Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 96955cea18e4
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 292edaede831
Choose a head ref
  • 2 commits
  • 7 files changed
  • 1 contributor

Commits on Mar 13, 2017

  1. Copy the full SHA
    3336fb8 View commit details
  2. Copy the full SHA
    292edae View commit details
2 changes: 1 addition & 1 deletion Gemfile
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@ source 'https://rubygems.org'
gemspec

# for less surprises with newer releases
gem 'jar-dependencies', '<= 0.3.7', :require => nil
gem 'jar-dependencies', '~> 0.3.11', :require => nil

# for the rake task
gem 'ruby-maven', ENV['RUBY_MAVEN_VERSION'] || '~> 3.3.8'
2 changes: 1 addition & 1 deletion src/main/java/org/jruby/ext/openssl/OCSP.java
Original file line number Diff line number Diff line change
@@ -204,7 +204,7 @@ public static String getResponseStringForValue(IRubyObject fixnum) {
return responseMap.get((int)rubyFixnum.getLongValue());
}

public static RaiseException newOCSPError(Ruby runtime, Exception ex) {
static RaiseException newOCSPError(Ruby runtime, Exception ex) {
return Utils.newError(runtime, _OCSP(runtime).getClass("OCSPError"), ex);
}

56 changes: 27 additions & 29 deletions src/main/java/org/jruby/ext/openssl/OCSPBasicResponse.java
Original file line number Diff line number Diff line change
@@ -83,6 +83,7 @@

import static org.jruby.ext.openssl.Digest._Digest;
import static org.jruby.ext.openssl.OCSP._OCSP;
import static org.jruby.ext.openssl.OCSP.newOCSPError;
import static org.jruby.ext.openssl.X509._X509;

import java.io.IOException;
@@ -105,6 +106,7 @@
*/
public class OCSPBasicResponse extends RubyObject {
private static final long serialVersionUID = 8755480816625884227L;

private static final String OCSP_NOCERTS = "NOCERTS";
private static final String OCSP_NOCHAIN = "NOCHAIN";
private static final String OCSP_NOCHECKS = "NOCHECKS";
@@ -121,9 +123,9 @@ public IRubyObject allocate(Ruby runtime, RubyClass klass) {
}
};

public static void createBasicResponse(final Ruby runtime, final RubyModule _OCSP) {
RubyClass _BasicResponse = _OCSP.defineClassUnder("BasicResponse", runtime.getObject(), BASICRESPONSE_ALLOCATOR);
_BasicResponse.defineAnnotatedMethods(OCSPBasicResponse.class);
public static void createBasicResponse(final Ruby runtime, final RubyModule OCSP) {
RubyClass BasicResponse = OCSP.defineClassUnder("BasicResponse", runtime.getObject(), BASICRESPONSE_ALLOCATOR);
BasicResponse.defineAnnotatedMethods(OCSPBasicResponse.class);
}

private byte[] nonce;
@@ -371,7 +373,7 @@ public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {

@JRubyMethod(name = "verify", rest = true)
public IRubyObject verify(final ThreadContext context, IRubyObject[] args) {
Ruby runtime = getRuntime();
Ruby runtime = context.runtime;
int flags = 0;
IRubyObject certificates = args[0];
IRubyObject store = args[1];
@@ -385,7 +387,7 @@ public IRubyObject verify(final ThreadContext context, IRubyObject[] args) {
jcacvpb.setProvider("BC");
BasicOCSPResp basicOCSPResp = getBasicOCSPResp();

java.security.cert.Certificate signer = findSignerCert(asn1BCBasicOCSPResp, convertRubyCerts(certificates), flags);
java.security.cert.Certificate signer = findSignerCert(context, asn1BCBasicOCSPResp, convertRubyCerts(certificates), flags);
if ( signer == null ) return RubyBoolean.newBoolean(runtime, false);
if ( (flags & RubyFixnum.fix2int((RubyFixnum)_OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0 &&
(flags & RubyFixnum.fix2int((RubyFixnum)_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) != 0 ) {
@@ -426,10 +428,9 @@ else if (basicOCSPResp.getCerts() != null && (certificates != null && !((RubyArr
RubyArray rUntrustedCerts = RubyArray.newEmptyArray(runtime);
if (untrustedCerts != null) {
X509Cert[] rubyCerts = new X509Cert[untrustedCerts.size()];
untrustedCerts.toArray(rubyCerts);
rUntrustedCerts = RubyArray.newArray(runtime, rubyCerts);
rUntrustedCerts = RubyArray.newArray(runtime, untrustedCerts.toArray(rubyCerts));
}
X509StoreContext ctx = null;
X509StoreContext ctx;
try {
ctx = X509StoreContext.newStoreContext(context, (X509Store)store, X509Cert.wrap(runtime, signer), rUntrustedCerts);
}
@@ -438,7 +439,7 @@ else if (basicOCSPResp.getCerts() != null && (certificates != null && !((RubyArr
}

