jruby-openssl 0.7.4 → 0.7.6.1

data/lib/1.9/openssl/x509.rb

@@ -0,0 +1,2 @@
+warn 'deprecated openssl/x509 use: require "openssl" instead of "openssl/x509"'
+require 'openssl'

data/lib/1.9/openssl.rb

@@ -0,0 +1,22 @@
+=begin
+= $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id$
+=end
+
+require 'openssl/bn'
+require 'openssl/cipher'
+require 'openssl/config'
+require 'openssl/digest'
+require 'openssl/ssl-internal'
+require 'openssl/x509-internal'

data/lib/{jopenssl → shared/jopenssl}/version.rb

@@ -1,5 +1,5 @@
 module Jopenssl
   module Version
-    VERSION = "0.7.4"
+    VERSION = "0.7.6.1"
   end
 end

data/lib/shared/openssl/pkcs12.rb

@@ -0,0 +1,50 @@
+require 'java'
+
+module OpenSSL
+  class PKCS12
+    java_import java.io.StringReader
+    java_import java.io.StringBufferInputStream
+    java_import java.security.cert.CertificateFactory
+    java_import java.security.KeyStore
+    java_import java.io.ByteArrayOutputStream
+    java_import org.bouncycastle.openssl.PEMReader
+
+    java.security.Security.add_provider(org.bouncycastle.jce.provider.BouncyCastleProvider.new)
+
+    def self.create(pass, name, key, cert)
+      pkcs12 = self.new(pass, name, key, cert)
+      pkcs12.generate
+      pkcs12
+    end
+
+    attr_reader :key, :certificate
+
+    def initialize(pass, name, key, cert)
+      @pass = pass
+      @name = name
+      @key = key
+      @certificate = cert
+    end
+
+    def generate
+      key_reader = StringReader.new(key.to_pem)
+      key_pair = PEMReader.new(key_reader).read_object
+
+      cert_input_stream = StringBufferInputStream.new(certificate.to_pem)
+      certs = CertificateFactory.get_instance("X.509").generate_certificates(cert_input_stream)
+
+      store = KeyStore.get_instance("PKCS12", "BC")
+      store.load(nil, nil)
+      store.set_key_entry(@name, key_pair.get_private, nil, certs.to_array(Java::java.security.cert.Certificate[certs.size].new))
+
+      pkcs12_output_stream = ByteArrayOutputStream.new
+      store.store(pkcs12_output_stream, @pass.to_java.to_char_array)
+
+      @der = String.from_java_bytes(pkcs12_output_stream.to_byte_array)
+    end
+
+    def to_der
+      @der
+    end
+  end
+end

data/lib/shared/openssl/ssl.rb

@@ -0,0 +1 @@
+require 'openssl'

data/lib/shared/openssl/x509.rb

@@ -0,0 +1 @@
+require 'openssl'

data/lib/shared/openssl.rb

@@ -0,0 +1,20 @@
+unless defined? JRUBY_VERSION
+  warn 'Loading jruby-openssl in a non-JRuby interpreter'
+end
+
+begin
+  require 'bouncy-castle-java'
+rescue LoadError
+  # runs under restricted mode.
+end
+require 'jopenssl'
+
+if RUBY_VERSION >= '1.9.0'
+  $LOAD_PATH.unshift(File.expand_path('../../1.9', __FILE__))
+  load(File.expand_path('../../1.9/openssl.rb', __FILE__))
+else
+  $LOAD_PATH.unshift(File.expand_path('../../1.8', __FILE__))
+  load(File.expand_path('../../1.8/openssl.rb', __FILE__))
+end
+
+require 'openssl/pkcs12'

data/test/{openssl → 1.8}/test_asn1.rb

@@ -35,6 +35,7 @@ class  OpenSSL::TestASN1 < Test::Unit::TestCase
     assert_equal(1, version.value.size)
     assert_equal(OpenSSL::ASN1::Integer, version.value[0].class)
     assert_equal(2, version.value[0].value)
+    assert_equal(OpenSSL::BN, version.value[0].value.class)
 
     serial = tbs_cert.value[1]
     assert_equal(OpenSSL::ASN1::Integer, serial.class)
@@ -194,4 +195,18 @@ class  OpenSSL::TestASN1 < Test::Unit::TestCase
     cululated_sig = key.sign(OpenSSL::Digest::SHA1.new, tbs_cert.to_der)
     assert_equal(cululated_sig, sig_val.value)
   end
+
+  def test_encode_boolean
+    encode_decode_test(OpenSSL::ASN1::Boolean, [true, false])
+  end
+
+  def test_encode_integer
+    encode_decode_test(OpenSSL::ASN1::Integer, [72, -127, -128, 128, -1, 0, 1, -(2**12345), 2**12345])
+  end
+
+  def encode_decode_test(type, values)
+    values.each do |v|
+      assert_equal(v, OpenSSL::ASN1.decode(type.new(v).to_der).value)
+    end
+  end
 end if defined?(OpenSSL)

