pkernel_jce 0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +14 -0
- data/.ruby-version +1 -0
- data/Gemfile +6 -0
- data/Gemfile.lock +56 -0
- data/LICENSE.txt +21 -0
- data/README.md +39 -0
- data/Rakefile +2 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/jars/bcmail-jdk15on-157.jar +0 -0
- data/jars/bcpg-jdk15on-157.jar +0 -0
- data/jars/bcpkix-jdk15on-157.jar +0 -0
- data/jars/bcprov-ext-jdk15on-157.jar +0 -0
- data/jars/bcprov-jdk15on-157.jar +0 -0
- data/lib/pkernel_jce/bc_helpers.rb +51 -0
- data/lib/pkernel_jce/certificate.rb +467 -0
- data/lib/pkernel_jce/certificate_owner.rb +90 -0
- data/lib/pkernel_jce/crl.rb +221 -0
- data/lib/pkernel_jce/csr.rb +126 -0
- data/lib/pkernel_jce/error.rb +7 -0
- data/lib/pkernel_jce/global.rb +17 -0
- data/lib/pkernel_jce/identity.rb +333 -0
- data/lib/pkernel_jce/io_utils.rb +45 -0
- data/lib/pkernel_jce/keypair.rb +359 -0
- data/lib/pkernel_jce/ocsp.rb +415 -0
- data/lib/pkernel_jce/provider.rb +40 -0
- data/lib/pkernel_jce/rfc3161.rb +389 -0
- data/lib/pkernel_jce/utils.rb +59 -0
- data/lib/pkernel_jce/version.rb +3 -0
- data/lib/pkernel_jce.rb +102 -0
- data/pkernel_jce.gemspec +45 -0
- metadata +146 -0
@@ -0,0 +1,389 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
require 'pkernel'
|
4
|
+
|
5
|
+
require_relative "io_utils"
|
6
|
+
require_relative "identity"
|
7
|
+
require_relative "bc_helpers"
|
8
|
+
|
9
|
+
#require_relative '../pkernel_jce'
|
10
|
+
|
11
|
+
module PkernelJce
|
12
|
+
|
13
|
+
# RFC3161 is timestamping backed by PKI
|
14
|
+
module Rfc3161
|
15
|
+
module Response
|
16
|
+
|
17
|
+
# generate rfc3161 timestamp token
|
18
|
+
def generate(opts = { })
|
19
|
+
bin = opts[:bin]
|
20
|
+
file = opts[:file]
|
21
|
+
|
22
|
+
if not (file.nil? or file.empty?)
|
23
|
+
breq = IoUtils.file_to_memory_byte_array(file)
|
24
|
+
elsif not bin.nil?
|
25
|
+
breq = IoUtils.ensure_java_bytes(bin)
|
26
|
+
else
|
27
|
+
raise PkernelJce::Error, "No request file or memory is given to generate timestamp response"
|
28
|
+
end
|
29
|
+
|
30
|
+
|
31
|
+
id = opts[:identity]
|
32
|
+
if id.nil?
|
33
|
+
raise PkernelJce::Error, "Identity is not given to generate timestamping token"
|
34
|
+
end
|
35
|
+
|
36
|
+
req = org.bouncycastle.tsp.TimeStampRequest.new(breq)
|
37
|
+
#p req.messageImprintAlgOID
|
38
|
+
|
39
|
+
begin
|
40
|
+
dgstEng = BcHelpers.find_digest_calculator(req.messageImprintAlgOID)
|
41
|
+
PkernelJce::GConf.instance.glog.debug "Timestamp request using hash '#{dgstEng}'"
|
42
|
+
rescue PkernelJce::Error => ex
|
43
|
+
opts[:status] = Pkernel::Rfc3161::RESP_REJECTION
|
44
|
+
opts[:reason] = Pkernel::Rfc3161::REASON_BAD_ALG
|
45
|
+
opts[:reasonMsg] = "Digest not supported"
|
46
|
+
end
|
47
|
+
|
48
|
+
chain = id.chain
|
49
|
+
list = java.util.ArrayList.new
|
50
|
+
chain.each do |c|
|
51
|
+
list.add(c)
|
52
|
+
end
|
53
|
+
store = org.bouncycastle.cert.jcajce.JcaCertStore.new(list)
