jruby-openssl 0.9.4 → 0.14.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/History.md +652 -0
- data/LICENSE.txt +37 -0
- data/Mavenfile +163 -5
- data/README.md +75 -0
- data/Rakefile +52 -2
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +75 -16
- data/lib/jopenssl/version.rb +9 -4
- data/lib/jopenssl.jar +0 -0
- data/lib/openssl/bn.rb +40 -5
- data/lib/openssl/buffering.rb +477 -4
- data/lib/openssl/cipher.rb +67 -5
- data/lib/openssl/config.rb +500 -4
- data/lib/openssl/digest.rb +73 -5
- data/lib/openssl/hmac.rb +13 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs12.rb +60 -99
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/pkey.rb +42 -0
- data/lib/openssl/ssl.rb +542 -4
- data/lib/openssl/x509.rb +368 -4
- data/lib/openssl.rb +3 -1
- data/lib/org/bouncycastle/bcpkix-jdk18on/1.71/bcpkix-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk18on/1.71/bcprov-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk18on/1.71/bctls-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcutil-jdk18on/1.71/bcutil-jdk18on-1.71.jar +0 -0
- data/pom.xml +772 -0
- metadata +40 -107
- data/History.txt +0 -218
- data/License.txt +0 -30
- data/README.txt +0 -13
- data/TODO-1_9-support.txt +0 -23
- data/lib/jopenssl18/openssl/bn.rb +0 -35
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -65
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -61
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -179
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -153
- data/lib/jopenssl18/openssl/x509.rb +0 -1
- data/lib/jopenssl18/openssl.rb +0 -67
- data/lib/jopenssl19/openssl/bn.rb +0 -35
- data/lib/jopenssl19/openssl/buffering.rb +0 -449
- data/lib/jopenssl19/openssl/cipher.rb +0 -65
- data/lib/jopenssl19/openssl/config.rb +0 -313
- data/lib/jopenssl19/openssl/digest.rb +0 -72
- data/lib/jopenssl19/openssl/ssl-internal.rb +0 -177
- data/lib/jopenssl19/openssl/ssl.rb +0 -2
- data/lib/jopenssl19/openssl/x509-internal.rb +0 -158
- data/lib/jopenssl19/openssl/x509.rb +0 -2
- data/lib/jopenssl19/openssl.rb +0 -23
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/openssl/ssl-internal.rb +0 -5
- data/lib/openssl/x509-internal.rb +0 -5
- data/test/java/pkcs7_mime_enveloped.message +0 -19
- data/test/java/pkcs7_mime_signed.message +0 -30
- data/test/java/pkcs7_multipart_signed.message +0 -45
- data/test/java/test_java_attribute.rb +0 -25
- data/test/java/test_java_bio.rb +0 -42
- data/test/java/test_java_mime.rb +0 -173
- data/test/java/test_java_pkcs7.rb +0 -772
- data/test/java/test_java_smime.rb +0 -177
- data/test/test_java.rb +0 -98
- data/test/ut_eof.rb +0 -128
@@ -1,179 +0,0 @@
|
|
1
|
-
=begin
|
2
|
-
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
|
3
|
-
|
4
|
-
= Info
|
5
|
-
'OpenSSL for Ruby 2' project
|
6
|
-
Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
7
|
-
All rights reserved.
|
8
|
-
|
9
|
-
= Licence
|
10
|
-
This program is licenced under the same licence as Ruby.
|
11
|
-
(See the file 'LICENCE'.)
