jruby-openssl 0.7.6.1 → 0.7.7

data/History.txt

@@ -1,3 +1,13 @@
+== 0.7.7
+
+This release includes bug fixes.
+
+ - JRUBY-6622: Support loading encrypted RSA key with PBES2
+ - JRUBY-4326: Confusing (and late) OpenSSL error message
+ - JRUBY-6579: Avoid ClassCastException for public key loading
+ - JRUBY-6515: sending UTF-8 data over SSL can hang with openssl
+ - Update tests to sync with CRuby ruby_1_9_3
+
 == 0.7.6
 
 This release includes initial implementation of PKCS12 by Owen Ou.

data/Rakefile

@@ -64,7 +64,7 @@ begin
     load File.dirname(__FILE__) + "/lib/shared/jopenssl/version.rb"
     p.version = Jopenssl::Version::VERSION
     p.rubyforge_name = "jruby-extras"
-    p.url = "https://github.com/jruby/jruby-ossl"
+    p.urls = ["https://github.com/jruby/jruby-ossl"]
     p.author = "Ola Bini and JRuby contributors"
     p.email = "ola.bini@gmail.com"
     p.summary = "OpenSSL add-on for JRuby"

data/lib/1.9/openssl/buffering.rb

@@ -11,7 +11,7 @@
   (See the file 'LICENCE'.)
 
 = Version
-  $Id: buffering.rb 32012 2011-06-11 14:07:42Z nahi $
+  $Id$
 =end
 
 ##
@@ -307,6 +307,7 @@ module OpenSSL::Buffering
   def do_write(s)
     @wbuffer = "" unless defined? @wbuffer
     @wbuffer << s
+    @wbuffer.force_encoding(Encoding::BINARY)
     @sync ||= false
     if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
       remain = idx ? idx + $/.size : @wbuffer.length
@@ -333,7 +334,7 @@ module OpenSSL::Buffering
 
   def write(s)
     do_write(s)
-    s.length
+    s.bytesize
   end
 
   ##

data/lib/shared/jopenssl/version.rb

@@ -1,5 +1,5 @@
 module Jopenssl
   module Version
-    VERSION = "0.7.6.1"
+    VERSION = "0.7.7"
   end
 end

data/test/1.9/test_pkcs7.rb

@@ -146,6 +146,11 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
     assert_equal(3, recip[1].serial)
     assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
   end
+  
+  def test_graceful_parsing_failure #[ruby-core:43250]
+    contents = File.read(__FILE__)
+    assert_raise(ArgumentError) { OpenSSL::PKCS7.new(contents) }
+  end
 end
 
 end

data/test/1.9/test_ssl.rb

@@ -450,6 +450,50 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
       end
     end
   end
+
+  def test_multibyte_read_write
+    #German a umlaut
+    auml = [%w{ C3 A4 }.join('')].pack('H*')
+    auml.force_encoding(Encoding::UTF_8)
+
+    [10, 1000, 100000].each {|i|
+      str = nil
+      num_written = nil
+      server_proc = Proc.new {|ctx, ssl|
+        cmp = ssl.read
+        raw_size = cmp.size
+        cmp.force_encoding(Encoding::UTF_8)
+        assert_equal(str, cmp)
+        assert_equal(num_written, raw_size)
+        ssl.close
+      }
+      start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :server_proc => server_proc){|server, port|
+        sock = TCPSocket.new("127.0.0.1", port)
+        ssl = OpenSSL::SSL::SSLSocket.new(sock)
+        ssl.sync_close = true
+        ssl.connect
+        str = auml * i
+        num_written = ssl.write(str)
+        ssl.close
+      }
+    }
+  end
+
+  def test_unset_OP_ALL
+    ctx_proc = Proc.new { |ctx|
+      ctx.options = OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
+    }
+    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc){|server, port|
+      sock = TCPSocket.new("127.0.0.1", port)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock)
+      ssl.sync_close = true
+      ssl.connect
+      ssl.puts('hello')
+      assert_equal("hello\n", ssl.gets)
+      ssl.close
+    }
+  end
+
 end
 
 end

data/test/1.9/test_x509name.rb

@@ -100,6 +100,58 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
     assert_equal(name_from_der.to_der, name.to_der)
   end
 
