NetscapeSPKI.java example

Explorer

jruby-openssl-master
- src
  - main
    - java
      - org
        jruby
        ext
        openssl
        ASN1.java
        BN.java
        BouncyCastlePEMHandler.java
        Cipher.java
        CipherStrings.java
        Config.java
        DefaultPEMHandler.java
        Digest.java
        HMAC.java
        NetscapeSPKI.java
        OCSP.java
        OCSPBasicResponse.java
        OCSPCertificateId.java
        OCSPRequest.java
        OCSPResponse.java
        OCSPSingleResponse.java
        OSSLLibrary.java
        ObjectSupport.java
        OpenSSL.java
        OpenSSLImpl.java
        OpenSSLReal.java
        PEMHandler.java
        PEMUtils.java
        PKCS5.java
        PKCS7.java
        PKey.java
        PKeyDH.java
        PKeyDSA.java
        PKeyEC.java
        PKeyRSA.java
        Random.java
        SSL.java
        SSLContext.java
        SSLSession.java
        SSLSocket.java
        SecurityHelper.java
        SimpleSecretKey.java
        StringHelper.java
        Utils.java
        X509.java
        X509Attribute.java
        X509CRL.java
        X509Cert.java
        X509Extension.java
        X509ExtensionFactory.java
        X509Name.java
        X509Request.java
        X509Revoked.java
        X509Store.java
        X509StoreContext.java
        impl
        ASN1Registry.java
        Attribute.java
        BIO.java
        BIOFilter.java
        Base64.java
        Base64BIOFilter.java
        CipherBIOFilter.java
        CipherSpec.java
        Digest.java
        ECPrivateKeyWithName.java
        EVP.java
        EncContent.java
        Encrypt.java
        Envelope.java
        IssuerAndSerial.java
        MemBIO.java
        MessageDigestBIOFilter.java
        Mime.java
        MimeHeader.java
        MimeParam.java
        NetscapeCertRequest.java
        NotVerifiedPKCS7Exception.java
        NullSinkBIO.java
        PKCS10Request.java
        PKCS7.java
        PKCS7Data.java
        PKCS7DataData.java
        PKCS7DataDigest.java
        PKCS7DataEncrypted.java
        PKCS7DataEnveloped.java
        PKCS7DataSigned.java
        PKCS7DataSignedAndEnveloped.java
        PKCS7Exception.java
        PKey.java
        RecipInfo.java
        SMIME.java
        SignEnvelope.java
        Signed.java
        SignerInfoWithPkey.java
        TypeDiscriminating.java
        pem
        MiscPEMGenerator.java
        PEMDecryptor.java
        PEMDecryptorProvider.java
        PEMEncryptedKeyPair.java
        PEMException.java
        PEMKeyPair.java
        PEMKeyPairParser.java
        PEMParser.java
        PEMUtilities.java
        util
        ByteArrayOutputStream.java
        Cache.java
        CryptoSecurity.java
        x509store
        CRL.java
        Certificate.java
        CertificateFile.java
        CertificateHashDir.java
        Function0.java
        Function1.java
        Function2.java
        Function3.java
        Function4.java
        Function5.java
        Lookup.java
        LookupMethod.java
        Name.java
        PEMInputOutput.java
        PKey.java
        PolicyTree.java
        Purpose.java
        Store.java
        StoreContext.java
        Trust.java
        VerifyParameter.java
        X509Aux.java
        X509AuxCertificate.java
        X509Error.java
        X509Object.java
        X509Utils.java
  - test
    - java
      - org
        jruby
        ext
        openssl
        CipherSpiFake.java
        CipherTest.java
        SecurityHelperTest.java
        SignatureSpiFake.java
        security
        SecurityManager.java

/***** BEGIN LICENSE BLOCK *****
 * Version: EPL 1.0/GPL 2.0/LGPL 2.1
 *
 * The contents of this file are subject to the Eclipse Public
 * License Version 1.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.eclipse.org/legal/epl-v10.html
 *
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * Copyright (C) 2006, 2007 Ola Bini <ola@ologix.com>
 *
 * Alternatively, the contents of this file may be used under the terms of
 * either of the GNU General Public License Version 2 or later (the "GPL"),
 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 * in which case the provisions of the GPL or the LGPL are applicable instead
 * of those above. If you wish to allow use of your version of this file only
 * under the terms of either the GPL or the LGPL, and not to allow others to
 * use your version of this file under the terms of the EPL, indicate your
 * decision by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL or the LGPL. If you do not delete
 * the provisions above, a recipient may use your version of this file under
 * the terms of any one of the EPL, the GPL or the LGPL.
 ***** END LICENSE BLOCK *****/
package org.jruby.ext.openssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

import org.jruby.Ruby;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.impl.Base64;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.util.ByteList;

