10 files changed, 95 insertions, 100 deletions

diff --git a/sample/openssl/c_rehash.rb b/sample/openssl/c_rehash.rb
index afbb654517..8b005bbb84 100644
--- a/sample/openssl/c_rehash.rb
+++ b/sample/openssl/c_rehash.rb
@@ -1,7 +1,6 @@
 #!/usr/bin/env ruby
 
 require 'openssl'
-require 'digest/md5'
 
 class CHashDir
   include Enumerable
@@ -54,13 +53,13 @@ class CHashDir
       OpenSSL::X509::Certificate.new(str)
     rescue
       begin
-	OpenSSL::X509::CRL.new(str)
+        OpenSSL::X509::CRL.new(str)
       rescue
-	begin
-	  OpenSSL::X509::Request.new(str)
-	rescue
-	  nil
-	end
+        begin
+          OpenSSL::X509::Request.new(str)
+        rescue
+          nil
+        end
       end
     end
   end
@@ -75,15 +74,15 @@ private
     Dir.chdir(@dirpath) do
       delete_symlink
       Dir.glob('*.pem') do |pemfile|
-	cert = load_pem_file(pemfile)
-	case cert
-	when OpenSSL::X509::Certificate
-	  link_hash_cert(pemfile, cert)
-	when OpenSSL::X509::CRL
-	  link_hash_crl(pemfile, cert)
-	else
-	  STDERR.puts("WARNING: #{pemfile} does not contain a certificate or CRL: skipping") unless @silent
-	end
+        cert = load_pem_file(pemfile)
+        case cert
+        when OpenSSL::X509::Certificate
+          link_hash_cert(pemfile, cert)
+        when OpenSSL::X509::CRL
+          link_hash_crl(pemfile, cert)
+        else
+          STDERR.puts("WARNING: #{pemfile} does not contain a certificate or CRL: skipping") unless @silent
+        end
       end
     end
   end
@@ -103,7 +102,7 @@ private
     }
     unless filepath
       unless @silent
-	STDERR.puts("WARNING: Skipping duplicate certificate #{org_filename}")
+        STDERR.puts("WARNING: Skipping duplicate certificate #{org_filename}")
       end
     else
       (@cert_cache[name_hash] ||= []) << path(filepath)
@@ -118,7 +117,7 @@ private
     }
     unless filepath
       unless @silent
-	STDERR.puts("WARNING: Skipping duplicate CRL #{org_filename}")
+        STDERR.puts("WARNING: Skipping duplicate CRL #{org_filename}")
       end
     else
       (@crl_cache[name_hash] ||= []) << path(filepath)
@@ -132,7 +131,7 @@ private
       filepath = yield(idx)
       break unless FileTest.symlink?(filepath) or FileTest.exist?(filepath)
       if @fingerprint_cache[filepath] == fingerprint
-	return false
+        return false
       end
       idx += 1
     end
@@ -147,7 +146,7 @@ private
       File.symlink(from, to)
     rescue
       File.open(to, "w") do |f|
-	f << File.read(from)
+        f << File.read(from)
       end
     end
   end
@@ -157,11 +156,11 @@ private
   end
 
   def hash_name(name)
-    sprintf("%x", name.hash)
+    sprintf("%08x", name.hash)
   end
 
   def fingerprint(der)
-    Digest::MD5.hexdigest(der).upcase
+    OpenSSL::Digest.hexdigest('MD5', der).upcase
   end
 end
 
diff --git a/sample/openssl/cert2text.rb b/sample/openssl/cert2text.rb
index 50da224e76..fe14e51d3a 100644
--- a/sample/openssl/cert2text.rb
+++ b/sample/openssl/cert2text.rb
@@ -1,10 +1,13 @@
 #!/usr/bin/env ruby
 
 require 'openssl'
-include OpenSSL::X509
 
 def cert2text(cert_str)
-  [Certificate, CRL, Request].each do |klass|
+  [
+    OpenSSL::X509::Certificate,
+    OpenSSL::X509::CRL,
+    OpenSSL::X509::Request,
+  ].each do |klass|
     begin
       puts klass.new(cert_str).to_text
       return
diff --git a/sample/openssl/certstore.rb b/sample/openssl/certstore.rb
index c0bc21bcbb..72e59f6dad 100644
--- a/sample/openssl/certstore.rb
+++ b/sample/openssl/certstore.rb
@@ -3,9 +3,6 @@ require 'crlstore'
 
 
 class CertStore
-  include OpenSSL
-  include X509
-
   attr_reader :self_signed_ca
   attr_reader :other_ca
   attr_reader :ee
@@ -17,11 +14,11 @@ class CertStore
     @c_store = CHashDir.new(@certs_dir)
     @c_store.hash_dir(true)
     @crl_store = CrlStore.new(@c_store)
-    @x509store = Store.new
+    @x509store = OpenSSL::X509::Store.new
     @self_signed_ca = @other_ca = @ee = @crl = nil
 
