jruby-openssl 0.9.7-java → 0.9.8-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/History.md +68 -23
- data/Rakefile +12 -1
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/load.rb +22 -17
- data/lib/jopenssl/version.rb +1 -1
- data/lib/jopenssl18/openssl/ssl-internal.rb +1 -44
- data/lib/jopenssl19/openssl/config.rb +164 -5
- data/lib/jopenssl19/openssl/ssl-internal.rb +15 -51
- data/lib/jopenssl21/openssl/bn.rb +0 -1
- data/lib/jopenssl21/openssl/buffering.rb +1 -449
- data/lib/jopenssl21/openssl/cipher.rb +1 -28
- data/lib/jopenssl21/openssl/config.rb +1 -313
- data/lib/jopenssl21/openssl/digest.rb +1 -49
- data/lib/jopenssl21/openssl/ssl.rb +1 -205
- data/lib/jopenssl22/openssl.rb +22 -0
- data/lib/jopenssl22/openssl/bn.rb +39 -0
- data/lib/jopenssl22/openssl/buffering.rb +456 -0
- data/lib/jopenssl22/openssl/cipher.rb +28 -0
- data/lib/jopenssl22/openssl/config.rb +313 -0
- data/lib/jopenssl22/openssl/digest.rb +54 -0
- data/lib/jopenssl22/openssl/ssl.rb +193 -0
- data/lib/jopenssl22/openssl/x509.rb +139 -0
- data/lib/openssl/bn.rb +8 -6
- data/lib/openssl/buffering.rb +8 -6
- data/lib/openssl/cipher.rb +8 -6
- data/lib/openssl/config.rb +8 -6
- data/lib/openssl/digest.rb +8 -6
- data/lib/openssl/pkcs12.rb +3 -3
- data/lib/openssl/pkcs7.rb +6 -4
- data/lib/openssl/ssl-internal.rb +7 -5
- data/lib/openssl/ssl.rb +8 -6
- data/lib/openssl/x509-internal.rb +7 -5
- data/lib/openssl/x509.rb +8 -6
- metadata +23 -15
@@ -15,70 +15,39 @@
|
|
15
15
|
=end
|
16
16
|
|
17
17
|
require "openssl/buffering"
|
18
|
-
require
|
18
|
+
require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
|
19
19
|
|
20
20
|
module OpenSSL
|
21
21
|
module SSL
|
22
|
-
module SocketForwarder
|
23
|
-
def addr
|
24
|
-
to_io.addr
|
25
|
-
end
|
26
|
-
|
27
|
-
def peeraddr
|
28
|
-
to_io.peeraddr
|
29
|
-
end
|
30
|
-
|
31
|
-
def setsockopt(level, optname, optval)
|
32
|
-
to_io.setsockopt(level, optname, optval)
|
33
|
-
end
|
34
|
-
|
35
|
-
def getsockopt(level, optname)
|
36
|
-
to_io.getsockopt(level, optname)
|
37
|
-
end
|
38
|
-
|
39
|
-
def fcntl(*args)
|
40
|
-
to_io.fcntl(*args)
|
41
|
-
end
|
42
|
-
|
43
|
-
def closed?
|
44
|
-
to_io.closed?
|
45
|
-
end
|
46
|
-
|
47
|
-
def do_not_reverse_lookup=(flag)
|
48
|
-
to_io.do_not_reverse_lookup = flag
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
module Nonblock
|
53
|
-
def initialize(*args)
|
54
|
-
flag = File::NONBLOCK
|
55
|
-
flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
|
56
|
-
@io.fcntl(Fcntl::F_SETFL, flag)
|
57
|
-
super
|
58
|
-
end
|
59
|
-
end
|
60
22
|
|
61
23
|
def verify_certificate_identity(cert, hostname)
|
62
24
|
should_verify_common_name = true
|
63
|
-
cert.extensions.each{|ext|
|
25
|
+
cert.extensions.each { |ext|
|
64
26
|
next if ext.oid != "subjectAltName"
