jruby-openssl 0.9.20-java → 0.10.7-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +132 -1
  3. data/LICENSE.txt +1 -1
  4. data/Mavenfile +49 -69
  5. data/README.md +14 -16
  6. data/Rakefile +4 -0
  7. data/lib/jopenssl/_compat23.rb +71 -0
  8. data/lib/jopenssl/load.rb +21 -12
  9. data/lib/jopenssl/version.rb +8 -10
  10. data/lib/jopenssl.jar +0 -0
  11. data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
  12. data/lib/jopenssl22/openssl/ssl.rb +16 -16
  13. data/lib/jopenssl23/openssl/bn.rb +2 -1
  14. data/lib/jopenssl23/openssl/buffering.rb +39 -35
  15. data/lib/jopenssl23/openssl/config.rb +12 -11
  16. data/lib/jopenssl23/openssl/digest.rb +1 -1
  17. data/lib/jopenssl23/openssl/pkey.rb +22 -34
  18. data/lib/jopenssl23/openssl/ssl.rb +210 -125
  19. data/lib/jopenssl23/openssl/x509.rb +76 -1
  20. data/lib/jopenssl23/openssl.rb +1 -1
  21. data/lib/openssl/bn.rb +1 -3
  22. data/lib/openssl/buffering.rb +1 -3
  23. data/lib/openssl/cipher.rb +1 -3
  24. data/lib/openssl/config.rb +10 -4
  25. data/lib/openssl/digest.rb +1 -3
  26. data/lib/openssl/pkcs12.rb +1 -3
  27. data/lib/openssl/pkcs5.rb +22 -0
  28. data/lib/openssl/ssl-internal.rb +1 -3
  29. data/lib/openssl/ssl.rb +1 -3
  30. data/lib/openssl/x509-internal.rb +1 -3
  31. data/lib/openssl/x509.rb +1 -3
  32. data/lib/org/bouncycastle/bcpkix-jdk15on/1.68/bcpkix-jdk15on-1.68.jar +0 -0
  33. data/lib/org/bouncycastle/bcprov-jdk15on/1.68/bcprov-jdk15on-1.68.jar +0 -0
  34. data/lib/org/bouncycastle/bctls-jdk15on/1.68/bctls-jdk15on-1.68.jar +0 -0
  35. data/pom.xml +100 -322
  36. metadata +19 -75
  37. data/integration/1.47/pom.xml +0 -15
  38. data/integration/1.48/pom.xml +0 -15
  39. data/integration/1.49/pom.xml +0 -15
  40. data/integration/1.50/pom.xml +0 -15
  41. data/integration/Mavenfile +0 -57
  42. data/integration/pom.xml +0 -122
  43. data/lib/jopenssl18/openssl/bn.rb +0 -25
  44. data/lib/jopenssl18/openssl/buffering.rb +0 -241
  45. data/lib/jopenssl18/openssl/cipher.rb +0 -28
  46. data/lib/jopenssl18/openssl/config.rb +0 -316
  47. data/lib/jopenssl18/openssl/digest.rb +0 -32
  48. data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
  49. data/lib/jopenssl18/openssl/ssl-internal.rb +0 -112
  50. data/lib/jopenssl18/openssl/ssl.rb +0 -1
  51. data/lib/jopenssl18/openssl/x509-internal.rb +0 -110
  52. data/lib/jopenssl18/openssl/x509.rb +0 -1
  53. data/lib/jopenssl18/openssl.rb +0 -23
  54. data/lib/jopenssl24.rb +0 -112
  55. data/lib/openssl/pkcs7.rb +0 -5
  56. data/lib/org/bouncycastle/bcpkix-jdk15on/1.56/bcpkix-jdk15on-1.56.jar +0 -0
  57. data/lib/org/bouncycastle/bcprov-jdk15on/1.56/bcprov-jdk15on-1.56.jar +0 -0
@@ -16,70 +16,82 @@ require "io/nonblock"
16
16
  module OpenSSL
17
17
  module SSL
18
18
  class SSLContext
19
- DEFAULT_PARAMS = {
20
- :ssl_version => "SSLv23",
19
+ unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
20
+ DEFAULT_PARAMS = { # :nodoc:
21
+ :min_version => OpenSSL::SSL::TLS1_VERSION,
21
22
  :verify_mode => OpenSSL::SSL::VERIFY_PEER,
22
- :ciphers => %w{
23
- ECDHE-ECDSA-AES128-GCM-SHA256
24
- ECDHE-RSA-AES128-GCM-SHA256
25
- ECDHE-ECDSA-AES256-GCM-SHA384
26
- ECDHE-RSA-AES256-GCM-SHA384
27
- DHE-RSA-AES128-GCM-SHA256
28
- DHE-DSS-AES128-GCM-SHA256
29
- DHE-RSA-AES256-GCM-SHA384
30
- DHE-DSS-AES256-GCM-SHA384
31
- ECDHE-ECDSA-AES128-SHA256
32
- ECDHE-RSA-AES128-SHA256
33
- ECDHE-ECDSA-AES128-SHA
34
- ECDHE-RSA-AES128-SHA
35
- ECDHE-ECDSA-AES256-SHA384
36
- ECDHE-RSA-AES256-SHA384
37
- ECDHE-ECDSA-AES256-SHA
38
- ECDHE-RSA-AES256-SHA
39
- DHE-RSA-AES128-SHA256
40
- DHE-RSA-AES256-SHA256
41
- DHE-RSA-AES128-SHA
42
- DHE-RSA-AES256-SHA
43
- DHE-DSS-AES128-SHA256
44
- DHE-DSS-AES256-SHA256
45
- DHE-DSS-AES128-SHA
46
- DHE-DSS-AES256-SHA
47
- AES128-GCM-SHA256
48
- AES256-GCM-SHA384
49
- AES128-SHA256
50
- AES256-SHA256
51
- AES128-SHA
52
- AES256-SHA
53
- ECDHE-ECDSA-RC4-SHA
54
- ECDHE-RSA-RC4-SHA
55
- RC4-SHA
56
- }.join(":"),
23
+ :verify_hostname => true,
57
24
  :options => -> {
58
25
  opts = OpenSSL::SSL::OP_ALL
59
- opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
60
- opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
61
- opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
62
- opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
26
+ opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
27
+ opts |= OpenSSL::SSL::OP_NO_COMPRESSION
63
28
  opts
64
29
  }.call
65
- } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
30
+ }
66
31
 
