Skip to content

Commit 2ced388

Browse files
kareskares
committedNov 2, 2017
fix signature-alg to default to NULL and report it as 0.0 (like MRI)
1 parent ec7b8e7 commit 2ced388

File tree

5 files changed

+18
-6
lines changed

5 files changed

+18
-6
lines changed
 

Diff for: ‎src/main/java/org/jruby/ext/openssl/X509CRL.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -434,7 +434,7 @@ public IRubyObject signature_algorithm() {
434434
}
435435

436436
private RubyString signature_algorithm(final Ruby runtime) {
437-
return RubyString.newString(runtime, getSignatureAlgorithm(runtime, "itu-t"));
437+
return RubyString.newString(runtime, getSignatureAlgorithm(runtime, "NULL"));
438438
}
439439

440440
private String getSignatureAlgorithm(final Ruby runtime, final String def) {

Diff for: ‎src/main/java/org/jruby/ext/openssl/X509Cert.java

+2-2
Original file line numberDiff line numberDiff line change
@@ -225,8 +225,8 @@ private void initialize(final ThreadContext context, final byte[] encoded, final
225225
if ( sigAlgorithm == null ) sigAlgorithm = cert.getSigAlgName(); // e.g. SHA256withRSA
226226
else {
227227
sigAlgorithm = ASN1.oid2name(runtime, new ASN1ObjectIdentifier(sigAlgorithm), true);
228-
if ( sigAlgorithm == null ) {
229-
sigAlgorithm = "itu-t"; // MRI compability ... the "crazy" parts
228+
if (sigAlgorithm == null) {
229+
sigAlgorithm = "0.0"; // "NULL";
230230
// for some certificates that MRI parses,
231231
// we get getSigAlgOID() == getSigAlgName() == "0.0"
232232

Diff for: ‎src/test/ruby/test_helper.rb

+11
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,8 @@ def jruby?; self.class.jruby? end
137137

138138
private
139139

140+
def debug(msg); puts msg if $VERBOSE end
141+
140142
def issue_cert(dn, key, serial, not_before, not_after, extensions, issuer, issuer_key, digest)
141143
cert = OpenSSL::X509::Certificate.new
142144
issuer = cert unless issuer
@@ -186,6 +188,15 @@ def issue_crl(revoke_info, serial, lastup, nextup, extensions,
186188
crl
187189
end
188190

191+
def get_subject_key_id(cert)
192+
asn1_cert = OpenSSL::ASN1.decode(cert)
193+
tbscert = asn1_cert.value[0]
194+
pkinfo = tbscert.value[6]
195+
publickey = pkinfo.value[1]
196+
pkvalue = publickey.value
197+
OpenSSL::Digest::SHA1.hexdigest(pkvalue).scan(/../).join(":").upcase
198+
end
199+
189200
end
190201

191202
begin

Diff for: ‎src/test/ruby/x509/test_x509cert.rb

+2-1
Original file line numberDiff line numberDiff line change
@@ -311,7 +311,8 @@ def test_to_text_npe_regression
311311
def test_cert_loading_regression
312312
cert_text = "0\x82\x01\xAD0\x82\x01\xA1\xA0\x03\x02\x01\x02\x02\x01\x010\x03\x06\x01\x000g1\v0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\b\f\nCalifornia1\x150\x13\x06\x03U\x04\a\f\fSanta Monica1\x110\x0F\x06\x03U\x04\n\f\bOneLogin1\x190\x17\x06\x03U\x04\x03\f\x10app.onelogin.com0\x1E\x17\r100309095845Z\x17\r150309095845Z0g1\v0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\b\f\nCalifornia1\x150\x13\x06\x03U\x04\a\f\fSanta Monica1\x110\x0F\x06\x03U\x04\n\f\bOneLogin1\x190\x17\x06\x03U\x04\x03\f\x10app.onelogin.com0\x81\x9F0\r\x06\t*\x86H\x86\xF7\r\x01\x01\x01\x05\x00\x03\x81\x8D\x000\x81\x89\x02\x81\x81\x00\xE8\xD2\xBBW\xE3?/\x1D\xE7\x0E\x10\xC8\xBD~\xCD\xDE!#\rL\x92G\xDF\xE1f?L\xB1\xBC9\x99\x14\xE5\x84\xD2Zi\x87<>d\xBD\x81\xF9\xBA\x85\xD2\xFF\xAA\x90\xF3Z\x97\xA5\x1D\xB0W\xC0\x93\xA3\x06IP\xB84\xF5\xD7Qu\x19\xFCB\xCA\xA3\xD4\\\x8E\v\x9B%\x13|\xB6m\x9D\xA8\x16\xE6\xBB\xDA\x87\xFF\xE3\xD7\xE9\xBA9\xC5O\xA2\xA7C\xADB\x04\xCA\xA5\x0E\x84\xD0\xA8\xE4\xFA\xDA\xF1\x89\xF2s\xFA1\x95\xAF\x03\xAB1\xAA\xE7y\x02\x03\x01\x00\x010\x03\x06\x01\x00\x03\x01\x00"
313313
assert cert = OpenSSL::X509::Certificate.new(cert_text)
314-
assert cert.to_text.index('itu-t')
314+
debug cert.to_text
315+
assert cert.to_text.index('Signature Algorithm: 0.0')
315316
end
316317

317318
TEST_KEY_RSA1024 = <<-_end_of_pem_

Diff for: ‎src/test/ruby/x509/test_x509crl.rb

+2-2
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ def test_new_crl
1111
assert_equal nil, crl.last_update
1212
assert_equal nil, crl.next_update
1313
assert_equal [], crl.revoked
14-
assert_equal "itu-t", crl.signature_algorithm
14+
assert_equal "NULL", crl.signature_algorithm
1515

1616
if RUBY_VERSION >= '2.0.0' || defined? JRUBY_VERSION
1717
assert crl.inspect.index('#<OpenSSL::X509::CRL:') == 0, crl.inspect
@@ -140,7 +140,7 @@ def test_extension
140140
exts = crl.extensions
141141

142142
# MRI expects to retain extension order : crlNumber, authorityKeyIdentifier, issuerAltName
143-
exts = exts.dup;
143+
exts = exts.dup
144144
ext1 = exts.find { |ext| ext.oid == 'authorityKeyIdentifier' }
145145
exts.delete(ext1); exts.unshift(ext1)
146146
ext0 = exts.find { |ext| ext.oid == 'crlNumber' }

0 commit comments

Comments
 (0)