+++ /dev/null
---- !ruby/object:Gem::Specification
-name: jruby-openssl
-version: !ruby/object:Gem::Version
- prerelease: false
- segments:
- - 0
- - 5
- - 1
- version: 0.5.1
-platform: ruby
-authors:
- - Ola Bini and JRuby contributors
-autorequire:
-bindir: bin
-cert_chain: []
-
-date: 2009-06-15 00:00:00 +02:00
-default_executable:
-dependencies: []
-
-description: = JRuby-OpenSSL
-email: ola.bini@gmail.com
-executables: []
-
-extensions: []
-
-extra_rdoc_files:
- - History.txt
- - README.txt
- - License.txt
-files:
- - History.txt
- - README.txt
- - License.txt
- - lib/jopenssl.jar
- - lib/bcmail-jdk14-139.jar
- - lib/bcprov-jdk14-139.jar
- - lib/openssl.rb
- - lib/jopenssl/version.rb
- - lib/openssl/bn.rb
- - lib/openssl/buffering.rb
- - lib/openssl/cipher.rb
- - lib/openssl/digest.rb
- - lib/openssl/dummy.rb
- - lib/openssl/dummyssl.rb
- - lib/openssl/ssl.rb
- - lib/openssl/x509.rb
- - test/pkcs7_mime_enveloped.message
- - test/pkcs7_mime_signed.message
- - test/pkcs7_multipart_signed.message
- - test/test_cipher.rb
- - test/test_integration.rb
- - test/test_java.rb
- - test/test_java_attribute.rb
- - test/test_java_bio.rb
- - test/test_java_mime.rb
- - test/test_java_pkcs7.rb
- - test/test_java_smime.rb
- - test/test_openssl.rb
- - test/test_openssl_x509.rb
- - test/test_pkey.rb
- - test/ut_eof.rb
- - test/fixture/cacert.pem
- - test/fixture/cert_localhost.pem
- - test/fixture/localhost_keypair.pem
- - test/openssl/ssl_server.rb
- - test/openssl/test_asn1.rb
- - test/openssl/test_cipher.rb
- - test/openssl/test_digest.rb
- - test/openssl/test_hmac.rb
- - test/openssl/test_ns_spki.rb
- - test/openssl/test_pair.rb
- - test/openssl/test_pkcs7.rb
- - test/openssl/test_pkey_rsa.rb
- - test/openssl/test_ssl.rb
- - test/openssl/test_x509cert.rb
- - test/openssl/test_x509crl.rb
- - test/openssl/test_x509ext.rb
- - test/openssl/test_x509name.rb
- - test/openssl/test_x509req.rb
- - test/openssl/test_x509store.rb
- - test/openssl/utils.rb
- - test/ref/a.out
- - test/ref/compile.rb
- - test/ref/pkcs1
- - test/ref/pkcs1.c
-has_rdoc: true
-homepage: http://jruby-extras.rubyforge.org/jruby-openssl
-licenses: []
-
-post_install_message:
-rdoc_options:
- - --main
- - README.txt
-require_paths:
- - lib
-required_ruby_version: !ruby/object:Gem::Requirement
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- segments:
- - 0
- version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- segments:
- - 0
- version: "0"
-requirements: []
-
-rubyforge_project: jruby-extras
-rubygems_version: 1.3.6
-signing_key:
-specification_version: 3
-summary: OpenSSL add-on for JRuby
-test_files:
- - test/test_cipher.rb
- - test/test_integration.rb
- - test/test_java.rb
- - test/test_java_attribute.rb
- - test/test_java_bio.rb
- - test/test_java_mime.rb
- - test/test_java_pkcs7.rb
- - test/test_java_smime.rb
- - test/test_openssl.rb
- - test/test_openssl_x509.rb
- - test/test_pkey.rb
+++ /dev/null
-== 0.5.1
-
-* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100%
-* Fix by Frederic Jean for a character-decoding issue for some certificates
-
-== 0.5
-
-* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
-* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert Validation Error, when there should be no error
-* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
-* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
-* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating digest
-* Misc code cleanup
-
-== 0.2
-
-- Enable remaining tests; fix a nil string issue in SSLSocket.sysread (JRUBY-1888)
-- Fix socket buffering issue by setting socket IO sync = true
-- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
-- Fix AES key length (JRUBY-2187)
-- Fix cipher initialization (JRUBY-1100)
-- Now, only compatible with JRuby 1.1
-
-== 0.1.1
-
-- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)
-
-== 0.1
-
-- PLEASE NOTE: This release is not compatible with JRuby releases earlier than
- 1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
- 0.6 release.
-- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
-- Simultaneous support for JRuby trunk and 1.0 branch
-- Start of support for OpenSSL::BN
-
-== 0.0.5 and prior
-
-- Initial versions with maintenance updates
+++ /dev/null
-JRuby-OpenSSL is distributed under the same license as JRuby (http://www.jruby.org/).
-
-Version: CPL 1.0/GPL 2.0/LGPL 2.1
-
-The contents of this file are subject to the Common Public
-License Version 1.0 (the "License"); you may not use this file
-except in compliance with the License. You may obtain a copy of
-the License at http://www.eclipse.org/legal/cpl-v10.html
-
-Software distributed under the License is distributed on an "AS
-IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-implied. See the License for the specific language governing
-rights and limitations under the License.
-
-Copyright (C) 2007 Ola Bini <ola.bini@gmail.com>
-
-Alternatively, the contents of this file may be used under the terms of
-either of the GNU General Public License Version 2 or later (the "GPL"),
-or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-in which case the provisions of the GPL or the LGPL are applicable instead
-of those above. If you wish to allow use of your version of this file only
-under the terms of either the GPL or the LGPL, and not to allow others to
-use your version of this file under the terms of the CPL, indicate your
-decision by deleting the provisions above and replace them with the notice
-and other provisions required by the GPL or the LGPL. If you do not delete
-the provisions above, a recipient may use your version of this file under
-the terms of any one of the CPL, the GPL or the LGPL.
-
-JRuby-OpenSSL includes software by the Legion of the Bouncy Castle
-(http://bouncycastle.org/license.html).
+++ /dev/null
-= JRuby-OpenSSL
-
-* http://jruby-extras.rubyforge.org/jruby-openssl
-
-== DESCRIPTION:
-
-JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.
-
-JRuby offers *just enough* compatibility for most Ruby applications that use OpenSSL.
-
-Libraries that appear to work fine:
-
- Rails, Net::HTTPS
-
-Notable libraries that do *not* yet work include:
-
- Net::SSH, Net::SFTP, etc.
-
-Please report bugs and incompatibilities (preferably with testcases) to either the JRuby
-mailing list [1] or the JRuby bug tracker [2].
-
-[1]: http://xircles.codehaus.org/projects/jruby/lists
-
-[2]: http://jira.codehaus.org/browse/JRUBY
\ No newline at end of file
+++ /dev/null
-module Jopenssl
- module Version
- VERSION = "0.5.1"
- end
-end
+++ /dev/null
-=begin
-= $RCSfile: openssl.rb,v $ -- Loader for all OpenSSL C-space and Ruby-space definitions
-
-= Info
- 'OpenSSL for Ruby 2' project
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
- All rights reserved.
-
-= Licence
- This program is licenced under the same licence as Ruby.
- (See the file 'LICENCE'.)
-
-= Version
- $Id: openssl.rb,v 1.1 2003/07/23 16:11:29 gotoyuzo Exp $
-=end
-
-require 'jopenssl'
-
-require 'openssl/bn'
-require 'openssl/cipher'
-require 'openssl/digest'
-require 'openssl/ssl'
-require 'openssl/x509'
-
+++ /dev/null
-=begin
-= $RCSfile: bn.rb,v $ -- Ruby-space definitions that completes C-space funcs for BN
-
-= Info
- 'OpenSSL for Ruby 2' project
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
- All rights reserved.
-
-= Licence
- This program is licenced under the same licence as Ruby.
- (See the file 'LICENCE'.)
-
-= Version
- $Id: bn.rb,v 1.1 2003/07/23 16:11:30 gotoyuzo Exp $
-=end
-
-##
-# Should we care what if somebody require this file directly?
-#require 'openssl'
-
-module OpenSSL
- class BN
- include Comparable
- end # BN
-end # OpenSSL
-
-##
-# Add double dispatch to Integer
-#
-class Integer
- def to_bn
- OpenSSL::BN::new(self)
- end
-end # Integer
-
+++ /dev/null
-=begin
-= $RCSfile: buffering.rb,v $ -- Buffering mix-in module.
-
-= Info
- 'OpenSSL for Ruby 2' project
- Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
- All rights reserved.
-
-= Licence
- This program is licenced under the same licence as Ruby.
- (See the file 'LICENCE'.)
-
-= Version
- $Id: buffering.rb,v 1.5.2.4 2005/09/04 22:03:24 gotoyuzo Exp $
-=end
-
-module Buffering
- include Enumerable
- attr_accessor :sync
- BLOCK_SIZE = 1024*16
-
- def initialize(*args)
- @eof = false
- @rbuffer = ""
- @sync = @io.sync
- end
-
- #
- # for reading.