67
- unless const_defined? :DEFAULT_CERT_STORE # JRuby specific
68
- DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
69
- DEFAULT_CERT_STORE.set_default_paths
70
- if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
71
- DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
32
+ if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") &&
33
+ OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
34
+ DEFAULT_PARAMS.merge!(
35
+ ciphers: %w{
36
+ ECDHE-ECDSA-AES128-GCM-SHA256
37
+ ECDHE-RSA-AES128-GCM-SHA256
38
+ ECDHE-ECDSA-AES256-GCM-SHA384
39
+ ECDHE-RSA-AES256-GCM-SHA384
40
+ DHE-RSA-AES128-GCM-SHA256
41
+ DHE-DSS-AES128-GCM-SHA256
42
+ DHE-RSA-AES256-GCM-SHA384
43
+ DHE-DSS-AES256-GCM-SHA384
44
+ ECDHE-ECDSA-AES128-SHA256
45
+ ECDHE-RSA-AES128-SHA256
46
+ ECDHE-ECDSA-AES128-SHA
47
+ ECDHE-RSA-AES128-SHA
48
+ ECDHE-ECDSA-AES256-SHA384
49
+ ECDHE-RSA-AES256-SHA384
50
+ ECDHE-ECDSA-AES256-SHA
51
+ ECDHE-RSA-AES256-SHA
52
+ DHE-RSA-AES128-SHA256
53
+ DHE-RSA-AES256-SHA256
54
+ DHE-RSA-AES128-SHA
55
+ DHE-RSA-AES256-SHA
56
+ DHE-DSS-AES128-SHA256
57
+ DHE-DSS-AES256-SHA256
58
+ DHE-DSS-AES128-SHA
59
+ DHE-DSS-AES256-SHA
60
+ AES128-GCM-SHA256
61
+ AES256-GCM-SHA384
62
+ AES128-SHA256
63
+ AES256-SHA256
64
+ AES128-SHA
65
+ AES256-SHA
66
+ }.join(":"),
67
+ )
68
+ end
72
69
  end
70
+
71
+ if defined?(OpenSSL::PKey::DH)
72
+ DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
73
+ -----BEGIN DH PARAMETERS-----
74
+ MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
75
+ JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab
76
+ VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6
77
+ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
78
+ 1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD
79
+ 7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==
80
+ -----END DH PARAMETERS-----
81
+ _end_of_pem_
82
+ private_constant :DEFAULT_2048
83
+
84
+ DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
85
+ warn "using default DH parameters." if $VERBOSE
86
+ DEFAULT_2048
87
+ }
73
88
  end
74
89
 
