jruby-openssl 0.9.5-java

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 83b4b3bc5766a70b162d7fc27fc2f1ae6a1cc98d
+  data.tar.gz: 9b35fc5907f29cd2d46690e2b639429da44970e0
+SHA512:
+  metadata.gz: 7b59627e9a268c6942c5210cd0ccf28aca4ed1ca550fd72d8d8735c8d8dd735d3abea3b488799c98e34d1f9aed3986790a4e01abe0381c2884b4ace3e218234c
+  data.tar.gz: 7f72bdc6f8abad2b5d2ccccf858b6eb0531be0a6da2dc56774c74227dc6c6d9dd80f379ca3c693ac3b47236bda760a9bfb089230d7c860da8588b80d32b6ae0a

data/History.txt

@@ -0,0 +1,218 @@
+== 0.7.7
+
+This release includes bug fixes.
+
+ - JRUBY-6622: Support loading encrypted RSA key with PBES2
+ - JRUBY-4326: Confusing (and late) OpenSSL error message
+ - JRUBY-6579: Avoid ClassCastException for public key loading
+ - JRUBY-6515: sending UTF-8 data over SSL can hang with openssl
+ - Update tests to sync with CRuby ruby_1_9_3
+
+== 0.7.6
+
+This release includes initial implementation of PKCS12 by Owen Ou.
+
+ - JRUBY-5066: Implement OpenSSL::PKCS12 (only for simple case)
+ - JRUBY-6385: Assertion failure with -J-ea
+
+== 0.7.5
+
+This release improved 1.9 mode support with help of
+Duncan Mak <duncan@earthaid.net>.  Now jruby-ossl gem includes both 1.8 and 1.9
+libraries and part of features should work fine on 1.9 mode, too.
+
+- JRUBY-6270: Wrong keyUsage check for SSL server
+- JRUBY-6260: OpenSSL::ASN1::Integer#value incompatibility
+- JRUBY-6044: Improve Ecrypted RSA/DSA pem support
+- JRUBY-5972: Allow to load/dump empty PKCS7 data
+- JRUBY-5834: Fix X509Name handling; X509Name RDN can include multiple elements
+- JRUBY-5362: Improved 1.9 support
+- JRUBY-4992: Warn if loaded by non JRuby interpreter
+
+== 0.7.4
+
+- JRUBY-5519: Avoid String encoding dependency in DER loading. PEM loading
+  failed on JRuby 1.6.x. Fixed.
+- JRUBY-5510: Add debug information to released jar
+- JRUBY-5478: Update bouncycastle jars to the latest version. (1.46)
+
+== 0.7.3
+
+- JRUBY-5200: Net::IMAP + SSL(imaps) login could hang. Fixed.
+- JRUBY-5253: Allow to load the certificate file which includes private
+  key for activemarchant compatibility.
+- JRUBY-5267: Added SSL socket error-checks to avoid busy loop under an
+  unknown condition.
+- JRUBY-5316: Improvements for J9's IBMJCE support. Now all testcases
+  pass on J9 JDK 6.
+
+== 0.7.2
+
+- JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream
+  cipher (Net::SSH compatibility)
+- JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH
+  compatibility)
+- JRUBY-5096: Fixed inconsistent Certificate verification behavior
+- JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects
+- JRUBY-5059: SSLSocket ignores Timeout (Fixed)
+- JRUBY-4965: implemented OpenSSL::Config
+- JRUBY-5023: make Certificate#signature_algorithm return correct algo
+  name; "sha1WithRSAEncryption" instead of "SHA1"
+- JRUBY-5024: let HMAC.new accept a String as a digest name
+- JRUBY-5018: SSLSocket holds selectors, keys, preventing quick
+  cleanup of resources when dereferenced
+
+== 0.7.1
+
+- NOTE: Now BouncyCastle jars has moved out to its own gem
+  "bouncy-castle-java" (http://rubygems.org/gems/bouncy-castle-java).
+  You don't need to care about it because "jruby-openssl" gem depends
+  on it from now on.
+
+=== SSL bugfix
+
+- JRUBY-4826 net/https client possibly raises "rbuf_fill': End of file
+  reached (EOFError)" for HTTP chunked read.
+
+=== Misc
+
+- JRUBY-4900: Set proper String to OpenSSL::OPENSSL_VERSION. Make sure
+  it's not an OpenSSL artifact: "OpenSSL 0.9.8b 04 May 2006
+  (JRuby-OpenSSL fake)" -> "jruby-ossl 0.7.1"
+- JRUBY-4975: Moving BouncyCastle jars out to its own gem.
+
+== 0.7
+
+- Follow MRI 1.8.7 openssl API changes
+- Fixes so that jruby-openssl can run on appengine
+- Many bug and compatibility fixes, see below.
+- This is the last release that will be compatible with JRuby 1.4.x.
+- Compatibility issues
+-- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7.
+-- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7.
+-- JRUBY-4444: OpenSSL crash running RubyGems tests
+-- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message
+   available"
+-- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris
+-- JRUBY-4541: jruby-openssl doesn't load on App Engine.
+-- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris
+-- JRUBY-4535: Issues with the BouncyCastle provider
+-- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov
+-- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 ->
+   jdk15-144
+- Cipher issues
+-- JRUBY-4012: Initialization vector length handled differently than in MRI
+   (longer IV sequence are trimmed to fit the required)
+-- JRUBY-4473: Implemented DSA key generation
+-- JRUBY-4472: Cipher does not support RC4 and CAST
