jruby-openssl 0.7.5.dev → 0.7.5
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +44 -14
- data/Manifest.txt +135 -80
- data/Rakefile +14 -6
- data/lib/{openssl.rb → 1.8/openssl.rb} +2 -11
- data/lib/{openssl → 1.8/openssl}/bn.rb +2 -2
- data/lib/{openssl → 1.8/openssl}/buffering.rb +3 -1
- data/lib/{openssl → 1.8/openssl}/cipher.rb +0 -0
- data/lib/{openssl → 1.8/openssl}/config.rb +1 -1
- data/lib/{openssl → 1.8/openssl}/digest.rb +2 -2
- data/lib/{openssl → 1.8/openssl}/pkcs7.rb +0 -0
- data/lib/{openssl/ssl.rb → 1.8/openssl/ssl-internal.rb} +2 -2
- data/lib/1.8/openssl/ssl.rb +1 -0
- data/lib/{openssl/x509.rb → 1.8/openssl/x509-internal.rb} +8 -9
- data/lib/1.8/openssl/x509.rb +1 -0
- data/lib/1.9/openssl.rb +22 -0
- data/lib/1.9/openssl/bn.rb +35 -0
- data/lib/1.9/openssl/buffering.rb +448 -0
- data/lib/1.9/openssl/cipher.rb +65 -0
- data/lib/1.9/openssl/config.rb +313 -0
- data/lib/1.9/openssl/digest.rb +72 -0
- data/lib/1.9/openssl/ssl-internal.rb +177 -0
- data/lib/1.9/openssl/ssl.rb +2 -0
- data/lib/1.9/openssl/x509-internal.rb +158 -0
- data/lib/1.9/openssl/x509.rb +2 -0
- data/lib/{jopenssl.jar → shared/jopenssl.jar} +0 -0
- data/lib/{jopenssl → shared/jopenssl}/version.rb +1 -1
- data/lib/shared/openssl.rb +18 -0
- data/lib/{openssl → shared/openssl}/dummy.rb +0 -0
- data/lib/{openssl → shared/openssl}/dummyssl.rb +0 -0
- data/lib/shared/openssl/ssl.rb +1 -0
- data/lib/shared/openssl/x509.rb +1 -0
- data/test/{openssl → 1.8}/ssl_server.rb +0 -0
- data/test/{openssl → 1.8}/test_asn1.rb +15 -0
- data/test/{openssl → 1.8}/test_cipher.rb +0 -0
- data/test/{openssl → 1.8}/test_config.rb +0 -0
- data/test/{openssl → 1.8}/test_digest.rb +0 -0
- data/test/{openssl → 1.8}/test_ec.rb +0 -0
- data/test/{openssl → 1.8}/test_hmac.rb +0 -0
- data/test/{openssl → 1.8}/test_ns_spki.rb +0 -0
- data/test/{openssl → 1.8}/test_pair.rb +10 -2
- data/test/{openssl → 1.8}/test_pkcs7.rb +0 -0
- data/test/{openssl → 1.8}/test_pkey_rsa.rb +0 -0
- data/test/{openssl → 1.8}/test_ssl.rb +17 -20
- data/test/{openssl → 1.8}/test_x509cert.rb +0 -0
- data/test/{openssl → 1.8}/test_x509crl.rb +0 -0
- data/test/{openssl → 1.8}/test_x509ext.rb +0 -0
- data/test/{openssl → 1.8}/test_x509name.rb +0 -0
- data/test/{openssl → 1.8}/test_x509req.rb +0 -0
- data/test/{openssl → 1.8}/test_x509store.rb +0 -0
- data/test/{openssl → 1.8}/utils.rb +0 -0
- data/test/1.9/ssl_server.rb +81 -0
- data/test/1.9/test_asn1.rb +589 -0
- data/test/1.9/test_bn.rb +23 -0
- data/test/1.9/test_buffering.rb +88 -0
- data/test/1.9/test_cipher.rb +107 -0
- data/test/1.9/test_config.rb +288 -0
- data/test/1.9/test_digest.rb +118 -0
- data/test/1.9/test_engine.rb +15 -0
- data/test/1.9/test_hmac.rb +32 -0
- data/test/1.9/test_ns_spki.rb +50 -0
- data/test/1.9/test_ocsp.rb +47 -0
- data/test/1.9/test_pair.rb +257 -0
- data/test/1.9/test_pkcs12.rb +209 -0
- data/test/1.9/test_pkcs7.rb +151 -0
- data/test/1.9/test_pkey_dh.rb +72 -0
- data/test/1.9/test_pkey_dsa.rb +224 -0
- data/test/1.9/test_pkey_ec.rb +182 -0
- data/test/1.9/test_pkey_rsa.rb +244 -0
- data/test/1.9/test_ssl.rb +455 -0
- data/test/1.9/test_ssl_session.rb +327 -0
- data/test/1.9/test_x509cert.rb +217 -0
