diff options
| author | simonbrandhof <simon.brandhof@gmail.com> | 2011-05-19 18:49:02 +0200 |
|---|---|---|
| committer | simonbrandhof <simon.brandhof@gmail.com> | 2011-05-19 18:49:02 +0200 |
| commit | 0c00fc4022d2dd1cc560dad11a7e8113b215a9d3 (patch) | |
| tree | 0bdcb853610795879c48859329fa538c709c766a | |
| parent | 004582cf071ce1b2eb4a131a9f29104e13b29944 (diff) | |
| download | sonarqube-0c00fc4022d2dd1cc560dad11a7e8113b215a9d3.tar.gz sonarqube-0c00fc4022d2dd1cc560dad11a7e8113b215a9d3.zip | |
SONAR-2445 Do not remove BouncyCastle security provider
27 files changed, 1208 insertions, 399 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/.specification b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/.specification deleted file mode 100755 index 3a7ccf4f984..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/.specification +++ /dev/null @@ -1,129 +0,0 @@ ---- !ruby/object:Gem::Specification -name: jruby-openssl -version: !ruby/object:Gem::Version - prerelease: false - segments: - - 0 - - 5 - - 1 - version: 0.5.1 -platform: ruby -authors: - - Ola Bini and JRuby contributors -autorequire: -bindir: bin -cert_chain: [] - -date: 2009-06-15 00:00:00 +02:00 -default_executable: -dependencies: [] - -description: = JRuby-OpenSSL -email: ola.bini@gmail.com -executables: [] - -extensions: [] - -extra_rdoc_files: - - History.txt - - README.txt - - License.txt -files: - - History.txt - - README.txt - - License.txt - - lib/jopenssl.jar - - lib/bcmail-jdk14-139.jar - - lib/bcprov-jdk14-139.jar - - lib/openssl.rb - - lib/jopenssl/version.rb - - lib/openssl/bn.rb - - lib/openssl/buffering.rb - - lib/openssl/cipher.rb - - lib/openssl/digest.rb - - lib/openssl/dummy.rb - - lib/openssl/dummyssl.rb - - lib/openssl/ssl.rb - - lib/openssl/x509.rb - - test/pkcs7_mime_enveloped.message - - test/pkcs7_mime_signed.message - - test/pkcs7_multipart_signed.message - - test/test_cipher.rb - - test/test_integration.rb - - test/test_java.rb - - test/test_java_attribute.rb - - test/test_java_bio.rb - - test/test_java_mime.rb - - test/test_java_pkcs7.rb - - test/test_java_smime.rb - - test/test_openssl.rb - - test/test_openssl_x509.rb - - test/test_pkey.rb - - test/ut_eof.rb - - test/fixture/cacert.pem - - test/fixture/cert_localhost.pem - - test/fixture/localhost_keypair.pem - - test/openssl/ssl_server.rb - - test/openssl/test_asn1.rb - - test/openssl/test_cipher.rb - - test/openssl/test_digest.rb - - test/openssl/test_hmac.rb - - test/openssl/test_ns_spki.rb - - test/openssl/test_pair.rb - - test/openssl/test_pkcs7.rb - - test/openssl/test_pkey_rsa.rb - - test/openssl/test_ssl.rb - - test/openssl/test_x509cert.rb - - test/openssl/test_x509crl.rb - - test/openssl/test_x509ext.rb - - test/openssl/test_x509name.rb - - test/openssl/test_x509req.rb - - test/openssl/test_x509store.rb - - test/openssl/utils.rb - - test/ref/a.out - - test/ref/compile.rb - - test/ref/pkcs1 - - test/ref/pkcs1.c -has_rdoc: true -homepage: http://jruby-extras.rubyforge.org/jruby-openssl -licenses: [] - -post_install_message: -rdoc_options: - - --main - - README.txt -require_paths: - - lib -required_ruby_version: !ruby/object:Gem::Requirement - requirements: - - - ">=" - - !ruby/object:Gem::Version - segments: - - 0 - version: "0" -required_rubygems_version: !ruby/object:Gem::Requirement - requirements: - - - ">=" - - !ruby/object:Gem::Version - segments: - - 0 - version: "0" -requirements: [] - -rubyforge_project: jruby-extras -rubygems_version: 1.3.6 -signing_key: -specification_version: 3 -summary: OpenSSL add-on for JRuby -test_files: - - test/test_cipher.rb - - test/test_integration.rb - - test/test_java.rb - - test/test_java_attribute.rb - - test/test_java_bio.rb - - test/test_java_mime.rb - - test/test_java_pkcs7.rb - - test/test_java_smime.rb - - test/test_openssl.rb - - test/test_openssl_x509.rb - - test/test_pkey.rb diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/History.txt b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/History.txt deleted file mode 100755 index 4608db01692..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/History.txt +++ /dev/null @@ -1,39 +0,0 @@ -== 0.5.1 - -* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100% -* Fix by Frederic Jean for a character-decoding issue for some certificates - -== 0.5 - -* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256) -* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert Validation Error, when there should be no error -* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java -* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted -* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating digest -* Misc code cleanup - -== 0.2 - -- Enable remaining tests; fix a nil string issue in SSLSocket.sysread (JRUBY-1888) -- Fix socket buffering issue by setting socket IO sync = true -- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152) -- Fix AES key length (JRUBY-2187) -- Fix cipher initialization (JRUBY-1100) -- Now, only compatible with JRuby 1.1 - -== 0.1.1 - -- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222) - -== 0.1 - -- PLEASE NOTE: This release is not compatible with JRuby releases earlier than - 1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the - 0.6 release. -- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases -- Simultaneous support for JRuby trunk and 1.0 branch -- Start of support for OpenSSL::BN - -== 0.0.5 and prior - -- Initial versions with maintenance updates diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/bcmail-jdk14-139.jar b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/bcmail-jdk14-139.jar Binary files differdeleted file mode 100755 index 40b994da27a..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/bcmail-jdk14-139.jar +++ /dev/null diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/bcprov-jdk14-139.jar b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/bcprov-jdk14-139.jar Binary files differdeleted file mode 100755 index 986049babb9..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/bcprov-jdk14-139.jar +++ /dev/null diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/jopenssl.jar b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/jopenssl.jar Binary files differdeleted file mode 100755 index e0284954660..