* ext/openssl/ossl_x509store.c

  (ossl_x509store_set_time): add OpenSSL::X509::Store#time=.
  (ossl_x509stctx_set_time): add OpenSSL::X509::StoreContext#time=.

* test/openssl/ossl_x509store.rb: test certificate validity times.

* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
  second argument to specify the output format (see also
  X509_NAME_print_ex).

* ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants:
  OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253,
  OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE.

* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN):
  new module to provide the parse for RFC2253 DN format.

* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253):
  new method to parse RFC2253 DN format.

* test/openssl/ossl_x509name.rb: add tests about RFC2253 DN.

* text/openssl/ssl_server.rb: try to listen ports from 20443 to 20542
  while EADDRINUSE is raised.

* all changes in this entry are backport from 1.9.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7599 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 154 insertions, 8 deletions

diff --git a/ext/openssl/lib/openssl/x509.rb b/ext/openssl/lib/openssl/x509.rb
index 6dd469827a..e711bda39c 100644
--- a/ext/openssl/lib/openssl/x509.rb
+++ b/ext/openssl/lib/openssl/x509.rb
@@ -62,9 +62,92 @@ module OpenSSL
     end
 
     class Name
-      def self.parse(str, template=OBJECT_TYPE_TEMPLATE)
-        ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
-        self.new(ary, template)
+      module RFC2253DN
+        Special = ',=+<>#;'
+        HexChar = /[0-9a-fA-F]/
+        HexPair = /#{HexChar}#{HexChar}/
+        HexString = /#{HexPair}+/
+        Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
+        StringChar = /[^#{Special}\\"]/
+        QuoteChar = /[^\\"]/
+        AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
+        AttributeValue = /
+          (?!["#])((?:#{StringChar}|#{Pair})*)|
+          \#(#{HexString})|
+          "((?:#{QuoteChar}|#{Pair})*)"
+        /x
+        TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
+
+        module_function
+
+        def expand_pair(str)
+          return nil unless str
+          return str.gsub(Pair){|pair|
+            case pair.size
+            when 2 then pair[1,1]
+            when 3 then Integer("0x#{pair[1,2]}").chr
+            else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
+            end
+          }
+        end
+
+        def expand_hexstring(str)
+          return nil unless str
+          der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
+          a1 = OpenSSL::ASN1.decode(der)
+          return a1.value, a1.tag
+        end
+
+        def expand_value(str1, str2, str3)
+          value = expand_pair(str1)
+          value, tag = expand_hexstring(str2) unless value
+          value = expand_pair(str3) unless value
+          return value, tag
+        end
+
+        def scan(dn)
+          str = dn
+          ary = []
+          while true
+            if md = TypeAndValue.match(str)
+              matched = md.to_s
+              remain = md.post_match
+              type = md[1]
+              value, tag = expand_value(md[2], md[3], md[4]) rescue nil
+              if value
+                type_and_value = [type, value]
+                type_and_value.push(tag) if tag
+                ary.unshift(type_and_value)
+                if remain.length > 2 && remain[0] == ?,
+                  str = remain[1..-1]
+                  next
+                elsif remain.length > 2 && remain[0] == ?+
+                  raise OpenSSL::X509::NameError,
+                    "multi-valued RDN is not supported: #{dn}"
+                elsif remain.empty?
+                  break
+                end
+              end
+            end
+            msg_dn = dn[0, dn.length - str.length] + " =>" + str
+            raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
+          end
+          return ary
+        end
+      end
+
+      class <<self
+        def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
+          ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
+          self.new(ary, template)
+        end
+
+        def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
+          ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
+          self.new(ary, template)
+        end
+
+        alias parse parse_openssl
       end
     end
   end
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index fdd94da15a..be1f1de662 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -161,7 +161,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
 }
 
 static VALUE
-ossl_x509name_to_s(VALUE self)
+ossl_x509name_to_s_old(VALUE self)
 {
     X509_NAME *name;
     char *buf;
@@ -175,6 +175,30 @@ ossl_x509name_to_s(VALUE self)
     return str;
 }
 