+  def test_unrecognized_oid
+    dn = [ ["1.2.3.4.5.6.7.8.9.7.5.3.1", "Unknown OID 1"],
+           ["1.1.2.3.5.8.13.21.34", "Unknown OID 2"],
+           ["C", "US"],
+           ["postalCode", "60602"],
+           ["ST", "Illinois"],
+           ["L", "Chicago"],
+           #["street", "123 Fake St"],
+           ["O", "Some Company LLC"],
+           ["CN", "mydomain.com"] ]
+
+    name = OpenSSL::X509::Name.new(dn)
+    ary = name.to_a
+    #assert_equal("/1.2.3.4.5.6.7.8.9.7.5.3.1=Unknown OID 1/1.1.2.3.5.8.13.21.34=Unknown OID 2/C=US/postalCode=60602/ST=Illinois/L=Chicago/street=123 Fake St/O=Some Company LLC/CN=mydomain.com", name.to_s)
+    assert_equal("/1.2.3.4.5.6.7.8.9.7.5.3.1=Unknown OID 1/1.1.2.3.5.8.13.21.34=Unknown OID 2/C=US/postalCode=60602/ST=Illinois/L=Chicago/O=Some Company LLC/CN=mydomain.com", name.to_s)
+    assert_equal("1.2.3.4.5.6.7.8.9.7.5.3.1", ary[0][0])
+    assert_equal("1.1.2.3.5.8.13.21.34", ary[1][0])
+    assert_equal("C", ary[2][0])
+    assert_equal("postalCode", ary[3][0])
+    assert_equal("ST", ary[4][0])
+    assert_equal("L", ary[5][0])
+    #assert_equal("street", ary[6][0])
+    assert_equal("O", ary[6][0])
+    assert_equal("CN", ary[7][0])
+    assert_equal("Unknown OID 1", ary[0][1])
+    assert_equal("Unknown OID 2", ary[1][1])
+    assert_equal("US", ary[2][1])
+    assert_equal("60602", ary[3][1])
+    assert_equal("Illinois", ary[4][1])
+    assert_equal("Chicago", ary[5][1])
+    #assert_equal("123 Fake St", ary[6][1])
+    assert_equal("Some Company LLC", ary[6][1])
+    assert_equal("mydomain.com", ary[7][1])
+  end
+
+  def test_unrecognized_oid_parse_encode_equality
+    dn = [ ["1.2.3.4.5.6.7.8.9.7.5.3.2", "Unknown OID1"],
+           ["1.1.2.3.5.8.13.21.35", "Unknown OID2"],
+           ["C", "US"],
+           ["postalCode", "60602"],
+           ["ST", "Illinois"],
+           ["L", "Chicago"],
+           #["street", "123 Fake St"],
+           ["O", "Some Company LLC"],
+           ["CN", "mydomain.com"] ]
+
+    name1 = OpenSSL::X509::Name.new(dn)
+    name2 = OpenSSL::X509::Name.parse(name1.to_s)
+    assert_equal(name1.to_s, name2.to_s)
+    assert_equal(name1.to_a, name2.to_a)
+  end
+
   def test_s_parse
     dn = "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org"
     name = OpenSSL::X509::Name.parse(dn)
@@ -258,6 +310,24 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
     assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[4][2])
   end
 