+-- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or
+   168' for DES3 + SunJCE
+- SSL and X.509(PKIX) issues
+-- JRUBY-4384: TCP socket connection causes busy loop of SSL server
+-- JRUBY-4370: Implement SSLContext#ciphers
+-- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT'
+-- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented
+-- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca
+-- JRUBY-4684: SSLContext#verify_depth is ignored
+-- JRUBY-4398: SSLContext#options does not affect to SSL sessions
+-- JRUBY-4360: Implement SSLSocket#verify_result and dependents
+-- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating
+   (ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when
+   returning SOAP queries over a certain size) 
+-- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel
+   close
+-- JRUBY-4369: X509Store#verify_callback is not called
+-- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes
+   certificates which have the same subject (problem with
+   ruby-openid-apps-discovery (github jruby-openssl issue #2))
+-- JRUBY-4333: PKCS#8 formatted privkey read
+-- JRUBY-4454: Loading Key file as a Certificate causes NPE
+-- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized
+   from PEM causes IllegalStateException 
+- PKCS#7 issues
+-- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm
+-- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake
+   test doesn't finish on JDK5 w/o policy files update) 
+-  Misc
+-- JRUBY-4574: jruby-openssl deprecation warning cleanup
+-- JRUBY-4591: jruby-1.4 support
+
+== 0.6
+
+- This is a recommended upgrade to jruby-openssl. A security problem
+  involving peer certificate verification was found where failed
+  verification silently did nothing, making affected applications
+  vulnerable to attackers. Attackers could lead a client application
+  to believe that a secure connection to a rogue SSL server is
+  legitimate. Attackers could also penetrate client-validated SSL
+  server applications with a dummy certificate. Your application would
+  be vulnerable if you're using the 'net/https' library with
+  OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl
+  prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the
+  problem and providing the fix. See
+  http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html
+  for details.
+- This release addresses CVE-2009-4123 which was reserved for the
+  above vulnerability.
+- Many fixes from NaHi, including issues related to certificate
+  verification and certificate store purpose verification.
+  - implement OpenSSL::X509::Store#set_default_paths
+  - MRI compat. fix: OpenSSL::X509::Store#add_file
+  - Fix nsCertType handling.
+  - Fix Cipher#key_len for DES-EDE3: 16 should be 24.
+  - Modified test expectations around Cipher#final.
+- Public keys are lazily instantiated when the
+  X509::Certificate#public_key method is called (Dave Garcia)
+
+== 0.5.2
+
+* Multiple bugs fixed:
+** JRUBY-3895	Could not verify server signature with net-ssh against Cygwin
+** JRUBY-3864	jruby-openssl depends on Base64Coder from JvYAMLb
+** JRUBY-3790	JRuby-OpenSSL test_post_connection_check is not passing
+** JRUBY-3767	OpenSSL ssl implementation doesn't support client auth
+** JRUBY-3673	jRuby-OpenSSL does not properly load certificate authority file
+
+== 0.5.1
+
+* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1
+  to be 100%
+* Fix by Frederic Jean for a character-decoding issue for some certificates
+
+== 0.5
+
+* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
+* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert
+  Validation Error, when there should be no error
+* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
+* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
+* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating
+  digest
+* Misc code cleanup
+
+== 0.2
+
+- Enable remaining tests; fix a nil string issue in SSLSocket.sysread
+  (JRUBY-1888)
+- Fix socket buffering issue by setting socket IO sync = true
+- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
+- Fix AES key length (JRUBY-2187)
+- Fix cipher initialization (JRUBY-1100)
+- Now, only compatible with JRuby 1.1
+
+== 0.1.1
+
+- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)
+
+== 0.1
+
+- PLEASE NOTE: This release is not compatible with JRuby releases earlier than
+  1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
+  0.6 release.
+- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
+- Simultaneous support for JRuby trunk and 1.0 branch
+- Start of support for OpenSSL::BN
+
+== 0.0.5 and prior
+
+- Initial versions with maintenance updates