|
65
|
-
ext.value.split(/,\s+/).each{|general_name|
|
27
|
+
ext.value.split(/,\s+/).each { |general_name|
|
28
|
+
# MRI 1.9.3 (since we parse ASN.1 differently)
|
29
|
+
# when 2 # dNSName in GeneralName (RFC5280)
|
66
30
|
if /\ADNS:(.*)/ =~ general_name
|
67
31
|
should_verify_common_name = false
|
68
32
|
reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
|
69
33
|
return true if /\A#{reg}\z/i =~ hostname
|
70
|
-
#
|
71
|
-
#
|
72
|
-
# not sure how that's possible possible to-do!
|
34
|
+
# MRI 1.9.3 (since we parse ASN.1 differently)
|
35
|
+
# when 7 # iPAddress in GeneralName (RFC5280)
|
73
36
|
elsif /\AIP(?: Address)?:(.*)/ =~ general_name
|
74
|
-
#elsif /\AIP Address:(.*)/ =~ general_name
|
75
37
|
should_verify_common_name = false
|
76
38
|
return true if $1 == hostname
|
39
|
+
# NOTE: bellow logic makes little sense as we read exts differently
|
40
|
+
#value = $1 # follows GENERAL_NAME_print() in x509v3/v3_alt.c
|
41
|
+
#if value.size == 4
|
42
|
+
# return true if value.unpack('C*').join('.') == hostname
|
43
|
+
#elsif value.size == 16
|
44
|
+
# return true if value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
|
45
|
+
#end
|
77
46
|
end
|
78
47
|
}
|
79
48
|
}
|
80
49
|
if should_verify_common_name
|
81
|
-
cert.subject.to_a.each{|oid, value|
|
50
|
+
cert.subject.to_a.each { |oid, value|
|
82
51
|
if oid == "CN"
|
83
52
|
reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
|
84
53
|
return true if /\A#{reg}\z/i =~ hostname
|
@@ -101,11 +70,6 @@ module OpenSSL
|
|
101
70
|
return true
|
102
71
|
end
|
103
72
|
|
104
|
-
def session
|
105
|
-
SSL::Session.new(self)
|
106
|
-
rescue SSL::Session::SessionError
|
107
|
-
nil
|
108
|
-
end
|
109
73
|
end
|
110
74
|
|
111
75
|
class SSLServer
|
@@ -1,449 +1 @@
|
|
1
|
-
|
2
|
-
= $RCSfile$ -- Buffering mix-in module.
|
3
|
-
|
4
|
-
= Info
|
5
|
-
'OpenSSL for Ruby 2' project
|
6
|
-
Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
7
|
-
All rights reserved.
|
8
|
-
|
9
|
-
= Licence
|
10
|
-
This program is licenced under the same licence as Ruby.
|
11
|
-
(See the file 'LICENCE'.)
|
12
|
-
|
13
|
-
= Version
|
14
|
-
$Id$
|
15
|
-
=end
|
16
|
-
|
17
|
-
##
|
18
|
-
# OpenSSL IO buffering mix-in module.
|
19
|
-
#
|
20
|
-
# This module allows an OpenSSL::SSL::SSLSocket to behave like an IO.
|
21
|
-
|
22
|
-
module OpenSSL::Buffering
|
23
|
-
include Enumerable
|
24
|
-
|
25
|
-
##
|
26
|
-
# The "sync mode" of the SSLSocket.
|
27
|
-
#
|
28
|
-
# See IO#sync for full details.
|
29
|
-
|
30
|
-
attr_accessor :sync
|
31
|
-
|
32
|
-
##
|
33
|
-
# Default size to read from or write to the SSLSocket for buffer operations.
|
34
|
-
|
35
|
-
BLOCK_SIZE = 1024*16
|
36
|
-
|
37
|
-
def initialize(*args)
|
38
|
-
@eof = false
|
39
|
-
@rbuffer = ""
