Example 1 with StoreContext
use of org.jruby.ext.openssl.x509store.StoreContext in project jruby-openssl by jruby.
the class PKCS7 method verify.
/* c: PKCS7_verify
*
*/
public void verify(Collection<X509AuxCertificate> certs, Store store, BIO indata, BIO out, int flags) throws PKCS7Exception {
if (!isSigned()) {
throw new PKCS7Exception(F_PKCS7_VERIFY, R_WRONG_CONTENT_TYPE);
}
if (getDetached() != 0 && indata == null) {
throw new PKCS7Exception(F_PKCS7_VERIFY, R_NO_CONTENT);
}
Collection<SignerInfoWithPkey> infos = getSignerInfo();
if (infos == null || infos.size() == 0) {
throw new PKCS7Exception(F_PKCS7_VERIFY, R_NO_SIGNATURES_ON_DATA);
}
List<X509AuxCertificate> signers = getSigners(certs, infos, flags);
if (signers == null) {
throw new NotVerifiedPKCS7Exception();
}
/* Now verify the certificates */
if ((flags & NOVERIFY) == 0) {
for (final X509AuxCertificate signer : signers) {
final StoreContext certContext = new StoreContext(store);
if ((flags & NOCHAIN) == 0) {
if (certContext.init(signer, new ArrayList<X509AuxCertificate>(getSign().getCert())) == 0) {
throw new PKCS7Exception(F_PKCS7_VERIFY, -1);
}
certContext.setPurpose(X509Utils.X509_PURPOSE_SMIME_SIGN);
} else if (certContext.init(signer, null) == 0) {
throw new PKCS7Exception(F_PKCS7_VERIFY, -1);
}
certContext.setExtraData(1, store.getExtraData(1));
if ((flags & NOCRL) == 0) {
certContext.setCRLs((List<X509CRL>) getSign().getCrl());
}
try {
int i = certContext.verifyCertificate();
int j = 0;
if (i <= 0) {
j = certContext.getError();
}
certContext.cleanup();
if (i <= 0) {
throw new PKCS7Exception(F_PKCS7_VERIFY, R_CERTIFICATE_VERIFY_ERROR, "Verify error:" + X509Utils.verifyCertificateErrorString(j));
}
} catch (PKCS7Exception e) {
throw e;
} catch (Exception e) {
throw new PKCS7Exception(F_PKCS7_VERIFY, R_CERTIFICATE_VERIFY_ERROR, e);
}
}
}
BIO tmpin = indata;
BIO p7bio = dataInit(tmpin);
final BIO tmpout = (flags & TEXT) != 0 ? BIO.mem() : out;
final byte[] buf = new byte[4096];
for (; ; ) {
try {
final int i = p7bio.read(buf, 0, buf.length);
if (i <= 0)
break;
if (tmpout != null)
tmpout.write(buf, 0, i);
} catch (IOException e) {
throw new PKCS7Exception(F_PKCS7_VERIFY, -1, e);
}
}
if ((flags & TEXT) != 0) {
new SMIME(Mime.DEFAULT).text(tmpout, out);
}
if ((flags & NOSIGS) == 0) {
int i = 0;
for (SignerInfoWithPkey info : infos) {
X509AuxCertificate signer = signers.get(i++);
signatureVerify(p7bio, info, signer);
}
}
if (tmpin == indata) {
if (indata != null)
p7bio.pop();
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
IOException(java.io.IOException)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
StoreContext(org.jruby.ext.openssl.x509store.StoreContext)
Example 2 with StoreContext
use of org.jruby.ext.openssl.x509store.StoreContext in project jruby-openssl by jruby.
the class X509StoreContext method initialize.
@JRubyMethod(name = "initialize", rest = true, visibility = Visibility.PRIVATE)
public IRubyObject initialize(final ThreadContext context, final IRubyObject[] args) {
X509Store store;
IRubyObject cert, chain;
cert = chain = context.nil;
store = (X509Store) args[0];
if (Arity.checkArgumentCount(context.runtime, args, 1, 3) > 1) {
cert = args[1];
if (args.length > 2)
chain = args[2];
}
final X509AuxCertificate _cert;
if (cert.isNil()) {
_cert = null;
} else {
if (!(cert instanceof X509Cert)) {
throw context.runtime.newTypeError(cert, "OpenSSL::X509::Certificate");
}
_cert = ((X509Cert) cert).getAuxCert();
}
final List<X509AuxCertificate> _chain;
if (!chain.isNil()) {
@SuppressWarnings("unchecked") final RubyArray certs = (RubyArray) chain;
_chain = new ArrayList<X509AuxCertificate>(certs.size());
for (int i = 0; i < certs.size(); i++) {
// NOTE: if we use the normal java syntax for iterating over this
// RubyArray, the `toJava` method of the X509Cert class will be
// implicitly called, and that will return the BC certificate object
// rather than the JRuby one.
X509Cert c = (X509Cert) certs.eltOk(i);
_chain.add(c.getAuxCert());
}
} else {
_chain = new ArrayList<X509AuxCertificate>(4);
}
this.storeContext = new StoreContext(store.getStore());
if (storeContext.init(_cert, _chain) != 1) {
throw newStoreError(context.runtime, null);
}
IRubyObject time = store.getInstanceVariables().getInstanceVariable("@time");
if (!time.isNil())
set_time(time);
this.setInstanceVariable("@verify_callback", store.verify_callback());
this.setInstanceVariable("@cert", cert);
return this;
}
Also used :
RubyArray(org.jruby.RubyArray)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
StoreContext(org.jruby.ext.openssl.x509store.StoreContext)
JRubyMethod(org.jruby.anno.JRubyMethod)
Aggregations
StoreContext (org.jruby.ext.openssl.x509store.StoreContext)2
X509AuxCertificate (org.jruby.ext.openssl.x509store.X509AuxCertificate)2
IOException (java.io.IOException)1
X509CRL (java.security.cert.X509CRL)1
ArrayList (java.util.ArrayList)1
PKCSException (org.bouncycastle.pkcs.PKCSException)1
RubyArray (org.jruby.RubyArray)1
JRubyMethod (org.jruby.anno.JRubyMethod)1
IRubyObject (org.jruby.runtime.builtin.IRubyObject)1
