jruby-openssl 0.9.4 → 0.14.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/History.md +652 -0
- data/LICENSE.txt +37 -0
- data/Mavenfile +163 -5
- data/README.md +75 -0
- data/Rakefile +52 -2
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +75 -16
- data/lib/jopenssl/version.rb +9 -4
- data/lib/jopenssl.jar +0 -0
- data/lib/openssl/bn.rb +40 -5
- data/lib/openssl/buffering.rb +477 -4
- data/lib/openssl/cipher.rb +67 -5
- data/lib/openssl/config.rb +500 -4
- data/lib/openssl/digest.rb +73 -5
- data/lib/openssl/hmac.rb +13 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs12.rb +60 -99
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/pkey.rb +42 -0
- data/lib/openssl/ssl.rb +542 -4
- data/lib/openssl/x509.rb +368 -4
- data/lib/openssl.rb +3 -1
- data/lib/org/bouncycastle/bcpkix-jdk18on/1.71/bcpkix-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk18on/1.71/bcprov-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk18on/1.71/bctls-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcutil-jdk18on/1.71/bcutil-jdk18on-1.71.jar +0 -0
- data/pom.xml +772 -0
- metadata +40 -107
- data/History.txt +0 -218
- data/License.txt +0 -30
- data/README.txt +0 -13
- data/TODO-1_9-support.txt +0 -23
- data/lib/jopenssl18/openssl/bn.rb +0 -35
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -65
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -61
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -179
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -153
- data/lib/jopenssl18/openssl/x509.rb +0 -1
- data/lib/jopenssl18/openssl.rb +0 -67
- data/lib/jopenssl19/openssl/bn.rb +0 -35
- data/lib/jopenssl19/openssl/buffering.rb +0 -449
- data/lib/jopenssl19/openssl/cipher.rb +0 -65
- data/lib/jopenssl19/openssl/config.rb +0 -313
- data/lib/jopenssl19/openssl/digest.rb +0 -72
- data/lib/jopenssl19/openssl/ssl-internal.rb +0 -177
- data/lib/jopenssl19/openssl/ssl.rb +0 -2
- data/lib/jopenssl19/openssl/x509-internal.rb +0 -158
- data/lib/jopenssl19/openssl/x509.rb +0 -2
- data/lib/jopenssl19/openssl.rb +0 -23
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/openssl/ssl-internal.rb +0 -5
- data/lib/openssl/x509-internal.rb +0 -5
- data/test/java/pkcs7_mime_enveloped.message +0 -19
- data/test/java/pkcs7_mime_signed.message +0 -30
- data/test/java/pkcs7_multipart_signed.message +0 -45
- data/test/java/test_java_attribute.rb +0 -25
- data/test/java/test_java_bio.rb +0 -42
- data/test/java/test_java_mime.rb +0 -173
- data/test/java/test_java_pkcs7.rb +0 -772
- data/test/java/test_java_smime.rb +0 -177
- data/test/test_java.rb +0 -98
- data/test/ut_eof.rb +0 -128
@@ -1,313 +0,0 @@
|
|
1
|
-
=begin
|
2
|
-
= Ruby-space definitions that completes C-space funcs for Config
|
3
|
-
|
4
|
-
= Info
|
5
|
-
Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
|
6
|
-
|
7
|
-
= Licence
|
8
|
-
This program is licenced under the same licence as Ruby.
|
9
|
-
(See the file 'LICENCE'.)
|
10
|
-
|
11
|
-
=end
|
12
|
-
|
13
|
-
require 'stringio'
|
14
|
-
|
15
|
-
module OpenSSL
|
16
|
-
class Config
|
17
|
-
include Enumerable
|
18
|
-
|
19
|
-
class << self
|
20
|
-
def parse(str)
|
21
|
-
c = new()
|
22
|
-
parse_config(StringIO.new(str)).each do |section, hash|
|
23
|
-
c[section] = hash
|
24
|
-
end
|
25
|
-
c
|
26
|
-
end
|
27
|
-
|
28
|
-
alias load new
|
29
|
-
|
30
|
-
def parse_config(io)
|
31
|
-
begin
|
32
|
-
parse_config_lines(io)
|
33
|
-
rescue ConfigError => e
|
34
|
-
e.message.replace("error in line #{io.lineno}: " + e.message)
|
35
|
-
raise
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
def get_key_string(data, section, key) # :nodoc:
|
40
|
-
if v = data[section] && data[section][key]
|
41
|
-
return v
|
42
|
-
elsif section == 'ENV'
|
43
|
-
if v = ENV[key]
|
44
|
-
return v
|
45
|
-
end
|
46
|
-
end
|
47
|
-
if v = data['default'] && data['default'][key]
|
48
|
-
return v
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
private
|
53
|
-
|
54
|
-
def parse_config_lines(io)
|
55
|
-
section = 'default'
|
56
|
-
data = {section => {}}
|
57
|
-
while definition = get_definition(io)
|
58
|
-
definition = clear_comments(definition)
|
59
|
-
next if definition.empty?
