signature algorithm should be read as well when decoding certificate (fixes #39)

kares · kares · commit 781b155df0ef · 2015-04-07T14:18:15.000+02:00
diff --git a/src/main/java/org/jruby/ext/openssl/ASN1.java b/src/main/java/org/jruby/ext/openssl/ASN1.java
@@ -514,6 +514,11 @@ static String oid2name(final Ruby runtime, final ASN1ObjectIdentifier oid, final
         return nid2ln(runtime, nid, true); */
     }
 
+
+    static String oid2name(final Ruby runtime, final String oid) {
+        return oid2name(runtime, new ASN1ObjectIdentifier(oid), false);
+    }
+
     static String nid2sn(final Ruby runtime, final Integer nid) {
         return nid2sn(runtime, nid, true);
     }
diff --git a/src/main/java/org/jruby/ext/openssl/X509Cert.java b/src/main/java/org/jruby/ext/openssl/X509Cert.java
@@ -210,6 +210,10 @@ private void initialize(final ThreadContext context, final byte[] encoded, final
         this.subject = X509Name.newName(runtime, cert.getSubjectX500Principal());
         this.issuer = X509Name.newName(runtime, cert.getIssuerX500Principal());
         this.version = RubyFixnum.newFixnum(runtime, cert.getVersion() - 1);
+        String sigAlgorithm = cert.getSigAlgOID();
+        if ( sigAlgorithm == null ) sigAlgorithm = cert.getSigAlgName(); // e.g. SHA256withRSA
+        else sigAlgorithm = ASN1.oid2name(runtime, sigAlgorithm); // "hot" path e.g. sha256WithRSAEncryption
+        this.sig_alg = RubyString.newString(runtime, sigAlgorithm);
 
         final Set<String> criticalExtOIDs = cert.getCriticalExtensionOIDs();
         if ( criticalExtOIDs != null ) {
diff --git a/src/test/ruby/x509/test_x509cert.rb b/src/test/ruby/x509/test_x509cert.rb
@@ -227,6 +227,7 @@ def test_inspect_to_text
 
     cert.to_text
     assert_equal 2, cert.version
+    assert_equal 'sha1WithRSAEncryption', cert.signature_algorithm
 
     unless defined? JRUBY_VERSION # TODO "/DC=org,/DC=ruby-lang,/CN=TestCA"
       assert_equal text_without_signature, cert.to_text[0, text_without_signature.size]
@@ -269,6 +270,9 @@ def test_to_text_regression
 -----END CERTIFICATE-----
 EOF
     assert_equal 0, cert.version
+    assert_equal 'sha256WithRSAEncryption', cert.signature_algorithm
+    assert cert.to_text.index('Version: 1 (0x0)')
+    assert cert.to_text.index('Signature Algorithm: sha256WithRSAEncryption')
   end
 
   TEST_KEY_RSA1024 = <<-_end_of_pem_

Original file line number	Diff line number	Diff line change
`@@ -514,6 +514,11 @@ static String oid2name(final Ruby runtime, final ASN1ObjectIdentifier oid, final`
`514`	`514`	`return nid2ln(runtime, nid, true); */`
`515`	`515`	`}`
`516`	`516`
	`517`	`+`
	`518`	`+ static String oid2name(final Ruby runtime, final String oid) {`
	`519`	`+ return oid2name(runtime, new ASN1ObjectIdentifier(oid), false);`
	`520`	`+ }`
	`521`	`+`
`517`	`522`	`static String nid2sn(final Ruby runtime, final Integer nid) {`
`518`	`523`	`return nid2sn(runtime, nid, true);`
`519`	`524`	`}`