Search in sources :

Example 26 with RubyArray

use of org.jruby.RubyArray in project jruby-openssl by jruby.

the class X509Name method initialize.

@JRubyMethod(visibility = Visibility.PRIVATE)
public IRubyObject initialize(final ThreadContext context, IRubyObject dn, IRubyObject template) {
    final Ruby runtime = context.runtime;
    if (dn instanceof RubyArray) {
        RubyArray ary = (RubyArray) dn;
        final RubyClass _Name = _Name(runtime);
        if (template.isNil())
            template = _Name.getConstant("OBJECT_TYPE_TEMPLATE");
        for (int i = 0; i < ary.size(); i++) {
            IRubyObject obj = ary.eltOk(i);
            if (!(obj instanceof RubyArray)) {
                throw runtime.newTypeError(obj, runtime.getArray());
            }
            RubyArray arr = (RubyArray) obj;
            IRubyObject entry0, entry1, entry2;
            entry0 = arr.size() > 0 ? arr.eltOk(0) : context.nil;
            entry1 = arr.size() > 1 ? arr.eltOk(1) : context.nil;
            entry2 = arr.size() > 2 ? arr.eltOk(2) : context.nil;
            if (entry2.isNil())
                entry2 = template.callMethod(context, "[]", entry0);
            if (entry2.isNil())
                entry2 = _Name.getConstant("DEFAULT_OBJECT_TYPE");
            add_entry(context, entry0, entry1, entry2);
        }
    } else {
        IRubyObject enc = to_der_if_possible(context, dn);
        fromASN1Sequence(enc.asString().getBytes());
    }
    return this;
}
Also used : RubyArray(org.jruby.RubyArray) RubyClass(org.jruby.RubyClass) IRubyObject(org.jruby.runtime.builtin.IRubyObject) Ruby(org.jruby.Ruby) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 27 with RubyArray

use of org.jruby.RubyArray in project jruby-openssl by jruby.

the class OCSPRequest method verify.

@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(IRubyObject[] args) {
    Ruby runtime = getRuntime();
    ThreadContext context = runtime.getCurrentContext();
    int flags = 0;
    boolean ret = false;
    if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) {
        flags = RubyFixnum.fix2int((RubyFixnum) args[2]);
    }
    IRubyObject certificates = args[0];
    IRubyObject store = args[1];
    OCSPReq bcOCSPReq = getBCOCSPReq();
    if (bcOCSPReq == null) {
        throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?"));
    }
    if (!bcOCSPReq.isSigned()) {
        return RubyBoolean.newBoolean(runtime, ret);
    }
    GeneralName genName = bcOCSPReq.getRequestorName();
    if (genName.getTagNo() != 4) {
        return RubyBoolean.newBoolean(runtime, ret);
    }
    X500Name genX500Name = X500Name.getInstance(genName.getName());
    X509StoreContext storeContext = null;
    JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder();
    jcacvpb.setProvider("BC");
    try {
        java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags);
        if (signer == null)
            return RubyBoolean.newBoolean(runtime, ret);
        if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0))
            flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY));
        if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) {
            PublicKey signerPubKey = signer.getPublicKey();
            ContentVerifierProvider cvp = jcacvpb.build(signerPubKey);
            ret = bcOCSPReq.isSignatureValid(cvp);
            if (!ret) {
                return RubyBoolean.newBoolean(runtime, ret);
            }
        }
        if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) {
            if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) {
                storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil);
            } else {
                RubyArray certs = RubyArray.newEmptyArray(runtime);
                ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts();
                if (bcCerts != null) {
                    Iterator<ASN1Encodable> it = bcCerts.iterator();
                    while (it.hasNext()) {
                        Certificate cert = Certificate.getInstance(it.next());
                        certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert)));
                    }
                }
                storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs);
            }
            storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
            storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST"));
            ret = storeContext.verify(context).isTrue();
            if (!ret)
                return RubyBoolean.newBoolean(runtime, false);
        }
    } catch (Exception e) {
        debugStackTrace(e);
        throw newOCSPError(runtime, e);
    }
    return RubyBoolean.newBoolean(getRuntime(), ret);
}
Also used : RubyArray(org.jruby.RubyArray) X500Name(org.bouncycastle.asn1.x500.X500Name) IRubyObject(org.jruby.runtime.builtin.IRubyObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Ruby(org.jruby.Ruby) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider) PublicKey(java.security.PublicKey) ThreadContext(org.jruby.runtime.ThreadContext) RubyFixnum(org.jruby.RubyFixnum) RaiseException(org.jruby.exceptions.RaiseException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 28 with RubyArray

