* examples/gen_csr.rb: Add 'key' option to specify keypair file.

  We need this feature for creating cross certificate.
* examples/c_rehash.rb, certstore.rb, cert_store_view.rb: Add Request
  support.
* examples/cert2text.rb: Instead of `openssl x509|req|crl -text`.

6 files changed, 216 insertions, 22 deletions

diff --git a/ChangeLog b/ChangeLog
index 39efbbf..db06ec8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Thu, 11 Jul 2003 02:30:55 +0900 -- NAKAMURA, Hiroshi <nahi@ruby-lang.org>
+	* examples/gen_csr.rb: Add 'key' option to specify keypair file.
+	  We need this feature for creating cross certificate.
+	* examples/c_rehash.rb, certstore.rb, cert_store_view.rb: Add Request
+	  support.
+	* examples/cert2text.rb: Instead of `openssl x509|req|crl -text`.
+
 Thu, 11 Jul 2003 02:23:04 +0900 -- NAKAMURA, Hiroshi <nahi@ruby-lang.org>
 	* examples/ca/init_sub_ca.rb: Add a command line option for CN.
 	* examples/ca/gen_crl.rb: CRL issuer was wrong!  Oops.
diff --git a/examples/c_rehash.rb b/examples/c_rehash.rb
index c5e832a..386eef5 100755
--- a/examples/c_rehash.rb
+++ b/examples/c_rehash.rb
@@ -56,7 +56,11 @@ class CHashDir
       begin
 	OpenSSL::X509::CRL.new(str)
       rescue
-	nil
+	begin
+	  OpenSSL::X509::Request.new(str)
+	rescue
+	  nil
+	end
       end
     end
   end
diff --git a/examples/cert2text.rb b/examples/cert2text.rb
new file mode 100755
index 0000000..806c1a0
--- /dev/null
+++ b/examples/cert2text.rb
@@ -0,0 +1,30 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL::X509
+
+def cert2text(cert_str)
+  cert = nil
+  begin
+    cert = Certificate.new(cert_str)
+  rescue
+    begin
+      cert = CRL.new(cert_str)
+    rescue
+      begin
+	cert = Request.new(cert_str)
+      rescue
+	nil
+      end
+    end
+  end
+  puts cert.to_text if cert
+end
+
+if ARGV.empty?
+  cert2text(STDIN.read)
+else
+  ARGV.each do |file|
+    cert2text(File.read(file))
+  end
+end
diff --git a/examples/cert_store_view.rb b/examples/cert_store_view.rb
index 2fe1b7e..0728d61 100755
--- a/examples/cert_store_view.rb
+++ b/examples/cert_store_view.rb
@@ -11,7 +11,7 @@ include Fox
 module CertDumpSupport
   def cert_label(cert)
     subject_alt_name =
-    cert.extensions.find { |ext| ext.oid == 'subjectAltName' }
+      cert.extensions.find { |ext| ext.oid == 'subjectAltName' }
     if subject_alt_name
       subject_alt_name.value.split(/\s*,\s/).each do |alt_name_pair|
 	alt_tag, alt_name = alt_name_pair.split(/:/)
@@ -361,6 +361,86 @@ private
   end
 end
 
+class RequestDump
+  include CertDumpSupport
+
+  def initialize(req)
+    @req = req
+  end
+
+  def get_dump(tag)
+    case tag
+    when 'Version'
+      version
+    when 'Signature Algorithm'
+      signature_algorithm
+    when 'Subject'
+      subject
+    when 'Public key'
+      public_key
+    else
+      attributes(tag)
+    end
+  end
+
+  def get_dump_line(tag)
+    case tag
+    when 'Version'
+      version_line
+    when 'Signature Algorithm'
+      signature_algorithm_line
+    when 'Subject'
+      subject_line
+    when 'Public key'
+      public_key_line
+    else
+      attributes_line(tag)
+    end
+  end
+
+private
+
+  def version
+    "Version: #{@req.version + 1}"
+  end
+
+  def version_line
+    version
+  end
+
+  def signature_algorithm
+    @req.signature_algorithm
+  end
+
+  def signature_algorithm_line
+    signature_algorithm
+  end
+
+  def subject
+    name_text(@req.subject)
+  end
+
+  def subject_line
+    @req.subject.to_s
+  end
+
+  def public_key
+    @req.public_key.to_text
+  end
+
+  def public_key_line
+    "#{@req.public_key.class} -- " << public_key.scan(/\A[^\n]*/)[0] << '...'
+  end
+
+  def attributes(tag)
+    "(unknown)"
+  end
+
+  def attributes_line(tag)
+    attributes(tag).tr("\r\n", '')
+  end
+end
+
 class CertStoreView < FXMainWindow
   class CertTree
     include CertDumpSupport
@@ -385,10 +465,26 @@ class CertStoreView < FXMainWindow
       @other_ca_node = add_item_last(nil, "Intermediate CA")
       @ee_node = add_item_last(nil, "Personal")
       @crl_node = add_item_last(nil, "CRL")
+      @request_node = add_item_last(nil, "Request")
       @verify_path_node = add_item_last(nil, "Certification path")
+      show_certs(cert_store)
+    end
+
+    def show_certs(cert_store)
+      remove_items(@self_signed_ca_node)
+      remove_items(@other_ca_node)
+      remove_items(@ee_node)
+      remove_items(@crl_node)
+      remove_items(@request_node)
       import_certs(cert_store)
     end
 
