Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

[JRUBY-6962] Implemented OpenSSL::PKCS7#type= and OpenSSL::PKCS7#add_data #355

Closed
wants to merge 1 commit into from

2 participants

@martinott

Methods are required to create a PKCS#7 degenerate structure which
contains only certificates. This is basically the same that 'openssl
crl2pkcs7
' does.

See also issue JRUBY-6962.

Martin Ott Implemented OpenSSL::PKCS7#type= and OpenSSL::PKCS7#add_data
Methods are required to create a PKCS#7 degenerate structure which
contains only certificates. This is basically the same that 'openssl
crl2pkcs7' [http://www.openssl.org/docs/apps/crl2pkcs7.html] does.
274641a
@headius
Owner

I incorporated your change in commit 48e96ad and added a pull request for MRI to include the tests in ruby/ruby#205. Thank you!

@headius headius closed this
@headius headius referenced this pull request in ruby/ruby
Closed

Add tests for PKCS7#type= and add_data. #205

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 24, 2012
  1. Implemented OpenSSL::PKCS7#type= and OpenSSL::PKCS7#add_data

    Martin Ott authored
    Methods are required to create a PKCS#7 degenerate structure which
    contains only certificates. This is basically the same that 'openssl
    crl2pkcs7' [http://www.openssl.org/docs/apps/crl2pkcs7.html] does.
This page is out of date. Refresh to see the latest.
View
65 src/org/jruby/ext/openssl/PKCS7.java
@@ -300,8 +300,29 @@ public IRubyObject initialize_copy(IRubyObject obj) {
@JRubyMethod(name="type=")
public IRubyObject set_type(IRubyObject obj) {
- System.err.println("WARNING: unimplemented method called PKCS7#type=");
- return getRuntime().getNil();
+ int typeId = ASN1Registry.NID_undef;
+
+ String type = obj.convertToString().asJavaString();
+
+ if ("signed".equals(type)) {
+ typeId = ASN1Registry.NID_pkcs7_signed;
+ } else if ("data".equals(type)) {
+ typeId = ASN1Registry.NID_pkcs7_data;
+ } else if ("signedAndEnveloped".equals(type)) {
+ typeId = ASN1Registry.NID_pkcs7_signedAndEnveloped;
+ } else if ("enveloped".equals(type)) {
+ typeId = ASN1Registry.NID_pkcs7_enveloped;
+ } else if ("encrypted".equals(type)) {
+ typeId = ASN1Registry.NID_pkcs7_encrypted;
+ }
+
+ try {
+ p7.setType(typeId);
+ } catch (PKCS7Exception pkcs7e) {
+ throw newPKCS7Exception(getRuntime(), pkcs7e);
+ }
+
+ return obj;
}
@JRubyMethod(name="type")
@@ -479,8 +500,44 @@ public IRubyObject crls() {
@JRubyMethod(name={"add_data", "data="})
public IRubyObject add_data(IRubyObject obj) {
- System.err.println("WARNING: unimplemented method called PKCS7#add_data");
- return getRuntime().getNil();
+ if (p7.isSigned()) {
+ try {
+ p7.contentNew(ASN1Registry.NID_pkcs7_data);
+ } catch (PKCS7Exception pkcs7e) {
+ throw newPKCS7Exception(getRuntime(), pkcs7e);
+ }
+ }
+
+ BIO in = obj2bio(obj);
+ BIO out = null;
+ try {
+ out = p7.dataInit(null);
+ } catch (PKCS7Exception pkcs7e) {
+ throw newPKCS7Exception(getRuntime(), pkcs7e);
+ }
+ byte[] buf = new byte[4096];
+ for(;;) {
+ try {
+ int i = in.read(buf, 0, buf.length);
+ if(i <= 0) {
+ break;
+ }
+ if(out != null) {
+ out.write(buf, 0, i);
+ }
+ } catch(IOException e) {