|
60
|
-
if definition[0] == ?[
|
61
|
-
if /\[([^\]]*)\]/ =~ definition
|
62
|
-
section = $1.strip
|
63
|
-
data[section] ||= {}
|
64
|
-
else
|
65
|
-
raise ConfigError, "missing close square bracket"
|
66
|
-
end
|
67
|
-
else
|
68
|
-
if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
|
69
|
-
if $2
|
70
|
-
section = $1
|
71
|
-
key = $2
|
72
|
-
else
|
73
|
-
key = $1
|
74
|
-
end
|
75
|
-
value = unescape_value(data, section, $3)
|
76
|
-
(data[section] ||= {})[key] = value.strip
|
77
|
-
else
|
78
|
-
raise ConfigError, "missing equal sign"
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
data
|
83
|
-
end
|
84
|
-
|
85
|
-
# escape with backslash
|
86
|
-
QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
|
87
|
-
# escape with backslash and doubled dq
|
88
|
-
QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
|
89
|
-
# escaped char map
|
90
|
-
ESCAPE_MAP = {
|
91
|
-
"r" => "\r",
|
92
|
-
"n" => "\n",
|
93
|
-
"b" => "\b",
|
94
|
-
"t" => "\t",
|
95
|
-
}
|
96
|
-
|
97
|
-
def unescape_value(data, section, value)
|
98
|
-
scanned = []
|
99
|
-
while m = value.match(/['"\\$]/)
|
100
|
-
scanned << m.pre_match
|
101
|
-
c = m[0]
|
102
|
-
value = m.post_match
|
103
|
-
case c
|
104
|
-
when "'"
|
105
|
-
if m = value.match(QUOTE_REGEXP_SQ)
|
106
|
-
scanned << m[1].gsub(/\\(.)/, '\\1')
|
107
|
-
value = m.post_match
|
108
|
-
else
|
109
|
-
break
|
110
|
-
end
|
111
|
-
when '"'
|
112
|
-
if m = value.match(QUOTE_REGEXP_DQ)
|
113
|
-
scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
|
114
|
-
value = m.post_match
|
115
|
-
else
|
116
|
-
break
|
117
|
-
end
|
118
|
-
when "\\"
|
119
|
-
c = value.slice!(0, 1)
|
120
|
-
scanned << (ESCAPE_MAP[c] || c)
|
121
|
-
when "$"
|
122
|
-
ref, value = extract_reference(value)
|
123
|
-
refsec = section
|
124
|
-
if ref.index('::')
|
125
|
-
refsec, ref = ref.split('::', 2)
|
126
|
-
end
|
127
|
-
if v = get_key_string(data, refsec, ref)
|
128
|
-
scanned << v
|
129
|
-
else
|
130
|
-
raise ConfigError, "variable has no value"
|
131
|
-
end
|
132
|
-
else
|
133
|
-
raise 'must not reaced'
|
134
|
-
end
|
135
|
-
end
|
136
|
-
scanned << value
|
137
|
-
scanned.join
|
138
|
-
end
|
139
|
-
|
140
|
-
def extract_reference(value)
|
141
|
-
rest = ''
|
142
|
-
if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
|
143
|
-
value = m[1] || m[2]
|
144
|
-
rest = m.post_match
|
145
|
-
elsif [?(, ?{].include?(value[0])
