rubysl-openssl 1.0.2 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (74) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +5 -6
  3. data/ext/rubysl/openssl/.gitignore +3 -0
  4. data/ext/rubysl/openssl/deprecation.rb +21 -0
  5. data/ext/rubysl/openssl/extconf.rb +45 -32
  6. data/ext/rubysl/openssl/openssl_missing.c +20 -7
  7. data/ext/rubysl/openssl/openssl_missing.h +22 -15
  8. data/ext/rubysl/openssl/ossl.c +610 -61
  9. data/ext/rubysl/openssl/ossl.h +31 -17
  10. data/ext/rubysl/openssl/ossl_asn1.c +974 -183
  11. data/ext/rubysl/openssl/ossl_asn1.h +3 -3
  12. data/ext/rubysl/openssl/ossl_bio.c +4 -3
  13. data/ext/rubysl/openssl/ossl_bio.h +1 -1
  14. data/ext/rubysl/openssl/ossl_bn.c +32 -28
  15. data/ext/rubysl/openssl/ossl_bn.h +1 -1
  16. data/ext/rubysl/openssl/ossl_cipher.c +494 -93
  17. data/ext/rubysl/openssl/ossl_cipher.h +1 -1
  18. data/ext/rubysl/openssl/ossl_config.c +4 -5
  19. data/ext/rubysl/openssl/ossl_config.h +1 -1
  20. data/ext/rubysl/openssl/ossl_digest.c +206 -24
  21. data/ext/rubysl/openssl/ossl_digest.h +1 -1
  22. data/ext/rubysl/openssl/ossl_engine.c +48 -26
  23. data/ext/rubysl/openssl/ossl_engine.h +1 -1
  24. data/ext/rubysl/openssl/ossl_hmac.c +40 -38
  25. data/ext/rubysl/openssl/ossl_hmac.h +1 -1
  26. data/ext/rubysl/openssl/ossl_ns_spki.c +157 -25
  27. data/ext/rubysl/openssl/ossl_ns_spki.h +1 -1
  28. data/ext/rubysl/openssl/ossl_ocsp.c +57 -40
  29. data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
  30. data/ext/rubysl/openssl/ossl_pkcs12.c +15 -13
  31. data/ext/rubysl/openssl/ossl_pkcs12.h +1 -1
  32. data/ext/rubysl/openssl/ossl_pkcs5.c +108 -18
  33. data/ext/rubysl/openssl/ossl_pkcs7.c +44 -37
  34. data/ext/rubysl/openssl/ossl_pkcs7.h +1 -1
  35. data/ext/rubysl/openssl/ossl_pkey.c +211 -15
  36. data/ext/rubysl/openssl/ossl_pkey.h +19 -9
  37. data/ext/rubysl/openssl/ossl_pkey_dh.c +180 -47
  38. data/ext/rubysl/openssl/ossl_pkey_dsa.c +184 -47
  39. data/ext/rubysl/openssl/ossl_pkey_ec.c +177 -93
  40. data/ext/rubysl/openssl/ossl_pkey_rsa.c +209 -102
  41. data/ext/rubysl/openssl/ossl_rand.c +15 -15
  42. data/ext/rubysl/openssl/ossl_rand.h +1 -1
  43. data/ext/rubysl/openssl/ossl_ssl.c +939 -192
  44. data/ext/rubysl/openssl/ossl_ssl.h +6 -6
  45. data/ext/rubysl/openssl/ossl_ssl_session.c +78 -62
  46. data/ext/rubysl/openssl/ossl_version.h +2 -2
  47. data/ext/rubysl/openssl/ossl_x509.c +1 -1
  48. data/ext/rubysl/openssl/ossl_x509.h +1 -1
  49. data/ext/rubysl/openssl/ossl_x509attr.c +20 -19
  50. data/ext/rubysl/openssl/ossl_x509cert.c +169 -67
  51. data/ext/rubysl/openssl/ossl_x509crl.c +41 -39
  52. data/ext/rubysl/openssl/ossl_x509ext.c +51 -38
  53. data/ext/rubysl/openssl/ossl_x509name.c +139 -29
  54. data/ext/rubysl/openssl/ossl_x509req.c +42 -40
  55. data/ext/rubysl/openssl/ossl_x509revoked.c +20 -20
  56. data/ext/rubysl/openssl/ossl_x509store.c +99 -47
  57. data/ext/rubysl/openssl/ruby_missing.h +3 -16
  58. data/lib/openssl/bn.rb +19 -19
  59. data/lib/openssl/buffering.rb +222 -14
  60. data/lib/openssl/cipher.rb +20 -20
  61. data/lib/openssl/config.rb +1 -4
  62. data/lib/openssl/digest.rb +47 -19
  63. data/lib/openssl/ssl.rb +197 -1
  64. data/lib/openssl/x509.rb +162 -1
  65. data/lib/rubysl/openssl.rb +4 -8
  66. data/lib/rubysl/openssl/version.rb +1 -1
  67. data/rubysl-openssl.gemspec +1 -2
  68. metadata +16 -34
  69. data/ext/rubysl/openssl/extconf.h +0 -50
  70. data/lib/openssl/net/ftptls.rb +0 -53
  71. data/lib/openssl/net/telnets.rb +0 -251
  72. data/lib/openssl/pkcs7.rb +0 -25
  73. data/lib/openssl/ssl-internal.rb +0 -187
  74. data/lib/openssl/x509-internal.rb +0 -153
data/ext/rubysl/openssl/ossl_engine.h CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * $Id: ossl_engine.h 11708 2007-02-12 23:01:19Z shyouhei $
2
+ * $Id$
3
3
  * 'OpenSSL for Ruby' project
4
4
  * Copyright (C) 2003 Michal Rokos <m.rokos@sh.cvut.cz>
5
5
  * Copyright (C) 2003 GOTOU Yuuzou <gotoyuzo@notwork.org>
data/ext/rubysl/openssl/ossl_hmac.c CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * $Id: ossl_hmac.c 28004 2010-05-24 23:58:49Z shyouhei $
2
+ * $Id$
3
3
  * 'OpenSSL for Ruby' project
4
4
  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5
5
  * All rights reserved.
@@ -13,16 +13,16 @@
13
13
  #include "ossl.h"
14
14
 