|
40
|
-
@sync = @io.sync
|
41
|
-
end
|
42
|
-
|
43
|
-
#
|
44
|
-
# for reading.
|
45
|
-
#
|
46
|
-
private
|
47
|
-
|
48
|
-
##
|
49
|
-
# Fills the buffer from the underlying SSLSocket
|
50
|
-
|
51
|
-
def fill_rbuff
|
52
|
-
begin
|
53
|
-
@rbuffer << self.sysread(BLOCK_SIZE)
|
54
|
-
rescue Errno::EAGAIN
|
55
|
-
retry
|
56
|
-
rescue EOFError
|
57
|
-
@eof = true
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
##
|
62
|
-
# Consumes +size+ bytes from the buffer
|
63
|
-
|
64
|
-
def consume_rbuff(size=nil)
|
65
|
-
if @rbuffer.empty?
|
66
|
-
nil
|
67
|
-
else
|
68
|
-
size = @rbuffer.size unless size
|
69
|
-
ret = @rbuffer[0, size]
|
70
|
-
@rbuffer[0, size] = ""
|
71
|
-
ret
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
public
|
76
|
-
|
77
|
-
##
|
78
|
-
# Reads +size+ bytes from the stream. If +buf+ is provided it must
|
79
|
-
# reference a string which will receive the data.
|
80
|
-
#
|
81
|
-
# See IO#read for full details.
|
82
|
-
|
83
|
-
def read(size=nil, buf=nil)
|
84
|
-
if size == 0
|
85
|
-
if buf
|
86
|
-
buf.clear
|
87
|
-
return buf
|
88
|
-
else
|
89
|
-
return ""
|
90
|
-
end
|
91
|
-
end
|
92
|
-
until @eof
|
93
|
-
break if size && size <= @rbuffer.size
|
94
|
-
fill_rbuff
|
95
|
-
end
|
96
|
-
ret = consume_rbuff(size) || ""
|
97
|
-
if buf
|
98
|
-
buf.replace(ret)
|
99
|
-
ret = buf
|
100
|
-
end
|
101
|
-
(size && ret.empty?) ? nil : ret
|
102
|
-
end
|
103
|
-
|
104
|
-
##
|
105
|
-
# Reads at most +maxlen+ bytes from the stream. If +buf+ is provided it
|
106
|
-
# must reference a string which will receive the data.
|
107
|
-
#
|
108
|
-
# See IO#readpartial for full details.
|
109
|
-
|
110
|
-
def readpartial(maxlen, buf=nil)
|
111
|
-
if maxlen == 0
|
112
|
-
if buf
|
113
|
-
buf.clear
|
114
|
-
return buf
|
115
|
-
else
|
116
|
-
return ""
|
117
|
-
end
|
118
|
-
end
|
119
|
-
if @rbuffer.empty?
|
120
|
-
begin
|
121
|
-
return sysread(maxlen, buf)
|
122
|
-
rescue Errno::EAGAIN
|
123
|
-
retry
|
124
|
-
end
|
125
|
-
end
|
126
|
-
ret = consume_rbuff(maxlen)
|
127
|
-
if buf
|
128
|
-
buf.replace(ret)
|
129
|
-
ret = buf
|
130
|
-
end
|
131
|
-
raise EOFError if ret.empty?