+ throw getRuntime().newIOErrorFromException(e);
+ }
+ }
+
+ try {
+ p7.dataFinal(out);
+ } catch (PKCS7Exception pkcs7e) {
+ throw newPKCS7Exception(getRuntime(), pkcs7e);
+ }
+ setData(getRuntime().getNil());
+
+ return obj;
}
@JRubyMethod(rest=true)
View
7 src/org/jruby/ext/openssl/impl/PKCS7.java
@@ -923,7 +923,12 @@ public BIO dataInit(BIO bio) throws PKCS7Exception {
bio.setMemEofReturn(0);
}
}
- out.push(bio);
+
+ if (out != null) {
+ out.push(bio);
+ } else {
+ out = bio;
+ }
bio = null;
return out;
}
View
67 test/externals/ruby1.9/openssl/test_pkcs7.rb
@@ -192,6 +192,73 @@ def test_graceful_parsing_failure #[ruby-core:43250]
contents = File.read(__FILE__)
assert_raise(ArgumentError) { OpenSSL::PKCS7.new(contents) }
end
+
+ def test_set_type_signed
+ p7 = OpenSSL::PKCS7.new
+ p7.type = "signed"
+ assert_equal(p7.type, :signed)
+ end
+
+ def test_set_type_data
+ p7 = OpenSSL::PKCS7.new
+ p7.type = "data"
+ assert_equal(p7.type, :data)
+ end
+
+ def test_set_type_signed_and_enveloped
+ p7 = OpenSSL::PKCS7.new
+ p7.type = "signedAndEnveloped"
+ assert_equal(p7.type, :signedAndEnveloped)
+ end
+
+ def test_set_type_enveloped
+ p7 = OpenSSL::PKCS7.new
+ p7.type = "enveloped"
+ assert_equal(p7.type, :enveloped)
+ end
+
+ def test_set_type_encrypted
+ p7 = OpenSSL::PKCS7.new
+ p7.type = "encrypted"
+ assert_equal(p7.type, :encrypted)
+ end
+
+ def test_degenerate_pkcs7
+ ca_cert_pem = <<END
+-----BEGIN CERTIFICATE-----
+MIID4DCCAsigAwIBAgIJAL1oVI72wmQwMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNV
+BAYTAkFVMQ4wDAYDVQQIEwVTdGF0ZTENMAsGA1UEBxMEQ2l0eTEQMA4GA1UEChMH
+RXhhbXBsZTETMBEGA1UEAxMKRXhhbXBsZSBDQTAeFw0xMjEwMTgwOTE2NTBaFw0y
+MjEwMTYwOTE2NTBaMFMxCzAJBgNVBAYTAkFVMQ4wDAYDVQQIEwVTdGF0ZTENMAsG
+A1UEBxMEQ2l0eTEQMA4GA1UEChMHRXhhbXBsZTETMBEGA1UEAxMKRXhhbXBsZSBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTSPNxOkd5NN19XO0fJ
+tGVlWN4DWuvVL9WbWnXJXX9rU6X8sSOL9RrRA64eEZf2UBFjz9fMHZj/OGcxZpus
+4YtzfSrMU6xfvsIHeqX+mT60ms2RfX4UXab50MQArBin3JVKHGnOi25uyAOylVFU
+TuzzQJvKyB67vjuRPMlVAgVAZAP07ru9gW0ajt/ODxvUfvXxp5SFF68mVP2ipMBr
+4fujUwQC6cVHmnuL6p87VFoo9uk87TSQVDOQGL8MK4moMFtEW9oUTU22CgnxnCsS
+sCCELYhy9BdaTWQH26LzMfhnwSuIRHZyprW4WZtU0akrYXNiCj8o92rZmQWXJDbl
+qNECAwEAAaOBtjCBszAdBgNVHQ4EFgQUNtVw4jvkZZbkdQbkYi2/F4QN79owgYMG
+A1UdIwR8MHqAFDbVcOI75GWW5HUG5GItvxeEDe/aoVekVTBTMQswCQYDVQQGEwJB
+VTEOMAwGA1UECBMFU3RhdGUxDTALBgNVBAcTBENpdHkxEDAOBgNVBAoTB0V4YW1w
+bGUxEzARBgNVBAMTCkV4YW1wbGUgQ0GCCQC9aFSO9sJkMDAMBgNVHRMEBTADAQH/
+MA0GCSqGSIb3DQEBBQUAA4IBAQBvJIsY9bIqliZ3WD1KoN4cvAQeRAPsoLXQkkHg
+P6Nrcw9rJ5JvoHfYbo5aNlwbnkbt/B2xlVEXUYpJoBZFXafgxG2gJleioIgnaDS4
+FPPwZf1C5ZrOgUBfxTGjHex4ghSAoNGOd35jQzin5NGKOvZclPjZ2vQ++LP3aA2l
+9Fn2qASS46IzMGJlC75mlTOTQwDM16UunMAK26lNG9J6q02o4d/oU2a7x0fD80yF
+64kNA1wDAwaVCYiUH541qKp+b4iDqer8nf8HqzYDFlpje18xYZMEd1hj8dVOharM
+pISJ+D52hV/BGEYF8r5k3hpC5d76gSP2oCcaY0XvLBf97qik
+-----END CERTIFICATE-----
+END
+ p7 = OpenSSL::PKCS7.new
+ p7.type = "signed"
+ ca_cert = OpenSSL::X509::Certificate.new(ca_cert_pem)
+ p7.add_certificate ca_cert
+ p7.add_data ""
+
+ assert_nothing_raised do
+ p7.to_pem
+ end
+ end
end
end
Something went wrong with that request. Please try again.