data/License.txt

@@ -0,0 +1,30 @@
+JRuby-OpenSSL is distributed under the same license as JRuby (http://www.jruby.org/).
+
+Version: EPL 1.0/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Common Public
+License Version 1.0 (the "License"); you may not use this file
+except in compliance with the License. You may obtain a copy of
+the License at http://www.eclipse.org/legal/cpl-v10.html
+
+Software distributed under the License is distributed on an "AS
+IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+implied. See the License for the specific language governing
+rights and limitations under the License.
+
+Copyright (C) 2007 Ola Bini <ola.bini@gmail.com>
+
+Alternatively, the contents of this file may be used under the terms of
+either of the GNU General Public License Version 2 or later (the "GPL"),
+or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the EPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the EPL, the GPL or the LGPL.
+
+JRuby-OpenSSL includes software by the Legion of the Bouncy Castle
+(http://bouncycastle.org/license.html).

data/Mavenfile

@@ -0,0 +1,44 @@
+#-*- mode: ruby -*-
+
+snapshot_repository :id => 'sonatype', :url => 'https://oss.sonatype.org/content/repositories/snapshots'
+
+gemspec :jar => 'jopenssl', :include_jars => true
+
+if model.version.to_s.match /[a-zA-Z]/
+  model.group_id = 'org.jruby.gems'
+
+  model.version = model.version + '-SNAPSHOT'
+  plugin :deploy do
+    execute_goals( :deploy, 
+                  :skip => false,
+                  :altDeploymentRepository => 'sonatype-nexus-snapshots::default::https://oss.sonatype.org/content/repositories/snapshots/' )
+  end
+end
+
+plugin( :compiler, :target => '1.6', :source => '1.6', :debug => true, :verbose => false, :showWarnings => true, :showDeprecation => true )
+
+jruby_plugin! :gem do
+  # avoid adding this not yet built openssl to the load_path
+  # when installing dependent gems
+  execute_goal :initialize, :lib => 'non-existing'
+  execute_goals :id => 'default-push', :skip => true
+end
+
+# you can use -Djruby.version=1.6.8 to pick a jruby version
+# TODO use 1.6.8 and let the gem-maven-plugin pick the right version
+properties 'jruby.version' => '1.7.12'
+# we need the jruby API here, the version should be less important here
+jar 'org.jruby:jruby-core', '${jruby.version}', :scope => :provided
+# this artifact is needed to run the packaging at the end of the build
+jar 'org.jruby:jruby-stdlib', '${jruby.version}', :scope => :provided
+
+scope :test do
+  jar 'junit:junit:4.11'
+end
+
+properties( 'gem.home' => '../target/rubygems',
+            'gem.path' => '${gem.home}',
+            'tesla.dump.pom' => 'pom.xml',
+            'tesla.dump.readonly' => true )
+
+# vim: syntax=Ruby

