diff options
author | GOTOU Yuuzou <gotoyuzo@notwork.org> | 2003-07-01 08:16:26 +0000 |
---|---|---|
committer | GOTOU Yuuzou <gotoyuzo@notwork.org> | 2003-07-01 08:16:26 +0000 |
commit | 9081fc39fa246746d995439a746484cc18bdf5db (patch) | |
tree | 8d3f76437d0182477ea183e44a28c7550ffc5b31 | |
parent | 2bfddb6b55752d82e271f3cbbef9a135f786ef29 (diff) | |
download | ruby-openssl-history-9081fc39fa246746d995439a746484cc18bdf5db.tar.gz |
*** empty log message ***
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | README | 96 | ||||
-rwxr-xr-x | examples/gen_cert.rb | 28 | ||||
-rwxr-xr-x | examples/gen_csr.rb | 13 | ||||
-rw-r--r-- | lib/openssl/x509.rb | 27 | ||||
-rw-r--r-- | ossl_x509ext.c | 71 |
6 files changed, 151 insertions, 85 deletions
@@ -3,6 +3,7 @@ Tue, 01 Jul 2003 17:11:40 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org> * lib/openssl/x509.rb: X509::Extension#to_a is implented by Ruby. * examples/gen_csr.rb: 2nd argument is CSR filename. * examples/gen_cert.rb: --csrout and --keyout options are added. + * README: revised. Tue, 01 Jul 2003 13:08:11 +0900 -- NAKAMURA, Hiroshi <nahi@ruby-lang.org> * ossl_x509crl.c: Add OpenSSL::X509::CRL#to_der (ossl_x509crl_to_der). @@ -71,6 +71,8 @@ This program is licenced under the same licence as Ruby. = OpenSSL config file parser (part) = BN (safe bignums) = Diffie-Hellman + = PKCS#7 <-> S/MIME + = OCSP [To-Do] = check for memory leaking :-)) @@ -91,7 +93,7 @@ This program is licenced under the same licence as Ruby. = BIO ??? = compat tests for RSA/DSA sign/encrypt -[Documentation/API] +Documentation/API] Sorry, not done. See 'test' folder's examples and grep C sources for rb_define_*method :-)) -------------------------------------------------- @@ -217,17 +219,24 @@ OpenSSL:: type: SIGNED, ENVELOPED, SIGNED_ENVELOPED PKCS7 - ::new(cType|sPEM) + ::new(sPEM) + ::read_smime(sSMIME) => oPKCS7 + ::write_smime(oPKCS7 [, sText, fFlags]) => sSMIME + ::sign(oX509::Certificate, oPKey, sData [, Ary(X509::Certificate), fFlags]) #=> oPKCS7 + ::encrypt(Ary(X509::Certificate), sData, oCipher [, fFlags]) #=> oPKCS7 ---------------------------------- + .decrypt(oPKey, oX509::Certificate [, iFlags]) => sData + .verify(Ary(X509::Certificate), oX509::Store [, sData, fFlags]) => sData + .type=(a Symbol as PKCS#7) + .detached=(bDetached) + .detached? => bResult .cipher=(oCipher::ANY) => oCipher::ANY .add_signer(oPKCS7::Signer, oPKey::ANY) => self - .signers() => Array of PKCS7::Signer + .signers() => Ary(PKCS7::Signer) .add_recipient(oX509::Certificate) => self .add_certificate(oX509::Certificate) => self .add_crl(oX509::CRL) => self - .add_data(sData [, bDetached]) => self - .verify_data(oX509::Store [, sDetachedData]) => bResult, yields PKCS7::Signer - .decode_data(oPKey::ANY, oX509::Certificate) => sData + .add_data(sData) => self .to_pem() => sPEM .to_s <=> .to_pem @@ -308,9 +317,37 @@ OpenSSL:: RandomError - SSL:: - Doc TODO! - - Error + SSL:: + SSLContext + ::new([a Symbols as SSL methods]) + ---------------------------------- + .cert=(aX509::Certificate) + .key=(aPKey) + .client_ca=(aX509::Certificate|Ary(X509::Certificate)) + .ca_file=(a path of PEM file) + .ca_path=(a path of directory) + .timeout=(fTimeout) + .verify_mode=(fMode) + .verify_depth=(fDepth) + .verify_callback=(aProc) + .cert_store=(aX509::Store) + .options=(fOptions) + + SSLSocket + ::new(aIO [, aSSLContext]) + ---------------------------------- + .to_io => aIO + .accept => self + .connect => self + .sysread(fLength) => aString + .syswrite(sData) => fSize + .sysclose => nil + .peer_cert => aX509::Certificate + .cert => aX509::Certificate + .cipher => Ary(sSipherName) + .state => sStateString + + SSLError X509:: Attribute @@ -381,7 +418,48 @@ OpenSSL:: Store - Doc TODO! + StoreContext - Doc TODO! + StoreError + + OCSP:: + Request - Doc TODO! + ::new(sDER) + ---------------------------------- + .add_nonce([sValue]) + .check_nonce(oBasicResponse) => fResult + .certid => oCertificateId + .sign(oX509::Certificate, oPKey [, Ary(X509::Certificate), fFlags]) + .verify(oX509::Certificate, oX509::Store [, fFlags]) => fResult + .to_der => sDER + + Response - Doc TODO! + ::new + ---------------------------------- + .status => fStatus + .status_string => sStatus + .basic => oBasicResponse + .to_der => sDER + + BasicResponse + ::new(sDER) + ---------------------------------- + .copy_nonce(oRequest) + .add_nonce([sValue]) + .add_status(oCertificateId, fStatus, fRevokeReason, tRevokeTime, tThisUpdate, tNextUpdate, Ary(X509::Extension)) + .status => Ary(oCertificateId, fStatus, fRevokeReason, tRevokeTime, tThisUpdate, tNextUpdate, Ary(X509::Extension)) + .sign(oX509::Certificate, aPKey [, Ary(X509::Certificate), fFlags]) + .verify(oX509::Certificate, oX509::Store [, fFlags]) => fResult + + CertificateId + ::new(oX509::Certificate, oX509::Certificate) + ---------------------------------- + .cmp(oCertificateId) => bResult + .cmp_issuer(aCertificateId) => bResult + .serial => fSerialNumber + + OCSPError + -------------------------------------------------- [Examples] diff --git a/examples/gen_cert.rb b/examples/gen_cert.rb index 10bc5ed..6f7fa35 100755 --- a/examples/gen_cert.rb +++ b/examples/gen_cert.rb @@ -22,14 +22,14 @@ passwd_cb = Proc.new{|flag| def usage myname = File::basename($0) - $stderr.puts "Usage: #{myname} [-c ca_cert] [-k ca_key] serial cn" + $stderr.puts "Usage: #{myname} [-c ca_cert] [-k ca_key] serial csr.pem" exit end getopts nil, "c:", "k:" num = ARGV.shift or usage() -cn = ARGV.shift or usage() +csr = ARGV.shift or usage() ARGV.empty? or usage() $stdout.sync = true @@ -42,19 +42,15 @@ ca_key_file = $OPT_k || "./0key-plain.pem" puts "Reading CA key (from #{ca_key_file})" ca_key = PKey::RSA.new(File.read(ca_key_file), &passwd_cb) -print "Generating key: " -key = PKey::RSA.new(1024){ putc "." } -putc "\n" +puts "Reading CSR (from #{csr})" +req = X509::Request.new(File.read(csr)) cert = X509::Certificate.new -name = ca.subject.to_a.collect {|id, val| - if id =~ /CN/ then [id, cn] else [id, val] end -} -cert.subject = X509::Name.new(name) +cert.subject = req.subject cert.issuer = ca.subject cert.not_before = Time.now cert.not_after = Time.now + 365 * 24 * 60 * 60 -cert.public_key = key +cert.public_key = req.public_key cert.serial = num.to_i cert.version = 2 # X509v3 @@ -74,16 +70,4 @@ File.open(cert_file, "w") do |f| f << cert.to_pem end -key_plain_file = "./#{cert.serial}key-plain.pem" -puts "Writing #{key_plain_file}." -File.open(key_plain_file, "w", 0600) do |f| - f << key.to_pem -end - -key_file = "./#{cert.serial}key.pem" -puts "Writing #{key_file}." -File.open(key_file, "w") do |f| - f << key.export(Cipher::DES.new(:EDE3, :CBC), &passwd_cb) -end - puts "DONE. (Generated certificate for '#{cert.subject}')" diff --git a/examples/gen_csr.rb b/examples/gen_csr.rb index 70045b2..1180b1a 100755 --- a/examples/gen_csr.rb +++ b/examples/gen_csr.rb @@ -1,5 +1,6 @@ #!/usr/bin/env ruby +require 'getopts' require 'openssl' include OpenSSL @@ -13,6 +14,10 @@ EOS exit end +getopts nil, "csrout:", "keyout:" +csrout = $OPT_csrout || "csr.pem" +keyout = $OPT_keyout || "keypair.pem" + name_str = ARGV.shift or usage() keypair_file = ARGV.shift @@ -27,8 +32,8 @@ if keypair_file else keypair = PKey::RSA.new(1024) { putc "." } puts - puts "Writing keypair.pem..." - File.open("keypair.pem", "w", 0400) do |f| + puts "Writing #{keyout}..." + File.open(keyout, "w", 0400) do |f| f << keypair.to_pem end end @@ -40,7 +45,7 @@ req.subject = name req.public_key = keypair.public_key req.sign(keypair, Digest::SHA1.new) -puts "Writing csr.pem..." -File.open("csr.pem", "w") do |f| +puts "Writing #{csrout}..." +File.open(csrout, "w") do |f| f << req.to_pem end diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index 0a31f6e..631f1d1 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -65,32 +65,19 @@ class ExtensionFactory end # ExtensionFactory class Extension - # note: Extension.new is UNDEFed! - use ExtensionFactory.create_extension - # - # to_a is built-in - # def to_s # "oid = critical, value" - ary = self.to_a - str = ary[0] + " = " - str += "critical, " if ary[2] == true - str += ary[1] + str = self.oid + str << " = " + str << "critical, " if self.critical? + str << self.value.gsub(/\n/, ", ") end def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} - ary = self.to_a - {"oid"=>ary[0],"value"=>ary[1],"critical"=>ary[2]} - end - - def oid - self.to_a[0] + {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?} end - def value - self.to_a[1] - end - - def critical? - self.to_a[2] + def to_a + [ self.oid, self.value, self.critical? ] end end # Extension diff --git a/ossl_x509ext.c b/ossl_x509ext.c index daac739..caea5bc 100644 --- a/ossl_x509ext.c +++ b/ossl_x509ext.c @@ -245,47 +245,57 @@ ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary) * Ext */ static VALUE -ossl_x509ext_to_a(VALUE obj) +ossl_x509ext_get_oid(VALUE obj) { X509_EXTENSION *ext; ASN1_OBJECT *extobj; BIO *out; - BUF_MEM *buf; - int nid, critical; - const char* sn; - VALUE ary, value; + VALUE ret; + int nid, status = 0; GetX509Ext(obj, ext); - ary = rb_ary_new2(3); - extobj = X509_EXTENSION_get_object(ext); - if ((nid = OBJ_obj2nid(extobj)) == NID_undef) { - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509ExtError, ""); - } + if ((nid = OBJ_obj2nid(extobj)) != NID_undef) + ret = rb_str_new2(OBJ_nid2sn(nid)); + else{ + if (!(out = BIO_new(BIO_s_mem()))) + ossl_raise(eX509ExtError, NULL); i2a_ASN1_OBJECT(out, extobj); - BIO_get_mem_ptr(out, &buf); - rb_ary_push(ary, rb_str_new(buf->data, buf->length)); + ret = ossl_protect_membio2str(out, &status); BIO_free(out); - } else { - sn = OBJ_nid2sn(nid); - rb_ary_push(ary, rb_str_new2(sn)); - } - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509ExtError, ""); + if(status) rb_jump_tag(status); } - if (!X509V3_EXT_print(out, ext, 0, 0)) { + + return ret; +} + +static VALUE +ossl_x509ext_get_value(VALUE obj) +{ + X509_EXTENSION *ext; + BIO *out; + VALUE ret; + char *p; + int status = 0; + + GetX509Ext(obj, ext); + if (!(out = BIO_new(BIO_s_mem()))) + ossl_raise(eX509ExtError, NULL); + if (!X509V3_EXT_print(out, ext, 0, 0)) M_ASN1_OCTET_STRING_print(out, ext->value); - } - BIO_get_mem_ptr(out, &buf); - value = rb_str_new(buf->data, buf->length); + ret = ossl_protect_membio2str(out, &status); BIO_free(out); - rb_funcall(value, rb_intern("tr!"), 2, rb_str_new2("\n"), rb_str_new2(",")); - rb_ary_push(ary, value); - critical = X509_EXTENSION_get_critical(ext); - rb_ary_push(ary, (critical) ? Qtrue : Qfalse); + if(status) rb_jump_tag(status); + + return ret; +} - return ary; +static VALUE +ossl_x509ext_get_critical(VALUE obj) +{ + X509_EXTENSION *ext; + GetX509Ext(obj, ext); + return X509_EXTENSION_get_critical(ext) ? Qtrue : Qfalse; } /* @@ -294,7 +304,6 @@ ossl_x509ext_to_a(VALUE obj) void Init_ossl_x509ext() { - eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError); cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject); @@ -314,6 +323,8 @@ Init_ossl_x509ext() rb_define_alloc_func(cX509Ext, ossl_x509ext_alloc); rb_define_method(cX509Ext, "initialize", ossl_x509ext_initialize, -1); */ - rb_define_method(cX509Ext, "to_a", ossl_x509ext_to_a, 0); + rb_define_method(cX509Ext, "oid", ossl_x509ext_get_oid, 0); + rb_define_method(cX509Ext, "value", ossl_x509ext_get_value, 0); + rb_define_method(cX509Ext, "critical?", ossl_x509ext_get_critical, 0); } |