|
54
|
+
|
55
|
+
# this one seems useless since the actual algo shall be taken from request anyway...
|
56
|
+
signHashAlgo = opts[:signHash] || "SHA256"
|
57
|
+
policyId = opts[:policy_id] || "1.2.3.4.1"
|
58
|
+
signInfo = org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder.new.setProvider(id.provider).build(PkernelJce::KeyPair.derive_signing_algo(id.privKey,signHashAlgo), id.privKey, id.certificate)
|
59
|
+
|
60
|
+
# policy 1.2.3.4.1 = tsa_policy1
|
61
|
+
gen = org.bouncycastle.tsp.TimeStampTokenGenerator.new(signInfo, BcHelpers.find_digest_calculator(signHashAlgo), org.bouncycastle.asn1.ASN1ObjectIdentifier.new(policyId))
|
62
|
+
# policy 1.2 = ISO Member body
|
63
|
+
#gen = org.bouncycastle.tsp.TimeStampTokenGenerator.new(signInfo, SHA256DigestCalculator.new, org.bouncycastle.asn1.ASN1ObjectIdentifier.new("1.2"))
|
64
|
+
|
65
|
+
gen.addCertificates(store)
|
66
|
+
|
67
|
+
if req.cert_req?
|
68
|
+
PkernelJce::GConf.instance.glog.debug "Client requested to include certificate for timestamping"
|
69
|
+
# this option requires the request to reqCert set first if not error shall be thrown at the verification end
|
70
|
+
gen.setTSA(org.bouncycastle.asn1.x509.GeneralName.new(PkernelJce::Certificate.ensure_bc_cert(id.certificate).subject_to_x500))
|
71
|
+
end
|
72
|
+
|
73
|
+
status = opts[:status] || Pkernel::Rfc3161::RESP_GRANTED
|
74
|
+
reason = opts[:reason] || Pkernel::Rfc3161::REASON_SYS_FAILURE
|
75
|
+
reasonMsg = opts[:reasonMsg] || ""
|
76
|
+
|
77
|
+
respGen = org.bouncycastle.tsp.TimeStampResponseGenerator.new(gen, org.bouncycastle.tsp.TSPAlgorithms::ALLOWED)
|
78
|
+
|
79
|
+
if status == Pkernel::Rfc3161::RESP_GRANTED or status == Pkernel::Rfc3161::RESP_GRANTED_WITH_MODS
|
80
|
+
|
81
|
+
# etsi want min 1 sec...:)
|
82
|
+
accuracy = opts[:accuracy] || { seconds: 1 }
|
83
|
+
if not accuracy[:seconds].nil?
|
84
|
+
PkernelJce::GConf.instance.glog.debug "Timestamping setting accuracy #{accuracy[:seconds]} seconds"
|
85
|
+
gen.setAccuracySeconds(accuracy[:seconds].to_i)
|
86
|
+
end
|
87
|
+
|
88
|
+
if not accuracy[:milis].nil?
|
89
|
+
PkernelJce::GConf.instance.glog.debug "Timestamping setting accuracy #{accuracy[:milis]} mili seconds"
|
90
|
+
gen.setAccuracyMillis(accuracy[:milis].to_i)
|
91
|
+
end
|
92
|
+
|
93
|
+
if not accuracy[:micros].nil?
|
94
|
+
PkernelJce::GConf.instance.glog.debug "Timestamping setting accuracy #{accuracy[:micros]} micro seconds"
|
95
|
+
gen.setAccuracyMicros(accuracy[:micros].to_i)
|
96
|
+
end
|
97
|
+
|
98
|
+
tsResp = respGen.generateGrantedResponse(req, java.math.BigInteger.new(SecureRandom.uuid.gsub("-",""),16), java.util.Date.new)
|
99
|
+
|
100
|
+
else
|
101
|
+
|
102
|
+
tsResp = respGen.generateFailResponse(status, reason, reasonMsg)
|
103
|
+
end
|
104
|
+
#resp = org.bouncycastle.tsp.TimeStampResponse.new(tsResp.getEncoded())
|
105
|
+
|
106
|
+
#resp
|
107
|
+
tsResp
|
108
|
+
end
|
109
|
+
#
|
110
|
+
# end generate()
|
111
|
+
#
|
112
|
+
|
113
|
+
def parse(opts = {})
|
114
|
+
|
115
|
+
file = opts[:file]
|
116
|
+
bin = opts[:bin]
|
117
|
+
|
118
|
+
if not (file.nil? or file.empty?)