- data/test/1.9/test_x509crl.rb +221 -0
- data/test/1.9/test_x509ext.rb +69 -0
- data/test/1.9/test_x509name.rb +296 -0
- data/test/1.9/test_x509req.rb +150 -0
- data/test/1.9/test_x509store.rb +229 -0
- data/test/1.9/utils.rb +304 -0
- data/test/fixture/purpose/ca/ca_config.rb +1 -1
- data/test/fixture/purpose/ca/gen_cert.rb +128 -0
- data/test/fixture/purpose/ca/newcerts/4_cert.pem +19 -0
- data/test/fixture/purpose/ca/serial +1 -1
- data/test/fixture/purpose/sslserver_no_dsig_in_keyUsage.pem +19 -0
- data/test/ruby/envutil.rb +208 -0
- data/test/ruby/ut_eof.rb +128 -0
- data/test/test_java.rb +1 -1
- data/test/test_openssl.rb +1 -1
- data/test/test_pkcs7.rb +16 -0
- data/test/test_pkey_dsa.rb +180 -0
- data/test/test_pkey_rsa.rb +298 -0
- data/test/test_ssl.rb +1 -1
- data/test/test_x509store.rb +8 -0
- metadata +121 -75
- data/test/test_pkey.rb +0 -204
@@ -0,0 +1,65 @@
|
|
1
|
+
#--
|
2
|
+
#
|
3
|
+
# $RCSfile$
|
4
|
+
#
|
5
|
+
# = Ruby-space predefined Cipher subclasses
|
6
|
+
#
|
7
|
+
# = Info
|
8
|
+
# 'OpenSSL for Ruby 2' project
|
9
|
+
# Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
10
|
+
# All rights reserved.
|
11
|
+
#
|
12
|
+
# = Licence
|
13
|
+
# This program is licenced under the same licence as Ruby.
|
14
|
+
# (See the file 'LICENCE'.)
|
15
|
+
#
|
16
|
+
# = Version
|
17
|
+
# $Id: cipher.rb 33067 2011-08-25 00:52:10Z drbrain $
|
18
|
+
#
|
19
|
+
#++
|
20
|
+
|
21
|
+
module OpenSSL
|
22
|
+
class Cipher
|
23
|
+
%w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
|
24
|
+
klass = Class.new(Cipher){
|
25
|
+
define_method(:initialize){|*args|
|
26
|
+
cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
|
27
|
+
super(cipher_name)
|
28
|
+
}
|
29
|
+
}
|
30
|
+
const_set(name, klass)
|
31
|
+
}
|
32
|
+
|
33
|
+
%w(128 192 256).each{|keylen|
|
34
|
+
klass = Class.new(Cipher){
|
35
|
+
define_method(:initialize){|mode|
|
36
|
+
mode ||= "CBC"
|
37
|
+
cipher_name = "AES-#{keylen}-#{mode}"
|
38
|
+
super(cipher_name)
|
39
|
+
}
|
40
|
+
}
|
41
|
+
const_set("AES#{keylen}", klass)
|
42
|
+
}
|
43
|
+
|
44
|
+
# Generate, set, and return a random key.
|
45
|
+
# You must call cipher.encrypt or cipher.decrypt before calling this method.
|
46
|
+
def random_key
|
47
|
+
str = OpenSSL::Random.random_bytes(self.key_len)
|
48
|
+
self.key = str
|
49
|
+
return str
|
50
|
+
end
|
51
|
+
|
52
|
+
# Generate, set, and return a random iv.
|
53
|
+
# You must call cipher.encrypt or cipher.decrypt before calling this method.
|
54
|
+
def random_iv
|
55
|
+
str = OpenSSL::Random.random_bytes(self.iv_len)
|
56
|
+
self.iv = str
|
57
|
+
return str
|
58
|
+
end
|
59
|
+
|
60
|
+
# This class is only provided for backwards compatibility. Use OpenSSL::Cipher in the future.
|
61
|
+
class Cipher < Cipher
|
62
|
+
# add warning
|
63
|
+
end
|
64
|
+
end # Cipher
|
65
|
+
end # OpenSSL
|
@@ -0,0 +1,313 @@
|
|
1
|
+
=begin
|
2
|
+
= Ruby-space definitions that completes C-space funcs for Config
|
3
|
+
|
4
|
+
= Info
|
5
|
+
Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
|
6
|
+
|
7
|
+
= Licence
|
8
|
+
This program is licenced under the same licence as Ruby.