|
132
|
-
ret
|
133
|
-
end
|
134
|
-
|
135
|
-
##
|
136
|
-
# Reads at most +maxlen+ bytes in the non-blocking manner.
|
137
|
-
#
|
138
|
-
# When no data can be read without blocking it raises
|
139
|
-
# OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
|
140
|
-
#
|
141
|
-
# IO::WaitReadable means SSL needs to read internally so read_nonblock
|
142
|
-
# should be called again when the underlying IO is readable.
|
143
|
-
#
|
144
|
-
# IO::WaitWritable means SSL needs to write internally so read_nonblock
|
145
|
-
# should be called again after the underlying IO is writable.
|
146
|
-
#
|
147
|
-
# OpenSSL::Buffering#read_nonblock needs two rescue clause as follows:
|
148
|
-
#
|
149
|
-
# # emulates blocking read (readpartial).
|
150
|
-
# begin
|
151
|
-
# result = ssl.read_nonblock(maxlen)
|
152
|
-
# rescue IO::WaitReadable
|
153
|
-
# IO.select([io])
|
154
|
-
# retry
|
155
|
-
# rescue IO::WaitWritable
|
156
|
-
# IO.select(nil, [io])
|
157
|
-
# retry
|
158
|
-
# end
|
159
|
-
#
|
160
|
-
# Note that one reason that read_nonblock writes to the underlying IO is
|
161
|
-
# when the peer requests a new TLS/SSL handshake. See openssl the FAQ for
|
162
|
-
# more details. http://www.openssl.org/support/faq.html
|
163
|
-
|
164
|
-
def read_nonblock(maxlen, buf=nil, exception: true)
|
165
|
-
if maxlen == 0
|
166
|
-
if buf
|
167
|
-
buf.clear
|
168
|
-
return buf
|
169
|
-
else
|
170
|
-
return ""
|
171
|
-
end
|
172
|
-
end
|
173
|
-
if @rbuffer.empty?
|
174
|
-
return sysread_nonblock(maxlen, buf, exception: exception)
|
175
|
-
end
|
176
|
-
ret = consume_rbuff(maxlen)
|
177
|
-
if buf
|
178
|
-
buf.replace(ret)
|
179
|
-
ret = buf
|
180
|
-
end
|
181
|
-
raise EOFError if ret.empty?
|
182
|
-
ret
|
183
|
-
end
|
184
|
-
|
185
|
-
##
|
186
|
-
# Reads the next "line+ from the stream. Lines are separated by +eol+. If
|
187
|
-
# +limit+ is provided the result will not be longer than the given number of
|
188
|
-
# bytes.
|
189
|
-
#
|
190
|
-
# +eol+ may be a String or Regexp.
|
191
|
-
#
|
192
|
-
# Unlike IO#gets the line read will not be assigned to +$_+.
|
193
|
-
#
|
194
|
-
# Unlike IO#gets the separator must be provided if a limit is provided.
|
195
|
-
|
196
|
-
def gets(eol=$/, limit=nil)
|
197
|
-
idx = @rbuffer.index(eol)
|
198
|
-
until @eof
|
199
|
-
break if idx
|
200
|
-
fill_rbuff
|
201
|
-
idx = @rbuffer.index(eol)
|
202
|
-
end
|
203
|
-
if eol.is_a?(Regexp)
|
204
|
-
size = idx ? idx+$&.size : nil
|
205
|
-
else
|
206
|
-
size = idx ? idx+eol.size : nil
|
207
|
-
end
|
208
|
-
if limit and limit >= 0
|
209
|
-
size = [size, limit].min
|
210
|
-
end
|
211
|
-
consume_rbuff(size)
|
212
|
-
end
|
213
|
-
|
214
|
-
##
|
215
|
-
# Executes the block for every line in the stream where lines are separated
|
216
|
-
# by +eol+.
|
217
|
-
#
|
218
|
-
# See also #gets
|
219
|
-
|
220
|
-
def each(eol=$/)
|
221
|
-
while line = self.gets(eol)
|
222
|
-
yield line
|
223
|
-
end
|
224
|
-
end
|
225
|
-
alias each_line each
|
226
|
-
|
227
|
-
##
|
228
|
-
# Reads lines from the stream which are separated by +eol+.
|
229
|
-
#
|
230
|
-
# See also #gets
|
231
|
-
|
232
|
-
def readlines(eol=$/)
|
233
|
-
ary = []
|
234
|
-
while line = self.gets(eol)
|
235
|
-
ary << line
|
236
|
-
end
|
237
|
-
ary
|
238
|
-
end
|
239
|
-
|
240
|
-
##
|
241
|
-
# Reads a line from the stream which is separated by +eol+.
|
242
|
-
#
|
243
|
-
# Raises EOFError if at end of file.
|
244
|
-
|
245
|
-
def readline(eol=$/)
|
246
|
-
raise EOFError if eof?
