jruby-openssl 0.10.0-java → 0.10.1-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d93b285d36ec67e3b61f243a65384bf348cf95bf
4
- data.tar.gz: 18cbb5707579086acf731bc4fe1c33ecd20ed80f
3
+ metadata.gz: ade549d7f3aa3abc46be8284b770710b54be15c7
4
+ data.tar.gz: ebeb42397480403b859ddc8df78382228c5ad5d0
5
5
  SHA512:
6
- metadata.gz: 4eb2b1cc22129cce2992317b5731703a392530fa5b8ab7b64cfb2c33763c7923694fbc6591985a7001681ce4df24c64f59e55a2288911026666600a6363a86d0
7
- data.tar.gz: 7dadbafd95149c82c1b2669f3e264c59ce2e23d28acc9edc2b8d3d6a18d37a78d412a6bec078b59a44adb78ce348c4b514da1b8bbaed9e66d2b5c85833b8a74d
6
+ metadata.gz: 90a72129e758c1296a5e9f99835b9321da3ce2542c4079647b5d9eef0ac8754b437378b0b088c6a6b5800495dda0f1d359cf470b6335bc288ddf184cd3cbaebc
7
+ data.tar.gz: b706b8ed3d904e7ab69c50f2696aed1b20fd1cc42de1381f7e4db62992d975aa22bfb87a150c576d8a034688b009fe28a78d8b9cf3abb13fe708e72020a03191
data/History.md CHANGED
@@ -1,3 +1,15 @@
1
+ ## 0.10.1
2
+
3
+ * loading JOpenSSL's native ext part the JRuby 9.2 (internal) way
4
+ * avoid, once again, installing BC provider on boot (due OCSP support)
5
+ * [feat] support OpenSSL::KDF as a (semi) OpenSSL::PKCS5 replacement
6
+ * rename ugly-sh "Jopenssl" constant to **JOpenSSL**
7
+ * support PKCS7#decrypt with 1 argument (pkey only - without certificate)
8
+ * undo some of the call-sites in SSLSocket - account for sub-classes (#165)
9
+ * follow-up to provide == for X.509 types (like C-OpenSSL does in 2.1)
10
+ * validate iter parameter on Cipher#pkcs5_keyivgen (since OpenSSL 2.0.8)
11
+ * remove openssl/pkcs7.rb -> since 1.8 no longer supported
12
+
1
13
  ## 0.10.0
2
14
 
3
15
  **NOTE:** dropped support for anything below ~ JRuby 1.7.20
data/Mavenfile CHANGED
@@ -2,9 +2,6 @@
2
2
 
3
3
  gemspec :jar => 'jopenssl', :include_jars => true
4
4
 
5
- sonatype_url = 'https://oss.sonatype.org/content/repositories/snapshots/'
6
- snapshot_repository :id => 'sonatype', :url => sonatype_url
7
-
8
5
  distribution_management do
9
6
  snapshot_repository :id => :ossrh, :url => 'https://oss.sonatype.org/content/repositories/snapshots'
10
7
  repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
@@ -80,29 +77,24 @@ plugin :clean do
80
77
  'failOnError' => 'false' )
81
78
  end
82
79
 
83
- # NOTE: unfortunately we can not use 1.6.8 to generate invokers ...
84
- # although we'd like to compile against 1.6 to make sure all is well
85
- jar 'org.jruby:jruby-core', '1.7.17', :scope => :provided # 1.6.8
80
+ jar 'org.jruby:jruby-core', '1.7.20', :scope => :provided
86
81
  jar 'junit:junit', '4.11', :scope => :test
87
82
 
88
83
  jruby_plugin! :gem do
89
- # when installing dependent gems we want to use the built in openssl
90
- # not the one from this lib directory
91
- # we compile against jruby-core-1.7.17 and want to keep this out of
92
- # the plugin execution here
84
+ # when installing dependent gems we want to use the built in openssl not the one from this lib directory
85
+ # we compile against jruby-core-1.7.20 and want to keep this out of the plugin execution here
93
86
  execute_goal :id => 'default-initialize', :addProjectClasspath => false, :libDirectory => 'something-which-does-not-exists'
94
87
  execute_goals :id => 'default-push', :skip => true
95
88
  end
96
89
 
97
- # we want to have the snapshots on oss.sonatype.org and the released gems
98
- # on maven central
90
+ # we want to have the snapshots on oss.sonatype.org and the released gems on maven central
99
91
  plugin :deploy, '2.8.1' do
100
92
  execute_goals( :deploy, :skip => false )
101
93
  end
102
94
 
103
95
  supported_bc_versions = %w{ 1.55 1.56 1.57 1.58 1.59 }
104
96
 
105
- default_bc_version = File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
97
+ default_bc_version = File.read File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
106
98
  default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
107
99
 
