Comments (16)
Any update for this issue? It's missing from jruby-openssl....
from jruby-ossl.
I found this test for pkcs12 though (https://github.com/jruby/jruby-ossl/blob/master/test/1.9/test_pkcs12.rb). How come OpenSSL::PKCS12 is not exposed as a constant?
from jruby-ossl.
cc / @headius @nicksieger
from jruby-ossl.
I have put up a patch for my project on OpenSSL::PKCS12:
require 'openssl'
unless OpenSSL.const_defined?(:PKCS12)
require 'java'
module Patch
module JRuby
module OpenSSL
class PKCS12
java_import java.io.StringReader
java_import java.io.StringBufferInputStream
java_import java.security.cert.CertificateFactory
java_import java.security.KeyStore
java_import java.io.ByteArrayOutputStream
java_import org.bouncycastle.openssl.PEMReader
java.security.Security.add_provider(org.bouncycastle.jce.provider.BouncyCastleProvider.new)
def self.create(pass, name, key, cert)
pkcs12 = self.new(pass, name, key, cert)
pkcs12.generate
pkcs12
end
attr_reader :key, :certificate
def initialize(pass, name, key, cert)
@pass = pass
@name = name
@key = key
@certificate = cert
end
def generate
key_reader = StringReader.new(key.to_pem)
key_pair = PEMReader.new(key_reader).read_object
cert_input_stream = StringBufferInputStream.new(certificate.to_pem)
certs = CertificateFactory.get_instance("X.509").generate_certificates(cert_input_stream)
store = KeyStore.get_instance("PKCS12", "BC")
store.load(nil, nil)
store.set_key_entry(@name, key_pair.get_private, nil, certs.to_array(Java::java.security.cert.Certificate[certs.size].new))
pkcs12_output_stream = ByteArrayOutputStream.new
store.store(pkcs12_output_stream, @pass.to_java.to_char_array)
@der = String.from_java_bytes(pkcs12_output_stream.to_byte_array)
end
def to_der
@der
end
end
end
end
end
OpenSSL.const_set(:PKCS12, Patch::JRuby::OpenSSL::PKCS12)
end
from jruby-ossl.
note: this is a simplify version of MRI's OpenSSL::PKCS12
from jruby-ossl.
I'm totally in favor of incorporating this into jruby-ossl until we have a full Java impl (or forever, if this is sufficient for all users).
from jruby-ossl.
Agreed. @jingweno, did you run tests in CRuby 1.9.3 against your patch? I didn't expect full green. Just 1 green is enough.
from jruby-ossl.
How did you know there is 1 green? :)
before
360 tests, 1902 assertions, 19 failures, 36 errors, 0 skips
after
360 tests, 1904 assertions, 18 failures, 36 errors, 0 skips
note: This patch only implements the minimized logic working for my project. Need more work to support the whole PKCS12 set.
from jruby-ossl.
It's a great start :) And I like the code a lot better than most of the Java code that makes up the rest of jruby-ossl!
from jruby-ossl.
Just FYI, this interface appears to be different than the MRI version for new: http://www.ensta-paristech.fr/~diam/ruby/online/ruby-1.9.1/classes/OpenSSL/PKCS12.html#M006607
from jruby-ossl.
To add more information: #create is used to make the PKCS12, but PKCS12.new is how you convert a PKCS12 to a PEM. I will be attempting to work around this by using the shell command and a couple tempfiles: openssl pkcs12 -in #{tf_p12.path} -out #{tf_pem.path} -nodes -clcerts
from jruby-ossl.
Related: https://github.com/highgroove/grocer/issues/17
from jruby-ossl.
@nahi @headius I saw there is a project on reimplementing jruby-openssl
with krypt in this year's Google Summer of Code (https://github.com/jruby/jruby/wiki/GoogleSummerOfCode2012). Wondering whether it will be made into jruby-openssl
sooner?
@kyledrake Please see my comment. The implementation is only partially done. I will look at the Ruby specs to see how it should behave and come up with a patch.
from jruby-ossl.
Apologies if I wasn't clear. My intent wasn't to point out that it is incomplete, but to make a note of the fact that it is implemented differently. I discovered this when I ran a test, so I wanted to point it out incase anybody else ran into it.
from jruby-ossl.
Any recent progress here? We were hoping to fix an issue in grocer once this was resolved.
from jruby-ossl.
I haven't heard anything back on this in months. PKCS12 is not implemented correctly on JRuby, it does something completely different than what is in MRI unfortunately. The shell-out is the only solution I've found so far.
from jruby-ossl.
Related Issues (20)
- problem using oauth gem with jruby-openssl HOT 2
- In a tomcat container Jopenssl::Version can't be loaded HOT 3
- JRuby 1.6.4 doesn't automatically find jruby-openssl 0.7.4 HOT 1
- OpenSSL::ASN1::Integer#value returns Bignum and not OpenSSL::BN HOT 2
- Error establishing SSL connections: OpenSSL::SSL::SSLError: Socket closed HOT 2
- JRuby-openssl breaks Ruby MRI HOT 3
- exception for X509 signing
- emailAddress attribute in X509 cert doesn't return the right key
- undefined method `write_nonblock' for OpenSSL::SSL::SSLSocket HOT 7
- problem with ruby-openid-apps-discovery HOT 1
- sending UTF-8 data over SSL can result in lost data HOT 4
- OpenSSL::X509::Certificate.new(string) raises Exception ArgumentError occured, wrong number of arguments (1 for 0)
- Test suite wrongly assumes localhost == 127.0.0.1
- OpenSSL::SSL::SSLSocket.new(s, @ssl_context) raises Exception ArgumentError occured, with wrong # of arguments(2 for 0) HOT 3
- Link in readme is broken HOT 1
- OpenSSL::SSL::SSLError: Received fatal alert: bad_record_mac HOT 4
- 0.7.3 doesn't work with older versions of jruby HOT 2
- unimplemented method called SignerInfo#signed_time
- X509Cert.set_serial breaks for Certificate SerialNumbers with MSB=1 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jruby-ossl.