|
146
|
-
raise ConfigError, "no close brace"
|
147
|
-
end
|
148
|
-
if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
|
149
|
-
return m[0], m.post_match + rest
|
150
|
-
else
|
151
|
-
raise
|
152
|
-
end
|
153
|
-
end
|
154
|
-
|
155
|
-
def clear_comments(line)
|
156
|
-
# FCOMMENT
|
157
|
-
if m = line.match(/\A([\t\n\f ]*);.*\z/)
|
158
|
-
return m[1]
|
159
|
-
end
|
160
|
-
# COMMENT
|
161
|
-
scanned = []
|
162
|
-
while m = line.match(/[#'"\\]/)
|
163
|
-
scanned << m.pre_match
|
164
|
-
c = m[0]
|
165
|
-
line = m.post_match
|
166
|
-
case c
|
167
|
-
when '#'
|
168
|
-
line = nil
|
169
|
-
break
|
170
|
-
when "'", '"'
|
171
|
-
regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
|
172
|
-
scanned << c
|
173
|
-
if m = line.match(regexp)
|
174
|
-
scanned << m[0]
|
175
|
-
line = m.post_match
|
176
|
-
else
|
177
|
-
scanned << line
|
178
|
-
line = nil
|
179
|
-
break
|
180
|
-
end
|
181
|
-
when "\\"
|
182
|
-
scanned << c
|
183
|
-
scanned << line.slice!(0, 1)
|
184
|
-
else
|
185
|
-
raise 'must not reaced'
|
186
|
-
end
|
187
|
-
end
|
188
|
-
scanned << line
|
189
|
-
scanned.join
|
190
|
-
end
|
191
|
-
|
192
|
-
def get_definition(io)
|
193
|
-
if line = get_line(io)
|
194
|
-
while /[^\\]\\\z/ =~ line
|
195
|
-
if extra = get_line(io)
|
196
|
-
line += extra
|
197
|
-
else
|
198
|
-
break
|
199
|
-
end
|
200
|
-
end
|
201
|
-
return line.strip
|
202
|
-
end
|
203
|
-
end
|
204
|
-
|
205
|
-
def get_line(io)
|
206
|
-
if line = io.gets
|
207
|
-
line.gsub(/[\r\n]*/, '')
|
208
|
-
end
|
209
|
-
end
|
210
|
-
end
|
211
|
-
|
212
|
-
def initialize(filename = nil)
|
213
|
-
@data = {}
|
214
|
-
if filename
|
215
|
-
File.open(filename.to_s) do |file|
|
216
|
-
Config.parse_config(file).each do |section, hash|
|
217
|
-
self[section] = hash
|
218
|
-
end
|
219
|
-
end
|
220
|
-
end
|
221
|
-
end
|
222
|
-
|
223
|
-
def get_value(section, key)
|
224
|
-
if section.nil?
|
225
|
-
raise TypeError.new('nil not allowed')
|
226
|
-
end
|
227
|
-
section = 'default' if section.empty?
|
228
|
-
get_key_string(section, key)
|
229
|
-
end
|
230
|
-
|
231
|
-
def value(arg1, arg2 = nil)
|
232
|
-
warn('Config#value is deprecated; use Config#get_value')
|
233
|
-
if arg2.nil?
|
234
|
-
section, key = 'default', arg1
|
235
|
-
else
|
236
|
-
section, key = arg1, arg2
|
237
|
-
end
|
238
|
-
section ||= 'default'
|
239
|
-
section = 'default' if section.empty?