// org.bouncycastle.jce.netscape.NetscapeCertRequest emulator:
import org.jruby.ext.openssl.impl.NetscapeCertRequest;

import static org.jruby.ext.openssl.PKeyDSA._DSA;
import static org.jruby.ext.openssl.PKeyRSA._RSA;
import static org.jruby.ext.openssl.OpenSSL.*;

/**
 * @author <a href="mailto:ola.bini@ki.se">Ola Bini</a>
 */
public class NetscapeSPKI extends RubyObject {
    private static final long serialVersionUID = 3211242351810109432L;

    private static ObjectAllocator NETSCAPESPKI_ALLOCATOR = new ObjectAllocator() {
        public IRubyObject allocate(Ruby runtime, RubyClass klass) {
            return new NetscapeSPKI(runtime, klass);
        }
    };

    public static void createNetscapeSPKI(Ruby runtime, RubyModule ossl) {
        RubyModule mNetscape = ossl.defineModuleUnder("Netscape");
        RubyClass cSPKI = mNetscape.defineClassUnder("SPKI",runtime.getObject(),NETSCAPESPKI_ALLOCATOR);
        RubyClass openSSLError = ossl.getClass("OpenSSLError");
        mNetscape.defineClassUnder("SPKIError",openSSLError,openSSLError.getAllocator());

        cSPKI.defineAnnotatedMethods(NetscapeSPKI.class);
    }

    private static RubyModule _Netscape(final Ruby runtime) {
        return (RubyModule) runtime.getModule("OpenSSL").getConstant("Netscape");
    }

    public NetscapeSPKI(Ruby runtime, RubyClass type) {
        super(runtime,type);
    }

    private IRubyObject public_key;
    private IRubyObject challenge;

    private Object cert;

    @JRubyMethod(name = "initialize", rest = true, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(final ThreadContext context, final IRubyObject[] args) {
        final Ruby runtime = context.runtime;
        if ( args.length > 0 ) {
            byte[] request = args[0].convertToString().getBytes();
            request = tryBase64Decode(request);

            final NetscapeCertRequest cert;
            try {
                this.cert = cert = new NetscapeCertRequest(request);
                challenge = runtime.newString( cert.getChallenge() );
            }
            catch (GeneralSecurityException e) { throw newSPKIError(e); }
            catch (IllegalArgumentException e) { throw newSPKIError(e); }

            final PublicKey publicKey = cert.getPublicKey();
            final String algorithm = publicKey.getAlgorithm();
            final RubyString pub_key = RubyString.newString(runtime, publicKey.getEncoded());

            if ( "RSA".equalsIgnoreCase(algorithm) ) {
                this.public_key = _RSA(runtime).callMethod(context, "new", pub_key);
            }
            else if ( "DSA".equalsIgnoreCase(algorithm) ) {
                this.public_key = _DSA(runtime).callMethod(context, "new", pub_key);
            }
            else {
                throw runtime.newLoadError("not implemented algo for public key: " + algorithm);
            }
        }
        return this;
    }

    // just try to decode for the time when the given bytes are base64 encoded.
    private static byte[] tryBase64Decode(byte[] b) {
        try {
            b = Base64.decode(b, 0, b.length, Base64.NO_OPTIONS);
        }
        catch (IOException ignored) { }
        catch (IllegalArgumentException ignored) { }
        return b;
    }

    @JRubyMethod
    public IRubyObject to_der() {
        try {
            final byte[] derBytes = toDER();
            return getRuntime().newString(new ByteList(derBytes, false));
        }
        catch (IOException ioe) { throw newSPKIError(ioe); }
    }