+    def show_request(req)
+      node = add_item_last(@request_node, name_label(req.subject), req)
+      @tree.selectItem(node)
+      @observer.show_item(req)
+    end
+
     def show_verify_path(verify_path)
       add_verify_path(verify_path)
     end
@@ -420,6 +516,9 @@ class CertStoreView < FXMainWindow
 	  add_item_last(node, bn_label(revoked.serial), revoked)
 	end
       end
+      cert_store.request.each do |req|
+	add_item_last(@requestnode, name_label(req.subject), req)
+      end
     end
 
     def add_verify_path(verify_path)
@@ -456,6 +555,12 @@ class CertStoreView < FXMainWindow
       open_node(node)
       node
     end
+
+    def remove_items(node)
+      while node.getNumChildren > 0
+	@tree.removeItem(node.getFirst)
+      end
+    end
   end
 
   class CertInfo
@@ -486,6 +591,8 @@ class CertStoreView < FXMainWindow
 	show_crl(item)
       when OpenSSL::X509::Revoked
 	show_revoked(item)
+      when OpenSSL::X509::Request
+	show_request(item)
       else
 	raise NotImplementedError.new("Unknown item type #{item.class}.")
       end
@@ -536,6 +643,19 @@ class CertStoreView < FXMainWindow
       show_items(revoked, items)
     end
 
+    def show_request(req)
+      wrap = RequestDump.new(req)
+      items = []
+      items << ['Version', wrap.get_dump_line('Version')]
+      items << ['Signature Algorithm', wrap.get_dump_line('Signature Algorithm')]
+      items << ['Subject', wrap.get_dump_line('Subject')]
+      items << ['Public key', wrap.get_dump_line('Public key')]
+      req.attributes.each do |attr|
+	items << [attr.attr, wrap.get_dump_line(attr.oid)]
+      end
+      show_items(req, items)
+    end
+
     def show_items(obj, items)
       set_column_size(items.size)
       items.each_with_index do |ele, idx|
@@ -587,6 +707,8 @@ class CertStoreView < FXMainWindow
 	show_crl(item, tag)
       when OpenSSL::X509::Revoked
 	show_revoked(item, tag)
+      when OpenSSL::X509::Request
+	show_request(item, tag)
       else
 	raise NotImplementedError.new("Unknown item type #{item.class}.")
       end
@@ -608,6 +730,11 @@ class CertStoreView < FXMainWindow
       wrap = RevokedDump.new(revoked)
       @detail.text = wrap.get_dump(tag)
     end
+
+    def show_request(request, tag)
+      wrap = RequestDump.new(request)
+      @detail.text = wrap.get_dump(tag)
+    end
   end
 
   attr_reader :cert_store
@@ -639,6 +766,8 @@ class CertStoreView < FXMainWindow
     FXMenuTitle.new(menubar, "&Tool", nil, tool_menu)
     FXMenuCommand.new(tool_menu, "&Verify\tCtl-N").connect(SEL_COMMAND,
       method(:on_cmd_tool_verify))
+    FXMenuCommand.new(tool_menu, "&Show Request\tCtl-R").connect(SEL_COMMAND,
+      method(:on_cmd_tool_request))
 
     base_frame = FXHorizontalFrame.new(self, LAYOUT_FILL_X | LAYOUT_FILL_Y)
     splitter_horz = FXSplitter.new(base_frame, LAYOUT_SIDE_TOP | LAYOUT_FILL_X |
@@ -682,12 +811,16 @@ class CertStoreView < FXMainWindow
   end
 
   def show_init
-    show_tree
+    @cert_tree.show(@cert_store)
     show_item(nil)
   end
 
