allow to inject Cipher and Signature implementations

this allows to replace certain Ciphers and Signatures with different
implementations other than what comes with BouncyCastle or JCE.

Sponsored by Lookout Inc.

Author: mkristian

src/main/java/org/jruby/ext/openssl/SecurityHelper.java

@@ -102,6 +102,28 @@ public abstract class SecurityHelper {
     private static Boolean registerProvider = null;
     private static final Map<String, Class> implEngines = new ConcurrentHashMap<String, Class>(16, 0.75f, 1);
 
+    /**
+     * inject under a given name a cipher. also ensures that the registered
+     * classes are getting used.
+     *
+     * @param name the name under which the class gets registered
+     * @param the CipherSpi class
+     */
+    public static void addCipher(String name, Class<? extends CipherSpi> clazz) {
+        implEngines.put("Cipher:" + name, clazz);
+        tryCipherInternal = true;
+    }
+
+    /**
+     * inject under a given name a signature
+     *
+     * @param name the name under which the class gets registered
+     * @param the SignaturSpi class
+     */
+    public static void addSignature(String name, Class<? extends SignatureSpi> clazz) {
+        implEngines.put("Signature:" + name, clazz);
+    }
+
     public static Provider getSecurityProvider() {
         if ( setBouncyCastleProvider && securityProvider == null ) {
             synchronized(SecurityHelper.class) {
@@ -417,10 +439,12 @@ private static Cipher getCipherInternal(String transformation, final Provider pr
         catch( IllegalStateException e ) {
             // this can be due to trusted check in Cipher constructor
             if (e.getCause().getClass() == NullPointerException.class) {
-                return newInstance(Cipher.class,
+                Cipher cipher = newInstance(Cipher.class,
                     new Class[] { CipherSpi.class, String.class },
                     new Object[] { spi, transformation }
                 );
+                setField(cipher, Cipher.class, "provider", provider);
+                return cipher;
             }
             throw e;
         }
@@ -735,5 +759,4 @@ private static void setField(Object obj, Class<?> fieldOwner, String fieldName,
             throw new IllegalStateException(e);
         }
     }
-
 }

src/test/java/org/jruby/ext/openssl/CipherSpiFake.java

@@ -0,0 +1,96 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2014 Karol Bucek.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package org.jruby.ext.openssl;
+
+import javax.crypto.*;
+import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
+
+class CipherSpiFake extends CipherSpi {
+
+    @Override
+    protected void engineSetMode(String s) throws NoSuchAlgorithmException {
+
+    }
+
+    @Override
+    protected void engineSetPadding(String s) throws NoSuchPaddingException {
+
+    }
+
+    @Override
+    protected int engineGetBlockSize() {
+        return 0;
+    }
+
+    @Override
+    protected int engineGetOutputSize(int i) {
+        return 0;
+    }
+
+    @Override
+    protected byte[] engineGetIV() {
+        return new byte[0];
+    }
+
+    @Override
+    protected AlgorithmParameters engineGetParameters() {
+        return null;
+    }
+
+    @Override
+    protected void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
+
+    }
+
+    @Override
+    protected void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
+
+    }
+
+    @Override
+    protected void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
+
+    }
+
+    @Override
+    protected byte[] engineUpdate(byte[] bytes, int i, int i1) {
+        return new byte[0];
+    }
+
+    @Override
+    protected int engineUpdate(byte[] bytes, int i, int i1, byte[] bytes1, int i2) throws ShortBufferException {
+        return 0;
+    }
+
+    @Override
+    protected byte[] engineDoFinal(byte[] bytes, int i, int i1) throws IllegalBlockSizeException, BadPaddingException {
+        return new byte[0];
+    }
+
+    @Override
+    protected int engineDoFinal(byte[] bytes, int i, int i1, byte[] bytes1, int i2) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
+        return 0;
+    }
+}

src/test/java/org/jruby/ext/openssl/SecurityHelperTest.java

@@ -10,6 +10,7 @@
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
+import java.security.Signature;
 import java.security.cert.CertificateException;
 
 import org.junit.After;
@@ -43,6 +44,24 @@ public void disableSecurityProvider() {
         SecurityHelper.setBouncyCastleProvider = false;
     }
 
+    @Test
+    public void injectCipherImpl() throws Exception {
+        SecurityHelper.addCipher("fake", CipherSpiFake.class);
+        javax.crypto.Cipher cipher = SecurityHelper.getCipher("fake");
+        assertEquals(cipher.getProvider(), savedProvider);
+        java.lang.reflect.Field spi = cipher.getClass().getDeclaredField("spi");
+        spi.setAccessible(true);
+        assertEquals(spi.get(cipher).getClass(), CipherSpiFake.class);
+    }
+
+    @Test
+    public void injectSignatureImpl() throws Exception {
+        SecurityHelper.addSignature("fake", SignatureSpiFake.class);
+        Signature signature = SecurityHelper.getSignature("fake");
+        assertEquals(signature.getProvider(), savedProvider);
+        assertEquals(signature.getClass(), SignatureSpiFake.class);
+    }
+
     @Test
     public void usesBouncyCastleSecurityProviderByDefault() {
         assertNotNull(SecurityHelper.getSecurityProvider());

src/test/java/org/jruby/ext/openssl/SignatureSpiFake.java

@@ -0,0 +1,76 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2014 Karol Bucek.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package org.jruby.ext.openssl;
+
+import java.security.*;
+
+/**
+ * Created by cmeier on 7/29/15.
+ */
+class SignatureSpiFake extends Signature {
+
+    SignatureSpiFake() {
+        super("fake");
+    }
+
+    @Override
+    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
+
+    }
+
+    @Override
+    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
+
+    }
+
+    @Override
+    protected void engineUpdate(byte b) throws SignatureException {
+
+    }
+
+    @Override
+    protected void engineUpdate(byte[] b, int off, int len) throws SignatureException {
+
+    }
+
+    @Override
+    protected byte[] engineSign() throws SignatureException {
+        return new byte[0];
+    }
+
+    @Override
+    protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
+        return false;
+    }
+
+    @Override
+    protected void engineSetParameter(String param, Object value) throws InvalidParameterException {
+
+    }
+
+    @Override
+    protected Object engineGetParameter(String param) throws InvalidParameterException {
+        return null;
+    }
+}