mirror of
https://github.com/ruby/ruby.git
synced 2025-09-19 02:23:59 +02:00
a55320b093
Import Ruby/OpenSSL 2.1.0.beta2. The full commit log since commit
e72d960db262 which was imported by r60013 can be found at:
e72d960db2...v2.1.0.beta2
----------------------------------------------------------------
Kazuki Yamaguchi (26):
bn: use ALLOCV() macro instead of xmalloc()
appveyor.yml: remove 'openssl version' line
test/test_ssl_session: skip tests for session_remove_cb
x509ext: implement X509::Extension#==
x509attr: implement X509::Attribute#==
x509cert: implement X509::Certificate#==
x509revoked: add missing X509::Revoked#to_der
x509crl, x509revoked: implement X509::{CRL,Revoked}#==
x509req: implement X509::Request#==
ssl: extract rb_intern("call")
cipher: disallow setting AAD for non-AEAD ciphers
test/test_cipher: fix test_non_aead_cipher_set_auth_data failure
ssl: fix conflict of options in SSLContext#set_params
buffering: let #write accept multiple arguments
pkey: make pkey_check_public_key() non-static
x509cert, x509crl, x509req, ns_spki: check sanity of public key
test/envutil: port assert_warning from Ruby trunk
test/utils: remove a pointless .public_key call in issue_cert
ssl: add SSLContext#add_certificate
test/test_ssl: fix test_security_level
Drop support for LibreSSL 2.4
kdf: add HKDF support
test/test_x509cert: fix flaky test
test/test_x509crl: fix random failure
History.md: fix a typo
Ruby/OpenSSL 2.1.0.beta2
Mark Wright (1):
Fix build failure against OpenSSL 1.1 built with no-deprecated Thanks rhenium for the code review and fixes.
Peter Karman (1):
Add RSA sign_pss() and verify_pss() methods
aeris (1):
TLS Fallback Signaling Cipher Suite Value
kazu (1):
Use caller with length to reduce unused strings
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60907 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
215 lines
5.8 KiB
Ruby
215 lines
5.8 KiB
Ruby
# frozen_string_literal: false
|
|
#--
|
|
# = Ruby-space definitions that completes C-space funcs for X509 and subclasses
|
|
#
|
|
# = Info
|
|
# 'OpenSSL for Ruby 2' project
|
|
# Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
|
# All rights reserved.
|
|
#
|
|
# = Licence
|
|
# This program is licensed under the same licence as Ruby.
|
|
# (See the file 'LICENCE'.)
|
|
#++
|
|
|
|
module OpenSSL
|
|
module X509
|
|
class ExtensionFactory
|
|
def create_extension(*arg)
|
|
if arg.size > 1
|
|
create_ext(*arg)
|
|
else
|
|
send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
|
|
end
|
|
end
|
|
|
|
def create_ext_from_array(ary)
|
|
raise ExtensionError, "unexpected array form" if ary.size > 3
|
|
create_ext(ary[0], ary[1], ary[2])
|
|
end
|
|
|
|
def create_ext_from_string(str) # "oid = critical, value"
|
|
oid, value = str.split(/=/, 2)
|
|
oid.strip!
|
|
value.strip!
|
|
create_ext(oid, value)
|
|
end
|
|
|
|
def create_ext_from_hash(hash)
|
|
create_ext(hash["oid"], hash["value"], hash["critical"])
|
|
end
|
|
end
|
|
|
|
class Extension
|
|
def ==(other)
|
|
return false unless Extension === other
|
|
to_der == other.to_der
|
|
end
|
|
|
|
def to_s # "oid = critical, value"
|
|
str = self.oid
|
|
str << " = "
|
|
str << "critical, " if self.critical?
