Search in sources :

Example 1 with X509AuxCertificate

use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.

the class PKCS7 method sign.

@JRubyMethod(meta = true, rest = true)
public static IRubyObject sign(IRubyObject self, IRubyObject[] args) {
    final Ruby runtime = self.getRuntime();
    final X509Cert cert;
    final PKey key;
    final IRubyObject data;
    IRubyObject certs = runtime.getNil();
    IRubyObject flags = runtime.getNil();
    switch(Arity.checkArgumentCount(runtime, args, 3, 5)) {
        case 5:
            flags = args[4];
        case 4:
            certs = args[3];
        default:
            cert = (X509Cert) args[0];
            key = (PKey) args[1];
            data = args[2];
    }
    X509AuxCertificate auxCert = cert.getAuxCert();
    PrivateKey privKey = key.getPrivateKey();
    final int flg = flags.isNil() ? 0 : RubyNumeric.fix2int(flags);
    final BIO dataBIO = obj2bio(data);
    List<X509AuxCertificate> auxCerts = certs.isNil() ? null : getAuxCerts(certs);
    org.jruby.ext.openssl.impl.PKCS7 pkcs7Impl;
    try {
        pkcs7Impl = org.jruby.ext.openssl.impl.PKCS7.sign(auxCert, privKey, auxCerts, dataBIO, flg);
    } catch (PKCS7Exception e) {
        throw newPKCS7Error(runtime, e);
    }
    final PKCS7 pkcs7 = wrap(runtime, pkcs7Impl);
    pkcs7.setData(data);
    return pkcs7;
}
Also used : ThreadContext(org.jruby.runtime.ThreadContext) PrivateKey(java.security.PrivateKey) MemBIO(org.jruby.ext.openssl.impl.MemBIO) BIO(org.jruby.ext.openssl.impl.BIO) IRubyObject(org.jruby.runtime.builtin.IRubyObject) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) PKCS7Exception(org.jruby.ext.openssl.impl.PKCS7Exception) NotVerifiedPKCS7Exception(org.jruby.ext.openssl.impl.NotVerifiedPKCS7Exception) Ruby(org.jruby.Ruby) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 2 with X509AuxCertificate

use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.

the class PKCS7 method encrypt.

/**
 * ossl_pkcs7_s_encrypt
 */
@JRubyMethod(meta = true, rest = true)
public static IRubyObject encrypt(IRubyObject self, IRubyObject[] args) {
    final Ruby runtime = self.getRuntime();
    IRubyObject certs, data, cipher = runtime.getNil(), flags = runtime.getNil();
    switch(Arity.checkArgumentCount(self.getRuntime(), args, 2, 4)) {
        case 4:
            flags = args[3];
        case 3:
            cipher = args[2];
    }
    data = args[1];
    certs = args[0];
    CipherSpec cipherSpec = null;
    if (cipher.isNil()) {
        try {
            javax.crypto.Cipher c = SecurityHelper.getCipher("RC2/CBC/PKCS5Padding");
            cipherSpec = new CipherSpec(c, Cipher.Algorithm.javaToOssl("RC2/CBC/PKCS5Padding", 40), 40);
        } catch (GeneralSecurityException e) {
            throw newPKCS7Error(runtime, e);
        }
    } else {
        final Cipher c = (Cipher) cipher;
        cipherSpec = new CipherSpec(c.getCipherInstance(), c.getName(), c.getGenerateKeyLength() * 8);
    }
    final int flg = flags.isNil() ? 0 : RubyNumeric.fix2int(flags);
    final List<X509AuxCertificate> auxCerts = getAuxCerts(certs);
    final byte[] dataBytes = data.asString().getBytes();
    org.jruby.ext.openssl.impl.PKCS7 pkcs7Impl;
    try {
        pkcs7Impl = org.jruby.ext.openssl.impl.PKCS7.encrypt(auxCerts, dataBytes, cipherSpec, flg);
    } catch (PKCS7Exception pkcs7e) {
        throw newPKCS7Error(self.getRuntime(), pkcs7e);
    }
    final PKCS7 pkcs7 = wrap(runtime, pkcs7Impl);
    pkcs7.setData(data);
    return pkcs7;
}
Also used : ThreadContext(org.jruby.runtime.ThreadContext) GeneralSecurityException(java.security.GeneralSecurityException) IRubyObject(org.jruby.runtime.builtin.IRubyObject) CipherSpec(org.jruby.ext.openssl.impl.CipherSpec) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) PKCS7Exception(org.jruby.ext.openssl.impl.PKCS7Exception) NotVerifiedPKCS7Exception(org.jruby.ext.openssl.impl.NotVerifiedPKCS7Exception) Ruby(org.jruby.Ruby) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 3 with X509AuxCertificate

use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.

the class PKCS7 method verify.

