@JRubyMethod(name = "next_update=")
public IRubyObject set_next_update(IRubyObject val) {
changed = true;
next_update = val.callMethod(getRuntime().getCurrentContext(), "getutc");
((RubyTime) next_update).setMicroseconds(0);
generator.setNextUpdate(((RubyTime) next_update).getJavaDate());
this.next_update = val;
return val;
}
@JRubyMethod(name = "issuer=")
public IRubyObject set_issuer(IRubyObject val) {
if (!val.equals(this.issuer)) {
changed = true;
}
this.issuer = val;
generator.setIssuerDN(((X509Name) issuer).getRealName());
return val;
}
@JRubyMethod
public IRubyObject sign(final IRubyObject key, IRubyObject digest) {
// System.err.println("WARNING: unimplemented method called: CRL#sign");
// Have to obey some artificial constraints of the OpenSSL implementation. Stupid.
String keyAlg = ((PKey) key).getAlgorithm();
String digAlg = ((Digest) digest).getShortAlgorithm();
if (("DSA".equalsIgnoreCase(keyAlg) && "MD5".equalsIgnoreCase(digAlg))
|| ("RSA".equalsIgnoreCase(keyAlg) && "DSS1".equals(((Digest) digest).name().toString()))
|| ("DSA".equalsIgnoreCase(keyAlg) && "SHA1".equals(((Digest) digest).name().toString()))) {
throw newX509CRLError(getRuntime(), null);
}
sig_alg = getRuntime().newString(digAlg);
generator.setSignatureAlgorithm(digAlg + "WITH" + keyAlg);
for (IRubyObject obj : ((RubyArray) revoked).toJavaArray()) {
X509Revoked rev = (X509Revoked) obj; // TODO: can throw CCE
BigInteger serial =
new BigInteger(rev.callMethod(getRuntime().getCurrentContext(), "serial").toString());
IRubyObject t1 =
rev.callMethod(getRuntime().getCurrentContext(), "time")
.callMethod(getRuntime().getCurrentContext(), "getutc");
((RubyTime) t1).setMicroseconds(0);
// Extensions ignored, for now
generator.addCRLEntry(
serial,
((RubyTime) t1).getJavaDate(),
new org.bouncycastle.asn1.x509.X509Extensions(new Hashtable()));
}
try {
for (Iterator<IRubyObject> iter = extensions.iterator(); iter.hasNext(); ) {
X509Extensions.Extension ag = (X509Extensions.Extension) iter.next();
generator.addExtension(ag.getRealOid(), ag.getRealCritical(), ag.getRealValueBytes());
}
} catch (IOException ioe) {
throw newX509CRLError(getRuntime(), ioe.getMessage());
}
try {
// X509V2CRLGenerator(generator) depends BC.
OpenSSLReal.doWithBCProvider(
new OpenSSLReal.Runnable() {
public void run() throws GeneralSecurityException {
crl = generator.generate(((PKey) key).getPrivateKey(), "BC");
}
});
} catch (GeneralSecurityException gse) {
throw newX509CRLError(getRuntime(), gse.getMessage());
}
try {
crl_v = new ASN1InputStream(new ByteArrayInputStream(crl.getEncoded())).readObject();
} catch (CRLException crle) {
throw newX509CRLError(getRuntime(), crle.getMessage());
} catch (IOException ioe) {
throw newX509CRLError(getRuntime(), ioe.getMessage());
}
DERSequence v1 = (DERSequence) (((DERSequence) crl_v).getObjectAt(0));
ASN1EncodableVector build1 = new ASN1EncodableVector();
int copyIndex = 0;
if (v1.getObjectAt(0) instanceof DERInteger) {
copyIndex++;
}
build1.add(new DERInteger(new java.math.BigInteger(version.toString())));
while (copyIndex < v1.size()) {
build1.add(v1.getObjectAt(copyIndex++));
}
ASN1EncodableVector build2 = new ASN1EncodableVector();
build2.add(new DERSequence(build1));
build2.add(((DERSequence) crl_v).getObjectAt(1));
build2.add(((DERSequence) crl_v).getObjectAt(2));
crl_v = new DERSequence(build2);
changed = false;
return this;
}