|
12
|
-
|
13
|
-
= Version
|
14
|
-
$Id$
|
15
|
-
=end
|
16
|
-
|
17
|
-
require "openssl/buffering"
|
18
|
-
require "fcntl"
|
19
|
-
|
20
|
-
module OpenSSL
|
21
|
-
module SSL
|
22
|
-
class SSLContext
|
23
|
-
DEFAULT_PARAMS = {
|
24
|
-
:ssl_version => "SSLv23",
|
25
|
-
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
26
|
-
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
27
|
-
:options => OpenSSL::SSL::OP_ALL,
|
28
|
-
}
|
29
|
-
|
30
|
-
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
31
|
-
DEFAULT_CERT_STORE.set_default_paths
|
32
|
-
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
33
|
-
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
34
|
-
end
|
35
|
-
|
36
|
-
def set_params(params={})
|
37
|
-
params = DEFAULT_PARAMS.merge(params)
|
38
|
-
# ssl_version need to be set at first.
|
39
|
-
self.ssl_version = params.delete(:ssl_version)
|
40
|
-
params.each{|name, value| self.__send__("#{name}=", value) }
|
41
|
-
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
42
|
-
unless self.ca_file or self.ca_path or self.cert_store
|
43
|
-
self.cert_store = DEFAULT_CERT_STORE
|
44
|
-
end
|
45
|
-
end
|
46
|
-
return params
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
module SocketForwarder
|
51
|
-
def addr
|
52
|
-
to_io.addr
|
53
|
-
end
|
54
|
-
|
55
|
-
def peeraddr
|
56
|
-
to_io.peeraddr
|
57
|
-
end
|
58
|
-
|
59
|
-
def setsockopt(level, optname, optval)
|
60
|
-
to_io.setsockopt(level, optname, optval)
|
61
|
-
end
|
62
|
-
|
63
|
-
def getsockopt(level, optname)
|
64
|
-
to_io.getsockopt(level, optname)
|
65
|
-
end
|
66
|
-
|
67
|
-
def fcntl(*args)
|
68
|
-
to_io.fcntl(*args)
|
69
|
-
end
|
70
|
-
|
71
|
-
def closed?
|
72
|
-
to_io.closed?
|
73
|
-
end
|
74
|
-
|
75
|
-
def do_not_reverse_lookup=(flag)
|
76
|
-
to_io.do_not_reverse_lookup = flag
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
module Nonblock
|
81
|
-
def initialize(*args)
|
82
|
-
flag = File::NONBLOCK
|
83
|
-
flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
|
84
|
-
@io.fcntl(Fcntl::F_SETFL, flag)
|
85
|
-
super
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
def verify_certificate_identity(cert, hostname)
|
90
|
-
should_verify_common_name = true
|
91
|
-
cert.extensions.each{|ext|
|
92
|
-
next if ext.oid != "subjectAltName"
|
93
|
-
ext.value.split(/,\s+/).each{|general_name|
|
94
|
-
if /\ADNS:(.*)/ =~ general_name
|
95
|
-
should_verify_common_name = false
|
96
|
-
reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
|
97
|
-
return true if /\A#{reg}\z/i =~ hostname
|
98
|
-
elsif /\AIP Address:(.*)/ =~ general_name
|
99
|
-
should_verify_common_name = false
|
100
|
-
return true if $1 == hostname
|
101
|
-
end
|
102
|
-
}
|
103
|
-
}
|
104
|
-
if should_verify_common_name
|
105
|
-
cert.subject.to_a.each{|oid, value|
|
106
|
-
if oid == "CN"
|
107
|
-
reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
|
108
|
-
return true if /\A#{reg}\z/i =~ hostname
|
109
|
-
end
|
110
|
-
}
|
111
|
-
end
|
112
|
-
return false
|
113
|
-
end
|
114
|
-