data/README.txt

@@ -0,0 +1,13 @@
+= JRuby-OpenSSL
+
+* https://github.com/jruby/jruby/tree/master/maven/gems/jruby-openssl
+
+== DESCRIPTION:
+
+JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.
+
+Please report bugs and incompatibilities (preferably with testcases) to either the JRuby 
+mailing list [1] or the JRuby bug tracker [2].
+
+[1]: http://xircles.codehaus.org/projects/jruby/lists
+[2]: https://github.com/jruby/jruby/issues

data/Rakefile

@@ -0,0 +1,7 @@
+#-*- mode: ruby -*-
+
+require 'maven/ruby/tasks'
+
+# the actual build configuration is inside the Mavenfile
+
+task :default => :build

data/lib/jopenssl/load.rb

@@ -0,0 +1,29 @@
+unless defined? JRUBY_VERSION
+  warn 'Loading jruby-openssl in a non-JRuby interpreter'
+end
+
+require 'jopenssl/version'
+begin
+  # if we have jar-dependencies we let it track the jars
+  require 'jar-dependencies'
+  require_jar( 'org.bouncycastle', 'bcpkix-jdk15on', Jopenssl::Version::BOUNCY_CASTLE_VERSION )
+  require_jar( 'org.bouncycastle', 'bcprov-jdk15on', Jopenssl::Version::BOUNCY_CASTLE_VERSION )
+rescue LoadError
+  require "org/bouncycastle/bcpkix-jdk15on/#{Jopenssl::Version::BOUNCY_CASTLE_VERSION}/bcpkix-jdk15on-#{Jopenssl::Version::BOUNCY_CASTLE_VERSION}.jar"
+  require "org/bouncycastle/bcprov-jdk15on/#{Jopenssl::Version::BOUNCY_CASTLE_VERSION}/bcprov-jdk15on-#{Jopenssl::Version::BOUNCY_CASTLE_VERSION}.jar"
+end
+
+# Load extension
+require 'jruby'
+require 'jopenssl.jar'
+org.jruby.ext.openssl.OSSLLibrary.new.load(JRuby.runtime, false)
+
+if RUBY_VERSION >= '2.1.0'
+  load('jopenssl21/openssl.rb')
+elsif RUBY_VERSION >= '1.9.0'
+  load('jopenssl19/openssl.rb')
+else
+  load('jopenssl18/openssl.rb')
+end
+
+require 'openssl/pkcs12'

data/lib/jopenssl/version.rb

@@ -0,0 +1,6 @@
+module Jopenssl
+  module Version
+    VERSION = "0.9.5"
+    BOUNCY_CASTLE_VERSION = "1.47"
+  end
+end

data/lib/jopenssl18/openssl.rb

@@ -0,0 +1,23 @@
+=begin
+= $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id: openssl.rb 12496 2007-06-08 15:02:04Z technorama $
+=end
+
+require 'openssl/bn'
+require 'openssl/cipher'
+require 'openssl/config'
+require 'openssl/digest'
+require 'openssl/pkcs7'
+require 'openssl/ssl-internal'
+require 'openssl/x509-internal'

data/lib/jopenssl18/openssl/bn.rb

@@ -0,0 +1,35 @@
+=begin
+= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for BN
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id$
+=end
+
+##
+# Should we care what if somebody require this file directly?
+#require 'openssl'
+
+module OpenSSL
+  class BN
+    include Comparable
+  end # BN
+end # OpenSSL
+
+##
+# Add double dispatch to Integer
+#
+class Integer
+  def to_bn
+    OpenSSL::BN::new(self.to_s(16), 16)
+  end
+end # Integer
+

