diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2021-02-25 19:39:52 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-02-25 19:39:52 +0900 |
commit | 0313e1bfeb96e67b5c1960704a0cc4091401332b (patch) | |
tree | 0f3a5906b6ec27766da27b51bb5f60ec1600e9a1 | |
parent | a9954bac22ba8d9f9491732f3816bc1316eaa088 (diff) | |
parent | dafa851c0d52cb5edb6e3d0243b5b33d456fad83 (diff) | |
download | ruby-openssl-0313e1bfeb96e67b5c1960704a0cc4091401332b.tar.gz |
Merge branch 'ky/sample-updates'
* ky/sample-updates:
sample: update obsolete API use
sample: avoid "include OpenSSL"
-rw-r--r-- | sample/c_rehash.rb | 3 | ||||
-rw-r--r-- | sample/cert2text.rb | 7 | ||||
-rw-r--r-- | sample/certstore.rb | 7 | ||||
-rw-r--r-- | sample/echo_svr.rb | 6 | ||||
-rw-r--r-- | sample/gen_csr.rb | 14 | ||||
-rw-r--r-- | sample/smime_read.rb | 11 | ||||
-rw-r--r-- | sample/smime_write.rb | 15 |
7 files changed, 29 insertions, 34 deletions
diff --git a/sample/c_rehash.rb b/sample/c_rehash.rb index 8282816b..de4b66e9 100644 --- a/sample/c_rehash.rb +++ b/sample/c_rehash.rb @@ -1,7 +1,6 @@ #!/usr/bin/env ruby require 'openssl' -require 'digest/md5' class CHashDir include Enumerable @@ -161,7 +160,7 @@ private end def fingerprint(der) - Digest.hexdigest('MD5', der).upcase + OpenSSL::Digest.hexdigest('MD5', der).upcase end end diff --git a/sample/cert2text.rb b/sample/cert2text.rb index 50da224e..fe14e51d 100644 --- a/sample/cert2text.rb +++ b/sample/cert2text.rb @@ -1,10 +1,13 @@ #!/usr/bin/env ruby require 'openssl' -include OpenSSL::X509 def cert2text(cert_str) - [Certificate, CRL, Request].each do |klass| + [ + OpenSSL::X509::Certificate, + OpenSSL::X509::CRL, + OpenSSL::X509::Request, + ].each do |klass| begin puts klass.new(cert_str).to_text return diff --git a/sample/certstore.rb b/sample/certstore.rb index c6e8f816..72e59f6d 100644 --- a/sample/certstore.rb +++ b/sample/certstore.rb @@ -3,9 +3,6 @@ require 'crlstore' class CertStore - include OpenSSL - include X509 - attr_reader :self_signed_ca attr_reader :other_ca attr_reader :ee @@ -17,11 +14,11 @@ class CertStore @c_store = CHashDir.new(@certs_dir) @c_store.hash_dir(true) @crl_store = CrlStore.new(@c_store) - @x509store = Store.new + @x509store = OpenSSL::X509::Store.new @self_signed_ca = @other_ca = @ee = @crl = nil # Uncomment this line to let OpenSSL to check CRL for each certs. - # @x509store.flags = V_FLAG_CRL_CHECK | V_FLAG_CRL_CHECK_ALL + # @x509store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL add_path scan_certs diff --git a/sample/echo_svr.rb b/sample/echo_svr.rb index 1cc07b9b..f20fb52b 100644 --- a/sample/echo_svr.rb +++ b/sample/echo_svr.rb @@ -15,7 +15,7 @@ if cert_file && key_file cert = OpenSSL::X509::Certificate.new(File::read(cert_file)) key = OpenSSL::PKey.read(File::read(key_file)) else - key = OpenSSL::PKey::RSA.new(512){ print "." } + key = OpenSSL::PKey::RSA.new(2048){ print "." } puts cert = OpenSSL::X509::Certificate.new cert.version = 2 @@ -25,7 +25,7 @@ else cert.issuer = name cert.not_before = Time.now cert.not_after = Time.now + 3600 - cert.public_key = key.public_key + cert.public_key = key ef = OpenSSL::X509::ExtensionFactory.new(nil,cert) cert.extensions = [ ef.create_extension("basicConstraints","CA:FALSE"), @@ -37,7 +37,7 @@ else