15
15
  #define MakeHMAC(obj, klass, ctx) \
16
- obj = Data_Make_Struct(klass, HMAC_CTX, 0, ossl_hmac_free, ctx)
16
+ (obj) = Data_Make_Struct((klass), HMAC_CTX, 0, ossl_hmac_free, (ctx))
17
17
  #define GetHMAC(obj, ctx) do { \
18
- Data_Get_Struct(obj, HMAC_CTX, ctx); \
19
- if (!ctx) { \
18
+ Data_Get_Struct((obj), HMAC_CTX, (ctx)); \
19
+ if (!(ctx)) { \
20
20
  ossl_raise(rb_eRuntimeError, "HMAC wasn't initialized"); \
21
21
  } \
22
22
  } while (0)
23
23
  #define SafeGetHMAC(obj, ctx) do { \
24
- OSSL_Check_Kind(obj, cHMAC); \
25
- GetHMAC(obj, ctx); \
24
+ OSSL_Check_Kind((obj), cHMAC); \
25
+ GetHMAC((obj), (ctx)); \
26
26
  } while (0)
27
27
 
28
28
  /*
@@ -53,7 +53,7 @@ ossl_hmac_alloc(VALUE klass)
53
53
 
54
54
  MakeHMAC(obj, klass, ctx);
55
55
  HMAC_CTX_init(ctx);
56
-
56
+
57
57
  return obj;
58
58
  }
59
59
 
