diff options
author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-12-19 08:28:33 +0000 |
---|---|---|
committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-12-19 08:28:33 +0000 |
commit | 049c3927ff0692282187507e3d4914bb8112ff0a (patch) | |
tree | e309494f4ffa535b8868d251db6bb26c399d1722 /ext | |
parent | 80f52f38c7751854a1ab7c3187d104f4c09d35e6 (diff) |
* ext/openssl/ossl_x509store.c
(ossl_x509store_set_time): add OpenSSL::X509::Store#time=.
(ossl_x509stctx_set_time): add OpenSSL::X509::StoreContext#time=.
* test/openssl/ossl_x509store.rb: test certificate validity times.
* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
second argument to specify the output format (see also
X509_NAME_print_ex).
* ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants:
OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253,
OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE.
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN):
new module to provide the parse for RFC2253 DN format.
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253):
new method to parse RFC2253 DN format.
* test/openssl/ossl_x509name.rb: add tests about RFC2253 DN.
* text/openssl/ssl_server.rb: try to listen ports from 20443 to 20542
while EADDRINUSE is raised.
* all changes in this entry are backport from 1.9.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7599 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/lib/openssl/x509.rb | 89 | ||||
-rw-r--r-- | ext/openssl/ossl_x509name.c | 33 | ||||
-rw-r--r-- | ext/openssl/ossl_x509store.c | 40 |
3 files changed, 154 insertions, 8 deletions
diff --git a/ext/openssl/lib/openssl/x509.rb b/ext/openssl/lib/openssl/x509.rb index 6dd469827a..e711bda39c 100644 --- a/ext/openssl/lib/openssl/x509.rb +++ b/ext/openssl/lib/openssl/x509.rb @@ -62,9 +62,92 @@ module OpenSSL end class Name - def self.parse(str, template=OBJECT_TYPE_TEMPLATE) - ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) } - self.new(ary, template) + module RFC2253DN + Special = ',=+<>#;' + HexChar = /[0-9a-fA-F]/ + HexPair = /#{HexChar}#{HexChar}/ + HexString = /#{HexPair}+/ + Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/ + StringChar = /[^#{Special}\\"]/ + QuoteChar = /[^\\"]/ + AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/ + AttributeValue = / + (?!["#])((?:#{StringChar}|#{Pair})*)| + \#(#{HexString})| + "((?:#{QuoteChar}|#{Pair})*)" + /x + TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/ + + module_function + + def expand_pair(str) + return nil unless str + return str.gsub(Pair){|pair| + case pair.size + when 2 then pair[1,1] + when 3 then Integer("0x#{pair[1,2]}").chr + else raise OpenSSL::X509::NameError, "invalid pair: #{str}" + end + } + end + + def expand_hexstring(str) + return nil unless str + der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr } + a1 = OpenSSL::ASN1.decode(der) + return a1.value, a1.tag + end + + def expand_value(str1, str2, str3) + value = expand_pair(str1) + value, tag = expand_hexstring(str2) unless value + value = expand_pair(str3) unless value + return value, tag + end + + def scan(dn) + str = dn + ary = [] + while true + if md = TypeAndValue.match(str) + matched = md.to_s + remain = md.post_match + type = md[1] + value, tag = expand_value(md[2], md[3], md[4]) rescue nil + if value + type_and_value = [type, value] + type_and_value.push(tag) if tag + ary.unshift(type_and_value) + if remain.length > 2 && remain[0] == ?, + str = remain[1..-1] + next + elsif remain.length > 2 && remain[0] == ?+ + raise OpenSSL::X509::NameError, + "multi-valued RDN is not supported: #{dn}" + elsif remain.empty? + break + end + end + end + msg_dn = dn[0, dn.length - str.length] + " =>" + str + raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}" + end + return ary + end + end + + class <<self + def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE) + ary = OpenSSL::X509::Name::RFC2253DN.scan(str) + self.new(ary, template) + end + + def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE) + ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) } + self.new(ary, template) + end + + alias parse parse_openssl end end end diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index fdd94da15a..be1f1de662 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -161,7 +161,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self) } static VALUE -ossl_x509name_to_s(VALUE self) +ossl_x509name_to_s_old(VALUE self) { X509_NAME *name; char *buf; @@ -175,6 +175,30 @@ ossl_x509name_to_s(VALUE self) return str; } +static VALUE +ossl_x509name_to_s(int argc, VALUE *argv, VALUE self) +{ + X509_NAME *name; + VALUE flag, str; + BIO *out; + unsigned long iflag; + + rb_scan_args(argc, argv, "01", &flag); + if (NIL_P(flag)) + return ossl_x509name_to_s_old(self); + else iflag = NUM2ULONG(flag); + if (!