module_function :verify_certificate_identity
|
115
|
-
|
116
|
-
class SSLSocket
|
117
|
-
include Buffering
|
118
|
-
include SocketForwarder
|
119
|
-
include Nonblock
|
120
|
-
|
121
|
-
def post_connection_check(hostname)
|
122
|
-
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
123
|
-
raise SSLError, "hostname was not match with the server certificate"
|
124
|
-
end
|
125
|
-
return true
|
126
|
-
end
|
127
|
-
|
128
|
-
def session
|
129
|
-
SSL::Session.new(self)
|
130
|
-
rescue SSL::Session::SessionError
|
131
|
-
nil
|
132
|
-
end
|
133
|
-
end
|
134
|
-
|
135
|
-
class SSLServer
|
136
|
-
include SocketForwarder
|
137
|
-
attr_accessor :start_immediately
|
138
|
-
|
139
|
-
def initialize(svr, ctx)
|
140
|
-
@svr = svr
|
141
|
-
@ctx = ctx
|
142
|
-
unless ctx.session_id_context
|
143
|
-
session_id = OpenSSL::Digest::MD5.hexdigest($0)
|
144
|
-
@ctx.session_id_context = session_id
|
145
|
-
end
|
146
|
-
@start_immediately = true
|
147
|
-
end
|
148
|
-
|
149
|
-
def to_io
|
150
|
-
@svr
|
151
|
-
end
|
152
|
-
|
153
|
-
def listen(backlog=5)
|
154
|
-
@svr.listen(backlog)
|
155
|
-
end
|
156
|
-
|
157
|
-
def shutdown(how=Socket::SHUT_RDWR)
|
158
|
-
@svr.shutdown(how)
|
159
|
-
end
|
160
|
-
|
161
|
-
def accept
|
162
|
-
sock = @svr.accept
|
163
|
-
begin
|
164
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
|
165
|
-
ssl.sync_close = true
|
166
|
-
ssl.accept if @start_immediately
|
167
|
-
ssl
|
168
|
-
rescue SSLError => ex
|
169
|
-
sock.close
|
170
|
-
raise ex
|
171
|
-
end
|
172
|
-
end
|
173
|
-
|
174
|
-
def close
|
175
|
-
@svr.close
|
176
|
-
end
|
177
|
-
end
|
178
|
-
end
|
179
|
-
end
|
@@ -1 +0,0 @@
|
|
1
|
-
require 'openssl'
|
@@ -1,153 +0,0 @@
|
|
1
|
-
=begin
|
2
|
-
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
|
3
|
-
|
4
|
-
= Info
|
5
|
-
'OpenSSL for Ruby 2' project
|
6
|
-
Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
7
|
-
All rights reserved.
|
8
|
-
|
9
|
-
= Licence
|
10
|
-
This program is licenced under the same licence as Ruby.
|
11
|
-
(See the file 'LICENCE'.)
|
12
|
-
|
13
|
-
= Version
|
14
|
-
$Id$
|
15
|
-
=end
|
16
|
-
|
17
|
-
module OpenSSL
|
18
|
-
module X509
|
19
|
-
class ExtensionFactory
|
20
|
-
def create_extension(*arg)
|
21
|
-
if arg.size > 1
|
22
|
-
create_ext(*arg)
|
23
|
-
else
|
24
|
-
send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
def create_ext_from_array(ary)
|
29
|
-
raise ExtensionError, "unexpected array form" if ary.size > 3
|
30
|
-
create_ext(ary[0], ary[1], ary[2])
|
31
|
-
end
|
32
|
-
|
33
|
-
def create_ext_from_string(str) # "oid = critical, value"
|
34
|
-
oid, value = str.split(/=/, 2)
|
35
|
-
oid.strip!
|
36
|
-
value.strip!
|
37
|
-
create_ext(oid, value)
|
38
|
-
end
|
39
|
-
|
40
|
-
def create_ext_from_hash(hash)
|
41
|
-
create_ext(hash["oid"], hash["value"], hash["critical"])
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
class Extension
|
46
|
-
def to_s # "oid = critical, value"
|
47
|
-
str = self.oid
|
48
|
-
str << " = "
|
49
|
-
str << "critical, " if self.critical?
