*** empty log message ***

6 files changed, 151 insertions, 85 deletions

diff --git a/ChangeLog b/ChangeLog
index 68d4836..addf0e8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ Tue, 01 Jul 2003 17:11:40 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org>
 	* lib/openssl/x509.rb: X509::Extension#to_a is implented by Ruby.
 	* examples/gen_csr.rb: 2nd argument is CSR filename.
 	* examples/gen_cert.rb: --csrout and --keyout options are added.
+	* README: revised.
 
 Tue, 01 Jul 2003 13:08:11 +0900 -- NAKAMURA, Hiroshi <nahi@ruby-lang.org>
 	* ossl_x509crl.c: Add OpenSSL::X509::CRL#to_der (ossl_x509crl_to_der).
diff --git a/README b/README
index 6c4c2df..e2f9645 100644
--- a/README
+++ b/README
@@ -71,6 +71,8 @@ This program is licenced under the same licence as Ruby.
 	= OpenSSL config file parser (part)
 	= BN (safe bignums)
 	= Diffie-Hellman
+	= PKCS#7 <-> S/MIME
+	= OCSP
 
 [To-Do]
 	= check for memory leaking :-))
@@ -91,7 +93,7 @@ This program is licenced under the same licence as Ruby.
 	= BIO ???
 	= compat tests for RSA/DSA sign/encrypt
 
-[Documentation/API]
+Documentation/API]
 	Sorry, not done. See 'test' folder's examples and grep C sources for rb_define_*method :-))
 
 --------------------------------------------------
@@ -217,17 +219,24 @@ OpenSSL::
 			type:	SIGNED, ENVELOPED, SIGNED_ENVELOPED
 
 		PKCS7
-			::new(cType|sPEM)
+			::new(sPEM)
+			::read_smime(sSMIME) => oPKCS7
+			::write_smime(oPKCS7 [, sText, fFlags]) => sSMIME
+			::sign(oX509::Certificate, oPKey, sData [, Ary(X509::Certificate), fFlags]) #=> oPKCS7
+			::encrypt(Ary(X509::Certificate), sData, oCipher [, fFlags]) #=> oPKCS7
 			----------------------------------
+			.decrypt(oPKey, oX509::Certificate [, iFlags]) => sData
+			.verify(Ary(X509::Certificate), oX509::Store [, sData, fFlags]) => sData
+			.type=(a Symbol as PKCS#7)
+			.detached=(bDetached)
+			.detached? => bResult
 			.cipher=(oCipher::ANY) => oCipher::ANY
 			.add_signer(oPKCS7::Signer, oPKey::ANY) => self
-			.signers() => Array of PKCS7::Signer
+			.signers() => Ary(PKCS7::Signer)
 			.add_recipient(oX509::Certificate) => self
 			.add_certificate(oX509::Certificate) => self
 			.add_crl(oX509::CRL) => self
-			.add_data(sData [, bDetached]) => self
-			.verify_data(oX509::Store [, sDetachedData]) => bResult, yields PKCS7::Signer
-			.decode_data(oPKey::ANY, oX509::Certificate) => sData
+			.add_data(sData) => self
 			.to_pem() => sPEM
 			.to_s <=> .to_pem
 
@@ -308,9 +317,37 @@ OpenSSL::
 	
 	RandomError
 	
-	SSL:: - Doc TODO!
-
-		Error
+	SSL::
+		SSLContext
+			::new([a Symbols as SSL methods])
+			----------------------------------
+			.cert=(aX509::Certificate)
+			.key=(aPKey)
+			.client_ca=(aX509::Certificate|Ary(X509::Certificate))
+			.ca_file=(a path of PEM file)
+			.ca_path=(a path of directory)
+			.timeout=(fTimeout)
+			.verify_mode=(fMode)
+			.verify_depth=(fDepth)
+			.verify_callback=(aProc)
+			.cert_store=(aX509::Store)
+			.options=(fOptions)
+
+		SSLSocket
+			::new(aIO [, aSSLContext])
+			----------------------------------
+			.to_io => aIO
+			.accept => self
+			.connect => self
+			.sysread(fLength) => aString
+			.syswrite(sData) => fSize
+			.sysclose => nil
+			.peer_cert => aX509::Certificate
+			.cert => aX509::Certificate
+			.cipher => Ary(sSipherName)
+			.state => sStateString
+
+		SSLError
 		
 	X509::
 		Attribute
@@ -381,7 +418,48 @@ OpenSSL::
 		
 		Store - Doc TODO!
 