- #
- private
-
- def fill_rbuff
- begin
- @rbuffer << self.sysread(BLOCK_SIZE)
- rescue Errno::EAGAIN
- retry
- rescue EOFError
- @eof = true
- end
- end
-
- def consume_rbuff(size=nil)
- if @rbuffer.empty?
- nil
- else
- size = @rbuffer.size unless size
- ret = @rbuffer[0, size]
- @rbuffer[0, size] = ""
- ret
- end
- end
-
- public
-
- def read(size=nil, buf=nil)
- if size == 0
- if buf
- buf.clear
- else
- buf = ""
- end
- return @eof ? nil : buf
- end
- until @eof
- break if size && size <= @rbuffer.size
- fill_rbuff
- end
- ret = consume_rbuff(size) || ""
- if buf
- buf.replace(ret)
- ret = buf
- end
- (size && ret.empty?) ? nil : ret
- end
-
- def readpartial(maxlen, buf=nil)
- if maxlen == 0
- if buf
- buf.clear
- else
- buf = ""
- end
- return @eof ? nil : buf
- end
- if @rbuffer.empty?
- begin
- return sysread(maxlen, buf)
- rescue Errno::EAGAIN
- retry
- end
- end
- ret = consume_rbuff(maxlen)
- if buf
- buf.replace(ret)
- ret = buf
- end
- raise EOFError if ret.empty?
- ret
- end
-
- def gets(eol=$/)
- idx = @rbuffer.index(eol)
- until @eof
- break if idx
- fill_rbuff
- idx = @rbuffer.index(eol)
- end
- if eol.is_a?(Regexp)
- size = idx ? idx+$&.size : nil
- else
- size = idx ? idx+eol.size : nil
- end
- consume_rbuff(size)
- end
-
- def each(eol=$/)
- while line = self.gets(eol)
- yield line
- end
- end
- alias each_line each
-
- def readlines(eol=$/)
- ary = []
- while line = self.gets(eol)
- ary << line
- end
- ary
- end
-
- def readline(eol=$/)
- raise EOFError if eof?
- gets(eol)
- end
-
- def getc
- c = read(1)
- c ? c[0] : nil
- end
-
- def each_byte
- while c = getc
- yield(c)
- end
- end
-
- def readchar
- raise EOFError if eof?
- getc
- end
-
- def ungetc(c)
- @rbuffer[0,0] = c.chr
- end
-
- def eof?
- fill_rbuff if !@eof && @rbuffer.empty?
- @eof && @rbuffer.empty?
- end
- alias eof eof?
-
- #
- # for writing.
- #
- private
-
- def do_write(s)
- @wbuffer = "" unless defined? @wbuffer
- @wbuffer << s
- @sync ||= false
- if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
- remain = idx ? idx + $/.size : @wbuffer.length
- nwritten = 0
- while remain > 0
- str = @wbuffer[nwritten,remain]
- begin
- nwrote = syswrite(str)
- rescue Errno::EAGAIN
- retry
- end
- remain -= nwrote
- nwritten += nwrote
- end
- @wbuffer[0,nwritten] = ""
- end
- end
-
- public
-
- def write(s)
- do_write(s)
- s.length
- end
-
- def << (s)
- do_write(s)
- self
- end
-
- def puts(*args)
- s = ""
- if args.empty?
- s << "\n"
- end
- args.each{|arg|
- s << arg.to_s
- if $/ && /\n\z/ !~ s
- s << "\n"
- end
- }
- do_write(s)
- nil
- end
-
- def print(*args)
- s = ""
- args.each{ |arg| s << arg.to_s }
- do_write(s)
- nil
- end
-
- def printf(s, *args)
- do_write(s % args)
- nil
- end
-
- def flush
- osync = @sync
- @sync = true
- do_write ""
- @sync = osync
- end
-
- def close
- flush rescue nil
- sysclose
- end
-end
+++ /dev/null
-=begin
-= $RCSfile: cipher.rb,v $ -- Ruby-space predefined Cipher subclasses
-
-= Info
- 'OpenSSL for Ruby 2' project
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
- All rights reserved.
-
-= Licence
- This program is licenced under the same licence as Ruby.
- (See the file 'LICENCE'.)
-
-= Version
- $Id: cipher.rb,v 1.1.2.2 2006/06/20 11:18:15 gotoyuzo Exp $
-=end
-
-##
-# Should we care what if somebody require this file directly?
-#require 'openssl'
-
-module OpenSSL
- module Cipher
- %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
- klass = Class.new(Cipher){
- define_method(:initialize){|*args|
- cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
- super(cipher_name)
- }
- }
- const_set(name, klass)
- }
-
- %w(128 192 256).each{|keylen|
- klass = Class.new(Cipher){
- define_method(:initialize){|mode|
- mode ||= "CBC"
- cipher_name = "AES-#{keylen}-#{mode}"
- super(cipher_name)
- }
- }
- const_set("AES#{keylen}", klass)
- }
-
- class Cipher
- def random_key
- str = OpenSSL::Random.random_bytes(self.key_len)
- self.key = str
- return str
- end
-
- def random_iv
- str = OpenSSL::Random.random_bytes(self.iv_len)
- self.iv = str
- return str
- end
- end
- end # Cipher
-end # OpenSSL
+++ /dev/null
-=begin
-= $RCSfile: digest.rb,v $ -- Ruby-space predefined Digest subclasses
-
-= Info
- 'OpenSSL for Ruby 2' project
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
- All rights reserved.
-
-= Licence
- This program is licenced under the same licence as Ruby.
- (See the file 'LICENCE'.)
-
-= Version
- $Id: digest.rb,v 1.1.2.2 2006/06/20 11:18:15 gotoyuzo Exp $
-=end
-
-##
-# Should we care what if somebody require this file directly?
-#require 'openssl'
-
-module OpenSSL
- module Digest
-
- alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
- if OPENSSL_VERSION_NUMBER > 0x00908000
- alg += %w(SHA224 SHA256 SHA384 SHA512)
- end
- alg.each{|name|
- klass = Class.new(Digest){
- define_method(:initialize){|*data|
- if data.length > 1
- raise ArgumentError,
- "wrong number of arguments (#{data.length} for 1)"
- end
- super(name, data.first)
- }
- }
- singleton = (class <<klass; self; end)
- singleton.class_eval{
- define_method(:digest){|data| Digest.digest(name, data) }
- define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
- }
- const_set(name, klass)
- }
-
- end # Digest
-end # OpenSSL
-
+++ /dev/null
-warn "Warning: OpenSSL ASN1/PKey/X509/Netscape/PKCS7 implementation unavailable"
-warn "You need to download or install BouncyCastle jars (bc-prov-*.jar, bc-mail-*.jar)"
-warn "to fix this."
-module OpenSSL
- module ASN1
- class ASN1Error < OpenSSLError; end
- class ASN1Data; end
- class Primitive; end
- class Constructive; end
- end
- module PKey
- class PKeyError < OpenSSLError; end
- class PKey; def initialize(*args); end; end
- class RSA < PKey; end
- class DSA < PKey; end
- class DH < PKey; end
- end
- module X509
- class Name; end
- class Certificate; end
- class Extension; end
- class CRL; end
- class Revoked; end
- class Store; end
- class Request; end
- class Attribute; end
- end
- module Netscape
- class SPKI; end
- end
- module PKCS7
- class PKCS7; end
- end
-end
\ No newline at end of file
+++ /dev/null
-warn "Warning: OpenSSL SSL implementation unavailable"
-warn "You must run on JDK 1.5 (Java 5) or higher to use SSL"
-module OpenSSL
- module SSL
- class SSLError < OpenSSLError; end
- class SSLContext; end
- class SSLSocket; end
- VERIFY_NONE = 0
- VERIFY_PEER = 1
- VERIFY_FAIL_IF_NO_PEER_CERT = 2
- VERIFY_CLIENT_ONCE = 4
- end
-end
\ No newline at end of file
+++ /dev/null
-=begin
-= $RCSfile: ssl.rb,v $ -- Ruby-space definitions that completes C-space funcs for SSL
-
-= Info
- 'OpenSSL for Ruby 2' project
- Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
- All rights reserved.
-
-= Licence
- This program is licenced under the same licence as Ruby.
- (See the file 'LICENCE'.)
-
-= Version
- $Id: ssl.rb,v 1.5.2.6 2006/05/23 18:14:05 gotoyuzo Exp $
-=end
-
-require "openssl"
-require "openssl/buffering"
-require "fcntl"
-
-module OpenSSL
- module SSL
- module SocketForwarder
- def addr
- to_io.addr
- end
-
- def peeraddr
- to_io.peeraddr
- end
-
- def setsockopt(level, optname, optval)
- to_io.setsockopt(level, optname, optval)
- end
-
- def getsockopt(level, optname)
- to_io.getsockopt(level, optname)
- end
-
- def fcntl(*args)
- to_io.fcntl(*args)
- end
-
- def closed?