ctx.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER"));
ret = ((RubyBoolean)ctx.verify(context)).isTrue();
ret = ctx.verify(context).isTrue();
IRubyObject chain = ctx.chain(context);

if ((flags & RubyFixnum.fix2int((RubyFixnum)_OCSP(runtime).getConstant(OCSP_NOCHECKS))) > 0) {
@@ -473,20 +474,21 @@ else if (basicOCSPResp.getCerts() != null && (certificates != null && !((RubyArr
}

@JRubyMethod(name = "status")
public IRubyObject status() {
Ruby runtime = getRuntime();
RubyArray ret = RubyArray.newEmptyArray(runtime);
public IRubyObject status(ThreadContext context) {
final Ruby runtime = context.runtime;
RubyArray ret = RubyArray.newArray(runtime, singleResponses.size());

for (OCSPSingleResponse resp : singleResponses) {
RubyArray respAry = RubyArray.newEmptyArray(runtime);
RubyArray respAry = RubyArray.newArray(runtime, 7);

respAry.add(resp.certid());
respAry.add(resp.cert_status());
respAry.add(resp.revocation_reason());
respAry.add(resp.revocation_time());
respAry.add(resp.this_update());
respAry.add(resp.next_update());
respAry.add(resp.extensions());
respAry.append(resp.certid(context));
respAry.append(resp.cert_status());
respAry.append(resp.revocation_reason());
respAry.append(resp.revocation_time());
respAry.append(resp.this_update());
respAry.append(resp.next_update());
respAry.append(resp.extensions());

ret.add(respAry);
}

@@ -496,7 +498,7 @@ public IRubyObject status() {
@JRubyMethod(name = "to_der")
public IRubyObject to_der() {
Ruby runtime = getRuntime();
IRubyObject ret = null;
IRubyObject ret;
try {
ret = RubyString.newString(runtime, asn1BCBasicOCSPResp.getEncoded());
}
@@ -630,16 +632,12 @@ private List<java.security.cert.Certificate> convertRubyCerts(IRubyObject certif

return ret;
}

private static RaiseException newOCSPError(Ruby runtime, Exception e) {
return Utils.newError(runtime, _OCSP(runtime).getClass("OCSPError"), e);
}

private java.security.cert.Certificate findSignerCert(BasicOCSPResponse basicResp, List<java.security.cert.Certificate> certificates, int flags) {
Ruby runtime = getRuntime();
ThreadContext context = runtime.getCurrentContext();
private java.security.cert.Certificate findSignerCert(final ThreadContext context,
BasicOCSPResponse basicResp, List<java.security.cert.Certificate> certificates, int flags) {
final Ruby runtime = context.runtime;
ResponderID respID = basicResp.getTbsResponseData().getResponderID();
java.security.cert.Certificate ret = null;
java.security.cert.Certificate ret;
ret = findSignerByRespId(context, certificates, respID);

if (ret == null && (flags & RubyFixnum.fix2int((RubyFixnum)_OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0) {
5 changes: 1 addition & 4 deletions src/main/java/org/jruby/ext/openssl/OCSPCertificateId.java
Original file line number Diff line number Diff line change
@@ -60,6 +60,7 @@

import static org.jruby.ext.openssl.OCSP._OCSP;
import static org.jruby.ext.openssl.Digest._Digest;
import static org.jruby.ext.openssl.OCSP.newOCSPError;

/**
* An OpenSSL::OCSP::CertificateId identifies a certificate to the
@@ -314,8 +315,4 @@ public CertificateID getBCCertificateID() {
return new CertificateID(bcCertId);
}

private static RaiseException newOCSPError(Ruby runtime, Exception e) {
return Utils.newError(runtime, _OCSP(runtime).getClass("OCSPError"), e);
}

}
17 changes: 8 additions & 9 deletions src/main/java/org/jruby/ext/openssl/OCSPRequest.java
Original file line number Diff line number Diff line change
@@ -34,6 +34,8 @@

import static org.jruby.ext.openssl.Digest._Digest;
import static org.jruby.ext.openssl.OCSP._OCSP;
import static org.jruby.ext.openssl.OCSP.newOCSPError;
import static org.jruby.ext.openssl.OpenSSL.debugStackTrace;
import static org.jruby.ext.openssl.X509._X509;

import java.io.IOException;
@@ -205,15 +207,15 @@ public IRubyObject certid() {
}