|
247
|
-
gets(eol)
|
248
|
-
end
|
249
|
-
|
250
|
-
##
|
251
|
-
# Reads one character from the stream. Returns nil if called at end of
|
252
|
-
# file.
|
253
|
-
|
254
|
-
def getc
|
255
|
-
read(1)
|
256
|
-
end
|
257
|
-
|
258
|
-
##
|
259
|
-
# Calls the given block once for each byte in the stream.
|
260
|
-
|
261
|
-
def each_byte # :yields: byte
|
262
|
-
while c = getc
|
263
|
-
yield(c.ord)
|
264
|
-
end
|
265
|
-
end
|
266
|
-
|
267
|
-
##
|
268
|
-
# Reads a one-character string from the stream. Raises an EOFError at end
|
269
|
-
# of file.
|
270
|
-
|
271
|
-
def readchar
|
272
|
-
raise EOFError if eof?
|
273
|
-
getc
|
274
|
-
end
|
275
|
-
|
276
|
-
##
|
277
|
-
# Pushes character +c+ back onto the stream such that a subsequent buffered
|
278
|
-
# character read will return it.
|
279
|
-
#
|
280
|
-
# Unlike IO#getc multiple bytes may be pushed back onto the stream.
|
281
|
-
#
|
282
|
-
# Has no effect on unbuffered reads (such as #sysread).
|
283
|
-
|
284
|
-
def ungetc(c)
|
285
|
-
@rbuffer[0,0] = c.chr
|
286
|
-
end
|
287
|
-
|
288
|
-
##
|
289
|
-
# Returns true if the stream is at file which means there is no more data to
|
290
|
-
# be read.
|
291
|
-
|
292
|
-
def eof?
|
293
|
-
fill_rbuff if !@eof && @rbuffer.empty?
|
294
|
-
@eof && @rbuffer.empty?
|
295
|
-
end
|
296
|
-
alias eof eof?
|
297
|
-
|
298
|
-
#
|
299
|
-
# for writing.
|
300
|
-
#
|
301
|
-
private
|
302
|
-
|
303
|
-
##
|
304
|
-
# Writes +s+ to the buffer. When the buffer is full or #sync is true the
|
305
|
-
# buffer is flushed to the underlying socket.
|
306
|
-
|
307
|
-
def do_write(s)
|
308
|
-
@wbuffer = "" unless defined? @wbuffer
|
309
|
-
@wbuffer << s
|
310
|
-
@wbuffer.force_encoding(Encoding::BINARY)
|
311
|
-
@sync ||= false
|
312
|
-
if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
|
313
|
-
remain = idx ? idx + $/.size : @wbuffer.length
|
314
|
-
nwritten = 0
|
315
|
-
while remain > 0
|
316
|
-
str = @wbuffer[nwritten,remain]
|
317
|
-
begin
|
318
|
-
nwrote = syswrite(str)
|
319
|
-
rescue Errno::EAGAIN
|
320
|
-
retry
|
321
|
-
end
|
322
|
-
remain -= nwrote
|
323
|
-
nwritten += nwrote
|
324
|
-
end
|
325
|
-
@wbuffer[0,nwritten] = ""
|
326
|
-
end
|
327
|
-
end
|
328
|
-
|
329
|
-
public
|
330
|
-
|
331
|
-
##
|
332
|
-
# Writes +s+ to the stream. If the argument is not a string it will be
|
333
|
-
# converted using String#to_s. Returns the number of bytes written.
|
334
|
-
|
335
|
-
def write(s)
|
336
|
-
do_write(s)
