jruby-openssl 0.8.6 → 0.8.7.dev

data/lib/shared/jopenssl/version.rb

@@ -1,5 +1,5 @@
 module Jopenssl
   module Version
-    VERSION = "0.8.6"
+    VERSION = "0.8.7.dev"
   end
 end

data/lib/shared/openssl/pkcs12.rb

@@ -2,43 +2,133 @@ require 'java'
 
 module OpenSSL
   class PKCS12
+    class PKCS12Error < OpenSSLError
+    end
+
     java_import java.io.StringReader
     java_import java.io.StringBufferInputStream
     java_import java.security.cert.CertificateFactory
+    java_import java.security.cert.Certificate
     java_import java.security.KeyStore
     java_import java.io.ByteArrayOutputStream
     java_import org.bouncycastle.openssl.PEMReader
 
     java.security.Security.add_provider(org.bouncycastle.jce.provider.BouncyCastleProvider.new)
 
-    def self.create(pass, name, key, cert)
-      pkcs12 = self.new(pass, name, key, cert)
-      pkcs12.generate
+    def self.create(pass, name, key, cert, ca = nil)
+      pkcs12 = self.new
+      pkcs12.generate(pass, name, key, cert, ca)
       pkcs12
     end
 
-    attr_reader :key, :certificate
+    attr_reader :key, :certificate, :ca_certs
+
+    def initialize(str = nil, pass = nil)
+      if str
+        if str.is_a?(File)
+          file = File.open(str.path, "rb")
+          @der = file.read
+          file.close
+        else
+          @der = str
+        end
+
+        p12_input_stream = StringBufferInputStream.new(@der)
+
+        store = KeyStore.get_instance("PKCS12")
+        password = pass.nil? ? "" : pass
+        begin
+          store.load(p12_input_stream, password.to_java.to_char_array)
+        rescue java.lang.Exception => e
+          raise PKCS12Error, "Exception: #{e}"
+        end
+
+        aliases = store.aliases
+        aliases.each { |alias_name|
+          if store.is_key_entry(alias_name)
+            begin
+              java_certificate = store.get_certificate(alias_name)
+            rescue java.lang.Exception => e
+              raise PKCS12Error, "Exception: #{e}"
+            end
+            if java_certificate
+              der = String.from_java_bytes(java_certificate.get_encoded)
+              @certificate = OpenSSL::X509::Certificate.new(der)
+            end
 
-    def initialize(pass, name, key, cert)
-      @pass = pass
-      @name = name
+            begin
+              java_key = store.get_key(alias_name, password.to_java.to_char_array)
+            rescue java.lang.Exception => e
+              raise PKCS12Error, "Exception: #{e}"
+            end
+            if java_key
+              der = String.from_java_bytes(java_key.get_encoded)
+              algorithm = java_key.get_algorithm
+              if algorithm == "RSA"
+                @key = OpenSSL::PKey::RSA.new(der)
+              elsif algorithm == "DSA"
+                @key = OpenSSL::PKey::DSA.new(der)
+              elsif algorithm == "DH"
+                @key = OpenSSL::PKey::DH.new(der)
+              elsif algorithm == "EC"
+                @key = OpenSSL::PKey::EC.new(der)
+              else
+                raise PKCS12Error, "Unknown key algorithm"
+              end
+            end
+
+            @ca_certs = Array.new
+            begin
+              java_ca_certs = store.get_certificate_chain(alias_name)
+            rescue java.lang.Exception => e
+              raise PKCS12Error, "Exception #{e}"
+            end
+            if java_ca_certs
+              java_ca_certs.each do |java_ca_cert|
+                  der = String.from_java_bytes(java_ca_cert.get_encoded)
+                  ruby_cert = OpenSSL::X509::Certificate.new(der)
+                  if (ruby_cert.to_pem != @certificate.to_pem)
+                    @ca_certs << ruby_cert
+                  end
+              end
+            end
+          end
+          break
+        }
+      else
+        @der = nil
+      end
+    end
+
+    def generate(pass, alias_name, key, cert, ca = nil)
       @key = key
       @certificate = cert
-    end
+      @ca_certs = ca
 
-    def generate
       key_reader = StringReader.new(key.to_pem)
       key_pair = PEMReader.new(key_reader).read_object
 
-      cert_input_stream = StringBufferInputStream.new(certificate.to_pem)
+      certificates = cert.to_pem
+      if ca
+        ca.each { |ca_cert| 
+          certificates << ca_cert.to_pem
+        }
+      end
+
+      cert_input_stream = StringBufferInputStream.new(certificates)
       certs = CertificateFactory.get_instance("X.509").generate_certificates(cert_input_stream)
 
       store = KeyStore.get_instance("PKCS12", "BC")
       store.load(nil, nil)
-      store.set_key_entry(@name, key_pair.get_private, nil, certs.to_array(Java::java.security.cert.Certificate[certs.size].new))
+      store.set_key_entry(alias_name, key_pair.get_private, nil, certs.to_array(Java::java.security.cert.Certificate[certs.size].new))
 
       pkcs12_output_stream = ByteArrayOutputStream.new
-      store.store(pkcs12_output_stream, @pass.to_java.to_char_array)
+      password = pass.nil? ? "" : pass;
+      begin
+        store.store(pkcs12_output_stream, password.to_java.to_char_array)
+      rescue java.lang.Exception => e
+        raise PKCS12Error, "Exception: #{e}"
+      end 
 
       @der = String.from_java_bytes(pkcs12_output_stream.to_byte_array)
     end

metadata

@@ -1,8 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: jruby-openssl
 version: !ruby/object:Gem::Version
-  version: 0.8.6
-  prerelease:
+  prerelease: 6
+  version: 0.8.7.dev
 platform: ruby
 authors:
 - Ola Bini
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-03-16 00:00:00.000000000 Z
+date: 2013-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bouncy-castle-java
@@ -89,9 +89,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
   none: false
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
   none: false
 requirements: []
 rubyforge_project: jruby/jruby