|
59 | 59 | import org.bouncycastle.cert.X509v2CRLBuilder;
|
60 | 60 | import org.bouncycastle.operator.ContentSigner;
|
61 | 61 | import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
| 62 | +import org.bouncycastle.util.Strings; |
| 63 | + |
62 | 64 | import org.joda.time.DateTime;
|
63 | 65 | import org.jruby.Ruby;
|
64 | 66 | import org.jruby.RubyArray;
|
|
74 | 76 | import org.jruby.ext.openssl.x509store.PEMInputOutput;
|
75 | 77 | import org.jruby.runtime.Arity;
|
76 | 78 | import org.jruby.runtime.Block;
|
77 |
| -import org.jruby.runtime.ObjectAllocator; |
78 | 79 | import org.jruby.runtime.ThreadContext;
|
79 | 80 | import org.jruby.runtime.Visibility;
|
80 | 81 | import org.jruby.runtime.builtin.Variable;
|
@@ -538,7 +539,7 @@ public IRubyObject add_extension(final IRubyObject extension) {
|
538 | 539 | @JRubyMethod
|
539 | 540 | public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
|
540 | 541 | final Ruby runtime = context.runtime;
|
541 |
| - final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest); |
| 542 | + final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, digest); |
542 | 543 |
|
543 | 544 | final X500Name issuerName = ((X509Name) issuer).getX500Name();
|
544 | 545 | final java.util.Date thisUpdate = getLastUpdate().toDate();
|
@@ -639,19 +640,23 @@ public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRub
|
639 | 640 | return this;
|
640 | 641 | }
|
641 | 642 |
|
642 |
| - private String getSignatureAlgorithm(final Ruby runtime, final PKey key, final Digest digest) { |
| 643 | + private static String getSignatureAlgorithm(final Ruby runtime, final PKey key, final IRubyObject digest) { |
643 | 644 | // Have to obey some artificial constraints of the OpenSSL implementation. Stupid.
|
644 | 645 | final String keyAlg = key.getAlgorithm();
|
645 |
| - final String digAlg = digest.getShortAlgorithm(); |
| 646 | + final String digAlg; |
| 647 | + if (digest instanceof Digest) { |
| 648 | + digAlg = ((Digest) digest).getShortAlgorithm(); |
| 649 | + } else { |
| 650 | + digAlg = Strings.toUpperCase(digest.convertToString().toString()); |
| 651 | + } |
646 | 652 |
|
647 | 653 | if ( "DSA".equalsIgnoreCase(keyAlg) ) {
|
648 |
| - if ( ( "MD5".equalsIgnoreCase( digAlg ) ) ) { // || |
649 |
| - // ( "SHA1".equals( digest.name().toString() ) ) ) { |
| 654 | + if ( ( "MD5".equalsIgnoreCase( digAlg ) ) ) { |
650 | 655 | throw newCRLError(runtime, "unsupported key / digest algorithm ("+ key +" / "+ digAlg +")");
|
651 | 656 | }
|
652 | 657 | }
|
653 | 658 | else if ( "RSA".equalsIgnoreCase(keyAlg) ) {
|
654 |
| - if ( "DSS1".equals( digest.name().toString() ) ) { |
| 659 | + if ( "DSS1".equals(digAlg) || (digest instanceof Digest && "DSS1".equals(((Digest) digest).name().toString())) ) { |
655 | 660 | throw newCRLError(runtime, "unsupported key / digest algorithm ("+ key +" / "+ digAlg +")");
|
656 | 661 | }
|
657 | 662 | }
|
|
0 commit comments