@@ -70,8 +70,8 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
70
70
 
71
71
  StringValue(key);
72
72
  GetHMAC(self, ctx);
73
- HMAC_Init_ex(ctx, RSTRING_PTR(key), RSTRING_LEN(key),
74
- GetDigestPtr(digest), NULL);
73
+ HMAC_Init(ctx, RSTRING_PTR(key), RSTRING_LENINT(key),
74
+ GetDigestPtr(digest));
75
75
 
76
76
  return self;
77
77
  }
@@ -80,7 +80,7 @@ static VALUE
80
80
  ossl_hmac_copy(VALUE self, VALUE other)
81
81
  {
82
82
  HMAC_CTX *ctx1, *ctx2;
83
-
83
+
84
84
  rb_check_frozen(self);
85
85
  if (self == other) return self;
86
86
 
@@ -103,13 +103,13 @@ ossl_hmac_update(VALUE self, VALUE data)
103
103
 
104
104
  StringValue(data);
105
105
  GetHMAC(self, ctx);
106
- HMAC_Update(ctx, RSTRING_PTR(data), RSTRING_LEN(data));
106
+ HMAC_Update(ctx, (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data));
107
107
 
108
108
  return self;
109
109
  }
110
110
 
111
111
  static void
112
- hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len)
112
+ hmac_final(HMAC_CTX *ctx, unsigned char **buf, unsigned int *buf_len)
113
113
  {
114
114
  HMAC_CTX final;
115
115
 
@@ -132,14 +132,14 @@ static VALUE
132
132
  ossl_hmac_digest(VALUE self)
133
133
  {
134
134
  HMAC_CTX *ctx;
135
- char *buf;
136
- int buf_len;
135
+ unsigned char *buf;
136
+ unsigned int buf_len;
137
137
  VALUE digest;
138
-
138
+
139
139
  GetHMAC(self, ctx);
140
140
  hmac_final(ctx, &buf, &buf_len);
141
- digest = ossl_buf2str(buf, buf_len);
142
-
141
+ digest = ossl_buf2str((char *)buf, buf_len);
142
+
143
143
  return digest;
144
144
  }
145
145
 
@@ -152,13 +152,14 @@ static VALUE
152
152
  ossl_hmac_hexdigest(VALUE self)
153
153
  {
154
154
  HMAC_CTX *ctx;
155
- char *buf, *hexbuf;
156
- int buf_len;
155
+ unsigned char *buf;
156
+ char *hexbuf;
157
+ unsigned int buf_len;
157
158
  VALUE hexdigest;
158
-
159
+
159
160
  GetHMAC(self, ctx);
160
161
  hmac_final(ctx, &buf, &buf_len);
161
- if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) {
162
+ if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * (int)buf_len) {
162
163
  OPENSSL_free(buf);
163
164
  ossl_raise(eHMACError, "Memory alloc error");
164
165
  }
@@ -179,7 +180,7 @@ ossl_hmac_reset(VALUE self)
179
180
  HMAC_CTX *ctx;
180
181
 
181
182
  GetHMAC(self, ctx);
182
- HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);
183
+ HMAC_Init(ctx, NULL, 0, NULL);
183
184
 
184
185
  return self;
185
186
  }
@@ -192,15 +193,15 @@ ossl_hmac_reset(VALUE self)
192
193
  static VALUE
193
194
  ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data)
194
195
  {
195
- char *buf;
196
- int buf_len;
197
-
196
+ unsigned char *buf;
197
+ unsigned int buf_len;
198
+
198
199
  StringValue(key);
199
200
  StringValue(data);
200
- buf = HMAC(GetDigestPtr(digest), RSTRING_PTR(key), RSTRING_LEN(key),
201
- RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len);
201
+ buf = HMAC(GetDigestPtr(digest), RSTRING_PTR(key), RSTRING_LENINT(key),
202
+ (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len);
202
203
 
203
- return rb_str_new(buf, buf_len);
204
+ return rb_str_new((const char *)buf, buf_len);
204
205
  }
205
206
 
