Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 279bd0a1ceb7
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 955645736df1
Choose a head ref
  • 15 commits
  • 49 files changed
  • 1 contributor

Commits on Jan 23, 2017

  1. Copy the full SHA
    697b511 View commit details
  2. Copy the full SHA
    77639f1 View commit details
  3. Copy the full SHA
    e701a4f View commit details
  4. Copy the full SHA
    342042f View commit details
  5. Copy the full SHA
    f69a6e7 View commit details
  6. Copy the full SHA
    5b5e0e5 View commit details
  7. Copy the full SHA
    ba7cb83 View commit details
  8. Copy the full SHA
    37c988c View commit details
  9. Copy the full SHA
    8620d33 View commit details
  10. Copy the full SHA
    2a0bb7a View commit details
  11. Copy the full SHA
    84a1ef1 View commit details
  12. Copy the full SHA
    3b5553d View commit details
  13. upgrade BC to 1.56

    kares committed Jan 23, 2017
    Copy the full SHA
    a721ae8 View commit details

Commits on Mar 2, 2017

  1. preparing for 0.9.20 release

    kares committed Mar 2, 2017
    Copy the full SHA
    5136388 View commit details
  2. Merge branch 'master' of github.com:jruby/jruby-openssl

    * 'master' of github.com:jruby/jruby-openssl:
      Add renegotiation cb (#121)
    kares committed Mar 2, 2017
    Copy the full SHA
    9556457 View commit details
Showing with 129 additions and 5,632 deletions.
  1. +1 −1 LICENSE.txt
  2. +2 −2 README.md
  3. +2 −2 lib/jopenssl/version.rb
  4. +3 −3 pom.xml
  5. +5 −1 src/main/java/org/jruby/ext/openssl/Cipher.java
  6. +7 −13 src/main/java/org/jruby/ext/openssl/PKey.java
  7. +13 −0 src/main/java/org/jruby/ext/openssl/PKeyDH.java
  8. +16 −0 src/main/java/org/jruby/ext/openssl/PKeyDSA.java
  9. +19 −0 src/main/java/org/jruby/ext/openssl/PKeyRSA.java
  10. +7 −0 src/main/java/org/jruby/ext/openssl/SSLContext.java
  11. +1 −0 src/main/java/org/jruby/ext/openssl/SSLSocket.java
  12. +12 −0 src/main/java/org/jruby/ext/openssl/X509Attribute.java
  13. +8 −2 src/main/java/org/jruby/ext/openssl/X509Cert.java
  14. +12 −0 src/main/java/org/jruby/ext/openssl/X509Extension.java
  15. +5 −1 src/main/java/org/jruby/ext/openssl/X509Request.java
  16. +1 −0 src/main/java/org/jruby/ext/openssl/X509Store.java
  17. +1 −0 src/main/java/org/jruby/ext/openssl/X509StoreContext.java
  18. +14 −0 src/main/java/org/jruby/ext/openssl/impl/PKCS10Request.java
  19. +0 −81 src/test/ossl/1.9/ssl_server.rb
  20. +0 −609 src/test/ossl/1.9/test_asn1.rb
  21. +0 −23 src/test/ossl/1.9/test_bn.rb
  22. +0 −88 src/test/ossl/1.9/test_buffering.rb
  23. +0 −105 src/test/ossl/1.9/test_cipher.rb
  24. +0 −289 src/test/ossl/1.9/test_config.rb
  25. +0 −118 src/test/ossl/1.9/test_digest.rb
  26. +0 −15 src/test/ossl/1.9/test_engine.rb
  27. +0 −32 src/test/ossl/1.9/test_hmac.rb
  28. +0 −50 src/test/ossl/1.9/test_ns_spki.rb
  29. +0 −47 src/test/ossl/1.9/test_ocsp.rb
  30. +0 −250 src/test/ossl/1.9/test_pair.rb
  31. +0 −209 src/test/ossl/1.9/test_pkcs12.rb
  32. +0 −156 src/test/ossl/1.9/test_pkcs7.rb
  33. +0 −72 src/test/ossl/1.9/test_pkey_dh.rb
  34. +0 −224 src/test/ossl/1.9/test_pkey_dsa.rb
  35. +0 −186 src/test/ossl/1.9/test_pkey_ec.rb
  36. +0 −244 src/test/ossl/1.9/test_pkey_rsa.rb
  37. +0 −499 src/test/ossl/1.9/test_ssl.rb
  38. +0 −327 src/test/ossl/1.9/test_ssl_session.rb
  39. +0 −218 src/test/ossl/1.9/test_x509cert.rb
  40. +0 −221 src/test/ossl/1.9/test_x509crl.rb
  41. +0 −69 src/test/ossl/1.9/test_x509ext.rb
  42. +0 −366 src/test/ossl/1.9/test_x509name.rb
  43. +0 −150 src/test/ossl/1.9/test_x509req.rb
  44. +0 −229 src/test/ossl/1.9/test_x509store.rb
  45. +0 −313 src/test/ossl/1.9/utils.rb
  46. +0 −48 src/test/ossl/fixture/common.pem
  47. +0 −29 src/test/ossl/fixture/max.pem
  48. +0 −212 src/test/ossl/ruby/envutil.rb
  49. +0 −128 src/test/ossl/ruby/ut_eof.rb
2 changes: 1 addition & 1 deletion LICENSE.txt
Original file line number Diff line number Diff line change
@@ -18,7 +18,7 @@ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Copyright (C) 2007-2009 Ola Bini <ola.bini@gmail.com>
Copyright (C) 2009-2016 The JRuby Team
Copyright (C) 2009-2017 The JRuby Team

