use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class PKCS7 method sign.
@JRubyMethod(meta = true, rest = true)
public static IRubyObject sign(IRubyObject self, IRubyObject[] args) {
final Ruby runtime = self.getRuntime();
final X509Cert cert;
final PKey key;
final IRubyObject data;
IRubyObject certs = runtime.getNil();
IRubyObject flags = runtime.getNil();
switch(Arity.checkArgumentCount(runtime, args, 3, 5)) {
case 5:
flags = args[4];
case 4:
certs = args[3];
default:
cert = (X509Cert) args[0];
key = (PKey) args[1];
data = args[2];
}
X509AuxCertificate auxCert = cert.getAuxCert();
PrivateKey privKey = key.getPrivateKey();
final int flg = flags.isNil() ? 0 : RubyNumeric.fix2int(flags);
final BIO dataBIO = obj2bio(data);
List<X509AuxCertificate> auxCerts = certs.isNil() ? null : getAuxCerts(certs);
org.jruby.ext.openssl.impl.PKCS7 pkcs7Impl;
try {
pkcs7Impl = org.jruby.ext.openssl.impl.PKCS7.sign(auxCert, privKey, auxCerts, dataBIO, flg);
} catch (PKCS7Exception e) {
throw newPKCS7Error(runtime, e);
}
final PKCS7 pkcs7 = wrap(runtime, pkcs7Impl);
pkcs7.setData(data);
return pkcs7;
}
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class PKCS7 method encrypt.
/**
* ossl_pkcs7_s_encrypt
*/
@JRubyMethod(meta = true, rest = true)
public static IRubyObject encrypt(IRubyObject self, IRubyObject[] args) {
final Ruby runtime = self.getRuntime();
IRubyObject certs, data, cipher = runtime.getNil(), flags = runtime.getNil();
switch(Arity.checkArgumentCount(self.getRuntime(), args, 2, 4)) {
case 4:
flags = args[3];
case 3:
cipher = args[2];
}
data = args[1];
certs = args[0];
CipherSpec cipherSpec = null;
if (cipher.isNil()) {
try {
javax.crypto.Cipher c = SecurityHelper.getCipher("RC2/CBC/PKCS5Padding");
cipherSpec = new CipherSpec(c, Cipher.Algorithm.javaToOssl("RC2/CBC/PKCS5Padding", 40), 40);
} catch (GeneralSecurityException e) {
throw newPKCS7Error(runtime, e);
}
} else {
final Cipher c = (Cipher) cipher;
cipherSpec = new CipherSpec(c.getCipherInstance(), c.getName(), c.getGenerateKeyLength() * 8);
}
final int flg = flags.isNil() ? 0 : RubyNumeric.fix2int(flags);
final List<X509AuxCertificate> auxCerts = getAuxCerts(certs);
final byte[] dataBytes = data.asString().getBytes();
org.jruby.ext.openssl.impl.PKCS7 pkcs7Impl;
try {
pkcs7Impl = org.jruby.ext.openssl.impl.PKCS7.encrypt(auxCerts, dataBytes, cipherSpec, flg);
} catch (PKCS7Exception pkcs7e) {
throw newPKCS7Error(self.getRuntime(), pkcs7e);
}
final PKCS7 pkcs7 = wrap(runtime, pkcs7Impl);
pkcs7.setData(data);
return pkcs7;
}
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class PKCS7 method verify.
@JRubyMethod(rest = true)
public IRubyObject verify(IRubyObject[] args) {
final Ruby runtime = getRuntime();
IRubyObject certs;
X509Store store;
IRubyObject indata = runtime.getNil();
IRubyObject vflags = runtime.getNil();
switch(Arity.checkArgumentCount(runtime, args, 2, 4)) {
case 4:
vflags = args[3];
case 3:
indata = args[2];
default:
store = (X509Store) args[1];
certs = args[0];
}
final int flg = vflags.isNil() ? 0 : RubyNumeric.fix2int(vflags);
if (indata.isNil())
indata = getData();
final BIO in = indata.isNil() ? null : obj2bio(indata);
List<X509AuxCertificate> x509s = certs.isNil() ? null : getAuxCerts(certs);
final Store storeStr = store.getStore();
final BIO out = BIO.mem();
boolean result = false;
try {
p7.verify(x509s, storeStr, in, out, flg);
result = true;
} catch (NotVerifiedPKCS7Exception e) {
// result = false;
} catch (PKCS7Exception pkcs7e) {
if (isDebug(runtime)) {
// runtime.getOut().println(pkcs7e);
pkcs7e.printStackTrace(runtime.getOut());
}
// result = false;
}
IRubyObject data = membio2str(getRuntime(), out);
setData(data);
return result ? runtime.getTrue() : runtime.getFalse();
}
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class SSLContext method setup.