|
240
|
-
get_key_string(section, key)
|
241
|
-
end
|
242
|
-
|
243
|
-
def add_value(section, key, value)
|
244
|
-
check_modify
|
245
|
-
(@data[section] ||= {})[key] = value
|
246
|
-
end
|
247
|
-
|
248
|
-
def [](section)
|
249
|
-
@data[section] || {}
|
250
|
-
end
|
251
|
-
|
252
|
-
def section(name)
|
253
|
-
warn('Config#section is deprecated; use Config#[]')
|
254
|
-
@data[name] || {}
|
255
|
-
end
|
256
|
-
|
257
|
-
def []=(section, pairs)
|
258
|
-
check_modify
|
259
|
-
@data[section] ||= {}
|
260
|
-
pairs.each do |key, value|
|
261
|
-
self.add_value(section, key, value)
|
262
|
-
end
|
263
|
-
end
|
264
|
-
|
265
|
-
def sections
|
266
|
-
@data.keys
|
267
|
-
end
|
268
|
-
|
269
|
-
def to_s
|
270
|
-
ary = []
|
271
|
-
@data.keys.sort.each do |section|
|
272
|
-
ary << "[ #{section} ]\n"
|
273
|
-
@data[section].keys.each do |key|
|
274
|
-
ary << "#{key}=#{@data[section][key]}\n"
|
275
|
-
end
|
276
|
-
ary << "\n"
|
277
|
-
end
|
278
|
-
ary.join
|
279
|
-
end
|
280
|
-
|
281
|
-
def each
|
282
|
-
@data.each do |section, hash|
|
283
|
-
hash.each do |key, value|
|
284
|
-
yield [section, key, value]
|
285
|
-
end
|
286
|
-
end
|
287
|
-
end
|
288
|
-
|
289
|
-
def inspect
|
290
|
-
"#<#{self.class.name} sections=#{sections.inspect}>"
|
291
|
-
end
|
292
|
-
|
293
|
-
protected
|
294
|
-
|
295
|
-
def data
|
296
|
-
@data
|
297
|
-
end
|
298
|
-
|
299
|
-
private
|
300
|
-
|
301
|
-
def initialize_copy(other)
|
302
|
-
@data = other.data.dup
|
303
|
-
end
|
304
|
-
|
305
|
-
def check_modify
|
306
|
-
raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
|
307
|
-
end
|
308
|
-
|
309
|
-
def get_key_string(section, key)
|
310
|
-
Config.get_key_string(@data, section, key)
|
311
|
-
end
|
312
|
-
end
|
313
|
-
end
|
@@ -1,72 +0,0 @@
|
|
1
|
-
#--
|
2
|
-
#
|
3
|
-
# $RCSfile$
|
4
|
-
#
|
5
|
-
# = Ruby-space predefined Digest subclasses
|
6
|
-
#
|
7
|
-
# = Info
|
8
|
-
# 'OpenSSL for Ruby 2' project
|
9
|
-
# Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
10
|
-
# All rights reserved.
|
11
|
-
#
|
12
|
-
# = Licence
|
13
|
-
# This program is licenced under the same licence as Ruby.
|
14
|
-
# (See the file 'LICENCE'.)
|
15
|
-
#
|
16
|
-
# = Version
|
17
|
-
# $Id$
|
18
|
-
#
|
19
|
-
#++
|
20
|
-
|
21
|
-
module OpenSSL
|
22
|
-
class Digest
|
23
|
-
|
24
|
-
alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
|
25
|
-
if OPENSSL_VERSION_NUMBER > 0x00908000
|
26
|
-
alg += %w(SHA224 SHA256 SHA384 SHA512)
|
27
|
-
end
|
28
|
-
|
29
|
-
# Return the +data+ hash computed with +name+ Digest. +name+ is either the
|
30
|
-
# long name or short name of a supported digest algorithm.
|
31
|
-
#
|
32
|
-
# === Examples
|
33
|
-
#
|
34
|
-
# OpenSSL::Digest.digest("SHA256, "abc")
|
35
|
-
#
|
36
|
-
# which is equivalent to:
|
37
|
-
#
|
38
|
-
# OpenSSL::Digest::SHA256.digest("abc")
|
39
|
-
|
40
|
-
def self.digest(name, data)
|
41
|
-
super(data, name)
|
42
|
-
end
|
43
|
-
|
44
|
-
alg.each{|name|
|
45
|
-
klass = Class.new(Digest){
|
46
|
-
define_method(:initialize){|*data|
|
47
|
-
if data.length > 1
|
48
|
-
raise ArgumentError,
|
49
|
-
"wrong number of arguments (#{data.length} for 1)"
|
50
|
-
end
|
51
|
-
super(name, data.first)
|
52
|
-
}
|
53
|
-
}
|
54
|
-
singleton = (class << klass; self; end)
|
55
|
-
singleton.class_eval{
|
56
|
-
define_method(:digest){|data| Digest.digest(name, data) }
|
57
|
-
define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
|
58
|
-
}
|
59
|
-
const_set(name, klass)
|
60
|
-
}
|
61
|
-
|
62
|
-
# This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future.
|
63
|
-
class Digest < Digest
|
64
|
-
def initialize(*args)
|
65
|
-
# add warning
|
66
|
-
super(*args)
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
end # Digest
|
71
|
-
end # OpenSSL
|
72
|
-
|
@@ -1,177 +0,0 @@
|
|
1
|
-
=begin
|
2
|
-
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
|
3
|
-
|
4
|
-
= Info
|
5
|
-
'OpenSSL for Ruby 2' project
|
6
|
-
Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
7
|
-
All rights reserved.