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/jopenssl.jar +++ /dev/null diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl.rb deleted file mode 100755 index 555411db664..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl.rb +++ /dev/null @@ -1,24 +0,0 @@ -=begin -= $RCSfile: openssl.rb,v $ -- Loader for all OpenSSL C-space and Ruby-space definitions - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id: openssl.rb,v 1.1 2003/07/23 16:11:29 gotoyuzo Exp $ -=end - -require 'jopenssl' - -require 'openssl/bn' -require 'openssl/cipher' -require 'openssl/digest' -require 'openssl/ssl' -require 'openssl/x509' - diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/dummy.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/dummy.rb deleted file mode 100755 index 5bea7c728ea..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/dummy.rb +++ /dev/null @@ -1,34 +0,0 @@ -warn "Warning: OpenSSL ASN1/PKey/X509/Netscape/PKCS7 implementation unavailable" -warn "You need to download or install BouncyCastle jars (bc-prov-*.jar, bc-mail-*.jar)" -warn "to fix this." -module OpenSSL - module ASN1 - class ASN1Error < OpenSSLError; end - class ASN1Data; end - class Primitive; end - class Constructive; end - end - module PKey - class PKeyError < OpenSSLError; end - class PKey; def initialize(*args); end; end - class RSA < PKey; end - class DSA < PKey; end - class DH < PKey; end - end - module X509 - class Name; end - class Certificate; end - class Extension; end - class CRL; end - class Revoked; end - class Store; end - class Request; end - class Attribute; end - end - module Netscape - class SPKI; end - end - module PKCS7 - class PKCS7; end - end -end
\ No newline at end of file diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/ssl.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/ssl.rb deleted file mode 100755 index 6fcf95f28a6..00000000000 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/ssl.rb +++ /dev/null @@ -1,135 +0,0 @@ -=begin -= $RCSfile: ssl.rb,v $ -- Ruby-space definitions that completes C-space funcs for SSL - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id: ssl.rb,v 1.5.2.6 2006/05/23 18:14:05 gotoyuzo Exp $ -=end - -require "openssl" -require "openssl/buffering" -require "fcntl" - -module OpenSSL - module SSL - module SocketForwarder - def addr - to_io.addr - end - - def peeraddr - to_io.peeraddr - end - - def setsockopt(level, optname, optval) - to_io.setsockopt(level, optname, optval) - end - - def getsockopt(level, optname) - to_io.getsockopt(level, optname) - end - - def fcntl(*args) - to_io.fcntl(*args) - end - - def closed? - to_io.closed? - end - - def do_not_reverse_lookup=(flag) - to_io.do_not_reverse_lookup = flag - end - end - - module Nonblock - def initialize(*args) - flag = File::NONBLOCK - flag |= @io.fcntl(Fcntl::F_GETFL, nil) if defined?(Fcntl::F_GETFL) - @io.fcntl(Fcntl::F_SETFL, flag) - super - end - end - - class SSLSocket - include Buffering - include SocketForwarder - include Nonblock - - def post_connection_check(hostname) - check_common_name = true - cert = peer_cert - cert.extensions.each{|ext| - next if ext.oid != "subjectAltName" - ext.value.split(/,\s+/).each{|general_name| - if /\ADNS:(.*)/ =~ general_name - check_common_name = false - reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") - return true if /\A#{reg}\z/i =~ hostname - elsif /\AIP Address:(.*)/ =~ general_name - check_common_name = false - return true if $1 == hostname - end - } - } - if check_common_name - cert.subject.to_a.each{|oid, value| - if oid == "CN" - reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") - return true if /\A#{reg}\z/i =~ hostname - end - } - end - raise SSLError, "hostname not match" - end - end - - class SSLServer - include SocketForwarder - attr_accessor :start_immediately - - def initialize(svr, ctx) - @svr = svr - @ctx = ctx - unless ctx.session_id_context - session_id = OpenSSL::Digest::MD5.hexdigest($0) - @ctx.session_id_context = session_id - end - @start_immediately = true - end - - def to_io - @svr - end - - def listen(backlog=5) - @svr.listen(backlog) - end - - def accept - sock = @svr.accept - begin - ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) - ssl.sync_close = true - ssl.accept if @start_immediately - ssl - rescue SSLError => ex - sock.close - raise ex - end - end - - def close - @svr.close - end - end - end -end diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/.specification b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/.specification new file mode 100644 index 00000000000..430d70be5aa --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/.specification @@ -0,0 +1,166 @@ +--- !ruby/object:Gem::Specification +name: jruby-openssl +version: !ruby/object:Gem::Version + version: 0.7.4 +platform: ruby +authors: +- Ola Bini and JRuby contributors +autorequire: +bindir: bin +cert_chain: [] + +date: 2011-04-27 00:00:00 +02:00 +default_executable: +dependencies: +- !ruby/object:Gem::Dependency + name: bouncy-castle-java + type: :runtime + version_requirement: + version_requirements: !ruby/object:Gem::Requirement + requirements: + - - ">=" + - !ruby/object:Gem::Version + version: "0" + version: +description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. +email: ola.bini@gmail.com +executables: [] + +extensions: [] + +extra_rdoc_files: +- History.txt +- Manifest.txt +- README.txt +- License.txt +files: +- Rakefile +- History.txt +- Manifest.txt +- README.txt +- License.txt +- lib/jopenssl.jar +- lib/openssl.rb +- lib/openssl/dummy.rb +- lib/openssl/dummyssl.rb +- lib/openssl/config.rb +- lib/openssl/cipher.rb +- lib/openssl/ssl.rb +- lib/openssl/bn.rb +- lib/openssl/x509.rb +- lib/openssl/digest.rb +- lib/openssl/buffering.rb +- lib/openssl/pkcs7.rb +- lib/jopenssl/version.rb +- test/test_imaps.rb +- test/test_all.rb +- test/test_integration.rb +- test/ut_eof.rb +- test/test_java.rb +- test/test_openssl.rb +- test/test_pkey.rb +- test/test_cipher.rb +- test/cert_with_ec_pk.cer +- test/test_pkcs7.rb +- test/test_x509store.rb +- test/test_certificate.rb +- test/test_parse_certificate.rb +- test/test_ssl.rb +- test/openssl/test_x509name.rb +- test/openssl/test_ns_spki.rb +- test/openssl/test_x509cert.rb +- test/openssl/ssl_server.rb +- test/openssl/test_pair.rb +- test/openssl/test_ec.rb +- test/openssl/test_config.rb +- test/openssl/utils.rb +- test/openssl/test_x509req.rb +- test/openssl/test_cipher.rb +- test/openssl/test_digest.rb +- test/openssl/test_x509ext.rb +- test/openssl/test_asn1.rb +- test/openssl/test_pkcs7.rb +- test/openssl/test_x509store.rb +- test/openssl/test_pkey_rsa.rb +- test/openssl/test_ssl.rb +- test/openssl/test_x509crl.rb +- test/openssl/test_hmac.rb +- test/ref/compile.rb +- test/ref/a.out +- test/ref/pkcs1 +- test/ref/pkcs1.c +- test/fixture/cacert.pem +- test/fixture/ca-bundle.crt +- test/fixture/common.pem +- test/fixture/key_then_cert.pem +- test/fixture/verisign.pem +- test/fixture/cert_localhost.pem +- test/fixture/localhost_keypair.pem +- test/fixture/verisign_c3.pem +- test/fixture/selfcert.pem +- test/fixture/max.pem +- test/fixture/keypair.pem +- test/fixture/purpose/cacert.pem +- test/fixture/purpose/b70a5bc1.0 +- test/fixture/purpose/sslclient.pem +- test/fixture/purpose/sslserver.pem +- test/fixture/purpose/sslclient/sslclient.pem +- test/fixture/purpose/sslclient/csr.pem +- test/fixture/purpose/sslclient/keypair.pem +- test/fixture/purpose/ca/cacert.pem +- test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +- test/fixture/purpose/ca/ca_config.rb +- test/fixture/purpose/ca/serial +- test/fixture/purpose/ca/newcerts/2_cert.pem +- test/fixture/purpose/ca/newcerts/3_cert.pem +- test/fixture/purpose/ca/private/cakeypair.pem +- test/fixture/purpose/scripts/gen_cert.rb +- test/fixture/purpose/scripts/init_ca.rb +- test/fixture/purpose/scripts/gen_csr.rb +- test/fixture/purpose/sslserver/sslserver.pem +- test/fixture/purpose/sslserver/csr.pem +- test/fixture/purpose/sslserver/keypair.pem +- test/fixture/imaps/cacert.pem +- test/fixture/imaps/server.crt +- test/fixture/imaps/server.key +- test/fixture/ca_path/verisign.pem +- test/fixture/ca_path/72fa7371.0 +- test/java/pkcs7_mime_enveloped.message +- test/java/pkcs7_mime_signed.message +- test/java/test_java_pkcs7.rb +- test/java/test_java_bio.rb +- test/java/pkcs7_multipart_signed.message +- test/java/test_java_mime.rb +- test/java/test_java_attribute.rb +- test/java/test_java_smime.rb +has_rdoc: true +homepage: http://jruby-extras.rubyforge.org/jruby-openssl +licenses: [] + +post_install_message: +rdoc_options: +- --main +- README.txt +require_paths: +- lib +required_ruby_version: !ruby/object:Gem::Requirement + requirements: + - - ">=" + - !ruby/object:Gem::Version + version: "0" + version: +required_rubygems_version: !ruby/object:Gem::Requirement + requirements: + - - ">=" + - !ruby/object:Gem::Version + version: "0" + version: +requirements: [] + +rubyforge_project: jruby-extras +rubygems_version: 1.3.5 +signing_key: +specification_version: 3 +summary: OpenSSL add-on for JRuby +test_files: +- test/test_all.rb diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/History.txt b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/History.txt new file mode 100644 index 00000000000..4ffc8de2cd2 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/History.txt @@ -0,0 +1,171 @@ +== 0.7.4 + +- JRUBY-5519: Avoid String encoding dependency in DER loading. PEM loading failed on JRuby 1.6.x. Fixed. +- JRUBY-5510: Add debug information to released jar +- JRUBY-5478: Update bouncycastle jars to the latest version. (1.46) + +== 0.7.3 + +- JRUBY-5200: Net::IMAP + SSL(imaps) login could hang. Fixed. +- JRUBY-5253: Allow to load the certificate file which includes private + key for activemarchant compatibility. +- JRUBY-5267: Added SSL socket error-checks to avoid busy loop under an + unknown condition. +- JRUBY-5316: Improvements for J9's IBMJCE support. Now all testcases + pass on J9 JDK 6. + +== 0.7.2 + +- JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream + cipher (Net::SSH compatibility) +- JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH + compatibility) +- JRUBY-5096: Fixed inconsistent Certificate verification behavior +- JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects +- JRUBY-5059: SSLSocket ignores Timeout (Fixed) +- JRUBY-4965: implemented OpenSSL::Config +- JRUBY-5023: make Certificate#signature_algorithm return correct algo + name; "sha1WithRSAEncryption" instead of "SHA1" +- JRUBY-5024: let HMAC.new accept a String as a digest name +- JRUBY-5018: SSLSocket holds selectors, keys, preventing quick + cleanup of resources when dereferenced + +== 0.7.1 + +- NOTE: Now BouncyCastle jars has moved out to its own gem + "bouncy-castle-java" (http://rubygems.org/gems/bouncy-castle-java). + You don't need to care about it because "jruby-openssl" gem depends + on it from now on. + +=== SSL bugfix + +- JRUBY-4826 net/https client possibly raises "rbuf_fill': End of file + reached (EOFError)" for HTTP chunked read. + +=== Misc + +- JRUBY-4900: Set proper String to OpenSSL::OPENSSL_VERSION. Make sure + it's not an OpenSSL artifact: "OpenSSL 0.9.8b 04 May 2006 + (JRuby-OpenSSL fake)" -> "jruby-ossl 0.7.1" +- JRUBY-4975: Moving BouncyCastle jars out to its own gem. + +== 0.7 + +- Follow MRI 1.8.7 openssl API changes +- Fixes so that jruby-openssl can run on appengine +- Many bug and compatibility fixes, see below. +- This is the last release that will be compatible with JRuby 1.4.x. +- Compatibility issues +-- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7. +-- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7. +-- JRUBY-4444: OpenSSL crash running RubyGems tests +-- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message available" +-- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris +-- JRUBY-4541: jruby-openssl doesn't load on App Engine. +-- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris +-- JRUBY-4535: Issues with the BouncyCastle provider +-- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov +-- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 -> jdk15-144 +- Cipher issues +-- JRUBY-4012: Initialization vector length handled differently than in MRI (longer IV sequence are trimmed to fit the required) +-- JRUBY-4473: Implemented DSA key generation +-- JRUBY-4472: Cipher does not support RC4 and CAST +-- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or 