jruby-openssl 0.10.0-java → 0.10.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d93b285d36ec67e3b61f243a65384bf348cf95bf
-  data.tar.gz: 18cbb5707579086acf731bc4fe1c33ecd20ed80f
+  metadata.gz: ade549d7f3aa3abc46be8284b770710b54be15c7
+  data.tar.gz: ebeb42397480403b859ddc8df78382228c5ad5d0
 SHA512:
-  metadata.gz: 4eb2b1cc22129cce2992317b5731703a392530fa5b8ab7b64cfb2c33763c7923694fbc6591985a7001681ce4df24c64f59e55a2288911026666600a6363a86d0
-  data.tar.gz: 7dadbafd95149c82c1b2669f3e264c59ce2e23d28acc9edc2b8d3d6a18d37a78d412a6bec078b59a44adb78ce348c4b514da1b8bbaed9e66d2b5c85833b8a74d
+  metadata.gz: 90a72129e758c1296a5e9f99835b9321da3ce2542c4079647b5d9eef0ac8754b437378b0b088c6a6b5800495dda0f1d359cf470b6335bc288ddf184cd3cbaebc
+  data.tar.gz: b706b8ed3d904e7ab69c50f2696aed1b20fd1cc42de1381f7e4db62992d975aa22bfb87a150c576d8a034688b009fe28a78d8b9cf3abb13fe708e72020a03191

data/History.md

@@ -1,3 +1,15 @@
+## 0.10.1
+
+* loading JOpenSSL's native ext part the JRuby 9.2 (internal) way
+* avoid, once again, installing BC provider on boot (due OCSP support)
+* [feat] support OpenSSL::KDF as a (semi) OpenSSL::PKCS5 replacement
+* rename ugly-sh "Jopenssl" constant to **JOpenSSL**
+* support PKCS7#decrypt with 1 argument (pkey only - without certificate)
+* undo some of the call-sites in SSLSocket - account for sub-classes (#165)
+* follow-up to provide == for X.509 types (like C-OpenSSL does in 2.1) 
+* validate iter parameter on Cipher#pkcs5_keyivgen (since OpenSSL 2.0.8)
+* remove openssl/pkcs7.rb -> since 1.8 no longer supported
+
 ## 0.10.0
 
 **NOTE:** dropped support for anything below ~ JRuby 1.7.20

data/Mavenfile

@@ -2,9 +2,6 @@
 
 gemspec :jar => 'jopenssl', :include_jars => true
 
-sonatype_url = 'https://oss.sonatype.org/content/repositories/snapshots/'
-snapshot_repository :id => 'sonatype', :url => sonatype_url
-
 distribution_management do
   snapshot_repository :id => :ossrh, :url => 'https://oss.sonatype.org/content/repositories/snapshots'
   repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
@@ -80,29 +77,24 @@ plugin :clean do
                  'failOnError' =>  'false' )
 end
 
-# NOTE: unfortunately we can not use 1.6.8 to generate invokers ...
-# although we'd like to compile against 1.6 to make sure all is well
-jar 'org.jruby:jruby-core', '1.7.17', :scope => :provided  # 1.6.8
+jar 'org.jruby:jruby-core', '1.7.20', :scope => :provided
 jar 'junit:junit', '4.11', :scope => :test
 
 jruby_plugin! :gem do
-  # when installing dependent gems we want to use the built in openssl
-  # not the one from this lib directory
-  # we compile against jruby-core-1.7.17 and want to keep this out of
-  # the plugin execution here
+  # when installing dependent gems we want to use the built in openssl not the one from this lib directory
+  # we compile against jruby-core-1.7.20 and want to keep this out of the plugin execution here
   execute_goal :id => 'default-initialize', :addProjectClasspath => false, :libDirectory => 'something-which-does-not-exists'
   execute_goals :id => 'default-push', :skip => true
 end
 
