Modified: trunk/jopenssl/src/java/org/jruby/ext/openssl/X509Cert.java (1104 => 1105)
--- trunk/jopenssl/src/java/org/jruby/ext/openssl/X509Cert.java 2008-08-12 14:01:06 UTC (rev 1104)
+++ trunk/jopenssl/src/java/org/jruby/ext/openssl/X509Cert.java 2008-08-12 14:01:09 UTC (rev 1105)
@@ -155,7 +155,7 @@
String critOid = (String)iter.next();
byte[] value = cert.getExtensionValue(critOid);
IRubyObject rValue = ASN1.decode(((RubyModule)(getRuntime().getModule("OpenSSL"))).getConstant("ASN1"),RubyString.newString(getRuntime(), value)).callMethod(tc,"value");
- if(critOid.equals("2.5.29.17") || critOid.equals("2.5.29.37")) {
+ if(critOid.equals("2.5.29.17")) {
add_extension(extFact.callMethod(tc,"create_ext", new IRubyObject[]{getRuntime().newString(critOid),getRuntime().newString(rValue.toString()),getRuntime().getTrue()}));
} else {
add_extension(extFact.callMethod(tc,"create_ext", new IRubyObject[]{getRuntime().newString(critOid),getRuntime().newString(rValue.toString().substring(2)),getRuntime().getTrue()}));
@@ -170,7 +170,7 @@
byte[] value = cert.getExtensionValue(ncritOid);
IRubyObject rValue = ASN1.decode(((RubyModule)(getRuntime().getModule("OpenSSL"))).getConstant("ASN1"),RubyString.newString(getRuntime(), value)).callMethod(tc,"value");
- if(ncritOid.equals("2.5.29.17") || ncritOid.equals("2.5.29.37")) {
+ if(ncritOid.equals("2.5.29.17")) {
add_extension(extFact.callMethod(tc,"create_ext", new IRubyObject[]{getRuntime().newString(ncritOid),getRuntime().newString(rValue.toString()),getRuntime().getFalse()}));
} else {
add_extension(extFact.callMethod(tc,"create_ext", new IRubyObject[]{getRuntime().newString(ncritOid),getRuntime().newString(rValue.toString().substring(2)),getRuntime().getFalse()}));
@@ -335,13 +335,7 @@
for(Iterator<IRubyObject> iter = extensions.iterator();iter.hasNext();) {
X509Extensions.Extension ag = (X509Extensions.Extension)iter.next();
- System.err.println("adding extension: " + ag.getRealOid() + " with value of length" + ag.getRealValueBytes().length);
byte[] bytes = ag.getRealValueBytes();
- if(ag.getRealOid().toString().equals("2.5.29.37")) {
- byte[] newBytes = new byte[bytes.length-2];
- System.arraycopy(bytes, 2, newBytes, 0, newBytes.length);
- bytes = newBytes;
- }
generator.addExtension(ag.getRealOid(),ag.getRealCritical(),bytes);
}
@@ -394,7 +388,8 @@
@JRubyMethod
public IRubyObject add_extension(IRubyObject arg) throws Exception {
changed = true;
- if(((X509Extensions.Extension)arg).getRealOid().equals(new DERObjectIdentifier("2.5.29.17"))) {
+ DERObjectIdentifier oid = ((X509Extensions.Extension)arg).getRealOid();
+ if(oid.equals(new DERObjectIdentifier("2.5.29.17"))) {
boolean
for(Iterator iter = extensions.iterator();iter.hasNext();) {
X509Extensions.Extension ag = (X509Extensions.Extension)iter.next();
Modified: trunk/jopenssl/src/java/org/jruby/ext/openssl/X509Extensions.java (1104 => 1105)
--- trunk/jopenssl/src/java/org/jruby/ext/openssl/X509Extensions.java 2008-08-12 14:01:06 UTC (rev 1104)
+++ trunk/jopenssl/src/java/org/jruby/ext/openssl/X509Extensions.java 2008-08-12 14:01:09 UTC (rev 1105)
@@ -27,15 +27,17 @@
***** END LICENSE BLOCK *****/
package org.jruby.ext.openssl;
+
import java.security.MessageDigest;
import java.util.Iterator;
import java.util.List;
-
+import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERBoolean;
+import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
@@ -55,6 +57,7 @@
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
+import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
@@ -368,6 +371,13 @@
bs[3] = (byte) (Integer.parseInt(numbers[3]) & 0xff);
value = new String(ByteList.plain(new GeneralNames(new GeneralName(GeneralName.iPAddress,new DEROctetString(bs))).getDEREncoded()));
}
+ } else if(r_oid.equals(new DERObjectIdentifier("2.5.29.37"))) { //extendedKeyUsage
+ String[] spl = valuex.split(", ?");
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+ for(String name : spl) {
+ vector.add(ASN1Registry.sym2oid(name));
+ }
+ value = new DERSequence(vector);
} else {
value = new DEROctetString(new DEROctetString(ByteList.plain(valuex)).getDEREncoded());
}
@@ -422,6 +432,8 @@
return ByteList.plain((String) value);
} else if(value instanceof DEROctetString) {
return ((DEROctetString)value).getOctets();
+ } else if(value instanceof DEREncodable) {
+ return ((ASN1Encodable)value).getEncoded();
} else {
return ((ASN1.ASN1Data)value).toASN1().getDEREncoded();
}
Modified: trunk/jopenssl/src/java/org/jruby/ext/openssl/x509store/Purpose.java (1104 => 1105)
--- trunk/jopenssl/src/java/org/jruby/ext/openssl/x509store/Purpose.java 2008-08-12 14:01:06 UTC (rev 1104)
+++ trunk/jopenssl/src/java/org/jruby/ext/openssl/x509store/Purpose.java 2008-08-12 14:01:09 UTC (rev 1105)
@@ -27,11 +27,12 @@
***** END LICENSE BLOCK *****/
package org.jruby.ext.openssl.x509store;
+
import java.util.ArrayList;
import java.util.List;
-
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEROctetString;
/**
* c: X509_PURPOSE
@@ -253,10 +254,6 @@
* c: purpose_smime
*/
public static int purposeSMIME(X509AuxCertificate x, int ca) throws Exception {
- System.err.println("purposeSMIME: " + x);
- System.err.println("extended key usage: " + x.getExtensionValue("2.5.29.37").length);
- System.err.println("extended key usage: " + new ASN1InputStream(x.getExtensionValue("2.5.29.37")).readObject());
- System.err.println("extended key usage: " + new ASN1InputStream(x.getExtensionValue("2.5.29.37")).readObject().getClass().getName());
if(x.getExtendedKeyUsage() != null && !x.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.4")) {
return 0; // must allow email protection
}
