Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d78fb681ea5c
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: eb200e5341e8
Choose a head ref
  • 2 commits
  • 5 files changed
  • 1 contributor

Commits on Apr 20, 2016

  1. we should handle newer (jruby 9K included) jar_dependencies as well

    @kares
    kares committed Apr 20, 2016
    1
    Copy the full SHA
    60e9eb1 View commit details

  2. (hopefully) improve mem consumption by default when comparing cert su… 

    …bjects

relates to #86
    @kares
    kares committed Apr 20, 2016
    Copy the full SHA
    eb200e5 View commit details
2 changes: 1 addition & 1 deletion jruby-openssl.gemspec
View file
Original file line number Diff line number Diff line change
@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
s.requirements << "jar org.bouncycastle:bcpkix-jdk15on, #{bc_version}"
s.requirements << "jar org.bouncycastle:bcprov-jdk15on, #{bc_version}"

s.add_development_dependency 'jar-dependencies', '~> 0.1.0'
s.add_development_dependency 'jar-dependencies', '~> 0.1'

s.add_development_dependency 'mocha', '~> 1.1.0'
s.add_development_dependency 'ruby-maven', '~> 3.0'
12 changes: 9 additions & 3 deletions pom.xml
View file
Original file line number Diff line number Diff line change
@@ -58,6 +58,7 @@ DO NOT MODIFIY - GENERATED CODE
</distributionManagement>
<properties>
<bc.versions>1.54</bc.versions>
<mavengem.wagon.version>0.2.0</mavengem.wagon.version>
<jruby.plugins.version>1.0.10</jruby.plugins.version>
<invoker.skip>${maven.test.skip}</invoker.skip>
<jruby.version>1.7.18</jruby.version>
@@ -73,7 +74,7 @@ DO NOT MODIFIY - GENERATED CODE
<dependency>
<groupId>rubygems</groupId>
<artifactId>jar-dependencies</artifactId>
<version>[0.1.0,0.1.99999]</version>
<version>[0.1,0.99999]</version>
<type>gem</type>
<scope>test</scope>
</dependency>
@@ -116,8 +117,8 @@ DO NOT MODIFIY - GENERATED CODE
</dependencies>
<repositories>
<repository>
<id>rubygems-releases</id>
<url>http://rubygems-proxy.torquebox.org/releases</url>
<id>mavengems</id>
<url>mavengem:https://rubygems.org</url>
</repository>
<repository>
<releases>
@@ -132,6 +133,11 @@ DO NOT MODIFIY - GENERATED CODE
</repositories>
<build>
<extensions>
<extension>
<groupId>org.torquebox.mojo</groupId>
<artifactId>mavengem-wagon</artifactId>
<version>${mavengem.wagon.version}</version>
</extension>
<extension>
<groupId>de.saumya.mojo</groupId>
<artifactId>gem-with-jar-extension</artifactId>
4 changes: 2 additions & 2 deletions src/main/java/org/jruby/ext/openssl/x509store/Certificate.java
View file
Original file line number Diff line number Diff line change
@@ -47,14 +47,14 @@ public int type() {

@Override
public boolean isName(final Name name) {
return name.equalTo( x509.getSubjectX500Principal() );
return name.equalToCertificateSubject(x509);
}

@Override
public boolean matches(final X509Object other) {
if (other instanceof Certificate) {
final Certificate that = (Certificate) other;
return this.x509.getSubjectX500Principal().equals( that.x509.getSubjectX500Principal() );
return X509AuxCertificate.equalSubjects(this.x509, that.x509);
}
return false;
}
25 changes: 24 additions & 1 deletion src/main/java/org/jruby/ext/openssl/x509store/Name.java
View file
Original file line number Diff line number Diff line change
@@ -30,10 +30,14 @@
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;

import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.X509CertificateObject;

import org.jruby.ext.openssl.SecurityHelper;

@@ -73,7 +77,7 @@ public static int hash(final X500Name name) throws IOException {

private transient int hash = 0;

public int hash() {
public final int hash() {
try {
return hash == 0 ? hash = hash(name) : hash;
}
@@ -106,6 +110,12 @@ public boolean equalTo(final X500Name name) {
return this.name.equals(name);
}

@SuppressWarnings("deprecation")
final boolean equalTo(final Principal principal) {
// assuming "legacy" non X500Principal impl (from BC)
return new X509Principal(this.name).equals(principal);
}

public boolean equalTo(final X500Principal principal) {
try {
return new X500Principal(this.name.getEncoded(ASN1Encoding.DER)).equals(principal);
@@ -115,4 +125,17 @@ public boolean equalTo(final X500Principal principal) {
}
}

public final boolean equalToCertificateSubject(final X509AuxCertificate wrapper) {
// on Oracle/OpenJDK internal certificates: sun.security.x509.X509CertImpl
// BC: class org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject
final X509Certificate cert = wrapper.cert;
if ( cert == null ) return equalTo( wrapper.getSubjectX500Principal() );

if ( cert instanceof X509CertificateObject ) {
return equalTo( cert.getSubjectDN() );
}
// otherwise need to take the 'expensive' path :
return equalTo( cert.getSubjectX500Principal() );
}

}// X509_NAME
17 changes: 14 additions & 3 deletions src/main/java/org/jruby/ext/openssl/x509store/X509AuxCertificate.java
View file
Original file line number Diff line number Diff line change
@@ -55,6 +55,7 @@
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.jce.provider.X509CertificateObject;

import org.jruby.ext.openssl.SecurityHelper;

@@ -68,7 +69,7 @@
public class X509AuxCertificate extends X509Certificate implements Cloneable {
private static final long serialVersionUID = -909543379295427515L;

private final X509Certificate cert;
final X509Certificate cert;

final X509Aux aux;

@@ -235,7 +236,7 @@ public boolean equals(Object other) {
}

@Override
public int hashCode() {
public int hashCode() {
int ret = cert.hashCode();
ret += 3 * (aux == null ? 1 : aux.hashCode());
return ret;
@@ -255,7 +256,7 @@ public void verify(PublicKey key, String sigProvider) throws CertificateExceptio
}

@Override
public Set<String> getCriticalExtensionOIDs() {
public Set<String> getCriticalExtensionOIDs() {
return cert.getCriticalExtensionOIDs();
}

@@ -299,4 +300,14 @@ public Integer getNsCertType() throws CertificateException {
}
}

static boolean equalSubjects(final X509AuxCertificate cert1, final X509AuxCertificate cert2) {
if ( cert1.cert == cert2.cert ) return true;

if ( cert1.cert instanceof X509CertificateObject && cert2.cert instanceof X509CertificateObject ) {
return cert1.cert.getSubjectDN().equals( cert2.cert.getSubjectDN() ); // less expensive on mem
}
// otherwise need to take the 'expensive' path :
return cert1.getSubjectX500Principal().equals( cert2.getSubjectX500Principal() );
}

}// X509AuxCertificate