|
8
|
-
|
9
|
-
= Licence
|
10
|
-
This program is licenced under the same licence as Ruby.
|
11
|
-
(See the file 'LICENCE'.)
|
12
|
-
|
13
|
-
= Version
|
14
|
-
$Id$
|
15
|
-
=end
|
16
|
-
|
17
|
-
require "openssl/buffering"
|
18
|
-
require "fcntl"
|
19
|
-
|
20
|
-
module OpenSSL
|
21
|
-
module SSL
|
22
|
-
class SSLContext
|
23
|
-
DEFAULT_PARAMS = {
|
24
|
-
:ssl_version => "SSLv23",
|
25
|
-
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
26
|
-
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
27
|
-
:options => OpenSSL::SSL::OP_ALL,
|
28
|
-
}
|
29
|
-
|
30
|
-
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
31
|
-
DEFAULT_CERT_STORE.set_default_paths
|
32
|
-
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
33
|
-
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
34
|
-
end
|
35
|
-
|
36
|
-
def set_params(params={})
|
37
|
-
params = DEFAULT_PARAMS.merge(params)
|
38
|
-
params.each{|name, value| self.__send__("#{name}=", value) }
|
39
|
-
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
40
|
-
unless self.ca_file or self.ca_path or self.cert_store
|
41
|
-
self.cert_store = DEFAULT_CERT_STORE
|
42
|
-
end
|
43
|
-
end
|
44
|
-
return params
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
module SocketForwarder
|
49
|
-
def addr
|
50
|
-
to_io.addr
|
51
|
-
end
|
52
|
-
|
53
|
-
def peeraddr
|
54
|
-
to_io.peeraddr
|
55
|
-
end
|
56
|
-
|
57
|
-
def setsockopt(level, optname, optval)
|
58
|
-
to_io.setsockopt(level, optname, optval)
|
59
|
-
end
|
60
|
-
|
61
|
-
def getsockopt(level, optname)
|
62
|
-
to_io.getsockopt(level, optname)
|
63
|
-
end
|
64
|
-
|
65
|
-
def fcntl(*args)
|
66
|
-
to_io.fcntl(*args)
|
67
|
-
end
|
68
|
-
|
69
|
-
def closed?
|
70
|
-
to_io.closed?
|
71
|
-
end
|
72
|
-
|
73
|
-
def do_not_reverse_lookup=(flag)
|
74
|
-
to_io.do_not_reverse_lookup = flag
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
module Nonblock
|
79
|
-
def initialize(*args)
|
80
|
-
flag = File::NONBLOCK
|
81
|
-
flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
|
82
|
-
@io.fcntl(Fcntl::F_SETFL, flag)
|
83
|
-
super
|
84
|
-
end
|
85
|
-
end
|
86
|
-
|
87
|
-
def verify_certificate_identity(cert, hostname)
|
88
|
-
should_verify_common_name = true
|
89
|
-
cert.extensions.each{|ext|
|
90
|
-
next if ext.oid != "subjectAltName"
|
91
|
-
ext.value.split(/,\s+/).each{|general_name|
|
92
|
-
if /\ADNS:(.*)/ =~ general_name
|
93
|
-
should_verify_common_name = false
|
94
|
-
reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
|
95
|
-
return true if /\A#{reg}\z/i =~ hostname
|
96
|
-
elsif /\AIP Address:(.*)/ =~ general_name
|
97
|
-
should_verify_common_name = false
|
98
|
-
return true if $1 == hostname
|
99
|
-
end
|
100
|
-
}
|
101
|
-
}
|
102
|
-
if should_verify_common_name
|
103
|
-
cert.subject.to_a.each{|oid, value|
|
104
|
-
if oid == "CN"
|
105
|
-
reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
|
106
|
-
return true if /\A#{reg}\z/i =~ hostname
|
107
|
-
end
|
108
|
-
}
|
109
|
-
end
|
110
|
-
return false
|