+		StoreContext - Doc TODO!
+
 		StoreError
+
+	OCSP::
+		Request - Doc TODO!
+			::new(sDER)
+			----------------------------------
+			.add_nonce([sValue])
+			.check_nonce(oBasicResponse) => fResult
+			.certid => oCertificateId
+			.sign(oX509::Certificate, oPKey [, Ary(X509::Certificate), fFlags])
+			.verify(oX509::Certificate, oX509::Store [, fFlags]) => fResult
+			.to_der => sDER
+
+		Response - Doc TODO!
+			::new
+			----------------------------------
+			.status => fStatus
+			.status_string => sStatus
+			.basic => oBasicResponse
+			.to_der => sDER
+
+		BasicResponse
+			::new(sDER)
+			----------------------------------
+			.copy_nonce(oRequest)
+			.add_nonce([sValue])
+			.add_status(oCertificateId, fStatus, fRevokeReason, tRevokeTime, tThisUpdate, tNextUpdate, Ary(X509::Extension))
+			.status => Ary(oCertificateId, fStatus, fRevokeReason, tRevokeTime, tThisUpdate, tNextUpdate, Ary(X509::Extension))
+			.sign(oX509::Certificate, aPKey [, Ary(X509::Certificate), fFlags])
+			.verify(oX509::Certificate, oX509::Store [, fFlags]) => fResult
+
+		CertificateId
+			::new(oX509::Certificate, oX509::Certificate)
+			----------------------------------
+			.cmp(oCertificateId) => bResult
+			.cmp_issuer(aCertificateId) => bResult
+			.serial => fSerialNumber
+
+		OCSPError
+
 --------------------------------------------------
 
 [Examples]
diff --git a/examples/gen_cert.rb b/examples/gen_cert.rb
index 10bc5ed..6f7fa35 100755
--- a/examples/gen_cert.rb
+++ b/examples/gen_cert.rb
@@ -22,14 +22,14 @@ passwd_cb = Proc.new{|flag|
 
 def usage
   myname = File::basename($0)
-  $stderr.puts "Usage: #{myname} [-c ca_cert] [-k ca_key] serial cn"
+  $stderr.puts "Usage: #{myname} [-c ca_cert] [-k ca_key] serial csr.pem"
   exit
 end
 
 getopts nil, "c:", "k:"
 
 num = ARGV.shift or usage()
-cn = ARGV.shift  or usage()
+csr = ARGV.shift  or usage()
 ARGV.empty?      or usage()
 
 $stdout.sync = true
@@ -42,19 +42,15 @@ ca_key_file = $OPT_k || "./0key-plain.pem"
 puts "Reading CA key (from #{ca_key_file})"
 ca_key = PKey::RSA.new(File.read(ca_key_file), &passwd_cb)
 
-print "Generating key: "
-key = PKey::RSA.new(1024){ putc "." }
-putc "\n"
+puts "Reading CSR (from #{csr})"
+req = X509::Request.new(File.read(csr))
 
 cert = X509::Certificate.new
-name = ca.subject.to_a.collect {|id, val|
-  if id =~ /CN/ then [id, cn] else [id, val] end
-}
-cert.subject = X509::Name.new(name)
+cert.subject = req.subject
 cert.issuer = ca.subject
 cert.not_before = Time.now
 cert.not_after = Time.now + 365 * 24 * 60 * 60
-cert.public_key = key
+cert.public_key = req.public_key
 cert.serial = num.to_i
 cert.version = 2 # X509v3
 
@@ -74,16 +70,4 @@ File.open(cert_file, "w") do |f|
   f << cert.to_pem
 end
 
-key_plain_file = "./#{cert.serial}key-plain.pem"
-puts "Writing #{key_plain_file}."
-File.open(key_plain_file, "w", 0600) do |f|
-  f << key.to_pem
-end
-
-key_file = "./#{cert.serial}key.pem"
-puts "Writing #{key_file}."
-File.open(key_file, "w") do |f|
-  f << key.export(Cipher::DES.new(:EDE3, :CBC), &passwd_cb)
-end
-
 puts "DONE. (Generated certificate for '#{cert.subject}')"
diff --git a/examples/gen_csr.rb b/examples/gen_csr.rb
index 70045b2..1180b1a 100755
--- a/examples/gen_csr.rb
+++ b/examples/gen_csr.rb
@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
 
+require 'getopts'
 require 'openssl'
 
 include OpenSSL
@@ -13,6 +14,10 @@ EOS
   exit
 end
 
+getopts nil, "csrout:", "keyout:"
+csrout = $OPT_csrout || "csr.pem"
+keyout = $OPT_keyout || "keypair.pem"
+
 name_str = ARGV.shift or usage()
 keypair_file = ARGV.shift
 
@@ -27,8 +32,8 @@ if keypair_file
 else
   keypair = PKey::RSA.new(1024) { putc "." }
   puts
-  puts "Writing keypair.pem..."
-  File.open("keypair.pem", "w", 0400) do |f|
+  puts "Writing #{keyout}..."
+  File.open(keyout, "w", 0400) do |f|
     f << keypair.to_pem
   end
 end
@@ -40,7 +45,7 @@ req.subject = name
 req.public_key = keypair.public_key
 req.sign(keypair, Digest::SHA1.new)
 
