jruby-openssl 0.9.4 → 0.14.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/History.md +652 -0
- data/LICENSE.txt +37 -0
- data/Mavenfile +163 -5
- data/README.md +75 -0
- data/Rakefile +52 -2
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +75 -16
- data/lib/jopenssl/version.rb +9 -4
- data/lib/jopenssl.jar +0 -0
- data/lib/openssl/bn.rb +40 -5
- data/lib/openssl/buffering.rb +477 -4
- data/lib/openssl/cipher.rb +67 -5
- data/lib/openssl/config.rb +500 -4
- data/lib/openssl/digest.rb +73 -5
- data/lib/openssl/hmac.rb +13 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs12.rb +60 -99
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/pkey.rb +42 -0
- data/lib/openssl/ssl.rb +542 -4
- data/lib/openssl/x509.rb +368 -4
- data/lib/openssl.rb +3 -1
- data/lib/org/bouncycastle/bcpkix-jdk18on/1.71/bcpkix-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk18on/1.71/bcprov-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk18on/1.71/bctls-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcutil-jdk18on/1.71/bcutil-jdk18on-1.71.jar +0 -0
- data/pom.xml +772 -0
- metadata +40 -107
- data/History.txt +0 -218
- data/License.txt +0 -30
- data/README.txt +0 -13
- data/TODO-1_9-support.txt +0 -23
- data/lib/jopenssl18/openssl/bn.rb +0 -35
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -65
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -61
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -179
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -153
- data/lib/jopenssl18/openssl/x509.rb +0 -1
- data/lib/jopenssl18/openssl.rb +0 -67
- data/lib/jopenssl19/openssl/bn.rb +0 -35
- data/lib/jopenssl19/openssl/buffering.rb +0 -449
- data/lib/jopenssl19/openssl/cipher.rb +0 -65
- data/lib/jopenssl19/openssl/config.rb +0 -313
- data/lib/jopenssl19/openssl/digest.rb +0 -72
- data/lib/jopenssl19/openssl/ssl-internal.rb +0 -177
- data/lib/jopenssl19/openssl/ssl.rb +0 -2
- data/lib/jopenssl19/openssl/x509-internal.rb +0 -158
- data/lib/jopenssl19/openssl/x509.rb +0 -2
- data/lib/jopenssl19/openssl.rb +0 -23
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/openssl/ssl-internal.rb +0 -5
- data/lib/openssl/x509-internal.rb +0 -5
- data/test/java/pkcs7_mime_enveloped.message +0 -19
- data/test/java/pkcs7_mime_signed.message +0 -30
- data/test/java/pkcs7_multipart_signed.message +0 -45
- data/test/java/test_java_attribute.rb +0 -25
- data/test/java/test_java_bio.rb +0 -42
- data/test/java/test_java_mime.rb +0 -173
- data/test/java/test_java_pkcs7.rb +0 -772
- data/test/java/test_java_smime.rb +0 -177
- data/test/test_java.rb +0 -98
- data/test/ut_eof.rb +0 -128
data/lib/openssl/pkcs12.rb
CHANGED
@@ -5,15 +5,8 @@ module OpenSSL
|
|
5
5
|
class PKCS12Error < OpenSSLError
|
6
6
|
end
|
7
7
|
|
8
|
-
java_import
|
9
|
-
java_import
|
10
|
-
java_import java.security.cert.CertificateFactory
|
11
|
-
java_import java.security.cert.Certificate
|
12
|
-
java_import java.security.KeyStore
|
13
|
-
java_import java.io.ByteArrayOutputStream
|
14
|
-
java_import org.bouncycastle.openssl.PEMReader
|
15
|
-
|
16
|
-
java.security.Security.add_provider(org.bouncycastle.jce.provider.BouncyCastleProvider.new)
|
8
|
+
java_import 'org.jruby.ext.openssl.PEMUtils'
|
9
|
+
java_import 'org.jruby.ext.openssl.SecurityHelper'
|
17
10
|
|
18
11
|
def self.create(pass, name, key, cert, ca = nil)
|
19
12
|
pkcs12 = self.new
|
@@ -23,114 +16,82 @@ module OpenSSL
|
|
23
16
|
|
24
17
|