- to_io.closed?
- end
-
- def do_not_reverse_lookup=(flag)
- to_io.do_not_reverse_lookup = flag
- end
- end
-
- module Nonblock
- def initialize(*args)
- flag = File::NONBLOCK
- flag |= @io.fcntl(Fcntl::F_GETFL, nil) if defined?(Fcntl::F_GETFL)
- @io.fcntl(Fcntl::F_SETFL, flag)
- super
- end
- end
-
- class SSLSocket
- include Buffering
- include SocketForwarder
- include Nonblock
-
- def post_connection_check(hostname)
- check_common_name = true
- cert = peer_cert
- cert.extensions.each{|ext|
- next if ext.oid != "subjectAltName"
- ext.value.split(/,\s+/).each{|general_name|
- if /\ADNS:(.*)/ =~ general_name
- check_common_name = false
- reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
- return true if /\A#{reg}\z/i =~ hostname
- elsif /\AIP Address:(.*)/ =~ general_name
- check_common_name = false
- return true if $1 == hostname
- end
- }
- }
- if check_common_name
- cert.subject.to_a.each{|oid, value|
- if oid == "CN"
- reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
- return true if /\A#{reg}\z/i =~ hostname
- end
- }
- end
- raise SSLError, "hostname not match"
- end
- end
-
- class SSLServer
- include SocketForwarder
- attr_accessor :start_immediately
-
- def initialize(svr, ctx)
- @svr = svr
- @ctx = ctx
- unless ctx.session_id_context
- session_id = OpenSSL::Digest::MD5.hexdigest($0)
- @ctx.session_id_context = session_id
- end
- @start_immediately = true
- end
-
- def to_io
- @svr
- end
-
- def listen(backlog=5)
- @svr.listen(backlog)
- end
-
- def accept
- sock = @svr.accept
- begin
- ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
- ssl.sync_close = true
- ssl.accept if @start_immediately
- ssl
- rescue SSLError => ex
- sock.close
- raise ex
- end
- end
-
- def close
- @svr.close
- end
- end
- end
-end
+++ /dev/null
-=begin
-= $RCSfile: x509.rb,v $ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
-
-= Info
- 'OpenSSL for Ruby 2' project
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
- All rights reserved.
-
-= Licence
- This program is licenced under the same licence as Ruby.
- (See the file 'LICENCE'.)
-
-= Version
- $Id: x509.rb,v 1.4.2.2 2004/12/19 08:28:33 gotoyuzo Exp $
-=end
-
-require "openssl"
-
-module OpenSSL
- module X509
- class ExtensionFactory
- def create_extension(*arg)
- if arg.size > 1
- create_ext(*arg)
- else
- send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
- end
- end
-
- def create_ext_from_array(ary)
- raise ExtensionError, "unexpected array form" if ary.size > 3
- create_ext(ary[0], ary[1], ary[2])
- end
-
- def create_ext_from_string(str) # "oid = critical, value"
- oid, value = str.split(/=/, 2)
- oid.strip!
- value.strip!
- create_ext(oid, value)
- end
-
- def create_ext_from_hash(hash)
- create_ext(hash["oid"], hash["value"], hash["critical"])
- end
- end
-
- class Extension
- def to_s # "oid = critical, value"
- str = self.oid
- str << " = "
- str << "critical, " if self.critical?
- str << self.value.gsub(/\n/, ", ")
- end
-
- def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
- {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
- end
-
- def to_a
- [ self.oid, self.value, self.critical? ]
- end
- end
-
- class Name
- module RFC2253DN
- Special = ',=+<>#;'
- HexChar = /[0-9a-fA-F]/
- HexPair = /#{HexChar}#{HexChar}/
- HexString = /#{HexPair}+/
- Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
- StringChar = /[^#{Special}\\"]/
- QuoteChar = /[^\\"]/
- AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
- AttributeValue = /
- (?!["#])((?:#{StringChar}|#{Pair})*)|
- \#(#{HexString})|
- "((?:#{QuoteChar}|#{Pair})*)"
- /x
- TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
-
- module_function
-
- def expand_pair(str)
- return nil unless str
- return str.gsub(Pair){|pair|
- case pair.size
- when 2 then pair[1,1]
- when 3 then Integer("0x#{pair[1,2]}").chr
- else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
- end
- }
- end
-
- def expand_hexstring(str)
- return nil unless str
- der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
- a1 = OpenSSL::ASN1.decode(der)
- return a1.value, a1.tag
- end
-
- def expand_value(str1, str2, str3)
- value = expand_pair(str1)
- value, tag = expand_hexstring(str2) unless value
- value = expand_pair(str3) unless value
- return value, tag
- end
-
- def scan(dn)
- str = dn
- ary = []
- while true
- if md = TypeAndValue.match(str)
- matched = md.to_s
- remain = md.post_match
- type = md[1]
- value, tag = expand_value(md[2], md[3], md[4]) rescue nil
- if value
- type_and_value = [type, value]
- type_and_value.push(tag) if tag
- ary.unshift(type_and_value)
- if remain.length > 2 && remain[0] == ?,
- str = remain[1..-1]
- next
- elsif remain.length > 2 && remain[0] == ?+
- raise OpenSSL::X509::NameError,
- "multi-valued RDN is not supported: #{dn}"
- elsif remain.empty?
- break
- end
- end
- end
- msg_dn = dn[0, dn.length - str.length] + " =>" + str
- raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
- end
- return ary
- end
- end
-
- class <<self
- def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
- ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
- self.new(ary, template)
- end
-
- def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
- ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
- self.new(ary, template)
- end
-
- alias parse parse_openssl
- end
- end
- end
-end
--- /dev/null
+--- !ruby/object:Gem::Specification
+name: jruby-openssl
+version: !ruby/object:Gem::Version
+ version: 0.7.4
+platform: ruby
+authors:
+- Ola Bini and JRuby contributors
+autorequire:
+bindir: bin
+cert_chain: []
+
+date: 2011-04-27 00:00:00 +02:00
+default_executable:
+dependencies:
+- !ruby/object:Gem::Dependency
+ name: bouncy-castle-java
+ type: :runtime
+ version_requirement:
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: "0"
+ version:
+description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.
+email: ola.bini@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files:
+- History.txt
+- Manifest.txt
+- README.txt
+- License.txt
+files:
+- Rakefile
+- History.txt
+- Manifest.txt
+- README.txt
+- License.txt
+- lib/jopenssl.jar
+- lib/openssl.rb
+- lib/openssl/dummy.rb
+- lib/openssl/dummyssl.rb
+- lib/openssl/config.rb
+- lib/openssl/cipher.rb
+- lib/openssl/ssl.rb
+- lib/openssl/bn.rb
+- lib/openssl/x509.rb
+- lib/openssl/digest.rb
+- lib/openssl/buffering.rb
+- lib/openssl/pkcs7.rb
+- lib/jopenssl/version.rb
+- test/test_imaps.rb
+- test/test_all.rb
+- test/test_integration.rb
+- test/ut_eof.rb
+- test/test_java.rb
+- test/test_openssl.rb
+- test/test_pkey.rb
+- test/test_cipher.rb
+- test/cert_with_ec_pk.cer
+- test/test_pkcs7.rb
+- test/test_x509store.rb
+- test/test_certificate.rb
+- test/test_parse_certificate.rb
+- test/test_ssl.rb
+- test/openssl/test_x509name.rb
+- test/openssl/test_ns_spki.rb
+- test/openssl/test_x509cert.rb
+- test/openssl/ssl_server.rb
+- test/openssl/test_pair.rb
+- test/openssl/test_ec.rb
+- test/openssl/test_config.rb
+- test/openssl/utils.rb
+- test/openssl/test_x509req.rb
+- test/openssl/test_cipher.rb
+- test/openssl/test_digest.rb
+- test/openssl/test_x509ext.rb
+- test/openssl/test_asn1.rb
+- test/openssl/test_pkcs7.rb
+- test/openssl/test_x509store.rb
+- test/openssl/test_pkey_rsa.rb
+- test/openssl/test_ssl.rb
+- test/openssl/test_x509crl.rb
+- test/openssl/test_hmac.rb
+- test/ref/compile.rb
+- test/ref/a.out
+- test/ref/pkcs1
+- test/ref/pkcs1.c
+- test/fixture/cacert.pem
+- test/fixture/ca-bundle.crt
+- test/fixture/common.pem
+- test/fixture/key_then_cert.pem
+- test/fixture/verisign.pem
+- test/fixture/cert_localhost.pem
+- test/fixture/localhost_keypair.pem
+- test/fixture/verisign_c3.pem
+- test/fixture/selfcert.pem
+- test/fixture/max.pem
+- test/fixture/keypair.pem
+- test/fixture/purpose/cacert.pem
+- test/fixture/purpose/b70a5bc1.0
+- test/fixture/purpose/sslclient.pem
+- test/fixture/purpose/sslserver.pem
+- test/fixture/purpose/sslclient/sslclient.pem
+- test/fixture/purpose/sslclient/csr.pem
+- test/fixture/purpose/sslclient/keypair.pem
+- test/fixture/purpose/ca/cacert.pem
+- test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234
+- test/fixture/purpose/ca/ca_config.rb
+- test/fixture/purpose/ca/serial
+- test/fixture/purpose/ca/newcerts/2_cert.pem
+- test/fixture/purpose/ca/newcerts/3_cert.pem
+- test/fixture/purpose/ca/private/cakeypair.pem
+- test/fixture/purpose/scripts/gen_cert.rb
+- test/fixture/purpose/scripts/init_ca.rb
+- test/fixture/purpose/scripts/gen_csr.rb
+- test/fixture/purpose/sslserver/sslserver.pem
+- test/fixture/purpose/sslserver/csr.pem
+- test/fixture/purpose/sslserver/keypair.pem
+- test/fixture/imaps/cacert.pem
+- test/fixture/imaps/server.crt
+- test/fixture/imaps/server.key
+- test/fixture/ca_path/verisign.pem
+- test/fixture/ca_path/72fa7371.0
+- test/java/pkcs7_mime_enveloped.message
+- test/java/pkcs7_mime_signed.message
+- test/java/test_java_pkcs7.rb
+- test/java/test_java_bio.rb
+- test/java/pkcs7_multipart_signed.message
+- test/java/test_java_mime.rb
+- test/java/test_java_attribute.rb
+- test/java/test_java_smime.rb
+has_rdoc: true
+homepage: http://jruby-extras.rubyforge.org/jruby-openssl
+licenses: []
+
+post_install_message:
+rdoc_options:
+- --main
+- README.txt
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: "0"
+ version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: "0"
+ version:
+requirements: []
+
+rubyforge_project: jruby-extras
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: OpenSSL add-on for JRuby
+test_files:
+- test/test_all.rb
--- /dev/null
+== 0.7.4
+
+- JRUBY-5519: Avoid String encoding dependency in DER loading. PEM loading failed on JRuby 1.6.x. Fixed.