     # Uncomment this line to let OpenSSL to check CRL for each certs.
-    # @x509store.flags = V_FLAG_CRL_CHECK | V_FLAG_CRL_CHECK_ALL
+    # @x509store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
 
     add_path
     scan_certs
@@ -76,27 +73,27 @@ private
     result = @x509store.verify(cert) do |ok, ctx|
       cert = ctx.current_cert
       if ctx.current_crl
-	crl_map[cert.subject] = true
+        crl_map[cert.subject] = true
       end
       if ok
-	if !ctx.current_crl
-	  if crl = @crl_store.find_crl(cert)
-	    crl_map[cert.subject] = true
-	    if crl.revoked.find { |revoked| revoked.serial == cert.serial }
-	      ok = false
-	      error_string = 'certification revoked'
-	    end
-	  end
-	end
+        if !ctx.current_crl
+          if crl = @crl_store.find_crl(cert)
+            crl_map[cert.subject] = true
+            if crl.revoked.find { |revoked| revoked.serial == cert.serial }
+              ok = false
+              error_string = 'certification revoked'
+            end
+          end
+        end
       end
       error_map[cert.subject] = error_string if error_string
       ok
     end
     error = if result
-	nil
-      else
-	error_map[cert.subject] || @x509store.error_string
-      end
+      nil
+    else
+      error_map[cert.subject] || @x509store.error_string
+    end
     return error, crl_map
   end
 
@@ -105,13 +102,13 @@ private
       cert = generate_cert(certfile)
       case guess_cert_type(cert)
       when CERT_TYPE_SELF_SIGNED
-	@self_signed_ca << cert
+        @self_signed_ca << cert
       when CERT_TYPE_OTHER
-	@other_ca << cert
+        @other_ca << cert
       when CERT_TYPE_EE
-	@ee << cert
+        @ee << cert
       else
-	raise "Unknown cert type."
+        raise "Unknown cert type."
       end
     end
     @c_store.get_crls.each do |crlfile|
@@ -128,21 +125,21 @@ private
       # Ignores criticality of extensions.  It's 'guess'ing.
       case ext.oid
       when 'basicConstraints'
-	/CA:(TRUE|FALSE), pathlen:(\d+)/ =~ ext.value
-	ca = ($1 == 'TRUE') unless ca
+        /CA:(TRUE|FALSE), pathlen:(\d+)/ =~ ext.value
+        ca = ($1 == 'TRUE') unless ca
       when 'keyUsage'
-	usage = ext.value.split(/\s*,\s*/)
-	ca = usage.include?('Certificate Sign') unless ca
+        usage = ext.value.split(/\s*,\s*/)
+        ca = usage.include?('Certificate Sign') unless ca
       when 'nsCertType'
-	usage = ext.value.split(/\s*,\s*/)
-	ca = usage.include?('SSL CA') unless ca
+        usage = ext.value.split(/\s*,\s*/)
+        ca = usage.include?('SSL CA') unless ca
       end
     end
     if ca
       if self_signed
-	CERT_TYPE_SELF_SIGNED
+        CERT_TYPE_SELF_SIGNED
       else
-	CERT_TYPE_OTHER
+        CERT_TYPE_OTHER
       end
     else
       CERT_TYPE_EE
diff --git a/sample/openssl/cipher.rb b/sample/openssl/cipher.rb
index 58b10d6046..a33dc3e95c 100644
--- a/sample/openssl/cipher.rb
+++ b/sample/openssl/cipher.rb
@@ -10,7 +10,7 @@ def crypt_by_password(alg, pass, salt, text)
   puts
 
   puts "--Encrypting--"
-  enc = OpenSSL::Cipher::Cipher.new(alg)
+  enc = OpenSSL::Cipher.new(alg)
   enc.encrypt
   enc.pkcs5_keyivgen(pass, salt)
   cipher =  enc.update(text)
@@ -19,7 +19,7 @@ def crypt_by_password(alg, pass, salt, text)
   puts
 