attr_reader :key, :certificate, :ca_certs
|
25
18
|
|
26
|
-
def initialize(str = nil,
|
27
|
-
|
28
|
-
if str.is_a?(File)
|
29
|
-
file = File.open(str.path, "rb")
|
30
|
-
@der = file.read
|
31
|
-
file.close
|
32
|
-
else
|
33
|
-
@der = str
|
34
|
-
end
|
19
|
+
def initialize(str = nil, password = '')
|
20
|
+
return @der = nil unless str
|
35
21
|
|
36
|
-
|
22
|
+
if str.is_a?(File)
|
23
|
+
file = File.open(str.path, "rb")
|
24
|
+
@der = file.read
|
25
|
+
file.close
|
26
|
+
else
|
27
|
+
str.force_encoding(Encoding::ASCII_8BIT) if str.respond_to?(:force_encoding)
|
28
|
+
@der = str
|
29
|
+
end
|
37
30
|
|
38
|
-
|
39
|
-
|
40
|
-
begin
|
41
|
-
store.load(p12_input_stream, password.to_java.to_char_array)
|
42
|
-
rescue java.lang.Exception => e
|
43
|
-
raise PKCS12Error, "Exception: #{e}"
|
44
|
-
end
|
31
|
+
store = SecurityHelper.getKeyStore("PKCS12")
|
32
|
+
store.load(java.io.ByteArrayInputStream.new(@der.to_java_bytes), password.to_java.to_char_array)
|
45
33
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
end
|
54
|
-
if java_certificate
|
55
|
-
der = String.from_java_bytes(java_certificate.get_encoded)
|
56
|
-
@certificate = OpenSSL::X509::Certificate.new(der)
|
57
|
-
end
|
34
|
+
aliases = store.aliases
|
35
|
+
aliases.each do |alias_name|
|
36
|
+
if store.is_key_entry(alias_name)
|
37
|
+
if java_certificate = store.get_certificate(alias_name)
|
38
|
+
der = String.from_java_bytes(java_certificate.get_encoded)
|
39
|
+
@certificate = OpenSSL::X509::Certificate.new(der)
|
40
|
+
end
|
58
41
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
elsif algorithm == "EC"
|
74
|
-
@key = OpenSSL::PKey::EC.new(der)
|
75
|
-
else
|
76
|
-
raise PKCS12Error, "Unknown key algorithm"
|
77
|
-
end
|
42
|
+
java_key = store.get_key(alias_name, password.to_java.to_char_array)
|
43
|
+
if java_key
|
44
|
+
der = String.from_java_bytes(java_key.get_encoded)
|
45
|
+
algorithm = java_key.get_algorithm
|
46
|
+
if algorithm == "RSA"
|
47
|
+
@key = OpenSSL::PKey::RSA.new(der)
|
48
|
+
elsif algorithm == "DSA"
|
49
|
+
@key = OpenSSL::PKey::DSA.new(der)
|
50
|
+
elsif algorithm == "DH"
|
51
|
+
@key = OpenSSL::PKey::DH.new(der)
|
52
|
+
elsif algorithm == "EC"
|
53
|
+
@key = OpenSSL::PKey::EC.new(der)
|
54
|
+
else
|
55
|
+
raise PKCS12Error, "Unknown key algorithm #{algorithm}"
|
78
56
|
end
|
57
|
+
end
|
79
58
|
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
ruby_cert = OpenSSL::X509::Certificate.new(der)
|
90
|
-
if (ruby_cert.to_pem != @certificate.to_pem)
|
91
|
-
@ca_certs << ruby_cert
|
92
|
-
end
|
93
|
-
end
|
59
|
+
@ca_certs = Array.new
|
60
|
+
java_ca_certs = store.get_certificate_chain(alias_name)
|
61
|
+
if java_ca_certs
|
62
|
+
java_ca_certs.each do |java_ca_cert|
|
63
|
+
der = String.from_java_bytes(java_ca_cert.get_encoded)
|
64
|
+
ruby_cert = OpenSSL::X509::Certificate.new(der)
|
65
|
+
if (ruby_cert.to_pem != @certificate.to_pem)
|
66
|
+
@ca_certs << ruby_cert
|
67
|
+
end
|
94
68
|
end
|
95
69
|
end
|
96
70
|
break
|
97
|
-
|
98
|
-
else
|
99
|
-
@der = nil
|
71
|
+
end
|
100
72
|
end
|
73
|
+
rescue java.lang.Exception => e
|
74
|
+
raise PKCS12Error, e.inspect
|
101
75
|
end
|
102
76
|
|
103
77
|
def generate(pass, alias_name, key, cert, ca = nil)
|
104
|
-
@key = key
|
105
|
-
@certificate = cert
|
106
|
-
@ca_certs = ca
|
107
|
-
|
108
|
-
key_reader = StringReader.new(key.to_pem)
|
109
|
-
key_pair = PEMReader.new(key_reader).read_object
|
