Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 604e3b2a97dc^
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 89976db68f62
Choose a head ref
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Nov 3, 2017

  1. Account for ASN1Integers when handling serial numbers in X509Certs

    @lampad @kares
    lampad authored and kares committed Nov 3, 2017
    Copy the full SHA
    604e3b2 View commit details

  2. Test and use explicit value of ASN1Integer

    @lampad @kares
    lampad authored and kares committed Nov 3, 2017
    Copy the full SHA
    89976db View commit details
Showing with 32 additions and 1 deletion.
  1. +7 −1 src/main/java/org/jruby/ext/openssl/X509Extension.java
  2. +25 −0 src/test/ruby/x509/test_x509cert.rb
8 changes: 7 additions & 1 deletion src/main/java/org/jruby/ext/openssl/X509Extension.java
View file
Original file line number Diff line number Diff line change
@@ -36,6 +36,7 @@
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
@@ -456,7 +457,12 @@ public RubyString value(final ThreadContext context) {
break;
case 2 : // serial
val.append(new byte[] { 's','e','r','i','a','l',':' });
hexBytes( ((ASN1OctetString) obj).getOctets(), val );
if (obj instanceof ASN1Integer) {
hexBytes( ((ASN1Integer) obj).getValue().toByteArray(), val);
}
else {
hexBytes( ((ASN1OctetString) obj ).getOctets(), val );
}
break;
}
}
25 changes: 25 additions & 0 deletions src/test/ruby/x509/test_x509cert.rb
View file
Original file line number Diff line number Diff line change
@@ -73,6 +73,31 @@ def test_cert_extensions # JRUBY-3468
end
end

def test_aki_extension_to_text
# Cert generation ripped from WEBrick
rsa2048 = OpenSSL::PKey::RSA.new TEST_KEY_RSA2048
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 1
name = OpenSSL::X509::Name.new([ %w[CN localhost] ])
cert.subject = name
cert.issuer = name
cert.not_before = Time.now
cert.not_after = Time.now + (365*24*60*60)
cert.public_key = rsa2048.public_key

ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
ef.issuer_certificate = cert

aki = ef.create_extension("authorityKeyIdentifier",
"keyid:always,issuer:always")
cert.add_extension(aki)

assert_equal 1, cert.extensions.size
assert_equal "keyid:97:39:9D:C3:FB:CD:BA:8F:54:0C:90:7B:46:3F:EA:D6:43:75:B1:CB\n\nserial:01\n",
cert.extensions.first.value
end

def test_resolve_extensions
rsa2048 = OpenSSL::PKey::RSA.new TEST_KEY_RSA2048
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")