jruby-openssl 0.9.20-java → 0.10.7-java

data/lib/jopenssl19/openssl/ssl-internal.rb

@@ -19,6 +19,104 @@ require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
 
 module OpenSSL
   module SSL
+    class SSLContext
+      DEFAULT_PARAMS = {
+          :ssl_version => "SSLv23",
+          :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+          :ciphers => %w{
+          ECDHE-ECDSA-AES128-GCM-SHA256
+          ECDHE-RSA-AES128-GCM-SHA256
+          ECDHE-ECDSA-AES256-GCM-SHA384
+          ECDHE-RSA-AES256-GCM-SHA384
+          DHE-RSA-AES128-GCM-SHA256
+          DHE-DSS-AES128-GCM-SHA256
+          DHE-RSA-AES256-GCM-SHA384
+          DHE-DSS-AES256-GCM-SHA384
+          ECDHE-ECDSA-AES128-SHA256
+          ECDHE-RSA-AES128-SHA256
+          ECDHE-ECDSA-AES128-SHA
+          ECDHE-RSA-AES128-SHA
+          ECDHE-ECDSA-AES256-SHA384
+          ECDHE-RSA-AES256-SHA384
+          ECDHE-ECDSA-AES256-SHA
+          ECDHE-RSA-AES256-SHA
+          DHE-RSA-AES128-SHA256
+          DHE-RSA-AES256-SHA256
+          DHE-RSA-AES128-SHA
+          DHE-RSA-AES256-SHA
+          DHE-DSS-AES128-SHA256
+          DHE-DSS-AES256-SHA256
+          DHE-DSS-AES128-SHA
+          DHE-DSS-AES256-SHA
+          AES128-GCM-SHA256
+          AES256-GCM-SHA384
+          AES128-SHA256
+          AES256-SHA256
+          AES128-SHA
+          AES256-SHA
+          ECDHE-ECDSA-RC4-SHA
+          ECDHE-RSA-RC4-SHA
+          RC4-SHA
+        }.join(":"),
+          :options => -> {
+            opts = OpenSSL::SSL::OP_ALL
+            opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+            opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+            opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+            opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+            opts
+          }.call
+      } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
+
+      begin
+        DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+        DEFAULT_CERT_STORE.set_default_paths
+        if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+          DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+        end
+      end unless const_defined? :DEFAULT_CERT_STORE
+
+      def set_params(params={})
+        params = DEFAULT_PARAMS.merge(params)
+        params.each{|name, value| self.__send__("#{name}=", value) }
+        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
+          unless self.ca_file or self.ca_path or self.cert_store
+            self.cert_store = DEFAULT_CERT_STORE
+          end
+        end
+        return params
+      end unless method_defined? :set_params
+    end
+
+    module SocketForwarder
+      def addr
+        to_io.addr
+      end
+
+      def peeraddr
+        to_io.peeraddr
+      end
+
+      def setsockopt(level, optname, optval)
+        to_io.setsockopt(level, optname, optval)
+      end
+
+      def getsockopt(level, optname)
+        to_io.getsockopt(level, optname)
+      end
+
+      def fcntl(*args)
+        to_io.fcntl(*args)
+      end
+
+      def closed?
+        to_io.closed?
+      end
+
+      def do_not_reverse_lookup=(flag)
+        to_io.do_not_reverse_lookup = flag
+      end
+    end
 
     def verify_certificate_identity(cert, hostname)
       should_verify_common_name = true
@@ -63,6 +161,12 @@ module OpenSSL
       include SocketForwarder
       include Nonblock
 
+      def sysclose
+        return if closed?
+        stop
+        io.close if sync_close
+      end unless method_defined? :sysclose
+
       def post_connection_check(hostname)
         unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
           raise SSLError, "hostname does not match the server certificate"

data/lib/jopenssl22/openssl/ssl.rb

@@ -68,13 +68,13 @@ module OpenSSL
         }.call
       } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
 
-      unless const_defined? :DEFAULT_CERT_STORE # JRuby specific
-      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
-      DEFAULT_CERT_STORE.set_default_paths
-      if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
-        DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-      end
-      end
+      begin
+        DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+        DEFAULT_CERT_STORE.set_default_paths
+        if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+          DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+        end
+      end unless const_defined? :DEFAULT_CERT_STORE
 