+- JRUBY-5510: Add debug information to released jar
+- JRUBY-5478: Update bouncycastle jars to the latest version. (1.46)
+
+== 0.7.3
+
+- JRUBY-5200: Net::IMAP + SSL(imaps) login could hang. Fixed.
+- JRUBY-5253: Allow to load the certificate file which includes private
+ key for activemarchant compatibility.
+- JRUBY-5267: Added SSL socket error-checks to avoid busy loop under an
+ unknown condition.
+- JRUBY-5316: Improvements for J9's IBMJCE support. Now all testcases
+ pass on J9 JDK 6.
+
+== 0.7.2
+
+- JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream
+ cipher (Net::SSH compatibility)
+- JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH
+ compatibility)
+- JRUBY-5096: Fixed inconsistent Certificate verification behavior
+- JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects
+- JRUBY-5059: SSLSocket ignores Timeout (Fixed)
+- JRUBY-4965: implemented OpenSSL::Config
+- JRUBY-5023: make Certificate#signature_algorithm return correct algo
+ name; "sha1WithRSAEncryption" instead of "SHA1"
+- JRUBY-5024: let HMAC.new accept a String as a digest name
+- JRUBY-5018: SSLSocket holds selectors, keys, preventing quick
+ cleanup of resources when dereferenced
+
+== 0.7.1
+
+- NOTE: Now BouncyCastle jars has moved out to its own gem
+ "bouncy-castle-java" (http://rubygems.org/gems/bouncy-castle-java).
+ You don't need to care about it because "jruby-openssl" gem depends
+ on it from now on.
+
+=== SSL bugfix
+
+- JRUBY-4826 net/https client possibly raises "rbuf_fill': End of file
+ reached (EOFError)" for HTTP chunked read.
+
+=== Misc
+
+- JRUBY-4900: Set proper String to OpenSSL::OPENSSL_VERSION. Make sure
+ it's not an OpenSSL artifact: "OpenSSL 0.9.8b 04 May 2006
+ (JRuby-OpenSSL fake)" -> "jruby-ossl 0.7.1"
+- JRUBY-4975: Moving BouncyCastle jars out to its own gem.
+
+== 0.7
+
+- Follow MRI 1.8.7 openssl API changes
+- Fixes so that jruby-openssl can run on appengine
+- Many bug and compatibility fixes, see below.
+- This is the last release that will be compatible with JRuby 1.4.x.
+- Compatibility issues
+-- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7.
+-- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7.
+-- JRUBY-4444: OpenSSL crash running RubyGems tests
+-- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message available"
+-- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris
+-- JRUBY-4541: jruby-openssl doesn't load on App Engine.
+-- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris
+-- JRUBY-4535: Issues with the BouncyCastle provider
+-- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov
+-- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 -> jdk15-144
+- Cipher issues
+-- JRUBY-4012: Initialization vector length handled differently than in MRI (longer IV sequence are trimmed to fit the required)
+-- JRUBY-4473: Implemented DSA key generation
+-- JRUBY-4472: Cipher does not support RC4 and CAST
+-- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or 168' for DES3 + SunJCE
+- SSL and X.509(PKIX) issues
+-- JRUBY-4384: TCP socket connection causes busy loop of SSL server
+-- JRUBY-4370: Implement SSLContext#ciphers
+-- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT'
+-- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented
+-- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca
+-- JRUBY-4684: SSLContext#verify_depth is ignored
+-- JRUBY-4398: SSLContext#options does not affect to SSL sessions
+-- JRUBY-4360: Implement SSLSocket#verify_result and dependents
+-- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating (ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when returning SOAP queries over a certain size)
+-- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel close
+-- JRUBY-4369: X509Store#verify_callback is not called
+-- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes certificates which have the same subject (problem with ruby-openid-apps-discovery (github jruby-openssl issue #2))
+-- JRUBY-4333: PKCS#8 formatted privkey read
+-- JRUBY-4454: Loading Key file as a Certificate causes NPE
+-- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized from PEM causes IllegalStateException
+- PKCS#7 issues
+-- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm
+-- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake test doesn't finish on JDK5 w/o policy files update)
+- Misc
+-- JRUBY-4574: jruby-openssl deprecation warning cleanup
+-- JRUBY-4591: jruby-1.4 support
+
+== 0.6
+
+- This is a recommended upgrade to jruby-openssl. A security problem
+ involving peer certificate verification was found where failed
+ verification silently did nothing, making affected applications
+ vulnerable to attackers. Attackers could lead a client application
+ to believe that a secure connection to a rogue SSL server is
+ legitimate. Attackers could also penetrate client-validated SSL
+ server applications with a dummy certificate. Your application would
+ be vulnerable if you're using the 'net/https' library with
+ OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl
+ prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the
+ problem and providing the fix. See
+ http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html
+ for details.
+- This release addresses CVE-2009-4123 which was reserved for the
+ above vulnerability.
+- Many fixes from NaHi, including issues related to certificate
+ verification and certificate store purpose verification.
+ - implement OpenSSL::X509::Store#set_default_paths
+ - MRI compat. fix: OpenSSL::X509::Store#add_file
+ - Fix nsCertType handling.
+ - Fix Cipher#key_len for DES-EDE3: 16 should be 24.
+ - Modified test expectations around Cipher#final.
+- Public keys are lazily instantiated when the
+ X509::Certificate#public_key method is called (Dave Garcia)
+
+== 0.5.2
+
+* Multiple bugs fixed:
+** JRUBY-3895 Could not verify server signature with net-ssh against Cygwin
+** JRUBY-3864 jruby-openssl depends on Base64Coder from JvYAMLb
+** JRUBY-3790 JRuby-OpenSSL test_post_connection_check is not passing
+** JRUBY-3767 OpenSSL ssl implementation doesn't support client auth
+** JRUBY-3673 jRuby-OpenSSL does not properly load certificate authority file
+
+== 0.5.1
+
+* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100%
+* Fix by Frederic Jean for a character-decoding issue for some certificates
+
+== 0.5
+
+* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
+* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert Validation Error, when there should be no error
+* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
+* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
+* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating digest
+* Misc code cleanup
+
+== 0.2
+
+- Enable remaining tests; fix a nil string issue in SSLSocket.sysread (JRUBY-1888)
+- Fix socket buffering issue by setting socket IO sync = true
+- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
+- Fix AES key length (JRUBY-2187)
+- Fix cipher initialization (JRUBY-1100)
+- Now, only compatible with JRuby 1.1
+
+== 0.1.1
+
+- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)
+
+== 0.1
+
+- PLEASE NOTE: This release is not compatible with JRuby releases earlier than
+ 1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
+ 0.6 release.
+- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
+- Simultaneous support for JRuby trunk and 1.0 branch
+- Start of support for OpenSSL::BN
+
+== 0.0.5 and prior
+
+- Initial versions with maintenance updates
--- /dev/null
+JRuby-OpenSSL is distributed under the same license as JRuby (http://www.jruby.org/).