78
|
+
@key, @certificate, @ca_certs = key, cert, ca
|
110
79
|
|
111
80
|
certificates = cert.to_pem
|
112
|
-
if ca
|
113
|
-
ca.each { |ca_cert|
|
114
|
-
certificates << ca_cert.to_pem
|
115
|
-
}
|
116
|
-
end
|
117
|
-
|
118
|
-
cert_input_stream = StringBufferInputStream.new(certificates)
|
119
|
-
certs = CertificateFactory.get_instance("X.509").generate_certificates(cert_input_stream)
|
81
|
+
ca.each { |ca_cert| certificates << ca_cert.to_pem } if ca
|
120
82
|
|
121
|
-
store = KeyStore.get_instance("PKCS12", "BC")
|
122
|
-
store.load(nil, nil)
|
123
|
-
store.set_key_entry(alias_name, key_pair.get_private, nil, certs.to_array(Java::java.security.cert.Certificate[certs.size].new))
|
124
|
-
|
125
|
-
pkcs12_output_stream = ByteArrayOutputStream.new
|
126
|
-
password = pass.nil? ? "" : pass;
|
127
83
|
begin
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
84
|
+
der_bytes = PEMUtils.generatePKCS12(
|
85
|
+
java.io.StringReader.new(key.to_pem), certificates.to_java_bytes,
|
86
|
+
alias_name, ( pass.nil? ? "" : pass ).to_java.to_char_array
|
87
|
+
)
|
88
|
+
rescue java.security.KeyStoreException, java.security.cert.CertificateException => e
|
89
|
+
raise PKCS12Error, e.message
|
90
|
+
rescue java.security.GeneralSecurityException, java.io.IOException => e
|
91
|
+
raise PKCS12Error, e.inspect
|
92
|
+
end
|
132
93
|
|
133
|
-
@der = String.from_java_bytes(
|
94
|
+
@der = String.from_java_bytes(der_bytes)
|
134
95
|
end
|
135
96
|
|
136
97
|
def to_der
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#--
|
3
|
+
# Ruby/OpenSSL Project
|
4
|
+
# Copyright (C) 2017 Ruby/OpenSSL Project Authors
|
5
|
+
#++
|
6
|
+
|
7
|
+
# module OpenSSL
|
8
|
+
# module PKCS5
|
9
|
+
# module_function
|
10
|
+
#
|
11
|
+
# # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
|
12
|
+
# # This method is provided for backwards compatibility.
|
13
|
+
# def pbkdf2_hmac(pass, salt, iter, keylen, digest)
|
14
|
+
# OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter,
|
15
|
+
# length: keylen, hash: digest)
|
16
|
+
# end
|
17
|
+
#
|
18
|
+
# def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
|
19
|
+
# pbkdf2_hmac(pass, salt, iter, keylen, "sha1")
|
20
|
+
# end
|
21
|
+
# end
|
22
|
+
# end
|
data/lib/openssl/pkey.rb
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#--
|
3
|
+
# Ruby/OpenSSL Project
|
4
|
+
# Copyright (C) 2017 Ruby/OpenSSL Project Authors
|
5
|
+
#++
|
6
|
+
|
7
|
+
require_relative 'marshal'
|
8
|
+
|
9
|
+
module OpenSSL::PKey
|
10
|
+
class DH
|
11
|
+
include OpenSSL::Marshal
|
12
|
+
end
|
13
|
+
|
14
|
+
class DSA
|
15
|
+
include OpenSSL::Marshal
|
16
|
+
end
|
17
|
+
|
18
|
+
if defined?(EC)
|
19
|
+
class EC
|
20
|
+
include OpenSSL::Marshal
|
21
|
+
end
|
22
|
+
class EC::Point
|
23
|
+
# :call-seq:
|
24
|
+
# point.to_bn([conversion_form]) -> OpenSSL::BN
|
25
|
+
#
|
26
|
+
# Returns the octet string representation of the EC point as an instance of
|
27
|
+
# OpenSSL::BN.
|
28
|
+
#
|
29
|
+
# If _conversion_form_ is not given, the _point_conversion_form_ attribute
|
30
|
+
# set to the group is used.
|
31
|
+
#
|
32
|
+
# See #to_octet_string for more information.
|
33
|
+
# def to_bn(conversion_form = group.point_conversion_form)
|
34
|
+
# OpenSSL::BN.new(to_octet_string(conversion_form), 2)
|
35
|
+
# end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
class RSA
|
40
|
+
include OpenSSL::Marshal
|
41
|
+
end
|
42
|
+
end
|