   puts "--Decrypting--"
-  dec = OpenSSL::Cipher::Cipher.new(alg)
+  dec = OpenSSL::Cipher.new(alg)
   dec.decrypt
   dec.pkcs5_keyivgen(pass, salt)
   plain =  dec.update(cipher)
diff --git a/sample/openssl/crlstore.rb b/sample/openssl/crlstore.rb
index b305913eb0..e3a592567c 100644
--- a/sample/openssl/crlstore.rb
+++ b/sample/openssl/crlstore.rb
@@ -24,22 +24,22 @@ private
     end
     unless crlfiles = @c_store.get_crls(ca.subject)
       if crl = renew_crl(cert, ca)
-	@c_store.add_crl(crl)
-	return crl
+        @c_store.add_crl(crl)
+        return crl
       end
       return nil
     end
     crlfiles.each do |crlfile|
       next unless crl = load_crl(crlfile)
       if crl.next_update < Time.now
-	if new_crl = renew_crl(cert, ca)
-	  @c_store.delete_crl(crl)
-	  @c_store.add_crl(new_crl)
-	  crl = new_crl
-	end
+        if new_crl = renew_crl(cert, ca)
+          @c_store.delete_crl(crl)
+          @c_store.add_crl(new_crl)
+          crl = new_crl
+        end
       end
       if check_valid(crl, ca)
-	return crl
+        return crl
       end
     end
     nil
@@ -49,7 +49,7 @@ private
     @c_store.get_certs(cert.issuer).each do |cafile|
       ca = load_cert(cafile)
       if cert.verify(ca.public_key)
-	return ca
+        return ca
       end
     end
     nil
@@ -58,10 +58,10 @@ private
   def fetch(location)
     if /\AURI:(.*)\z/ =~ location
       begin
-	c = HTTPAccess2::Client.new(ENV['http_proxy'] || ENV['HTTP_PROXY'])
-	c.get_content($1)
+        c = HTTPAccess2::Client.new(ENV['http_proxy'] || ENV['HTTP_PROXY'])
+        c.get_content($1)
       rescue NameError, StandardError
-	nil
+        nil
       end
     else
       nil
@@ -103,10 +103,10 @@ private
   def renew_crl(cert, ca)
     if cdp = get_cdp(cert)
       if new_crl_str = fetch(cdp)
-	new_crl = load_crl_str(new_crl_str)
-	if check_valid(new_crl, ca)
-	  return new_crl
-	end
+        new_crl = load_crl_str(new_crl_str)
+        if check_valid(new_crl, ca)
+          return new_crl
+        end
       end
     end
     false
diff --git a/sample/openssl/echo_cli.rb b/sample/openssl/echo_cli.rb
index 069a21ec94..3fbadf3361 100644
--- a/sample/openssl/echo_cli.rb
+++ b/sample/openssl/echo_cli.rb
@@ -15,7 +15,7 @@ ca_path   = options["C"]
 ctx = OpenSSL::SSL::SSLContext.new()
 if cert_file && key_file
   ctx.cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
-  ctx.key  = OpenSSL::PKey::RSA.new(File::read(key_file))
+  ctx.key  = OpenSSL::PKey.read(File::read(key_file))
 end
 if ca_path
   ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
diff --git a/sample/openssl/echo_svr.rb b/sample/openssl/echo_svr.rb
index 719de6be84..f20fb52bf5 100644
--- a/sample/openssl/echo_svr.rb
+++ b/sample/openssl/echo_svr.rb
@@ -13,9 +13,9 @@ ca_path   = options["C"]
 
 if cert_file && key_file
   cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
-  key  = OpenSSL::PKey::RSA.new(File::read(key_file))
+  key  = OpenSSL::PKey.read(File::read(key_file))
 else
-  key = OpenSSL::PKey::RSA.new(512){ print "." }
+  key = OpenSSL::PKey::RSA.new(2048){ print "." }
   puts
   cert = OpenSSL::X509::Certificate.new
   cert.version = 2
@@ -25,7 +25,7 @@ else
   cert.issuer = name
   cert.not_before = Time.now
   cert.not_after = Time.now + 3600
-  cert.public_key = key.public_key
+  cert.public_key = key
   ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
   cert.extensions = [
     ef.create_extension("basicConstraints","CA:FALSE"),
@@ -37,7 +37,7 @@ else
   ef.issuer_certificate = cert
   cert.add_extension ef.create_extension("authorityKeyIdentifier",
                                          "keyid:always,issuer:always")
-  cert.sign(key, OpenSSL::Digest::SHA1.new)
+  cert.sign(key, "SHA1")
 end
 
 ctx = OpenSSL::SSL::SSLContext.new()
diff --git a/sample/openssl/gen_csr.rb b/sample/openssl/gen_csr.rb
index 4228707fdb..34b23fec1c 100644
--- a/sample/openssl/gen_csr.rb
+++ b/sample/openssl/gen_csr.rb
@@ -3,8 +3,6 @@
 require 'optparse'
 require 'openssl'
 