111
|
-
end
|
112
|
-
module_function :verify_certificate_identity
|
113
|
-
|
114
|
-
class SSLSocket
|
115
|
-
include Buffering
|
116
|
-
include SocketForwarder
|
117
|
-
include Nonblock
|
118
|
-
|
119
|
-
def post_connection_check(hostname)
|
120
|
-
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
121
|
-
raise SSLError, "hostname does not match the server certificate"
|
122
|
-
end
|
123
|
-
return true
|
124
|
-
end
|
125
|
-
|
126
|
-
def session
|
127
|
-
SSL::Session.new(self)
|
128
|
-
rescue SSL::Session::SessionError
|
129
|
-
nil
|
130
|
-
end
|
131
|
-
end
|
132
|
-
|
133
|
-
class SSLServer
|
134
|
-
include SocketForwarder
|
135
|
-
attr_accessor :start_immediately
|
136
|
-
|
137
|
-
def initialize(svr, ctx)
|
138
|
-
@svr = svr
|
139
|
-
@ctx = ctx
|
140
|
-
unless ctx.session_id_context
|
141
|
-
session_id = OpenSSL::Digest::MD5.hexdigest($0)
|
142
|
-
@ctx.session_id_context = session_id
|
143
|
-
end
|
144
|
-
@start_immediately = true
|
145
|
-
end
|
146
|
-
|
147
|
-
def to_io
|
148
|
-
@svr
|
149
|
-
end
|
150
|
-
|
151
|
-
def listen(backlog=5)
|
152
|
-
@svr.listen(backlog)
|
153
|
-
end
|
154
|
-
|
155
|
-
def shutdown(how=Socket::SHUT_RDWR)
|
156
|
-
@svr.shutdown(how)
|
157
|
-
end
|
158
|
-
|
159
|
-
def accept
|
160
|
-
sock = @svr.accept
|
161
|
-
begin
|
162
|
-
ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
|
163
|
-
ssl.sync_close = true
|
164
|
-
ssl.accept if @start_immediately
|
165
|
-
ssl
|
166
|
-
rescue SSLError => ex
|
167
|
-
sock.close
|
168
|
-
raise ex
|
169
|
-
end
|
170
|
-
end
|
171
|
-
|
172
|
-
def close
|
173
|
-
@svr.close
|
174
|
-
end
|
175
|
-
end
|
176
|
-
end
|
177
|
-
end
|
@@ -1,158 +0,0 @@
|
|
1
|
-
=begin
|
2
|
-
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
|
3
|
-
|
4
|
-
= Info
|
5
|
-
'OpenSSL for Ruby 2' project
|
6
|
-
Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
7
|
-
All rights reserved.
|
8
|
-
|
9
|
-
= Licence
|
10
|
-
This program is licenced under the same licence as Ruby.
|
11
|
-
(See the file 'LICENCE'.)
|
12
|
-
|
13
|
-
= Version
|
14
|
-
$Id$
|
15
|
-
=end
|
16
|
-
|
17
|
-
module OpenSSL
|
18
|
-
module X509
|
19
|
-
class ExtensionFactory
|
20
|
-
def create_extension(*arg)
|
21
|
-
if arg.size > 1
|
22
|
-
create_ext(*arg)
|
23
|
-
else
|
24
|
-
send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
def create_ext_from_array(ary)
|
29
|
-
raise ExtensionError, "unexpected array form" if ary.size > 3
|
30
|
-
create_ext(ary[0], ary[1], ary[2])
|
31
|
-
end
|
32
|
-
|
33
|
-
def create_ext_from_string(str) # "oid = critical, value"
|
34
|
-
oid, value = str.split(/=/, 2)
|
35
|
-
oid.strip!
|
36
|
-
value.strip!
|
37
|
-
create_ext(oid, value)
|
38
|
-
end
|
39
|
-
|
40
|
-
def create_ext_from_hash(hash)
|
41
|
-
create_ext(hash["oid"], hash["value"], hash["critical"])
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
class Extension
|
46
|
-
def to_s # "oid = critical, value"
|
47
|
-
str = self.oid
|
48
|
-
str << " = "
|
49
|
-
str << "critical, " if self.critical?
