Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: c17ca8d0d02f
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6230c5989a0d
Choose a head ref
  • 5 commits
  • 8 files changed
  • 1 contributor

Commits on Nov 4, 2016

  1. upgrading BC to 1.55

    kares committed Nov 4, 2016
    Copy the full SHA
    4733001 View commit details
  2. Copy the full SHA
    64bb86f View commit details
  3. Copy the full SHA
    819559a View commit details
  4. Copy the full SHA
    aa9f9a2 View commit details
  5. Copy the full SHA
    6230c59 View commit details
2 changes: 1 addition & 1 deletion lib/jopenssl/version.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module Jopenssl
VERSION = '0.9.18.dev'
BOUNCY_CASTLE_VERSION = '1.54'
BOUNCY_CASTLE_VERSION = '1.55'
# @deprecated
module Version
# @private
4 changes: 2 additions & 2 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -94,12 +94,12 @@ DO NOT MODIFIY - GENERATED CODE
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.54</version>
<version>1.55</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.54</version>
<version>1.55</version>
</dependency>
<dependency>
<groupId>org.jruby</groupId>
16 changes: 8 additions & 8 deletions src/main/java/org/jruby/ext/openssl/BN.java
Original file line number Diff line number Diff line change
@@ -794,28 +794,28 @@ public static BigInteger getRandomBI(int bits, int top, boolean bottom, Random r

@JRubyMethod(name = "rand_range", meta = true)
public static IRubyObject rand_range(IRubyObject recv, IRubyObject arg) {
return getRandomBNInRange(recv.getRuntime(), getBigInteger(arg), getSecureRandom());
return randomValueInRange(recv.getRuntime(), getBigInteger(arg), getSecureRandom());
}

@JRubyMethod(name = "pseudo_rand_range", meta = true)
public static IRubyObject pseudo_rand_range(IRubyObject recv, IRubyObject arg) {
return getRandomBNInRange(recv.getRuntime(), getBigInteger(arg), getRandom());
return randomValueInRange(recv.getRuntime(), getBigInteger(arg), getRandom());
}

private static BN getRandomBNInRange(Ruby runtime, BigInteger limit, Random random) {
private static BN randomValueInRange(Ruby runtime, BigInteger limit, Random random) {
BigInteger value;
try {
value = getRandomBIInRange(limit, random);
value = randomIntegerInRange(limit, random);
}
catch (IllegalArgumentException e) {
throw newBNError(runtime, "illegal range");
throw newBNError(runtime, e.getMessage());
}
return newBN(runtime, value);
return newInstance(runtime, value);
}

public static BigInteger getRandomBIInRange(BigInteger limit, Random random) {
public static BigInteger randomIntegerInRange(BigInteger limit, Random random) {
if (limit.signum() < 0) {
throw new IllegalArgumentException("illegal range");
throw new IllegalArgumentException("illegal range: " + limit);
}
int bits = limit.bitLength();
BigInteger value;
5 changes: 2 additions & 3 deletions src/main/java/org/jruby/ext/openssl/PKeyDH.java
Original file line number Diff line number Diff line change
@@ -60,7 +60,6 @@
import org.jruby.util.ByteList;
import org.jruby.runtime.Visibility;

import static org.jruby.ext.openssl.PKey._PKey;
import static org.jruby.ext.openssl.OpenSSL.bcExceptionMessage;

/**
@@ -209,9 +208,9 @@ public static BigInteger generateX(BigInteger p, int limit) {
// subject to Miller-Rabin [certainty = 0], but is subject to other constraints)
// see also [ossl]/crypto/dh/dh_key.c #generate_key
if (limit == 0) {
BigInteger pSub2 = p.subtract(TWO);
final BigInteger pSub2 = p.subtract(TWO);
do {
x = BN.getRandomBIInRange(pSub2, secureRandom);
x = BN.randomIntegerInRange(pSub2, secureRandom);
} while (x.equals(BigInteger.ZERO));
} else {
do {
7 changes: 6 additions & 1 deletion src/main/java/org/jruby/ext/openssl/PKeyEC.java
Original file line number Diff line number Diff line change
@@ -688,7 +688,12 @@ public IRubyObject op_equal(final ThreadContext context, final IRubyObject obj)
@JRubyMethod
public IRubyObject curve_name(final ThreadContext context) {
if (curve_name == null) {
curve_name = RubyString.newString(context.runtime, key.getCurveName());
String prefix, curveName = key.getCurveName();
// BC 1.54: "brainpoolP512t1" 1.55: "brainpoolp512t1"
if (curveName.startsWith(prefix = "brainpoolp")) {
curveName = "brainpoolP" + curveName.substring(prefix.length());
}
curve_name = RubyString.newString(context.runtime, curveName);
}
return curve_name.dup();
}
10 changes: 8 additions & 2 deletions src/main/java/org/jruby/ext/openssl/X509ExtensionFactory.java
Original file line number Diff line number Diff line change
@@ -42,6 +42,7 @@
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;