|
|
str << self.value.gsub(/\n/, ", ")
|
|
end
|
|
|
|
def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
|
|
{"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
|
|
end
|
|
|
|
def to_a
|
|
[ self.oid, self.value, self.critical? ]
|
|
end
|
|
end
|
|
|
|
class Name
|
|
module RFC2253DN
|
|
Special = ',=+<>#;'
|
|
HexChar = /[0-9a-fA-F]/
|
|
HexPair = /#{HexChar}#{HexChar}/
|
|
HexString = /#{HexPair}+/
|
|
Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
|
|
StringChar = /[^\\"#{Special}]/
|
|
QuoteChar = /[^\\"]/
|
|
AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
|
|
AttributeValue = /
|
|
(?!["#])((?:#{StringChar}|#{Pair})*)|
|
|
\#(#{HexString})|
|
|
"((?:#{QuoteChar}|#{Pair})*)"
|
|
/x
|
|
TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
|
|
|
|
module_function
|
|
|
|
def expand_pair(str)
|
|
return nil unless str
|
|
return str.gsub(Pair){
|
|
pair = $&
|
|
case pair.size
|
|
when 2 then pair[1,1]
|
|
when 3 then Integer("0x#{pair[1,2]}").chr
|
|
else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
|
|
end
|
|
}
|
|
end
|
|
|
|
def expand_hexstring(str)
|
|
return nil unless str
|
|
der = str.gsub(HexPair){$&.to_i(16).chr }
|
|
a1 = OpenSSL::ASN1.decode(der)
|
|
return a1.value, a1.tag
|
|
end
|
|
|
|
def expand_value(str1, str2, str3)
|
|
value = expand_pair(str1)
|
|
value, tag = expand_hexstring(str2) unless value
|
|
value = expand_pair(str3) unless value
|
|
return value, tag
|
|
end
|
|
|
|
def scan(dn)
|
|
str = dn
|
|
ary = []
|
|
while true
|
|
if md = TypeAndValue.match(str)
|
|
remain = md.post_match
|
|
type = md[1]
|
|
value, tag = expand_value(md[2], md[3], md[4]) rescue nil
|
|
if value
|
|
type_and_value = [type, value]
|
|
type_and_value.push(tag) if tag
|
|
ary.unshift(type_and_value)
|
|
if remain.length > 2 && remain[0] == ?,
|
|
str = remain[1..-1]
|
|
next
|
|
elsif remain.length > 2 && remain[0] == ?+
|
|
raise OpenSSL::X509::NameError,
|
|
"multi-valued RDN is not supported: #{dn}"
|
|
elsif remain.empty?
|
|
break
|
|
end
|
|
end
|
|
end
|
|
msg_dn = dn[0, dn.length - str.length] + " =>" + str
|
|
raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
|
|
end
|
|
return ary
|
|
end
|
|
end
|
|
|
|
class << self
|
|
def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
|
|
ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
|
|
self.new(ary, template)
|
|
end
|
|
|
|
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
|
if str.start_with?("/")
|
|
# /A=B/C=D format
|
|
ary = str[1..-1].split("/").map { |i| i.split("=", 2) }
|
|
else
|
|
# Comma-separated
|
|
ary = str.split(",").map { |i| i.strip.split("=", 2) }
|
|
end
|
|
self.new(ary, template)
|
|
end
|
|
|
|
alias parse parse_openssl
|
|
end
|
|
|
|
def pretty_print(q)
|
|
q.object_group(self) {
|
|
q.text ' '
|
|
q.text to_s(OpenSSL::X509::Name::RFC2253)
|
|
}
|
|
end
|
|
end
|
|
|
|
class Attribute
|
|
def ==(other)
|
|
return false unless Attribute === other
|
|
to_der == other.to_der
|
|
end
|
|
end
|
|
|
|
class StoreContext
|
|
def cleanup
|
|
warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
|
|
end
|
|
end
|
|
|
|
class Certificate
|
|
def pretty_print(q)
|
|
q.object_group(self) {
|
|
q.breakable
|
|
q.text 'subject='; q.pp self.subject; q.text ','; q.breakable
|
|
q.text 'issuer='; q.pp self.issuer; q.text ','; q.breakable
|
|
q.text 'serial='; q.pp self.serial; q.text ','; q.breakable
|
|
q.text 'not_before='; q.pp self.not_before; q.text ','; q.breakable
|
|
q.text 'not_after='; q.pp self.not_after
|
|
}
|
|
end
|
|
end
|
|
|
|
class CRL
|
|
def ==(other)
|
|
return false unless CRL === other
|
|
to_der == other.to_der
|
|
end
|
|
end
|
|
|
|
class Revoked
|
|
def ==(other)
|
|
return false unless Revoked === other
|
|
to_der == other.to_der
|
|
end
|
|
end
|
|
|
|
class Request
|
|
def ==(other)
|
|
return false unless Request === other
|
|
to_der == other.to_der
|
|
end
|
|
end
|
|
end
|
|
end
|