jruby-openssl 0.9.4 → 0.14.0-java

data/lib/openssl/pkcs12.rb

@@ -5,15 +5,8 @@ module OpenSSL
     class PKCS12Error < OpenSSLError
     end
 
-    java_import java.io.StringReader
-    java_import java.io.StringBufferInputStream
-    java_import java.security.cert.CertificateFactory
-    java_import java.security.cert.Certificate
-    java_import java.security.KeyStore
-    java_import java.io.ByteArrayOutputStream
-    java_import org.bouncycastle.openssl.PEMReader
-
-    java.security.Security.add_provider(org.bouncycastle.jce.provider.BouncyCastleProvider.new)
+    java_import 'org.jruby.ext.openssl.PEMUtils'
+    java_import 'org.jruby.ext.openssl.SecurityHelper'
 
     def self.create(pass, name, key, cert, ca = nil)
       pkcs12 = self.new
@@ -23,114 +16,82 @@ module OpenSSL
 
     attr_reader :key, :certificate, :ca_certs
 
-    def initialize(str = nil, pass = nil)
-      if str
-        if str.is_a?(File)
-          file = File.open(str.path, "rb")
-          @der = file.read
-          file.close
-        else
-          @der = str
-        end
+    def initialize(str = nil, password = '')
+      return @der = nil unless str
 
-        p12_input_stream = StringBufferInputStream.new(@der)
+      if str.is_a?(File)
+        file = File.open(str.path, "rb")
+        @der = file.read
+        file.close
+      else
+        str.force_encoding(Encoding::ASCII_8BIT) if str.respond_to?(:force_encoding)
+        @der = str
+      end
 
-        store = KeyStore.get_instance("PKCS12")
-        password = pass.nil? ? "" : pass
-        begin
-          store.load(p12_input_stream, password.to_java.to_char_array)
-        rescue java.lang.Exception => e
-          raise PKCS12Error, "Exception: #{e}"
-        end
+      store = SecurityHelper.getKeyStore("PKCS12")
+      store.load(java.io.ByteArrayInputStream.new(@der.to_java_bytes), password.to_java.to_char_array)
 
-        aliases = store.aliases
-        aliases.each { |alias_name|
-          if store.is_key_entry(alias_name)
-            begin
-              java_certificate = store.get_certificate(alias_name)
-            rescue java.lang.Exception => e
-              raise PKCS12Error, "Exception: #{e}"
-            end
-            if java_certificate
-              der = String.from_java_bytes(java_certificate.get_encoded)
-              @certificate = OpenSSL::X509::Certificate.new(der)
-            end
+      aliases = store.aliases
+      aliases.each do |alias_name|
+        if store.is_key_entry(alias_name)
+          if java_certificate = store.get_certificate(alias_name)
+            der = String.from_java_bytes(java_certificate.get_encoded)
+            @certificate = OpenSSL::X509::Certificate.new(der)
+          end
 
-            begin
-              java_key = store.get_key(alias_name, password.to_java.to_char_array)
-            rescue java.lang.Exception => e
-              raise PKCS12Error, "Exception: #{e}"
-            end
-            if java_key
-              der = String.from_java_bytes(java_key.get_encoded)
-              algorithm = java_key.get_algorithm
-              if algorithm == "RSA"
-                @key = OpenSSL::PKey::RSA.new(der)
-              elsif algorithm == "DSA"
-                @key = OpenSSL::PKey::DSA.new(der)
-              elsif algorithm == "DH"
-                @key = OpenSSL::PKey::DH.new(der)
-              elsif algorithm == "EC"
-                @key = OpenSSL::PKey::EC.new(der)
-              else
-                raise PKCS12Error, "Unknown key algorithm"
-              end
+          java_key = store.get_key(alias_name, password.to_java.to_char_array)
+          if java_key
+            der = String.from_java_bytes(java_key.get_encoded)
+            algorithm = java_key.get_algorithm
+            if algorithm == "RSA"
+              @key = OpenSSL::PKey::RSA.new(der)
+            elsif algorithm == "DSA"
+              @key = OpenSSL::PKey::DSA.new(der)
+            elsif algorithm == "DH"
+              @key = OpenSSL::PKey::DH.new(der)
+            elsif algorithm == "EC"
+              @key = OpenSSL::PKey::EC.new(der)
+            else
+              raise PKCS12Error, "Unknown key algorithm #{algorithm}"
             end
+          end
 