Alternatively, the contents of this file may be used under the terms of
either of the GNU General Public License Version 2 or later (the "GPL"),
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -62,11 +62,11 @@ NOTE: you can pick any jruby version which is on [central][4] or on [ci.jruby][5

## License

(c) 2009-2016 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
(c) 2009-2017 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1

[0]: https://secure.travis-ci.org/jruby/jruby-openssl.png
[1]: http://xircles.codehaus.org/projects/jruby/lists
[2]: https://github.com/jruby/jruby/issues
[3]: https://github.com/jruby/jruby-openssl/tree/master/integration
[4]: http://central.maven.org/maven2/org/jruby/
[5]: http://ci.jruby.org/snapshots/maven/org.jruby/
[5]: http://ci.jruby.org/snapshots/maven/org.jruby/
4 changes: 2 additions & 2 deletions lib/jopenssl/version.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module Jopenssl
VERSION = '0.9.20.dev'
BOUNCY_CASTLE_VERSION = '1.55'
VERSION = '0.9.20'
BOUNCY_CASTLE_VERSION = '1.56'
# @deprecated
module Version
# @private
6 changes: 3 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ DO NOT MODIFIY - GENERATED CODE
<modelVersion>4.0.0</modelVersion>
<groupId>rubygems</groupId>
<artifactId>jruby-openssl</artifactId>
<version>0.9.20.dev-SNAPSHOT</version>
<version>0.9.20</version>
<packaging>gem</packaging>
<name>JRuby OpenSSL</name>
<description>JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.</description>
@@ -94,12 +94,12 @@ DO NOT MODIFIY - GENERATED CODE
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.55</version>
<version>1.56</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.55</version>
<version>1.56</version>
</dependency>
<dependency>
<groupId>org.jruby</groupId>
6 changes: 5 additions & 1 deletion src/main/java/org/jruby/ext/openssl/Cipher.java
Original file line number Diff line number Diff line change
@@ -1008,7 +1008,11 @@ public IRubyObject pkcs5_keyivgen(final ThreadContext context, final IRubyObject
throw newCipherError(runtime, "salt must be an 8-octet string");
}