|
9
|
+
(See the file 'LICENCE'.)
|
10
|
+
|
11
|
+
=end
|
12
|
+
|
13
|
+
require 'stringio'
|
14
|
+
|
15
|
+
module OpenSSL
|
16
|
+
class Config
|
17
|
+
include Enumerable
|
18
|
+
|
19
|
+
class << self
|
20
|
+
def parse(str)
|
21
|
+
c = new()
|
22
|
+
parse_config(StringIO.new(str)).each do |section, hash|
|
23
|
+
c[section] = hash
|
24
|
+
end
|
25
|
+
c
|
26
|
+
end
|
27
|
+
|
28
|
+
alias load new
|
29
|
+
|
30
|
+
def parse_config(io)
|
31
|
+
begin
|
32
|
+
parse_config_lines(io)
|
33
|
+
rescue ConfigError => e
|
34
|
+
e.message.replace("error in line #{io.lineno}: " + e.message)
|
35
|
+
raise
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def get_key_string(data, section, key) # :nodoc:
|
40
|
+
if v = data[section] && data[section][key]
|
41
|
+
return v
|
42
|
+
elsif section == 'ENV'
|
43
|
+
if v = ENV[key]
|
44
|
+
return v
|
45
|
+
end
|
46
|
+
end
|
47
|
+
if v = data['default'] && data['default'][key]
|
48
|
+
return v
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def parse_config_lines(io)
|
55
|
+
section = 'default'
|
56
|
+
data = {section => {}}
|
57
|
+
while definition = get_definition(io)
|
58
|
+
definition = clear_comments(definition)
|
59
|
+
next if definition.empty?
|
60
|
+
if definition[0] == ?[
|
61
|
+
if /\[([^\]]*)\]/ =~ definition
|
62
|
+
section = $1.strip
|
63
|
+
data[section] ||= {}
|
64
|
+
else
|
65
|
+
raise ConfigError, "missing close square bracket"
|
66
|
+
end
|
67
|
+
else
|
68
|
+
if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
|
69
|
+
if $2
|
70
|
+
section = $1
|
71
|
+
key = $2
|
72
|
+
else
|
73
|
+
key = $1
|
74
|
+
end
|
75
|
+
value = unescape_value(data, section, $3)
|
76
|
+
(data[section] ||= {})[key] = value.strip
|
77
|
+
else
|
78
|
+
raise ConfigError, "missing equal sign"
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
data
|
83
|
+
end
|
84
|
+
|
85
|
+
# escape with backslash
|
86
|
+
QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
|
87
|
+
# escape with backslash and doubled dq
|
88
|
+
QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
|
89
|
+
# escaped char map
|
90
|
+
ESCAPE_MAP = {
|
91
|
+
"r" => "\r",
|
92
|
+
"n" => "\n",
|
93
|
+
"b" => "\b",
|
94
|
+
"t" => "\t",
|
95
|
+
}
|
96
|
+
|
97
|
+
def unescape_value(data, section, value)
|
98
|
+
scanned = []
|
99
|
+
while m = value.match(/['"\\$]/)
|
100
|
+
scanned << m.pre_match
|
101
|
+
c = m[0]
|
102
|
+
value = m.post_match
|
103
|
+
case c
|
104
|
+
when "'"
|
105
|
+
if m = value.match(QUOTE_REGEXP_SQ)
|
106
|
+
scanned << m[1].gsub(/\\(.)/, '\\1')
|
107
|
+
value = m.post_match
|
108
|
+
else
|
109
|
+
break
|
110
|
+
end
|
111
|
+
when '"'
|
112
|
+
if m = value.match(QUOTE_REGEXP_DQ)
|
113
|
+
scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
|
114
|
+
value = m.post_match
|
115
|
+
else
|
116
|
+
break
|
117
|
+
end
|
118
|
+
when "\\"
|
119
|
+
c = value.slice!(0, 1)
|
120
|
+
scanned << (ESCAPE_MAP[c] || c)
|
121
|
+
when "$"
|
122
|
+
ref, value = extract_reference(value)
|
123
|
+
refsec = section
