Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Various fixes #9

Open
wants to merge 4 commits into from

4 participants

David Lee Hiroshi Nakamura Matt Hauck Martin Ott
David Lee

Includes bug-fixes and implementation of an unimplemented method.

David Lee added some commits
David Lee Implement PKCS7#type= b9d1dc5
David Lee Workaround strange case of split OctetStrings
OctetString can be split into a Sequence of OctetStrings. Merge them back before
passing to setEncData().
9dadbc1
David Lee Support degenerate certs-only PKCS7 ae87438
David Lee CertificationRequestInfo attribute can be a Sequence f88f3a8
Hiroshi Nakamura
Collaborator

Thanks! It would be nice if you provide tests for each fix. Can you create that?

Matt Hauck

Can we get this merged in? It fixes things for me as well.

Hiroshi Nakamura
Collaborator

@matthauck Nice, would you please give me a PKCS7 file that you use for confirmation? I can write tests and merge if I have a concrete example.

Matt Hauck matthauck referenced this pull request from a commit in matthauck/jruby-ossl
Matt Hauck matthauck Degenerate PKCS7 + split OctetString test cases
For pull request #9
a9acbd3
Matt Hauck matthauck referenced this pull request from a commit in matthauck/jruby-ossl
Matt Hauck matthauck Degenerate PKCS7 + split OctetString test cases
For pull request #9
095de1c
Matt Hauck

any hope this might get pulled in?

Martin Ott

We also depend on these changes. How can we help to get these fixes pulled in?

Matt Hauck

It'd be really nice to get these for jruby 1.7.1, now that we do not have the option of keeping these fixes of ours in a jruby-ossl fork -- it now requires a whole jruby fork which will be more difficult to maintain.

Matt Hauck

Sweet!

Joseph Emmanuel Dayo jedld referenced this pull request from a commit in jedld/jruby
Martin Ott PKCS7 structures that have their content encapsulated in a sequence a…
…re not imported correctly

The case to handle content which has been encapsulated in a sequence
has been in place already but wasn't implemented. The fix is inspired
by Pull Request: jruby/jruby-ossl#9. The test
case includes PKCS7 samples to showcase the issue. Credit goes to Jason
Franklin [https://github.com/jamuc] for helping with the samples and
the fix in general.

Conflicts:
	test/externals/ruby1.9/openssl/test_pkcs7.rb
acdb0d1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Aug 10, 2011
  1. Implement PKCS7#type=

    David Lee authored
  2. Workaround strange case of split OctetStrings

    David Lee authored
    OctetString can be split into a Sequence of OctetStrings. Merge them back before
    passing to setEncData().
  3. Support degenerate certs-only PKCS7