@JRubyMethod(rest = true)
public IRubyObject verify(IRubyObject[] args) {
    final Ruby runtime = getRuntime();
    IRubyObject certs;
    X509Store store;
    IRubyObject indata = runtime.getNil();
    IRubyObject vflags = runtime.getNil();
    switch(Arity.checkArgumentCount(runtime, args, 2, 4)) {
        case 4:
            vflags = args[3];
        case 3:
            indata = args[2];
        default:
            store = (X509Store) args[1];
            certs = args[0];
    }
    final int flg = vflags.isNil() ? 0 : RubyNumeric.fix2int(vflags);
    if (indata.isNil())
        indata = getData();
    final BIO in = indata.isNil() ? null : obj2bio(indata);
    List<X509AuxCertificate> x509s = certs.isNil() ? null : getAuxCerts(certs);
    final Store storeStr = store.getStore();
    final BIO out = BIO.mem();
    boolean result = false;
    try {
        p7.verify(x509s, storeStr, in, out, flg);
        result = true;
    } catch (NotVerifiedPKCS7Exception e) {
    // result = false;
    } catch (PKCS7Exception pkcs7e) {
        if (isDebug(runtime)) {
            // runtime.getOut().println(pkcs7e);
            pkcs7e.printStackTrace(runtime.getOut());
        }
    // result = false;
    }
    IRubyObject data = membio2str(getRuntime(), out);
    setData(data);
    return result ? runtime.getTrue() : runtime.getFalse();
}
Also used : MemBIO(org.jruby.ext.openssl.impl.MemBIO) BIO(org.jruby.ext.openssl.impl.BIO) Store(org.jruby.ext.openssl.x509store.Store) NotVerifiedPKCS7Exception(org.jruby.ext.openssl.impl.NotVerifiedPKCS7Exception) IRubyObject(org.jruby.runtime.builtin.IRubyObject) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) PKCS7Exception(org.jruby.ext.openssl.impl.PKCS7Exception) NotVerifiedPKCS7Exception(org.jruby.ext.openssl.impl.NotVerifiedPKCS7Exception) Ruby(org.jruby.Ruby) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 4 with X509AuxCertificate

use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.

the class SSLContext method setup.

@JRubyMethod
public IRubyObject setup(final ThreadContext context) {
    final Ruby runtime = context.runtime;
    if (isFrozen())
        return runtime.getNil();
    synchronized (this) {
        if (isFrozen())
            return runtime.getNil();
        this.freeze(context);
    }
    final X509Store certStore = getCertStore();
    // TODO: handle tmp_dh_callback :
    // #if !defined(OPENSSL_NO_DH)
    // if (RTEST(ossl_sslctx_get_tmp_dh_cb(self))){
    // SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback);
    // }
    // else{
    // SSL_CTX_set_tmp_dh_callback(ctx, ossl_default_tmp_dh_callback);
    // }
    // #endif
    IRubyObject value;
    value = getInstanceVariable("@key");
    final PKey key;
    if (value != null && !value.isNil()) {
        if (!(value instanceof PKey)) {
            throw runtime.newTypeError("OpenSSL::PKey::PKey expected but got @key = " + value.inspect());
        }
        key = (PKey) value;
    } else {
        key = getCallbackKey(context);
    }
    value = getInstanceVariable("@cert");
    final X509Cert cert;
    if (value != null && !value.isNil()) {
        if (!(value instanceof X509Cert)) {
            throw runtime.newTypeError("OpenSSL::X509::Certificate expected but got @cert = " + value.inspect());
        }
        cert = (X509Cert) value;
    } else {
        cert = getCallbackCert(context);
    }
    value = getInstanceVariable("@client_ca");
    final List<X509AuxCertificate> clientCert;
    if (value != null && !value.isNil()) {
        if (value.respondsTo("each")) {
            clientCert = convertToAuxCerts(context, value);
        } else {
            if (!(value instanceof X509Cert)) {
                throw runtime.newTypeError("OpenSSL::X509::Certificate expected but got @client_ca = " + value.inspect());
            }
            clientCert = Collections.singletonList(((X509Cert) value).getAuxCert());
        }
    } else
        clientCert = Collections.emptyList();
    value = getInstanceVariable("@extra_chain_cert");
    final List<X509AuxCertificate> extraChainCert;
    if (value != null && !value.isNil()) {
        extraChainCert = convertToAuxCerts(context, value);
    } else {
        extraChainCert = null;
    }
    value = getInstanceVariable("@verify_mode");
    final int verifyMode;
    if (value != null && !value.isNil()) {
        verifyMode = RubyNumeric.fix2int(value);
    } else {
        // 0x00
        verifyMode = SSL.VERIFY_NONE;
    }
    value = getInstanceVariable("@timeout");
    final int timeout;
    if (value != null && !value.isNil()) {
        timeout = RubyNumeric.fix2int(value);
    } else {
        timeout = 0;
    }
    final Store store = certStore != null ? certStore.getStore() : new Store();
    final String caFile = getCaFile();
    final String caPath = getCaPath();
    if (caFile != null || caPath != null) {
        try {
            if (store.loadLocations(runtime, caFile, caPath) == 0) {
                runtime.getWarnings().warn(ID.MISCELLANEOUS, "can't set verify locations");
            }
        } catch (Exception e) {
            if (e instanceof RuntimeException)
                debugStackTrace(runtime, e);
            throw newSSLError(runtime, e);
        }
    }
    value = getInstanceVariable("@verify_callback");
    if (value != null && !value.isNil()) {
        store.setExtraData(1, value);
    } else {
        store.setExtraData(1, null);
    }
    value = getInstanceVariable("@verify_depth");
    if (value != null && !value.isNil()) {
        store.setDepth(RubyNumeric.fix2int(value));
    } else {
        store.setDepth(-1);
    }
    value = getInstanceVariable("@servername_cb");
    if (value != null && !value.isNil()) {
    // SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
    }
    try {
        internalContext = createInternalContext(context, cert, key, store, clientCert, extraChainCert, verifyMode, timeout);
    } catch (GeneralSecurityException e) {
        throw newSSLError(runtime, e);
    }
    return runtime.getTrue();
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) Store(org.jruby.ext.openssl.x509store.Store) IRubyObject(org.jruby.runtime.builtin.IRubyObject) GeneralSecurityException(java.security.GeneralSecurityException) KeyManagementException(java.security.KeyManagementException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateException(java.security.cert.CertificateException) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) Ruby(org.jruby.Ruby) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 5 with X509AuxCertificate