+static VALUE
+ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
+{           
+    X509_NAME *name;
+    VALUE flag, str;
+    BIO *out;
+    unsigned long iflag;
+
+    rb_scan_args(argc, argv, "01", &flag);
+    if (NIL_P(flag))
+	return ossl_x509name_to_s_old(self);
+    else iflag = NUM2ULONG(flag);
+    if (!(out = BIO_new(BIO_s_mem())))
+	rb_raise(eX509NameError, NULL);
+    GetX509Name(self, name);
+    if (!X509_NAME_print_ex(out, name, 0, iflag)){
+	BIO_free(out);
+	rb_raise(eX509NameError, NULL);
+    }
+    str = ossl_membio2str(out);
+
+    return str;
+}
+
 static VALUE 
 ossl_x509name_to_a(VALUE self)
 {
@@ -290,7 +314,7 @@ Init_ossl_x509name()
     rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
     rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
     rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
-    rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0);
+    rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
     rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
     rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1);
     rb_define_alias(cX509Name, "<=>", "cmp");
@@ -311,4 +335,9 @@ Init_ossl_x509name()
     rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
     rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
     rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
+
+    rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
+    rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
+    rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
+    rb_define_const(cX509Name, "MULTILINE", ULONG2NUM(XN_FLAG_MULTILINE));
 }
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 45d4aee6c9..cf1a2cdac4 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -190,6 +190,13 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
 }
 
 static VALUE 
+ossl_x509store_set_time(VALUE self, VALUE time)
+{
+    rb_iv_set(self, "@time", time);
+    return time;
+}
+
+static VALUE 
 ossl_x509store_add_file(VALUE self, VALUE file)
 {
     X509_STORE *store;
@@ -332,6 +339,11 @@ ossl_x509stctx_alloc(VALUE klass)
     return obj;
 }
 
+static VALUE ossl_x509stctx_set_flags(VALUE, VALUE);
+static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE);
+static VALUE ossl_x509stctx_set_trust(VALUE, VALUE);
+static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
+
 static VALUE
 ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
 {
@@ -353,10 +365,11 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
     }
 #else
     X509_STORE_CTX_init(ctx, x509st, x509, x509s);
-    X509_STORE_CTX_set_flags(ctx, NUM2INT(rb_iv_get(store, "@flags")));
-    X509_STORE_CTX_set_purpose(ctx, NUM2INT(rb_iv_get(store, "@purpose")));
-    X509_STORE_CTX_set_trust(ctx, NUM2INT(rb_iv_get(store, "@trust")));
+    ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
+    ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
+    ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
 #endif
+    ossl_x509stctx_set_time(self, rb_iv_get(store, "@time"));
     rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
     rb_iv_set(self, "@cert", cert);
 
@@ -518,6 +531,25 @@ ossl_x509stctx_set_trust(VALUE self, VALUE trust)
     return trust;
 }
 
+static VALUE
+ossl_x509stctx_set_time(VALUE self, VALUE time)
+{
+    X509_STORE_CTX *store;
+
+    if(NIL_P(time)) {
+	GetX509StCtx(self, store);
+	store->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
+    }
+    else {
+	long t = NUM2LONG(rb_Integer(time));
+
+	GetX509StCtx(self, store);
+	X509_STORE_CTX_set_time(store, 0, t);
+    }
+
+    return time;
+}
+
 /*
  * INIT
  */
@@ -539,6 +571,7 @@ Init_ossl_x509store()
     rb_define_method(cX509Store, "flags=",       ossl_x509store_set_flags, 1);
     rb_define_method(cX509Store, "purpose=",     ossl_x509store_set_purpose, 1);
     rb_define_method(cX509Store, "trust=",       ossl_x509store_set_trust, 1);
+    rb_define_method(cX509Store, "time=",        ossl_x509store_set_time, 1);
     rb_define_method(cX509Store, "add_path",     ossl_x509store_add_path, 1);
     rb_define_method(cX509Store, "add_file",     ossl_x509store_add_file, 1);
     rb_define_method(cX509Store, "add_cert",     ossl_x509store_add_cert, 1);
@@ -561,5 +594,6 @@ Init_ossl_x509store()
     rb_define_method(x509stctx,"flags=",      ossl_x509stctx_set_flags, 1);
     rb_define_method(x509stctx,"purpose=",    ossl_x509stctx_set_purpose, 1);
     rb_define_method(x509stctx,"trust=",      ossl_x509stctx_set_trust, 1);
+    rb_define_method(x509stctx,"time=",       ossl_x509stctx_set_time, 1);
 
 }