Skip to content

Commit e60ec45

Browse files
committed
[fix] OpenSSL::X509::CRL#sign to accept string digest
(this is already implicitly tested due previous commit)
1 parent 3598f52 commit e60ec45

File tree

1 file changed

+12
-7
lines changed

1 file changed

+12
-7
lines changed

src/main/java/org/jruby/ext/openssl/X509CRL.java

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,8 @@
5959
import org.bouncycastle.cert.X509v2CRLBuilder;
6060
import org.bouncycastle.operator.ContentSigner;
6161
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
62+
import org.bouncycastle.util.Strings;
63+
6264
import org.joda.time.DateTime;
6365
import org.jruby.Ruby;
6466
import org.jruby.RubyArray;
@@ -74,7 +76,6 @@
7476
import org.jruby.ext.openssl.x509store.PEMInputOutput;
7577
import org.jruby.runtime.Arity;
7678
import org.jruby.runtime.Block;
77-
import org.jruby.runtime.ObjectAllocator;
7879
import org.jruby.runtime.ThreadContext;
7980
import org.jruby.runtime.Visibility;
8081
import org.jruby.runtime.builtin.Variable;
@@ -538,7 +539,7 @@ public IRubyObject add_extension(final IRubyObject extension) {
538539
@JRubyMethod
539540
public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
540541
final Ruby runtime = context.runtime;
541-
final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest);
542+
final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, digest);
542543

543544
final X500Name issuerName = ((X509Name) issuer).getX500Name();
544545
final java.util.Date thisUpdate = getLastUpdate().toDate();
@@ -639,19 +640,23 @@ public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRub
639640
return this;
640641
}
641642

642-
private String getSignatureAlgorithm(final Ruby runtime, final PKey key, final Digest digest) {
643+
private static String getSignatureAlgorithm(final Ruby runtime, final PKey key, final IRubyObject digest) {
643644
// Have to obey some artificial constraints of the OpenSSL implementation. Stupid.
644645
final String keyAlg = key.getAlgorithm();
645-
final String digAlg = digest.getShortAlgorithm();
646+
final String digAlg;
647+
if (digest instanceof Digest) {
648+
digAlg = ((Digest) digest).getShortAlgorithm();
649+
} else {
650+
digAlg = Strings.toUpperCase(digest.convertToString().toString());
651+
}
646652

647653
if ( "DSA".equalsIgnoreCase(keyAlg) ) {
648-
if ( ( "MD5".equalsIgnoreCase( digAlg ) ) ) { // ||
649-
// ( "SHA1".equals( digest.name().toString() ) ) ) {
654+
if ( ( "MD5".equalsIgnoreCase( digAlg ) ) ) {
650655
throw newCRLError(runtime, "unsupported key / digest algorithm ("+ key +" / "+ digAlg +")");
651656
}
652657
}
653658
else if ( "RSA".equalsIgnoreCase(keyAlg) ) {
654-
if ( "DSS1".equals( digest.name().toString() ) ) {
659+
if ( "DSS1".equals(digAlg) || (digest instanceof Digest && "DSS1".equals(((Digest) digest).name().toString())) ) {
655660
throw newCRLError(runtime, "unsupported key / digest algorithm ("+ key +" / "+ digAlg +")");
656661
}
657662
}

0 commit comments

Comments
 (0)