use of org.jruby.RubyArray in project jruby-openssl by jruby.

the class OCSPSingleResponse method extensions.

@JRubyMethod(name = "extensions")
public IRubyObject extensions() {
    Ruby runtime = getRuntime();
    Extensions exts = bcSingleResponse.getSingleExtensions();
    if (exts == null)
        return RubyArray.newEmptyArray(runtime);
    ASN1ObjectIdentifier[] extOIDs = exts.getExtensionOIDs();
    RubyArray retExts = runtime.newArray(extOIDs.length);
    for (ASN1ObjectIdentifier extOID : extOIDs) {
        Extension ext = exts.getExtension(extOID);
        ASN1Encodable extAsn1 = ext.getParsedValue();
        X509Extension retExt = X509Extension.newExtension(runtime, extOID, extAsn1, ext.isCritical());
        retExts.append(retExt);
    }
    return retExts;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) RubyArray(org.jruby.RubyArray) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) Extensions(org.bouncycastle.asn1.x509.Extensions) Ruby(org.jruby.Ruby) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 29 with RubyArray

use of org.jruby.RubyArray in project jruby-openssl by jruby.

the class OCSPBasicResponse method verify.

@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(final ThreadContext context, IRubyObject[] args) {
    Ruby runtime = context.runtime;
    int flags = 0;
    IRubyObject certificates = args[0];
    IRubyObject store = args[1];
    boolean ret = false;
    if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) {
        flags = RubyFixnum.fix2int(args[2]);
    }
    JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder();
    jcacvpb.setProvider("BC");
    BasicOCSPResp basicOCSPResp = getBasicOCSPResp();
    java.security.cert.Certificate signer = findSignerCert(context, asn1BCBasicOCSPResp, convertRubyCerts(certificates), flags);
    if (signer == null)
        return RubyBoolean.newBoolean(runtime, false);
    if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0 && (flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) != 0) {
        flags |= RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOVERIFY));
    }
    if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) {
        PublicKey sPKey = signer.getPublicKey();
        if (sPKey == null)
            return RubyBoolean.newBoolean(runtime, false);
        try {
            ContentVerifierProvider cvp = jcacvpb.build(sPKey);
            ret = basicOCSPResp.isSignatureValid(cvp);
        } catch (Exception e) {
            throw newOCSPError(runtime, e);
        }
    }
    if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) {
        List<X509Cert> untrustedCerts = null;
        if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHAIN))) != 0) {
        } else if (basicOCSPResp.getCerts() != null && (certificates != null && !((RubyArray) certificates).isEmpty())) {
            untrustedCerts = getCertsFromResp();
            Iterator<java.security.cert.Certificate> certIt = ((RubyArray) certificates).iterator();
            while (certIt.hasNext()) {
                try {
                    untrustedCerts.add(X509Cert.wrap(context, certIt.next().getEncoded()));
                } catch (CertificateEncodingException e) {
                    throw newOCSPError(runtime, e);
                }
            }
        } else {
            untrustedCerts = getCertsFromResp();
        }
        RubyArray rUntrustedCerts = RubyArray.newEmptyArray(runtime);
        if (untrustedCerts != null) {
            X509Cert[] rubyCerts = new X509Cert[untrustedCerts.size()];
            rUntrustedCerts = RubyArray.newArray(runtime, untrustedCerts.toArray(rubyCerts));
        }
        X509StoreContext ctx;
        try {
            ctx = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), rUntrustedCerts);
        } catch (CertificateEncodingException e) {
            throw newOCSPError(runtime, e);
        }
        ctx.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
        ret = ctx.verify(context).isTrue();
        IRubyObject chain = ctx.chain(context);
        if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHECKS))) > 0) {
            ret = true;
        }
        try {
            if (checkIssuer(getBasicOCSPResp(), chain))
                return RubyBoolean.newBoolean(runtime, true);
        } catch (IOException e) {
            throw newOCSPError(runtime, e);
        }
        if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHAIN))) != 0) {
            return RubyBoolean.newBoolean(runtime, ret);
        } else {
            X509Cert rootCA = (X509Cert) ((RubyArray) chain).last();
            PublicKey rootKey = rootCA.getAuxCert().getPublicKey();
            try {
                // check if self-signed and valid (trusts itself)
                rootCA.getAuxCert().verify(rootKey);
                ret = true;
            } catch (Exception e) {
                ret = false;
            }
        }
    }
    return RubyBoolean.newBoolean(runtime, ret);
}
Also used : RubyArray(org.jruby.RubyArray) PublicKey(java.security.PublicKey) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) IRubyObject(org.jruby.runtime.builtin.IRubyObject) RubyFixnum(org.jruby.RubyFixnum) RaiseException(org.jruby.exceptions.RaiseException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) Iterator(java.util.Iterator) Ruby(org.jruby.Ruby) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 30 with RubyArray

