diff options
Diffstat (limited to 'ruby_1_8_6/ext/openssl/lib')
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/net/ftptls.rb | 53 | ||||
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/net/telnets.rb | 251 | ||||
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/openssl.rb | 24 | ||||
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/openssl/bn.rb | 35 | ||||
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/openssl/buffering.rb | 239 | ||||
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/openssl/cipher.rb | 58 | ||||
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/openssl/digest.rb | 49 | ||||
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/openssl/ssl.rb | 135 | ||||
| -rw-r--r-- | ruby_1_8_6/ext/openssl/lib/openssl/x509.rb | 154 |
9 files changed, 0 insertions, 998 deletions
diff --git a/ruby_1_8_6/ext/openssl/lib/net/ftptls.rb b/ruby_1_8_6/ext/openssl/lib/net/ftptls.rb deleted file mode 100644 index a21c1f6c3c..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/net/ftptls.rb +++ /dev/null @@ -1,53 +0,0 @@ -=begin -= $RCSfile$ -- SSL/TLS enhancement for Net::HTTP. - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2003 Blaz Grilc <farmer@gmx.co.uk> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Requirements - -= Version - $Id$ - -= Notes - Tested on FreeBSD 5-CURRENT and 4-STABLE - - ruby 1.6.8 (2003-01-17) [i386-freebsd5] - - OpenSSL 0.9.7a Feb 19 2003 - - ruby-openssl-0.2.0.p0 - tested on ftp server: glftpd 1.30 -=end - -require 'socket' -require 'openssl' -require 'net/ftp' - -module Net - class FTPTLS < FTP - def connect(host, port=FTP_PORT) - @hostname = host - super - end - - def login(user = "anonymous", passwd = nil, acct = nil) - store = OpenSSL::X509::Store.new - store.set_default_paths - ctx = OpenSSL::SSL::SSLContext.new('SSLv23') - ctx.cert_store = store - ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER - ctx.key = nil - ctx.cert = nil - voidcmd("AUTH TLS") - @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx) - @sock.connect - @sock.post_connection_check(@hostname) - super(user, passwd, acct) - voidcmd("PBSZ 0") - end - end -end diff --git a/ruby_1_8_6/ext/openssl/lib/net/telnets.rb b/ruby_1_8_6/ext/openssl/lib/net/telnets.rb deleted file mode 100644 index 2b69280432..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/net/telnets.rb +++ /dev/null @@ -1,251 +0,0 @@ -=begin -= $RCSfile$ -- SSL/TLS enhancement for Net::Telnet. - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ - - 2001/11/06: Contiributed to Ruby/OpenSSL project. - -== class Net::Telnet - -This class will initiate SSL/TLS session automaticaly if the server -sent OPT_STARTTLS. Some options are added for SSL/TLS. - - host = Net::Telnet::new({ - "Host" => "localhost", - "Port" => "telnets", - ## follows are new options. - 'CertFile' => "user.crt", - 'KeyFile' => "user.key", - 'CAFile' => "/some/where/certs/casert.pem", - 'CAPath' => "/some/where/caserts", - 'VerifyMode' => SSL::VERIFY_PEER, - 'VerifyCallback' => verify_proc - }) - -Or, the new options ('Cert', 'Key' and 'CACert') are available from -Michal Rokos's OpenSSL module. - - cert_data = File.open("user.crt"){|io| io.read } - pkey_data = File.open("user.key"){|io| io.read } - cacert_data = File.open("your_ca.pem"){|io| io.read } - host = Net::Telnet::new({ - "Host" => "localhost", - "Port" => "telnets", - 'Cert' => OpenSSL::X509::Certificate.new(cert_data) - 'Key' => OpenSSL::PKey::RSA.new(pkey_data) - 'CACert' => OpenSSL::X509::Certificate.new(cacert_data) - 