75
- INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
76
- "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
77
- "verify_callback", "cert_store", "extra_chain_cert",
78
- "client_cert_cb", "session_id_context", "tmp_dh_callback",
79
- "session_get_cb", "session_new_cb", "session_remove_cb",
80
- "tmp_ecdh_callback", "servername_cb", "npn_protocols",
81
- "alpn_protocols", "alpn_select_cb",
82
- "npn_select_cb"].map { |x| "@#{x}" }
90
+ begin
91
+ DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
92
+ DEFAULT_CERT_STORE.set_default_paths
93
+ DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
94
+ end unless const_defined? :DEFAULT_CERT_STORE # JRuby
83
95
 
84
96
  # A callback invoked when DH parameters are required.
85
97
  #
@@ -92,44 +104,130 @@ module OpenSSL
92
104
 
93
105
  attr_accessor :tmp_dh_callback
94
106
 
95
- #if ExtConfig::HAVE_TLSEXT_HOST_NAME
96
- # A callback invoked at connect time to distinguish between multiple
97
- # server names.
98
- #
99
- # The callback is invoked with an SSLSocket and a server name. The
100
- # callback must return an SSLContext for the server name or nil.
101
- attr_accessor :servername_cb
102
- #end
107
+ # A callback invoked at connect time to distinguish between multiple
108
+ # server names.
109
+ #
110
+ # The callback is invoked with an SSLSocket and a server name. The
111
+ # callback must return an SSLContext for the server name or nil.
112
+ attr_accessor :servername_cb
103
113
 
104
114
  # call-seq:
105
- # SSLContext.new => ctx
106
- # SSLContext.new(:TLSv1) => ctx
107
- # SSLContext.new("SSLv23_client") => ctx
115
+ # SSLContext.new -> ctx
116
+ # SSLContext.new(:TLSv1) -> ctx
117
+ # SSLContext.new("SSLv23") -> ctx
118
+ #
119
+ # Creates a new SSL context.
108
120
  #
109
- # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
110
- def initialize(version = nil)
111
- self.options |= OpenSSL::SSL::OP_ALL
112
- self.ssl_version = version if version
113
- end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
121
+ # If an argument is given, #ssl_version= is called with the value. Note
122
+ # that this form is deprecated. New applications should use #min_version=
123
+ # and #max_version= as necessary.
124
+ # def initialize(version = nil)
125
+ # self.options |= OpenSSL::SSL::OP_ALL
126
+ # self.ssl_version = version if version
127
+ # end
114
128
 