       ##
       # Sets the parameters for this SSL context to the values in +params+.
@@ -86,14 +86,14 @@ module OpenSSL
       
       def set_params(params={})
         params = DEFAULT_PARAMS.merge(params)
-        params.each{|name, value| self.__send__("#{name}=", value) }
+        params.each { |name, value| self.__send__("#{name}=", value) }
         if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
           unless self.ca_file or self.ca_path or self.cert_store
             self.cert_store = DEFAULT_CERT_STORE
           end
         end
         return params
-      end unless method_defined? :set_params # JRuby: hooked up in "native" Java
+      end unless method_defined? :set_params
     end
 
     module SocketForwarder
@@ -124,7 +124,7 @@ module OpenSSL
       def do_not_reverse_lookup=(flag)
         to_io.do_not_reverse_lookup = flag
       end
-    end unless const_defined? :SocketForwarder # JRuby: hooked up in "native" Java
+    end
 
     module Nonblock
       def initialize(*args)
@@ -228,6 +228,12 @@ module OpenSSL
       include SocketForwarder
       include Nonblock
 
+      def sysclose
+        return if closed?
+        stop
+        io.close if sync_close
+      end unless method_defined? :sysclose
+
       ##
       # Perform hostname verification after an SSL connection is established
       #
@@ -248,12 +254,6 @@ module OpenSSL
         return true
       end
 
-      #def session
-      #  SSL::Session.new(self)
-      #rescue SSL::Session::SessionError
-      #  nil
-      #end
-
       private
 
       def using_anon_cipher?

data/lib/jopenssl23/openssl/bn.rb

@@ -25,8 +25,9 @@ module OpenSSL
 end # OpenSSL
 
 ##
+#--
 # Add double dispatch to Integer
-#
+#++
 class Integer
   # Casts an Integer as an OpenSSL::BN
   #

data/lib/jopenssl23/openssl/buffering.rb

@@ -63,7 +63,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Consumes +size+ bytes from the buffer
+  # Consumes _size_ bytes from the buffer
 
   def consume_rbuff(size=nil)
     if @rbuffer.empty?
@@ -79,7 +79,7 @@ module OpenSSL::Buffering
   public
 
   ##
-  # Reads +size+ bytes from the stream.  If +buf+ is provided it must
+  # Reads _size_ bytes from the stream.  If _buf_ is provided it must
   # reference a string which will receive the data.
   #
   # See IO#read for full details.
@@ -106,7 +106,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Reads at most +maxlen+ bytes from the stream.  If +buf+ is provided it
+  # Reads at most _maxlen_ bytes from the stream.  If _buf_ is provided it
   # must reference a string which will receive the data.
   #
   # See IO#readpartial for full details.
@@ -136,7 +136,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Reads at most +maxlen+ bytes in the non-blocking manner.
+  # Reads at most _maxlen_ bytes in the non-blocking manner.
   #
   # When no data can be read without blocking it raises
   # OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
@@ -163,6 +163,11 @@ module OpenSSL::Buffering
   # Note that one reason that read_nonblock writes to the underlying IO is
   # when the peer requests a new TLS/SSL handshake.  See openssl the FAQ for
   # more details.  http://www.openssl.org/support/faq.html
+  #
+  # By specifying a keyword argument _exception_ to +false+, you can indicate
+  # that read_nonblock should not raise an IO::Wait*able exception, but
+  # return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
+  # it will return +nil+ instead of raising EOFError.
 
   def read_nonblock(maxlen, buf=nil, exception: true)
     if maxlen == 0
@@ -185,11 +190,11 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Reads the next "line+ from the stream.  Lines are separated by +eol+.  If
-  # +limit+ is provided the result will not be longer than the given number of
+  # Reads the next "line" from the stream.  Lines are separated by _eol_.  If
+  # _limit_ is provided the result will not be longer than the given number of
   # bytes.
   #
-  # +eol+ may be a String or Regexp.
+  # _eol_ may be a String or Regexp.
   #
   # Unlike IO#gets the line read will not be assigned to +$_+.
   #
@@ -215,7 +220,7 @@ module OpenSSL::Buffering
 
   ##
   # Executes the block for every line in the stream where lines are separated
-  # by +eol+.
+  # by _eol_.
   #
   # See also #gets
 
@@ -227,7 +232,7 @@ module OpenSSL::Buffering
   alias each_line each
 
   ##
-  # Reads lines from the stream which are separated by +eol+.
+  # Reads lines from the stream which are separated by _eol_.
   #
   # See also #gets
 
@@ -240,7 +245,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Reads a line from the stream which is separated by +eol+.
+  # Reads a line from the stream which is separated by _eol_.
   #
   # Raises EOFError if at end of file.
 