'CAFile' => "/some/where/certs/casert.pem", - 'CAPath' => "/some/where/caserts", - 'VerifyMode' => SSL::VERIFY_PEER, - 'VerifyCallback' => verify_proc - }) - -This class is expected to be a superset of usual Net::Telnet. -=end - -require "net/telnet" -require "openssl" - -module Net - class Telnet - attr_reader :ssl - - OPT_STARTTLS = 46.chr # "\056" # "\x2e" # Start TLS - TLS_FOLLOWS = 1.chr # "\001" # "\x01" # FOLLOWS (for STARTTLS) - - alias preprocess_orig preprocess - - def ssl?; @ssl; end - - def preprocess(string) - # combine CR+NULL into CR - string = string.gsub(/#{CR}#{NULL}/no, CR) if @options["Telnetmode"] - - # combine EOL into "\n" - string = string.gsub(/#{EOL}/no, "\n") unless @options["Binmode"] - - string.gsub(/#{IAC}( - [#{IAC}#{AO}#{AYT}#{DM}#{IP}#{NOP}]| - [#{DO}#{DONT}#{WILL}#{WONT}][#{OPT_BINARY}-#{OPT_EXOPL}]| - #{SB}[#{OPT_BINARY}-#{OPT_EXOPL}] - (#{IAC}#{IAC}|[^#{IAC}])+#{IAC}#{SE} - )/xno) do - if IAC == $1 # handle escaped IAC characters - IAC - elsif AYT == $1 # respond to "IAC AYT" (are you there) - self.write("nobody here but us pigeons" + EOL) - '' - elsif DO[0] == $1[0] # respond to "IAC DO x" - if OPT_BINARY[0] == $1[1] - @telnet_option["BINARY"] = true - self.write(IAC + WILL + OPT_BINARY) - elsif OPT_STARTTLS[0] == $1[1] - self.write(IAC + WILL + OPT_STARTTLS) - self.write(IAC + SB + OPT_STARTTLS + TLS_FOLLOWS + IAC + SE) - else - self.write(IAC + WONT + $1[1..1]) - end - '' - elsif DONT[0] == $1[0] # respond to "IAC DON'T x" with "IAC WON'T x" - self.write(IAC + WONT + $1[1..1]) - '' - elsif WILL[0] == $1[0] # respond to "IAC WILL x" - if OPT_BINARY[0] == $1[1] - self.write(IAC + DO + OPT_BINARY) - elsif OPT_ECHO[0] == $1[1] - self.write(IAC + DO + OPT_ECHO) - elsif OPT_SGA[0] == $1[1] - @telnet_option["SGA"] = true - self.write(IAC + DO + OPT_SGA) - else - self.write(IAC + DONT + $1[1..1]) - end - '' - elsif WONT[0] == $1[0] # respond to "IAC WON'T x" - if OPT_ECHO[0] == $1[1] - self.write(IAC + DONT + OPT_ECHO) - elsif OPT_SGA[0] == $1[1] - @telnet_option["SGA"] = false - self.write(IAC + DONT + OPT_SGA) - else - self.write(IAC + DONT + $1[1..1]) - end - '' - elsif SB[0] == $1[0] # respond to "IAC SB xxx IAC SE" - if OPT_STARTTLS[0] == $1[1] && TLS_FOLLOWS[0] == $2[0] - @sock = OpenSSL::SSL::SSLSocket.new(@sock) - @sock.cert = @options['Cert'] unless @sock.cert - @sock.key = @options['Key'] unless @sock.key - @sock.ca_cert = @options['CACert'] - @sock.ca_file = @options['CAFile'] - @sock.ca_path = @options['CAPath'] - @sock.timeout = @options['Timeout'] - @sock.verify_mode = @options['VerifyMode'] - @sock.verify_callback = @options['VerifyCallback'] - @sock.verify_depth = @options['VerifyDepth'] - @sock.connect - if @options['VerifyMode'] != OpenSSL::SSL::VERIFY_NONE - @sock.post_connection_check(@options['Host']) - end - @ssl = true - end - '' - else - '' - end - end - end # preprocess - - alias waitfor_org waitfor - - def waitfor(options) - time_out = @options["Timeout"] - waittime = @options["Waittime"] - - if options.kind_of?(Hash) - prompt = if options.has_key?("Match") - options["Match"] - elsif options.has_key?("Prompt") - options["Prompt"] - elsif options.has_key?("String") - Regexp.new( Regexp.quote(options["String"]) ) - end - time_out = options["Timeout"] if options.has_key?("Timeout") - waittime = options["Waittime"] if options.has_key?