168' for DES3 + SunJCE +- SSL and X.509(PKIX) issues +-- JRUBY-4384: TCP socket connection causes busy loop of SSL server +-- JRUBY-4370: Implement SSLContext#ciphers +-- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT' +-- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented +-- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca +-- JRUBY-4684: SSLContext#verify_depth is ignored +-- JRUBY-4398: SSLContext#options does not affect to SSL sessions +-- JRUBY-4360: Implement SSLSocket#verify_result and dependents +-- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating (ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when returning SOAP queries over a certain size) +-- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel close +-- JRUBY-4369: X509Store#verify_callback is not called +-- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes certificates which have the same subject (problem with ruby-openid-apps-discovery (github jruby-openssl issue #2)) +-- JRUBY-4333: PKCS#8 formatted privkey read +-- JRUBY-4454: Loading Key file as a Certificate causes NPE +-- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized from PEM causes IllegalStateException +- PKCS#7 issues +-- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm +-- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake test doesn't finish on JDK5 w/o policy files update) +- Misc +-- JRUBY-4574: jruby-openssl deprecation warning cleanup +-- JRUBY-4591: jruby-1.4 support + +== 0.6 + +- This is a recommended upgrade to jruby-openssl. A security problem + involving peer certificate verification was found where failed + verification silently did nothing, making affected applications + vulnerable to attackers. Attackers could lead a client application + to believe that a secure connection to a rogue SSL server is + legitimate. Attackers could also penetrate client-validated SSL + server applications with a dummy certificate. Your application would + be vulnerable if you're using the 'net/https' library with + OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl + prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the + problem and providing the fix. See + http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html + for details. +- This release addresses CVE-2009-4123 which was reserved for the + above vulnerability. +- Many fixes from NaHi, including issues related to certificate + verification and certificate store purpose verification. + - implement OpenSSL::X509::Store#set_default_paths + - MRI compat. fix: OpenSSL::X509::Store#add_file + - Fix nsCertType handling. + - Fix Cipher#key_len for DES-EDE3: 16 should be 24. + - Modified test expectations around Cipher#final. +- Public keys are lazily instantiated when the + X509::Certificate#public_key method is called (Dave Garcia) + +== 0.5.2 + +* Multiple bugs fixed: +** JRUBY-3895 Could not verify server signature with net-ssh against Cygwin +** JRUBY-3864 jruby-openssl depends on Base64Coder from JvYAMLb +** JRUBY-3790 JRuby-OpenSSL test_post_connection_check is not passing +** JRUBY-3767 OpenSSL ssl implementation doesn't support client auth +** JRUBY-3673 jRuby-OpenSSL does not properly load certificate authority file + +== 0.5.1 + +* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100% +* Fix by Frederic Jean for a character-decoding issue for some certificates + +== 0.5 + +* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256) +* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert Validation Error, when there should be no error +* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java +* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted +* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating digest +* Misc code cleanup + +== 0.2 + +- Enable remaining tests; fix a nil string issue in SSLSocket.sysread (JRUBY-1888) +- Fix socket buffering issue by setting socket IO sync = true +- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152) +- Fix AES key length (JRUBY-2187) +- Fix cipher initialization (JRUBY-1100) +- Now, only compatible with JRuby 1.1 + +== 0.1.1 + +- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222) + +== 0.1 + +- PLEASE NOTE: This release is not compatible with JRuby releases earlier than + 1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the + 0.6 release. +- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases +- Simultaneous support for JRuby trunk and 1.0 branch +- Start of support for OpenSSL::BN + +== 0.0.5 and prior + +- Initial versions with maintenance updates diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/License.txt b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/License.txt index e0136393b8a..e0136393b8a 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/License.txt +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/License.txt diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/Manifest.txt b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/Manifest.txt new file mode 100644 index 00000000000..3d7e1483512 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/Manifest.txt @@ -0,0 +1,115 @@ +Rakefile +History.txt +Manifest.txt +README.txt +License.txt +lib/jopenssl.jar +lib/openssl +lib/jopenssl +lib/jopenssl.jar +lib/openssl.rb +lib/openssl/dummy.rb +lib/openssl/dummyssl.rb +lib/openssl/config.rb +lib/openssl/cipher.rb +lib/openssl/ssl.rb +lib/openssl/bn.rb +lib/openssl/x509.rb +lib/openssl/digest.rb +lib/openssl/buffering.rb +lib/openssl/pkcs7.rb +lib/jopenssl/version.rb +test/test_imaps.rb +test/test_all.rb +test/test_integration.rb +test/ut_eof.rb +test/openssl +test/test_java.rb +test/test_openssl.rb +test/test_pkey.rb +test/ref +test/test_cipher.rb +test/cert_with_ec_pk.cer +test/fixture +test/test_pkcs7.rb +test/test_x509store.rb +test/test_certificate.rb +test/test_parse_certificate.rb +test/test_ssl.rb +test/java +test/openssl/test_x509name.rb +test/openssl/test_ns_spki.rb +test/openssl/test_x509cert.rb +test/openssl/ssl_server.rb +test/openssl/test_pair.rb +test/openssl/test_ec.rb +test/openssl/test_config.rb +test/openssl/utils.rb +test/openssl/test_x509req.rb +test/openssl/test_cipher.rb +test/openssl/test_digest.rb +test/openssl/test_x509ext.rb +test/openssl/test_asn1.rb +test/openssl/test_pkcs7.rb +test/openssl/test_x509store.rb +test/openssl/test_pkey_rsa.rb +test/openssl/test_ssl.rb +test/openssl/test_x509crl.rb +test/openssl/test_hmac.rb +test/ref/compile.rb +test/ref/a.out +test/ref/pkcs1 +test/ref/pkcs1.c +test/fixture/cacert.pem +test/fixture/ca-bundle.crt +test/fixture/common.pem +test/fixture/key_then_cert.pem +test/fixture/verisign.pem +test/fixture/cert_localhost.pem +test/fixture/localhost_keypair.pem +test/fixture/verisign_c3.pem +test/fixture/selfcert.pem +test/fixture/max.pem +test/fixture/keypair.pem +test/fixture/purpose +test/fixture/imaps +test/fixture/ca_path +test/fixture/purpose/cacert.pem +test/fixture/purpose/sslclient +test/fixture/purpose/b70a5bc1.0 +test/fixture/purpose/ca +test/fixture/purpose/sslclient.pem +test/fixture/purpose/sslserver.pem +test/fixture/purpose/scripts +test/fixture/purpose/sslserver +test/fixture/purpose/sslclient/sslclient.pem +test/fixture/purpose/sslclient/csr.pem +test/fixture/purpose/sslclient/keypair.pem +test/fixture/purpose/ca/cacert.pem +test/fixture/purpose/ca/newcerts +test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +test/fixture/purpose/ca/ca_config.rb +test/fixture/purpose/ca/serial +test/fixture/purpose/ca/private +test/fixture/purpose/ca/newcerts/2_cert.pem +test/fixture/purpose/ca/newcerts/3_cert.pem +test/fixture/purpose/ca/private/cakeypair.pem +test/fixture/purpose/scripts/gen_cert.rb +test/fixture/purpose/scripts/init_ca.rb +test/fixture/purpose/scripts/gen_csr.rb +test/fixture/purpose/sslserver/sslserver.pem +test/fixture/purpose/sslserver/csr.pem +test/fixture/purpose/sslserver/keypair.pem +test/fixture/imaps/cacert.pem +test/fixture/imaps/server.crt +test/fixture/imaps/server.key +test/fixture/ca_path/verisign.pem +test/fixture/ca_path/72fa7371.0 +test/java/pkcs7_mime_enveloped.message +test/java/pkcs7_mime_signed.message +test/java/test_java_pkcs7.rb +test/java/test_java_bio.rb +test/java/pkcs7_multipart_signed.message +test/java/test_java_mime.rb +test/java/test_java_attribute.rb +test/java/test_java_smime.rb diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/README.txt b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/README.txt index cc3b589f15e..c1a645eaedb 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/README.txt +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/README.txt @@ -6,19 +6,8 @@ JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. -JRuby offers *just enough* compatibility for most Ruby applications that use OpenSSL. - -Libraries that appear to work fine: - - Rails, Net::HTTPS - -Notable libraries that do *not* yet work include: - - Net::SSH, Net::SFTP, etc. - Please report bugs and incompatibilities (preferably with testcases) to either the JRuby mailing list [1] or the JRuby bug tracker [2]. [1]: http://xircles.codehaus.org/projects/jruby/lists - -[2]: http://jira.codehaus.org/browse/JRUBY
\ No newline at end of file +[2]: http://jira.codehaus.org/browse/JRUBY diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/Rakefile b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/Rakefile new file mode 100644 index 00000000000..f0115d888a8 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/Rakefile @@ -0,0 +1,79 @@ +require 'rake' +require 'rake/testtask' + +MANIFEST = FileList["Rakefile", "History.txt", "Manifest.txt", "README.txt", "License.txt", "lib/jopenssl.jar", "lib/**/*", "test/**/*"] +BC_JARS = FileList["build_lib/bc*.jar"] + +task :default => [:java_compile, :test] + +def java_classpath_arg # myriad of ways to discover JRuby classpath + begin + cpath = Java::java.lang.System.getProperty('java.class.path').split(File::PATH_SEPARATOR) + cpath += Java::java.lang.System.getProperty('sun.boot.class.path').split(File::PATH_SEPARATOR) + jruby_cpath = cpath.compact.join(File::PATH_SEPARATOR) + rescue => e + end + unless jruby_cpath + jruby_cpath = ENV['JRUBY_PARENT_CLASSPATH'] || ENV['JRUBY_HOME'] && + FileList["#{ENV['JRUBY_HOME']}/lib/*.jar"].join(File::PATH_SEPARATOR) + end + bc_jars = BC_JARS.join(File::PATH_SEPARATOR) + jruby_cpath ? "-cp \"#{jruby_cpath.gsub('\\', '/')}#{File::PATH_SEPARATOR}#{bc_jars}\"" : "-cp \"#{bc_jars}\"" +end + +desc "Compile the native Java code." +task :java_compile do + mkdir_p "pkg/classes" + + File.open("pkg/compile_options", "w") do |f| + f << "-g -target 1.5 -source 1.5 -Xlint:unchecked -Xlint:deprecation -d pkg/classes" + end + + File.open("pkg/compile_classpath", "w") do |f| + f << java_classpath_arg + end + + File.open("pkg/compile_sourcefiles", "w") do |f| + f << FileList['src/java/**/*.java'].join(' ') + end + + sh "javac @pkg/compile_options @pkg/compile_classpath @pkg/compile_sourcefiles" + sh "jar cf lib/jopenssl.jar -C pkg/classes/ ." +end +file "lib/jopenssl.jar" => :java_compile + +task :more_clean do + rm_f FileList['lib/jopenssl.jar'] +end +task :clean => :more_clean + +File.open("Manifest.txt", "w") {|f| MANIFEST.each {|n| f.puts n } } + +begin + require 'hoe' + Hoe.plugin :gemcutter + Hoe.add_include_dirs('build_lib') + hoe = Hoe.spec("jruby-openssl") do |p| + load File.dirname(__FILE__) + "/lib/jopenssl/version.rb" + p.version = Jopenssl::Version::VERSION + p.rubyforge_name = "jruby-extras" + p.url = "http://jruby-extras.rubyforge.org/jruby-openssl" + p.author = "Ola Bini and JRuby contributors" + p.email = "ola.bini@gmail.com" + p.summary = "OpenSSL add-on for JRuby" + p.changes = p.paragraphs_of('History.txt', 0..1).join("\n\n") + p.description = p.paragraphs_of('README.txt', 3...4).join("\n\n") + p.test_globs = ENV["TEST"] || ["test/test_all.rb"] + p.extra_deps << ['bouncy-castle-java', '>= 0'] + end + hoe.spec.dependencies.delete_if { |dep| dep.name == "hoe" } + + task :gemspec do + File.open("#{hoe.name}.gemspec", "w") {|f| f << hoe.spec.to_ruby } + end + task :package => :gemspec +rescue LoadError + puts "You really need Hoe installed to be able to package this gem" +rescue => e + puts "ignoring error while loading hoe: #{e.to_s}" +end diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/jopenssl.jar b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/jopenssl.jar Binary files differnew file mode 100644 index 00000000000..41b97e790f8 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/jopenssl.jar diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/jopenssl/version.