+
+Version: CPL 1.0/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Common Public
+License Version 1.0 (the "License"); you may not use this file
+except in compliance with the License. You may obtain a copy of
+the License at http://www.eclipse.org/legal/cpl-v10.html
+
+Software distributed under the License is distributed on an "AS
+IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+implied. See the License for the specific language governing
+rights and limitations under the License.
+
+Copyright (C) 2007 Ola Bini <ola.bini@gmail.com>
+
+Alternatively, the contents of this file may be used under the terms of
+either of the GNU General Public License Version 2 or later (the "GPL"),
+or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the CPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the CPL, the GPL or the LGPL.
+
+JRuby-OpenSSL includes software by the Legion of the Bouncy Castle
+(http://bouncycastle.org/license.html).
--- /dev/null
+Rakefile
+History.txt
+Manifest.txt
+README.txt
+License.txt
+lib/jopenssl.jar
+lib/openssl
+lib/jopenssl
+lib/jopenssl.jar
+lib/openssl.rb
+lib/openssl/dummy.rb
+lib/openssl/dummyssl.rb
+lib/openssl/config.rb
+lib/openssl/cipher.rb
+lib/openssl/ssl.rb
+lib/openssl/bn.rb
+lib/openssl/x509.rb
+lib/openssl/digest.rb
+lib/openssl/buffering.rb
+lib/openssl/pkcs7.rb
+lib/jopenssl/version.rb
+test/test_imaps.rb
+test/test_all.rb
+test/test_integration.rb
+test/ut_eof.rb
+test/openssl
+test/test_java.rb
+test/test_openssl.rb
+test/test_pkey.rb
+test/ref
+test/test_cipher.rb
+test/cert_with_ec_pk.cer
+test/fixture
+test/test_pkcs7.rb
+test/test_x509store.rb
+test/test_certificate.rb
+test/test_parse_certificate.rb
+test/test_ssl.rb
+test/java
+test/openssl/test_x509name.rb
+test/openssl/test_ns_spki.rb
+test/openssl/test_x509cert.rb
+test/openssl/ssl_server.rb
+test/openssl/test_pair.rb
+test/openssl/test_ec.rb
+test/openssl/test_config.rb
+test/openssl/utils.rb
+test/openssl/test_x509req.rb
+test/openssl/test_cipher.rb
+test/openssl/test_digest.rb
+test/openssl/test_x509ext.rb
+test/openssl/test_asn1.rb
+test/openssl/test_pkcs7.rb
+test/openssl/test_x509store.rb
+test/openssl/test_pkey_rsa.rb
+test/openssl/test_ssl.rb
+test/openssl/test_x509crl.rb
+test/openssl/test_hmac.rb
+test/ref/compile.rb
+test/ref/a.out
+test/ref/pkcs1
+test/ref/pkcs1.c
+test/fixture/cacert.pem
+test/fixture/ca-bundle.crt
+test/fixture/common.pem
+test/fixture/key_then_cert.pem
+test/fixture/verisign.pem
+test/fixture/cert_localhost.pem
+test/fixture/localhost_keypair.pem
+test/fixture/verisign_c3.pem
+test/fixture/selfcert.pem
+test/fixture/max.pem
+test/fixture/keypair.pem
+test/fixture/purpose
+test/fixture/imaps
+test/fixture/ca_path
+test/fixture/purpose/cacert.pem
+test/fixture/purpose/sslclient
+test/fixture/purpose/b70a5bc1.0
+test/fixture/purpose/ca
+test/fixture/purpose/sslclient.pem
+test/fixture/purpose/sslserver.pem
+test/fixture/purpose/scripts
+test/fixture/purpose/sslserver
+test/fixture/purpose/sslclient/sslclient.pem
+test/fixture/purpose/sslclient/csr.pem
+test/fixture/purpose/sslclient/keypair.pem
+test/fixture/purpose/ca/cacert.pem
+test/fixture/purpose/ca/newcerts
+test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234
+test/fixture/purpose/ca/ca_config.rb
+test/fixture/purpose/ca/serial
+test/fixture/purpose/ca/private
+test/fixture/purpose/ca/newcerts/2_cert.pem
+test/fixture/purpose/ca/newcerts/3_cert.pem
+test/fixture/purpose/ca/private/cakeypair.pem
+test/fixture/purpose/scripts/gen_cert.rb
+test/fixture/purpose/scripts/init_ca.rb
+test/fixture/purpose/scripts/gen_csr.rb
+test/fixture/purpose/sslserver/sslserver.pem
+test/fixture/purpose/sslserver/csr.pem
+test/fixture/purpose/sslserver/keypair.pem
+test/fixture/imaps/cacert.pem
+test/fixture/imaps/server.crt
+test/fixture/imaps/server.key
+test/fixture/ca_path/verisign.pem
+test/fixture/ca_path/72fa7371.0
+test/java/pkcs7_mime_enveloped.message
+test/java/pkcs7_mime_signed.message
+test/java/test_java_pkcs7.rb
+test/java/test_java_bio.rb
+test/java/pkcs7_multipart_signed.message
+test/java/test_java_mime.rb
+test/java/test_java_attribute.rb
+test/java/test_java_smime.rb
--- /dev/null
+= JRuby-OpenSSL
+
+* http://jruby-extras.rubyforge.org/jruby-openssl
+
+== DESCRIPTION:
+
+JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.
+
+Please report bugs and incompatibilities (preferably with testcases) to either the JRuby
+mailing list [1] or the JRuby bug tracker [2].
+
+[1]: http://xircles.codehaus.org/projects/jruby/lists
+[2]: http://jira.codehaus.org/browse/JRUBY
--- /dev/null
+require 'rake'
+require 'rake/testtask'
+
+MANIFEST = FileList["Rakefile", "History.txt", "Manifest.txt", "README.txt", "License.txt", "lib/jopenssl.jar", "lib/**/*", "test/**/*"]
+BC_JARS = FileList["build_lib/bc*.jar"]
+
+task :default => [:java_compile, :test]
+
+def java_classpath_arg # myriad of ways to discover JRuby classpath
+ begin
+ cpath = Java::java.lang.System.getProperty('java.class.path').split(File::PATH_SEPARATOR)
+ cpath += Java::java.lang.System.getProperty('sun.boot.class.path').split(File::PATH_SEPARATOR)
+ jruby_cpath = cpath.compact.join(File::PATH_SEPARATOR)
+ rescue => e
+ end
+ unless jruby_cpath
+ jruby_cpath = ENV['JRUBY_PARENT_CLASSPATH'] || ENV['JRUBY_HOME'] &&
+ FileList["#{ENV['JRUBY_HOME']}/lib/*.jar"].join(File::PATH_SEPARATOR)
+ end
+ bc_jars = BC_JARS.join(File::PATH_SEPARATOR)
+ jruby_cpath ? "-cp \"#{jruby_cpath.gsub('\\', '/')}#{File::PATH_SEPARATOR}#{bc_jars}\"" : "-cp \"#{bc_jars}\""
+end
+
+desc "Compile the native Java code."
+task :java_compile do
+ mkdir_p "pkg/classes"
+
+ File.open("pkg/compile_options", "w") do |f|
+ f << "-g -target 1.5 -source 1.5 -Xlint:unchecked -Xlint:deprecation -d pkg/classes"
+ end
+
+ File.open("pkg/compile_classpath", "w") do |f|
+ f << java_classpath_arg
+ end
+
+ File.open("pkg/compile_sourcefiles", "w") do |f|
+ f << FileList['src/java/**/*.java'].join(' ')
+ end
+
+ sh "javac @pkg/compile_options @pkg/compile_classpath @pkg/compile_sourcefiles"
+ sh "jar cf lib/jopenssl.jar -C pkg/classes/ ."
+end
+file "lib/jopenssl.jar" => :java_compile
+
+task :more_clean do
+ rm_f FileList['lib/jopenssl.jar']
+end
+task :clean => :more_clean
+
+File.open("Manifest.txt", "w") {|f| MANIFEST.each {|n| f.puts n } }
+
+begin
+ require 'hoe'
+ Hoe.plugin :gemcutter
+ Hoe.add_include_dirs('build_lib')
+ hoe = Hoe.spec("jruby-openssl") do |p|
+ load File.dirname(__FILE__) + "/lib/jopenssl/version.rb"
+ p.version = Jopenssl::Version::VERSION
+ p.rubyforge_name = "jruby-extras"
+ p.url = "http://jruby-extras.rubyforge.org/jruby-openssl"
+ p.author = "Ola Bini and JRuby contributors"
+ p.email = "ola.bini@gmail.com"
+ p.summary = "OpenSSL add-on for JRuby"
+ p.changes = p.paragraphs_of('History.txt', 0..1).join("\n\n")
+ p.description = p.paragraphs_of('README.txt', 3...4).join("\n\n")
+ p.test_globs = ENV["TEST"] || ["test/test_all.rb"]
+ p.extra_deps << ['bouncy-castle-java', '>= 0']
+ end
+ hoe.spec.dependencies.delete_if { |dep| dep.name == "hoe" }
+
+ task :gemspec do
+ File.open("#{hoe.name}.gemspec", "w") {|f| f << hoe.spec.to_ruby }
+ end
+ task :package => :gemspec
+rescue LoadError
+ puts "You really need Hoe installed to be able to package this gem"
+rescue => e
+ puts "ignoring error while loading hoe: #{e.to_s}"
+end
--- /dev/null
+module Jopenssl
+ module Version
+ VERSION = "0.7.4"
+ end
+end
--- /dev/null
+=begin
+= $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions
+
+= Info
+ 'OpenSSL for Ruby 2' project
+ Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
+ All rights reserved.
