summaryrefslogtreecommitdiff
path: root/ext/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/lib/openssl/x509.rb89
-rw-r--r--ext/openssl/ossl_x509name.c33
-rw-r--r--ext/openssl/ossl_x509store.c40
3 files changed, 154 insertions, 8 deletions
diff --git a/ext/openssl/lib/openssl/x509.rb b/ext/openssl/lib/openssl/x509.rb
index 6dd469827ad..e711bda39ca 100644
--- a/ext/openssl/lib/openssl/x509.rb
+++ b/ext/openssl/lib/openssl/x509.rb
@@ -62,9 +62,92 @@ module OpenSSL
end
class Name
- def self.parse(str, template=OBJECT_TYPE_TEMPLATE)
- ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
- self.new(ary, template)
+ module RFC2253DN
+ Special = ',=+<>#;'
+ HexChar = /[0-9a-fA-F]/
+ HexPair = /#{HexChar}#{HexChar}/
+ HexString = /#{HexPair}+/
+ Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
+ StringChar = /[^#{Special}\\"]/
+ QuoteChar = /[^\\"]/
+ AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
+ AttributeValue = /
+ (?!["#])((?:#{StringChar}|#{Pair})*)|
+ \#(#{HexString})|
+ "((?:#{QuoteChar}|#{Pair})*)"
+ /x
+ TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
+
+ module_function
+
+ def expand_pair(str)
+ return nil unless str
+ return str.gsub(Pair){|pair|
+ case pair.size
+ when 2 then pair[1,1]
+ when 3 then Integer("0x#{pair[1,2]}").chr
+ else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
+ end
+ }
+ end
+
+ def expand_hexstring(str)
+ return nil unless str
+ der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
+ a1 = OpenSSL::ASN1.decode(der)
+ return a1.value, a1.tag
+ end
+
+ def expand_value(str1, str2, str3)
+ value = expand_pair(str1)
+ value, tag = expand_hexstring(str2) unless value
+ value = expand_pair(str3) unless value
+ return value, tag
+ end
+
+ def scan(dn)
+ str = dn
+ ary = []
+ while true
+ if md = TypeAndValue.match(str)
+ matched = md.to_s
+ remain = md.post_match
+ type = md[1]
+ value, tag = expand_value(md[2], md[3], md[4]) rescue nil
+ if value
+ type_and_value = [type, value]
+ type_and_value.push(tag) if tag
+ ary.unshift(type_and_value)
+ if remain.length > 2 && remain[0] == ?,
+ str = remain[1..-1]
+ next
+ elsif remain.length > 2 && remain[0] == ?+
+ raise OpenSSL::X509::NameError,
+ "multi-valued RDN is not supported: #{dn}"
+ elsif remain.empty?
+ break
+ end
+ end
+ end
+ msg_dn = dn[0, dn.length - str.length] + " =>" + str
+ raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
+ end
+ return ary
+ end
+ end
+
+ class <<self
+ def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
+ ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
+ self.new(ary, template)
+ end
+
+ def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
+ ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
+ self.new(ary, template)
+ end
+
+ alias parse parse_openssl
end
end
end
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index fdd94da15ae..be1f1de662f 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -161,7 +161,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
}
static VALUE
-ossl_x509name_to_s(VALUE self)
+ossl_x509name_to_s_old(VALUE self)
{
X509_NAME *name;
char *buf;
@@ -175,6 +175,30 @@ ossl_x509name_to_s(VALUE self)
return str;
}
+static VALUE
+ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
+{
+ X509_NAME *name;
+ VALUE flag, str;
+ BIO *out;
+ unsigned long iflag;
+
+ rb_scan_args(argc, argv, "01", &flag);
+ if (NIL_P(flag))
+ return ossl_x509name_to_s_old(self);
+ else iflag = NUM2ULONG(flag);
+ if (!(out = BIO_new(BIO_s_mem())))
+ rb_raise(eX509NameError, NULL);
+ GetX509Name(self, name);