ef.issuer_certificate = cert cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") - cert.sign(key, OpenSSL::Digest.new('SHA1')) + cert.sign(key, "SHA1") end ctx = OpenSSL::SSL::SSLContext.new() diff --git a/sample/gen_csr.rb b/sample/gen_csr.rb index 2602b68a..34b23fec 100644 --- a/sample/gen_csr.rb +++ b/sample/gen_csr.rb @@ -3,8 +3,6 @@ require 'optparse' require 'openssl' -include OpenSSL - def usage myname = File::basename($0) $stderr.puts <<EOS @@ -21,13 +19,13 @@ keyout = options["keyout"] || "keypair.pem" $stdout.sync = true name_str = ARGV.shift or usage() -name = X509::Name.parse(name_str) +name = OpenSSL::X509::Name.parse(name_str) keypair = nil if keypair_file - keypair = PKey.read(File.read(keypair_file)) + keypair = OpenSSL::PKey.read(File.read(keypair_file)) else - keypair = PKey::RSA.new(1024) { putc "." } + keypair = OpenSSL::PKey::RSA.new(2048) { putc "." } puts puts "Writing #{keyout}..." File.open(keyout, "w", 0400) do |f| @@ -37,11 +35,11 @@ end puts "Generating CSR for #{name_str}" -req = X509::Request.new +req = OpenSSL::X509::Request.new req.version = 0 req.subject = name -req.public_key = keypair.public_key -req.sign(keypair, Digest.new('MD5')) +req.public_key = keypair +req.sign(keypair, "MD5") puts "Writing #{csrout}..." File.open(csrout, "w") do |f| diff --git a/sample/smime_read.rb b/sample/smime_read.rb index a70105fd..b617c6e3 100644 --- a/sample/smime_read.rb +++ b/sample/smime_read.rb @@ -1,6 +1,5 @@ require 'optparse' require 'openssl' -include OpenSSL options = ARGV.getopts("c:k:C:") @@ -10,14 +9,14 @@ ca_path = options["C"] data = $stdin.read -cert = X509::Certificate.new(File::read(cert_file)) -key = PKey::read(File::read(key_file)) -p7enc = PKCS7::read_smime(data) +cert = OpenSSL::X509::Certificate.new(File::read(cert_file)) +key = OpenSSL::PKey::read(File::read(key_file)) +p7enc = OpenSSL::PKCS7::read_smime(data) data = p7enc.decrypt(key, cert) -store = X509::Store.new +store = OpenSSL::X509::Store.new store.add_path(ca_path) -p7sig = PKCS7::read_smime(data) +p7sig = OpenSSL::PKCS7::read_smime(data) if p7sig.verify([], store) puts p7sig.data end diff --git a/sample/smime_write.rb b/sample/smime_write.rb index 20c933b2..e1254d87 100644 --- a/sample/smime_write.rb +++ b/sample/smime_write.rb @@ -1,6 +1,5 @@ require 'openssl' require 'optparse' -include OpenSSL options = ARGV.getopts("c:k:r:") @@ -8,16 +7,16 @@ cert_file = options["c"] key_file = options["k"] rcpt_file = options["r"] -cert = X509::Certificate.new(File::read(cert_file)) -key = PKey::read(File::read(key_file)) +cert = OpenSSL::X509::Certificate.new(File::read(cert_file)) +key = OpenSSL::PKey::read(File::read(key_file)) data = "Content-Type: text/plain\r\n" data << "\r\n" data << "This is a clear-signed message.\r\n" -p7sig = PKCS7::sign(cert, key, data, [], PKCS7::DETACHED) -smime0 = PKCS7::write_smime(p7sig) +p7sig = OpenSSL::PKCS7::sign(cert, key, data, [], OpenSSL::PKCS7::DETACHED) +smime0 = OpenSSL::PKCS7::write_smime(p7sig) -rcpt = X509::Certificate.new(File::read(rcpt_file)) -p7enc = PKCS7::encrypt([rcpt], smime0) -print PKCS7::write_smime(p7enc) +rcpt = OpenSSL::X509::Certificate.new(File::read(rcpt_file)) +p7enc = OpenSSL::PKCS7::encrypt([rcpt], smime0) +print OpenSSL::PKCS7::write_smime(p7enc) |