206
207
  /*
@@ -211,16 +212,17 @@ ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data)
211
212
  static VALUE
212
213
  ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data)
213
214
  {
214
- char *buf, *hexbuf;
215
- int buf_len;
215
+ unsigned char *buf;
216
+ char *hexbuf;
217
+ unsigned int buf_len;
216
218
  VALUE hexdigest;
217
219
 
218
220
  StringValue(key);
219
221
  StringValue(data);
220
-
221
- buf = HMAC(GetDigestPtr(digest), RSTRING_PTR(key), RSTRING_LEN(key),
222
- RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len);
223
- if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) {
222
+
223
+ buf = HMAC(GetDigestPtr(digest), RSTRING_PTR(key), RSTRING_LENINT(key),
224
+ (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len);
225
+ if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * (int)buf_len) {
224
226
  ossl_raise(eHMACError, "Cannot convert buf to hexbuf");
225
227
  }
226
228
  hexdigest = ossl_buf2str(hexbuf, 2 * buf_len);
@@ -234,18 +236,18 @@ ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data)
234
236
  void
235
237
  Init_ossl_hmac()
236
238
  {
237
- #if 0 /* let rdoc know about mOSSL */
238
- mOSSL = rb_define_module("OpenSSL");
239
+ #if 0
240
+ mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
239
241
  #endif
240
242
 
241
243
  eHMACError = rb_define_class_under(mOSSL, "HMACError", eOSSLError);
242
-
244
+
243
245
  cHMAC = rb_define_class_under(mOSSL, "HMAC", rb_cObject);
244
246
 
245
247
  rb_define_alloc_func(cHMAC, ossl_hmac_alloc);
246
248
  rb_define_singleton_method(cHMAC, "digest", ossl_hmac_s_digest, 3);
247
249
  rb_define_singleton_method(cHMAC, "hexdigest", ossl_hmac_s_hexdigest, 3);
248
-
250
+
249
251
  rb_define_method(cHMAC, "initialize", ossl_hmac_initialize, 2);
250
252
  rb_define_copy_func(cHMAC, ossl_hmac_copy);
251
253
 
data/ext/rubysl/openssl/ossl_hmac.h CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * $Id: ossl_hmac.h 11708 2007-02-12 23:01:19Z shyouhei $
2
+ * $Id$
3
3
  * 'OpenSSL for Ruby' project
4
4
  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5
5
  * All rights reserved.
data/ext/rubysl/openssl/ossl_ns_spki.c CHANGED
@@ -11,14 +11,14 @@
11
11
  #include "ossl.h"
12
12
 
13
13
  #define WrapSPKI(klass, obj, spki) do { \
14
- if (!spki) { \
14
+ if (!(spki)) { \
15
15
  ossl_raise(rb_eRuntimeError, "SPKI wasn't initialized!"); \
16
16
  } \
17
- obj = Data_Wrap_Struct(klass, 0, NETSCAPE_SPKI_free, spki); \
17
+ (obj) = Data_Wrap_Struct((klass), 0, NETSCAPE_SPKI_free, (spki)); \
18
18
  } while (0)
19
19
  #define GetSPKI(obj, spki) do { \
20
- Data_Get_Struct(obj, NETSCAPE_SPKI, spki); \
21
- if (!spki) { \
20
+ Data_Get_Struct((obj), NETSCAPE_SPKI, (spki)); \
21
+ if (!(spki)) { \
22
22
  ossl_raise(rb_eRuntimeError, "SPKI wasn't initialized!"); \
23
23
  } \
24
24
  } while (0)
@@ -42,28 +42,35 @@ ossl_spki_alloc(VALUE klass)
42
42
  {
43
43
  NETSCAPE_SPKI *spki;
44
44
  VALUE obj;
45
-
45
+
46
46
  if (!(spki = NETSCAPE_SPKI_new())) {
47
47
  ossl_raise(eSPKIError, NULL);
48
- }
48
+ }
49
49
  WrapSPKI(klass, obj, spki);
50
-
50
+
51
51
  return obj;
52
52
  }
53
53
 