    @JRubyMethod(name = { "to_pem", "to_s" })
    public IRubyObject to_pem() {
        try {
            byte[] source = toDER();
            // no Base64.DO_BREAK_LINES option needed for NSPKI :
            source = Base64.encodeBytesToBytes(source, 0, source.length, Base64.NO_OPTIONS);
            return getRuntime().newString(new ByteList(source, false));
        }
        catch (IOException ioe) { throw newSPKIError(ioe); }
    }

    private byte[] toDER() throws IOException {
        ASN1Sequence b = (ASN1Sequence) ((NetscapeCertRequest) cert).toASN1Primitive();
        ASN1ObjectIdentifier encType = (ASN1ObjectIdentifier)((ASN1Sequence)((ASN1Sequence)((ASN1Sequence)b.getObjectAt(0)).getObjectAt(0)).getObjectAt(0)).getObjectAt(0);
        ASN1ObjectIdentifier sigAlg = ((AlgorithmIdentifier)b.getObjectAt(1)).getAlgorithm();
        DERBitString sig = (DERBitString) b.getObjectAt(2);

        DERBitString publicKey = new DERBitString(((PKey) public_key).to_der().convertToString().getBytes());
        DERIA5String encodedChallenge = new DERIA5String(this.challenge.toString());

        ASN1EncodableVector v1 = new ASN1EncodableVector();
        ASN1EncodableVector v1_2 = new ASN1EncodableVector();
        ASN1EncodableVector v2 = new ASN1EncodableVector();
        ASN1EncodableVector v3 = new ASN1EncodableVector();
        ASN1EncodableVector v4 = new ASN1EncodableVector();
        v4.add(encType);
        v4.add(DERNull.INSTANCE);
        v3.add(new DLSequence(v4));
        v3.add(publicKey);
        v2.add(new DLSequence(v3));
        v2.add(encodedChallenge);
        v1.add(new DLSequence(v2));
        v1_2.add(sigAlg);
        v1_2.add(DERNull.INSTANCE);
        v1.add(new DLSequence(v1_2));
        v1.add(sig);
        return new DLSequence(v1).getEncoded();
    }

    @JRubyMethod
    public IRubyObject to_text() {
        warn(getRuntime().getCurrentContext(), "WARNING: unimplemented method called: Netscape::SPKI#to_text");
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject public_key() {
        return this.public_key;
    }

    @JRubyMethod(name="public_key=")
    public IRubyObject set_public_key(final IRubyObject public_key) {
        return this.public_key = public_key;
    }

    @JRubyMethod
    public IRubyObject sign(final IRubyObject key, final IRubyObject digest) {
        final String keyAlg = ((PKey) key).getAlgorithm();
        final String digAlg = ((Digest) digest).getShortAlgorithm();
        final String symKey = keyAlg.toLowerCase() + '-' + digAlg.toLowerCase();
        try {
            final ASN1ObjectIdentifier alg = ASN1.sym2Oid( getRuntime(), symKey );
            final PublicKey publicKey = ( (PKey) this.public_key ).getPublicKey();
            final String challengeStr = challenge.toString();
            final NetscapeCertRequest cert;
            this.cert = cert = new NetscapeCertRequest(challengeStr, new AlgorithmIdentifier(alg), publicKey);
            cert.sign( ((PKey) key).getPrivateKey() );
        }
        catch (NoSuchAlgorithmException e) {
            debugStackTrace(getRuntime(), e);
            throw newSPKIError(e);
        }
        catch (GeneralSecurityException e) {
            throw newSPKIError(e);
        }
        return this;
    }

    @JRubyMethod
    public IRubyObject verify(final IRubyObject pkey) {
        final NetscapeCertRequest cert = (NetscapeCertRequest) this.cert;
        cert.setPublicKey( ((PKey) pkey).getPublicKey() );
        try {
            boolean result = cert.verify(challenge.toString());
            return getRuntime().newBoolean(result);
        }
        catch (NoSuchAlgorithmException e) {
            debugStackTrace(getRuntime(), e);
            throw newSPKIError(e);
        }
        catch (GeneralSecurityException e) {
            throw newSPKIError(e);
        }
    }

    @JRubyMethod
    public IRubyObject challenge() {
        return this.challenge;
    }

    @JRubyMethod(name="challenge=")
    public IRubyObject set_challenge(final IRubyObject challenge) {
        return this.challenge = challenge;
    }

    private RaiseException newSPKIError(final Exception e) {
        return newSPKIError(getRuntime(), e.getMessage());
    }

    private static RaiseException newSPKIError(Ruby runtime, String message) {
        return Utils.newError(runtime, _Netscape(runtime).getClass("SPKIError"), message);
    }

}// NetscapeSPKI