|
119
|
+
bresp = IoUtils.file_to_memory_byte_array(file)
|
120
|
+
elsif not bin.nil?
|
121
|
+
bresp = IoUtils.ensure_java_bytes(bin)
|
122
|
+
else
|
123
|
+
raise PkernelJce::Error, "No file or memory is given to parse timestamp response"
|
124
|
+
end
|
125
|
+
|
126
|
+
result = { }
|
127
|
+
verifyResp = opts[:verifyResp] || true
|
128
|
+
|
129
|
+
resp = org.bouncycastle.tsp.TimeStampResponse.new(bresp)
|
130
|
+
|
131
|
+
result[:status] = resp.status
|
132
|
+
|
133
|
+
if resp.status == Pkernel::Rfc3161::RESP_GRANTED || resp.status == Pkernel::Rfc3161::RESP_GRANTED_WITH_MODS
|
134
|
+
|
135
|
+
token = resp.getTimeStampToken
|
136
|
+
|
137
|
+
if not token.nil?
|
138
|
+
info = token.getTimeStampInfo
|
139
|
+
else
|
140
|
+
PkernelJce::GConf.instance.glog.warn "Timestamp does not contain token!"
|
141
|
+
end
|
142
|
+
|
143
|
+
|
144
|
+
|
145
|
+
if not token.nil? and verifyResp
|
146
|
+
|
147
|
+
tsaCert = opts[:tsaCert]
|
148
|
+
|
149
|
+
signingCert = nil
|
150
|
+
token.getCertificates.to_a.each do |c|
|
151
|
+
if c.subject_to_x500.equals(info.getTsa.name)
|
152
|
+
signingCert = c
|
153
|
+
break
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
if not tsaCert.nil?
|
158
|
+
# check if tsaCert and signingCert is same
|
159
|
+
if not tsaCert.equals(signingCert)
|
160
|
+
raise PkernelJce::Error, "Given TSA cert and signing cert obtained from the timestamp token is not the same"
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
prov = PkernelJce::Provider.add_default
|
165
|
+
begin
|
166
|
+
token.validate(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder.new.setProvider(prov).build(signingCert))
|
167
|
+
result[:signature_status] = :verified
|
168
|
+
PkernelJce::GConf.instance.glog.debug "Timestamp verified against signing cert [#{signingCert.subject}]"
|
169
|
+
|
170
|
+
result[:signer] = { }
|
171
|
+
result[:signer][:cert] = signingCert
|
172
|
+
result[:signer][:chain] = token.getCertificates.to_a
|
173
|
+
|
174
|
+
rescue Exception => ex
|
175
|
+
result[:signature_status] = :failed
|
176
|
+
result[:signature_status_details] = ex.message
|
177
|
+
end
|
178
|
+
end
|
179
|
+
# end verifyResp
|
180
|
+
|
181
|
+
req = opts[:request]
|
182
|
+
if not token.nil? and not req.nil?
|
183
|
+
|
184
|
+
source = opts[:data]
|
185
|
+
if not source.nil?
|
186
|
+
sfile = source[:file]
|
187
|
+
sbin = source[:bin]
|
188
|
+
end
|
189
|
+
|
190
|
+
if not (sfile.nil? or sfile.empty?) or not sbin.nil?
|
191
|
+
|
192
|
+
dgst = PkernelJce::BcHelpers.find_digest_calculator(req.getMessageImprintAlgOID)
|
193
|
+
if not dgst.nil?
|
194
|
+
if not (sfile.nil? or sfile.empty?)
|
195
|
+
PkernelJce::GConf.instance.glog.debug "Calculating hash for source '#{sfile}'"
|
196
|
+
b = Java::byte[10240].new
|
197
|
+
fis = java.io.FileInputStream.new(sfile)
|
198
|
+
while((read = fis.read(b,0,b.length)) != -1)
|
199
|
+
dgst.getOutputStream.write(b,0,read)
|
200
|
+
end
|
201
|
+
dgst.getOutputStream.close
|
202
|
+
|
203
|
+
elsif not sbin.nil?
