module PkernelJce::CSR

Public Instance Methods

dump(csr, params = {}) click to toggle source

end generate()

# File lib/pkernel_jce/csr.rb, line 44
def dump(csr, params = {})
  if csr.nil?
    raise PkernelJce::Error, "CSR object to be written is nil"
  end
  
  file = params[:file]
  baos = java.io.ByteArrayOutputStream.new

  if not file.nil?
    PkernelJce::GConf.instance.glog.debug "Dump CRL to file '#{file}'"
    writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file)))
  else
    PkernelJce::GConf.instance.glog.debug "Dump CRL to memory"
    writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos))
  end

  begin
    writer.writeObject(csr)
  ensure
    writer.flush
    writer.close  
  end 

  if file.nil?
    baos.toByteArray
  end
  
end
dump_to_file(csr, file, opts = { }) click to toggle source

end dump

# File lib/pkernel_jce/csr.rb, line 74
def dump_to_file(csr, file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Option to dump CSR to file should be a hash" if not opts.is_a?(Hash)
  dump(csr, opts.merge({ file: file }))
end
dump_to_mem(csr, opts = { }) click to toggle source
# File lib/pkernel_jce/csr.rb, line 80
def dump_to_mem(csr, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Option to dump CSR to memory should be a hash" if not opts.is_a?(Hash)
  dump(csr, opts)
end
generate(identity, opts = {} ) click to toggle source
# File lib/pkernel_jce/csr.rb, line 11
def generate(identity, opts = {} )

  owner = opts[:owner]
  if owner.nil? and identity.certificate.nil?
    raise PkernelJce::Error, "Either Owner or Certificate must exist to issue CSR"
  elsif not owner.nil?
    subject = owner.to_x500_subject
  elsif not identity.certificate.nil?
    subject = PkernelJce::Certificate.ensure_java_cert(identity.certificate).subject_dn
  end

  signHash = opts[:signHash] || "SHA256"
  signAlgo = opts[:signAlgo]
  if signAlgo.nil?
    signAlgo = PkernelJce::KeyPair.derive_signing_algo(identity.privKey,signHash)
  end
  provider = opts[:provider]
  if provider.nil?
    PkernelJce::GConf.instance.glog.debug "Adding default provider"
    prov = PkernelJce::Provider.add_default
  else
    PkernelJce::GConf.instance.glog.debug "Adding provider #{provider.name}"
    prov = PkernelJce::Provider.add_provider(provider)
  end
 
  #p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, PkernelJce::KeyPair.public_key(identity.privKey))
  p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, identity.pubKey)
  sign = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(signAlgo).setProvider(prov).build(identity.privKey)
  csr = p10Builder.build(sign)
  csr
end
is_signature_valid?(csr) click to toggle source
# File lib/pkernel_jce/csr.rb, line 125
def is_signature_valid?(csr)
  cvProv = org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.new.build(csr.getSubjectPublicKeyInfo)
  csr.isSignatureValid(cvProv)
end
load(options = {}) click to toggle source
# File lib/pkernel_jce/csr.rb, line 87
def load(options = {})
  #todo is this content pem or binary?
  # now assumed is pem
  file = options[:file]
  bin = options[:bin]

  if not file.nil? and not file.empty?
    PkernelJce::GConf.instance.glog.debug "Load CSR from #{file}"
    f = java.io.File.new(file)
    if f.exists?
      reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.FileInputStream.new(f)))
    else 
      raise PkernelJce::Error, "File '#{f.absolute_path}' not found"
    end

  elsif not bin.nil?
    PkernelJce::GConf.instance.glog.debug "Load CSR from memory"
    reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(bin)))
  else
    raise PkernelJce::Error, "No bin or file input is given to load"
  end
  
  obj = reader.readObject
end
load_from_file(file, opts = { }) click to toggle source

end load

# File lib/pkernel_jce/csr.rb, line 113
def load_from_file(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Option to load CSR from file should be a hash" if not opts.is_a?(Hash)
  load(opts.merge({ file: file }))
end
load_from_mem(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/csr.rb, line 119
def load_from_mem(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Option to load CSR from bin should be a hash" if not opts.is_a?(Hash)
  load(opts.merge({ bin: bin }))
end
public_key(csr) click to toggle source

end is_signature_valid?

# File lib/pkernel_jce/csr.rb, line 131
def public_key(csr)
  if csr.nil?
    raise PkernelJce::Error, "CSR given to extract public key is nil"
  end

  org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.new.getPublicKey(csr.getSubjectPublicKeyInfo)
end