-# we want to have the snapshots on oss.sonatype.org and the released gems
-# on maven central
+# we want to have the snapshots on oss.sonatype.org and the released gems on maven central
 plugin :deploy, '2.8.1' do
   execute_goals( :deploy, :skip => false )
 end
 
 supported_bc_versions = %w{ 1.55 1.56 1.57 1.58 1.59 }
 
-default_bc_version = File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
+default_bc_version = File.read File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
 default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
 
 properties( 'jruby.plugins.version' => '1.0.10',
@@ -122,7 +114,11 @@ properties( 'jruby.plugins.version' => '1.0.10',
 
 # make sure we have the embedded jars in place before we run runit plugin
 plugin! :dependency do
-  execute_goal 'copy-dependencies', :phase => 'generate-test-resources', :outputDirectory => '${basedir}/lib', :useRepositoryLayout => true, :includeGroupIds => 'org.bouncycastle'
+  execute_goal 'copy-dependencies',
+               :phase => 'generate-test-resources',
+               :outputDirectory => '${basedir}/lib',
+               :useRepositoryLayout => true,
+               :includeGroupIds => 'org.bouncycastle'
 end
 
 jruby_plugin(:runit) { execute_goal( :test, :runitDirectory => '${runit.dir}' ) }
@@ -141,26 +137,9 @@ invoker_run_options = {
       'runit.dir' => '${runit.dir}' }
 }
 
-# profile :id => 'test-1.6.8' do
-#   plugin :invoker, '1.8' do
-#     execute_goals( :install, :run, invoker_run_options )
-#   end
-#   properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
-#              'bc.versions' => supported_bc_versions.join(',')
-# end
-#
-# profile :id => 'test-1.7.4' do
-#   plugin :invoker, '1.8' do
-#     execute_goals( :install, :run, invoker_run_options )
-#   end
-#   properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
-#              'bc.versions' => supported_bc_versions.join(',')
-# end
-
 jruby_1_7_versions = %w{ 1.7.18 1.7.20 1.7.22 1.7.23 1.7.24 1.7.25 1.7.26 1.7.27 }
 
 jruby_1_7_versions.each { |version|
-
 profile :id => "test-#{version}" do
   plugin :invoker, '1.8' do
     execute_goals( :install, :run, invoker_run_options )
@@ -168,10 +147,9 @@ profile :id => "test-#{version}" do
   properties 'jruby.versions' => version, 'jruby.modes' => '1.9,2.0',
              'bc.versions' => supported_bc_versions.join(',')
 end
-
 }
 
-jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 9.1.13.0 9.1.16.0 9.1.17.0 }
+jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 9.2.0.0 }
 
 jruby_9_K_versions.each { |version|
 profile :id => "test-#{version}" do
@@ -190,4 +168,5 @@ profile :id => 'release' do
     execute_goal :sign, :phase => :verify
   end
 end
+
 # vim: syntax=Ruby

data/lib/jopenssl/_compat23.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: false
+
+module OpenSSL
+
+  module PKey
+
+    class DH
+
+      def set_key(pub_key, priv_key)
+        self.pub_key = pub_key
+        self.priv_key = priv_key
+        self
+      end
+
+      def set_pqg(p, q, g)
+        self.p = p
+        if respond_to?(:q)
+          self.q = q
+        else # TODO self.q = q
+          OpenSSL.warn "JRuby-OpenSSL does not support setting q param on #{inspect}" if q
+        end
+        self.g = g
+        self
+      end
+
+    end
+
+    class DSA
+
+      def set_key(pub_key, priv_key)
+        self.pub_key = pub_key
+        self.priv_key = priv_key
+        self
+      end
+
+      def set_pqg(p, q, g)
+        self.p = p
+        self.q = q
+        self.g = g
+        self
+      end
+
+    end
+
+    class RSA
+
+      def set_key(n, e, d)
+        self.n = n
+        self.e = e
+        self.d = d
+        self
+      end
+
+      def set_factors(p, q)
+        self.p = p
+        self.q = q
+        self
+      end
+
+      def set_crt_params(dmp1, dmq1, iqmp)
+        self.dmp1 = dmp1
+        self.dmq1 = dmq1
+        self.iqmp = iqmp
+        self
+      end
+
+    end
+
+  end
+
+end

data/lib/jopenssl/load.rb

@@ -1,13 +1,12 @@
 warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUBY_VERSION
 