@JRubyMethod(name = "check_nonce")
public IRubyObject check_nonce(IRubyObject response) {
Ruby runtime = getRuntime();
public IRubyObject check_nonce(ThreadContext context, IRubyObject response) {
final Ruby runtime = context.runtime;
if (response instanceof OCSPBasicResponse) {
OCSPBasicResponse rubyBasicRes = (OCSPBasicResponse) response;
return checkNonceImpl(runtime, this.nonce, rubyBasicRes.getNonce());
}
else if (response instanceof OCSPResponse) {
OCSPResponse rubyResp = (OCSPResponse) response;
return checkNonceImpl(runtime, this.nonce, ((OCSPBasicResponse)rubyResp.basic()).getNonce());
return checkNonceImpl(runtime, this.nonce, ((OCSPBasicResponse)rubyResp.basic(context)).getNonce());
}
else {
return checkNonceImpl(runtime, this.nonce, null);
@@ -222,7 +224,7 @@ else if (response instanceof OCSPResponse) {

@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
Ruby runtime = context.getRuntime();
final Ruby runtime = context.runtime;

int flag = 0;
IRubyObject additionalCerts = context.nil;
@@ -380,8 +382,8 @@ public IRubyObject verify(IRubyObject[] args) {
if (!ret) return RubyBoolean.newBoolean(runtime, false);
}
}
catch ( Exception e ) {
e.printStackTrace();
catch (Exception e) {
debugStackTrace(e);
throw newOCSPError(runtime, e);
}

@@ -473,8 +475,5 @@ public OCSPReq getBCOCSPReq() {
if (asn1bcReq == null) return null;
return new OCSPReq(asn1bcReq);
}
private static RaiseException newOCSPError(Ruby runtime, Exception e) {
return Utils.newError(runtime, _OCSP(runtime).getClass("OCSPError"), e);
}

}
18 changes: 7 additions & 11 deletions src/main/java/org/jruby/ext/openssl/OCSPResponse.java
Original file line number Diff line number Diff line change
@@ -33,6 +33,7 @@
package org.jruby.ext.openssl;

import static org.jruby.ext.openssl.OCSP._OCSP;
import static org.jruby.ext.openssl.OCSP.newOCSPError;

import java.io.IOException;

@@ -77,9 +78,9 @@ public OCSPResponse(Ruby runtime) {
this(runtime, (RubyClass) _OCSP(runtime).getConstantAt("Response"));
}

public static void createResponse(final Ruby runtime, final RubyModule _OCSP) {
RubyClass _request = _OCSP.defineClassUnder("Response", runtime.getObject(), RESPONSE_ALLOCATOR);
_request.defineAnnotatedMethods(OCSPResponse.class);
public static void createResponse(final Ruby runtime, final RubyModule OCSP) {
RubyClass Response = OCSP.defineClassUnder("Response", runtime.getObject(), RESPONSE_ALLOCATOR);
Response.defineAnnotatedMethods(OCSPResponse.class);
}

private org.bouncycastle.asn1.ocsp.OCSPResponse bcResp;
@@ -151,11 +152,10 @@ public IRubyObject initialize_copy(IRubyObject obj) {
}

@JRubyMethod(name = "basic")
public IRubyObject basic() {
Ruby runtime = getRuntime();
ThreadContext context = runtime.getCurrentContext();
public IRubyObject basic(ThreadContext context) {
Ruby runtime = context.runtime;
if (bcResp == null || bcResp.getResponseBytes() == null || bcResp.getResponseBytes().getResponse() == null) {
return getRuntime().getCurrentContext().nil;
return context.nil;
}
else {
OCSPBasicResponse ret = new OCSPBasicResponse(runtime);
@@ -188,9 +188,5 @@ public IRubyObject to_der() {
public org.bouncycastle.asn1.ocsp.OCSPResponse getBCResp() {
return bcResp;
}

private static RaiseException newOCSPError(Ruby runtime, Exception e) {
return Utils.newError(runtime, _OCSP(runtime).getClass("OCSPError"), e);
}

}
42 changes: 19 additions & 23 deletions src/main/java/org/jruby/ext/openssl/OCSPSingleResponse.java
Original file line number Diff line number Diff line change
@@ -33,6 +33,7 @@
package org.jruby.ext.openssl;

import static org.jruby.ext.openssl.OCSP._OCSP;
import static org.jruby.ext.openssl.OCSP.newOCSPError;

import java.io.IOException;
import java.text.ParseException;
@@ -117,9 +118,8 @@ public IRubyObject cert_status() {
}