-  def show_tree
-    @cert_tree.show(@cert_store)
+  def show_certs
+    @cert_tree.show_certs(@cert_store)
+  end
+
+  def show_request(req)
+    @cert_tree.show_request(req)
   end
 
   def show_verify_path(verify_path)
@@ -703,7 +836,9 @@ class CertStoreView < FXMainWindow
   end
 
   def verify(certfile)
-    show_verify_path(verify_certfile(certfile))
+    path = verify_certfile(certfile)
+    show_certs	# CRL could be change.
+    show_verify_path(path)
   end
 
 private
@@ -734,10 +869,23 @@ private
     1
   end
 
+  def on_cmd_tool_request(sender, sel, ptr)
+    dialog = FXFileDialog.new(self, "Show request")
+    dialog.filename = ''
+    dialog.patternList = ["All Files (*)", "PEM formatted certificate (*.pem)"]
+    if dialog.execute != 0
+      req = @cert_store.generate_cert(dialog.filename)
+      show_request(req)
+    end
+    1
+  end
+
   def verify_certfile(filename)
     begin
       cert = @cert_store.generate_cert(filename)
-      @cert_store.verify(cert)
+      result = @cert_store.verify(cert)
+      @cert_store.scan_certs
+      result
     rescue
       show_error($!)
       []
@@ -751,10 +899,10 @@ private
 end
 
 GC.start
-getopts nil, "trust_file:", "cert:"
+getopts nil, "trustCA:", "cert:"
 
 certs_dir = ARGV.shift or raise "#{$0} cert_dir"
-trust_file = $OPT_trust_file
+trust_file = $OPT_trustCA
 certfile = $OPT_cert
 app = FXApp.new("CertStore", "FoxTest")
 cert_store = CertStore.new(certs_dir)
diff --git a/examples/certstore.rb b/examples/certstore.rb
index 20a2439..2155dab 100644
--- a/examples/certstore.rb
+++ b/examples/certstore.rb
@@ -10,6 +10,7 @@ class CertStore
   attr_reader :other_ca
   attr_reader :ee
   attr_reader :crl
+  attr_reader :request
 
   def initialize(certs_dir)
     @trust_anchor = []
@@ -18,12 +19,12 @@ class CertStore
     @c_store.hash_dir(true)
     @crl_store = CrlStore.new(@c_store)
     @x509store = Store.new
-    @x509store.add_path(@certs_dir)
     @self_signed_ca = @other_ca = @ee = @crl = nil
 
-    # Uncomment thi line to let OpenSSL to check CRL for each certs.
+    # Uncomment this line to let OpenSSL to check CRL for each certs.
     # @x509store.flags = V_FLAG_CRL_CHECK | V_FLAG_CRL_CHECK_ALL
 
+    add_path
     scan_certs
   end
 
@@ -59,14 +60,26 @@ class CertStore
     end
   end
 
+  def scan_certs
+    @self_signed_ca = []
+    @other_ca = []
+    @ee = []
+    @crl = []
+    @request = []
+    load_certs
+  end
+
 private
 
+  def add_path
+    @x509store.add_path(@certs_dir)
+  end
+
   def do_verify(cert)
     error_map = {}
     crl_map = {}
     result = @x509store.verify(cert) do |ok, ctx|
       cert = ctx.current_cert
-      p cert.subject
       if ctx.current_crl
 	crl_map[cert.subject] = true
       end
@@ -108,14 +121,6 @@ private
     false
   end
 
-  def scan_certs
-    @self_signed_ca = []
-    @other_ca = []
-    @ee = []
-    @crl = []
-    load_certs
-  end
-
   def load_certs
     @c_store.get_certs.each do |certfile|
       cert = generate_cert(certfile)
diff --git a/examples/gen_csr.rb b/examples/gen_csr.rb
index f525f22..2a730ca 100755
--- a/examples/gen_csr.rb
+++ b/examples/gen_csr.rb
@@ -14,12 +14,12 @@ EOS
   exit
 end
 
-getopts nil, "csrout:", "keyout:"
+getopts nil, "key:", "csrout:", "keyout:"
+keypair_file = $OPT_key
 csrout = $OPT_csrout || "csr.pem"
 keyout = $OPT_keyout || "keypair.pem"
 
 name_str = ARGV.shift or usage()
-keypair_file = ARGV.shift
 
 $stdout.sync = true