|
204
|
+
PkernelJce::GConf.instance.glog.debug "Calculating hash for source from memory"
|
205
|
+
dgst.getOutputStream.write(sbin.to_java_bytes)
|
206
|
+
dgst.getOutputStream.close
|
207
|
+
end
|
208
|
+
|
209
|
+
if not java.util.Arrays.equals(dgst.digest, req.getMessageImprintDigest)
|
210
|
+
raise PkernelJce::Error, "Source digest is different from request! Source file is not the original data sent for timestamp"
|
211
|
+
else
|
212
|
+
PkernelJce::GConf.instance.glog.debug "Source file hash matched request digest."
|
213
|
+
end
|
214
|
+
else
|
215
|
+
PkernelJce::GConf.instance.glog.warn "Failed to initialize the hashing algo for source verification. Source verification shall be skipped."
|
216
|
+
end
|
217
|
+
end
|
218
|
+
# end not source.nil?
|
219
|
+
|
220
|
+
begin
|
221
|
+
resp.validate(req)
|
222
|
+
result[:request_validation] = :verified
|
223
|
+
result[:digest] = info.getMessageImprintDigest
|
224
|
+
result[:digest_algo] = info.getMessageImprintAlgOID
|
225
|
+
PkernelJce::GConf.instance.glog.debug "Timestamp response verified against timestamp request. Checked [Nonce, Status, Digest, Hash Engine, Policy, Signing Certificates]"
|
226
|
+
rescue Exception => ex
|
227
|
+
result[:request_validation] = :failed
|
228
|
+
result[:request_validation_details] = ex.message
|
229
|
+
end
|
230
|
+
end
|
231
|
+
|
232
|
+
|
233
|
+
if not info.nil?
|
234
|
+
acc = info.getAccuracy
|
235
|
+
result[:accuracy] = {}
|
236
|
+
result[:accuracy][:seconds] = acc.getSeconds.nil? ? 0 : acc.getSeconds.value
|
237
|
+
result[:accuracy][:milis] = acc.getMillis.nil? ? 0 : acc.getMillis.value
|
238
|
+
result[:accuracy][:micros] = acc.getMicros.nil? ? 0 : acc.getMicros.value
|
239
|
+
time = info.getGenTime
|
240
|
+
result[:time] = time
|
241
|
+
nonce = info.getNonce
|
242
|
+
result[:nonce] = nonce.to_s(16)
|
243
|
+
serial = info.getSerialNumber
|
244
|
+
result[:serial] = serial.to_s(16)
|
245
|
+
policy = info.getPolicy
|
246
|
+
result[:policy] = policy
|
247
|
+
tsa = info.getTsa
|
248
|
+
result[:tsa_name] = tsa.name.to_s
|
249
|
+
ordered = info.isOrdered
|
250
|
+
result[:ordered] = ordered
|
251
|
+
end
|
252
|
+
|
253
|
+
else
|
254
|
+
# status is NOT granted or granted with mods!
|
255
|
+
result[:reason] = resp.getFailInfo
|
256
|
+
result[:reasonMsg] = resp.getStatusString
|
257
|
+
end
|
258
|
+
# if status is granted or granted with mods
|
259
|
+
|
260
|
+
result
|
261
|
+
|
262
|
+
end
|
263
|
+
# end parse()
|
264
|
+
#
|
265
|
+
|
266
|
+
end
|
267
|
+
# end module response
|
268
|
+
|
269
|
+
module Request
|
270
|
+
def generate(opts = { })
|
271
|
+
|
272
|
+
targetFile = opts[:tbts_file]
|
273
|
+
targetBin = opts[:tbts_bin]
|
274
|
+
|
275
|
+
reqGen = org.bouncycastle.tsp.TimeStampRequestGenerator.new
|
276
|
+
|
277
|
+
reqCert = opts[:inc_certs] || true
|
278
|
+
if reqCert
|
279
|
+
reqGen.setCertReq(true)
|
280
|
+
end
|
281
|
+
|
282
|
+
reqPolicy = opts[:req_policy]
|
283
|
+
if not (reqPolicy.nil? or reqPolicy.empty?)
|
284
|
+
reqGen.setReqPolicy(org.bouncycastle.asn1.x509.AlgorithmIdentifier.new(reqPolicy))
|
285
|
+
end
|
286
|
+
|
287
|
+
nonce = Java::byte[16].new
|
288
|
+
java.util.Random.new.nextBytes(nonce)
|
289
|
+
|
290
|
+
hashAlgo = opts[:hashAlgo] || "SHA256"
|
291
|
+
if not hashAlgo.nil?