(out = BIO_new(BIO_s_mem()))) + rb_raise(eX509NameError, NULL); + GetX509Name(self, name); + if (!X509_NAME_print_ex(out, name, 0, iflag)){ + BIO_free(out); + rb_raise(eX509NameError, NULL); + } + str = ossl_membio2str(out); + + return str; +} + static VALUE ossl_x509name_to_a(VALUE self) { @@ -290,7 +314,7 @@ Init_ossl_x509name() rb_define_alloc_func(cX509Name, ossl_x509name_alloc); rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1); rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1); - rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0); + rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1); rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0); rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1); rb_define_alias(cX509Name, "<=>", "cmp"); @@ -311,4 +335,9 @@ Init_ossl_x509name() rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str); rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str); rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash); + + rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT)); + rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253)); + rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE)); + rb_define_const(cX509Name, "MULTILINE", ULONG2NUM(XN_FLAG_MULTILINE)); } diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 45d4aee6c9..cf1a2cdac4 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -190,6 +190,13 @@ ossl_x509store_set_trust(VALUE self, VALUE trust) } static VALUE +ossl_x509store_set_time(VALUE self, VALUE time) +{ + rb_iv_set(self, "@time", time); + return time; +} + +static VALUE ossl_x509store_add_file(VALUE self, VALUE file) { X509_STORE *store; @@ -332,6 +339,11 @@ ossl_x509stctx_alloc(VALUE klass) return obj; } +static VALUE ossl_x509stctx_set_flags(VALUE, VALUE); +static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE); +static VALUE ossl_x509stctx_set_trust(VALUE, VALUE); +static VALUE ossl_x509stctx_set_time(VALUE, VALUE); + static VALUE ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) { @@ -353,10 +365,11 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) } #else X509_STORE_CTX_init(ctx, x509st, x509, x509s); - X509_STORE_CTX_set_flags(ctx, NUM2INT(rb_iv_get(store, "@flags"))); - X509_STORE_CTX_set_purpose(ctx, NUM2INT(rb_iv_get(store, "@purpose"))); - X509_STORE_CTX_set_trust(ctx, NUM2INT(rb_iv_get(store, "@trust"))); + ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags")); + ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose")); + ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust")); #endif + ossl_x509stctx_set_time(self, rb_iv_get(store, "@time")); rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); rb_iv_set(self, "@cert", cert); @@ -518,6 +531,25 @@ ossl_x509stctx_set_trust(VALUE self, VALUE trust) return trust; } +static VALUE +ossl_x509stctx_set_time(VALUE self, VALUE time) +{ + X509_STORE_CTX *store; + + if(NIL_P(time)) { + GetX509StCtx(self, store); + store->flags &= ~X509_V_FLAG_USE_CHECK_TIME; + } + else { + long t = NUM2LONG(rb_Integer(time)); + + GetX509StCtx(self, store); + X509_STORE_CTX_set_time(store, 0, t); + } + + return time; +} + /* * INIT */ @@ -539,6 +571,7 @@ Init_ossl_x509store() rb_define_method(cX509Store, "flags=", ossl_x509store_set_flags, 1); rb_define_method(cX509Store, "purpose=", ossl_x509store_set_purpose, 1); rb_define_method(cX509Store, "trust=", ossl_x509store_set_trust, 1); + rb_define_method(cX509Store, "time=", ossl_x509store_set_time, 1); rb_define_method(cX509Store, "add_path", ossl_x509store_add_path, 1); rb_define_method(cX509Store, "add_file", ossl_x509store_add_file, 1); rb_define_method(cX509Store, "add_cert", ossl_x509store_add_cert, 1); @@ -561,5 +594,6 @@ Init_ossl_x509store() rb_define_method(x509stctx,"flags=", ossl_x509stctx_set_flags, 1); rb_define_method(x509stctx,"purpose=", ossl_x509stctx_set_purpose, 1); rb_define_method(x509stctx,"trust=", ossl_x509stctx_set_trust, 1); + rb_define_method(x509stctx,"time=", ossl_x509stctx_set_time, 1); } |