Module: PkernelJce::CSR

Included in:

Pkernel::CSR, CSRProxy

Defined in:

lib/pkernel_jce/csr.rb

Instance Method Summary

• #dump(csr, params = {}) ⇒ Object

  end generate().

• #generate(identity, opts = {}) ⇒ Object
• #is_signature_valid?(csr) ⇒ Boolean

  end load.

• #load(options = {}) ⇒ Object
• #public_key(csr) ⇒ Object

  end is_signature_valid?.

Instance Method Details

#dump(csr, params = {}) ⇒ Object

end generate()

# File 'lib/pkernel_jce/csr.rb', line 44

def dump(csr, params = {})
  if csr.nil?
    raise PkernelJce::Error, "CSR object to be written is nil"
  end
  
  file = params[:file]
  baos = java.io.ByteArrayOutputStream.new

  if not file.nil?
    PkernelJce::GConf.instance.glog.debug "Dump CRL to file '#{file}'"
    writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file)))
  else
    PkernelJce::GConf.instance.glog.debug "Dump CRL to memory"
    writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos))
  end

  begin
    writer.writeObject(csr)
  ensure
    writer.flush
    writer.close  
  end 

  if file.nil?
    baos.toByteArray
  end
  
end

#generate(identity, opts = {}) ⇒ Object

# File 'lib/pkernel_jce/csr.rb', line 11

def generate(identity, opts = {} )

  owner = opts[:owner]
  if owner.nil? and identity.certificate.nil?
    raise PkernelJce::Error, "Either Owner or Certificate must exist to issue CSR"
  elsif not owner.nil?
    subject = owner.to_x500_subject
  elsif not identity.certificate.nil?
    subject = PkernelJce::Certificate.ensure_java_cert(identity.certificate).subject_dn
  end

  signHash = opts[:signHash] || "SHA256"
  signAlgo = opts[:signAlgo]
  if signAlgo.nil?
    signAlgo = PkernelJce::KeyPair.derive_signing_algo(identity.privKey,signHash)
  end
  provider = opts[:provider]
  if provider.nil?
    PkernelJce::GConf.instance.glog.debug "Adding default provider"
    prov = PkernelJce::Provider.add_default
  else
    PkernelJce::GConf.instance.glog.debug "Adding provider #{provider.name}"
    prov = PkernelJce::Provider.add_provider(provider)
  end
 
  #p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, PkernelJce::KeyPair.public_key(identity.privKey))
  p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, identity.pubKey)
  sign = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(signAlgo).setProvider(prov).build(identity.privKey)
  csr = p10Builder.build(sign)
  csr
end

#is_signature_valid?(csr) ⇒ Boolean

end load

# File 'lib/pkernel_jce/csr.rb', line 101

def is_signature_valid?(csr)
  cvProv = org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.new.build(csr.getSubjectPublicKeyInfo)
  csr.isSignatureValid(cvProv)
end

#load(options = {}) ⇒ Object

# File 'lib/pkernel_jce/csr.rb', line 75

def load(options = {})
  #todo is this content pem or binary?
  # now assumed is pem
  file = options[:file]
  bin = options[:bin]

  if not file.nil? and not file.empty?
    PkernelJce::GConf.instance.glog.debug "Load CSR from #{file}"
    f = java.io.File.new(file)
    if f.exists?
      reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.FileInputStream.new(f)))
    else 
      raise PkernelJce::Error, "File '#{f.absolute_path}' not found"
    end

  elsif not bin.nil?
    PkernelJce::GConf.instance.glog.debug "Load CSR from memory"
    reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(bin)))
  else
    raise PkernelJce::Error, "No bin or file input is given to load"
  end
  
  obj = reader.readObject
end

#public_key(csr) ⇒ Object

end is_signature_valid?

# File 'lib/pkernel_jce/csr.rb', line 107

def public_key(csr)
  if csr.nil?
    raise PkernelJce::Error, "CSR given to extract public key is nil"
  end

  org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.new.getPublicKey(csr.getSubjectPublicKeyInfo)
end