c['default']['bar'])
+    assert_equal("foob'ar", c['default']['sq'])
+    assert_equal("foo''\"", c['default']['dq'])
+    assert_equal("foobar", c['default']['dq2'])
+    assert_equal("a\r\n\b\tb", c['default']['esc'])
+    assert_equal("foo\b\\ar", c['default']['foo\\bar'])
+    assert_equal('baz', c['foo']['bar'])
+    assert_equal('baz', c['foo\\bar']['foo\\bar'])
+    assert_equal('b  ar', c['default1  default2']['fo'])
+
+    # dolloer
+    assert_equal('bar', c['doller']['foo'])
+    assert_equal('bar', c['doller']['bar'])
+    assert_equal('123baz456bar798', c['doller']['baz'])
+    assert_equal('123baz456bar798', c['doller']['qux'])
+    assert_equal('123baz456bar798.123baz456bar798', c['doller']['quxx'])
+
+    excn = assert_raise(OpenSSL::ConfigError) do
+      OpenSSL::Config.parse("foo = $bar")
+    end
+    assert_equal("error in line 1: variable has no value", excn.message)
+
+    excn = assert_raise(OpenSSL::ConfigError) do
+      OpenSSL::Config.parse("foo = $(bar")
+    end
+    assert_equal("error in line 1: no close brace", excn.message)
+
+    excn = assert_raise(OpenSSL::ConfigError) do
+      OpenSSL::Config.parse("f o =b  ar      # no space in key")
+    end
+    assert_equal("error in line 1: missing equal sign", excn.message)
+
+    excn = assert_raise(OpenSSL::ConfigError) do
+      OpenSSL::Config.parse(<<__EOC__)
+# comment 1               # comments
+
+#
+ # comment 2
+\t#comment 3
+  [second    ]\t
+[third                    # section not terminated
+__EOC__
+    end
+    assert_equal("error in line 7: missing close square bracket", excn.message)
+  end
+
+  def test_s_load
+    # alias of new
+    c = OpenSSL::Config.load
+    assert_equal("", c.to_s)
+    assert_equal([], c.sections)
+    #
+    file = Tempfile.open("openssl.cnf")
+    file.close
+    c = OpenSSL::Config.load(file.path)
+    assert_equal("[ default ]\n\n", c.to_s)
+    assert_equal(['default'], c.sections)
+  end
+
+  def test_initialize
+    c = OpenSSL::Config.new
+    assert_equal("", c.to_s)
+    assert_equal([], c.sections)
+  end
+
+  def test_initialize_with_empty_file
+    file = Tempfile.open("openssl.cnf")
+    file.close
+    c = OpenSSL::Config.new(file.path)
+    assert_equal("[ default ]\n\n", c.to_s)
+    assert_equal(['default'], c.sections)
+  end
+
+  def test_initialize_with_example_file
+    assert_equal(['CA_default', 'ca', 'default'], @it.sections.sort)
+  end
+
+  def test_get_value
+    assert_equal('CA_default', @it.get_value('ca', 'default_ca'))
+    assert_equal(nil, @it.get_value('ca', 'no such key'))
+    assert_equal(nil, @it.get_value('no such section', 'no such key'))
+    assert_equal('.', @it.get_value('', 'HOME'))
+    assert_raise(TypeError) do
+      @it.get_value(nil, 'HOME') # not allowed unlike Config#value
+    end
+    # fallback to 'default' ugly...
+    assert_equal('.', @it.get_value('unknown', 'HOME'))
+  end
+
+  def test_get_value_ENV
+    key = ENV.keys.first
+    assert_not_nil(key) # make sure we have at least one ENV var.
+    assert_equal(ENV[key], @it.get_value('ENV', key))
+  end
+
+  def test_value
+    # supress deprecation warnings
+    OpenSSL::TestUtils.silent do
+      assert_equal('CA_default', @it.value('ca', 'default_ca'))
+      assert_equal(nil, @it.value('ca', 'no such key'))
+      assert_equal(nil, @it.value('no such section', 'no such key'))
+      assert_equal('.', @it.value('', 'HOME'))
+      assert_equal('.', @it.value(nil, 'HOME'))
+      assert_equal('.', @it.value('HOME'))
+      # fallback to 'default' ugly...
+      assert_equal('.', @it.value('unknown', 'HOME'))
+    end
+  end
+
+  def test_value_ENV
+    OpenSSL::TestUtils.silent do
+      key = ENV.keys.first
+      assert_not_nil(key) # make sure we have at least one ENV var.
