Class: Ccrypto::X509CSR

Inherits:
Object
  • Object
show all
Includes:
Java::DataConversion, TR::CondUtils, TeLogger::TeLogHelper
Defined in:
lib/ccrypto/java/ext/x509_csr.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Java::DataConversion

#from_b64, #from_b64_mime, #from_hex, included, #logger, #to_b64, #to_b64_mime, #to_hex, #to_java_bytes, #to_str

Constructor Details

#initialize(csr) ⇒ X509CSR

Returns a new instance of X509CSR.



17
18
19
 
# File 'lib/ccrypto/java/ext/x509_csr.rb', line 17

def initialize(csr)
  @nativeCSR = csr
end

Instance Attribute Details

#request_subject_fullObject (readonly)

Returns the value of attribute request_subject_full.



15
16
17
 
# File 'lib/ccrypto/java/ext/x509_csr.rb', line 15

def request_subject_full
  @request_subject_full
end

Instance Method Details

#csr_infoObject 



42
43
44
45
46
47
 
# File 'lib/ccrypto/java/ext/x509_csr.rb', line 42

def csr_info
  if @csrInfo.nil?
    @csrInfo = parseCSR(@nativeCSR)
  end
  @csrInfo
end

#parseCSR(csrBin) ⇒ Object

Raises:

  • (X509CSRSignatureInvalid) 


49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
 
# File 'lib/ccrypto/java/ext/x509_csr.rb', line 49

def parseCSR(csrBin)

  case csrBin
  when ::Java::byte[]
    csr = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest.new(csrBin)

  when String
    # this assumed input is a PEM formatted content
    reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(to_java_bytes(csrBin))))
    csr = reader.readObject
    raise X509CSRException, "Given CSR string to load does not encapsulate a CSR structure. It is read as '#{csr.class.name}'" if not csr.is_a?(org.bouncycastle.pkcs::PKCS10CertificationRequest)

  when Ccrypto::X509CSR
    csr = csrBin.nativeCSR

  else
    raise X509CSRException, "Unknown how to handle CSR of format #{csrBin.class}"

  end


  cvProv = org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.new.build(csr.getSubjectPublicKeyInfo)
  # 18 Apr 2023
  # Not all curves are supported under X509 I think. At least those not well known curve such as B-163 from BC
  # not able to verify the signature
  raise X509CSRSignatureInvalid, "CSR signature is not valid" if not csr.isSignatureValid(cvProv)

  certProfile = Ccrypto::X509::CertProfile.new

  @request_subject_full = csr.getSubject.to_s
  subj = csr.getSubject.to_s
  subj.split(",").each do |e|
    ee = e.split("=")
    case ee[0]
    when "CN"
      certProfile.owner_name = ee[1]
    when "O"
      certProfile.org = ee[1]
    when "OU"
      certProfile.org_unit = ee[1]
    when "E"
      certProfile.email = ee[1]
    end
  end


  pubKeyParam = org.bouncycastle.crypto.util.PublicKeyFactory.createKey(csr.subject_public_key_info)
  curveName = org.bouncycastle.asn1.x9.ECNamedCurveTable.get_name(pubKeyParam.parameters.name)

  spec = org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util.convertToSpec(pubKeyParam.getParameters)
  point= org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util.convertPoint(pubKeyParam.getQ)
  pubKeySpec = java.security.spec.ECPublicKeySpec.new(point, spec)
  pubKey = java.security.KeyFactory.getInstance("EC", Ccrypto::Java::JCEProvider::DEFProv).generatePublic(pubKeySpec)
  certProfile.public_key = Ccrypto::Java::ECCPublicKey.new(pubKey, curveName)

  csr.attributes.each do |att|
 
    ext = org.bouncycastle.asn1.x509.Extensions.getInstance(att.getAttrValues.getObjectAt(0))

    gns = org.bouncycastle.asn1.x509.GeneralNames.fromExtensions(ext,org.bouncycastle.asn1.x509.Extension.subjectAlternativeName)
    gns.getNames.each do |n|
      #p n.getTagNo
      case n.getTagNo
      when org.bouncycastle.asn1.x509.GeneralName.dNSName
        certProfile.dns_name = n.getName.to_s
      when org.bouncycastle.asn1.x509.GeneralName.iPAddress
        val = org.bouncycastle.asn1.DEROctetString.getInstance(n.getName.toASN1Primitive).getOctets
        begin
          certProfile.ip_addr = java.net.InetAddress.getByAddress(val).getHostAddress
        rescue java.net.UnknownHostException => ex
          certProfile.ip_addr = "Error decoding IP address : #{ex.message}"
          teLogger.error "Failed to decode IP address from CSR"
          teLogger.error ex.message
          teLogger.error ex.backtrace.join("\n")
        end
      when org.bouncycastle.asn1.x509.GeneralName.uniformResourceIdentifier
        certProfile.uri = n.getName.to_s
      when org.bouncycastle.asn1.x509.GeneralName.rfc822Name
        certProfile.email = n.getName.to_s
      when org.bouncycastle.asn1.x509.GeneralName.otherName
        ext = org.bouncycastle.asn1.x509.Extension.getInstance(n.getName)
        certProfile.custom_extension[ext.extnId.to_s] = { value: ext.extnValue.octets.to_s, critical: ext.critical?, type: :string }
      else
        teLogger.debug "Unknown field tag no #{n.getTagNo}"
      end
    end

    ext.oids.each do |o|
      v = ext.getExtension(o)
      next if v.extnId.to_s == org.bouncycastle.asn1.x509.Extension.subjectAlternativeName.to_s

      certProfile.custom_extension[v.extnId.to_s] = { value: v.extnValue.octets.to_s, critical: v.critical?, type: :string }
    end

  
  end

  certProfile
  
end

#to_binObject 



21
22
23
 
# File 'lib/ccrypto/java/ext/x509_csr.rb', line 21

def to_bin
  @nativeCSR.encoded
end

#to_pemObject 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/ccrypto/java/ext/x509_csr.rb', line 25

def to_pem

  baos = java.io.ByteArrayOutputStream.new

  writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos))

  begin
    writer.writeObject(@nativeCSR)
  ensure
    writer.flush
    writer.close  
  end 

  baos.toByteArray
  
end