+ if (!X509_NAME_print_ex(out, name, 0, iflag)){
+ BIO_free(out);
+ rb_raise(eX509NameError, NULL);
+ }
+ str = ossl_membio2str(out);
+
+ return str;
+}
+
static VALUE
ossl_x509name_to_a(VALUE self)
{
@@ -290,7 +314,7 @@ Init_ossl_x509name()
rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
- rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0);
+ rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1);
rb_define_alias(cX509Name, "<=>", "cmp");
@@ -311,4 +335,9 @@ Init_ossl_x509name()
rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
+
+ rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
+ rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
+ rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
+ rb_define_const(cX509Name, "MULTILINE", ULONG2NUM(XN_FLAG_MULTILINE));
}
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 45d4aee6c9c..cf1a2cdac42 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -190,6 +190,13 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
}
static VALUE
+ossl_x509store_set_time(VALUE self, VALUE time)
+{
+ rb_iv_set(self, "@time", time);
+ return time;
+}
+
+static VALUE
ossl_x509store_add_file(VALUE self, VALUE file)
{
X509_STORE *store;
@@ -332,6 +339,11 @@ ossl_x509stctx_alloc(VALUE klass)
return obj;
}
+static VALUE ossl_x509stctx_set_flags(VALUE, VALUE);
+static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE);
+static VALUE ossl_x509stctx_set_trust(VALUE, VALUE);
+static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
+
static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{
@@ -353,10 +365,11 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
}
#else
X509_STORE_CTX_init(ctx, x509st, x509, x509s);
- X509_STORE_CTX_set_flags(ctx, NUM2INT(rb_iv_get(store, "@flags")));
- X509_STORE_CTX_set_purpose(ctx, NUM2INT(rb_iv_get(store, "@purpose")));
- X509_STORE_CTX_set_trust(ctx, NUM2INT(rb_iv_get(store, "@trust")));
+ ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
+ ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
+ ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
#endif
+ ossl_x509stctx_set_time(self, rb_iv_get(store, "@time"));
rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
rb_iv_set(self, "@cert", cert);
@@ -518,6 +531,25 @@ ossl_x509stctx_set_trust(VALUE self, VALUE trust)
return trust;
}
+static VALUE
+ossl_x509stctx_set_time(VALUE self, VALUE time)
+{
+ X509_STORE_CTX *store;
+
+ if(NIL_P(time)) {
+ GetX509StCtx(self, store);
+ store->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
+ }
+ else {
+ long t = NUM2LONG(rb_Integer(time));
+
+ GetX509StCtx(self, store);
+ X509_STORE_CTX_set_time(store, 0, t);
+ }
+
+ return time;
+}
+
/*
* INIT
*/
@@ -539,6 +571,7 @@ Init_ossl_x509store()
rb_define_method(cX509Store, "flags=", ossl_x509store_set_flags, 1);
rb_define_method(cX509Store, "purpose=", ossl_x509store_set_purpose, 1);
rb_define_method(cX509Store, "trust=", ossl_x509store_set_trust, 1);
+ rb_define_method(cX509Store, "time=", ossl_x509store_set_time, 1);
rb_define_method(cX509Store, "add_path", ossl_x509store_add_path, 1);
rb_define_method(cX509Store, "add_file", ossl_x509store_add_file, 1);
rb_define_method(cX509Store, "add_cert", ossl_x509store_add_cert, 1);
@@ -561,5 +594,6 @@ Init_ossl_x509store()
rb_define_method(x509stctx,"flags=", ossl_x509stctx_set_flags, 1);
rb_define_method(x509stctx,"purpose=", ossl_x509stctx_set_purpose, 1);
rb_define_method(x509stctx,"trust=", ossl_x509stctx_set_trust, 1);
+ rb_define_method(x509stctx,"time=", ossl_x509stctx_set_time, 1);
}