Example 11 with X509AuxCertificate
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class PKCS7 method decrypt.
@JRubyMethod(rest = true)
public IRubyObject decrypt(IRubyObject[] args) {
IRubyObject dflags;
if (Arity.checkArgumentCount(getRuntime(), args, 2, 3) == 3) {
dflags = args[2];
} else {
dflags = getRuntime().getNil();
}
PKey pkey = (PKey) args[0];
X509Cert cert = (X509Cert) args[1];
final PrivateKey privKey = pkey.getPrivateKey();
final X509AuxCertificate auxCert = cert.getAuxCert();
final int flg = dflags.isNil() ? 0 : RubyNumeric.fix2int(dflags);
final BIO out = BIO.mem();
try {
p7.decrypt(privKey, auxCert, out, flg);
} catch (PKCS7Exception pkcs7e) {
throw newPKCS7Error(getRuntime(), pkcs7e);
}
return membio2str(getRuntime(), out);
}
Also used :
PrivateKey(java.security.PrivateKey)
MemBIO(org.jruby.ext.openssl.impl.MemBIO)
BIO(org.jruby.ext.openssl.impl.BIO)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
PKCS7Exception(org.jruby.ext.openssl.impl.PKCS7Exception)
NotVerifiedPKCS7Exception(org.jruby.ext.openssl.impl.NotVerifiedPKCS7Exception)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 12 with X509AuxCertificate
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class PKCS7 method getAuxCerts.
private static List<X509AuxCertificate> getAuxCerts(final IRubyObject arg) {
final RubyArray arr = (RubyArray) arg;
List<X509AuxCertificate> certs = new ArrayList<X509AuxCertificate>(arr.size());
for (int i = 0; i < arr.size(); i++) {
certs.add(((X509Cert) arr.eltInternal(i)).getAuxCert());
}
return certs;
}
Also used :
RubyArray(org.jruby.RubyArray)
ArrayList(java.util.ArrayList)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
Example 13 with X509AuxCertificate
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class PKCS7 method getSigners.
/* c: PKCS7_get0_signers
*
*/
public List<X509AuxCertificate> getSigners(Collection<X509AuxCertificate> certs, Collection<SignerInfoWithPkey> infos, int flags) throws PKCS7Exception {
if (!isSigned()) {
throw new PKCS7Exception(F_PKCS7_GET0_SIGNERS, R_WRONG_CONTENT_TYPE);
}
if (infos == null || infos.size() == 0) {
throw new PKCS7Exception(F_PKCS7_GET0_SIGNERS, R_NO_SIGNERS);
}
final ArrayList<X509AuxCertificate> signers = new ArrayList<X509AuxCertificate>(infos.size());
for (final SignerInfoWithPkey info : infos) {
final IssuerAndSerialNumber ias = info.getIssuerAndSerialNumber();
X509AuxCertificate signer = null;
// System.err.println(" in: " + getSign().getCert());
if (certs != null) {
signer = findByIssuerAndSerial(certs, ias.getName(), ias.getCertificateSerialNumber().getValue());
}
if (signer == null && (flags & NOINTERN) == 0 && getSign().getCert() != null) {
signer = findByIssuerAndSerial(getSign().getCert(), ias.getName(), ias.getCertificateSerialNumber().getValue());
}
if (signer == null) {
throw new PKCS7Exception(F_PKCS7_GET0_SIGNERS, R_SIGNER_CERTIFICATE_NOT_FOUND);
}
signers.add(signer);
}
return signers;
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber)
ArrayList(java.util.ArrayList)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
Example 14 with X509AuxCertificate
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class PKCS7 method sign.
