Class: OpenSSL::PKCS12

Inherits:
Object
  • Object
show all
Defined in:
lib/openssl/pkcs12.rb

Defined Under Namespace

Classes: PKCS12Error

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(str = nil, password = '') ⇒ PKCS12

Returns a new instance of PKCS12.


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# File 'lib/openssl/pkcs12.rb', line 22

def initialize(str = nil, password = '')
  return @der = nil unless str

  if str.is_a?(File)
    file = File.open(str.path, "rb")
    @der = file.read
    file.close
  else
    str.force_encoding(Encoding::ASCII_8BIT)
    @der = str
  end

  p12_input_stream = StringBufferInputStream.new(@der)

  store = SecurityHelper.getKeyStore("PKCS12")
  store.load(p12_input_stream, password.to_java.to_char_array)

  aliases = store.aliases
  aliases.each do |alias_name|
    if store.is_key_entry(alias_name)
      if java_certificate = store.get_certificate(alias_name)
        der = String.from_java_bytes(java_certificate.get_encoded)
        @certificate = OpenSSL::X509::Certificate.new(der)
      end

      java_key = store.get_key(alias_name, password.to_java.to_char_array)
      if java_key
        der = String.from_java_bytes(java_key.get_encoded)
        algorithm = java_key.get_algorithm
        if algorithm == "RSA"
          @key = OpenSSL::PKey::RSA.new(der)
        elsif algorithm == "DSA"
          @key = OpenSSL::PKey::DSA.new(der)
        elsif algorithm == "DH"
          @key = OpenSSL::PKey::DH.new(der)
        elsif algorithm == "EC"
          @key = OpenSSL::PKey::EC.new(der)
        else
          raise PKCS12Error, "Unknown key algorithm #{algorithm}"
        end
      end

      @ca_certs = Array.new
      java_ca_certs = store.get_certificate_chain(alias_name)
      if java_ca_certs
        java_ca_certs.each do |java_ca_cert|
            der = String.from_java_bytes(java_ca_cert.get_encoded)
            ruby_cert = OpenSSL::X509::Certificate.new(der)
            if (ruby_cert.to_pem != @certificate.to_pem)
              @ca_certs << ruby_cert
            end
        end
      end
      break
    end
  end
rescue java.lang.Exception => e
  raise PKCS12Error, e.inspect
end

Instance Attribute Details

#ca_certsObject (readonly)

Returns the value of attribute ca_certs


20
21
22
# File 'lib/openssl/pkcs12.rb', line 20

def ca_certs
  @ca_certs
end

#certificateObject (readonly)

Returns the value of attribute certificate


20
21
22
# File 'lib/openssl/pkcs12.rb', line 20

def certificate
  @certificate
end

#keyObject (readonly)

Returns the value of attribute key


20
21
22
# File 'lib/openssl/pkcs12.rb', line 20

def key
  @key
end

Class Method Details

.create(pass, name, key, cert, ca = nil) ⇒ Object


14
15
16
17
18
# File 'lib/openssl/pkcs12.rb', line 14

def self.create(pass, name, key, cert, ca = nil)
  pkcs12 = self.new
  pkcs12.generate(pass, name, key, cert, ca)
  pkcs12
end

Instance Method Details

#generate(pass, alias_name, key, cert, ca = nil) ⇒ Object


82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'lib/openssl/pkcs12.rb', line 82

def generate(pass, alias_name, key, cert, ca = nil)
  @key, @certificate, @ca_certs = key, cert, ca

  certificates = cert.to_pem
  ca.each { |ca_cert| certificates << ca_cert.to_pem } if ca

  begin
    der_bytes = PEMUtils.generatePKCS12(
      StringReader.new(key.to_pem), certificates.to_java_bytes,
      alias_name, ( pass.nil? ? "" : pass ).to_java.to_char_array
    )
  rescue java.security.KeyStoreException, java.security.cert.CertificateException => e
    raise PKCS12Error, e.message
  rescue java.security.GeneralSecurityException, java.io.IOException => e
    raise PKCS12Error, e.inspect
  end

  @der = String.from_java_bytes(der_bytes)
end

#to_derObject


102
103
104
# File 'lib/openssl/pkcs12.rb', line 102

def to_der
  @der
end