108
100
  properties( 'jruby.plugins.version' => '1.0.10',
@@ -122,7 +114,11 @@ properties( 'jruby.plugins.version' => '1.0.10',
122
114
 
123
115
  # make sure we have the embedded jars in place before we run runit plugin
124
116
  plugin! :dependency do
125
- execute_goal 'copy-dependencies', :phase => 'generate-test-resources', :outputDirectory => '${basedir}/lib', :useRepositoryLayout => true, :includeGroupIds => 'org.bouncycastle'
117
+ execute_goal 'copy-dependencies',
118
+ :phase => 'generate-test-resources',
119
+ :outputDirectory => '${basedir}/lib',
120
+ :useRepositoryLayout => true,
121
+ :includeGroupIds => 'org.bouncycastle'
126
122
  end
127
123
 
128
124
  jruby_plugin(:runit) { execute_goal( :test, :runitDirectory => '${runit.dir}' ) }
@@ -141,26 +137,9 @@ invoker_run_options = {
141
137
  'runit.dir' => '${runit.dir}' }
142
138
  }
143
139
 
144
- # profile :id => 'test-1.6.8' do
145
- # plugin :invoker, '1.8' do
146
- # execute_goals( :install, :run, invoker_run_options )
147
- # end
148
- # properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
149
- # 'bc.versions' => supported_bc_versions.join(',')
150
- # end
151
- #
152
- # profile :id => 'test-1.7.4' do
153
- # plugin :invoker, '1.8' do
154
- # execute_goals( :install, :run, invoker_run_options )
155
- # end
156
- # properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
157
- # 'bc.versions' => supported_bc_versions.join(',')
158
- # end
159
-
160
140
  jruby_1_7_versions = %w{ 1.7.18 1.7.20 1.7.22 1.7.23 1.7.24 1.7.25 1.7.26 1.7.27 }
161
141
 
162
142
  jruby_1_7_versions.each { |version|
163
-
164
143
  profile :id => "test-#{version}" do
165
144
  plugin :invoker, '1.8' do
166
145
  execute_goals( :install, :run, invoker_run_options )
@@ -168,10 +147,9 @@ profile :id => "test-#{version}" do
168
147
  properties 'jruby.versions' => version, 'jruby.modes' => '1.9,2.0',
169
148
  'bc.versions' => supported_bc_versions.join(',')
170
149
  end
171
-
172
150
  }
173
151
 
174
- jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 9.1.13.0 9.1.16.0 9.1.17.0 }
152
+ jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 9.2.0.0 }
175
153
 
176
154
  jruby_9_K_versions.each { |version|
177
155
  profile :id => "test-#{version}" do
@@ -190,4 +168,5 @@ profile :id => 'release' do
190
168
  execute_goal :sign, :phase => :verify
191
169
  end
192
170
  end
171
+
193
172
  # vim: syntax=Ruby
Binary file
@@ -0,0 +1,71 @@
1
+ # frozen_string_literal: false
2
+
3
+ module OpenSSL
4
+
5
+ module PKey
6
+
7
+ class DH
8
+
9
+ def set_key(pub_key, priv_key)
10
+ self.pub_key = pub_key
11
+ self.priv_key = priv_key
12
+ self
13
+ end
14
+
15
+ def set_pqg(p, q, g)
16
+ self.p = p
17
+ if respond_to?(:q)
18
+ self.q = q
19
+ else # TODO self.q = q
20
+ OpenSSL.warn "JRuby-OpenSSL does not support setting q param on #{inspect}" if q
21
+ end
22
+ self.g = g
23
+ self
24
+ end
25
+
26
+ end
27
+
28
+ class DSA
29
+
30
+ def set_key(pub_key, priv_key)
31
+ self.pub_key = pub_key
32
+ self.priv_key = priv_key
33
+ self
34
+ end
35
+
36
+ def set_pqg(p, q, g)
37
+ self.p = p
38
+ self.q = q
39
+ self.g = g
40
+ self
41
+ end
42
+
43
+ end
44
+
45
+ class RSA
46
+
47
+ def set_key(n, e, d)
48
+ self.n = n
49
+ self.e = e
50
+ self.d = d
51
+ self
52
+ end
53
+
54
+ def set_factors(p, q)
55
+ self.p = p
56
+ self.q = q
57
+ self
58
+ end
59
+
60
+ def set_crt_params(dmp1, dmq1, iqmp)
61
+ self.dmp1 = dmp1
62
+ self.dmq1 = dmq1
63
+ self.iqmp = iqmp
64
+ self
65
+ end
66
+
67
+ end
68
+
69
+ end
70
+
71
+ end
@@ -1,13 +1,12 @@
1
1
  warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUBY_VERSION
2
2
 
