Module: PkernelJce::CSR

Included in:

Pkernel::CSR, CSRProxy

Defined in:

lib/pkernel_jce/csr.rb

Instance Method Summary

• #dump(csr, params = {}) ⇒ Object

  end generate().

• #dump_to_file(csr, file, opts = { }) ⇒ Object

  end dump.

• #dump_to_mem(csr, opts = { }) ⇒ Object
• #generate(identity, opts = {}) ⇒ Object
• #is_signature_valid?(csr) ⇒ Boolean
• #load(options = {}) ⇒ Object
• #load_from_file(file, opts = { }) ⇒ Object

  end load.

• #load_from_mem(bin, opts = { }) ⇒ Object
• #public_key(csr) ⇒ Object

  end is_signature_valid?.

Instance Method Details

#dump(csr, params = {}) ⇒ Object

end generate()

# File 'lib/pkernel_jce/csr.rb', line 44

def dump(csr, params = {})
  if csr.nil?
    raise PkernelJce::Error, "CSR object to be written is nil"
  end
  
  file = params[:file]
  baos = java.io.ByteArrayOutputStream.new

  if not file.nil?
    PkernelJce::GConf.instance.glog.debug "Dump CRL to file '#{file}'"
    writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file)))
  else
    PkernelJce::GConf.instance.glog.debug "Dump CRL to memory"
    writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos))
  end

  begin
    writer.writeObject(csr)
  ensure
    writer.flush
    writer.close  
  end 

  if file.nil?
    baos.toByteArray
  end
  
end

#dump_to_file(csr, file, opts = { }) ⇒ Object

end dump

Raises:

• (PkernelJce::Error)

# File 'lib/pkernel_jce/csr.rb', line 74

def dump_to_file(csr, file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Option to dump CSR to file should be a hash" if not opts.is_a?(Hash)
  dump(csr, opts.merge({ file: file }))
end

#dump_to_mem(csr, opts = { }) ⇒ Object

Raises:

• (PkernelJce::Error)

# File 'lib/pkernel_jce/csr.rb', line 80

def dump_to_mem(csr, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Option to dump CSR to memory should be a hash" if not opts.is_a?(Hash)
  dump(csr, opts)
end

#generate(identity, opts = {}) ⇒ Object

# File 'lib/pkernel_jce/csr.rb', line 11

def generate(identity, opts = {} )

  owner = opts[:owner]
  if owner.nil? and identity.certificate.nil?
    raise PkernelJce::Error, "Either Owner or Certificate must exist to issue CSR"
  elsif not owner.nil?
    subject = owner.to_x500_subject
  elsif not identity.certificate.nil?
    subject = PkernelJce::Certificate.ensure_java_cert(identity.certificate).subject_dn
  end

  signHash = opts[:signHash] || "SHA256"
  signAlgo = opts[:signAlgo]
  if signAlgo.nil?
    signAlgo = PkernelJce::KeyPair.derive_signing_algo(identity.privKey,signHash)
  end
  provider = opts[:provider]
  if provider.nil?
    PkernelJce::GConf.instance.glog.debug "Adding default provider"
    prov = PkernelJce::Provider.add_default
  else
    PkernelJce::GConf.instance.glog.debug "Adding provider #{provider.name}"
    prov = PkernelJce::Provider.add_provider(provider)
  end
 
  #p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, PkernelJce::KeyPair.public_key(identity.privKey))
  p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, identity.pubKey)
  sign = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(signAlgo).setProvider(prov).build(identity.privKey)
  csr = p10Builder.build(sign)
  csr
end

#is_signature_valid?(csr) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pkernel_jce/csr.rb', line 125

def is_signature_valid?(csr)
  cvProv = org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.new.build(csr.getSubjectPublicKeyInfo)
  csr.isSignatureValid(cvProv)
end

#load(options = {}) ⇒ Object

# File 'lib/pkernel_jce/csr.rb', line 87

def load(options = {})
  #todo is this content pem or binary?
  # now assumed is pem
  file = options[:file]
  bin = options[:bin]

  if not file.nil? and not file.empty?
    PkernelJce::GConf.instance.glog.debug "Load CSR from #{file}"
    f = java.io.File.new(file)
    if f.exists?
      reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.FileInputStream.new(f)))
    else 
      raise PkernelJce::Error, "File '#{f.absolute_path}' not found"
    end

  elsif not bin.nil?
    PkernelJce::GConf.instance.glog.debug "Load CSR from memory"
    reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(bin)))
  else
    raise PkernelJce::Error, "No bin or file input is given to load"
  end
  
  obj = reader.readObject
end

#load_from_file(file, opts = { }) ⇒ Object

end load

Raises:

• (PkernelJce::Error)

# File 'lib/pkernel_jce/csr.rb', line 113

def load_from_file(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Option to load CSR from file should be a hash" if not opts.is_a?(Hash)
  load(opts.merge({ file: file }))
end

#load_from_mem(bin, opts = { }) ⇒ Object

Raises:

• (PkernelJce::Error)

# File 'lib/pkernel_jce/csr.rb', line 119

def load_from_mem(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Option to load CSR from bin should be a hash" if not opts.is_a?(Hash)
  load(opts.merge({ bin: bin }))
end

#public_key(csr) ⇒ Object

end is_signature_valid?

# File 'lib/pkernel_jce/csr.rb', line 131

def public_key(csr)
  if csr.nil?
    raise PkernelJce::Error, "CSR given to extract public key is nil"
  end

  org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.new.getPublicKey(csr.getSubjectPublicKeyInfo)
end