use of org.jruby.RubyArray in project jruby-openssl by jruby.
the class X509Name method initialize.
@JRubyMethod(visibility = Visibility.PRIVATE)
public IRubyObject initialize(final ThreadContext context, IRubyObject dn, IRubyObject template) {
final Ruby runtime = context.runtime;
if (dn instanceof RubyArray) {
RubyArray ary = (RubyArray) dn;
final RubyClass _Name = _Name(runtime);
if (template.isNil())
template = _Name.getConstant("OBJECT_TYPE_TEMPLATE");
for (int i = 0; i < ary.size(); i++) {
IRubyObject obj = ary.eltOk(i);
if (!(obj instanceof RubyArray)) {
throw runtime.newTypeError(obj, runtime.getArray());
}
RubyArray arr = (RubyArray) obj;
IRubyObject entry0, entry1, entry2;
entry0 = arr.size() > 0 ? arr.eltOk(0) : context.nil;
entry1 = arr.size() > 1 ? arr.eltOk(1) : context.nil;
entry2 = arr.size() > 2 ? arr.eltOk(2) : context.nil;
if (entry2.isNil())
entry2 = template.callMethod(context, "[]", entry0);
if (entry2.isNil())
entry2 = _Name.getConstant("DEFAULT_OBJECT_TYPE");
add_entry(context, entry0, entry1, entry2);
}
} else {
IRubyObject enc = to_der_if_possible(context, dn);
fromASN1Sequence(enc.asString().getBytes());
}
return this;
}
use of org.jruby.RubyArray in project jruby-openssl by jruby.
the class OCSPRequest method verify.
@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(IRubyObject[] args) {
Ruby runtime = getRuntime();
ThreadContext context = runtime.getCurrentContext();
int flags = 0;
boolean ret = false;
if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) {
flags = RubyFixnum.fix2int((RubyFixnum) args[2]);
}
IRubyObject certificates = args[0];
IRubyObject store = args[1];
OCSPReq bcOCSPReq = getBCOCSPReq();
if (bcOCSPReq == null) {
throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?"));
}
if (!bcOCSPReq.isSigned()) {
return RubyBoolean.newBoolean(runtime, ret);
}
GeneralName genName = bcOCSPReq.getRequestorName();
if (genName.getTagNo() != 4) {
return RubyBoolean.newBoolean(runtime, ret);
}
X500Name genX500Name = X500Name.getInstance(genName.getName());
X509StoreContext storeContext = null;
JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder();
jcacvpb.setProvider("BC");
try {
java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags);
if (signer == null)
return RubyBoolean.newBoolean(runtime, ret);
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0))
flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY));
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) {
PublicKey signerPubKey = signer.getPublicKey();
ContentVerifierProvider cvp = jcacvpb.build(signerPubKey);
ret = bcOCSPReq.isSignatureValid(cvp);
if (!ret) {
return RubyBoolean.newBoolean(runtime, ret);
}
}
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) {
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) {
storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil);
} else {
RubyArray certs = RubyArray.newEmptyArray(runtime);
ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts();
if (bcCerts != null) {
Iterator<ASN1Encodable> it = bcCerts.iterator();
while (it.hasNext()) {
Certificate cert = Certificate.getInstance(it.next());
certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert)));
}
}
storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs);
}
storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST"));
ret = storeContext.verify(context).isTrue();
if (!ret)
return RubyBoolean.newBoolean(runtime, false);
}
} catch (Exception e) {
debugStackTrace(e);
throw newOCSPError(runtime, e);
}
return RubyBoolean.newBoolean(getRuntime(), ret);
}
use of org.jruby.RubyArray in project jruby-openssl by jruby.
the class OCSPSingleResponse method extensions.
@JRubyMethod(name = "extensions")
public IRubyObject extensions() {
Ruby runtime = getRuntime();
Extensions exts = bcSingleResponse.getSingleExtensions();
if (exts == null)
return RubyArray.newEmptyArray(runtime);
ASN1ObjectIdentifier[] extOIDs = exts.getExtensionOIDs();
RubyArray retExts = runtime.newArray(extOIDs.length);
for (ASN1ObjectIdentifier extOID : extOIDs) {
Extension ext = exts.getExtension(extOID);
ASN1Encodable extAsn1 = ext.getParsedValue();
X509Extension retExt = X509Extension.newExtension(runtime, extOID, extAsn1, ext.isCritical());
retExts.append(retExt);
}
return retExts;
}
use of org.jruby.RubyArray in project jruby-openssl by jruby.
the class OCSPBasicResponse method verify.