use of org.jruby.RubyArray in project jruby-openssl by jruby.

the class OCSPBasicResponse method convertRubyExtensions.

private Extensions convertRubyExtensions(IRubyObject extensions) {
    if (extensions.isNil())
        return null;
    List<Extension> retExtensions = new ArrayList<Extension>();
    Iterator<IRubyObject> rubyExtensions = ((RubyArray) extensions).iterator();
    while (rubyExtensions.hasNext()) {
        X509Extension rubyExt = (X509Extension) rubyExtensions.next();
        Extension ext = Extension.getInstance(((RubyString) rubyExt.to_der()).getBytes());
        retExtensions.add(ext);
    }
    Extension[] exts = new Extension[retExtensions.size()];
    retExtensions.toArray(exts);
    return new Extensions(exts);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) RubyArray(org.jruby.RubyArray) ArrayList(java.util.ArrayList) IRubyObject(org.jruby.runtime.builtin.IRubyObject) Extensions(org.bouncycastle.asn1.x509.Extensions)

Aggregations

RubyArray (org.jruby.RubyArray)65 JRubyMethod (org.jruby.anno.JRubyMethod)34 Ruby (org.jruby.Ruby)26 IRubyObject (org.jruby.runtime.builtin.IRubyObject)26 NokogiriHelpers.nodeArrayToRubyArray (nokogiri.internals.NokogiriHelpers.nodeArrayToRubyArray)13 RubyString (org.jruby.RubyString)13 IOException (java.io.IOException)11 RaiseException (org.jruby.exceptions.RaiseException)10 ArrayList (java.util.ArrayList)8 X509AuxCertificate (org.jruby.ext.openssl.x509store.X509AuxCertificate)8 RubyClass (org.jruby.RubyClass)6 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)5 RubyFixnum (org.jruby.RubyFixnum)5 ThreadContext (org.jruby.runtime.ThreadContext)5 NokogiriHelpers.clearCachedNode (nokogiri.internals.NokogiriHelpers.clearCachedNode)4 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 ASN1String (org.bouncycastle.asn1.ASN1String)4 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)4 RubyModule (org.jruby.RubyModule)4