115
129
  ##
116
- # Sets the parameters for this SSL context to the values in +params+.
117
- # The keys in +params+ must be assignment methods on SSLContext.
130
+ # call-seq:
131
+ # ctx.set_params(params = {}) -> params
132
+ #
133
+ # Sets saner defaults optimized for the use with HTTP-like protocols.
134
+ #
135
+ # If a Hash _params_ is given, the parameters are overridden with it.
136
+ # The keys in _params_ must be assignment methods on SSLContext.
118
137
  #
119
138
  # If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
120
139
  # cert_store are not set then the system default certificate store is
121
140
  # used.
122
-
123
141
  def set_params(params={})
124
142
  params = DEFAULT_PARAMS.merge(params)
125
- params.each{|name, value| self.__send__("#{name}=", value) }
143
+ # TODO JRuby: need to support SSLContext#options (since Ruby 2.5)
144
+ #self.options = params.delete(:options) # set before min_version/max_version
145
+ params.each { |name, value| self.__send__("#{name}=", value) }
126
146
  if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
127
147
  unless self.ca_file or self.ca_path or self.cert_store
128
148
  self.cert_store = DEFAULT_CERT_STORE
129
149
  end
130
150
  end
131
151
  return params
132
- end unless method_defined? :set_params # JRuby: hooked up in "native" Java
152
+ end unless method_defined? :set_params
153
+
154
+ # call-seq:
155
+ # ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
156
+ # ctx.min_version = :TLS1_2
157
+ # ctx.min_version = nil
158
+ #
159
+ # Sets the lower bound on the supported SSL/TLS protocol version. The
160
+ # version may be specified by an integer constant named
161
+ # OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
162
+ #
163
+ # Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
164
+ # options by #options= once you have called #min_version= or
165
+ # #max_version=.
166
+ #
167
+ # === Example
168
+ # ctx = OpenSSL::SSL::SSLContext.new
169
+ # ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
170
+ # ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
171
+ #
172
+ # sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
173
+ # sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
174
+ def min_version=(version)
175
+ set_minmax_proto_version(version, @max_proto_version ||= nil)
176
+ @min_proto_version = version
177
+ end
178
+
179
+ # call-seq:
180
+ # ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
181
+ # ctx.max_version = :TLS1_2
182
+ # ctx.max_version = nil
183
+ #
184
+ # Sets the upper bound of the supported SSL/TLS protocol version. See
185
+ # #min_version= for the possible values.
186
+ def max_version=(version)
187
+ set_minmax_proto_version(@min_proto_version ||= nil, version)
188
+ @max_proto_version = version
189
+ end
190
+
191
+ # call-seq:
192
+ # ctx.ssl_version = :TLSv1
193
+ # ctx.ssl_version = "SSLv23"
194
+ #
195
+ # Sets the SSL/TLS protocol version for the context. This forces
196
+ # connections to use only the specified protocol version. This is
197
+ # deprecated and only provided for backwards compatibility. Use
198
+ # #min_version= and #max_version= instead.
199
+ #
200
+ # === History
201
+ # As the name hints, this used to call the SSL_CTX_set_ssl_version()
202
+ # function which sets the SSL method used for connections created from
203
+ # the context. As of Ruby/OpenSSL 2.1, this accessor method is
204
+ # implemented to call #min_version= and #max_version= instead.
205
+ def ssl_version=(meth)
206
+ meth = meth.to_s if meth.is_a?(Symbol)
207
+ if /(?<type>_client|_server)\z/ =~ meth
208
+ meth = $`
209
+ if $VERBOSE
210
+ warn "#{caller(1, 1)[0]}: method type #{type.inspect} is ignored"
211
+ end
212
+ end
213
+ version = METHODS_MAP[meth.intern] or
214
+ raise ArgumentError, "unknown SSL method `%s'" % meth
215
+ set_minmax_proto_version(version, version)
216
+ @min_proto_version = @max_proto_version = version
217
+ end unless method_defined? :ssl_version=
218
+
219
+ METHODS_MAP = {
220
+ SSLv23: 0,
221
+ SSLv2: OpenSSL::SSL::SSL2_VERSION,
222
+ SSLv3: OpenSSL::SSL::SSL3_VERSION,
223
+ TLSv1: OpenSSL::SSL::TLS1_VERSION,
224
+ TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
225
+ TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION,
226
+ }.freeze
227
+ private_constant :METHODS_MAP
228
+
229
+ # METHODS setup from native (JRuby)
230
+ # deprecate_constant :METHODS
133
231
  end
134
232
 
135
233
  module SocketForwarder
@@ -254,55 +352,36 @@ module OpenSSL
254
352
  include Buffering
255
353
  include SocketForwarder
256
354
 
