Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 657eee5151a4
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: d78fa0394af5
Choose a head ref
  • 16 commits
  • 65 files changed
  • 1 contributor

Commits on May 28, 2018

  1. validate iter parameter on Cipher#pkcs5_keyivgen (since OpenSSL 2.0.8)

    @kares
    kares committed May 28, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    0fdc6cb View commit details

Commits on May 30, 2018

  1. re-import .rb files and refactor some of the native methods 

    - 23 versions are actually based on latest openssl gem (2.5)
    @kares
    kares committed May 30, 2018
    Copy the full SHA
    c16d785 View commit details

  2. follow-up to provide == for X.509 types (like C-OpenSSL does in 2.1)

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    0fbba2f View commit details

  3. undo some of the call-sites in SSLSocket - account for sub-classes

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    6108a9d View commit details

  4. [refactor] internal BIO impl - for less cast-ing and/or byte copy-ing

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    3d60286 View commit details

  5. support PKCS7#decrypt with 1 argument (pkey only - without certificate)

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    98fbfc6 View commit details

  6. [refactor] and do not print-stack-trace in PKCS7 impl -> wrap causes

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    4c87774 View commit details

  7. rename ugly-sh "Jopenssl" constant to **JOpenSSL**

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    c4c89e4 View commit details

  8. lazy load OpenSSL::PKCS12 - on demand (since RGs requires openssl)

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    d5215aa View commit details

  9. SSLContext#security_level= already in native -> make it not raise

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    77edfdd View commit details

  10. [refactor] do not lookup OpenSSL module since its there as a param

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    991b92a View commit details

  11. [feat] support OpenSSL::KDF as a (semi) OpenSSL::PKCS5 replacement

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    0131dc9 View commit details

  12. load OpenSSL::Config lazily (also) - not much use for it in JOpenSSL

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    313bbff View commit details

  13. [refactor] passing around class-es during boot instead of lookup ...

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    bfa3de3 View commit details

  14. avoid, once again, installing BC provider on boot (due OCSP support)

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    3c2ddfc View commit details