("Waittime") - else - prompt = options - end - - if time_out == false - time_out = nil - end - - line = '' - buf = '' - @rest = '' unless @rest - - until(prompt === line and not IO::select([@sock], nil, nil, waittime)) - unless IO::select([@sock], nil, nil, time_out) - raise TimeoutError, "timed-out; wait for the next data" - end - begin - c = @rest + @sock.sysread(1024 * 1024) - @dumplog.log_dump('<', c) if @options.has_key?("Dump_log") - if @options["Telnetmode"] - pos = 0 - catch(:next){ - while true - case c[pos] - when IAC[0] - case c[pos+1] - when DO[0], DONT[0], WILL[0], WONT[0] - throw :next unless c[pos+2] - pos += 3 - when SB[0] - ret = detect_sub_negotiation(c, pos) - throw :next unless ret - pos = ret - when nil - throw :next - else - pos += 2 - end - when nil - throw :next - else - pos += 1 - end - end - } - - buf = preprocess(c[0...pos]) - @rest = c[pos..-1] - end - @log.print(buf) if @options.has_key?("Output_log") - line.concat(buf) - yield buf if block_given? - rescue EOFError # End of file reached - if line == '' - line = nil - yield nil if block_given? - end - break - end - end - line - end - - private - - def detect_sub_negotiation(data, pos) - return nil if data.length < pos+6 # IAC SB x param IAC SE - pos += 3 - while true - case data[pos] - when IAC[0] - if data[pos+1] == SE[0] - pos += 2 - return pos - else - pos += 2 - end - when nil - return nil - else - pos += 1 - end - end - end - - end -end diff --git a/ruby_1_8_6/ext/openssl/lib/openssl.rb b/ruby_1_8_6/ext/openssl/lib/openssl.rb deleted file mode 100644 index 24a9eed136..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/openssl.rb +++ /dev/null @@ -1,24 +0,0 @@ -=begin -= $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -require 'openssl.so' - -require 'openssl/bn' -require 'openssl/cipher' -require 'openssl/digest' -require 'openssl/ssl' -require 'openssl/x509' - diff --git a/ruby_1_8_6/ext/openssl/lib/openssl/bn.rb b/ruby_1_8_6/ext/openssl/lib/openssl/bn.rb deleted file mode 100644 index e7cbf2cfaf..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/openssl/bn.rb +++ /dev/null @@ -1,35 +0,0 @@ -=begin -= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for BN - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -## -# Should we care what if somebody require this file directly? -#require 'openssl' - -module OpenSSL - class BN - include Comparable - end # BN -end # OpenSSL - -## -# Add double dispatch to Integer -# -class Integer - def to_bn - OpenSSL::BN::new(self) - end -end # Integer - diff --git a/ruby_1_8_6/ext/openssl/lib/openssl/buffering.rb b/ruby_1_8_6/ext/openssl/lib/openssl/buffering.rb deleted file mode 100644 index 761a017487..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/openssl/buffering.rb +++ /dev/null @@ -1,239 +0,0 @@ -=begin -= $RCSfile$ -- Buffering mix-in module. - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -module Buffering - include Enumerable - attr_accessor :sync - BLOCK_SIZE = 1024*16 - - def initialize(*args) - @eof = false - @rbuffer = "" - @sync = @io.sync - end - - # - # for reading. - # - private - - def fill_rbuff - begin - @rbuffer << self.sysread(BLOCK_SIZE) - rescue Errno::EAGAIN - retry - rescue EOFError - @eof = true - end - end - - def consume_rbuff(size=nil) - if @rbuffer.empty? - nil - else - size = @rbuffer.size unless size - ret = @rbuffer[0, size] - @rbuffer[0, size] = "" - ret - end - end - - public - - def read(size=nil, buf=nil) - if size == 0 - if buf - buf.clear - else - buf = "" - end - return @eof ? nil : buf - end - until @eof - break if size && size <= @rbuffer.size - fill_rbuff - end - ret = consume_rbuff(size) || "" - if buf - buf.replace(ret) - ret = buf - end - (size && ret.empty?) ? nil : ret - end - - def readpartial(maxlen, buf=nil) - if maxlen == 0 - if buf - buf.clear - else - buf = "" - end - return @eof ? nil : buf - end - if @rbuffer.empty? - begin - return sysread(maxlen, buf) - rescue Errno::EAGAIN - retry - end - end - ret = consume_rbuff(maxlen) - if buf - buf.replace(ret) - ret = buf - end - raise EOFError if ret.empty? - ret - end - - def gets(eol=$/) - idx = @rbuffer.index(eol) - until @eof - break if idx - fill_rbuff - idx = @rbuffer.index(eol) - end - if eol.is_a?