@JRubyMethod
public IRubyObject setup(final ThreadContext context) {
final Ruby runtime = context.runtime;
if (isFrozen())
return runtime.getNil();
synchronized (this) {
if (isFrozen())
return runtime.getNil();
this.freeze(context);
}
final X509Store certStore = getCertStore();
// TODO: handle tmp_dh_callback :
// #if !defined(OPENSSL_NO_DH)
// if (RTEST(ossl_sslctx_get_tmp_dh_cb(self))){
// SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback);
// }
// else{
// SSL_CTX_set_tmp_dh_callback(ctx, ossl_default_tmp_dh_callback);
// }
// #endif
IRubyObject value;
value = getInstanceVariable("@key");
final PKey key;
if (value != null && !value.isNil()) {
if (!(value instanceof PKey)) {
throw runtime.newTypeError("OpenSSL::PKey::PKey expected but got @key = " + value.inspect());
}
key = (PKey) value;
} else {
key = getCallbackKey(context);
}
value = getInstanceVariable("@cert");
final X509Cert cert;
if (value != null && !value.isNil()) {
if (!(value instanceof X509Cert)) {
throw runtime.newTypeError("OpenSSL::X509::Certificate expected but got @cert = " + value.inspect());
}
cert = (X509Cert) value;
} else {
cert = getCallbackCert(context);
}
value = getInstanceVariable("@client_ca");
final List<X509AuxCertificate> clientCert;
if (value != null && !value.isNil()) {
if (value.respondsTo("each")) {
clientCert = convertToAuxCerts(context, value);
} else {
if (!(value instanceof X509Cert)) {
throw runtime.newTypeError("OpenSSL::X509::Certificate expected but got @client_ca = " + value.inspect());
}
clientCert = Collections.singletonList(((X509Cert) value).getAuxCert());
}
} else
clientCert = Collections.emptyList();
value = getInstanceVariable("@extra_chain_cert");
final List<X509AuxCertificate> extraChainCert;
if (value != null && !value.isNil()) {
extraChainCert = convertToAuxCerts(context, value);
} else {
extraChainCert = null;
}
value = getInstanceVariable("@verify_mode");
final int verifyMode;
if (value != null && !value.isNil()) {
verifyMode = RubyNumeric.fix2int(value);
} else {
// 0x00
verifyMode = SSL.VERIFY_NONE;
}
value = getInstanceVariable("@timeout");
final int timeout;
if (value != null && !value.isNil()) {
timeout = RubyNumeric.fix2int(value);
} else {
timeout = 0;
}
final Store store = certStore != null ? certStore.getStore() : new Store();
final String caFile = getCaFile();
final String caPath = getCaPath();
if (caFile != null || caPath != null) {
try {
if (store.loadLocations(runtime, caFile, caPath) == 0) {
runtime.getWarnings().warn(ID.MISCELLANEOUS, "can't set verify locations");
}
} catch (Exception e) {
if (e instanceof RuntimeException)
debugStackTrace(runtime, e);
throw newSSLError(runtime, e);
}
}
value = getInstanceVariable("@verify_callback");
if (value != null && !value.isNil()) {
store.setExtraData(1, value);
} else {
store.setExtraData(1, null);
}
value = getInstanceVariable("@verify_depth");
if (value != null && !value.isNil()) {
store.setDepth(RubyNumeric.fix2int(value));
} else {
store.setDepth(-1);
}
value = getInstanceVariable("@servername_cb");
if (value != null && !value.isNil()) {
// SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
}
try {
internalContext = createInternalContext(context, cert, key, store, clientCert, extraChainCert, verifyMode, timeout);
} catch (GeneralSecurityException e) {
throw newSSLError(runtime, e);
}
return runtime.getTrue();
}
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class SSLContext method convertToAuxCerts.
private static List<X509AuxCertificate> convertToAuxCerts(final ThreadContext context, IRubyObject value) {
final RubyModule SSLContext = _SSLContext(context.runtime);
final RubyModule Certificate = _Certificate(context.runtime);
if (value instanceof RubyArray) {
final RubyArray val = (RubyArray) value;
final int size = val.size();
final ArrayList<X509AuxCertificate> result = new ArrayList<X509AuxCertificate>(size);
for (int i = 0; i < size; i++) result.add(assureCertificate(context, Certificate, val.eltInternal(i)).getAuxCert());
return result;
}
if (value instanceof List) {
final List<X509Cert> val = (List) value;
final int size = val.size();
final ArrayList<X509AuxCertificate> result = new ArrayList<X509AuxCertificate>(size);
for (int i = 0; i < size; i++) result.add(assureCertificate(context, Certificate, val.get(i)).getAuxCert());
return result;
}
// else :
final ArrayList<X509AuxCertificate> result = new ArrayList<X509AuxCertificate>();
Utils.invoke(context, value, "each", CallBlock.newCallClosure(value, SSLContext, Arity.NO_ARGUMENTS, new BlockCallback() {
public IRubyObject call(ThreadContext context, IRubyObject[] args, Block block) {
result.add(assureCertificate(context, Certificate, args[0]).getAuxCert());
return context.nil;
}
}, context));
return result;
}
Aggregations