-require 'java'
 require 'jopenssl/version'
 
-warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{Jopenssl::VERSION}" if JRUBY_VERSION < '1.7.20'
+warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{JOpenSSL::VERSION}" if JRUBY_VERSION < '1.7.20'
 
 # NOTE: assuming user does pull in BC .jars from somewhere else on the CP
 unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
-  version = Jopenssl::BOUNCY_CASTLE_VERSION
+  version = JOpenSSL::BOUNCY_CASTLE_VERSION
   bc_jars = nil
   begin
     require 'jar-dependencies'
@@ -26,13 +25,17 @@ unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
   end
 end
 
-require 'jruby'
 require 'jopenssl.jar'
-org.jruby.ext.openssl.OpenSSL.load(JRuby.runtime)
+
+if JRuby::Util.respond_to?(:load_ext) # JRuby 9.2
+  JRuby::Util.load_ext('org.jruby.ext.openssl.OpenSSL')
+else; require 'jruby'
+  org.jruby.ext.openssl.OpenSSL.load(JRuby.runtime)
+end
 
 if RUBY_VERSION > '2.3'
   load 'jopenssl23/openssl.rb'
-  load 'jopenssl24.rb' if RUBY_VERSION >= '2.4'
+  load 'jopenssl/_compat23.rb'
 elsif RUBY_VERSION > '2.2'
   load 'jopenssl22/openssl.rb'
 elsif RUBY_VERSION > '2.1'
@@ -41,4 +44,7 @@ else
   load 'jopenssl19/openssl.rb'
 end
 
-require 'openssl/pkcs12'
+module OpenSSL
+  autoload :Config, 'openssl/config' unless const_defined?(:Config, false)
+  autoload :PKCS12, 'openssl/pkcs12'
+end

data/lib/jopenssl/version.rb

@@ -1,4 +1,5 @@
-module Jopenssl
-  VERSION = '0.10.0'
+module JOpenSSL
+  VERSION = '0.10.1'
   BOUNCY_CASTLE_VERSION = '1.59'
 end
+Jopenssl = JOpenSSL

data/lib/jopenssl19/openssl/ssl-internal.rb

@@ -19,6 +19,104 @@ require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
 
 module OpenSSL
   module SSL
+    class SSLContext
+      DEFAULT_PARAMS = {
+          :ssl_version => "SSLv23",
+          :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+          :ciphers => %w{
+          ECDHE-ECDSA-AES128-GCM-SHA256
+          ECDHE-RSA-AES128-GCM-SHA256
+          ECDHE-ECDSA-AES256-GCM-SHA384
+          ECDHE-RSA-AES256-GCM-SHA384
+          DHE-RSA-AES128-GCM-SHA256
+          DHE-DSS-AES128-GCM-SHA256
+          DHE-RSA-AES256-GCM-SHA384
+          DHE-DSS-AES256-GCM-SHA384
+          ECDHE-ECDSA-AES128-SHA256
+          ECDHE-RSA-AES128-SHA256
+          ECDHE-ECDSA-AES128-SHA
+          ECDHE-RSA-AES128-SHA
+          ECDHE-ECDSA-AES256-SHA384
+          ECDHE-RSA-AES256-SHA384
+          ECDHE-ECDSA-AES256-SHA
+          ECDHE-RSA-AES256-SHA
+          DHE-RSA-AES128-SHA256
+          DHE-RSA-AES256-SHA256
+          DHE-RSA-AES128-SHA
+          DHE-RSA-AES256-SHA
+          DHE-DSS-AES128-SHA256
+          DHE-DSS-AES256-SHA256
+          DHE-DSS-AES128-SHA
+          DHE-DSS-AES256-SHA
+          AES128-GCM-SHA256
+          AES256-GCM-SHA384
+          AES128-SHA256
+          AES256-SHA256
+          AES128-SHA
+          AES256-SHA
+          ECDHE-ECDSA-RC4-SHA
+          ECDHE-RSA-RC4-SHA
+          RC4-SHA
+        }.join(":"),
+          :options => -> {
+            opts = OpenSSL::SSL::OP_ALL
+            opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+            opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+            opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+            opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+            opts
+          }.call
+      } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
+
+      begin
+        DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+        DEFAULT_CERT_STORE.set_default_paths
+        if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+          DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+        end
+      end unless const_defined? :DEFAULT_CERT_STORE
+
+      def set_params(params={})
+        params = DEFAULT_PARAMS.merge(params)
+        params.each{|name, value| self.__send__("#{name}=", value) }
+        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
+          unless self.ca_file or self.ca_path or self.cert_store
+            self.cert_store = DEFAULT_CERT_STORE
+          end
+        end
+        return params
+      end unless method_defined? :set_params
+    end
+
+    module SocketForwarder
+      def addr
+        to_io.addr
+      end
+
+      def peeraddr
+        to_io.peeraddr
+      end
+
+      def setsockopt(level, optname, optval)
+        to_io.setsockopt(level, optname, optval)
+      end
+
+      def getsockopt(level, optname)
+        to_io.getsockopt(level, optname)
+      end
+
+      def fcntl(*args)
+        to_io.fcntl(*args)
+      end
+
+      def closed?
+        to_io.closed?
+      end
+
+      def do_not_reverse_lookup=(flag)
+        to_io.do_not_reverse_lookup = flag
+      end
+    end
 