+      assert_equal(ENV[key], @it.value('ENV', key))
+    end
+  end
+
+  def test_aref
+    assert_equal({'HOME' => '.'}, @it['default'])
+    assert_equal({'dir' => './demoCA', 'certs' => './certs'}, @it['CA_default'])
+    assert_equal({}, @it['no_such_section'])
+    assert_equal({}, @it[''])
+  end
+
+  def test_section
+    OpenSSL::TestUtils.silent do
+      assert_equal({'HOME' => '.'}, @it.section('default'))
+      assert_equal({'dir' => './demoCA', 'certs' => './certs'}, @it.section('CA_default'))
+      assert_equal({}, @it.section('no_such_section'))
+      assert_equal({}, @it.section(''))
+    end
+  end
+
+  def test_sections
+    assert_equal(['CA_default', 'ca', 'default'], @it.sections.sort)
+    @it['new_section'] = {'foo' => 'bar'}
+    assert_equal(['CA_default', 'ca', 'default', 'new_section'], @it.sections.sort)
+    @it['new_section'] = {}
+    assert_equal(['CA_default', 'ca', 'default', 'new_section'], @it.sections.sort)
+  end
+
+  def test_add_value
+    c = OpenSSL::Config.new
+    assert_equal("", c.to_s)
+    # add key
+    c.add_value('default', 'foo', 'bar')
+    assert_equal("[ default ]\nfoo=bar\n\n", c.to_s)
+    # add another key
+    c.add_value('default', 'baz', 'qux')
+    assert_equal('bar', c['default']['foo'])
+    assert_equal('qux', c['default']['baz'])
+    # update the value
+    c.add_value('default', 'baz', 'quxxx')
+    assert_equal('bar', c['default']['foo'])
+    assert_equal('quxxx', c['default']['baz'])
+    # add section and key
+    c.add_value('section', 'foo', 'bar')
+    assert_equal('bar', c['default']['foo'])
+    assert_equal('quxxx', c['default']['baz'])
+    assert_equal('bar', c['section']['foo'])
+  end
+
+  def test_aset
+    @it['foo'] = {'bar' => 'baz'}
+    assert_equal({'bar' => 'baz'}, @it['foo'])
+    @it['foo'] = {'bar' => 'qux', 'baz' => 'quxx'}
+    assert_equal({'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
+
+    # OpenSSL::Config is add only for now.
+    @it['foo'] = {'foo' => 'foo'}
+    assert_equal({'foo' => 'foo', 'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
+    # you cannot override or remove any section and key.
+    @it['foo'] = {}
+    assert_equal({'foo' => 'foo', 'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
+  end
+
+  def test_each
+    # each returns [section, key, value] array.
+    ary = @it.map { |e| e }.sort { |a, b| a[0] <=> b[0] }
+    assert_equal(4, ary.size)
+    assert_equal('CA_default', ary[0][0])
+    assert_equal('CA_default', ary[1][0])
+    assert_equal(["ca", "default_ca", "CA_default"], ary[2])
+    assert_equal(["default", "HOME", "."], ary[3])
+  end
+
+  def test_to_s
+    c = OpenSSL::Config.parse("[empty]\n")
+    assert_equal("[ default ]\n\n[ empty ]\n\n", c.to_s)
+  end
+
+  def test_inspect
+    assert_match(/#<OpenSSL::Config sections=\[.*\]>/, @it.inspect)
+  end
+
+  def test_freeze
+    c = OpenSSL::Config.new
+    c['foo'] = [['key', 'value']]
+    c.freeze
+
+    # [ruby-core:18377]
+    # RuntimeError for 1.9, TypeError for 1.8
+    assert_raise(TypeError, /frozen/) do
+      c['foo'] = [['key', 'wrong']]
+    end
+  end
+
+  def test_dup
+    assert(!@it.sections.empty?)
+    c = @it.dup
+    assert_equal(@it.sections.sort, c.sections.sort)
+    @it['newsection'] = {'a' => 'b'}
+    assert_not_equal(@it.sections.sort, c.sections.sort)
+  end
+
+  def test_clone
+    assert(!@it.sections.empty?)
+    c = @it.clone
+    assert_equal(@it.sections.sort, c.sections.sort)
+    @it['newsection'] = {'a' => 'b'}
+    assert_not_equal(@it.sections.sort, c.sections.sort)
+  end
+end