@JRubyMethod(name = "certid")
public IRubyObject certid() {
Ruby runtime = getRuntime();
ThreadContext context = runtime.getCurrentContext();
public IRubyObject certid(ThreadContext context) {
Ruby runtime = context.runtime;
CertID bcCertId = bcSingleResponse.getCertID();
OCSPCertificateId rubyCertId = new OCSPCertificateId(runtime);
try {
@@ -182,22 +182,21 @@ public IRubyObject extensions() {
Ruby runtime = getRuntime();
Extensions exts = bcSingleResponse.getSingleExtensions();
if (exts == null) return RubyArray.newEmptyArray(runtime);
List<X509Extension> retExts = new ArrayList<X509Extension>();
List<ASN1ObjectIdentifier> extOids = Arrays.asList(exts.getExtensionOIDs());
for (ASN1ObjectIdentifier extOid : extOids) {
Extension ext = exts.getExtension(extOid);
ASN1ObjectIdentifier[] extOIDs = exts.getExtensionOIDs();
RubyArray retExts = runtime.newArray(extOIDs.length);
for (ASN1ObjectIdentifier extOID : extOIDs) {
Extension ext = exts.getExtension(extOID);
ASN1Encodable extAsn1 = ext.getParsedValue();
X509Extension retExt = X509Extension.newExtension(runtime, extOid, extAsn1, ext.isCritical());
retExts.add(retExt);
X509Extension retExt = X509Extension.newExtension(runtime, extOID, extAsn1, ext.isCritical());
retExts.append(retExt);
}

return RubyArray.newArray(runtime, retExts);
return retExts;
}

@JRubyMethod(name = "next_update")
public IRubyObject next_update() {
Ruby runtime = getRuntime();
if (bcSingleResponse.getNextUpdate() == null) return runtime.getCurrentContext().nil;
if (bcSingleResponse.getNextUpdate() == null) return runtime.getNil();
Date nextUpdate;
try {
nextUpdate = bcSingleResponse.getNextUpdate().getDate();
@@ -207,7 +206,7 @@ public IRubyObject next_update() {
}

if (nextUpdate == null) {
return runtime.getCurrentContext().nil;
return runtime.getNil();
}

return RubyTime.newTime(runtime, nextUpdate.getTime());
@@ -216,7 +215,7 @@ public IRubyObject next_update() {
@JRubyMethod(name = "this_update")
public IRubyObject this_update() {
Ruby runtime = getRuntime();
if (bcSingleResponse.getThisUpdate() == null) return runtime.getCurrentContext().nil;
if (bcSingleResponse.getThisUpdate() == null) return runtime.getNil();
Date thisUpdate;
try {
thisUpdate = bcSingleResponse.getThisUpdate().getDate();
@@ -232,18 +231,18 @@ public IRubyObject this_update() {
public IRubyObject revocation_reason() {
Ruby runtime = getRuntime();
RubyFixnum revoked = (RubyFixnum) _OCSP(runtime).getConstant("V_CERTSTATUS_REVOKED");
if (bcSingleResponse.getCertStatus().getTagNo() == (int)revoked.getLongValue()) {
if (bcSingleResponse.getCertStatus().getTagNo() == (int) revoked.getLongValue()) {
try {
RevokedInfo revokedInfo = RevokedInfo.getInstance(
DERTaggedObject.fromByteArray(bcSingleResponse.getCertStatus().getStatus().toASN1Primitive().getEncoded())
);
DERTaggedObject.fromByteArray(bcSingleResponse.getCertStatus().getStatus().toASN1Primitive().getEncoded())
);
return RubyFixnum.newFixnum(runtime, revokedInfo.getRevocationReason().getValue().intValue());
}
catch (IOException e) {
throw newOCSPError(runtime, e);
}
}
return runtime.getCurrentContext().nil;
return runtime.getNil();
}

@JRubyMethod(name = "revocation_time")
@@ -261,7 +260,7 @@ public IRubyObject revocation_time() {
throw newOCSPError(runtime, e);
}
}
return runtime.getCurrentContext().nil;
return runtime.getNil();
}

@JRubyMethod(name = "to_der")
@@ -312,8 +311,5 @@ private boolean checkValidityImpl(Date thisUpdate, Date nextUpdate, int nsec, in

return ret;
}

private static RaiseException newOCSPError(Ruby runtime, Exception e) {
return Utils.newError(runtime, _OCSP(runtime).getClass("OCSPError"), e);
}

}