(Regexp) - size = idx ? idx+$&.size : nil - else - size = idx ? idx+eol.size : nil - end - consume_rbuff(size) - end - - def each(eol=$/) - while line = self.gets(eol) - yield line - end - end - alias each_line each - - def readlines(eol=$/) - ary = [] - while line = self.gets(eol) - ary << line - end - ary - end - - def readline(eol=$/) - raise EOFError if eof? - gets(eol) - end - - def getc - c = read(1) - c ? c[0] : nil - end - - def each_byte - while c = getc - yield(c) - end - end - - def readchar - raise EOFError if eof? - getc - end - - def ungetc(c) - @rbuffer[0,0] = c.chr - end - - def eof? - fill_rbuff if !@eof && @rbuffer.empty? - @eof && @rbuffer.empty? - end - alias eof eof? - - # - # for writing. - # - private - - def do_write(s) - @wbuffer = "" unless defined? @wbuffer - @wbuffer << s - @sync ||= false - if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/) - remain = idx ? idx + $/.size : @wbuffer.length - nwritten = 0 - while remain > 0 - str = @wbuffer[nwritten,remain] - begin - nwrote = syswrite(str) - rescue Errno::EAGAIN - retry - end - remain -= nwrote - nwritten += nwrote - end - @wbuffer[0,nwritten] = "" - end - end - - public - - def write(s) - do_write(s) - s.length - end - - def << (s) - do_write(s) - self - end - - def puts(*args) - s = "" - if args.empty? - s << "\n" - end - args.each{|arg| - s << arg.to_s - if $/ && /\n\z/ !~ s - s << "\n" - end - } - do_write(s) - nil - end - - def print(*args) - s = "" - args.each{ |arg| s << arg.to_s } - do_write(s) - nil - end - - def printf(s, *args) - do_write(s % args) - nil - end - - def flush - osync = @sync - @sync = true - do_write "" - @sync = osync - end - - def close - flush rescue nil - sysclose - end -end diff --git a/ruby_1_8_6/ext/openssl/lib/openssl/cipher.rb b/ruby_1_8_6/ext/openssl/lib/openssl/cipher.rb deleted file mode 100644 index 049533d06b..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/openssl/cipher.rb +++ /dev/null @@ -1,58 +0,0 @@ -=begin -= $RCSfile$ -- Ruby-space predefined Cipher subclasses - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -## -# Should we care what if somebody require this file directly? -#require 'openssl' - -module OpenSSL - module Cipher - %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name| - klass = Class.new(Cipher){ - define_method(:initialize){|*args| - cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" } - super(cipher_name) - } - } - const_set(name, klass) - } - - %w(128 192 256).each{|keylen| - klass = Class.new(Cipher){ - define_method(:initialize){|mode| - mode ||= "CBC" - cipher_name = "AES-#{keylen}-#{mode}" - super(cipher_name) - } - } - const_set("AES#{keylen}", klass) - } - - class Cipher - def random_key - str = OpenSSL::Random.random_bytes(self.key_len) - self.key = str - return str - end - - def random_iv - str = OpenSSL::Random.random_bytes(self.iv_len) - self.iv = str - return str - end - end - end # Cipher -end # OpenSSL diff --git a/ruby_1_8_6/ext/openssl/lib/openssl/digest.rb b/ruby_1_8_6/ext/openssl/lib/openssl/digest.rb deleted file mode 100644 index b3e4484805..