|
337
|
-
s.bytesize
|
338
|
-
end
|
339
|
-
|
340
|
-
##
|
341
|
-
# Writes +str+ in the non-blocking manner.
|
342
|
-
#
|
343
|
-
# If there is buffered data, it is flushed first. This may block.
|
344
|
-
#
|
345
|
-
# write_nonblock returns number of bytes written to the SSL connection.
|
346
|
-
#
|
347
|
-
# When no data can be written without blocking it raises
|
348
|
-
# OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
|
349
|
-
#
|
350
|
-
# IO::WaitReadable means SSL needs to read internally so write_nonblock
|
351
|
-
# should be called again after the underlying IO is readable.
|
352
|
-
#
|
353
|
-
# IO::WaitWritable means SSL needs to write internally so write_nonblock
|
354
|
-
# should be called again after underlying IO is writable.
|
355
|
-
#
|
356
|
-
# So OpenSSL::Buffering#write_nonblock needs two rescue clause as follows.
|
357
|
-
#
|
358
|
-
# # emulates blocking write.
|
359
|
-
# begin
|
360
|
-
# result = ssl.write_nonblock(str)
|
361
|
-
# rescue IO::WaitReadable
|
362
|
-
# IO.select([io])
|
363
|
-
# retry
|
364
|
-
# rescue IO::WaitWritable
|
365
|
-
# IO.select(nil, [io])
|
366
|
-
# retry
|
367
|
-
# end
|
368
|
-
#
|
369
|
-
# Note that one reason that write_nonblock reads from the underlying IO
|
370
|
-
# is when the peer requests a new TLS/SSL handshake. See the openssl FAQ
|
371
|
-
# for more details. http://www.openssl.org/support/faq.html
|
372
|
-
|
373
|
-
def write_nonblock(s, exception: true)
|
374
|
-
flush
|
375
|
-
syswrite_nonblock(s, exception: exception)
|
376
|
-
end
|
377
|
-
|
378
|
-
##
|
379
|
-
# Writes +s+ to the stream. +s+ will be converted to a String using
|
380
|
-
# String#to_s.
|
381
|
-
|
382
|
-
def << (s)
|
383
|
-
do_write(s)
|
384
|
-
self
|
385
|
-
end
|
386
|
-
|
387
|
-
##
|
388
|
-
# Writes +args+ to the stream along with a record separator.
|
389
|
-
#
|
390
|
-
# See IO#puts for full details.
|
391
|
-
|
392
|
-
def puts(*args)
|
393
|
-
s = ""
|
394
|
-
if args.empty?
|
395
|
-
s << "\n"
|
396
|
-
end
|
397
|
-
args.each{|arg|
|
398
|
-
s << arg.to_s
|
399
|
-
if $/ && /\n\z/ !~ s
|
400
|
-
s << "\n"
|
401
|
-
end
|
402
|
-
}
|
403
|
-
do_write(s)
|
404
|
-
nil
|
405
|
-
end
|
406
|
-
|
407
|
-
##
|
408
|
-
# Writes +args+ to the stream.
|
409
|
-
#
|
410
|
-
# See IO#print for full details.
|
411
|
-
|
412
|
-
def print(*args)
|
413
|
-
s = ""
|
414
|
-
args.each{ |arg| s << arg.to_s }
|
415
|
-
do_write(s)
|
416
|
-
nil
|
417
|
-
end
|
418
|
-
|
419
|
-
##
|
420
|
-
# Formats and writes to the stream converting parameters under control of
|
421
|
-
# the format string.
|
422
|
-
#
|
423
|
-
# See Kernel#sprintf for format string details.
|
424
|
-
|
425
|
-
def printf(s, *args)
|
426
|
-
do_write(s % args)
|
427
|
-
nil
|
428
|
-
end
|
429
|
-
|
430
|
-
##
|
431
|
-
# Flushes buffered data to the SSLSocket.
|
432
|
-
|
433
|
-
def flush
|
434
|
-
osync = @sync
|
435
|
-
@sync = true
|
436
|
-
do_write ""
|
437
|
-
return self
|
438
|
-
ensure
|
439
|
-
@sync = osync
|
440
|
-
end
|
441
|
-
|
442
|
-
##
|
443
|
-
# Closes the SSLSocket and flushes any unwritten data.
|
444
|
-
|
445
|
-
def close
|
446
|
-
flush rescue nil
|
447
|
-
sysclose
|
448
|
-
end
|
449
|
-
end
|
1
|
+
load 'jopenssl22/openssl/buffering.rb'
|