257
- if ExtConfig::OPENSSL_NO_SOCK
258
- def initialize(io, ctx = nil); raise NotImplementedError; end
259
- else
260
- if ExtConfig::HAVE_TLSEXT_HOST_NAME
261
- attr_accessor :hostname
262
- end
263
-
264
- attr_reader :io, :context
265
- attr_accessor :sync_close
266
- alias :to_io :io
267
-
268
- # call-seq:
269
- # SSLSocket.new(io) => aSSLSocket
270
- # SSLSocket.new(io, ctx) => aSSLSocket
271
- #
272
- # Creates a new SSL socket from +io+ which must be a real ruby object (not an
273
- # IO-like object that responds to read/write).
274
- #
275
- # If +ctx+ is provided the SSL Sockets initial params will be taken from
276
- # the context.
277
- #
278
- # The OpenSSL::Buffering module provides additional IO methods.
279
- #
280
- # This method will freeze the SSLContext if one is provided;
281
- # however, session management is still allowed in the frozen SSLContext.
282
-
283
- def initialize(io, context = OpenSSL::SSL::SSLContext.new)
284
- @io = io
285
- @context = context
286
- @sync_close = false
287
- @hostname = nil
288
- @io.nonblock = true if @io.respond_to?(:nonblock=)
289
- context.setup
290
- super()
291
- end
292
- end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
355
+ # attr_reader :hostname
356
+ #
357
+ # # The underlying IO object.
358
+ # attr_reader :io
359
+ # alias :to_io :io
360
+ #
361
+ # # The SSLContext object used in this connection.
362
+ # attr_reader :context
363
+ #
364
+ # # Whether to close the underlying socket as well, when the SSL/TLS
365
+ # # connection is shut down. This defaults to +false+.
366
+ # attr_accessor :sync_close
293
367
 
294
368
  # call-seq:
295
369
  # ssl.sysclose => nil
296
370
  #
297
- # Shuts down the SSL connection and prepares it for another connection.
371
+ # Sends "close notify" to the peer and tries to shut down the SSL
372
+ # connection gracefully.
373
+ #
374
+ # If sync_close is set to +true+, the underlying IO is also closed.
298
375
  def sysclose
299
376
  return if closed?
300
377
  stop
301
378
  io.close if sync_close
302
- end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
379
+ end unless method_defined? :sysclose
303
380
 
304
- ##
305
- # Perform hostname verification after an SSL connection is established
381
+ # call-seq:
382
+ # ssl.post_connection_check(hostname) -> true
383
+ #
384
+ # Perform hostname verification following RFC 6125.
306
385
  #
307
386
  # This method MUST be called after calling #connect to ensure that the
308
387
  # hostname of a remote peer has been verified.
@@ -310,7 +389,8 @@ module OpenSSL
310
389
  if peer_cert.nil?
311
390
  msg = "Peer verification enabled, but no certificate received."
312
391
  if using_anon_cipher?
313
- msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
392
+ msg += " Anonymous cipher suite #{cipher[0]} was negotiated. " \
393
+ "Anonymous suites must be disabled to use peer verification."
314
394
  end
315
395
  raise SSLError, msg
316
396
  end
@@ -321,11 +401,16 @@ module OpenSSL
321
401
  return true
322
402
  end
323
403
 
324
- #def session
325
- # SSL::Session.new(self)
326
- #rescue SSL::Session::SessionError
327
- # nil
328
- #end
404
+ # call-seq:
405
+ # ssl.session -> aSession
406
+ #
407
+ # Returns the SSLSession object currently used, or nil if the session is
408
+ # not established.
409
+ def session
410
+ SSL::Session.new(self)
411
+ rescue SSL::Session::SessionError
412
+ nil
413
+ end unless method_defined? :session # JRuby
329
414
 
330
415
  private
331
416
 
@@ -340,7 +425,7 @@ module OpenSSL
340
425
  end
341
426
 
342
427
  def tmp_dh_callback
343
- @context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
428
+ @context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
344
429
  end
345
430
 
346
431
  def tmp_ecdh_callback
@@ -364,8 +449,8 @@ module OpenSSL
364
449
  attr_accessor :start_immediately
365
450
 