    David Lee authored
This page is out of date. Refresh to see the latest.
8 src/java/org/jruby/ext/openssl/PKCS7.java
View
@@ -260,6 +260,7 @@ public IRubyObject getData() {
public IRubyObject _initialize(IRubyObject[] args) {
IRubyObject arg = null;
if(Arity.checkArgumentCount(getRuntime(), args, 0, 1) == 0) {
+ p7 = new org.jruby.ext.openssl.impl.PKCS7();
return this;
}
arg = args[0];
@@ -288,9 +289,10 @@ public IRubyObject initialize_copy(IRubyObject obj) {
}
@JRubyMethod(name="type=")
- public IRubyObject set_type(IRubyObject obj) {
- System.err.println("WARNING: unimplemented method called PKCS7#type=");
- return getRuntime().getNil();
+ public IRubyObject set_type(IRubyObject obj) throws PKCS7Exception {
+ String str = obj.convertToString().asJavaString();
+ p7.setTypeByName(str);
+ return obj;
}
@JRubyMethod(name="type")
17 src/java/org/jruby/ext/openssl/Request.java
View
@@ -138,9 +138,20 @@ public Object call() throws GeneralSecurityException {
}
ASN1Set in_attrs = req.getCertificationRequestInfo().getAttributes();
for(Enumeration enm = in_attrs.getObjects();enm.hasMoreElements();) {
- DERSet obj = (DERSet)enm.nextElement();
- for(Enumeration enm2 = obj.getObjects();enm2.hasMoreElements();) {
- DERSequence val = (DERSequence)enm2.nextElement();
+ Enumeration enm2;
+ Object next = enm.nextElement();
+ if (next instanceof DERSet) {
+ enm2 = ((DERSet)next).getObjects();
+ while(enm2.hasMoreElements()) {
+ DERSequence val = (DERSequence)enm2.nextElement();
+ DERObjectIdentifier v0 = (DERObjectIdentifier)val.getObjectAt(0);
+ DERObject v1 = (DERObject)val.getObjectAt(1);
+ IRubyObject a1 = getRuntime().newString(ASN1.getSymLookup(getRuntime()).get(v0));
+ IRubyObject a2 = ASN1.decode(getRuntime().getClassFromPath("OpenSSL::ASN1"), RubyString.newString(getRuntime(), v1.getDEREncoded()));
+ add_attribute(Utils.newRubyInstance(getRuntime(), "OpenSSL::X509::Attribute", new IRubyObject[] { a1, a2 }));
+ }
+ } else if (next instanceof DERSequence) {
+ DERSequence val = (DERSequence)next;
DERObjectIdentifier v0 = (DERObjectIdentifier)val.getObjectAt(0);
DERObject v1 = (DERObject)val.getObjectAt(1);
IRubyObject a1 = getRuntime().newString(ASN1.getSymLookup(getRuntime()).get(v0));
23 src/java/org/jruby/ext/openssl/impl/EncContent.java
View
@@ -27,12 +27,14 @@
***** END LICENSE BLOCK *****/
package org.jruby.ext.openssl.impl;
+import java.util.Enumeration;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -157,7 +159,26 @@ public static EncContent fromASN1(DEREncodable content) {
ec.setAlgorithm(AlgorithmIdentifier.getInstance(sequence.getObjectAt(1)));
if(sequence.size() > 2 && sequence.getObjectAt(2) instanceof DERTaggedObject && ((DERTaggedObject)(sequence.getObjectAt(2))).getTagNo() == 0) {
DEREncodable ee = ((DERTaggedObject)(sequence.getObjectAt(2))).getObject();
- if(ee instanceof ASN1Sequence) {
+ if(ee instanceof ASN1Sequence) { // OctetString split into multiple OctetStrings in a Sequence
+ if (((ASN1Sequence)ee).size() > 0) {
+ // merge back into single OctetString
+ int totalSize = 0;
+ Enumeration e = ((ASN1Sequence)ee).getObjects();
+ while (e.hasMoreElements()) {
+ byte[] octets = ((ASN1OctetString)e.nextElement()).getOctets();
+ totalSize += octets.length;
+ }
+ byte[] data = new byte[totalSize];
+
+ int current = 0;
+ e = ((ASN1Sequence)ee).getObjects();
+ while (e.hasMoreElements()) {
+ byte[] octets = ((ASN1OctetString)e.nextElement()).getOctets();
+ System.arraycopy(octets, 0, data, current, octets.length);
+ current += octets.length;
+ }
+ ec.setEncData(new DEROctetString(data));
+ }
} else {
ec.setEncData((ASN1OctetString)ee);
}
28 src/java/org/jruby/ext/openssl/impl/PKCS7.java
View
@@ -104,6 +104,12 @@ private void initiateWith(Integer nid, DEREncodable content) throws PKCS7Excepti
this.data = PKCS7Data.fromASN1(nid, content);
}
+ public static PKCS7 newEmpty() {
+ PKCS7 p7 = new PKCS7();
+ p7.data = new PKCS7DataData();
+ return p7;
+ }
+
/**
* ContentInfo ::= SEQUENCE {
* contentType ContentType,
@@ -493,6 +499,21 @@ public void decrypt(PrivateKey pkey, X509AuxCertificate cert, BIO data, int flag
}
}
+ public void setTypeByName(String type) throws PKCS7Exception {
+ if (TYPE_signed.equals(type))
+ this.data = new PKCS7DataSigned();
+ else if (TYPE_data.equals(type))
+ this.data = new PKCS7DataData();
+ else if (TYPE_signedAndEnveloped.equals(type))
+ this.data = new PKCS7DataSignedAndEnveloped();
+ else if (TYPE_enveloped.equals(type))
+ this.data = new PKCS7DataEnveloped();
+ else if (TYPE_encrypted.equals(type))
+ this.data = new PKCS7DataEncrypted();
+ else
+ throw new PKCS7Exception(F_PKCS7_SET_TYPE,R_UNSUPPORTED_CONTENT_TYPE);
+ }
+
/** c: PKCS7_set_type
*
*/
@@ -1261,5 +1282,12 @@ public ASN1OctetString getOctetString() {
}
return null;
}
+
+ public final static String TYPE_signed = "signed";
+ public final static String TYPE_encrypted = "encrypted";
+ public final static String TYPE_enveloped = "enveloped";
+ public final static String TYPE_signedAndEnveloped = "signedAndEnveloped";
+ public final static String TYPE_data = "data";
+
}// PKCS7
3  src/java/org/jruby/ext/openssl/impl/Signed.java
View
@@ -199,6 +199,9 @@ public ASN1Encodable asASN1() {
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(new DERInteger(version));
vector.add(digestAlgorithmsToASN1Set());
+ if (contents == null) {
+ contents = PKCS7.newEmpty();
+ }
vector.add(contents.asASN1());
if (cert != null && cert.size() > 0) {
if (cert.size() > 1) {
Something went wrong with that request. Please try again.