-            @ca_certs = Array.new
-            begin
-              java_ca_certs = store.get_certificate_chain(alias_name)
-            rescue java.lang.Exception => e
-              raise PKCS12Error, "Exception #{e}"
-            end
-            if java_ca_certs
-              java_ca_certs.each do |java_ca_cert|
-                  der = String.from_java_bytes(java_ca_cert.get_encoded)
-                  ruby_cert = OpenSSL::X509::Certificate.new(der)
-                  if (ruby_cert.to_pem != @certificate.to_pem)
-                    @ca_certs << ruby_cert
-                  end
-              end
+          @ca_certs = Array.new
+          java_ca_certs = store.get_certificate_chain(alias_name)
+          if java_ca_certs
+            java_ca_certs.each do |java_ca_cert|
+                der = String.from_java_bytes(java_ca_cert.get_encoded)
+                ruby_cert = OpenSSL::X509::Certificate.new(der)
+                if (ruby_cert.to_pem != @certificate.to_pem)
+                  @ca_certs << ruby_cert
+                end
             end
           end
           break
-        }
-      else
-        @der = nil
+        end
       end
+    rescue java.lang.Exception => e
+      raise PKCS12Error, e.inspect
     end
 
     def generate(pass, alias_name, key, cert, ca = nil)
-      @key = key
-      @certificate = cert
-      @ca_certs = ca
-
-      key_reader = StringReader.new(key.to_pem)
-      key_pair = PEMReader.new(key_reader).read_object
+      @key, @certificate, @ca_certs = key, cert, ca
 
       certificates = cert.to_pem
-      if ca
-        ca.each { |ca_cert| 
-          certificates << ca_cert.to_pem
-        }
-      end
-
-      cert_input_stream = StringBufferInputStream.new(certificates)
-      certs = CertificateFactory.get_instance("X.509").generate_certificates(cert_input_stream)
+      ca.each { |ca_cert| certificates << ca_cert.to_pem } if ca
 
-      store = KeyStore.get_instance("PKCS12", "BC")
-      store.load(nil, nil)
-      store.set_key_entry(alias_name, key_pair.get_private, nil, certs.to_array(Java::java.security.cert.Certificate[certs.size].new))
-
-      pkcs12_output_stream = ByteArrayOutputStream.new
-      password = pass.nil? ? "" : pass;
       begin
-        store.store(pkcs12_output_stream, password.to_java.to_char_array)
-      rescue java.lang.Exception => e
-        raise PKCS12Error, "Exception: #{e}"
-      end 
+        der_bytes = PEMUtils.generatePKCS12(
+          java.io.StringReader.new(key.to_pem), certificates.to_java_bytes,
+          alias_name, ( pass.nil? ? "" : pass ).to_java.to_char_array
+        )
+      rescue java.security.KeyStoreException, java.security.cert.CertificateException => e
+        raise PKCS12Error, e.message
+      rescue java.security.GeneralSecurityException, java.io.IOException => e
+        raise PKCS12Error, e.inspect
+      end
 
-      @der = String.from_java_bytes(pkcs12_output_stream.to_byte_array)
+      @der = String.from_java_bytes(der_bytes)
     end
 
     def to_der

data/lib/openssl/pkcs5.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+#--
+# Ruby/OpenSSL Project
+# Copyright (C) 2017 Ruby/OpenSSL Project Authors
+#++
+
+# module OpenSSL
+#   module PKCS5
+#     module_function
+#
+#     # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
+#     # This method is provided for backwards compatibility.
+#     def pbkdf2_hmac(pass, salt, iter, keylen, digest)
+#       OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter,
+#                                length: keylen, hash: digest)
+#     end
+#
+#     def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
+#       pbkdf2_hmac(pass, salt, iter, keylen, "sha1")
+#     end
+#   end
+# end

data/lib/openssl/pkey.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+#--
+# Ruby/OpenSSL Project
+# Copyright (C) 2017 Ruby/OpenSSL Project Authors
+#++
+
+require_relative 'marshal'
+
+module OpenSSL::PKey
+  class DH
+    include OpenSSL::Marshal
+  end
+
+  class DSA
+    include OpenSSL::Marshal
+  end
+
+  if defined?(EC)
+  class EC
+    include OpenSSL::Marshal
+  end
+  class EC::Point
+    # :call-seq:
+    #    point.to_bn([conversion_form]) -> OpenSSL::BN
+    #
+    # Returns the octet string representation of the EC point as an instance of
+    # OpenSSL::BN.
+    #
+    # If _conversion_form_ is not given, the _point_conversion_form_ attribute
+    # set to the group is used.
+    #
+    # See #to_octet_string for more information.
+    # def to_bn(conversion_form = group.point_conversion_form)
+    #   OpenSSL::BN.new(to_octet_string(conversion_form), 2)
+    # end
+  end
+  end
+
+  class RSA
+    include OpenSSL::Marshal
+  end
+end