  15. test CI against 9.2 and re-generate pom with a JRuby 9.2 profile

    @kares
    kares committed May 30, 2018
    Copy the full SHA
    d78fa03 View commit details
Showing with 1,325 additions and 1,017 deletions.
  1. +3 −0 .travis.yml
  2. +1 −1 Mavenfile
  3. +6 −3 lib/jopenssl/load.rb
  4. +2 −1 lib/jopenssl/version.rb
  5. +104 −0 lib/jopenssl19/openssl/ssl-internal.rb
  6. +16 −16 lib/jopenssl22/openssl/ssl.rb
  7. +1 −1 lib/jopenssl23/openssl.rb
  8. +2 −1 lib/jopenssl23/openssl/bn.rb
  9. +34 −23 lib/jopenssl23/openssl/buffering.rb
  10. +65 −64 lib/jopenssl23/openssl/config.rb
  11. +1 −1 lib/jopenssl23/openssl/digest.rb
  12. +22 −34 lib/jopenssl23/openssl/pkey.rb
  13. +187 −121 lib/jopenssl23/openssl/ssl.rb
  14. +7 −1 lib/jopenssl23/openssl/x509.rb
  15. +0 −112 lib/jopenssl24.rb
  16. +9 −1 lib/openssl/config.rb
  17. +22 −0 lib/openssl/pkcs5.rb
  18. +9 −47 pom.xml
  19. +1 −2 src/main/java/org/jruby/ext/openssl/ASN1.java
  20. +2 −3 src/main/java/org/jruby/ext/openssl/BN.java
  21. +9 −7 src/main/java/org/jruby/ext/openssl/Cipher.java
  22. +1 −0 src/main/java/org/jruby/ext/openssl/Config.java
  23. +3 −4 src/main/java/org/jruby/ext/openssl/Digest.java
  24. +2 −3 src/main/java/org/jruby/ext/openssl/HMAC.java
  25. +74 −0 src/main/java/org/jruby/ext/openssl/KDF.java
  26. +5 −7 src/main/java/org/jruby/ext/openssl/NetscapeSPKI.java
  27. +37 −6 src/main/java/org/jruby/ext/openssl/OCSP.java
  28. +40 −61 src/main/java/org/jruby/ext/openssl/OCSPBasicResponse.java
  29. +1 −3 src/main/java/org/jruby/ext/openssl/OCSPCertificateId.java
  30. +14 −30 src/main/java/org/jruby/ext/openssl/OCSPRequest.java
  31. +4 −9 src/main/java/org/jruby/ext/openssl/OCSPResponse.java
  32. +2 −7 src/main/java/org/jruby/ext/openssl/OCSPSingleResponse.java
  33. +21 −18 src/main/java/org/jruby/ext/openssl/OpenSSL.java
  34. +33 −24 src/main/java/org/jruby/ext/openssl/PKCS5.java
  35. +32 −29 src/main/java/org/jruby/ext/openssl/PKCS7.java
  36. +7 −8 src/main/java/org/jruby/ext/openssl/PKey.java
  37. +1 −4 src/main/java/org/jruby/ext/openssl/PKeyDH.java
  38. +1 −2 src/main/java/org/jruby/ext/openssl/PKeyDSA.java
  39. +5 −7 src/main/java/org/jruby/ext/openssl/PKeyEC.java
  40. +1 −2 src/main/java/org/jruby/ext/openssl/PKeyRSA.java
  41. +1 −2 src/main/java/org/jruby/ext/openssl/Random.java
  42. +16 −62 src/main/java/org/jruby/ext/openssl/SSL.java
  43. +5 −48 src/main/java/org/jruby/ext/openssl/SSLContext.java
  44. +2 −5 src/main/java/org/jruby/ext/openssl/SSLSession.java
  45. +79 −49 src/main/java/org/jruby/ext/openssl/SSLSocket.java
  46. +39 −3 src/main/java/org/jruby/ext/openssl/Utils.java
  47. +10 −9 src/main/java/org/jruby/ext/openssl/X509.java
  48. +27 −8 src/main/java/org/jruby/ext/openssl/X509Attribute.java
  49. +22 −13 src/main/java/org/jruby/ext/openssl/X509CRL.java
  50. +1 −2 src/main/java/org/jruby/ext/openssl/X509Cert.java
  51. +36 −7 src/main/java/org/jruby/ext/openssl/X509Extension.java
  52. +3 −4 src/main/java/org/jruby/ext/openssl/X509Name.java
  53. +36 −11 src/main/java/org/jruby/ext/openssl/X509Request.java
  54. +4 −6 src/main/java/org/jruby/ext/openssl/X509Revoked.java
  55. +1 −2 src/main/java/org/jruby/ext/openssl/X509Store.java
  56. +10 −5 src/main/java/org/jruby/ext/openssl/impl/BIO.java
  57. +10 −6 src/main/java/org/jruby/ext/openssl/impl/EVP.java
  58. +17 −10 src/main/java/org/jruby/ext/openssl/impl/MemBIO.java
  59. +4 −0 src/main/java/org/jruby/ext/openssl/impl/NotVerifiedPKCS7Exception.java
  60. +34 −53 src/main/java/org/jruby/ext/openssl/impl/PKCS7.java
  61. +2 −2 src/main/java/org/jruby/ext/openssl/impl/PKCS7Exception.java
  62. +60 −39 src/test/ruby/pkcs5/test_pbkdf2.rb
  63. +90 −0 src/test/ruby/pkcs7/test_pkcs7.rb
  64. +14 −4 src/test/ruby/ssl/test_socket.rb
  65. +15 −4 src/test/ruby/test_helper.rb
3 changes: 3 additions & 0 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -45,6 +45,9 @@ matrix:
- jdk: oraclejdk9
env: TEST_COMMAND="jruby -rbundler/setup -S rmvn test-compile && jruby -S rake test" BUNDLE_INSTALL=true
rvm: jruby-9.1.17.0
- jdk: oraclejdk8
env: TEST_COMMAND="jruby -rbundler/setup -S rmvn test-compile && jruby -S rake test" BUNDLE_INSTALL=true
rvm: jruby-9.2.0.0
- jdk: oraclejdk9
env: TEST_COMMAND="jruby -rbundler/setup -S rmvn test-compile && jruby -S rake test" BUNDLE_INSTALL=true
rvm: jruby-head
2 changes: 1 addition & 1 deletion Mavenfile
View file
Original file line number Diff line number Diff line change
@@ -171,7 +171,7 @@ end

}

jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 9.1.13.0 9.1.16.0 9.1.17.0 }
jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 9.2.0.0 }

jruby_9_K_versions.each { |version|
profile :id => "test-#{version}" do
9 changes: 6 additions & 3 deletions lib/jopenssl/load.rb
View file
Original file line number Diff line number Diff line change
@@ -3,11 +3,11 @@
require 'java'
require 'jopenssl/version'

warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{Jopenssl::VERSION}" if JRUBY_VERSION < '1.7.20'
warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{JOpenSSL::VERSION}" if JRUBY_VERSION < '1.7.20'