|
292
|
+
hashAlgo = hashAlgo.upcase
|
293
|
+
case hashAlgo
|
294
|
+
when "SHA224","SHA256","SHA384","SHA512","RIPEMD128","RIPEMD160","RIPEMD256"
|
295
|
+
dgstCal = PkernelJce::BcHelpers.find_digest_calculator(hashAlgo)
|
296
|
+
|
297
|
+
if not (targetFile.nil? or targetFile.empty?)
|
298
|
+
b = Java::byte[10240].new
|
299
|
+
fis = java.io.FileInputStream.new(targetFile)
|
300
|
+
while((cont = fis.read(b,0,b.length)) != -1)
|
301
|
+
dgstCal.getOutputStream.write(b,0,cont)
|
302
|
+
end
|
303
|
+
dgstCal.getOutputStream.close
|
304
|
+
|
305
|
+
elsif not targetBin.nil?
|
306
|
+
bin = PkernelJce::IoUtils.ensure_java_bytes(targetBin)
|
307
|
+
dgstCal.getOutputStream.write(bin)
|
308
|
+
dgstCal.getOutputStream.close
|
309
|
+
|
310
|
+
else
|
311
|
+
raise PkernelJce::Error, "No to-be-timestamped file or memory input given to timestamp"
|
312
|
+
end
|
313
|
+
|
314
|
+
else
|
315
|
+
raise PkernelJce::Error, "Unsupported hash algo '#{hashAlgo}'"
|
316
|
+
end
|
317
|
+
end
|
318
|
+
|
319
|
+
digest = dgstCal.digest
|
320
|
+
tspHash = PkernelJce::Rfc3161::Request.find_tsp_algo(dgstCal)
|
321
|
+
reqGen.generate(tspHash, digest.to_s.to_java_bytes, java.math.BigInteger.new(nonce).abs)
|
322
|
+
end
|
323
|
+
# end generate()
|
324
|
+
#
|
325
|
+
|
326
|
+
def parse(opts = { })
|
327
|
+
|
328
|
+
bin = opts[:bin]
|
329
|
+
file = opts[:file]
|
330
|
+
|
331
|
+
if not (file.nil? or file.empty?)
|
332
|
+
breq = IoUtils.file_to_memory_byte_array(file)
|
333
|
+
elsif not bin.nil?
|
334
|
+
breq = IoUtils.ensure_java_bytes(bin)
|
335
|
+
else
|
336
|
+
raise PkernelJce::Error, "No request file or memory is given to parse"
|
337
|
+
end
|
338
|
+
|
339
|
+
result = { }
|
340
|
+
req = org.bouncycastle.tsp.TimeStampRequest.new(breq)
|
341
|
+
|
342
|
+
result[:cert_req] = req.cert_req?
|
343
|
+
result[:digest_algo] = req.getMessageImprintAlgOID
|
344
|
+
result[:digest] = req.getMessageImprintDigest
|
345
|
+
result[:nonce] = req.getNonce.to_s(16)
|
346
|
+
result[:policy] = req.req_policy
|
347
|
+
|
348
|
+
result
|
349
|
+
end
|
350
|
+
|
351
|
+
def Request.find_tsp_algo(dgstCal)
|
352
|
+
if dgstCal.nil?
