Examples with Store org.jruby.ext.openssl.x509store.Store used on opensource projects

Example 1 with Store

use of org.jruby.ext.openssl.x509store.Store in project jruby-openssl by jruby.

the class PKCS7 method verify.

@JRubyMethod(rest = true)
public IRubyObject verify(IRubyObject[] args) {
    final Ruby runtime = getRuntime();
    IRubyObject certs;
    X509Store store;
    IRubyObject indata = runtime.getNil();
    IRubyObject vflags = runtime.getNil();
    switch(Arity.checkArgumentCount(runtime, args, 2, 4)) {
        case 4:
            vflags = args[3];
        case 3:
            indata = args[2];
        default:
            store = (X509Store) args[1];
            certs = args[0];
    }
    final int flg = vflags.isNil() ? 0 : RubyNumeric.fix2int(vflags);
    if (indata.isNil())
        indata = getData();
    final BIO in = indata.isNil() ? null : obj2bio(indata);
    List<X509AuxCertificate> x509s = certs.isNil() ? null : getAuxCerts(certs);
    final Store storeStr = store.getStore();
    final BIO out = BIO.mem();
    boolean result = false;
    try {
        p7.verify(x509s, storeStr, in, out, flg);
        result = true;
    } catch (NotVerifiedPKCS7Exception e) {
    // result = false;
    } catch (PKCS7Exception pkcs7e) {
        if (isDebug(runtime)) {
            // runtime.getOut().println(pkcs7e);
            pkcs7e.printStackTrace(runtime.getOut());
        }
    // result = false;
    }
    IRubyObject data = membio2str(getRuntime(), out);
    setData(data);
    return result ? runtime.getTrue() : runtime.getFalse();
}

Example 2 with Store

use of org.jruby.ext.openssl.x509store.Store in project jruby-openssl by jruby.

the class SSLContext method setup.

@JRubyMethod
public IRubyObject setup(final ThreadContext context) {
    final Ruby runtime = context.runtime;
    if (isFrozen())
        return runtime.getNil();
    synchronized (this) {
        if (isFrozen())
            return runtime.getNil();
        this.freeze(context);
    }
    final X509Store certStore = getCertStore();
    // TODO: handle tmp_dh_callback :
    // #if !defined(OPENSSL_NO_DH)
    // if (RTEST(ossl_sslctx_get_tmp_dh_cb(self))){
    // SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback);
    // }
    // else{
    // SSL_CTX_set_tmp_dh_callback(ctx, ossl_default_tmp_dh_callback);
    // }
    // #endif
    IRubyObject value;
    value = getInstanceVariable("@key");
    final PKey key;
    if (value != null && !value.isNil()) {
        if (!(value instanceof PKey)) {
            throw runtime.newTypeError("OpenSSL::PKey::PKey expected but got @key = " + value.inspect());
        }
        key = (PKey) value;
    } else {
        key = getCallbackKey(context);
    }
    value = getInstanceVariable("@cert");
    final X509Cert cert;
    if (value != null && !value.isNil()) {
        if (!(value instanceof X509Cert)) {
            throw runtime.newTypeError("OpenSSL::X509::Certificate expected but got @cert = " + value.inspect());
        }
        cert = (X509Cert) value;
    } else {
        cert = getCallbackCert(context);
    }
    value = getInstanceVariable("@client_ca");
    final List<X509AuxCertificate> clientCert;
    if (value != null && !value.isNil()) {
        if (value.respondsTo("each")) {
            clientCert = convertToAuxCerts(context, value);
        } else {
            if (!(value instanceof X509Cert)) {
                throw runtime.newTypeError("OpenSSL::X509::Certificate expected but got @client_ca = " + value.inspect());
            }
            clientCert = Collections.singletonList(((X509Cert) value).getAuxCert());
        }
    } else
        clientCert = Collections.emptyList();
    value = getInstanceVariable("@extra_chain_cert");
    final List<X509AuxCertificate> extraChainCert;
    if (value != null && !value.isNil()) {
        extraChainCert = convertToAuxCerts(context, value);
    } else {
        extraChainCert = null;
    }
    value = getInstanceVariable("@verify_mode");
    final int verifyMode;
    if (value != null && !value.isNil()) {
        verifyMode = RubyNumeric.fix2int(value);
    } else {
        // 0x00
        verifyMode = SSL.VERIFY_NONE;
    }
    value = getInstanceVariable("@timeout");
    final int timeout;
    if (value != null && !value.isNil()) {
        timeout = RubyNumeric.fix2int(value);
    } else {
        timeout = 0;
    }
    final Store store = certStore != null ? certStore.getStore() : new Store();
    final String caFile = getCaFile();
    final String caPath = getCaPath();
    if (caFile != null || caPath != null) {
        try {
            if (store.loadLocations(runtime, caFile, caPath) == 0) {
                runtime.getWarnings().warn(ID.MISCELLANEOUS, "can't set verify locations");
            }
        } catch (Exception e) {
            if (e instanceof RuntimeException)
                debugStackTrace(runtime, e);
            throw newSSLError(runtime, e);
        }
    }
    value = getInstanceVariable("@verify_callback");
    if (value != null && !value.isNil()) {
        store.setExtraData(1, value);
    } else {
        store.setExtraData(1, null);
    }
    value = getInstanceVariable("@verify_depth");
    if (value != null && !value.isNil()) {
        store.setDepth(RubyNumeric.fix2int(value));
    } else {
        store.setDepth(-1);
    }
    value = getInstanceVariable("@servername_cb");
    if (value != null && !value.isNil()) {
    // SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
    }
    try {
        internalContext = createInternalContext(context, cert, key, store, clientCert, extraChainCert, verifyMode, timeout);
    } catch (GeneralSecurityException e) {
        throw newSSLError(runtime, e);
    }
    return runtime.getTrue();
}