# NOTE: assuming user does pull in BC .jars from somewhere else on the CP
unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
version = Jopenssl::BOUNCY_CASTLE_VERSION
version = JOpenSSL::BOUNCY_CASTLE_VERSION
bc_jars = nil
begin
require 'jar-dependencies'
@@ -41,4 +41,7 @@
load 'jopenssl19/openssl.rb'
end

require 'openssl/pkcs12'
module OpenSSL
autoload :Config, 'openssl/config' unless const_defined?(:Config, false)
autoload :PKCS12, 'openssl/pkcs12'
end
3 changes: 2 additions & 1 deletion lib/jopenssl/version.rb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
module Jopenssl
module JOpenSSL
VERSION = '0.10.1.dev'
BOUNCY_CASTLE_VERSION = '1.59'
end
Jopenssl = JOpenSSL
104 changes: 104 additions & 0 deletions lib/jopenssl19/openssl/ssl-internal.rb
View file
Original file line number Diff line number Diff line change
@@ -19,6 +19,104 @@

module OpenSSL
module SSL
class SSLContext
DEFAULT_PARAMS = {
:ssl_version => "SSLv23",
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
:ciphers => %w{
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
DHE-DSS-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
DHE-DSS-AES128-SHA256
DHE-DSS-AES256-SHA256
DHE-DSS-AES128-SHA
DHE-DSS-AES256-SHA
AES128-GCM-SHA256
AES256-GCM-SHA384
AES128-SHA256
AES256-SHA256
AES128-SHA
AES256-SHA
ECDHE-ECDSA-RC4-SHA
ECDHE-RSA-RC4-SHA
RC4-SHA
}.join(":"),
:options => -> {
opts = OpenSSL::SSL::OP_ALL
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
opts
}.call
} unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java

begin
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
DEFAULT_CERT_STORE.set_default_paths
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
end
end unless const_defined? :DEFAULT_CERT_STORE

def set_params(params={})
params = DEFAULT_PARAMS.merge(params)
params.each{|name, value| self.__send__("#{name}=", value) }
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
unless self.ca_file or self.ca_path or self.cert_store
self.cert_store = DEFAULT_CERT_STORE
end
end
return params
end unless method_defined? :set_params
end

module SocketForwarder
def addr
to_io.addr
end

def peeraddr
to_io.peeraddr
end

def setsockopt(level, optname, optval)
to_io.setsockopt(level, optname, optval)
end

def getsockopt(level, optname)
to_io.getsockopt(level, optname)
end

def fcntl(*args)
to_io.fcntl(*args)
end

def closed?
to_io.closed?
end

def do_not_reverse_lookup=(flag)
to_io.do_not_reverse_lookup = flag
end
end

def verify_certificate_identity(cert, hostname)
should_verify_common_name = true
@@ -63,6 +161,12 @@ class SSLSocket
include SocketForwarder
include Nonblock

def sysclose
return if closed?
stop
io.close if sync_close
end unless method_defined? :sysclose

def post_connection_check(hostname)
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
raise SSLError, "hostname does not match the server certificate"
32 changes: 16 additions & 16 deletions lib/jopenssl22/openssl/ssl.rb
View file
Original file line number Diff line number Diff line change
@@ -68,13 +68,13 @@ class SSLContext
}.call
} unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java

unless const_defined? :DEFAULT_CERT_STORE # JRuby specific
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
DEFAULT_CERT_STORE.set_default_paths
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
end
end
begin
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
DEFAULT_CERT_STORE.set_default_paths
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
end
end unless const_defined? :DEFAULT_CERT_STORE

##
# Sets the parameters for this SSL context to the values in +params+.
@@ -86,14 +86,14 @@ class SSLContext

def set_params(params={})
params = DEFAULT_PARAMS.merge(params)
params.each{|name, value| self.__send__("#{name}=", value) }
params.each { |name, value| self.__send__("#{name}=", value) }
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
unless self.ca_file or self.ca_path or self.cert_store
self.cert_store = DEFAULT_CERT_STORE
end
end
return params
end unless method_defined? :set_params # JRuby: hooked up in "native" Java
end unless method_defined? :set_params
end

module SocketForwarder
@@ -124,7 +124,7 @@ def closed?
def do_not_reverse_lookup=(flag)
to_io.do_not_reverse_lookup = flag
end
end unless const_defined? :SocketForwarder # JRuby: hooked up in "native" Java
end

module Nonblock
def initialize(*args)
@@ -228,6 +228,12 @@ class SSLSocket
include SocketForwarder
include Nonblock

def sysclose
return if closed?
stop
io.close if sync_close
end unless method_defined? :sysclose

##
# Perform hostname verification after an SSL connection is established
#
@@ -248,12 +254,6 @@ def post_connection_check(hostname)
return true
end

#def session
# SSL::Session.new(self)
#rescue SSL::Session::SessionError
# nil
#end

private

def using_anon_cipher?
2 changes: 1 addition & 1 deletion lib/jopenssl23/openssl.rb
View file
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@
require 'openssl/bn'
require 'openssl/pkey'
require 'openssl/cipher'
require 'openssl/config'
require 'openssl/config' if OpenSSL.const_defined?(:Config, false)
require 'openssl/digest'
require 'openssl/x509'
require 'openssl/ssl'
3 changes: 2 additions & 1 deletion lib/jopenssl23/openssl/bn.rb
View file
Original file line number Diff line number Diff line change
@@ -25,8 +25,9 @@ def pretty_print(q)
end # OpenSSL

##
#--
# Add double dispatch to Integer
#
#++
class Integer
# Casts an Integer as an OpenSSL::BN
#
Loading