/* c: PKCS7_sign
*
*/
public static PKCS7 sign(X509AuxCertificate signcert, PrivateKey pkey, Collection<X509AuxCertificate> certs, BIO data, int flags) throws PKCS7Exception {
PKCS7 p7 = new PKCS7();
p7.setType(ASN1Registry.NID_pkcs7_signed);
p7.contentNew(ASN1Registry.NID_pkcs7_data);
SignerInfoWithPkey si = p7.addSignature(signcert, pkey, EVP.sha1());
if ((flags & NOCERTS) == 0) {
p7.addCertificate(signcert);
if (certs != null) {
for (X509AuxCertificate c : certs) {
p7.addCertificate(c);
}
}
}
if ((flags & NOATTR) == 0) {
si.addSignedAttribute(ASN1Registry.NID_pkcs9_contentType, OID_pkcs7_data);
if ((flags & NOSMIMECAP) == 0) {
ASN1EncodableVector smcap = new ASN1EncodableVector();
smcap.add(new AlgorithmIdentifier(OID_des_ede3_cbc));
smcap.add(new AlgorithmIdentifier(OID_rc2_cbc, new ASN1Integer(BI_128)));
smcap.add(new AlgorithmIdentifier(OID_rc2_cbc, new ASN1Integer(BI_64)));
smcap.add(new AlgorithmIdentifier(OID_rc2_cbc, new ASN1Integer(BI_40)));
smcap.add(new AlgorithmIdentifier(OID_des_cbc));
si.addSignedAttribute(ASN1Registry.NID_SMIMECapabilities, new DLSequence(smcap));
}
}
if ((flags & STREAM) != 0) {
return p7;
}
BIO p7bio = p7.dataInit(null);
try {
data.crlfCopy(p7bio, flags);
} catch (IOException e) {
throw new PKCS7Exception(F_PKCS7_SIGN, R_PKCS7_DATAFINAL_ERROR, e);
}
if ((flags & DETACHED) != 0) {
p7.setDetached(1);
}
p7.dataFinal(p7bio);
return p7;
}
Also used :
DLSequence(org.bouncycastle.asn1.DLSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 15 with X509AuxCertificate
use of org.jruby.ext.openssl.x509store.X509AuxCertificate in project jruby-openssl by jruby.
the class Signed method certificatesFromASN1Set.
private static Collection<X509AuxCertificate> certificatesFromASN1Set(ASN1Encodable content) throws PKCS7Exception {
Collection<X509AuxCertificate> result = new ArrayList<X509AuxCertificate>();
if (content instanceof ASN1Sequence) {
try {
for (Enumeration<?> enm = ((ASN1Sequence) content).getObjects(); enm.hasMoreElements(); ) {
ASN1Encodable current = (ASN1Encodable) enm.nextElement();
result.add(certificateFromASN1(current));
}
} catch (IllegalArgumentException iae) {
result.add(certificateFromASN1(content));
}
} else if (content instanceof ASN1Set) {
// EXPLICIT Set shouldn't apper here but keep this for backward compatibility.
for (Enumeration<?> enm = ((ASN1Set) content).getObjects(); enm.hasMoreElements(); ) {
ASN1Encodable current = (ASN1Encodable) enm.nextElement();
result.add(certificateFromASN1(current));
}
} else {
throw new PKCS7Exception(PKCS7.F_B64_READ_PKCS7, PKCS7.R_CERTIFICATE_VERIFY_ERROR, "unknown certificates format");
}
return result;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
Enumeration(java.util.Enumeration)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ArrayList(java.util.ArrayList)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)
Aggregations
X509AuxCertificate (org.jruby.ext.openssl.x509store.X509AuxCertificate)17
Ruby (org.jruby.Ruby)8
JRubyMethod (org.jruby.anno.JRubyMethod)8
IRubyObject (org.jruby.runtime.builtin.IRubyObject)7
ArrayList (java.util.ArrayList)6
RubyArray (org.jruby.RubyArray)6
IOException (java.io.IOException)5
NotVerifiedPKCS7Exception (org.jruby.ext.openssl.impl.NotVerifiedPKCS7Exception)4
PKCS7Exception (org.jruby.ext.openssl.impl.PKCS7Exception)4
ThreadContext (org.jruby.runtime.ThreadContext)4
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)3
BIO (org.jruby.ext.openssl.impl.BIO)3
MemBIO (org.jruby.ext.openssl.impl.MemBIO)3
GeneralSecurityException (java.security.GeneralSecurityException)2
PrivateKey (java.security.PrivateKey)2
CertificateException (java.security.cert.CertificateException)2
X509Certificate (java.security.cert.X509Certificate)2
Certificate (org.bouncycastle.asn1.x509.Certificate)2
Store (org.jruby.ext.openssl.x509store.Store)2
