Skip to content

Commit

Permalink
sample: avoid "include OpenSSL"
Browse files Browse the repository at this point in the history
It is not a common practice and should not be done since it causes name
clash: for example, Digest and Random are provided by other standard
libraries of Ruby.

Fixes: #419
  • Loading branch information
rhenium committed Feb 25, 2021
1 parent a9954ba commit 6a64449
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 27 deletions.
7 changes: 5 additions & 2 deletions sample/cert2text.rb
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
#!/usr/bin/env ruby

require 'openssl'
include OpenSSL::X509

def cert2text(cert_str)
[Certificate, CRL, Request].each do |klass|
[
OpenSSL::X509::Certificate,
OpenSSL::X509::CRL,
OpenSSL::X509::Request,
].each do |klass|
begin
puts klass.new(cert_str).to_text
return
Expand Down
7 changes: 2 additions & 5 deletions sample/certstore.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,6 @@


class CertStore
include OpenSSL
include X509

attr_reader :self_signed_ca
attr_reader :other_ca
attr_reader :ee
Expand All @@ -17,11 +14,11 @@ def initialize(certs_dir)
@c_store = CHashDir.new(@certs_dir)
@c_store.hash_dir(true)
@crl_store = CrlStore.new(@c_store)
@x509store = Store.new
@x509store = OpenSSL::X509::Store.new
@self_signed_ca = @other_ca = @ee = @crl = nil

# Uncomment this line to let OpenSSL to check CRL for each certs.
# @x509store.flags = V_FLAG_CRL_CHECK | V_FLAG_CRL_CHECK_ALL
# @x509store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL

add_path
scan_certs
Expand Down
10 changes: 4 additions & 6 deletions sample/gen_csr.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@
require 'optparse'
require 'openssl'

include OpenSSL

def usage
myname = File::basename($0)
$stderr.puts <<EOS
Expand All @@ -21,13 +19,13 @@ def usage

$stdout.sync = true
name_str = ARGV.shift or usage()
name = X509::Name.parse(name_str)
name = OpenSSL::X509::Name.parse(name_str)

keypair = nil
if keypair_file
keypair = PKey.read(File.read(keypair_file))
keypair = OpenSSL::PKey.read(File.read(keypair_file))
else
keypair = PKey::RSA.new(1024) { putc "." }
keypair = OpenSSL::PKey::RSA.new(1024) { putc "." }
puts
puts "Writing #{keyout}..."
File.open(keyout, "w", 0400) do |f|
Expand All @@ -37,7 +35,7 @@ def usage

puts "Generating CSR for #{name_str}"

req = X509::Request.new
req = OpenSSL::X509::Request.new
req.version = 0
req.subject = name
req.public_key = keypair.public_key
Expand Down
11 changes: 5 additions & 6 deletions sample/smime_read.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
require 'optparse'
require 'openssl'
include OpenSSL

options = ARGV.getopts("c:k:C:")

Expand All @@ -10,14 +9,14 @@

data = $stdin.read

cert = X509::Certificate.new(File::read(cert_file))
key = PKey::read(File::read(key_file))
p7enc = PKCS7::read_smime(data)
cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
key = OpenSSL::PKey::read(File::read(key_file))
p7enc = OpenSSL::PKCS7::read_smime(data)
data = p7enc.decrypt(key, cert)

store = X509::Store.new
store = OpenSSL::X509::Store.new
store.add_path(ca_path)
p7sig = PKCS7::read_smime(data)
p7sig = OpenSSL::PKCS7::read_smime(data)
if p7sig.verify([], store)
puts p7sig.data
end
15 changes: 7 additions & 8 deletions sample/smime_write.rb
Original file line number Diff line number Diff line change
@@ -1,23 +1,22 @@
require 'openssl'
require 'optparse'
include OpenSSL

options = ARGV.getopts("c:k:r:")

cert_file = options["c"]
key_file = options["k"]
rcpt_file = options["r"]

cert = X509::Certificate.new(File::read(cert_file))
key = PKey::read(File::read(key_file))
cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
key = OpenSSL::PKey::read(File::read(key_file))

data = "Content-Type: text/plain\r\n"
data << "\r\n"
data << "This is a clear-signed message.\r\n"

p7sig = PKCS7::sign(cert, key, data, [], PKCS7::DETACHED)
smime0 = PKCS7::write_smime(p7sig)
p7sig = OpenSSL::PKCS7::sign(cert, key, data, [], OpenSSL::PKCS7::DETACHED)
smime0 = OpenSSL::PKCS7::write_smime(p7sig)

rcpt = X509::Certificate.new(File::read(rcpt_file))
p7enc = PKCS7::encrypt([rcpt], smime0)
print PKCS7::write_smime(p7enc)
rcpt = OpenSSL::X509::Certificate.new(File::read(rcpt_file))
p7enc = OpenSSL::PKCS7::encrypt([rcpt], smime0)
print OpenSSL::PKCS7::write_smime(p7enc)

0 comments on commit 6a64449

Please sign in to comment.