|
124
|
+
if ref.index('::')
|
125
|
+
refsec, ref = ref.split('::', 2)
|
126
|
+
end
|
127
|
+
if v = get_key_string(data, refsec, ref)
|
128
|
+
scanned << v
|
129
|
+
else
|
130
|
+
raise ConfigError, "variable has no value"
|
131
|
+
end
|
132
|
+
else
|
133
|
+
raise 'must not reaced'
|
134
|
+
end
|
135
|
+
end
|
136
|
+
scanned << value
|
137
|
+
scanned.join
|
138
|
+
end
|
139
|
+
|
140
|
+
def extract_reference(value)
|
141
|
+
rest = ''
|
142
|
+
if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
|
143
|
+
value = m[1] || m[2]
|
144
|
+
rest = m.post_match
|
145
|
+
elsif [?(, ?{].include?(value[0])
|
146
|
+
raise ConfigError, "no close brace"
|
147
|
+
end
|
148
|
+
if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
|
149
|
+
return m[0], m.post_match + rest
|
150
|
+
else
|
151
|
+
raise
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
def clear_comments(line)
|
156
|
+
# FCOMMENT
|
157
|
+
if m = line.match(/\A([\t\n\f ]*);.*\z/)
|
158
|
+
return m[1]
|
159
|
+
end
|
160
|
+
# COMMENT
|
161
|
+
scanned = []
|
162
|
+
while m = line.match(/[#'"\\]/)
|
163
|
+
scanned << m.pre_match
|
164
|
+
c = m[0]
|
165
|
+
line = m.post_match
|
166
|
+
case c
|
167
|
+
when '#'
|
168
|
+
line = nil
|
169
|
+
break
|
170
|
+
when "'", '"'
|
171
|
+
regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
|
172
|
+
scanned << c
|
173
|
+
if m = line.match(regexp)
|
174
|
+
scanned << m[0]
|
175
|
+
line = m.post_match
|
176
|
+
else
|
177
|
+
scanned << line
|
178
|
+
line = nil
|
179
|
+
break
|
180
|
+
end
|
181
|
+
when "\\"
|
182
|
+
scanned << c
|
183
|
+
scanned << line.slice!(0, 1)
|
184
|
+
else
|
185
|
+
raise 'must not reaced'
|
186
|
+
end
|
187
|
+
end
|
188
|
+
scanned << line
|
189
|
+
scanned.join
|
190
|
+
end
|
191
|
+
|
192
|
+
def get_definition(io)
|
193
|
+
if line = get_line(io)
|
194
|
+
while /[^\\]\\\z/ =~ line
|
195
|
+
if extra = get_line(io)
|
196
|
+
line += extra
|
197
|
+
else
|
198
|
+
break
|
199
|
+
end
|
200
|
+
end
|
201
|
+
return line.strip
|
202
|
+
end
|
203
|
+
end
|
204
|
+
|
205
|
+
def get_line(io)
|
206
|
+
if line = io.gets
|
207
|
+
line.gsub(/[\r\n]*/, '')
|
208
|
+
end
|
209
|
+
end
|
210
|
+
end
|
211
|
+
|
212
|
+
def initialize(filename = nil)
|
213
|
+
@data = {}
|
214
|
+
if filename
|
215
|
+
File.open(filename.to_s) do |file|
|
216
|
+
Config.parse_config(file).each do |section, hash|
|
217
|
+
self[section] = hash
|
218
|
+
end
|
219
|
+
end
|
220
|
+
end
|
221
|
+
end
|
222
|
+
|
223
|
+
def get_value(section, key)
|
224
|
+
if section.nil?
|
225
|
+
raise TypeError.new('nil not allowed')
|
226
|
+
end
|
227
|
+
section = 'default' if section.empty?
|
228
|
+
get_key_string(section, key)
|
229
|
+
end
|
230
|
+
|
231
|
+
def value(arg1, arg2 = nil)
|
232
|
+
warn('Config#value is deprecated; use Config#get_value')
|
233
|
+
if arg2.nil?
|
234
|
+
section, key = 'default', arg1
|
235
|
+
else
|
236
|
+
section, key = arg1, arg2
|
237
|
+
end
|
238
|
+
section ||= 'default'
|
239
|
+
section = 'default' if section.empty?