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/jopenssl/version.rb index 69d7f51921a..6ce8cf73b07 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/jopenssl/version.rb +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/jopenssl/version.rb @@ -1,5 +1,5 @@ module Jopenssl module Version - VERSION = "0.5.1" + VERSION = "0.7.4" end end diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl.rb new file mode 100644 index 00000000000..6a35fe30cb9 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl.rb @@ -0,0 +1,76 @@ +=begin += $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id: openssl.rb 12496 2007-06-08 15:02:04Z technorama $ +=end + +# TODO: remove this chunk after 1.4 support is dropped +require 'digest' +unless defined?(::Digest::Class) + # restricted support for jruby <= 1.4 (1.8.6 Digest compat) + module Digest + class Class + def self.hexdigest(name, data) + digest(name, data).unpack('H*')[0] + end + + def self.digest(data, name) + digester = const_get(name).new + digester.update(data) + digester.finish + end + + def hexdigest + digest.unpack('H*')[0] + end + + def digest + dup.finish + end + + def ==(oth) + digest == oth.digest + end + + def to_s + hexdigest + end + + def size + digest_length + end + + def length + digest_length + end + end + end +end +# end of compat chunk. + +begin + require 'bouncy-castle-java' +rescue LoadError + # runs under restricted mode. +end +require 'jopenssl' + + +require 'openssl/bn' +require 'openssl/cipher' +require 'openssl/config' +require 'openssl/digest' +require 'openssl/pkcs7' +require 'openssl/ssl' +require 'openssl/x509' + diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/bn.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/bn.rb index 4a1595c7aba..cf44a0943c4 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/bn.rb +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/bn.rb @@ -1,5 +1,5 @@ =begin -= $RCSfile: bn.rb,v $ -- Ruby-space definitions that completes C-space funcs for BN += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for BN = Info 'OpenSSL for Ruby 2' project @@ -11,7 +11,7 @@ (See the file 'LICENCE'.) = Version - $Id: bn.rb,v 1.1 2003/07/23 16:11:30 gotoyuzo Exp $ + $Id: bn.rb 11708 2007-02-12 23:01:19Z shyouhei $ =end ## diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/buffering.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/buffering.rb index 9eeb19d9591..42c047c7312 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/buffering.rb +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/buffering.rb @@ -1,5 +1,5 @@ =begin -= $RCSfile: buffering.rb,v $ -- Buffering mix-in module. += $RCSfile$ -- Buffering mix-in module. = Info 'OpenSSL for Ruby 2' project @@ -11,7 +11,7 @@ (See the file 'LICENCE'.) = Version - $Id: buffering.rb,v 1.5.2.4 2005/09/04 22:03:24 gotoyuzo Exp $ + $Id: buffering.rb 13706 2007-10-15 08:29:08Z usa $ =end module Buffering diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/cipher.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/cipher.rb index 7825e5e9e61..5fbfcd4005f 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/cipher.rb +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/cipher.rb @@ -1,5 +1,5 @@ =begin -= $RCSfile: cipher.rb,v $ -- Ruby-space predefined Cipher subclasses += $RCSfile$ -- Ruby-space predefined Cipher subclasses = Info 'OpenSSL for Ruby 2' project @@ -11,7 +11,7 @@ (See the file 'LICENCE'.) = Version - $Id: cipher.rb,v 1.1.2.2 2006/06/20 11:18:15 gotoyuzo Exp $ + $Id: cipher.rb 12496 2007-06-08 15:02:04Z technorama $ =end ## @@ -19,7 +19,7 @@ #require 'openssl' module OpenSSL - module Cipher + class Cipher %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name| klass = Class.new(Cipher){ define_method(:initialize){|*args| @@ -41,18 +41,25 @@ module OpenSSL const_set("AES#{keylen}", klass) } - class Cipher - def random_key - str = OpenSSL::Random.random_bytes(self.key_len) - self.key = str - return str - end - - def random_iv - str = OpenSSL::Random.random_bytes(self.iv_len) - self.iv = str - return str - end + # Generate, set, and return a random key. + # You must call cipher.encrypt or cipher.decrypt before calling this method. + def random_key + str = OpenSSL::Random.random_bytes(self.key_len) + self.key = str + return str + end + + # Generate, set, and return a random iv. + # You must call cipher.encrypt or cipher.decrypt before calling this method. + def random_iv + str = OpenSSL::Random.random_bytes(self.iv_len) + self.iv = str + return str + end + + # This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future. + class Cipher < Cipher + # add warning end end # Cipher end # OpenSSL diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/config.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/config.rb new file mode 100644 index 00000000000..9fc42c623a8 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/config.rb @@ -0,0 +1,316 @@ +=begin += Ruby-space definitions that completes C-space funcs for Config + += Info + Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org> + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + +=end + +## +# Should we care what if somebody require this file directly? +#require 'openssl' +require 'stringio' + +module OpenSSL + class Config + include Enumerable + + class << self + def parse(str) + c = new() + parse_config(StringIO.new(str)).each do |section, hash| + c[section] = hash + end + c + end + + alias load new + + def parse_config(io) + begin + parse_config_lines(io) + rescue ConfigError => e + e.message.replace("error in line #{io.lineno}: " + e.message) + raise + end + end + + def get_key_string(data, section, key) # :nodoc: + if v = data[section] && data[section][key] + return v + elsif section == 'ENV' + if v = ENV[key] + return v + end + end + if v = data['default'] && data['default'][key] + return v + end + end + + private + + def parse_config_lines(io) + section = 'default' + data = {section => {}} + while definition = get_definition(io) + definition = clear_comments(definition) + next if definition.empty? + if definition[0] == ?