3
- require 'java'
4
3
  require 'jopenssl/version'
5
4
 
6
- warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{Jopenssl::VERSION}" if JRUBY_VERSION < '1.7.20'
5
+ warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{JOpenSSL::VERSION}" if JRUBY_VERSION < '1.7.20'
7
6
 
8
7
  # NOTE: assuming user does pull in BC .jars from somewhere else on the CP
9
8
  unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
10
- version = Jopenssl::BOUNCY_CASTLE_VERSION
9
+ version = JOpenSSL::BOUNCY_CASTLE_VERSION
11
10
  bc_jars = nil
12
11
  begin
13
12
  require 'jar-dependencies'
@@ -26,13 +25,17 @@ unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
26
25
  end
27
26
  end
28
27
 
29
- require 'jruby'
30
28
  require 'jopenssl.jar'
31
- org.jruby.ext.openssl.OpenSSL.load(JRuby.runtime)
29
+
30
+ if JRuby::Util.respond_to?(:load_ext) # JRuby 9.2
31
+ JRuby::Util.load_ext('org.jruby.ext.openssl.OpenSSL')
32
+ else; require 'jruby'
33
+ org.jruby.ext.openssl.OpenSSL.load(JRuby.runtime)
34
+ end
32
35
 
33
36
  if RUBY_VERSION > '2.3'
34
37
  load 'jopenssl23/openssl.rb'
35
- load 'jopenssl24.rb' if RUBY_VERSION >= '2.4'
38
+ load 'jopenssl/_compat23.rb'
36
39
  elsif RUBY_VERSION > '2.2'
37
40
  load 'jopenssl22/openssl.rb'
38
41
  elsif RUBY_VERSION > '2.1'
@@ -41,4 +44,7 @@ else
41
44
  load 'jopenssl19/openssl.rb'
42
45
  end
43
46
 
44
- require 'openssl/pkcs12'
47
+ module OpenSSL
48
+ autoload :Config, 'openssl/config' unless const_defined?(:Config, false)
49
+ autoload :PKCS12, 'openssl/pkcs12'
50
+ end
@@ -1,4 +1,5 @@
1
- module Jopenssl
2
- VERSION = '0.10.0'
1
+ module JOpenSSL
2
+ VERSION = '0.10.1'
3
3
  BOUNCY_CASTLE_VERSION = '1.59'
4
4
  end
5
+ Jopenssl = JOpenSSL
@@ -19,6 +19,104 @@ require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
19
19
 
20
20
  module OpenSSL
21
21
  module SSL
22
+ class SSLContext
23
+ DEFAULT_PARAMS = {
24
+ :ssl_version => "SSLv23",
25
+ :verify_mode => OpenSSL::SSL::VERIFY_PEER,
26
+ :ciphers => %w{
27
+ ECDHE-ECDSA-AES128-GCM-SHA256
28
+ ECDHE-RSA-AES128-GCM-SHA256
29
+ ECDHE-ECDSA-AES256-GCM-SHA384
30
+ ECDHE-RSA-AES256-GCM-SHA384
31
+ DHE-RSA-AES128-GCM-SHA256
32
+ DHE-DSS-AES128-GCM-SHA256
33
+ DHE-RSA-AES256-GCM-SHA384
34
+ DHE-DSS-AES256-GCM-SHA384
35
+ ECDHE-ECDSA-AES128-SHA256
36
+ ECDHE-RSA-AES128-SHA256
37
+ ECDHE-ECDSA-AES128-SHA
38
+ ECDHE-RSA-AES128-SHA
39
+ ECDHE-ECDSA-AES256-SHA384
40
+ ECDHE-RSA-AES256-SHA384
41
+ ECDHE-ECDSA-AES256-SHA
42
+ ECDHE-RSA-AES256-SHA
43
+ DHE-RSA-AES128-SHA256
44
+ DHE-RSA-AES256-SHA256
45
+ DHE-RSA-AES128-SHA
46
+ DHE-RSA-AES256-SHA
47
+ DHE-DSS-AES128-SHA256
48
+ DHE-DSS-AES256-SHA256
49
+ DHE-DSS-AES128-SHA
50
+ DHE-DSS-AES256-SHA
51
+ AES128-GCM-SHA256
52
+ AES256-GCM-SHA384
53
+ AES128-SHA256
54
+ AES256-SHA256
55
+ AES128-SHA
56
+ AES256-SHA
57
+ ECDHE-ECDSA-RC4-SHA
58
+ ECDHE-RSA-RC4-SHA
59
+ RC4-SHA
60
+ }.join(":"),
61
+ :options => -> {
62
+ opts = OpenSSL::SSL::OP_ALL
63
+ opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
64
+ opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
65
+ opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
66
+ opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
67
+ opts
68
+ }.call
69
+ } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
70
+
71
+ begin
72
+ DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
73
+ DEFAULT_CERT_STORE.set_default_paths
74
+ if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
75
+ DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
76
+ end
77
+ end unless const_defined? :DEFAULT_CERT_STORE
78
+
79
+ def set_params(params={})
80
+ params = DEFAULT_PARAMS.merge(params)
81
+ params.each{|name, value| self.__send__("#{name}=", value) }
82
+ if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
83
+ unless self.ca_file or self.ca_path or self.cert_store
84
+ self.cert_store = DEFAULT_CERT_STORE
85
+ end
86
+ end
87
+ return params
88
+ end unless method_defined? :set_params
89
+ end
90
+
91
+ module SocketForwarder
92
+ def addr
93
+ to_io.addr
94
+ end
95
+
96
+ def peeraddr
97
+ to_io.peeraddr
98
+ end
99
+
100
+ def setsockopt(level, optname, optval)
101
+ to_io.setsockopt(level, optname, optval)
102
+ end
103
+
104
+ def getsockopt(level, optname)
105
+ to_io.getsockopt(level, optname)
106
+ end
107
+
108
+ def fcntl(*args)
109
+ to_io.fcntl(*args)
110
+ end
111
+
112
+ def closed?
113
+ to_io.closed?
114
+ end
115
+
116
+ def do_not_reverse_lookup=(flag)
117
+ to_io.do_not_reverse_lookup = flag
118
+ end
119
+ end
22
120
 