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+= Version
+ $Id: openssl.rb 12496 2007-06-08 15:02:04Z technorama $
+=end
+
+# TODO: remove this chunk after 1.4 support is dropped
+require 'digest'
+unless defined?(::Digest::Class)
+ # restricted support for jruby <= 1.4 (1.8.6 Digest compat)
+ module Digest
+ class Class
+ def self.hexdigest(name, data)
+ digest(name, data).unpack('H*')[0]
+ end
+
+ def self.digest(data, name)
+ digester = const_get(name).new
+ digester.update(data)
+ digester.finish
+ end
+
+ def hexdigest
+ digest.unpack('H*')[0]
+ end
+
+ def digest
+ dup.finish
+ end
+
+ def ==(oth)
+ digest == oth.digest
+ end
+
+ def to_s
+ hexdigest
+ end
+
+ def size
+ digest_length
+ end
+
+ def length
+ digest_length
+ end
+ end
+ end
+end
+# end of compat chunk.
+
+begin
+ require 'bouncy-castle-java'
+rescue LoadError
+ # runs under restricted mode.
+end
+require 'jopenssl'
+
+
+require 'openssl/bn'
+require 'openssl/cipher'
+require 'openssl/config'
+require 'openssl/digest'
+require 'openssl/pkcs7'
+require 'openssl/ssl'
+require 'openssl/x509'
+
--- /dev/null
+=begin
+= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for BN
+
+= Info
+ 'OpenSSL for Ruby 2' project
+ Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
+ All rights reserved.
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+= Version
+ $Id: bn.rb 11708 2007-02-12 23:01:19Z shyouhei $
+=end
+
+##
+# Should we care what if somebody require this file directly?
+#require 'openssl'
+
+module OpenSSL
+ class BN
+ include Comparable
+ end # BN
+end # OpenSSL
+
+##
+# Add double dispatch to Integer
+#
+class Integer
+ def to_bn
+ OpenSSL::BN::new(self)
+ end
+end # Integer
+
--- /dev/null
+=begin
+= $RCSfile$ -- Buffering mix-in module.
+
+= Info
+ 'OpenSSL for Ruby 2' project
+ Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
+ All rights reserved.
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+= Version
+ $Id: buffering.rb 13706 2007-10-15 08:29:08Z usa $
+=end
+
+module Buffering
+ include Enumerable
+ attr_accessor :sync
+ BLOCK_SIZE = 1024*16
+
+ def initialize(*args)
+ @eof = false
+ @rbuffer = ""
+ @sync = @io.sync
+ end
+
+ #
+ # for reading.
+ #
+ private
+
+ def fill_rbuff
+ begin
+ @rbuffer << self.sysread(BLOCK_SIZE)
+ rescue Errno::EAGAIN
+ retry
+ rescue EOFError
+ @eof = true
+ end
+ end
+
+ def consume_rbuff(size=nil)
+ if @rbuffer.empty?
+ nil
+ else
+ size = @rbuffer.size unless size
+ ret = @rbuffer[0, size]
+ @rbuffer[0, size] = ""
+ ret
+ end
+ end
+
+ public
+
+ def read(size=nil, buf=nil)
+ if size == 0
+ if buf
+ buf.clear
+ else
+ buf = ""
+ end
+ return @eof ? nil : buf
+ end
+ until @eof
+ break if size && size <= @rbuffer.size
+ fill_rbuff
+ end
+ ret = consume_rbuff(size) || ""
+ if buf
+ buf.replace(ret)
+ ret = buf
+ end
+ (size && ret.empty?) ? nil : ret
+ end
+
+ def readpartial(maxlen, buf=nil)
+ if maxlen == 0
+ if buf
+ buf.clear
+ else
+ buf = ""
+ end
+ return @eof ? nil : buf
+ end
+ if @rbuffer.empty?
+ begin
+ return sysread(maxlen, buf)
+ rescue Errno::EAGAIN
+ retry
+ end
+ end
+ ret = consume_rbuff(maxlen)
+ if buf
+ buf.replace(ret)
+ ret = buf
+ end
+ raise EOFError if ret.empty?
+ ret
+ end
+
+ def gets(eol=$/)
+ idx = @rbuffer.index(eol)
+ until @eof
+ break if idx
+ fill_rbuff
+ idx = @rbuffer.index(eol)
+ end
+ if eol.is_a?(Regexp)
+ size = idx ? idx+$&.size : nil
+ else
+ size = idx ? idx+eol.size : nil
+ end
+ consume_rbuff(size)
+ end
+
+ def each(eol=$/)
+ while line = self.gets(eol)
+ yield line
+ end
+ end
+ alias each_line each
+
+ def readlines(eol=$/)
+ ary = []
+ while line = self.gets(eol)
+ ary << line
+ end
+ ary
+ end
+
+ def readline(eol=$/)
+ raise EOFError if eof?
+ gets(eol)
+ end
+
+ def getc
+ c = read(1)
+ c ? c[0] : nil
+ end
+
+ def each_byte
+ while c = getc
+ yield(c)
+ end
+ end
+
+ def readchar
+ raise EOFError if eof?
+ getc
+ end
+
+ def ungetc(c)
+ @rbuffer[0,0] = c.chr
+ end
+
+ def eof?
+ fill_rbuff if !@eof && @rbuffer.empty?
+ @eof && @rbuffer.empty?
+ end
+ alias eof eof?
+
+ #
+ # for writing.
+ #
+ private
+
+ def do_write(s)
+ @wbuffer = "" unless defined? @wbuffer
+ @wbuffer << s
+ @sync ||= false
+ if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
+ remain = idx ? idx + $/.size : @wbuffer.length
+ nwritten = 0
+ while remain > 0
+ str = @wbuffer[nwritten,remain]
+ begin
+ nwrote = syswrite(str)
+ rescue Errno::EAGAIN
+ retry
+ end
+ remain -= nwrote
+ nwritten += nwrote
+ end
+ @wbuffer[0,nwritten] = ""
+ end
+ end
+
+ public
+
+ def write(s)
+ do_write(s)
+ s.length
+ end
+
+ def << (s)
+ do_write(s)
+ self
+ end
+
+ def puts(*args)
+ s = ""
+ if args.empty?
+ s << "\n"
+ end
+ args.each{|arg|
+ s << arg.to_s
+ if $/ && /\n\z/ !~ s
+ s << "\n"
+ end
+ }
+ do_write(s)
+ nil
+ end
+
+ def print(*args)
+ s = ""
+ args.each{ |arg| s << arg.to_s }
+ do_write(s)
+ nil
+ end
+
+ def printf(s, *args)
+ do_write(s % args)
+ nil
+ end
+
+ def flush
+ osync = @sync
+ @sync = true
+ do_write ""
+ @sync = osync
+ end
+
+ def close
+ flush rescue nil
+ sysclose
+ end
+end
--- /dev/null
+=begin
+= $RCSfile$ -- Ruby-space predefined Cipher subclasses
+
+= Info
+ 'OpenSSL for Ruby 2' project
+ Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
+ All rights reserved.
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+= Version
+ $Id: cipher.rb 12496 2007-06-08 15:02:04Z technorama $
+=end
+
+##
+# Should we care what if somebody require this file directly?
+#require 'openssl'
+
+module OpenSSL
+ class Cipher
+ %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
+ klass = Class.new(Cipher){
+ define_method(:initialize){|*args|
+ cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
+ super(cipher_name)
+ }
+ }
+ const_set(name, klass)
+ }
+
+ %w(128 192 256).each{|keylen|
+ klass = Class.new(Cipher){
+ define_method(:initialize){|mode|
+ mode ||= "CBC"
+ cipher_name = "AES-#{keylen}-#{mode}"
+ super(cipher_name)
+ }
+ }
+ const_set("AES#{keylen}", klass)
+ }
+
+ # Generate, set, and return a random key.
+ # You must call cipher.encrypt or cipher.decrypt before calling this method.
+ def random_key
+ str = OpenSSL::Random.random_bytes(self.key_len)
+ self.key = str
+ return str
+ end
+
+ # Generate, set, and return a random iv.
+ # You must call cipher.encrypt or cipher.decrypt before calling this method.
+ def random_iv
+ str = OpenSSL::Random.random_bytes(self.iv_len)
+ self.iv = str
+ return str
+ end
+
+ # This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future.
+ class Cipher < Cipher
+ # add warning
+ end
+ end # Cipher
+end # OpenSSL
--- /dev/null
+=begin
+= Ruby-space definitions that completes C-space funcs for Config
+
+= Info
+ Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+=end
+
+##
+# Should we care what if somebody require this file directly?
