Skip to content

Commit 287213a

Browse files
committed
produce doubled wrapped subjectKeyIdentifier
it turns out that subjectKeyIdentifier is usually a "OCTET STRING, encapsulates { OCTET STRING ..." the patch will obey this. fixes #18 Sponsored by Lookout Inc.
1 parent 3aed05c commit 287213a

File tree

2 files changed

+9
-14
lines changed

2 files changed

+9
-14
lines changed

src/main/java/org/jruby/ext/openssl/X509ExtensionFactory.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -187,7 +187,7 @@ public IRubyObject create_ext(final ThreadContext context, final IRubyObject[] a
187187
try {
188188
final String id = objectId.getId();
189189
if (id.equals("2.5.29.14")) { //subjectKeyIdentifier
190-
value = parseSubjectKeyIdentifier(context, oid, valuex);
190+
value = new DEROctetString(parseSubjectKeyIdentifier(context, oid, valuex));
191191
}
192192
else if (id.equals("2.5.29.35")) { //authorityKeyIdentifier
193193
value = parseAuthorityKeyIdentifier(context, valuex);

src/test/ruby/test_asn1.rb

Lines changed: 8 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,6 @@ def test_decode
254254
cert = issue_cert( # OpenSSL::TestUtils.issue_cert
255255
subj, key, s, now, now+3600, exts, nil, nil, dgst)
256256

257-
258257
asn1 = OpenSSL::ASN1.decode(cert)
259258
assert_equal(OpenSSL::ASN1::Sequence, asn1.class)
260259
assert_equal(3, asn1.value.size)
@@ -425,14 +424,9 @@ def test_decode
425424
assert_equal("2.5.29.14", ext.value[0].oid)
426425
assert_equal(OpenSSL::ASN1::OctetString, ext.value[1].class)
427426

428-
octet_value = ext.value[1].value
427+
assert OpenSSL::X509::Certificate.new( cert.to_der ).verify key
429428

430-
# NOTE: this seems another impossible to-do without re-inventing
431-
# DER encoding/decoding on our own (previously might have worked but
432-
# the "hack" to include the tag caused failures elsewhere) ?!
433-
if defined? JRUBY_VERSION
434-
octet_value = ext.value[1].to_der # HACK
435-
end
429+
octet_value = ext.value[1].value
436430

437431
assert_equal "\x04\x14\xD1\xFE\xF9\xFB\xF8\xAE\e\xC1`\xCB\xFA\x03\xE2Ym\xD8s\b\x92\x13", octet_value
438432

@@ -450,12 +444,13 @@ def test_decode
450444

451445
assert_equal(OpenSSL::ASN1::BitString, sig_val.class)
452446

453-
cert_der = tbs_cert.to_der
454-
# TODO 458 on JRuby
455-
#assert_equal 442, cert_der.size
447+
cert_der = cert.to_der
448+
assert_equal 593, cert_der.size
456449

457-
#cululated_sig = key.sign(OpenSSL::Digest::SHA1.new, cert_der)
458-
#assert_equal cululated_sig, sig_val.value
450+
assert OpenSSL::X509::Certificate.new( cert_der ).verify key
451+
# running the same in MRI also fails
452+
#calulated_sig = key.sign(OpenSSL::Digest::SHA1.new, cert_der)
453+
#assert_equal calulated_sig, sig_val.value
459454
end
460455

461456
def test_bit_string_infinite_length

0 commit comments

Comments
 (0)