-puts "Writing csr.pem..."
-File.open("csr.pem", "w") do |f|
+puts "Writing #{csrout}..."
+File.open(csrout, "w") do |f|
   f << req.to_pem
 end
diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb
index 0a31f6e..631f1d1 100644
--- a/lib/openssl/x509.rb
+++ b/lib/openssl/x509.rb
@@ -65,32 +65,19 @@ class ExtensionFactory
 end # ExtensionFactory
     
 class Extension
-  # note: Extension.new is UNDEFed! - use ExtensionFactory.create_extension
-  #
-  # to_a is built-in
-  # 
   def to_s # "oid = critical, value"
-    ary = self.to_a
-    str = ary[0] + " = "
-    str += "critical, " if ary[2] == true
-    str += ary[1]
+    str = self.oid
+    str << " = "
+    str << "critical, " if self.critical?
+    str << self.value.gsub(/\n/, ", ")
   end
       
   def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
-    ary = self.to_a
-    {"oid"=>ary[0],"value"=>ary[1],"critical"=>ary[2]}
-  end
-
-  def oid
-    self.to_a[0]
+    {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
   end
 
-  def value
-    self.to_a[1]
-  end
-      
-  def critical?
-    self.to_a[2]
+  def to_a
+    [ self.oid, self.value, self.critical? ]
   end
 end # Extension
     
diff --git a/ossl_x509ext.c b/ossl_x509ext.c
index daac739..caea5bc 100644
--- a/ossl_x509ext.c
+++ b/ossl_x509ext.c
@@ -245,47 +245,57 @@ ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary)
  * Ext
  */
 static VALUE 
-ossl_x509ext_to_a(VALUE obj)
+ossl_x509ext_get_oid(VALUE obj)
 {
     X509_EXTENSION *ext;
     ASN1_OBJECT *extobj;
     BIO *out;
-    BUF_MEM *buf;
-    int nid, critical;
-    const char* sn;
-    VALUE ary, value;
+    VALUE ret;
+    int nid, status = 0;
 
     GetX509Ext(obj, ext);
-    ary = rb_ary_new2(3);
-
     extobj = X509_EXTENSION_get_object(ext);
-    if ((nid = OBJ_obj2nid(extobj)) == NID_undef) {
-        if (!(out = BIO_new(BIO_s_mem()))) {
-	    ossl_raise(eX509ExtError, "");
-	}
+    if ((nid = OBJ_obj2nid(extobj)) != NID_undef)
+	ret = rb_str_new2(OBJ_nid2sn(nid));
+    else{
+	if (!(out = BIO_new(BIO_s_mem())))
+	    ossl_raise(eX509ExtError, NULL);
 	i2a_ASN1_OBJECT(out, extobj);
-	BIO_get_mem_ptr(out, &buf);
-	rb_ary_push(ary, rb_str_new(buf->data, buf->length));
+	ret = ossl_protect_membio2str(out, &status);
 	BIO_free(out);
-    } else {
-	sn = OBJ_nid2sn(nid);
-	rb_ary_push(ary, rb_str_new2(sn));
-    }
-    if (!(out = BIO_new(BIO_s_mem()))) {
-	ossl_raise(eX509ExtError, "");
+	if(status) rb_jump_tag(status);
     }
-    if (!X509V3_EXT_print(out, ext, 0, 0)) {
+
+    return ret;
+}
+
+static VALUE
+ossl_x509ext_get_value(VALUE obj)
+{
+    X509_EXTENSION *ext;
+    BIO *out;
+    VALUE ret;
+    char *p;
+    int status = 0;
+
+    GetX509Ext(obj, ext);
+    if (!(out = BIO_new(BIO_s_mem())))
+	ossl_raise(eX509ExtError, NULL);
+    if (!X509V3_EXT_print(out, ext, 0, 0))
 	M_ASN1_OCTET_STRING_print(out, ext->value);
-    }
-    BIO_get_mem_ptr(out, &buf);
-    value = rb_str_new(buf->data, buf->length);
+    ret = ossl_protect_membio2str(out, &status);
     BIO_free(out);
-    rb_funcall(value, rb_intern("tr!"), 2, rb_str_new2("\n"), rb_str_new2(","));
-    rb_ary_push(ary, value);
-    critical = X509_EXTENSION_get_critical(ext);
-    rb_ary_push(ary, (critical) ? Qtrue : Qfalse);
+    if(status) rb_jump_tag(status);
+
+    return ret;
+}
 
-    return ary;
+static VALUE
+ossl_x509ext_get_critical(VALUE obj)
+{
+    X509_EXTENSION *ext;
+    GetX509Ext(obj, ext);
+    return X509_EXTENSION_get_critical(ext) ? Qtrue : Qfalse;
 }
 
 /*
@@ -294,7 +304,6 @@ ossl_x509ext_to_a(VALUE obj)
 void
 Init_ossl_x509ext()
 {
-
     eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError);
     
     cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject);
@@ -314,6 +323,8 @@ Init_ossl_x509ext()
     rb_define_alloc_func(cX509Ext, ossl_x509ext_alloc);
     rb_define_method(cX509Ext, "initialize", ossl_x509ext_initialize, -1);
  */
-    rb_define_method(cX509Ext, "to_a", ossl_x509ext_to_a, 0);
+    rb_define_method(cX509Ext, "oid", ossl_x509ext_get_oid, 0);
+    rb_define_method(cX509Ext, "value", ossl_x509ext_get_value, 0);
+    rb_define_method(cX509Ext, "critical?", ossl_x509ext_get_critical, 0);
 }