예제 #1
0
 @JRubyMethod(name = "next_update=")
 public IRubyObject set_next_update(IRubyObject val) {
   changed = true;
   next_update = val.callMethod(getRuntime().getCurrentContext(), "getutc");
   ((RubyTime) next_update).setMicroseconds(0);
   generator.setNextUpdate(((RubyTime) next_update).getJavaDate());
   this.next_update = val;
   return val;
 }
예제 #2
0
 @JRubyMethod(name = "issuer=")
 public IRubyObject set_issuer(IRubyObject val) {
   if (!val.equals(this.issuer)) {
     changed = true;
   }
   this.issuer = val;
   generator.setIssuerDN(((X509Name) issuer).getRealName());
   return val;
 }
예제 #3
0
  @JRubyMethod
  public IRubyObject sign(final IRubyObject key, IRubyObject digest) {
    // System.err.println("WARNING: unimplemented method called: CRL#sign");
    // Have to obey some artificial constraints of the OpenSSL implementation. Stupid.
    String keyAlg = ((PKey) key).getAlgorithm();
    String digAlg = ((Digest) digest).getShortAlgorithm();

    if (("DSA".equalsIgnoreCase(keyAlg) && "MD5".equalsIgnoreCase(digAlg))
        || ("RSA".equalsIgnoreCase(keyAlg) && "DSS1".equals(((Digest) digest).name().toString()))
        || ("DSA".equalsIgnoreCase(keyAlg) && "SHA1".equals(((Digest) digest).name().toString()))) {
      throw newX509CRLError(getRuntime(), null);
    }

    sig_alg = getRuntime().newString(digAlg);
    generator.setSignatureAlgorithm(digAlg + "WITH" + keyAlg);

    for (IRubyObject obj : ((RubyArray) revoked).toJavaArray()) {
      X509Revoked rev = (X509Revoked) obj; // TODO: can throw CCE
      BigInteger serial =
          new BigInteger(rev.callMethod(getRuntime().getCurrentContext(), "serial").toString());
      IRubyObject t1 =
          rev.callMethod(getRuntime().getCurrentContext(), "time")
              .callMethod(getRuntime().getCurrentContext(), "getutc");
      ((RubyTime) t1).setMicroseconds(0);
      // Extensions ignored, for now
      generator.addCRLEntry(
          serial,
          ((RubyTime) t1).getJavaDate(),
          new org.bouncycastle.asn1.x509.X509Extensions(new Hashtable()));
    }

    try {
      for (Iterator<IRubyObject> iter = extensions.iterator(); iter.hasNext(); ) {
        X509Extensions.Extension ag = (X509Extensions.Extension) iter.next();
        generator.addExtension(ag.getRealOid(), ag.getRealCritical(), ag.getRealValueBytes());
      }
    } catch (IOException ioe) {
      throw newX509CRLError(getRuntime(), ioe.getMessage());
    }
    try {
      // X509V2CRLGenerator(generator) depends BC.
      OpenSSLReal.doWithBCProvider(
          new OpenSSLReal.Runnable() {

            public void run() throws GeneralSecurityException {
              crl = generator.generate(((PKey) key).getPrivateKey(), "BC");
            }
          });
    } catch (GeneralSecurityException gse) {
      throw newX509CRLError(getRuntime(), gse.getMessage());
    }

    try {
      crl_v = new ASN1InputStream(new ByteArrayInputStream(crl.getEncoded())).readObject();
    } catch (CRLException crle) {
      throw newX509CRLError(getRuntime(), crle.getMessage());
    } catch (IOException ioe) {
      throw newX509CRLError(getRuntime(), ioe.getMessage());
    }
    DERSequence v1 = (DERSequence) (((DERSequence) crl_v).getObjectAt(0));
    ASN1EncodableVector build1 = new ASN1EncodableVector();
    int copyIndex = 0;
    if (v1.getObjectAt(0) instanceof DERInteger) {
      copyIndex++;
    }
    build1.add(new DERInteger(new java.math.BigInteger(version.toString())));
    while (copyIndex < v1.size()) {
      build1.add(v1.getObjectAt(copyIndex++));
    }
    ASN1EncodableVector build2 = new ASN1EncodableVector();
    build2.add(new DERSequence(build1));
    build2.add(((DERSequence) crl_v).getObjectAt(1));
    build2.add(((DERSequence) crl_v).getObjectAt(2));
    crl_v = new DERSequence(build2);
    changed = false;
    return this;
  }