366
451
  # Creates a new instance of SSLServer.
367
- # * +srv+ is an instance of TCPServer.
368
- # * +ctx+ is an instance of OpenSSL::SSL::SSLContext.
452
+ # * _srv_ is an instance of TCPServer.
453
+ # * _ctx_ is an instance of OpenSSL::SSL::SSLContext.
369
454
  def initialize(svr, ctx)
370
455
  @svr = svr
371
456
  @ctx = ctx
@@ -14,6 +14,54 @@
14
14
 
15
15
  module OpenSSL
16
16
  module X509
17
+ # class ExtensionFactory
18
+ # def create_extension(*arg)
19
+ # if arg.size > 1
20
+ # create_ext(*arg)
21
+ # else
22
+ # send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
23
+ # end
24
+ # end
25
+ #
26
+ # def create_ext_from_array(ary)
27
+ # raise ExtensionError, "unexpected array form" if ary.size > 3
28
+ # create_ext(ary[0], ary[1], ary[2])
29
+ # end
30
+ #
31
+ # def create_ext_from_string(str) # "oid = critical, value"
32
+ # oid, value = str.split(/=/, 2)
33
+ # oid.strip!
34
+ # value.strip!
35
+ # create_ext(oid, value)
36
+ # end
37
+ #
38
+ # def create_ext_from_hash(hash)
39
+ # create_ext(hash["oid"], hash["value"], hash["critical"])
40
+ # end
41
+ # end
42
+ #
43
+ # class Extension
44
+ # def ==(other)
45
+ # return false unless Extension === other
46
+ # to_der == other.to_der
47
+ # end
48
+ #
49
+ # def to_s # "oid = critical, value"
50
+ # str = self.oid
51
+ # str << " = "
52
+ # str << "critical, " if self.critical?
53
+ # str << self.value.gsub(/\n/, ", ")
54
+ # end
55
+ #
56
+ # def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
57
+ # {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
58
+ # end
59
+ #
60
+ # def to_a
61
+ # [ self.oid, self.value, self.critical? ]
62
+ # end
63
+ # end
64
+
17
65
  class Name
18
66
  module RFC2253DN
19
67
  Special = ',=+<>#;'
@@ -96,7 +144,13 @@ module OpenSSL
96
144
  end
97
145
 
98
146
  def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
99
- ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
147
+ if str.start_with?("/")
148
+ # /A=B/C=D format
149
+ ary = str[1..-1].split("/").map { |i| i.split("=", 2) }
150
+ else
151
+ # Comma-separated
152
+ ary = str.split(",").map { |i| i.strip.split("=", 2) }
153
+ end
100
154
  self.new(ary, template)
101
155
  end
102
156
 