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/openssl/digest.rb +++ /dev/null @@ -1,49 +0,0 @@ -=begin -= $RCSfile$ -- Ruby-space predefined Digest subclasses - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -## -# Should we care what if somebody require this file directly? -#require 'openssl' - -module OpenSSL - module Digest - - alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1) - if OPENSSL_VERSION_NUMBER > 0x00908000 - alg += %w(SHA224 SHA256 SHA384 SHA512) - end - - alg.each{|name| - klass = Class.new(Digest){ - define_method(:initialize){|*data| - if data.length > 1 - raise ArgumentError, - "wrong number of arguments (#{data.length} for 1)" - end - super(name, data.first) - } - } - singleton = (class <<klass; self; end) - singleton.class_eval{ - define_method(:digest){|data| Digest.digest(name, data) } - define_method(:hexdigest){|data| Digest.hexdigest(name, data) } - } - const_set(name, klass) - } - - end # Digest -end # OpenSSL - diff --git a/ruby_1_8_6/ext/openssl/lib/openssl/ssl.rb b/ruby_1_8_6/ext/openssl/lib/openssl/ssl.rb deleted file mode 100644 index 9e9a9448ba..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/openssl/ssl.rb +++ /dev/null @@ -1,135 +0,0 @@ -=begin -= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -require "openssl" -require "openssl/buffering" -require "fcntl" - -module OpenSSL - module SSL - module SocketForwarder - def addr - to_io.addr - end - - def peeraddr - to_io.peeraddr - end - - def setsockopt(level, optname, optval) - to_io.setsockopt(level, optname, optval) - end - - def getsockopt(level, optname) - to_io.getsockopt(level, optname) - end - - def fcntl(*args) - to_io.fcntl(*args) - end - - def closed? - to_io.closed? - end - - def do_not_reverse_lookup=(flag) - to_io.do_not_reverse_lookup = flag - end - end - - module Nonblock - def initialize(*args) - flag = File::NONBLOCK - flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL) - @io.fcntl(Fcntl::F_SETFL, flag) - super - end - end - - class SSLSocket - include Buffering - include SocketForwarder - include Nonblock - - def post_connection_check(hostname) - check_common_name = true - cert = peer_cert - cert.extensions.each{|ext| - next if ext.oid != "subjectAltName" - ext.value.split(/,\s+/).each{|general_name| - if /\ADNS:(.*)/ =~ general_name - check_common_name = false - reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") - return true if /\A#{reg}\z/i =~ hostname - elsif /\AIP Address:(.*)/ =~ general_name - check_common_name = false - return true if $1 == hostname - end - } - } - if check_common_name - cert.subject.to_a.each{|oid, value| - if oid == "CN" - reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") - return true if /\A#{reg}\z/i =~ hostname - end - } - end - raise SSLError, "hostname was not match with the server certificate" - end - end - - class SSLServer - include SocketForwarder - attr_accessor :start_immediately - - def initialize(svr, ctx) - @svr = svr - @ctx = ctx - unless ctx.session_id_context - session_id = OpenSSL::Digest::MD5.hexdigest($0) - @ctx.session_id_context = session_id - end - @start_immediately = true - end - - def to_io - @svr - end - - def listen(backlog=5) - @svr.listen(backlog) - end - - def accept - sock = @svr.accept - begin - ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) - ssl.sync_close = true - ssl.accept if @start_immediately - ssl - rescue SSLError => ex - sock.close - raise ex - end - end - - def