|
353
|
+
raise PkernelJce::Error, "Digest calculator not given to derive tsp algo"
|
354
|
+
end
|
355
|
+
|
356
|
+
tspHash = nil
|
357
|
+
org.bouncycastle.tsp.TSPAlgorithms.constants.each do |al|
|
358
|
+
tspAlgo = org.bouncycastle.tsp.TSPAlgorithms.send(al)
|
359
|
+
next if not tspAlgo.java_kind_of?(Java::OrgBouncycastleAsn1::ASN1ObjectIdentifier)
|
360
|
+
if tspAlgo.toASN1Object.equals(dgstCal.algorithm_identifier.algorithm)
|
361
|
+
tspHash = tspAlgo
|
362
|
+
break
|
363
|
+
end
|
364
|
+
end
|
365
|
+
|
366
|
+
tspHash
|
367
|
+
end
|
368
|
+
# end find_tsp_algo
|
369
|
+
|
370
|
+
end
|
371
|
+
# end module Request
|
372
|
+
|
373
|
+
end
|
374
|
+
#
|
375
|
+
# end Rfc3161
|
376
|
+
#
|
377
|
+
|
378
|
+
class Rfc3161RequestEngine
|
379
|
+
extend PkernelJce::Rfc3161::Request
|
380
|
+
|
381
|
+
end
|
382
|
+
|
383
|
+
class Rfc3161ResponseEngine
|
384
|
+
extend PkernelJce::Rfc3161::Response
|
385
|
+
end
|
386
|
+
# end class Rfc3161Engine
|
387
|
+
|
388
|
+
end
|
389
|
+
|
@@ -0,0 +1,59 @@
|
|
1
|
+
|
2
|
+
require_relative 'provider'
|
3
|
+
|
4
|
+
class Array
|
5
|
+
def to_vector
|
6
|
+
v = Java::JavaUtil::Vector.new
|
7
|
+
self.each do |rec|
|
8
|
+
v.add_element rec
|
9
|
+
end
|
10
|
+
v
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
class Java::JavaUtil::Date
|
15
|
+
def to_ruby_date
|
16
|
+
Time.at(self.getTime/1000)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
class Time
|
21
|
+
def to_java_date
|
22
|
+
java.util.Date.new(self.to_i*1000)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
#class DateTime
|
27
|
+
# def to_java_date
|
28
|
+
# java.util.Date.new(self.to_i*1000)
|
29
|
+
# end
|
30
|
+
#end
|
31
|
+
|
32
|
+
|
33
|
+
# bouncycastle has those annoying intermediary object which translation
|
34
|
+
# is PITA
|
35
|
+
class Java::OrgBouncycastleCert::X509CertificateHolder
|
36
|
+
def to_java_cert
|
37
|
+
org.bouncycastle.cert.jcajce.JcaX509CertificateConverter.new.setProvider(PkernelJce::Provider::DefProvider).getCertificate(self)
|
38
|
+
end
|
39
|
+
|
40
|
+
def subject_to_x500
|
41
|
+
org.bouncycastle.asn1.x500.X500Name.getInstance(self.subject.encoded)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
class Java::JavaSecurityCert::Certificate
|
46
|
+
def to_bc_cert_holder
|
47
|
+
org.bouncycastle.cert.X509CertificateHolder.new(self.encoded)
|
48
|
+
end
|
49
|
+
alias_method :to_bc_cert, :to_bc_cert_holder
|
50
|
+
end
|
51
|
+
|
52
|
+
|
53
|
+
class Converter
|
54
|
+
def self.java_bytes_to_hex(bytes)
|
55
|
+
String.from_java_bytes(org.bouncycastle.util.encoders.Hex.encode(bytes))
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
|
data/lib/pkernel_jce.rb
ADDED
@@ -0,0 +1,102 @@
|
|
1
|
+
require "pkernel_jce/version"
|
2
|
+
|
3
|
+
require 'pkernel'
|
4
|
+
|
5
|
+
require_relative 'pkernel_jce/keypair'
|
6
|
+
require_relative 'pkernel_jce/certificate_owner'
|
7
|
+
require_relative 'pkernel_jce/certificate'
|
8
|
+
require_relative 'pkernel_jce/identity'
|
9
|
+
require_relative 'pkernel_jce/crl'
|
10
|
+
require_relative 'pkernel_jce/csr'
|
11
|
+
require_relative 'pkernel_jce/ocsp'
|
12
|
+
require_relative 'pkernel_jce/rfc3161'
|
13
|
+
require_relative 'pkernel_jce/converter'