|
50
|
-
str << self.value.gsub(/\n/, ", ")
|
51
|
-
end
|
52
|
-
|
53
|
-
def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
|
54
|
-
{"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
|
55
|
-
end
|
56
|
-
|
57
|
-
def to_a
|
58
|
-
[ self.oid, self.value, self.critical? ]
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
62
|
-
class Name
|
63
|
-
module RFC2253DN
|
64
|
-
Special = ',=+<>#;'
|
65
|
-
HexChar = /[0-9a-fA-F]/
|
66
|
-
HexPair = /#{HexChar}#{HexChar}/
|
67
|
-
HexString = /#{HexPair}+/
|
68
|
-
Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
|
69
|
-
StringChar = /[^#{Special}\\"]/
|
70
|
-
QuoteChar = /[^\\"]/
|
71
|
-
AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
|
72
|
-
AttributeValue = /
|
73
|
-
(?!["#])((?:#{StringChar}|#{Pair})*)|
|
74
|
-
\#(#{HexString})|
|
75
|
-
"((?:#{QuoteChar}|#{Pair})*)"
|
76
|
-
/x
|
77
|
-
TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
|
78
|
-
|
79
|
-
module_function
|
80
|
-
|
81
|
-
def expand_pair(str)
|
82
|
-
return nil unless str
|
83
|
-
return str.gsub(Pair){
|
84
|
-
pair = $&
|
85
|
-
case pair.size
|
86
|
-
when 2 then pair[1,1]
|
87
|
-
when 3 then Integer("0x#{pair[1,2]}").chr
|
88
|
-
else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
|
89
|
-
end
|
90
|
-
}
|
91
|
-
end
|
92
|
-
|
93
|
-
def expand_hexstring(str)
|
94
|
-
return nil unless str
|
95
|
-
der = str.gsub(HexPair){$&.to_i(16).chr }
|
96
|
-
a1 = OpenSSL::ASN1.decode(der)
|
97
|
-
return a1.value, a1.tag
|
98
|
-
end
|
99
|
-
|
100
|
-
def expand_value(str1, str2, str3)
|
101
|
-
value = expand_pair(str1)
|
102
|
-
value, tag = expand_hexstring(str2) unless value
|
103
|
-
value = expand_pair(str3) unless value
|
104
|
-
return value, tag
|
105
|
-
end
|
106
|
-
|
107
|
-
def scan(dn)
|
108
|
-
str = dn
|
109
|
-
ary = []
|
110
|
-
while true
|
111
|
-
if md = TypeAndValue.match(str)
|
112
|
-
matched = md.to_s
|
113
|
-
remain = md.post_match
|
114
|
-
type = md[1]
|
115
|
-
value, tag = expand_value(md[2], md[3], md[4]) rescue nil
|
116
|
-
if value
|
117
|
-
type_and_value = [type, value]
|
118
|
-
type_and_value.push(tag) if tag
|
119
|
-
ary.unshift(type_and_value)
|
120
|
-
if remain.length > 2 && remain[0] == ?,
|
121
|
-
str = remain[1..-1]
|
122
|
-
next
|
123
|
-
elsif remain.length > 2 && remain[0] == ?+
|
124
|
-
raise OpenSSL::X509::NameError,
|
125
|
-
"multi-valued RDN is not supported: #{dn}"
|
126
|
-
elsif remain.empty?
|
127
|
-
break
|
128
|
-
end
|
129
|
-
end
|
130
|
-
end
|
131
|
-
msg_dn = dn[0, dn.length - str.length] + " =>" + str
|
132
|
-
raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
|
133
|
-
end
|
134
|
-
return ary
|
135
|
-
end
|
136
|
-
end
|
137
|
-
|
138
|
-
class <<self
|
139
|
-
def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
|
140
|
-
ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
|
141
|
-
self.new(ary, template)
|
142
|
-
end
|
143
|
-
|
144
|
-
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
145
|
-
ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
|
146
|
-
self.new(ary, template)
|
147
|
-
end
|
148
|
-
|
149
|
-
alias parse parse_openssl
|
150
|
-
end
|
151
|
-
end
|
152
|
-
end
|
153
|
-
end
|
@@ -1 +0,0 @@
|
|
1
|
-
require 'openssl'
|
data/lib/jopenssl18/openssl.rb
DELETED
@@ -1,67 +0,0 @@
|
|
1
|
-
=begin
|
2
|
-
= $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
|
3
|
-
|
4
|
-
= Info
|
5
|
-
'OpenSSL for Ruby 2' project
|
6
|
-
Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
7
|
-
All rights reserved.