data/test/{openssl → 1.8}/test_pair.rb

@@ -90,9 +90,17 @@ class OpenSSL::TestPair < Test::Unit::TestCase
     ssl_pair {|s1, s2|
       s2.write "a\nbcd"
       assert_equal("a\n", s1.gets)
-      assert_equal("bcd", s1.readpartial(10))
+      read = s1.readpartial(10)
+      assert_equal("bcd"[0, read.bytesize], read)
+      s1.read(read.bytesize - 3) # drop unread bytes
+
       s2.write "efg"
-      assert_equal("efg", s1.readpartial(10))
+      read = s1.readpartial(10)
+      assert_equal("efg"[0, read.bytesize], read)
+      rest = 3 - read.bytesize
+      while rest > 0
+        rest -= s1.readpartial(rest).size
+      end
       s2.close
       assert_raise(EOFError) { s1.readpartial(10) }
       assert_raise(EOFError) { s1.readpartial(10) }

data/test/{openssl → 1.8}/test_ssl.rb

@@ -200,19 +200,6 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
 
       assert_raise(ArgumentError) { ssl.sysread(-1) }
 
-      # syswrite and sysread
-      ITERATIONS.times{|i|
-        str = "x" * 100 + "\n"
-        ssl.syswrite(str)
-        assert_equal(str, ssl.sysread(str.size))
-
-        str = "x" * i * 100 + "\n"
-        buf = ""
-        ssl.syswrite(str)
-        assert_equal(buf.object_id, ssl.sysread(str.size, buf).object_id)
-        assert_equal(str, buf)
-      }
-
       # puts and gets
       ITERATIONS.times{
         str = "x" * 100 + "\n"
@@ -237,6 +224,14 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
     }
   end
 
+  def sysread_size(ssl, size)
+    buf = ''
+    while buf.bytesize < size
+      buf += ssl.sysread(size - buf.bytesize)
+    end
+    buf
+  end
+
   def test_sysread_chunks
     args = {}
     args[:server_proc] = proc { |ctx, ssl|
@@ -257,11 +252,11 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
       ssl.sync_close = true
       ssl.connect
       ssl.syswrite("hello\n")
-      assert_equal("0" * 200, ssl.sysread(200))
-      assert_equal("0" * 200, ssl.sysread(200))
-      assert_equal("0" * 200, ssl.sysread(200))
-      assert_equal("0" * 200, ssl.sysread(200))
-      assert_equal("1" * 200, ssl.sysread(200))
+      assert_equal("0" * 200, sysread_size(ssl, 200))
+      assert_equal("0" * 200, sysread_size(ssl, 200))
+      assert_equal("0" * 200, sysread_size(ssl, 200))
+      assert_equal("0" * 200, sysread_size(ssl, 200))
+      assert_equal("1" * 200, sysread_size(ssl, 200))
       ssl.close
     }
   end
@@ -285,12 +280,14 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
         read = ssl.sysread(str.size, buf)
         assert(!read.empty?)
         assert_equal(buf.object_id, read.object_id)
-        assert_equal(str, buf)
+        assert_equal(str[0, buf.bytesize], buf)
+        sysread_size(ssl, str.bytesize - buf.bytesize) # drop unread bytes
 
         ssl.syswrite(str)
         read = ssl.sysread(str.size, nil)
         assert(!read.empty?)
-        assert_equal(str, read)
+        assert_equal(str[0, read.bytesize], read)
+        sysread_size(ssl, str.bytesize - read.bytesize) # drop unread bytes
       }
       ssl.close
     }

data/test/1.9/ssl_server.rb

@@ -0,0 +1,81 @@
+require "socket"
+require "thread"
+require "openssl"
+require File.join(File.dirname(__FILE__), "utils.rb")
+
+def get_pem(io=$stdin)
+  buf = ""
+  while line = io.gets
+    if /^-----BEGIN / =~ line
+      buf << line
+      break
+    end
+  end
+  while line = io.gets
+    buf << line
+    if /^-----END / =~ line
+      break
+    end
+  end
+  return buf
+end
+
+def make_key(pem)
+  begin
+    return OpenSSL::PKey::RSA.new(pem)
+  rescue
+    return OpenSSL::PKey::DSA.new(pem)
+  end
+end
+
+ca_cert  = OpenSSL::X509::Certificate.new(get_pem)
+ssl_cert = OpenSSL::X509::Certificate.new(get_pem)
+ssl_key  = make_key(get_pem)
+port = Integer(ARGV.shift)
+verify_mode = Integer(ARGV.shift)
+start_immediately = (/yes/ =~ ARGV.shift)
+
+store = OpenSSL::X509::Store.new
+store.add_cert(ca_cert)
+store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
+ctx = OpenSSL::SSL::SSLContext.new
+ctx.cert_store = store
+#ctx.extra_chain_cert = [ ca_cert ]
+ctx.cert = ssl_cert
+ctx.key = ssl_key
+ctx.verify_mode = verify_mode
+
+Socket.do_not_reverse_lookup = true
+tcps = nil
+100.times{|i|
+  begin
+    tcps = TCPServer.new("0.0.0.0", port+i)
+    port = port + i
+    break
+  rescue Errno::EADDRINUSE
+    next
+  end
+}
+ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
+ssls.start_immediately = start_immediately
+
+$stdout.sync = true
+$stdout.puts Process.pid
+$stdout.puts port
+
+loop do
+  ssl = ssls.accept rescue next
+  Thread.start{
+    q = Queue.new
+    th = Thread.start{ ssl.write(q.shift) while true }
+    while line = ssl.gets
+      if line =~ /^STARTTLS$/
+        ssl.accept
+        next
+      end
+      q.push(line)
+    end
+    th.kill if q.empty?
+    ssl.close
+  }
+end