[ + if /\[([^\]]*)\]/ =~ definition + section = $1.strip + data[section] ||= {} + else + raise ConfigError, "missing close square bracket" + end + else + if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition + if $2 + section = $1 + key = $2 + else + key = $1 + end + value = unescape_value(data, section, $3) + (data[section] ||= {})[key] = value.strip + else + raise ConfigError, "missing equal sign" + end + end + end + data + end + + # escape with backslash + QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/ + # escape with backslash and doubled dq + QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/ + # escaped char map + ESCAPE_MAP = { + "r" => "\r", + "n" => "\n", + "b" => "\b", + "t" => "\t", + } + + def unescape_value(data, section, value) + scanned = [] + while m = value.match(/['"\\$]/) + scanned << m.pre_match + c = m[0] + value = m.post_match + case c + when "'" + if m = value.match(QUOTE_REGEXP_SQ) + scanned << m[1].gsub(/\\(.)/, '\\1') + value = m.post_match + else + break + end + when '"' + if m = value.match(QUOTE_REGEXP_DQ) + scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1') + value = m.post_match + else + break + end + when "\\" + c = value.slice!(0, 1) + scanned << (ESCAPE_MAP[c] || c) + when "$" + ref, value = extract_reference(value) + refsec = section + if ref.index('::') + refsec, ref = ref.split('::', 2) + end + if v = get_key_string(data, refsec, ref) + scanned << v + else + raise ConfigError, "variable has no value" + end + else + raise 'must not reaced' + end + end + scanned << value + scanned.join + end + + def extract_reference(value) + rest = '' + if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/) + value = m[1] || m[2] + rest = m.post_match + elsif [?(, ?{].include?(value[0]) + raise ConfigError, "no close brace" + end + if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/) + return m[0], m.post_match + rest + else + raise + end + end + + def clear_comments(line) + # FCOMMENT + if m = line.match(/\A([\t\n\f ]*);.*\z/) + return m[1] + end + # COMMENT + scanned = [] + while m = line.match(/[#'"\\]/) + scanned << m.pre_match + c = m[0] + line = m.post_match + case c + when '#' + line = nil + break + when "'", '"' + regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ + scanned << c + if m = line.match(regexp) + scanned << m[0] + line = m.post_match + else + scanned << line + line = nil + break + end + when "\\" + scanned << c + scanned << line.slice!(0, 1) + else + raise 'must not reaced' + end + end + scanned << line + scanned.join + end + + def get_definition(io) + if line = get_line(io) + while /[^\\]\\\z/ =~ line + if extra = get_line(io) + line += extra + else + break + end + end + return line.strip + end + end + + def get_line(io) + if line = io.gets + line.gsub(/[\r\n]*/, '') + end + end + end + + def initialize(filename = nil) + @data = {} + if filename + File.open(filename.to_s) do |file| + Config.parse_config(file).each do |section, hash| + self[section] = hash + end + end + end + end + + def get_value(section, key) + if section.nil? + raise TypeError.new('nil not allowed') + end + section = 'default' if section.empty? + get_key_string(section, key) + end + + def value(arg1, arg2 = nil) + warn('Config#value is deprecated; use Config#get_value') + if arg2.nil? + section, key = 'default', arg1 + else + section, key = arg1, arg2 + end + section ||= 'default' + section = 'default' if section.empty? + get_key_string(section, key) + end + + def add_value(section, key, value) + check_modify + (@data[section] ||= {})[key] = value + end + + def [](section) + @data[section] || {} + end + + def section(name) + warn('Config#section is deprecated; use Config#[]') + @data[name] || {} + end + + def []=(section, pairs) + check_modify + @data[section] ||= {} + pairs.each do |key, value| + self.add_value(section, key, value) + end + end + + def sections + @data.keys + end + + def to_s + ary = [] + @data.keys.sort.each do |section| + ary << "[ #{section} ]\n" + @data[section].keys.each do |key| + ary << "#{key}=#{@data[section][key]}\n" + end + ary << "\n" + end + ary.join + end + + def each + @data.each do |section, hash| + hash.each do |key, value| + yield [section, key, value] + end + end + end + + def inspect + "#<#{self.class.name} sections=#{sections.inspect}>" + end + + protected + + def data + @data + end + + private + + def initialize_copy(other) + @data = other.data.dup + end + + def check_modify + raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen? + end + + def get_key_string(section, key) + Config.get_key_string(@data, section, key) + end + end +end diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/digest.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/digest.rb index ac7dd3c1296..e64b0cfd373 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/digest.rb +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/digest.rb @@ -1,5 +1,5 @@ =begin -= $RCSfile: digest.rb,v $ -- Ruby-space predefined Digest subclasses += $RCSfile$ -- Ruby-space predefined Digest subclasses = Info 'OpenSSL for Ruby 2' project @@ -11,7 +11,7 @@ (See the file 'LICENCE'.) = Version - $Id: digest.rb,v 1.1.2.2 2006/06/20 11:18:15 gotoyuzo Exp $ + $Id: digest.rb 15600 2008-02-25 08:48:57Z technorama $ =end ## @@ -19,12 +19,17 @@ #require 'openssl' module OpenSSL - module Digest + class Digest alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1) if OPENSSL_VERSION_NUMBER > 0x00908000 alg += %w(SHA224 SHA256 SHA384 SHA512) end + + def self.digest(name, data) + super(data, name) + end + alg.each{|name| klass = Class.new(Digest){ define_method(:initialize){|*data| @@ -43,6 +48,14 @@ module OpenSSL const_set(name, klass) } + # This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future. + class Digest < Digest + def initialize(*args) + # add warning + super(*args) + end + end + end # Digest end # OpenSSL diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/dummy.