final String algorithm = vdigest.isNil() ? "MD5" : ((Digest) vdigest).getAlgorithm();
final String algorithm;
if ( vdigest.isNil() ) algorithm = "MD5";
else {
algorithm = (vdigest instanceof Digest) ? ((Digest) vdigest).getAlgorithm() : vdigest.asJavaString();
}
final MessageDigest digest = Digest.getDigest(runtime, algorithm);
KeyAndIv result = evpBytesToKey(keyLength, ivLength, digest, salt, pass, iter);
this.key = result.key;
20 changes: 7 additions & 13 deletions src/main/java/org/jruby/ext/openssl/PKey.java
Original file line number Diff line number Diff line change
@@ -214,10 +214,8 @@ public RubyString export(final IRubyObject[] args) {
@JRubyMethod(name = "sign")
public IRubyObject sign(IRubyObject digest, IRubyObject data) {
final Ruby runtime = getRuntime();
if ( ! isPrivateKey() ) {
throw runtime.newArgumentError("Private key is needed.");
}
String digAlg = ((Digest) digest).getShortAlgorithm();
if ( ! isPrivateKey() ) throw runtime.newArgumentError("Private key is needed.");
String digAlg = (digest instanceof Digest) ? ((Digest) digest).getShortAlgorithm() : digest.asJavaString();
try {
ByteList sign = sign(digAlg + "WITH" + getAlgorithm(), getPrivateKey(), data.convertToString().getByteList());
return RubyString.newString(runtime, sign);
@@ -238,12 +236,10 @@ static ByteList sign(final String signAlg, final PrivateKey privateKey, final By
@JRubyMethod(name = "verify")
public IRubyObject verify(IRubyObject digest, IRubyObject sign, IRubyObject data) {
final Ruby runtime = getRuntime();
if ( ! (digest instanceof Digest) ) {
throw newPKeyError(runtime, "invalid digest");
}
ByteList sigBytes = convertToString(runtime, sign, "OpenSSL::PKey::PKeyError", "invalid signature").getByteList();
ByteList dataBytes = convertToString(runtime, data, "OpenSSL::PKey::PKeyError", "invalid data").getByteList();
String algorithm = ((Digest) digest).getShortAlgorithm() + "WITH" + getAlgorithm();
String digAlg = (digest instanceof Digest) ? ((Digest) digest).getShortAlgorithm() : digest.asJavaString();
final String algorithm = digAlg + "WITH" + getAlgorithm();
try {
return runtime.newBoolean( verify(algorithm, getPublicKey(), dataBytes, sigBytes) );
}
@@ -414,14 +410,12 @@ static void supportedSignatureAlgorithm(final Ruby runtime, final RubyClass erro
final String keyAlg = key.getAlgorithm();
final String digAlg = digest.getShortAlgorithm();
if ( ( "DSA".equalsIgnoreCase(keyAlg) && "MD5".equalsIgnoreCase(digAlg)) ||
( "RSA".equalsIgnoreCase(keyAlg) && "DSS1".equals( digest.name().toString() ) ) ||
( "DSA".equalsIgnoreCase(keyAlg) && "SHA1".equals( digest.name().toString() ) ) ) {
throw Utils.newError(runtime, errorClass, "unsupported key / digest algorithm ( "+ key +" / "+ digAlg +" )");
( "RSA".equalsIgnoreCase(keyAlg) && "DSS1".equals( digest.name().toString() ) ) ) {
throw Utils.newError(runtime, errorClass, "unsupported key / digest algorithm ( "+ keyAlg +" / "+ digAlg +" )");
}
}

static void supportedSignatureAlgorithm(final Ruby runtime,
final PKey key, final Digest digest) {
static void supportedSignatureAlgorithm(final Ruby runtime, final PKey key, final Digest digest) {
supportedSignatureAlgorithm(runtime, _OpenSSLError(runtime), key, digest);
}

13 changes: 13 additions & 0 deletions src/main/java/org/jruby/ext/openssl/PKeyDH.java
Original file line number Diff line number Diff line change
@@ -110,6 +110,19 @@ public PKeyDH(Ruby runtime, RubyClass clazz) {
super(runtime, clazz);
}

@Override
public IRubyObject initialize_copy(final IRubyObject original) {
if (this == original) return this;
checkFrozen();

final PKeyDH that = (PKeyDH) original;
this.dh_p = that.dh_p;
this.dh_g = that.dh_g;
this.dh_y = that.dh_y;
this.dh_x = that.dh_x;
return this;
}

@JRubyMethod(name="initialize", rest=true, visibility = Visibility.PRIVATE)
public synchronized IRubyObject initialize(final ThreadContext context, final IRubyObject[] args) {
final Ruby runtime = context.runtime;
16 changes: 16 additions & 0 deletions src/main/java/org/jruby/ext/openssl/PKeyDSA.java
Original file line number Diff line number Diff line change
@@ -113,6 +113,22 @@ public PKeyDSA(Ruby runtime, RubyClass type, DSAPrivateKey privKey, DSAPublicKey
private transient volatile BigInteger dsa_q;
private transient volatile BigInteger dsa_g;

@Override
public IRubyObject initialize_copy(final IRubyObject original) {
if (this == original) return this;
checkFrozen();

final PKeyDSA that = (PKeyDSA) original;
this.publicKey = that.publicKey;
this.privateKey = that.privateKey;
this.dsa_x = that.dsa_x;
this.dsa_y = that.dsa_y;
this.dsa_p = that.dsa_p;
this.dsa_q = that.dsa_q;
this.dsa_g = that.dsa_g;
return this;
}