|
240
|
+
get_key_string(section, key)
|
241
|
+
end
|
242
|
+
|
243
|
+
def add_value(section, key, value)
|
244
|
+
check_modify
|
245
|
+
(@data[section] ||= {})[key] = value
|
246
|
+
end
|
247
|
+
|
248
|
+
def [](section)
|
249
|
+
@data[section] || {}
|
250
|
+
end
|
251
|
+
|
252
|
+
def section(name)
|
253
|
+
warn('Config#section is deprecated; use Config#[]')
|
254
|
+
@data[name] || {}
|
255
|
+
end
|
256
|
+
|
257
|
+
def []=(section, pairs)
|
258
|
+
check_modify
|
259
|
+
@data[section] ||= {}
|
260
|
+
pairs.each do |key, value|
|
261
|
+
self.add_value(section, key, value)
|
262
|
+
end
|
263
|
+
end
|
264
|
+
|
265
|
+
def sections
|
266
|
+
@data.keys
|
267
|
+
end
|
268
|
+
|
269
|
+
def to_s
|
270
|
+
ary = []
|
271
|
+
@data.keys.sort.each do |section|
|
272
|
+
ary << "[ #{section} ]\n"
|
273
|
+
@data[section].keys.each do |key|
|
274
|
+
ary << "#{key}=#{@data[section][key]}\n"
|
275
|
+
end
|
276
|
+
ary << "\n"
|
277
|
+
end
|
278
|
+
ary.join
|
279
|
+
end
|
280
|
+
|
281
|
+
def each
|
282
|
+
@data.each do |section, hash|
|
283
|
+
hash.each do |key, value|
|
284
|
+
yield [section, key, value]
|
285
|
+
end
|
286
|
+
end
|
287
|
+
end
|
288
|
+
|
289
|
+
def inspect
|
290
|
+
"#<#{self.class.name} sections=#{sections.inspect}>"
|
291
|
+
end
|
292
|
+
|
293
|
+
protected
|
294
|
+
|
295
|
+
def data
|
296
|
+
@data
|
297
|
+
end
|
298
|
+
|
299
|
+
private
|
300
|
+
|
301
|
+
def initialize_copy(other)
|
302
|
+
@data = other.data.dup
|
303
|
+
end
|
304
|
+
|
305
|
+
def check_modify
|
306
|
+
raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
|
307
|
+
end
|
308
|
+
|
309
|
+
def get_key_string(section, key)
|
310
|
+
Config.get_key_string(@data, section, key)
|
311
|
+
end
|
312
|
+
end
|
313
|
+
end
|
@@ -0,0 +1,72 @@
|
|
1
|
+
#--
|
2
|
+
#
|
3
|
+
# $RCSfile$
|
4
|
+
#
|
5
|
+
# = Ruby-space predefined Digest subclasses
|
6
|
+
#
|
7
|
+
# = Info
|
8
|
+
# 'OpenSSL for Ruby 2' project
|
9
|
+
# Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
10
|
+
# All rights reserved.
|
11
|
+
#
|
12
|
+
# = Licence
|
13
|
+
# This program is licenced under the same licence as Ruby.
|
14
|
+
# (See the file 'LICENCE'.)
|
15
|
+
#
|
16
|
+
# = Version
|
17
|
+
# $Id: digest.rb 33067 2011-08-25 00:52:10Z drbrain $
|
18
|
+
#
|
19
|
+
#++
|
20
|
+
|
21
|
+
module OpenSSL
|
22
|
+
class Digest
|
23
|
+
|
24
|
+
alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
|
25
|
+
if OPENSSL_VERSION_NUMBER > 0x00908000
|
26
|
+
alg += %w(SHA224 SHA256 SHA384 SHA512)
|
27
|
+
end
|
28
|
+
|
29
|
+
# Return the +data+ hash computed with +name+ Digest. +name+ is either the
|
30
|
+
# long name or short name of a supported digest algorithm.
|
31
|
+
#
|
32
|
+
# === Examples
|
33
|
+
#
|
34
|
+
# OpenSSL::Digest.digest("SHA256, "abc")
|
35
|
+
#
|
36
|
+
# which is equivalent to:
|
37
|
+
#
|
38
|
+
# OpenSSL::Digest::SHA256.digest("abc")
|
39
|
+
|
40
|
+
def self.digest(name, data)
|
41
|
+
super(data, name)
|
42
|
+
end
|
43
|
+
|
44
|
+
alg.each{|name|
|
45
|
+
klass = Class.new(Digest){
|
46
|
+
define_method(:initialize){|*data|
|
47
|
+
if data.length > 1
|
48
|
+
raise ArgumentError,
|
49
|
+
"wrong number of arguments (#{data.length} for 1)"
|
50
|
+
end
|
51
|
+
super(name, data.first)
|
52
|
+
}
|
53
|
+
}
|
54
|
+
singleton = (class << klass; self; end)
|
55
|
+
singleton.class_eval{
|
56
|
+
define_method(:digest){|data| Digest.digest(name, data) }
|
57
|
+
define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
|
58
|
+
}
|
59
|
+
const_set(name, klass)
|
60
|
+
}
|
61
|
+
|
62
|
+
# This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future.
|
63
|
+
class Digest < Digest
|
64
|
+
def initialize(*args)
|
65
|
+
# add warning
|
66
|
+
super(*args)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
end # Digest
|
71
|
+
end # OpenSSL
|
72
|
+
|