|
50
|
-
str << self.value.gsub(/\n/, ", ")
|
51
|
-
end
|
52
|
-
|
53
|
-
def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
|
54
|
-
{"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
|
55
|
-
end
|
56
|
-
|
57
|
-
def to_a
|
58
|
-
[ self.oid, self.value, self.critical? ]
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
62
|
-
class Name
|
63
|
-
module RFC2253DN
|
64
|
-
Special = ',=+<>#;'
|
65
|
-
HexChar = /[0-9a-fA-F]/
|
66
|
-
HexPair = /#{HexChar}#{HexChar}/
|
67
|
-
HexString = /#{HexPair}+/
|
68
|
-
Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
|
69
|
-
StringChar = /[^#{Special}\\"]/
|
70
|
-
QuoteChar = /[^\\"]/
|
71
|
-
AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
|
72
|
-
AttributeValue = /
|
73
|
-
(?!["#])((?:#{StringChar}|#{Pair})*)|
|
74
|
-
\#(#{HexString})|
|
75
|
-
"((?:#{QuoteChar}|#{Pair})*)"
|
76
|
-
/x
|
77
|
-
TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
|
78
|
-
|
79
|
-
module_function
|
80
|
-
|
81
|
-
def expand_pair(str)
|
82
|
-
return nil unless str
|
83
|
-
return str.gsub(Pair){
|
84
|
-
pair = $&
|
85
|
-
case pair.size
|
86
|
-
when 2 then pair[1,1]
|
87
|
-
when 3 then Integer("0x#{pair[1,2]}").chr
|
88
|
-
else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
|
89
|
-
end
|
90
|
-
}
|
91
|
-
end
|
92
|
-
|
93
|
-
def expand_hexstring(str)
|
94
|
-
return nil unless str
|
95
|
-
der = str.gsub(HexPair){$&.to_i(16).chr }
|
96
|
-
a1 = OpenSSL::ASN1.decode(der)
|
97
|
-
return a1.value, a1.tag
|
98
|
-
end
|
99
|
-
|
100
|
-
def expand_value(str1, str2, str3)
|
101
|
-
value = expand_pair(str1)
|
102
|
-
value, tag = expand_hexstring(str2) unless value
|
103
|
-
value = expand_pair(str3) unless value
|
104
|
-
return value, tag
|
105
|
-
end
|
106
|
-
|
107
|
-
def scan(dn)
|
108
|
-
str = dn
|
109
|
-
ary = []
|
110
|
-
while true
|
111
|
-
if md = TypeAndValue.match(str)
|
112
|
-
remain = md.post_match
|
113
|
-
type = md[1]
|
114
|
-
value, tag = expand_value(md[2], md[3], md[4]) rescue nil
|
115
|
-
if value
|
116
|
-
type_and_value = [type, value]
|
117
|
-
type_and_value.push(tag) if tag
|
118
|
-
ary.unshift(type_and_value)
|
119
|
-
if remain.length > 2 && remain[0] == ?,
|
120
|
-
str = remain[1..-1]
|
121
|
-
next
|
122
|
-
elsif remain.length > 2 && remain[0] == ?+
|
123
|
-
raise OpenSSL::X509::NameError,
|
124
|
-
"multi-valued RDN is not supported: #{dn}"
|
125
|
-
elsif remain.empty?
|
126
|
-
break
|
127
|
-
end
|
128
|
-
end
|
129
|
-
end
|
130
|
-
msg_dn = dn[0, dn.length - str.length] + " =>" + str
|
131
|
-
raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
|
132
|
-
end
|
133
|
-
return ary
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
class << self
|
138
|
-
def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
|
139
|
-
ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
|
140
|
-
self.new(ary, template)
|
141
|
-
end
|
142
|
-
|
143
|
-
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
144
|
-
ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
|
145
|
-
self.new(ary, template)
|
146
|
-
end
|
147
|
-
|
148
|
-
alias parse parse_openssl
|
149
|
-
end
|
150
|
-
end
|
151
|
-
|
152
|
-
class StoreContext
|
153
|
-
def cleanup
|
154
|
-
warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
|
155
|
-
end
|
156
|
-
end
|
157
|
-
end
|
158
|
-
end
|