@Override
public PublicKey getPublicKey() { return publicKey; }

19 changes: 19 additions & 0 deletions src/main/java/org/jruby/ext/openssl/PKeyRSA.java
Original file line number Diff line number Diff line change
@@ -141,6 +141,25 @@ public PKeyRSA(Ruby runtime, RubyClass type, RSAPrivateCrtKey privKey, RSAPublic
private transient volatile BigInteger rsa_dmq1;
private transient volatile BigInteger rsa_iqmp;

@Override
public IRubyObject initialize_copy(final IRubyObject original) {
if (this == original) return this;
checkFrozen();

final PKeyRSA that = (PKeyRSA) original;
this.publicKey = that.publicKey;
this.privateKey = that.privateKey;
this.rsa_e = that.rsa_e;
this.rsa_n = that.rsa_n;
this.rsa_d = that.rsa_d;
this.rsa_p = that.rsa_p;
this.rsa_q = that.rsa_q;
this.rsa_dmp1 = that.rsa_dmp1;
this.rsa_dmq1 = that.rsa_dmq1;
this.rsa_iqmp = that.rsa_iqmp;
return this;
}

@Override
public PublicKey getPublicKey() { return publicKey; }

7 changes: 7 additions & 0 deletions src/main/java/org/jruby/ext/openssl/SSLContext.java
Original file line number Diff line number Diff line change
@@ -181,6 +181,7 @@ public static void createSSLContext(final Ruby runtime, final RubyModule SSL) {
SSLContext.defineAlias("ssl_timeout=", "timeout=");

SSLContext.defineAnnotatedMethods(SSLContext.class);
SSLContext.undefineMethod("dup");

final Set<String> methodKeys = SSL_VERSION_OSSL2JSSE.keySet();
final RubyArray methods = runtime.newArray( methodKeys.size() );
@@ -613,6 +614,12 @@ public RubyHash session_cache_stats(final ThreadContext context) {
return RubyHash.newHash(context.runtime);
}

@JRubyMethod(name = "security_level=")
public IRubyObject set_security_level(ThreadContext context, IRubyObject level) {
warn(context, "WARNING: SSLContext#security_level= has no effect under JRuby");
return context.nil;
}

boolean isProtocolForServer() {
return protocolForServer;
}
1 change: 1 addition & 0 deletions src/main/java/org/jruby/ext/openssl/SSLSocket.java
Original file line number Diff line number Diff line change
@@ -95,6 +95,7 @@ public static void createSSLSocket(final Ruby runtime, final RubyModule SSL) { /
SSLSocket.addReadWriteAttribute(context, "sync_close");
SSLSocket.addReadWriteAttribute(context, "hostname");
SSLSocket.defineAnnotatedMethods(SSLSocket.class);
SSLSocket.undefineMethod("dup");
}

public SSLSocket(Ruby runtime, RubyClass type) {
12 changes: 12 additions & 0 deletions src/main/java/org/jruby/ext/openssl/X509Attribute.java
Original file line number Diff line number Diff line change
@@ -127,6 +127,18 @@ public IRubyObject initialize(final ThreadContext context, final IRubyObject[] a
return this;
}

@Override
public IRubyObject initialize_copy(final IRubyObject original) {
if (this == original) return this;
checkFrozen();

final X509Attribute that = (X509Attribute) original;
this.value = that.value == null ? null : that.value.dup();
this.oid = that.oid;
this.objectId = that.objectId;
return this;
}

@JRubyMethod
public IRubyObject to_der(final ThreadContext context) {
final byte[] bytes;
10 changes: 8 additions & 2 deletions src/main/java/org/jruby/ext/openssl/X509Cert.java
Original file line number Diff line number Diff line change
@@ -567,8 +567,14 @@ public IRubyObject sign(final ThreadContext context, final IRubyObject key, fina

// Have to obey some artificial constraints of the OpenSSL implementation. Stupid.
final String keyAlg = ((PKey) key).getAlgorithm();
final String digAlg = ((Digest) digest).getShortAlgorithm();
final String digName = ((Digest) digest).name().toString();
final String digAlg; final String digName;
if (digest instanceof Digest) {
digAlg = ((Digest) digest).getShortAlgorithm();
digName = ((Digest) digest).name().toString();
}
else {
digAlg = digest.asJavaString(); digName = null;
}

if( ( "DSA".equalsIgnoreCase(keyAlg) && "MD5".equalsIgnoreCase(digAlg) ) ||
( "RSA".equalsIgnoreCase(keyAlg) && "DSS1".equals(digName) ) ) {
12 changes: 12 additions & 0 deletions src/main/java/org/jruby/ext/openssl/X509Extension.java
Original file line number Diff line number Diff line change
@@ -280,6 +280,18 @@ else if ( args.length > 1 ) {
return this;
}