use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.

the class SSLContext method convertToAuxCerts.

private static List<X509AuxCertificate> convertToAuxCerts(final ThreadContext context, IRubyObject value) {
    final RubyModule SSLContext = _SSLContext(context.runtime);
    final RubyModule Certificate = _Certificate(context.runtime);
    if (value instanceof RubyArray) {
        final RubyArray val = (RubyArray) value;
        final int size = val.size();
        final ArrayList<X509AuxCertificate> result = new ArrayList<X509AuxCertificate>(size);
        for (int i = 0; i < size; i++) result.add(assureCertificate(context, Certificate, val.eltInternal(i)).getAuxCert());
        return result;
    }
    if (value instanceof List) {
        final List<X509Cert> val = (List) value;
        final int size = val.size();
        final ArrayList<X509AuxCertificate> result = new ArrayList<X509AuxCertificate>(size);
        for (int i = 0; i < size; i++) result.add(assureCertificate(context, Certificate, val.get(i)).getAuxCert());
        return result;
    }
    // else :
    final ArrayList<X509AuxCertificate> result = new ArrayList<X509AuxCertificate>();
    Utils.invoke(context, value, "each", CallBlock.newCallClosure(value, SSLContext, Arity.NO_ARGUMENTS, new BlockCallback() {

        public IRubyObject call(ThreadContext context, IRubyObject[] args, Block block) {
            result.add(assureCertificate(context, Certificate, args[0]).getAuxCert());
            return context.nil;
        }
    }, context));
    return result;
}
Also used : RubyModule(org.jruby.RubyModule) RubyArray(org.jruby.RubyArray) ArrayList(java.util.ArrayList) BlockCallback(org.jruby.runtime.BlockCallback) ThreadContext(org.jruby.runtime.ThreadContext) Block(org.jruby.runtime.Block) CallBlock(org.jruby.runtime.CallBlock) ByteList(org.jruby.util.ByteList) List(java.util.List) ArrayList(java.util.ArrayList) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)

Aggregations

X509AuxCertificate (org.jruby.ext.openssl.x509store.X509AuxCertificate)17 Ruby (org.jruby.Ruby)8 JRubyMethod (org.jruby.anno.JRubyMethod)8 IRubyObject (org.jruby.runtime.builtin.IRubyObject)7 ArrayList (java.util.ArrayList)6 RubyArray (org.jruby.RubyArray)6 IOException (java.io.IOException)5 NotVerifiedPKCS7Exception (org.jruby.ext.openssl.impl.NotVerifiedPKCS7Exception)4 PKCS7Exception (org.jruby.ext.openssl.impl.PKCS7Exception)4 ThreadContext (org.jruby.runtime.ThreadContext)4 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)3 BIO (org.jruby.ext.openssl.impl.BIO)3 MemBIO (org.jruby.ext.openssl.impl.MemBIO)3 GeneralSecurityException (java.security.GeneralSecurityException)2 PrivateKey (java.security.PrivateKey)2 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 Certificate (org.bouncycastle.asn1.x509.Certificate)2 Store (org.jruby.ext.openssl.x509store.Store)2