     def verify_certificate_identity(cert, hostname)
       should_verify_common_name = true
@@ -63,6 +161,12 @@ module OpenSSL
       include SocketForwarder
       include Nonblock
 
+      def sysclose
+        return if closed?
+        stop
+        io.close if sync_close
+      end unless method_defined? :sysclose
+
       def post_connection_check(hostname)
         unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
           raise SSLError, "hostname does not match the server certificate"

data/lib/jopenssl22/openssl/ssl.rb

@@ -68,13 +68,13 @@ module OpenSSL
         }.call
       } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
 
-      unless const_defined? :DEFAULT_CERT_STORE # JRuby specific
-      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
-      DEFAULT_CERT_STORE.set_default_paths
-      if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
-        DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-      end
-      end
+      begin
+        DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+        DEFAULT_CERT_STORE.set_default_paths
+        if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+          DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+        end
+      end unless const_defined? :DEFAULT_CERT_STORE
 
       ##
       # Sets the parameters for this SSL context to the values in +params+.
@@ -86,14 +86,14 @@ module OpenSSL
       
       def set_params(params={})
         params = DEFAULT_PARAMS.merge(params)
-        params.each{|name, value| self.__send__("#{name}=", value) }
+        params.each { |name, value| self.__send__("#{name}=", value) }
         if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
           unless self.ca_file or self.ca_path or self.cert_store
             self.cert_store = DEFAULT_CERT_STORE
           end
         end
         return params
-      end unless method_defined? :set_params # JRuby: hooked up in "native" Java
+      end unless method_defined? :set_params
     end
 
     module SocketForwarder
@@ -124,7 +124,7 @@ module OpenSSL
       def do_not_reverse_lookup=(flag)
         to_io.do_not_reverse_lookup = flag
       end
-    end unless const_defined? :SocketForwarder # JRuby: hooked up in "native" Java
+    end
 
     module Nonblock
       def initialize(*args)
@@ -228,6 +228,12 @@ module OpenSSL
       include SocketForwarder
       include Nonblock
 
+      def sysclose
+        return if closed?
+        stop
+        io.close if sync_close
+      end unless method_defined? :sysclose
+
       ##
       # Perform hostname verification after an SSL connection is established
       #
@@ -248,12 +254,6 @@ module OpenSSL
         return true
       end
 
-      #def session
-      #  SSL::Session.new(self)
-      #rescue SSL::Session::SessionError
-      #  nil
-      #end
-
       private
 
       def using_anon_cipher?

data/lib/jopenssl23/openssl.rb

@@ -13,7 +13,7 @@
 require 'openssl/bn'
 require 'openssl/pkey'
 require 'openssl/cipher'
-require 'openssl/config'
+require 'openssl/config' if OpenSSL.const_defined?(:Config, false)
 require 'openssl/digest'
 require 'openssl/x509'
 require 'openssl/ssl'