@@ -276,7 +281,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Pushes character +c+ back onto the stream such that a subsequent buffered
+  # Pushes character _c_ back onto the stream such that a subsequent buffered
   # character read will return it.
   #
   # Unlike IO#getc multiple bytes may be pushed back onto the stream.
@@ -303,7 +308,7 @@ module OpenSSL::Buffering
   private
 
   ##
-  # Writes +s+ to the buffer.  When the buffer is full or #sync is true the
+  # Writes _s_ to the buffer.  When the buffer is full or #sync is true the
   # buffer is flushed to the underlying socket.
 
   def do_write(s)
@@ -311,36 +316,33 @@ module OpenSSL::Buffering
     @wbuffer << s
     @wbuffer.force_encoding(Encoding::BINARY)
     @sync ||= false
-    if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
-      remain = idx ? idx + $/.size : @wbuffer.length
-      nwritten = 0
-      while remain > 0
-        str = @wbuffer[nwritten,remain]
+    if @sync or @wbuffer.size > BLOCK_SIZE
+      until @wbuffer.empty?
         begin
-          nwrote = syswrite(str)
+          nwrote = syswrite(@wbuffer)
         rescue Errno::EAGAIN
           retry
         end
-        remain -= nwrote
-        nwritten += nwrote
+        @wbuffer[0, nwrote] = ""
       end
-      @wbuffer[0,nwritten] = ""
     end
   end
 
   public
 
   ##
-  # Writes +s+ to the stream.  If the argument is not a string it will be
-  # converted using String#to_s.  Returns the number of bytes written.
+  # Writes _s_ to the stream.  If the argument is not a String it will be
+  # converted using +.to_s+ method.  Returns the number of bytes written.
 
-  def write(s)
-    do_write(s)
-    s.bytesize
+  def write(*s)
+    s.inject(0) do |written, str|
+      do_write(str)
+      written + str.bytesize
+    end
   end
 
   ##
-  # Writes +str+ in the non-blocking manner.
+  # Writes _s_ in the non-blocking manner.
   #
   # If there is buffered data, it is flushed first.  This may block.
   #
@@ -371,6 +373,10 @@ module OpenSSL::Buffering
   # Note that one reason that write_nonblock reads from the underlying IO
   # is when the peer requests a new TLS/SSL handshake.  See the openssl FAQ
   # for more details.  http://www.openssl.org/support/faq.html
+  #
+  # By specifying a keyword argument _exception_ to +false+, you can indicate
+  # that write_nonblock should not raise an IO::Wait*able exception, but
+  # return the symbol +:wait_writable+ or +:wait_readable+ instead.
 
   def write_nonblock(s, exception: true)
     flush
@@ -378,16 +384,16 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Writes +s+ to the stream.  +s+ will be converted to a String using
-  # String#to_s.
+  # Writes _s_ to the stream.  _s_ will be converted to a String using
+  # +.to_s+ method.
 
-  def << (s)
+  def <<(s)
     do_write(s)
     self
   end
 
   ##
-  # Writes +args+ to the stream along with a record separator.
+  # Writes _args_ to the stream along with a record separator.
   #
   # See IO#puts for full details.
 
@@ -398,16 +404,14 @@ module OpenSSL::Buffering
     end
     args.each{|arg|
       s << arg.to_s
-      if $/ && /\n\z/ !~ s
-        s << "\n"
-      end
+      s.sub!(/(?<!\n)\z/, "\n")
     }
     do_write(s)
     nil
   end
 
   ##
-  # Writes +args+ to the stream.
+  # Writes _args_ to the stream.
   #
   # See IO#print for full details.
 

data/lib/jopenssl23/openssl/config.rb

@@ -30,7 +30,8 @@ module OpenSSL
     class << self
 
       ##
-      # Parses a given +string+ as a blob that contains configuration for openssl.
+      # Parses a given _string_ as a blob that contains configuration for
+      # OpenSSL.
       #
       # If the source of the IO is a file, then consider using #parse_config.
       def parse(string)
@@ -46,7 +47,7 @@ module OpenSSL
       alias load new
 