+  def test_add_entry_street
+    return if OpenSSL::OPENSSL_VERSION_NUMBER < 0x009080df # 0.9.8m
+    # openssl/crypto/objects/obj_mac.h 1.83
+    dn = [
+      ["DC", "org"],
+      ["DC", "ruby-lang"],
+      ["CN", "GOTOU Yuuzou"],
+      ["emailAddress", "gotoyuzo@ruby-lang.org"],
+      ["serialNumber", "123"],
+      ["street", "Namiki"],
+    ]
+    name = OpenSSL::X509::Name.new
+    dn.each{|attr| name.add_entry(*attr) }
+    ary = name.to_a
+    assert_equal("/DC=org/DC=ruby-lang/CN=GOTOU Yuuzou/emailAddress=gotoyuzo@ruby-lang.org/serialNumber=123/street=Namiki", name.to_s)
+    assert_equal("Namiki", ary[5][1])
+  end
+
   def test_equals2
     n1 = OpenSSL::X509::Name.parse 'CN=a'
     n2 = OpenSSL::X509::Name.parse 'CN=a'

data/test/test_pkey_rsa.rb

@@ -103,6 +103,37 @@ __EOP__
     end
   end
 
+  # JRUBY-6622
+  def test_load_pkey_rsa_enc_pbes2
+    # password is 'password'
+    pem = <<__EOP__
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIaYgszaX31yECAggA
+MBQGCCqGSIb3DQMHBAij3LmXGCmB8wSCAoDcLnAeXiBugFmwXd3wrvznlKvwHkP2
+76lIrTiwDRZOLuaKHdBgNQDJ3NP+UPGdM7YEyNqdfdbN/3cLd0qfzeobuU+c/lGI
+aE5pAwlWm5lK9boTsJnCqaDFEgJz2khZF+7RqYQVSG7MTM9SnIRNScLKjhTk7AaF
+PD2qSnMVtixw/VfwdzhUknuwP2monLY8Ip/l9abicmBp9HGQ+0WA/nKQLQ/egWG0
+S6rrXsH91exaxL7gcZL8jF+Ub7VDt4Hvx1RB/3r12k7AQGsK+TyIrKQFUllSnSq/
+eFwBqpLSKWYyGJZlkJzW5MTHyeXqpTvav6T7e2mKZ4GG/a8THoWxLLrKeODFFoWn
+LQNOQZ2Axa15E0TdeSkaumsOWPJm5DgFxf/1cRNxhJqYdX68QjWXeNS2SXPZBwlx
+HCaAYo6OoCHZQ7O/3MpiT3rUAk30fbSa09VSvrenYi5s5lPieKFt3QZI44uGvi9j
+MXyN4fkjzzXasE0xZzf6bQLS6aM+ucyQ8CMv0oAgAndoeKu10Ha4KmdT5dZf3LHj
+BUXZDYp3Q5UF6ePyxKBdAqJf4PNKl4+VehYJ4eQ6CIQiSxSuWv9T+2b90PyDuRkz
+sB1XZpeDD6dhQuU9GjdwCTyatITcm97ZkbdZEoQiDpiWQB4parTvKLKbD4AbP/+E
+08btPFgXNocFUjLb5lB4Y/6RqaQxY7VoaFOPOfPpWPXF26X9Y5y3y+ymXdYFpkhp
+wGBGScH+dutQWHoRV1TWUjv9a7CuzUxCX2Hrjooz1BtOnG8CoPA7K43+kvire5jN
+529p6u+FtUZPUWLm5L5WHBUECEtJGw3ImjosX1HtoM/rW34XDmMHuN0u
+-----END ENCRYPTED PRIVATE KEY-----
+__EOP__
+    assert_nothing_raised do
+      pkey = OpenSSL::PKey::RSA.new(pem, 'password')
+      pkey2 = OpenSSL::PKey::RSA.new(pkey.to_pem)
+      assert_equal(pkey.n, pkey2.n)
+      assert_equal(pkey.e, pkey2.e)
+      assert_equal(pkey.d, pkey2.d)
+    end
+  end
+
   # jruby-openssl/0.6 causes NPE
   def test_generate_pkey_rsa_empty
     assert_nothing_raised do

metadata

@@ -2,7 +2,7 @@
 name: jruby-openssl
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.7.6.1
+  version: 0.7.7
 platform: ruby
 authors: 
   - Ola Bini and JRuby contributors
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-02-15 00:00:00 Z
+date: 2012-05-21 00:00:00 Z
 dependencies: 
   - !ruby/object:Gem::Dependency 
     name: bouncy-castle-java