close - @svr.close - end - end - end -end diff --git a/ruby_1_8_6/ext/openssl/lib/openssl/x509.rb b/ruby_1_8_6/ext/openssl/lib/openssl/x509.rb deleted file mode 100644 index e711bda39c..0000000000 --- a/ruby_1_8_6/ext/openssl/lib/openssl/x509.rb +++ /dev/null @@ -1,154 +0,0 @@ -=begin -= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -require "openssl" - -module OpenSSL - module X509 - class ExtensionFactory - def create_extension(*arg) - if arg.size > 1 - create_ext(*arg) - else - send("create_ext_from_"+arg[0].class.name.downcase, arg[0]) - end - end - - def create_ext_from_array(ary) - raise ExtensionError, "unexpected array form" if ary.size > 3 - create_ext(ary[0], ary[1], ary[2]) - end - - def create_ext_from_string(str) # "oid = critical, value" - oid, value = str.split(/=/, 2) - oid.strip! - value.strip! - create_ext(oid, value) - end - - def create_ext_from_hash(hash) - create_ext(hash["oid"], hash["value"], hash["critical"]) - end - end - - class Extension - def to_s # "oid = critical, value" - str = self.oid - str << " = " - str << "critical, " if self.critical? - str << self.value.gsub(/\n/, ", ") - end - - def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} - {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?} - end - - def to_a - [ self.oid, self.value, self.critical? ] - end - end - - class Name - module RFC2253DN - Special = ',=+<>#;' - HexChar = /[0-9a-fA-F]/ - HexPair = /#{HexChar}#{HexChar}/ - HexString = /#{HexPair}+/ - Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/ - StringChar = /[^#{Special}\\"]/ - QuoteChar = /[^\\"]/ - AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/ - AttributeValue = / - (?!["#])((?:#{StringChar}|#{Pair})*)| - \#(#{HexString})| - "((?:#{QuoteChar}|#{Pair})*)" - /x - TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/ - - module_function - - def expand_pair(str) - return nil unless str - return str.gsub(Pair){|pair| - case pair.size - when 2 then pair[1,1] - when 3 then Integer("0x#{pair[1,2]}").chr - else raise OpenSSL::X509::NameError, "invalid pair: #{str}" - end - } - end - - def expand_hexstring(str) - return nil unless str - der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr } - a1 = OpenSSL::ASN1.decode(der) - return a1.value, a1.tag - end - - def expand_value(str1, str2, str3) - value = expand_pair(str1) - value, tag = expand_hexstring(str2) unless value - value = expand_pair(str3) unless value - return value, tag - end - - def scan(dn) - str = dn - ary = [] - while true - if md = TypeAndValue.match(str) - matched = md.to_s - remain = md.post_match - type = md[1] - value, tag = expand_value(md[2], md[3], md[4]) rescue nil - if value - type_and_value = [type, value] - type_and_value.push(tag) if tag - ary.unshift(type_and_value) - if remain.length > 2 && remain[0] == ?, - str = remain[1..-1] - next - elsif remain.length > 2 && remain[0] == ?+ - raise OpenSSL::X509::NameError, - "multi-valued RDN is not supported: #{dn}" - elsif remain.empty? - break - end - end - end - msg_dn = dn[0, dn.length - str.length] + " =>" + str - raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}" - end - return ary - end - end - - class <<self - def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE) - ary = OpenSSL::X509::Name::RFC2253DN.scan(str) - self.new(ary, template) - end - - def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE) - ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) } - self.new(ary, template) - end - - alias parse parse_openssl - end - end - end -end |