data/lib/jopenssl18/openssl/buffering.rb

@@ -0,0 +1,241 @@
+=begin
+= $RCSfile$ -- Buffering mix-in module.
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id$
+=end
+
+module OpenSSL
+module Buffering
+  include Enumerable
+  attr_accessor :sync
+  BLOCK_SIZE = 1024*16
+
+  def initialize(*args)
+    @eof = false
+    @rbuffer = ""
+    @sync = @io.sync
+  end
+
+  #
+  # for reading.
+  #
+  private
+
+  def fill_rbuff
+    begin
+      @rbuffer << self.sysread(BLOCK_SIZE)
+    rescue Errno::EAGAIN
+      retry
+    rescue EOFError
+      @eof = true
+    end
+  end
+
+  def consume_rbuff(size=nil)
+    if @rbuffer.empty?
+      nil
+    else
+      size = @rbuffer.size unless size
+      ret = @rbuffer[0, size]
+      @rbuffer[0, size] = ""
+      ret
+    end
+  end
+
+  public
+
+  def read(size=nil, buf=nil)
+    if size == 0
+      if buf
+        buf.clear
+      else
+        buf = ""
+      end
+      return @eof ? nil : buf
+    end
+    until @eof
+      break if size && size <= @rbuffer.size
+      fill_rbuff
+    end
+    ret = consume_rbuff(size) || ""
+    if buf
+      buf.replace(ret)
+      ret = buf
+    end
+    (size && ret.empty?) ? nil : ret
+  end
+
+  def readpartial(maxlen, buf=nil)
+    if maxlen == 0
+      if buf
+        buf.clear
+      else
+        buf = ""
+      end
+      return @eof ? nil : buf
+    end
+    if @rbuffer.empty?
+      begin
+        return sysread(maxlen, buf)
+      rescue Errno::EAGAIN
+        retry
+      end
+    end
+    ret = consume_rbuff(maxlen)
+    if buf
+      buf.replace(ret)
+      ret = buf
+    end
+    raise EOFError if ret.empty?
+    ret
+  end
+
+  def gets(eol=$/)
+    idx = @rbuffer.index(eol)
+    until @eof
+      break if idx
+      fill_rbuff
+      idx = @rbuffer.index(eol)
+    end
+    if eol.is_a?(Regexp)
+      size = idx ? idx+$&.size : nil
+    else
+      size = idx ? idx+eol.size : nil
+    end
+    consume_rbuff(size)
+  end
+
+  def each(eol=$/)
+    while line = self.gets(eol)
+      yield line
+    end
+  end
+  alias each_line each
+
+  def readlines(eol=$/)
+    ary = []
+    while line = self.gets(eol)
+      ary << line
+    end
+    ary
+  end
+
+  def readline(eol=$/)
+    raise EOFError if eof?
+    gets(eol)
+  end
+
+  def getc
+    c = read(1)
+    c ? c[0] : nil
+  end
+
+  def each_byte
+    while c = getc
+      yield(c)
+    end
+  end
+
+  def readchar
+    raise EOFError if eof?
+    getc
+  end
+
+  def ungetc(c)
+    @rbuffer[0,0] = c.chr
+  end
+
+  def eof?
+    fill_rbuff if !@eof && @rbuffer.empty?
+    @eof && @rbuffer.empty?
+  end
+  alias eof eof?
+
+  #
+  # for writing.
+  #
+  private
+
+  def do_write(s)
+    @wbuffer = "" unless defined? @wbuffer
+    @wbuffer << s
+    @sync ||= false
+    if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
+      remain = idx ? idx + $/.size : @wbuffer.length
+      nwritten = 0
+      while remain > 0
+        str = @wbuffer[nwritten,remain]
+        begin
+          nwrote = syswrite(str)
+        rescue Errno::EAGAIN
+          retry
+        end
+        remain -= nwrote
+        nwritten += nwrote
+      end
+      @wbuffer[0,nwritten] = ""
+    end
+  end
+
+  public
+
+  def write(s)
+    do_write(s)
+    s.length
+  end
+
+  def << (s)
+    do_write(s)
+    self
+  end
+
+  def puts(*args)
+    s = ""
+    if args.empty?
+      s << "\n"
+    end
+    args.each{|arg|
+      s << arg.to_s
+      if $/ && /\n\z/ !~ s
+        s << "\n"
+      end
+    }
+    do_write(s)
+    nil
+  end
+
+  def print(*args)
+    s = ""
+    args.each{ |arg| s << arg.to_s }
+    do_write(s)
+    nil
+  end
+
+  def printf(s, *args)
+    do_write(s % args)
+    nil
+  end
+
+  def flush
+    osync = @sync
+    @sync = true
+    do_write ""
+    @sync = osync
+  end
+
+  def close
+    flush rescue nil
+    sysclose
+  end
+end
+end