@Override
public IRubyObject initialize_copy(final IRubyObject original) {
if (this == original) return this;
checkFrozen();

final X509Extension that = (X509Extension) original;
this.value = that.value;
this.objectID = that.objectID;
this.critical = that.critical;
return this;
}

@JRubyMethod
public IRubyObject oid(final ThreadContext context) {
return context.runtime.newString( oidSym(context.runtime) );
6 changes: 5 additions & 1 deletion src/main/java/org/jruby/ext/openssl/X509Request.java
Original file line number Diff line number Diff line change
@@ -85,6 +85,10 @@ public static void createRequest(final Ruby runtime, final RubyModule _X509) {
_Request.defineAnnotatedMethods(X509Request.class);
}

static RubyClass _RequestError(final Ruby runtime) {
return (RubyClass) _X509(runtime).getConstantAt("RequestError");
}

private IRubyObject subject;
private PKey public_key;
private IRubyObject version;
@@ -287,7 +291,7 @@ public IRubyObject sign(final ThreadContext context,
PrivateKey privateKey = ((PKey) key).getPrivateKey();

final Ruby runtime = context.runtime;
supportedSignatureAlgorithm(runtime, public_key, (Digest) digest);
supportedSignatureAlgorithm(runtime, _RequestError(runtime), public_key, (Digest) digest);

final String digAlg = ((Digest) digest).getShortAlgorithm();
try {
1 change: 1 addition & 0 deletions src/main/java/org/jruby/ext/openssl/X509Store.java
Original file line number Diff line number Diff line change
@@ -75,6 +75,7 @@ public static void createX509Store(final Ruby runtime, final RubyModule X509) {
Store.addReadWriteAttribute(context, "error_string");
Store.addReadWriteAttribute(context, "chain");
Store.defineAnnotatedMethods(X509Store.class);
Store.undefineMethod("dup");

X509StoreContext.createX509StoreContext(runtime, X509);
}
1 change: 1 addition & 0 deletions src/main/java/org/jruby/ext/openssl/X509StoreContext.java
Original file line number Diff line number Diff line change
@@ -73,6 +73,7 @@ public IRubyObject allocate(Ruby runtime, RubyClass klass) {
public static void createX509StoreContext(final Ruby runtime, final RubyModule X509) {
RubyClass StoreContext = X509.defineClassUnder("StoreContext", runtime.getObject(), X509STORECTX_ALLOCATOR);
StoreContext.defineAnnotatedMethods(X509StoreContext.class);
StoreContext.undefineMethod("dup");
}

private static RubyClass _StoreContext(final Ruby runtime) {
14 changes: 14 additions & 0 deletions src/main/java/org/jruby/ext/openssl/impl/PKCS10Request.java
Original file line number Diff line number Diff line change
@@ -47,7 +47,9 @@

import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
@@ -110,6 +112,16 @@ public PKCS10Request(ASN1Sequence sequence) {
this(CertificationRequest.getInstance(sequence));
}

private void resetSignedRequest() {
if ( signedRequest == null ) return;

CertificationRequest req = signedRequest.toASN1Structure();
CertificationRequestInfo reqInfo = new CertificationRequestInfo(subject, publicKeyInfo, req.getCertificationRequestInfo().getAttributes());
ASN1Sequence seq = (ASN1Sequence) req.toASN1Primitive();
req = new CertificationRequest(reqInfo, (AlgorithmIdentifier) seq.getObjectAt(1), (DERBitString) seq.getObjectAt(2));
signedRequest = new PKCS10CertificationRequest(req); // valid = true;
}

// sign

public PKCS10CertificationRequest sign(final PrivateKey privateKey,
@@ -178,6 +190,7 @@ public ASN1Sequence toASN1Structure() {

public void setSubject(final X500Name subject) {
this.subject = subject;
resetSignedRequest();
}

public X500Name getSubject() {
@@ -190,6 +203,7 @@ public void setPublicKey(final PublicKey publicKey) {
this.publicKeyInfo = makePublicKeyInfo(publicKey);
//if ( publicKey == null ) publicKeyAlgorithm = null;
//else publicKeyAlgorithm = publicKey.getAlgorithm();
resetSignedRequest();
}

private String getPublicKeyAlgorithm() {
Loading