Open dlee opened 13 years ago
Any update for this issue? It's missing from jruby-openssl....
I found this test for pkcs12 though (https://github.com/jruby/jruby-ossl/blob/master/test/1.9/test_pkcs12.rb). How come OpenSSL::PKCS12 is not exposed as a constant?
cc / @headius @nicksieger
I have put up a patch for my project on OpenSSL::PKCS12:
require 'openssl'
unless OpenSSL.const_defined?(:PKCS12)
require 'java'
module Patch
module JRuby
module OpenSSL
class PKCS12
java_import java.io.StringReader
java_import java.io.StringBufferInputStream
java_import java.security.cert.CertificateFactory
java_import java.security.KeyStore
java_import java.io.ByteArrayOutputStream
java_import org.bouncycastle.openssl.PEMReader
java.security.Security.add_provider(org.bouncycastle.jce.provider.BouncyCastleProvider.new)
def self.create(pass, name, key, cert)
pkcs12 = self.new(pass, name, key, cert)
pkcs12.generate
pkcs12
end
attr_reader :key, :certificate
def initialize(pass, name, key, cert)
@pass = pass
@name = name
@key = key
@certificate = cert
end
def generate
key_reader = StringReader.new(key.to_pem)
key_pair = PEMReader.new(key_reader).read_object
cert_input_stream = StringBufferInputStream.new(certificate.to_pem)
certs = CertificateFactory.get_instance("X.509").generate_certificates(cert_input_stream)
store = KeyStore.get_instance("PKCS12", "BC")
store.load(nil, nil)
store.set_key_entry(@name, key_pair.get_private, nil, certs.to_array(Java::java.security.cert.Certificate[certs.size].new))
pkcs12_output_stream = ByteArrayOutputStream.new
store.store(pkcs12_output_stream, @pass.to_java.to_char_array)
@der = String.from_java_bytes(pkcs12_output_stream.to_byte_array)
end
def to_der
@der
end
end
end
end
end
OpenSSL.const_set(:PKCS12, Patch::JRuby::OpenSSL::PKCS12)
end
note: this is a simplify version of MRI's OpenSSL::PKCS12
I'm totally in favor of incorporating this into jruby-ossl until we have a full Java impl (or forever, if this is sufficient for all users).
Agreed. @jingweno, did you run tests in CRuby 1.9.3 against your patch? I didn't expect full green. Just 1 green is enough.
How did you know there is 1 green? :)
before
360 tests, 1902 assertions, 19 failures, 36 errors, 0 skips
after
360 tests, 1904 assertions, 18 failures, 36 errors, 0 skips
note: This patch only implements the minimized logic working for my project. Need more work to support the whole PKCS12 set.
It's a great start :) And I like the code a lot better than most of the Java code that makes up the rest of jruby-ossl!
Just FYI, this interface appears to be different than the MRI version for new: http://www.ensta-paristech.fr/~diam/ruby/online/ruby-1.9.1/classes/OpenSSL/PKCS12.html#M006607
To add more information: #create is used to make the PKCS12, but PKCS12.new is how you convert a PKCS12 to a PEM. I will be attempting to work around this by using the shell command and a couple tempfiles: openssl pkcs12 -in #{tf_p12.path} -out #{tf_pem.path} -nodes -clcerts
@nahi @headius I saw there is a project on reimplementing jruby-openssl
with krypt in this year's Google Summer of Code (https://github.com/jruby/jruby/wiki/GoogleSummerOfCode2012). Wondering whether it will be made into jruby-openssl
sooner?
@kyledrake Please see my comment. The implementation is only partially done. I will look at the Ruby specs to see how it should behave and come up with a patch.
Apologies if I wasn't clear. My intent wasn't to point out that it is incomplete, but to make a note of the fact that it is implemented differently. I discovered this when I ran a test, so I wanted to point it out incase anybody else ran into it.
I haven't heard anything back on this in months. PKCS12 is not implemented correctly on JRuby, it does something completely different than what is in MRI unfortunately. The shell-out is the only solution I've found so far.
The MRI stdlib version of OpenSSL has PKCS12 support, but I don't see it in jruby-openssl.