54
+ /*
55
+ * call-seq:
56
+ * SPKI.new([request]) => spki
57
+ *
58
+ * === Parameters
59
+ * * +request+ - optional raw request, either in PEM or DER format.
60
+ */
54
61
  static VALUE
55
62
  ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
56
63
  {
57
64
  NETSCAPE_SPKI *spki;
58
65
  VALUE buffer;
59
66
  const unsigned char *p;
60
-
67
+
61
68
  if (rb_scan_args(argc, argv, "01", &buffer) == 0) {
62
69
  return self;
63
70
  }
64
71
  StringValue(buffer);
65
72
  if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING_PTR(buffer), -1))) {
66
- p = (const unsigned char *)RSTRING_PTR(buffer);
73
+ p = (unsigned char *)RSTRING_PTR(buffer);
67
74
  if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING_LEN(buffer)))) {
68
75
  ossl_raise(eSPKIError, NULL);
69
76
  }
@@ -75,6 +82,12 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
75
82
  return self;
76
83
  }
77
84
 
85
+ /*
86
+ * call-seq:
87
+ * spki.to_der => DER-encoded string
88
+ *
89
+ * Returns the DER encoding of this SPKI.
90
+ */
78
91
  static VALUE
79
92
  ossl_spki_to_der(VALUE self)
80
93
  {
@@ -87,30 +100,43 @@ ossl_spki_to_der(VALUE self)
87
100
  if ((len = i2d_NETSCAPE_SPKI(spki, NULL)) <= 0)
88
101
  ossl_raise(eX509CertError, NULL);
89
102
  str = rb_str_new(0, len);
90
- p = RSTRING_PTR(str);
103
+ p = (unsigned char *)RSTRING_PTR(str);
91
104
  if (i2d_NETSCAPE_SPKI(spki, &p) <= 0)
92
105
  ossl_raise(eX509CertError, NULL);
93
106
  ossl_str_adjust(str, p);
94
-
107
+
95
108
  return str;
96
109
  }
97
110
 
111
+ /*
112
+ * call-seq:
113
+ * spki.to_pem => PEM-encoded string
114
+ *
115
+ * Returns the PEM encoding of this SPKI.
116
+ */
98
117
  static VALUE
99
118
  ossl_spki_to_pem(VALUE self)
100
119
  {
101
120
  NETSCAPE_SPKI *spki;
102
121
  char *data;
103
122
  VALUE str;
104
-
123
+
105
124
  GetSPKI(self, spki);
106
125
  if (!(data = NETSCAPE_SPKI_b64_encode(spki))) {
107
126
  ossl_raise(eSPKIError, NULL);
108
127
  }
109
- str = ossl_buf2str(data, strlen(data));
128
+ str = ossl_buf2str(data, rb_long2int(strlen(data)));
110
129
 
111
130
  return str;
112
131
  }
113
132
 
133
+ /*
134
+ * call-seq:
135
+ * spki.to_text => string
136
+ *
137
+ * Returns a textual representation of this SPKI, useful for debugging
138
+ * purposes.
139
+ */
114
140
  static VALUE
115
141
  ossl_spki_print(VALUE self)
116
142
  {
@@ -118,7 +144,7 @@ ossl_spki_print(VALUE self)
118
144
  BIO *out;
119
145
  BUF_MEM *buf;
120
146
  VALUE str;
121
-
147
+
122
148
  GetSPKI(self, spki);
123
149
  if (!(out = BIO_new(BIO_s_mem()))) {
124
150
  ossl_raise(eSPKIError, NULL);
@@ -130,10 +156,17 @@ ossl_spki_print(VALUE self)
130
156
  BIO_get_mem_ptr(out, &buf);
131
157
  str = rb_str_new(buf->data, buf->length);
132
158
  BIO_free(out);
133
-
159
+
134
160
  return str;
135
161
  }
136
162
 