import org.jruby.Ruby;
import org.jruby.RubyArray;
@@ -458,8 +459,13 @@ private ASN1Encodable parseIssuerAltName(final ThreadContext context, final Stri

private static ASN1Encodable parseSubjectAltName(final String valuex) throws IOException {
if ( valuex.startsWith(DNS_) ) {
final String dns = valuex.substring(DNS_.length());
return new GeneralName(GeneralName.dNSName, dns);
final String[] vals = valuex.split(",");
final GeneralName[] names = new GeneralName[vals.length];
for ( int i = 0; i < vals.length; i++ ) {
final String dns = vals[i].substring(DNS_.length());
names[i] = new GeneralName(GeneralName.dNSName, dns);
}
return new GeneralNames(names);
}
if ( valuex.startsWith(DNS_Name_) ) {
final String dns = valuex.substring(DNS_Name_.length());
4 changes: 2 additions & 2 deletions src/main/java/org/jruby/ext/openssl/X509Request.java
Original file line number Diff line number Diff line change
@@ -94,7 +94,7 @@ public static void createRequest(final Ruby runtime, final RubyModule _X509) {

public X509Request(Ruby runtime, RubyClass type) {
super(runtime, type);
attributes = new ArrayList<X509Attribute>();
attributes = new ArrayList<X509Attribute>(4);
}

@JRubyMethod(name = "initialize", rest = true, visibility = Visibility.PRIVATE)
@@ -128,7 +128,7 @@ else if ( "DSA".equalsIgnoreCase(algorithm) ) {
this.public_key = newPKeyImplInstance(context, "DSA", enc);
}
else {
throw runtime.newLoadError("not implemented algo for public key: " + algorithm);
throw runtime.newNotImplementedError("public key algorithm: " + algorithm);
}

this.subject = newName( context, request.getSubject() );
30 changes: 30 additions & 0 deletions src/test/ruby/x509/test_x509ext.rb
Original file line number Diff line number Diff line change
@@ -126,4 +126,34 @@ def test_to_der_is_the_same_for_non_critical
assert ext1.to_der != ext2.to_der
end

def test_subject_alt_name_sign_to_pem
domain_list = 'test.example.com,test2.example.com,example.com,www.example.com'

rsa_key = OpenSSL::PKey::RSA.new(2048)
csr = OpenSSL::X509::Request.new
csr.subject = OpenSSL::X509::Name.new [ ["C", 'AU'], ["ST", "NSW"], ["O", 'org'], ["CN", 'www.example.com'] ]
csr.public_key = rsa_key.public_key

extensions = OpenSSL::ASN1::Set [ OpenSSL::ASN1::Sequence([ subject_alt_name(domain_list) ]) ]
csr.add_attribute(OpenSSL::X509::Attribute.new('extReq', extensions))
csr.add_attribute(OpenSSL::X509::Attribute.new('msExtReq', extensions))

csr.sign rsa_key, OpenSSL::Digest::SHA256.new

puts csr.to_text if $VERBOSE

csr = OpenSSL::X509::Request.new pem = csr.to_pem
assert_equal 2, csr.attributes.length
ext_set = csr.attributes.first.value ; seq = ext_set.first.value
assert_equal 'subjectAltName', seq.first.value.first.value
dns = seq.first.value.last.value
assert dns =~ /test.example.com.*?test2.example.com.*?example.com.*?www.example.com/
end

def subject_alt_name(domains)
ef = OpenSSL::X509::ExtensionFactory.new
ef.create_extension("subjectAltName", domains.split(',').map { |d| "DNS: #{d}" }.join(','))
end
private :subject_alt_name

end