@@ -111,6 +165,13 @@ module OpenSSL
111
165
  end
112
166
  end
113
167
 
168
+ # class Attribute
169
+ # def ==(other)
170
+ # return false unless Attribute === other
171
+ # to_der == other.to_der
172
+ # end
173
+ # end
174
+
114
175
  class StoreContext
115
176
  def cleanup
116
177
  warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
@@ -129,5 +190,19 @@ module OpenSSL
129
190
  }
130
191
  end
131
192
  end
193
+
194
+ # class CRL
195
+ # def ==(other)
196
+ # return false unless CRL === other
197
+ # to_der == other.to_der
198
+ # end
199
+ # end
200
+
201
+ # class Request
202
+ # def ==(other)
203
+ # return false unless Request === other
204
+ # to_der == other.to_der
205
+ # end
206
+ # end
132
207
  end
133
208
  end
@@ -13,7 +13,7 @@
13
13
  require 'openssl/bn'
14
14
  require 'openssl/pkey'
15
15
  require 'openssl/cipher'
16
- require 'openssl/config'
16
+ require 'openssl/config' if OpenSSL.const_defined?(:Config, false)
17
17
  require 'openssl/digest'
18
18
  require 'openssl/x509'
19
19
  require 'openssl/ssl'
data/lib/openssl/bn.rb CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
4
4
  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
5
5
  elsif RUBY_VERSION > '2.1'
6
6
  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
7
- elsif RUBY_VERSION > '1.9'
8
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
9
7
  else
10
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
8
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
11
9
  end
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
4
4
  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
5
5
  elsif RUBY_VERSION > '2.1'
6
6
  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
7
- elsif RUBY_VERSION > '1.9'
8
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
9
7
  else
10
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
8
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
11
9
  end
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
4
4
  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
5
5
  elsif RUBY_VERSION > '2.1'
6
6
  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
7
- elsif RUBY_VERSION > '1.9'
8
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
9
7
  else
10
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
8
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
11
9
  end
@@ -4,8 +4,14 @@ elsif RUBY_VERSION > '2.2'
4
4
  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
5
5
  elsif RUBY_VERSION > '2.1'
6
6
  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
7
- elsif RUBY_VERSION > '1.9'
8
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
9
7
  else
10
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
11
- end
8
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
9
+ end
10
+
11
+ # @note moved from JOpenSSL native bits.
12
+ module OpenSSL
13
+ class Config
14
+ DEFAULT_CONFIG_FILE = nil
15
+ end
16
+ class ConfigError < OpenSSLError; end
17
+ end
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
4
4
  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
5
5
  elsif RUBY_VERSION > '2.1'
6
6
  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
7
- elsif RUBY_VERSION > '1.9'
8
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
9
7
  else
10
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
8
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
11
9
  end
@@ -28,10 +28,8 @@ module OpenSSL
28
28
  @der = str
29
29
  end
30
30
 
31
- p12_input_stream = java.io.StringBufferInputStream.new(@der)
32
-
33
31
  store = SecurityHelper.getKeyStore("PKCS12")
34
- store.load(p12_input_stream, password.to_java.to_char_array)
32
+ store.load(java.io.ByteArrayInputStream.new(@der.to_java_bytes), password.to_java.to_char_array)
35
33
 
36
34
  aliases = store.aliases
37
35
  aliases.each do |alias_name|
@@ -0,0 +1,22 @@
1
+ #--
2
+ # Ruby/OpenSSL Project
3
+ # Copyright (C) 2017 Ruby/OpenSSL Project Authors
4
+ #++
5
+
6
+ # JOpenSSL has these - here for explicit require 'openssl/pkcs5' compatibility
7
+
8
+ # module OpenSSL
9
+ # module PKCS5
10
+ # module_function
11
+ #
12
+ # # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
13
+ # # This method is provided for backwards compatibility.
14
+ # def pbkdf2_hmac(pass, salt, iter, keylen, digest)
15
+ # OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter, length: keylen, hash: digest)
16
+ # end
17
+ #
18
+ # def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
19
+ # pbkdf2_hmac(pass, salt, iter, keylen, "sha1")
20
+ # end
21
+ # end
22
+ # end
@@ -1,7 +1,5 @@
1
1
  if RUBY_VERSION > '2.1'
2
2
  raise LoadError, "no such library in #{RUBY_VERSION}: openssl/ssl-internal.rb"
3
- elsif RUBY_VERSION > '1.9'
4
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
5
3
  else
6
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
4
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
7
5
  end
data/lib/openssl/ssl.rb CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
4
4
  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
5
5
  elsif RUBY_VERSION > '2.1'
6
6
  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
7
- elsif RUBY_VERSION > '1.9'
8
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
9
7
  else
10
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
8
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
11
9
  end
@@ -1,7 +1,5 @@
1
1
  if RUBY_VERSION > '2.1'
2
2
  raise LoadError, "no such library in #{RUBY_VERSION}: openssl/x509-internal.rb"
3
- elsif RUBY_VERSION > '1.9'
4
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
5
3
  else
6
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
4
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
7
5
  end
data/lib/openssl/x509.rb CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
4
4
  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
5
5
  elsif RUBY_VERSION > '2.1'
6
6
  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
7
- elsif RUBY_VERSION > '1.9'
8
- load "jopenssl19/openssl/#{File.basename(__FILE__)}"
9
7
  else
10
- load "jopenssl18/openssl/#{File.basename(__FILE__)}"
8
+ load "jopenssl19/openssl/#{File.basename(__FILE__)}"
11
9
  end