163
+ /*
164
+ * call-seq:
165
+ * spki.public_key => pkey
166
+ *
167
+ * Returns the public key associated with the SPKI, an instance of
168
+ * OpenSSL::PKey.
169
+ */
137
170
  static VALUE
138
171
  ossl_spki_get_public_key(VALUE self)
139
172
  {
@@ -148,6 +181,17 @@ ossl_spki_get_public_key(VALUE self)
148
181
  return ossl_pkey_new(pkey); /* NO DUP - OK */
149
182
  }
150
183
 
184
+ /*
185
+ * call-seq:
186
+ * spki.public_key = pub => pkey
187
+ *
188
+ * === Parameters
189
+ * * +pub+ - the public key to be set for this instance
190
+ *
191
+ * Sets the public key to be associated with the SPKI, an instance of
192
+ * OpenSSL::PKey. This should be the public key corresponding to the
193
+ * private key used for signing the SPKI.
194
+ */
151
195
  static VALUE
152
196
  ossl_spki_set_public_key(VALUE self, VALUE key)
153
197
  {
@@ -161,6 +205,12 @@ ossl_spki_set_public_key(VALUE self, VALUE key)
161
205
  return key;
162
206
  }
163
207
 
208
+ /*
209
+ * call-seq:
210
+ * spki.challenge => string
211
+ *
212
+ * Returns the challenge string associated with this SPKI.
213
+ */
164
214
  static VALUE
165
215
  ossl_spki_get_challenge(VALUE self)
166
216
  {
@@ -172,10 +222,20 @@ ossl_spki_get_challenge(VALUE self)
172
222
  return rb_str_new(0, 0);
173
223
  }
174
224
 
175
- return rb_str_new(spki->spkac->challenge->data,
225
+ return rb_str_new((const char *)spki->spkac->challenge->data,
176
226
  spki->spkac->challenge->length);
177
227
  }
178
228
 
229
+ /*
230
+ * call-seq:
231
+ * spki.challenge = str => string
232
+ *
233
+ * === Parameters
234
+ * * +str+ - the challenge string to be set for this instance
235
+ *
236
+ * Sets the challenge to be associated with the SPKI. May be used by the
237
+ * server, e.g. to prevent replay.
238
+ */
179
239
  static VALUE
180
240
  ossl_spki_set_challenge(VALUE self, VALUE str)
181
241
  {
@@ -184,13 +244,26 @@ ossl_spki_set_challenge(VALUE self, VALUE str)
184
244
  StringValue(str);
185
245
  GetSPKI(self, spki);
186
246
  if (!ASN1_STRING_set(spki->spkac->challenge, RSTRING_PTR(str),
187
- RSTRING_LEN(str))) {
247
+ RSTRING_LENINT(str))) {
188
248
  ossl_raise(eSPKIError, NULL);
189
249
  }
190
-
250
+
191
251
  return str;
192
252
  }
193
253
 
254
+ /*
255
+ * call-seq:
256
+ * spki.sign(key, digest) => spki
257
+ *
258
+ * === Parameters
259
+ * * +key+ - the private key to be used for signing this instance
260
+ * * +digest+ - the digest to be used for signing this instance
261
+ *
262
+ * To sign an SPKI, the private key corresponding to the public key set
263
+ * for this instance should be used, in addition to a digest algorithm in
264
+ * the form of an OpenSSL::Digest. The private key should be an instance of
265
+ * OpenSSL::PKey.
266
+ */
194
267
  static VALUE
195
268
  ossl_spki_sign(VALUE self, VALUE key, VALUE digest)
196
269
  {
@@ -209,7 +282,14 @@ ossl_spki_sign(VALUE self, VALUE key, VALUE digest)
209
282
  }
210
283
 
