[feat] implement OpenSSL::X509::Request#signature_algorithm

Author: kares

src/main/java/org/jruby/ext/openssl/X509Request.java

@@ -44,6 +44,8 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.pkcs.Attribute;
 import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.operator.DefaultSignatureNameFinder;
 
 import org.jruby.Ruby;
 import org.jruby.RubyArray;
@@ -53,6 +55,7 @@
 import org.jruby.RubyString;
 import org.jruby.anno.JRubyMethod;
 import org.jruby.exceptions.RaiseException;
+import org.jruby.ext.openssl.impl.ASN1Registry;
 import org.jruby.ext.openssl.x509store.PEMInputOutput;
 import org.jruby.runtime.Arity;
 import org.jruby.runtime.ThreadContext;
@@ -91,7 +94,7 @@ static RubyClass _RequestError(final Ruby runtime) {
 
     public X509Request(Ruby runtime, RubyClass type) {
         super(runtime, type);
-        attributes = new ArrayList<X509Attribute>(4);
+        attributes = new ArrayList<>(4);
     }
 
     @JRubyMethod(name = "initialize", rest = true, visibility = Visibility.PRIVATE)
@@ -286,8 +289,10 @@ public IRubyObject set_subject(final IRubyObject val) {
 
     @JRubyMethod
     public IRubyObject signature_algorithm(final ThreadContext context) {
-        warn(context, "WARNING: unimplemented method called: OpenSSL::X509::Request#signature_algorithm");
-        return context.runtime.getNil();
+        AlgorithmIdentifier signatureAlgId = request == null ? null : request.getSignatureAlgorithm();
+        if (signatureAlgId == null) return context.runtime.newString("NULL");
+        final String name = ASN1Registry.o2a(signatureAlgId.getAlgorithm());
+        return context.runtime.newString(name == null ? "" : name);
     }
 
     @JRubyMethod
@@ -316,7 +321,8 @@ public IRubyObject sign(final ThreadContext context,
 
         final String digAlg = ((Digest) digest).getShortAlgorithm();
         try {
-            request = null; getRequest().sign( privateKey, digAlg );
+            request = null;
+            getRequest().sign( privateKey, digAlg );
         }
         catch (InvalidKeyException e) {
             debug(runtime, "X509Request#sign invalid key:", e);
@@ -330,15 +336,14 @@ public IRubyObject sign(final ThreadContext context,
     }
 
     private List<Attribute> newAttributesImpl(final ThreadContext context) {
-        ArrayList<Attribute> attrs = new ArrayList<Attribute>(attributes.size());
+        ArrayList<Attribute> attrs = new ArrayList<>(attributes.size());
         for ( X509Attribute attribute : attributes ) {
             attrs.add( newAttributeImpl(context, attribute) );
         }
         return attrs;
     }
 
-    private Attribute newAttributeImpl(final ThreadContext context,
-        final X509Attribute attribute) {
+    private static Attribute newAttributeImpl(final ThreadContext context, final X509Attribute attribute) {
         return Attribute.getInstance( attribute.toASN1( context ) );
     }
 
@@ -372,7 +377,7 @@ public IRubyObject attributes() {
         return getRuntime().newArray(attributes);
     }
 
-    @JRubyMethod(name="attributes=")
+    @JRubyMethod(name = "attributes=")
     public IRubyObject set_attributes(final ThreadContext context,final IRubyObject attributes) {
         this.attributes.clear();
         final RubyArray attrs = (RubyArray) attributes;

src/main/java/org/jruby/ext/openssl/impl/PKCS10Request.java

@@ -126,16 +126,14 @@ private void resetSignedRequest() {
 
     // sign
 
-    public PKCS10CertificationRequest sign(final PrivateKey privateKey,
-        final AlgorithmIdentifier signatureAlg)
+    public PKCS10CertificationRequest sign(final PrivateKey privateKey, final AlgorithmIdentifier signatureAlg)
         throws NoSuchAlgorithmException, InvalidKeyException {
         final ContentSigner signer = new PKCS10Signer(privateKey, signatureAlg);
         signedRequest = newBuilder().build(signer); // valid = true;
         return signedRequest;
     }
 
-    public PKCS10CertificationRequest sign(final PrivateKey privateKey,
-        final String digestAlg)
+    public PKCS10CertificationRequest sign(final PrivateKey privateKey, final String digestAlg)
         throws NoSuchAlgorithmException, InvalidKeyException {
         String sigAlg = digestAlg + "WITH" + getPublicKeyAlgorithm();
         return sign(privateKey, new DefaultSignatureAlgorithmIdentifierFinder().find(sigAlg));
@@ -296,6 +294,10 @@ public BigInteger getVersion() {
                     getVersion().getValue();
     }
 
+    public AlgorithmIdentifier getSignatureAlgorithm() {
+        if ( signedRequest == null ) return null;
+        return signedRequest.getSignatureAlgorithm();
+    }
 
     private static class PKCS10Signer implements ContentSigner {
 

src/test/ruby/x509/test_x509req.rb

@@ -18,6 +18,8 @@ def test_csr_request_extensions
 
     csr.sign(key, OpenSSL::Digest::SHA256.new)
 
+    assert_equal 'sha256WithRSAEncryption', csr.signature_algorithm
+
     # The combination of the extreq and the stringification / revivification
     # is what triggers the bad behaviour in the extension. (Any extended
     # request type should do, but this matches my observed problems)
@@ -35,8 +37,13 @@ def test_csr_request_ec_key
     csr.public_key = key
     csr.subject = OpenSSL::X509::Name.new([['CN', 'foo.bar.cat', OpenSSL::ASN1::UTF8STRING]])
     csr.version = 2
+
+    assert_equal 'NULL', csr.signature_algorithm
+
     csr.sign key, OpenSSL::Digest::SHA256.new # does not raise
 
+    assert_equal 'ecdsa-with-SHA256', csr.signature_algorithm
+
     assert_true csr.verify(key)
   end