require 'pkernel' require_relative 'provider' require_relative 'utils' require_relative 'global' require_relative 'error' module PkernelJce module CSR def generate(identity, opts = {} ) owner = opts[:owner] if owner.nil? and identity.certificate.nil? raise PkernelJce::Error, "Either Owner or Certificate must exist to issue CSR" elsif not owner.nil? subject = owner.to_x500_subject elsif not identity.certificate.nil? subject = PkernelJce::Certificate.ensure_java_cert(identity.certificate).subject_dn end signHash = opts[:signHash] || "SHA256" signAlgo = opts[:signAlgo] if signAlgo.nil? signAlgo = PkernelJce::KeyPair.derive_signing_algo(identity.privKey,signHash) end provider = opts[:provider] if provider.nil? PkernelJce::GConf.instance.glog.debug "Adding default provider" prov = PkernelJce::Provider.add_default else PkernelJce::GConf.instance.glog.debug "Adding provider #{provider.name}" prov = PkernelJce::Provider.add_provider(provider) end #p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, PkernelJce::KeyPair.public_key(identity.privKey)) p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, identity.pubKey) sign = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(signAlgo).setProvider(prov).build(identity.privKey) csr = p10Builder.build(sign) csr end # end generate() def dump(csr, params = {}) if csr.nil? raise PkernelJce::Error, "CSR object to be written is nil" end file = params[:file] baos = java.io.ByteArrayOutputStream.new if not file.nil? PkernelJce::GConf.instance.glog.debug "Dump CRL to file '#{file}'" writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file))) else PkernelJce::GConf.instance.glog.debug "Dump CRL to memory" writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos)) end begin writer.writeObject(csr) ensure writer.flush writer.close end if file.nil? baos.toByteArray end end # end dump def dump_to_file(csr, file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Option to dump CSR to file should be a hash" if not opts.is_a?(Hash) dump(csr, opts.merge({ file: file })) end def dump_to_mem(csr, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Option to dump CSR to memory should be a hash" if not opts.is_a?(Hash) dump(csr, opts) end def load(options = {}) #todo is this content pem or binary? # now assumed is pem file = options[:file] bin = options[:bin] if not file.nil? and not file.empty? PkernelJce::GConf.instance.glog.debug "Load CSR from #{file}" f = java.io.File.new(file) if f.exists? reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.FileInputStream.new(f))) else raise PkernelJce::Error, "File '#{f.absolute_path}' not found" end elsif not bin.nil? PkernelJce::GConf.instance.glog.debug "Load CSR from memory" reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(bin))) else raise PkernelJce::Error, "No bin or file input is given to load" end obj = reader.readObject end # end load def load_from_file(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Option to load CSR from file should be a hash" if not opts.is_a?(Hash) load(opts.merge({ file: file })) end def load_from_mem(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Option to load CSR from bin should be a hash" if not opts.is_a?(Hash) load(opts.merge({ bin: bin })) end def is_signature_valid?(csr) cvProv = org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.new.build(csr.getSubjectPublicKeyInfo) csr.isSignatureValid(cvProv) end # end is_signature_valid? def public_key(csr) if csr.nil? raise PkernelJce::Error, "CSR given to extract public key is nil" end org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.new.getPublicKey(csr.getSubjectPublicKeyInfo) end # end public_key end # end module csr class CSRProxy extend CSR end end