211
284
  /*
212
- * Checks that cert signature is made with PRIVversion of this PUBLIC 'key'
285
+ * call-seq:
286
+ * spki.verify(key) => boolean
287
+ *
288
+ * === Parameters
289
+ * * +key+ - the public key to be used for verifying the SPKI signature
290
+ *
291
+ * Returns +true+ if the signature is valid, +false+ otherwise. To verify an
292
+ * SPKI, the public key contained within the SPKI should be used.
213
293
  */
214
294
  static VALUE
215
295
  ossl_spki_verify(VALUE self, VALUE key)
@@ -228,21 +308,73 @@ ossl_spki_verify(VALUE self, VALUE key)
228
308
  return Qnil; /* dummy */
229
309
  }
230
310
 
231
- /*
232
- * NETSCAPE_SPKI init
311
+ /* Document-class: OpenSSL::Netscape::SPKI
312
+ *
313
+ * A Simple Public Key Infrastructure implementation (pronounced "spookey").
314
+ * The structure is defined as
315
+ * PublicKeyAndChallenge ::= SEQUENCE {
316
+ * spki SubjectPublicKeyInfo,
317
+ * challenge IA5STRING
318
+ * }
319
+ *
320
+ * SignedPublicKeyAndChallenge ::= SEQUENCE {
321
+ * publicKeyAndChallenge PublicKeyAndChallenge,
322
+ * signatureAlgorithm AlgorithmIdentifier,
323
+ * signature BIT STRING
324
+ * }
325
+ * where the definitions of SubjectPublicKeyInfo and AlgorithmIdentifier can
326
+ * be found in RFC5280. SPKI is typically used in browsers for generating
327
+ * a public/private key pair and a subsequent certificate request, using
328
+ * the HTML <keygen> element.
329
+ *
330
+ * == Examples
331
+ *
332
+ * === Creating an SPKI
333
+ * key = OpenSSL::PKey::RSA.new 2048
334
+ * spki = OpenSSL::Netscape::SPKI.new
335
+ * spki.challenge = "RandomChallenge"
336
+ * spki.public_key = key.public_key
337
+ * spki.sign(key, OpenSSL::Digest::SHA256.new)
338
+ * #send a request containing this to a server generating a certificate
339
+ * === Verifiying an SPKI request
340
+ * request = #...
341
+ * spki = OpenSSL::Netscape::SPKI.new request
342
+ * unless spki.verify(spki.public_key)
343
+ * # signature is invalid
344
+ * end
345
+ * #proceed
233
346
  */
347
+
348
+ /* Document-module: OpenSSL::Netscape
349
+ *
350
+ * OpenSSL::Netscape is a namespace for SPKI (Simple Public Key
351
+ * Infrastructure) which implements Signed Public Key and Challenge.
352
+ * See {RFC 2692}[http://tools.ietf.org/html/rfc2692] and {RFC
353
+ * 2693}[http://tools.ietf.org/html/rfc2692] for details.
354
+ */
355
+
356
+ /* Document-class: OpenSSL::Netscape::SPKIError
357
+ *
358
+ * Generic Exception class that is raised if an error occurs during an
359
+ * operation on an instance of OpenSSL::Netscape::SPKI.
360
+ */
361
+
234
362
  void
235
363
  Init_ossl_ns_spki()
236
364
  {
365
+ #if 0
366
+ mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
367
+ #endif
368
+
237
369
  mNetscape = rb_define_module_under(mOSSL, "Netscape");
238
-
370
+
239
371
  eSPKIError = rb_define_class_under(mNetscape, "SPKIError", eOSSLError);
240
-
372
+
241
373
  cSPKI = rb_define_class_under(mNetscape, "SPKI", rb_cObject);
242
-
374
+
243
375
  rb_define_alloc_func(cSPKI, ossl_spki_alloc);
244
376
  rb_define_method(cSPKI, "initialize", ossl_spki_initialize, -1);
245
-
377
+
246
378
  rb_define_method(cSPKI, "to_der", ossl_spki_to_der, 0);
247
379
  rb_define_method(cSPKI, "to_pem", ossl_spki_to_pem, 0);
248
380
  rb_define_alias(cSPKI, "to_s", "to_pem");