23
121
  def verify_certificate_identity(cert, hostname)
24
122
  should_verify_common_name = true
@@ -63,6 +161,12 @@ module OpenSSL
63
161
  include SocketForwarder
64
162
  include Nonblock
65
163
 
164
+ def sysclose
165
+ return if closed?
166
+ stop
167
+ io.close if sync_close
168
+ end unless method_defined? :sysclose
169
+
66
170
  def post_connection_check(hostname)
67
171
  unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
68
172
  raise SSLError, "hostname does not match the server certificate"
@@ -68,13 +68,13 @@ module OpenSSL
68
68
  }.call
69
69
  } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
70
70
 
71
- unless const_defined? :DEFAULT_CERT_STORE # JRuby specific
72
- DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
73
- DEFAULT_CERT_STORE.set_default_paths
74
- if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
75
- DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
76
- end
77
- end
71
+ begin
72
+ DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
73
+ DEFAULT_CERT_STORE.set_default_paths
74
+ if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
75
+ DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
76
+ end
77
+ end unless const_defined? :DEFAULT_CERT_STORE
78
78
 
79
79
  ##
80
80
  # Sets the parameters for this SSL context to the values in +params+.
@@ -86,14 +86,14 @@ module OpenSSL
86
86
 
87
87
  def set_params(params={})
88
88
  params = DEFAULT_PARAMS.merge(params)
89
- params.each{|name, value| self.__send__("#{name}=", value) }
89
+ params.each { |name, value| self.__send__("#{name}=", value) }
90
90
  if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
91
91
  unless self.ca_file or self.ca_path or self.cert_store
92
92
  self.cert_store = DEFAULT_CERT_STORE
93
93
  end
94
94
  end
95
95
  return params
96
- end unless method_defined? :set_params # JRuby: hooked up in "native" Java
96
+ end unless method_defined? :set_params
97
97
  end
98
98
 
99
99
  module SocketForwarder
@@ -124,7 +124,7 @@ module OpenSSL
124
124
  def do_not_reverse_lookup=(flag)
125
125
  to_io.do_not_reverse_lookup = flag
126
126
  end
127
- end unless const_defined? :SocketForwarder # JRuby: hooked up in "native" Java
127
+ end
128
128
 
129
129
  module Nonblock
130
130
  def initialize(*args)
@@ -228,6 +228,12 @@ module OpenSSL
228
228
  include SocketForwarder
229
229
  include Nonblock
230
230
 
231
+ def sysclose
232
+ return if closed?
233
+ stop
234
+ io.close if sync_close
235
+ end unless method_defined? :sysclose
236
+
231
237
  ##
232
238
  # Perform hostname verification after an SSL connection is established
233
239
  #
@@ -248,12 +254,6 @@ module OpenSSL
248
254
  return true
249
255
  end
250
256
 
251
- #def session
252
- # SSL::Session.new(self)
253
- #rescue SSL::Session::SessionError
254
- # nil
255
- #end
256
-
257
257
  private
258
258
 
259
259
  def using_anon_cipher?
@@ -13,7 +13,7 @@
13
13
  require 'openssl/bn'
14
14
  require 'openssl/pkey'
15
15
  require 'openssl/cipher'
16
- require 'openssl/config'
16
+ require 'openssl/config' if OpenSSL.const_defined?(:Config, false)
17
17
  require 'openssl/digest'
18
18
  require 'openssl/x509'
19
19
  require 'openssl/ssl'