       ##
-      # Parses the configuration data read from +io+, see also #parse.
+      # Parses the configuration data read from _io_, see also #parse.
       #
       # Raises a ConfigError on invalid configuration data.
       def parse_config(io)
@@ -236,7 +237,7 @@ module OpenSSL
     #
     # This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
     #
-    # If the optional +filename+ parameter is provided, then it is read in and
+    # If the optional _filename_ parameter is provided, then it is read in and
     # parsed via #parse_config.
     #
     # This can raise IO exceptions based on the access, or availability of the
@@ -255,7 +256,7 @@ module OpenSSL
     end
 
     ##
-    # Gets the value of +key+ from the given +section+
+    # Gets the value of _key_ from the given _section_
     #
     # Given the following configurating file being loaded:
     #
@@ -265,8 +266,8 @@ module OpenSSL
     #     #=> [ default ]
     #     #   foo=bar
     #
-    # You can get a specific value from the config if you know the +section+
-    # and +key+ like so:
+    # You can get a specific value from the config if you know the _section_
+    # and _key_ like so:
     #
     #   config.get_value('default','foo')
     #     #=> "bar"
@@ -297,7 +298,7 @@ module OpenSSL
     end
 
     ##
-    # Set the target +key+ with a given +value+ under a specific +section+.
+    # Set the target _key_ with a given _value_ under a specific _section_.
     #
     # Given the following configurating file being loaded:
     #
@@ -307,7 +308,7 @@ module OpenSSL
     #     #=> [ default ]
     #     #   foo=bar
     #
-    # You can set the value of +foo+ under the +default+ section to a new
+    # You can set the value of _foo_ under the _default_ section to a new
     # value:
     #
     #   config.add_value('default', 'foo', 'buzz')
@@ -322,7 +323,7 @@ module OpenSSL
     end
 
     ##
-    # Get a specific +section+ from the current configuration
+    # Get a specific _section_ from the current configuration
     #
     # Given the following configurating file being loaded:
     #
@@ -351,7 +352,7 @@ module OpenSSL
     end
 
     ##
-    # Sets a specific +section+ name with a Hash +pairs+
+    # Sets a specific _section_ name with a Hash _pairs_.
     #
     # Given the following configuration being created:
     #
@@ -365,7 +366,7 @@ module OpenSSL
     #     #   baz=buz
     #
     # It's important to note that this will essentially merge any of the keys
-    # in +pairs+ with the existing +section+. For example:
+    # in _pairs_ with the existing _section_. For example:
     #
     #   config['default']
     #     #=> {"foo"=>"bar", "baz"=>"buz"}

data/lib/jopenssl23/openssl/digest.rb

@@ -24,7 +24,7 @@ module OpenSSL
 
   end # Digest
 
-  # Returns a Digest subclass by +name+.
+  # Returns a Digest subclass by _name_
   #
   #   require 'openssl'
   #

data/lib/jopenssl23/openssl/pkey.rb

@@ -1,37 +1,25 @@
 # frozen_string_literal: false
-module OpenSSL
-  module PKey
-    if defined?(OpenSSL::PKey::DH)
+#--
+# Ruby/OpenSSL Project
+# Copyright (C) 2017 Ruby/OpenSSL Project Authors
+#++
 
-    class DH
-      DEFAULT_512 = new <<-_end_of_pem_
------BEGIN DH PARAMETERS-----
-MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
-zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
------END DH PARAMETERS-----
-      _end_of_pem_
-
-      DEFAULT_1024 = new <<-_end_of_pem_
------BEGIN DH PARAMETERS-----
-MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
-AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
-T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
------END DH PARAMETERS-----
-      _end_of_pem_
-    end
-
-    DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
-      warn "using default DH parameters." if $VERBOSE
-      case keylen
-      when 512  then OpenSSL::PKey::DH::DEFAULT_512
-      when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
-      else
-        nil
-      end
-    }
-
-    else
-      DEFAULT_TMP_DH_CALLBACK = nil
-    end
+module OpenSSL::PKey
+  if defined?(EC)
+  class EC::Point
+    # :call-seq:
+    #    point.to_bn([conversion_form]) -> OpenSSL::BN
+    #
+    # Returns the octet string representation of the EC point as an instance of
+    # OpenSSL::BN.
+    #
+    # If _conversion_form_ is not given, the _point_conversion_form_ attribute
+    # set to the group is used.
+    #
+    # See #to_octet_string for more information.
+    # def to_bn(conversion_form = group.point_conversion_form)
+    #   OpenSSL::BN.new(to_octet_string(conversion_form), 2)
+    # end
+  end
   end
-end
+end