lib/ssl.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

=begin

  ssl.rb -- to support migrations from SSLSocket.

  Copyright (C) 2001-2002 GOTOU Yuuzou <gotoyuzo@notowrk.org>

  This program is licenced under the same licence as Ruby.
  (See the file 'LICENCE'.)

=end

require 'openssl'

$stderr.puts "Warning: `ssl.rb' is obsolete. please use `openssl.rb'"

module SSL
  include OpenSSL::SSL
  VERSION = ::OpenSSL::VERSION
  OPENSSL_VERSION = ::OpenSSL::OPENSSL_VERSION

  X509_STORE_CTX = ::OpenSSL::X509::Store
  class X509_STORE_CTX
    alias error_message verify_message
    alias error verify_status
    alias current_cert cert
    alias error_depth verify_depth
  end

  X509 = ::OpenSSL::X509::Certificate
  class X509
    alias serialNumber serial
    alias inspect to_pem
    def notBefore; not_before.to_s; end
    def notAfter; not_after.to_s; end

    def sigAlgor
      # sorry, not support on Ruby/OpenSSL
      ""
    end

    def key_type
      case public_key
      when ::OpenSSL::PKey::RSA
        "rsaEncryption"
      when ::OpenSSL::PKey::DSA
        "dsaEncryption"
      else
        "unknown"
      end
    end

    alias __initialize initialize
    def initialize(arg)
      if arg.is_a?(String)
        arg = open(arg){|io| io.read }
      end
      __initialize(arg)
    end

    alias __verify verify
    def verify(arg)
      case arg
      when String; arg = type.new(arg).public_key
      when type;   arg = arg.public_key
      end
      __verify arg
    end

    def extension
      extensions.collect{|ext| ext.to_a }
    end

    %w( UNABLE_TO_GET_ISSUER_CERT
        UNABLE_TO_GET_CRL
        UNABLE_TO_DECRYPT_CERT_SIGNATURE
        UNABLE_TO_DECRYPT_CRL_SIGNATURE
        UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
        CERT_SIGNATURE_FAILURE
        CRL_SIGNATURE_FAILURE  
        CERT_NOT_YET_VALID 
        CERT_HAS_EXPIRED
        CRL_NOT_YET_VALID
        CRL_HAS_EXPIRED
        ERROR_IN_CERT_NOT_BEFORE_FIELD
        ERROR_IN_CERT_NOT_AFTER_FIELD
        ERROR_IN_CRL_LAST_UPDATE_FIELD
        ERROR_IN_CRL_NEXT_UPDATE_FIELD
        OUT_OF_MEM
        DEPTH_ZERO_SELF_SIGNED_CERT
        SELF_SIGNED_CERT_IN_CHAIN
        UNABLE_TO_GET_ISSUER_CERT_LOCALLY 
        UNABLE_TO_VERIFY_LEAF_SIGNATURE
        CERT_CHAIN_TOO_LONG
        CERT_REVOKED
        INVALID_CA
        PATH_LENGTH_EXCEEDED
        INVALID_PURPOSE
        CERT_UNTRUSTED
        CERT_REJECTED
        SUBJECT_ISSUER_MISMATCH
        AKID_SKID_MISMATCH 
        AKID_ISSUER_SERIAL_MISMATCH
        KEYUSAGE_NO_CERTSIGN
        APPLICATION_VERIFICATION
    ).each{|name|
       eval("#{name} = ::OpenSSL::X509::Store::#{name}")
    }
  end

end