Class: OpenSSL::PKCS12

Inherits:
Object
  • Object
show all
Defined in:
lib/shared/openssl/pkcs12.rb

Defined Under Namespace

Classes: PKCS12Error

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(str = nil, pass = nil) ⇒ PKCS12

Returns a new instance of PKCS12.



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/shared/openssl/pkcs12.rb', line 26

def initialize(str = nil, pass = nil)
  if str
    if str.is_a?(File)
      file = File.open(str.path, "rb")
      @der = file.read
      file.close
    else
      @der = str
    end

    p12_input_stream = StringBufferInputStream.new(@der)

    store = KeyStore.get_instance("PKCS12")
    password = pass.nil? ? "" : pass
    begin
      store.load(p12_input_stream, password.to_java.to_char_array)
    rescue java.lang.Exception => e
      raise PKCS12Error, "Exception: #{e}"
    end

    aliases = store.aliases
    aliases.each { |alias_name|
      if store.is_key_entry(alias_name)
        begin
          java_certificate = store.get_certificate(alias_name)
        rescue java.lang.Exception => e
          raise PKCS12Error, "Exception: #{e}"
        end
        if java_certificate
          der = String.from_java_bytes(java_certificate.get_encoded)
          @certificate = OpenSSL::X509::Certificate.new(der)
        end

        begin
          java_key = store.get_key(alias_name, password.to_java.to_char_array)
        rescue java.lang.Exception => e
          raise PKCS12Error, "Exception: #{e}"
        end
        if java_key
          der = String.from_java_bytes(java_key.get_encoded)
          algorithm = java_key.get_algorithm
          if algorithm == "RSA"
            @key = OpenSSL::PKey::RSA.new(der)
          elsif algorithm == "DSA"
            @key = OpenSSL::PKey::DSA.new(der)
          elsif algorithm == "DH"
            @key = OpenSSL::PKey::DH.new(der)
          elsif algorithm == "EC"
            @key = OpenSSL::PKey::EC.new(der)
          else
            raise PKCS12Error, "Unknown key algorithm"
          end
        end

        @ca_certs = Array.new
        begin
          java_ca_certs = store.get_certificate_chain(alias_name)
        rescue java.lang.Exception => e
          raise PKCS12Error, "Exception #{e}"
        end
        if java_ca_certs
          java_ca_certs.each do |java_ca_cert|
              der = String.from_java_bytes(java_ca_cert.get_encoded)
              ruby_cert = OpenSSL::X509::Certificate.new(der)
              if (ruby_cert.to_pem != @certificate.to_pem)
                @ca_certs << ruby_cert
              end
          end
        end
      end
      break
    }
  else
    @der = nil
  end
end

Instance Attribute Details

#ca_certsObject (readonly)

Returns the value of attribute ca_certs.



24
25
26
# File 'lib/shared/openssl/pkcs12.rb', line 24

def ca_certs
  @ca_certs
end

#certificateObject (readonly)

Returns the value of attribute certificate.



24
25
26
# File 'lib/shared/openssl/pkcs12.rb', line 24

def certificate
  @certificate
end

#keyObject (readonly)

Returns the value of attribute key.



24
25
26
# File 'lib/shared/openssl/pkcs12.rb', line 24

def key
  @key
end

Class Method Details

.create(pass, name, key, cert, ca = nil) ⇒ Object



18
19
20
21
22
# File 'lib/shared/openssl/pkcs12.rb', line 18

def self.create(pass, name, key, cert, ca = nil)
  pkcs12 = self.new
  pkcs12.generate(pass, name, key, cert, ca)
  pkcs12
end

Instance Method Details

#generate(pass, alias_name, key, cert, ca = nil) ⇒ Object



103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# File 'lib/shared/openssl/pkcs12.rb', line 103

def generate(pass, alias_name, key, cert, ca = nil)
  @key = key
  @certificate = cert
  @ca_certs = ca

  key_reader = StringReader.new(key.to_pem)
  key_pair = PEMReader.new(key_reader).read_object

  certificates = cert.to_pem
  if ca
    ca.each { |ca_cert| 
      certificates << ca_cert.to_pem
    }
  end

  cert_input_stream = StringBufferInputStream.new(certificates)
  certs = CertificateFactory.get_instance("X.509").generate_certificates(cert_input_stream)

  store = KeyStore.get_instance("PKCS12", "BC")
  store.load(nil, nil)
  store.set_key_entry(alias_name, key_pair.get_private, nil, certs.to_array(Java::java.security.cert.Certificate[certs.size].new))

  pkcs12_output_stream = ByteArrayOutputStream.new
  password = pass.nil? ? "" : pass;
  begin
    store.store(pkcs12_output_stream, password.to_java.to_char_array)
  rescue java.lang.Exception => e
    raise PKCS12Error, "Exception: #{e}"
  end 

  @der = String.from_java_bytes(pkcs12_output_stream.to_byte_array)
end

#to_derObject



136
137
138
# File 'lib/shared/openssl/pkcs12.rb', line 136

def to_der
  @der
end