|
14
|
+
|
15
|
+
module PkernelJce
|
16
|
+
#class Error < StandardError; end
|
17
|
+
# Your code goes here...
|
18
|
+
|
19
|
+
class Pkernel::KeyPair
|
20
|
+
extend PkernelJce::KeyPair
|
21
|
+
|
22
|
+
def self.method_missing(mtd,*args,&block)
|
23
|
+
if PkernelJce::KeyPair.respond_to?(mtd)
|
24
|
+
PkernelJce::KeyPair.send(mtd,*args,&block)
|
25
|
+
else
|
26
|
+
super
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
class Pkernel::Certificate
|
32
|
+
extend PkernelJce::Certificate
|
33
|
+
|
34
|
+
class KeyUsage
|
35
|
+
include PkernelJce::Certificate::KeyUsage
|
36
|
+
end
|
37
|
+
|
38
|
+
class ExtKeyUsage
|
39
|
+
include PkernelJce::Certificate::ExtKeyUsage
|
40
|
+
end
|
41
|
+
|
42
|
+
def self.method_missing(mtd,*args,&block)
|
43
|
+
if PkernelJce::Certificate.respond_to?(mtd)
|
44
|
+
PkernelJce::Certificate.send(mtd,*args,&block)
|
45
|
+
else
|
46
|
+
super
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
class Pkernel::CSR
|
52
|
+
extend PkernelJce::CSR
|
53
|
+
|
54
|
+
def self.method_missing(mtd,*args,&block)
|
55
|
+
if PkernelJce::CSR.respond_to?(mtd)
|
56
|
+
PkernelJce::CSR.send(mtd,*args,&block)
|
57
|
+
else
|
58
|
+
super
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
# end class Pkernel::CSR
|
63
|
+
#
|
64
|
+
|
65
|
+
class Pkernel::IdentityFactory
|
66
|
+
extend PkernelJce::IdentityFactory
|
67
|
+
include PkernelJce::IdentityFactory
|
68
|
+
|
69
|
+
def self.method_missing(mtd,*args,&block)
|
70
|
+
if PkernelJce::IdentityFactory.respond_to?(mtd)
|
71
|
+
PkernelJce::IdentityFactory.send(mtd,*args,&block)
|
72
|
+
else
|
73
|
+
super
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
# end class Pkernel::IdentityFactory
|
78
|
+
#
|
79
|
+
|
80
|
+
|
81
|
+
class Pkernel::CRL
|
82
|
+
extend PkernelJce::CRL
|
83
|
+
end
|
84
|
+
|
85
|
+
class Pkernel::Rfc3161
|
86
|
+
class Response
|
87
|
+
extend PkernelJce::Rfc3161::Response
|
88
|
+
end
|
89
|
+
|
90
|
+
class Request
|
91
|
+
extend PkernelJce::Rfc3161::Request
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
class Pkernel::OCSP
|
96
|
+
extend PkernelJce::OCSP
|
97
|
+
end
|
98
|
+
|
99
|
+
class Pkernel::Converter
|
100
|
+
extend PkernelJce::Converter
|
101
|
+
end
|
102
|
+
end
|
data/pkernel_jce.gemspec
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
|
2
|
+
lib = File.expand_path("../lib", __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require "pkernel_jce/version"
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "pkernel_jce"
|
8
|
+
spec.version = PkernelJce::VERSION
|
9
|
+
spec.authors = ["Chris Liaw"]
|
10
|
+
spec.email = ["chrisliaw@antrapol.com"]
|
11
|
+
|
12
|
+
spec.summary = "PKI Kernel - Java and BouncyCastle implementation"
|
13
|
+
spec.description = "Collection of fundamental functions for PKI core engine implemented in Java and/or BouncyCastle library."
|
14
|
+
spec.homepage = ""
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
18
|
+
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
19
|
+
#if spec.respond_to?(:metadata)
|
20
|
+
# spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
|
21
|
+
|
22
|
+
# spec.metadata["homepage_uri"] = spec.homepage
|
23
|
+
# spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
|
24
|
+
# spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
|
25
|
+
#else
|
26
|
+
# raise "RubyGems 2.0 or newer is required to protect against " \
|
27
|
+
# "public gem pushes."
|
28
|
+
#end
|
29
|
+
|
30
|
+
# Specify which files should be added to the gem when it is released.
|
31
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
32
|
+
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
33
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
34
|
+
end
|
35
|
+
spec.bindir = "exe"
|
36
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
37
|
+
spec.require_paths = ["lib"]
|
38
|
+
|
39
|
+
spec.add_development_dependency "bundler", "~> 2.0"
|
40
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
41
|
+
spec.add_development_dependency 'pry-debugger-jruby'
|
42
|
+
|
43
|
+
spec.add_dependency 'tlogger'
|
44
|
+
spec.add_dependency 'activesupport'
|
45
|
+
end
|