-include OpenSSL
-
 def usage
   myname = File::basename($0)
   $stderr.puts <<EOS
@@ -21,13 +19,13 @@ keyout = options["keyout"] || "keypair.pem"
 
 $stdout.sync = true
 name_str = ARGV.shift or usage()
-name = X509::Name.parse(name_str)
+name = OpenSSL::X509::Name.parse(name_str)
 
 keypair = nil
 if keypair_file
-  keypair = PKey::RSA.new(File.open(keypair_file).read)
+  keypair = OpenSSL::PKey.read(File.read(keypair_file))
 else
-  keypair = PKey::RSA.new(1024) { putc "." }
+  keypair = OpenSSL::PKey::RSA.new(2048) { putc "." }
   puts
   puts "Writing #{keyout}..."
   File.open(keyout, "w", 0400) do |f|
@@ -37,11 +35,11 @@ end
 
 puts "Generating CSR for #{name_str}"
 
-req = X509::Request.new
+req = OpenSSL::X509::Request.new
 req.version = 0
 req.subject = name
-req.public_key = keypair.public_key
-req.sign(keypair, Digest::MD5.new)
+req.public_key = keypair
+req.sign(keypair, "MD5")
 
 puts "Writing #{csrout}..."
 File.open(csrout, "w") do |f|
diff --git a/sample/openssl/smime_read.rb b/sample/openssl/smime_read.rb
index 17394f9b8d..b617c6e3a5 100644
--- a/sample/openssl/smime_read.rb
+++ b/sample/openssl/smime_read.rb
@@ -1,6 +1,5 @@
 require 'optparse'
 require 'openssl'
-include OpenSSL
 
 options = ARGV.getopts("c:k:C:")
 
@@ -10,14 +9,14 @@ ca_path   = options["C"]
 
 data = $stdin.read
 
-cert = X509::Certificate.new(File::read(cert_file))
-key = PKey::RSA.new(File::read(key_file))
-p7enc = PKCS7::read_smime(data)
+cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
+key = OpenSSL::PKey::read(File::read(key_file))
+p7enc = OpenSSL::PKCS7::read_smime(data)
 data = p7enc.decrypt(key, cert)
 
-store = X509::Store.new
+store = OpenSSL::X509::Store.new
 store.add_path(ca_path)
-p7sig = PKCS7::read_smime(data)
+p7sig = OpenSSL::PKCS7::read_smime(data)
 if p7sig.verify([], store)
   puts p7sig.data
 end
diff --git a/sample/openssl/smime_write.rb b/sample/openssl/smime_write.rb
index 5a5236c750..e1254d8748 100644
--- a/sample/openssl/smime_write.rb
+++ b/sample/openssl/smime_write.rb
@@ -1,6 +1,5 @@
 require 'openssl'
 require 'optparse'
-include OpenSSL
 
 options = ARGV.getopts("c:k:r:")
 
@@ -8,16 +7,16 @@ cert_file = options["c"]
 key_file  = options["k"]
 rcpt_file = options["r"]
 
-cert = X509::Certificate.new(File::read(cert_file))
-key = PKey::RSA.new(File::read(key_file))
+cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
+key = OpenSSL::PKey::read(File::read(key_file))
 
 data  = "Content-Type: text/plain\r\n"
 data << "\r\n"
 data << "This is a clear-signed message.\r\n"
 
-p7sig  = PKCS7::sign(cert, key, data, [], PKCS7::DETACHED)
-smime0 = PKCS7::write_smime(p7sig)
+p7sig  = OpenSSL::PKCS7::sign(cert, key, data, [], OpenSSL::PKCS7::DETACHED)
+smime0 = OpenSSL::PKCS7::write_smime(p7sig)
 
-rcpt  = X509::Certificate.new(File::read(rcpt_file))
-p7enc = PKCS7::encrypt([rcpt], smime0)
-print PKCS7::write_smime(p7enc)
+rcpt  = OpenSSL::X509::Certificate.new(File::read(rcpt_file))
+p7enc = OpenSSL::PKCS7::encrypt([rcpt], smime0)
+print OpenSSL::PKCS7::write_smime(p7enc)