+#require 'openssl'
+require 'stringio'
+
+module OpenSSL
+ class Config
+ include Enumerable
+
+ class << self
+ def parse(str)
+ c = new()
+ parse_config(StringIO.new(str)).each do |section, hash|
+ c[section] = hash
+ end
+ c
+ end
+
+ alias load new
+
+ def parse_config(io)
+ begin
+ parse_config_lines(io)
+ rescue ConfigError => e
+ e.message.replace("error in line #{io.lineno}: " + e.message)
+ raise
+ end
+ end
+
+ def get_key_string(data, section, key) # :nodoc:
+ if v = data[section] && data[section][key]
+ return v
+ elsif section == 'ENV'
+ if v = ENV[key]
+ return v
+ end
+ end
+ if v = data['default'] && data['default'][key]
+ return v
+ end
+ end
+
+ private
+
+ def parse_config_lines(io)
+ section = 'default'
+ data = {section => {}}
+ while definition = get_definition(io)
+ definition = clear_comments(definition)
+ next if definition.empty?
+ if definition[0] == ?[
+ if /\[([^\]]*)\]/ =~ definition
+ section = $1.strip
+ data[section] ||= {}
+ else
+ raise ConfigError, "missing close square bracket"
+ end
+ else
+ if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
+ if $2
+ section = $1
+ key = $2
+ else
+ key = $1
+ end
+ value = unescape_value(data, section, $3)
+ (data[section] ||= {})[key] = value.strip
+ else
+ raise ConfigError, "missing equal sign"
+ end
+ end
+ end
+ data
+ end
+
+ # escape with backslash
+ QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
+ # escape with backslash and doubled dq
+ QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
+ # escaped char map
+ ESCAPE_MAP = {
+ "r" => "\r",
+ "n" => "\n",
+ "b" => "\b",
+ "t" => "\t",
+ }
+
+ def unescape_value(data, section, value)
+ scanned = []
+ while m = value.match(/['"\\$]/)
+ scanned << m.pre_match
+ c = m[0]
+ value = m.post_match
+ case c
+ when "'"
+ if m = value.match(QUOTE_REGEXP_SQ)
+ scanned << m[1].gsub(/\\(.)/, '\\1')
+ value = m.post_match
+ else
+ break
+ end
+ when '"'
+ if m = value.match(QUOTE_REGEXP_DQ)
+ scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
+ value = m.post_match
+ else
+ break
+ end
+ when "\\"
+ c = value.slice!(0, 1)
+ scanned << (ESCAPE_MAP[c] || c)
+ when "$"
+ ref, value = extract_reference(value)
+ refsec = section
+ if ref.index('::')
+ refsec, ref = ref.split('::', 2)
+ end
+ if v = get_key_string(data, refsec, ref)
+ scanned << v
+ else
+ raise ConfigError, "variable has no value"
+ end
+ else
+ raise 'must not reaced'
+ end
+ end
+ scanned << value
+ scanned.join
+ end
+
+ def extract_reference(value)
+ rest = ''
+ if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
+ value = m[1] || m[2]
+ rest = m.post_match
+ elsif [?(, ?{].include?(value[0])
+ raise ConfigError, "no close brace"
+ end
+ if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
+ return m[0], m.post_match + rest
+ else
+ raise
+ end
+ end
+
+ def clear_comments(line)
+ # FCOMMENT
+ if m = line.match(/\A([\t\n\f ]*);.*\z/)
+ return m[1]
+ end
+ # COMMENT
+ scanned = []
+ while m = line.match(/[#'"\\]/)
+ scanned << m.pre_match
+ c = m[0]
+ line = m.post_match
+ case c
+ when '#'
+ line = nil
+ break
+ when "'", '"'
+ regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
+ scanned << c
+ if m = line.match(regexp)
+ scanned << m[0]
+ line = m.post_match
+ else
+ scanned << line
+ line = nil
+ break
+ end
+ when "\\"
+ scanned << c
+ scanned << line.slice!(0, 1)
+ else
+ raise 'must not reaced'
+ end
+ end
+ scanned << line
+ scanned.join
+ end
+
+ def get_definition(io)
+ if line = get_line(io)
+ while /[^\\]\\\z/ =~ line
+ if extra = get_line(io)
+ line += extra
+ else
+ break
+ end
+ end
+ return line.strip
+ end
+ end
+
+ def get_line(io)
+ if line = io.gets
+ line.gsub(/[\r\n]*/, '')
+ end
+ end
+ end
+
+ def initialize(filename = nil)
+ @data = {}
+ if filename
+ File.open(filename.to_s) do |file|
+ Config.parse_config(file).each do |section, hash|
+ self[section] = hash
+ end
+ end
+ end
+ end
+
+ def get_value(section, key)
+ if section.nil?
+ raise TypeError.new('nil not allowed')
+ end
+ section = 'default' if section.empty?
+ get_key_string(section, key)
+ end
+
+ def value(arg1, arg2 = nil)
+ warn('Config#value is deprecated; use Config#get_value')
+ if arg2.nil?
+ section, key = 'default', arg1
+ else
+ section, key = arg1, arg2
+ end
+ section ||= 'default'
+ section = 'default' if section.empty?
+ get_key_string(section, key)
+ end
+
+ def add_value(section, key, value)
+ check_modify
+ (@data[section] ||= {})[key] = value
+ end
+
+ def [](section)
+ @data[section] || {}
+ end
+
+ def section(name)
+ warn('Config#section is deprecated; use Config#[]')
+ @data[name] || {}
+ end
+
+ def []=(section, pairs)
+ check_modify
+ @data[section] ||= {}
+ pairs.each do |key, value|
+ self.add_value(section, key, value)
+ end
+ end
+
+ def sections
+ @data.keys
+ end
+
+ def to_s
+ ary = []
+ @data.keys.sort.each do |section|
+ ary << "[ #{section} ]\n"
+ @data[section].keys.each do |key|
+ ary << "#{key}=#{@data[section][key]}\n"
+ end
+ ary << "\n"
+ end
+ ary.join
+ end
+
+ def each
+ @data.each do |section, hash|
+ hash.each do |key, value|
+ yield [section, key, value]
+ end
+ end
+ end
+
+ def inspect
+ "#<#{self.class.name} sections=#{sections.inspect}>"
+ end
+
+ protected
+
+ def data
+ @data
+ end
+
+ private
+
+ def initialize_copy(other)
+ @data = other.data.dup
+ end
+
+ def check_modify
+ raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
+ end
+
+ def get_key_string(section, key)
+ Config.get_key_string(@data, section, key)
+ end
+ end
+end
--- /dev/null
+=begin
+= $RCSfile$ -- Ruby-space predefined Digest subclasses
+
+= Info
+ 'OpenSSL for Ruby 2' project
+ Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
+ All rights reserved.
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+= Version
+ $Id: digest.rb 15600 2008-02-25 08:48:57Z technorama $
+=end
+
+##
+# Should we care what if somebody require this file directly?
+#require 'openssl'
+
+module OpenSSL
+ class Digest
+
+ alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
+ if OPENSSL_VERSION_NUMBER > 0x00908000
+ alg += %w(SHA224 SHA256 SHA384 SHA512)
+ end
+
+ def self.digest(name, data)
+ super(data, name)
+ end
+
+ alg.each{|name|
+ klass = Class.new(Digest){
+ define_method(:initialize){|*data|
+ if data.length > 1
+ raise ArgumentError,
+ "wrong number of arguments (#{data.length} for 1)"
+ end
+ super(name, data.first)
+ }
+ }
+ singleton = (class <<klass; self; end)
+ singleton.class_eval{
+ define_method(:digest){|data| Digest.digest(name, data) }
+ define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
+ }
+ const_set(name, klass)
+ }
+
+ # This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future.
+ class Digest < Digest
+ def initialize(*args)
+ # add warning
+ super(*args)
+ end
+ end
+
+ end # Digest
+end # OpenSSL
+
--- /dev/null
+warn "OpenSSL ASN1/PKey/X509/Netscape/PKCS7 implementation unavailable"
+warn "gem install bouncy-castle-java for full support."
+module OpenSSL
+ module ASN1
+ class ASN1Error < OpenSSLError; end
+ class ASN1Data; end
+ class Primitive; end
+ class Constructive; end
+ end
+ module X509
+ class Name; end
+ class Certificate; end
+ class Extension; end
+ class CRL; end
+ class Revoked; end
+ class Store
+ def set_default_paths; end
+ end
+ class Request; end
+ class Attribute; end
+ end
+ module Netscape
+ class SPKI; end
+ end
+ class PKCS7
+ # this definition causes TypeError "superclass mismatch for class PKCS7"
+ # MRI also crashes following definition;
+ # class Foo; class Foo < Foo; end; end
+ # class Foo; class Foo < Foo; end; end
+ #
+ # class PKCS7 < PKCS7; end
+ end
+end
--- /dev/null
+warn "Warning: OpenSSL SSL implementation unavailable"
+warn "You must run on JDK 1.5 (Java 5) or higher to use SSL"
+module OpenSSL
+ module SSL
+ class SSLError < OpenSSLError; end
+ class SSLContext; end
+ class SSLSocket; end
+ VERIFY_NONE = 0
+ VERIFY_PEER = 1
+ VERIFY_FAIL_IF_NO_PEER_CERT = 2
+ VERIFY_CLIENT_ONCE = 4
+ OP_ALL = 0x00000FFF
+ end
+end
--- /dev/null
+=begin
+= $RCSfile$ -- PKCS7
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+= Version
+ $Id: digest.rb 12148 2007-04-05 05:59:22Z technorama $
+=end
+
+module OpenSSL
+ class PKCS7
+ # This class is only provided for backwards compatibility. Use OpenSSL::PKCS7 in the future.