|
8
|
-
|
9
|
-
= Licence
|
10
|
-
This program is licenced under the same licence as Ruby.
|
11
|
-
(See the file 'LICENCE'.)
|
12
|
-
|
13
|
-
= Version
|
14
|
-
$Id: openssl.rb 12496 2007-06-08 15:02:04Z technorama $
|
15
|
-
=end
|
16
|
-
|
17
|
-
# TODO: remove this chunk after 1.4 support is dropped
|
18
|
-
require 'digest'
|
19
|
-
unless defined?(::Digest::Class)
|
20
|
-
# restricted support for jruby <= 1.4 (1.8.6 Digest compat)
|
21
|
-
module Digest
|
22
|
-
class Class
|
23
|
-
def self.hexdigest(name, data)
|
24
|
-
digest(name, data).unpack('H*')[0]
|
25
|
-
end
|
26
|
-
|
27
|
-
def self.digest(data, name)
|
28
|
-
digester = const_get(name).new
|
29
|
-
digester.update(data)
|
30
|
-
digester.finish
|
31
|
-
end
|
32
|
-
|
33
|
-
def hexdigest
|
34
|
-
digest.unpack('H*')[0]
|
35
|
-
end
|
36
|
-
|
37
|
-
def digest
|
38
|
-
dup.finish
|
39
|
-
end
|
40
|
-
|
41
|
-
def ==(oth)
|
42
|
-
digest == oth.digest
|
43
|
-
end
|
44
|
-
|
45
|
-
def to_s
|
46
|
-
hexdigest
|
47
|
-
end
|
48
|
-
|
49
|
-
def size
|
50
|
-
digest_length
|
51
|
-
end
|
52
|
-
|
53
|
-
def length
|
54
|
-
digest_length
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
# end of compat chunk.
|
60
|
-
|
61
|
-
require 'openssl/bn'
|
62
|
-
require 'openssl/cipher'
|
63
|
-
require 'openssl/config'
|
64
|
-
require 'openssl/digest'
|
65
|
-
require 'openssl/pkcs7'
|
66
|
-
require 'openssl/ssl-internal'
|
67
|
-
require 'openssl/x509-internal'
|
@@ -1,35 +0,0 @@
|
|
1
|
-
#--
|
2
|
-
#
|
3
|
-
# $RCSfile$
|
4
|
-
#
|
5
|
-
# = Ruby-space definitions that completes C-space funcs for BN
|
6
|
-
#
|
7
|
-
# = Info
|
8
|
-
# 'OpenSSL for Ruby 2' project
|
9
|
-
# Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
10
|
-
# All rights reserved.
|
11
|
-
#
|
12
|
-
# = Licence
|
13
|
-
# This program is licenced under the same licence as Ruby.
|
14
|
-
# (See the file 'LICENCE'.)
|
15
|
-
#
|
16
|
-
# = Version
|
17
|
-
# $Id$
|
18
|
-
#
|
19
|
-
#++
|
20
|
-
|
21
|
-
module OpenSSL
|
22
|
-
class BN
|
23
|
-
include Comparable
|
24
|
-
end # BN
|
25
|
-
end # OpenSSL
|
26
|
-
|
27
|
-
##
|
28
|
-
# Add double dispatch to Integer
|
29
|
-
#
|
30
|
-
class Integer
|
31
|
-
def to_bn
|
32
|
-
OpenSSL::BN::new(self.to_s(16), 16)
|
33
|
-
end
|
34
|
-
end # Integer
|
35
|
-
|