@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(final ThreadContext context, IRubyObject[] args) {
Ruby runtime = context.runtime;
int flags = 0;
IRubyObject certificates = args[0];
IRubyObject store = args[1];
boolean ret = false;
if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) {
flags = RubyFixnum.fix2int(args[2]);
}
JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder();
jcacvpb.setProvider("BC");
BasicOCSPResp basicOCSPResp = getBasicOCSPResp();
java.security.cert.Certificate signer = findSignerCert(context, asn1BCBasicOCSPResp, convertRubyCerts(certificates), flags);
if (signer == null)
return RubyBoolean.newBoolean(runtime, false);
if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0 && (flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) != 0) {
flags |= RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOVERIFY));
}
if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) {
PublicKey sPKey = signer.getPublicKey();
if (sPKey == null)
return RubyBoolean.newBoolean(runtime, false);
try {
ContentVerifierProvider cvp = jcacvpb.build(sPKey);
ret = basicOCSPResp.isSignatureValid(cvp);
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
}
if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) {
List<X509Cert> untrustedCerts = null;
if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHAIN))) != 0) {
} else if (basicOCSPResp.getCerts() != null && (certificates != null && !((RubyArray) certificates).isEmpty())) {
untrustedCerts = getCertsFromResp();
Iterator<java.security.cert.Certificate> certIt = ((RubyArray) certificates).iterator();
while (certIt.hasNext()) {
try {
untrustedCerts.add(X509Cert.wrap(context, certIt.next().getEncoded()));
} catch (CertificateEncodingException e) {
throw newOCSPError(runtime, e);
}
}
} else {
untrustedCerts = getCertsFromResp();
}
RubyArray rUntrustedCerts = RubyArray.newEmptyArray(runtime);
if (untrustedCerts != null) {
X509Cert[] rubyCerts = new X509Cert[untrustedCerts.size()];
rUntrustedCerts = RubyArray.newArray(runtime, untrustedCerts.toArray(rubyCerts));
}
X509StoreContext ctx;
try {
ctx = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), rUntrustedCerts);
} catch (CertificateEncodingException e) {
throw newOCSPError(runtime, e);
}
ctx.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
ret = ctx.verify(context).isTrue();
IRubyObject chain = ctx.chain(context);
if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHECKS))) > 0) {
ret = true;
}
try {
if (checkIssuer(getBasicOCSPResp(), chain))
return RubyBoolean.newBoolean(runtime, true);
} catch (IOException e) {
throw newOCSPError(runtime, e);
}
if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHAIN))) != 0) {
return RubyBoolean.newBoolean(runtime, ret);
} else {
X509Cert rootCA = (X509Cert) ((RubyArray) chain).last();
PublicKey rootKey = rootCA.getAuxCert().getPublicKey();
try {
// check if self-signed and valid (trusts itself)
rootCA.getAuxCert().verify(rootKey);
ret = true;
} catch (Exception e) {
ret = false;
}
}
}
return RubyBoolean.newBoolean(runtime, ret);
}
use of org.jruby.RubyArray in project jruby-openssl by jruby.
the class OCSPBasicResponse method convertRubyExtensions.
private Extensions convertRubyExtensions(IRubyObject extensions) {
if (extensions.isNil())
return null;
List<Extension> retExtensions = new ArrayList<Extension>();
Iterator<IRubyObject> rubyExtensions = ((RubyArray) extensions).iterator();
while (rubyExtensions.hasNext()) {
X509Extension rubyExt = (X509Extension) rubyExtensions.next();
Extension ext = Extension.getInstance(((RubyString) rubyExt.to_der()).getBytes());
retExtensions.add(ext);
}
Extension[] exts = new Extension[retExtensions.size()];
retExtensions.toArray(exts);
return new Extensions(exts);
}
Aggregations