+ class PKCS7 < PKCS7
+ def initialize(*args)
+ super(*args)
+
+ warn("Warning: OpenSSL::PKCS7::PKCS7 is deprecated after Ruby 1.9; use OpenSSL::PKCS7 instead")
+ end
+ end
+
+ end # PKCS7
+end # OpenSSL
+
--- /dev/null
+=begin
+= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
+
+= Info
+ 'OpenSSL for Ruby 2' project
+ Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
+ All rights reserved.
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+= Version
+ $Id: ssl.rb 16193 2008-04-25 06:51:21Z knu $
+=end
+
+require "openssl"
+require "openssl/buffering"
+require "fcntl"
+
+module OpenSSL
+ module SSL
+ class SSLContext
+ DEFAULT_PARAMS = {
+ :ssl_version => "SSLv23",
+ :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+ :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
+ :options => OpenSSL::SSL::OP_ALL,
+ }
+
+ DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+ DEFAULT_CERT_STORE.set_default_paths
+ if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+ DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+ end
+
+ def set_params(params={})
+ params = DEFAULT_PARAMS.merge(params)
+ self.ssl_version = params.delete(:ssl_version)
+ params.each{|name, value| self.__send__("#{name}=", value) }
+ if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
+ unless self.ca_file or self.ca_path or self.cert_store
+ self.cert_store = DEFAULT_CERT_STORE
+ end
+ end
+ return params
+ end
+ end
+
+ module SocketForwarder
+ def addr
+ to_io.addr
+ end
+
+ def peeraddr
+ to_io.peeraddr
+ end
+
+ def setsockopt(level, optname, optval)
+ to_io.setsockopt(level, optname, optval)
+ end
+
+ def getsockopt(level, optname)
+ to_io.getsockopt(level, optname)
+ end
+
+ def fcntl(*args)
+ to_io.fcntl(*args)
+ end
+
+ def closed?
+ to_io.closed?
+ end
+
+ def do_not_reverse_lookup=(flag)
+ to_io.do_not_reverse_lookup = flag
+ end
+ end
+
+ module Nonblock
+ def initialize(*args)
+ flag = File::NONBLOCK
+ flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
+ @io.fcntl(Fcntl::F_SETFL, flag)
+ super
+ end
+ end
+
+ def verify_certificate_identity(cert, hostname)
+ should_verify_common_name = true
+ cert.extensions.each{|ext|
+ next if ext.oid != "subjectAltName"
+ ext.value.split(/,\s+/).each{|general_name|
+ if /\ADNS:(.*)/ =~ general_name
+ should_verify_common_name = false
+ reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
+ return true if /\A#{reg}\z/i =~ hostname
+ elsif /\AIP Address:(.*)/ =~ general_name
+ should_verify_common_name = false
+ return true if $1 == hostname
+ end
+ }
+ }
+ if should_verify_common_name
+ cert.subject.to_a.each{|oid, value|
+ if oid == "CN"
+ reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
+ return true if /\A#{reg}\z/i =~ hostname
+ end
+ }
+ end
+ return false
+ end
+ module_function :verify_certificate_identity
+
+ class SSLSocket
+ include Buffering
+ include SocketForwarder
+ include Nonblock
+
+ def post_connection_check(hostname)
+ unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
+ raise SSLError, "hostname was not match with the server certificate"
+ end
+ return true
+ end
+
+ def session
+ SSL::Session.new(self)
+ rescue SSL::Session::SessionError
+ nil
+ end
+ end
+
+ class SSLServer
+ include SocketForwarder
+ attr_accessor :start_immediately
+
+ def initialize(svr, ctx)
+ @svr = svr
+ @ctx = ctx
+ unless ctx.session_id_context
+ session_id = OpenSSL::Digest::MD5.hexdigest($0)
+ @ctx.session_id_context = session_id
+ end
+ @start_immediately = true
+ end
+
+ def to_io
+ @svr
+ end
+
+ def listen(backlog=5)
+ @svr.listen(backlog)
+ end
+
+ def shutdown(how=Socket::SHUT_RDWR)
+ @svr.shutdown(how)
+ end
+
+ def accept
+ sock = @svr.accept
+ begin
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
+ ssl.sync_close = true
+ ssl.accept if @start_immediately
+ ssl
+ rescue SSLError => ex
+ sock.close
+ raise ex
+ end
+ end
+
+ def close
+ @svr.close
+ end
+ end
+ end
+end
--- /dev/null
+=begin
+= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
+
+= Info
+ 'OpenSSL for Ruby 2' project
+ Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
+ All rights reserved.
+
+= Licence
+ This program is licenced under the same licence as Ruby.
+ (See the file 'LICENCE'.)
+
+= Version
+ $Id: x509.rb 11708 2007-02-12 23:01:19Z shyouhei $
+=end
+
+require "openssl"
+
+module OpenSSL
+ module X509
+ class ExtensionFactory
+ def create_extension(*arg)
+ if arg.size > 1
+ create_ext(*arg)
+ else
+ send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
+ end
+ end
+
+ def create_ext_from_array(ary)
+ raise ExtensionError, "unexpected array form" if ary.size > 3
+ create_ext(ary[0], ary[1], ary[2])
+ end
+
+ def create_ext_from_string(str) # "oid = critical, value"
+ oid, value = str.split(/=/, 2)
+ oid.strip!
+ value.strip!
+ create_ext(oid, value)
+ end
+
+ def create_ext_from_hash(hash)
+ create_ext(hash["oid"], hash["value"], hash["critical"])
+ end
+ end
+
+ class Extension
+ def to_s # "oid = critical, value"
+ str = self.oid
+ str << " = "
+ str << "critical, " if self.critical?
+ str << self.value.gsub(/\n/, ", ")
+ end
+
+ def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
+ {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
+ end
+
+ def to_a
+ [ self.oid, self.value, self.critical? ]
+ end
+ end
+
+ class Name
+ module RFC2253DN
+ Special = ',=+<>#;'
+ HexChar = /[0-9a-fA-F]/
+ HexPair = /#{HexChar}#{HexChar}/
+ HexString = /#{HexPair}+/
+ Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
+ StringChar = /[^#{Special}\\"]/
+ QuoteChar = /[^\\"]/
+ AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
+ AttributeValue = /
+ (?!["#])((?:#{StringChar}|#{Pair})*)|
+ \#(#{HexString})|
+ "((?:#{QuoteChar}|#{Pair})*)"
+ /x
+ TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
+
+ module_function
+
+ def expand_pair(str)
+ return nil unless str
+ return str.gsub(Pair){|pair|
+ case pair.size
+ when 2 then pair[1,1]
+ when 3 then Integer("0x#{pair[1,2]}").chr
+ else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
+ end
+ }
+ end
+
+ def expand_hexstring(str)
+ return nil unless str
+ der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
+ a1 = OpenSSL::ASN1.decode(der)
+ return a1.value, a1.tag
+ end
+
+ def expand_value(str1, str2, str3)
+ value = expand_pair(str1)
+ value, tag = expand_hexstring(str2) unless value
+ value = expand_pair(str3) unless value
+ return value, tag
+ end
+
+ def scan(dn)
+ str = dn
+ ary = []
+ while true
+ if md = TypeAndValue.match(str)
+ matched = md.to_s
+ remain = md.post_match
+ type = md[1]
+ value, tag = expand_value(md[2], md[3], md[4]) rescue nil
+ if value
+ type_and_value = [type, value]
+ type_and_value.push(tag) if tag
+ ary.unshift(type_and_value)
+ if remain.length > 2 && remain[0] == ?,
+ str = remain[1..-1]
+ next
+ elsif remain.length > 2 && remain[0] == ?+
+ raise OpenSSL::X509::NameError,
+ "multi-valued RDN is not supported: #{dn}"
+ elsif remain.empty?
+ break
+ end
+ end
+ end
+ msg_dn = dn[0, dn.length - str.length] + " =>" + str
+ raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
+ end
+ return ary
+ end
+ end
+
+ class <<self
+ def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
+ ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
+ self.new(ary, template)
+ end
+
+ def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
+ ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
+ self.new(ary, template)
+ end
+
+ alias parse parse_openssl
+ end
+ end
+ end
+end
projects / sonarqube.git / commitdiff