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/dummy.rb new file mode 100644 index 00000000000..af84c039336 --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/dummy.rb @@ -0,0 +1,33 @@ +warn "OpenSSL ASN1/PKey/X509/Netscape/PKCS7 implementation unavailable" +warn "gem install bouncy-castle-java for full support." +module OpenSSL + module ASN1 + class ASN1Error < OpenSSLError; end + class ASN1Data; end + class Primitive; end + class Constructive; end + end + module X509 + class Name; end + class Certificate; end + class Extension; end + class CRL; end + class Revoked; end + class Store + def set_default_paths; end + end + class Request; end + class Attribute; end + end + module Netscape + class SPKI; end + end + class PKCS7 + # this definition causes TypeError "superclass mismatch for class PKCS7" + # MRI also crashes following definition; + # class Foo; class Foo < Foo; end; end + # class Foo; class Foo < Foo; end; end + # + # class PKCS7 < PKCS7; end + end +end diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/dummyssl.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/dummyssl.rb index a341085cfd0..6a1d61734eb 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/dummyssl.rb +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/dummyssl.rb @@ -9,5 +9,6 @@ module OpenSSL VERIFY_PEER = 1 VERIFY_FAIL_IF_NO_PEER_CERT = 2 VERIFY_CLIENT_ONCE = 4 + OP_ALL = 0x00000FFF end -end
\ No newline at end of file +end diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/pkcs7.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/pkcs7.rb new file mode 100644 index 00000000000..1f88c1de5ec --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/pkcs7.rb @@ -0,0 +1,25 @@ +=begin += $RCSfile$ -- PKCS7 + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id: digest.rb 12148 2007-04-05 05:59:22Z technorama $ +=end + +module OpenSSL + class PKCS7 + # This class is only provided for backwards compatibility. Use OpenSSL::PKCS7 in the future. + class PKCS7 < PKCS7 + def initialize(*args) + super(*args) + + warn("Warning: OpenSSL::PKCS7::PKCS7 is deprecated after Ruby 1.9; use OpenSSL::PKCS7 instead") + end + end + + end # PKCS7 +end # OpenSSL + diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/ssl.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/ssl.rb new file mode 100644 index 00000000000..8f51fb08faf --- /dev/null +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/ssl.rb @@ -0,0 +1,179 @@ +=begin += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id: ssl.rb 16193 2008-04-25 06:51:21Z knu $ +=end + +require "openssl" +require "openssl/buffering" +require "fcntl" + +module OpenSSL + module SSL + class SSLContext + DEFAULT_PARAMS = { + :ssl_version => "SSLv23", + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", + :options => OpenSSL::SSL::OP_ALL, + } + + DEFAULT_CERT_STORE = OpenSSL::X509::Store.new + DEFAULT_CERT_STORE.set_default_paths + if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) + DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL + end + + def set_params(params={}) + params = DEFAULT_PARAMS.merge(params) + self.ssl_version = params.delete(:ssl_version) + params.each{|name, value| self.__send__("#{name}=", value) } + if self.verify_mode != OpenSSL::SSL::VERIFY_NONE + unless self.ca_file or self.ca_path or self.cert_store + self.cert_store = DEFAULT_CERT_STORE + end + end + return params + end + end + + module SocketForwarder + def addr + to_io.addr + end + + def peeraddr + to_io.peeraddr + end + + def setsockopt(level, optname, optval) + to_io.setsockopt(level, optname, optval) + end + + def getsockopt(level, optname) + to_io.getsockopt(level, optname) + end + + def fcntl(*args) + to_io.fcntl(*args) + end + + def closed? + to_io.closed? + end + + def do_not_reverse_lookup=(flag) + to_io.do_not_reverse_lookup = flag + end + end + + module Nonblock + def initialize(*args) + flag = File::NONBLOCK + flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL) + @io.fcntl(Fcntl::F_SETFL, flag) + super + end + end + + def verify_certificate_identity(cert, hostname) + should_verify_common_name = true + cert.extensions.each{|ext| + next if ext.oid != "subjectAltName" + ext.value.split(/,\s+/).each{|general_name| + if /\ADNS:(.*)/ =~ general_name + should_verify_common_name = false + reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") + return true if /\A#{reg}\z/i =~ hostname + elsif /\AIP Address:(.*)/ =~ general_name + should_verify_common_name = false + return true if $1 == hostname + end + } + } + if should_verify_common_name + cert.subject.to_a.each{|oid, value| + if oid == "CN" + reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") + return true if /\A#{reg}\z/i =~ hostname + end + } + end + return false + end + module_function :verify_certificate_identity + + class SSLSocket + include Buffering + include SocketForwarder + include Nonblock + + def post_connection_check(hostname) + unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname) + raise SSLError, "hostname was not match with the server certificate" + end + return true + end + + def session + SSL::Session.new(self) + rescue SSL::Session::SessionError + nil + end + end + + class SSLServer + include SocketForwarder + attr_accessor :start_immediately + + def initialize(svr, ctx) + @svr = svr + @ctx = ctx + unless ctx.session_id_context + session_id = OpenSSL::Digest::MD5.hexdigest($0) + @ctx.session_id_context = session_id + end + @start_immediately = true + end + + def to_io + @svr + end + + def listen(backlog=5) + @svr.listen(backlog) + end + + def shutdown(how=Socket::SHUT_RDWR) + @svr.shutdown(how) + end + + def accept + sock = @svr.accept + begin + ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) + ssl.sync_close = true + ssl.accept if @start_immediately + ssl + rescue SSLError => ex + sock.close + raise ex + end + end + + def close + @svr.close + end + end + end +end diff --git a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/x509.rb b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/x509.rb index 2ad3f8e96ee..99f239ce372 100755..100644 --- a/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.5.1/lib/openssl/x509.rb +++ b/sonar-server/src/main/webapp/WEB-INF/vendor/gems/jruby-openssl-0.7.4/lib/openssl/x509.rb @@ -1,5 +1,5 @@ =begin -= $RCSfile: x509.rb,v $ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses = Info 'OpenSSL for Ruby 2' project @@ -11,7 +11,7 @@ (See the file 'LICENCE'.) = Version - $Id: x509.rb,v 1.4.2.2 2004/12/19 08:28:33 gotoyuzo Exp $ + $Id: x509.rb 11708 2007-02-12 23:01:19Z shyouhei $ =end require "openssl" |