· 7 years ago · May 19, 2018, 01:46 PM
1diff --git a/src/java/org/jruby/ext/openssl/Cipher.java b/src/java/org/jruby/ext/openssl/Cipher.java
2index 49eef78..b3385e3 100644
3--- a/src/java/org/jruby/ext/openssl/Cipher.java
4+++ b/src/java/org/jruby/ext/openssl/Cipher.java
5@@ -167,7 +167,7 @@ public class Cipher extends RubyObject {
6 return ((Boolean) (OpenSSLReal.getWithBCProvider(new Callable() {
7 public Object call() {
8 try {
9- javax.crypto.Cipher.getInstance(rubyToJavaCipher(rubyName, null)[3], OpenSSLReal.PROVIDER);
10+ javax.crypto.Cipher.getInstance(rubyToJavaCipher(rubyName, null)[3]);
11 return Boolean.TRUE;
12 } catch (Exception e) {
13 return Boolean.FALSE;
14@@ -409,7 +409,7 @@ public class Cipher extends RubyObject {
15 MessageDigest digest = (MessageDigest)OpenSSLReal.getWithBCProvider(new Callable() {
16 public Object call() {
17 try {
18- return MessageDigest.getInstance("MD5", "BC");
19+ return MessageDigest.getInstance("MD5");
20 } catch (Exception e) {
21 throw new RaiseException(getRuntime(), ciphErr, e.getMessage(), true);
22 }
23@@ -448,11 +448,9 @@ public class Cipher extends RubyObject {
24 return (javax.crypto.Cipher) OpenSSLReal.getWithBCProvider(new Callable() {
25 public Object call() {
26 try {
27- return javax.crypto.Cipher.getInstance(realName, "BC");
28+ return javax.crypto.Cipher.getInstance(realName);
29 } catch (NoSuchAlgorithmException e) {
30 throw getRuntime().newLoadError("unsupported cipher algorithm (" + realName + ")");
31- } catch (NoSuchProviderException e) {
32- throw getRuntime().newLoadError("unsupported cipher algorithm (" + realName + ")");
33 } catch (javax.crypto.NoSuchPaddingException e) {
34 throw getRuntime().newLoadError("unsupported cipher padding (" + realName + ")");
35 }
36@@ -500,7 +498,7 @@ public class Cipher extends RubyObject {
37 digest = (MessageDigest) OpenSSLReal.getWithBCProvider(new Callable() {
38 public Object call() {
39 try {
40- return MessageDigest.getInstance(algorithm, "BC");
41+ return MessageDigest.getInstance(algorithm);
42 } catch (Exception e) {
43 throw new RaiseException(getRuntime(), ciphErr, e.getMessage(), true);
44 }
45diff --git a/src/java/org/jruby/ext/openssl/HMAC.java b/src/java/org/jruby/ext/openssl/HMAC.java
46index 3fec470..3424643 100644
47--- a/src/java/org/jruby/ext/openssl/HMAC.java
48+++ b/src/java/org/jruby/ext/openssl/HMAC.java
49@@ -62,46 +62,21 @@ public class HMAC extends RubyObject {
50 }
51
52 @JRubyMethod(name="digest", meta=true)
53- public static IRubyObject s_digest(IRubyObject recv, IRubyObject digest, IRubyObject kay, IRubyObject data) {
54+ public static IRubyObject s_digest(IRubyObject recv, IRubyObject digest, IRubyObject key, IRubyObject data) {
55 String algoName = ((Digest)digest).getAlgorithm();
56- String name = null;
57+ Mac mac = findMac(algoName, false, key.convertToString().getBytes(), recv);
58 try {
59- // some algorithms need the - removed; this is ugly, I know.
60- Mac mac;
61- try {
62- name = "HMAC" + algoName;
63- mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
64- } catch (NoSuchAlgorithmException nsae) {
65- name = "HMAC-" + algoName.replaceAll("-", "");
66- mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
67- }
68- byte[] key = kay.convertToString().getBytes();
69- SecretKey keysp = new SecretKeySpec(key,name);
70- mac.init(keysp);
71 return RubyString.newString(recv.getRuntime(), mac.doFinal(data.convertToString().getBytes()));
72 } catch(Exception e) {
73- e.printStackTrace();
74 throw recv.getRuntime().newNotImplementedError(e.getMessage());
75 }
76 }
77
78 @JRubyMethod(name="hexdigest", meta=true)
79- public static IRubyObject s_hexdigest(IRubyObject recv, IRubyObject digest, IRubyObject kay, IRubyObject data) {
80+ public static IRubyObject s_hexdigest(IRubyObject recv, IRubyObject digest, IRubyObject key, IRubyObject data) {
81 String algoName = ((Digest)digest).getAlgorithm();
82- String name = null;
83+ Mac mac = findMac(algoName, false, key.convertToString().getBytes(), recv);
84 try {
85- // some algorithms need the - removed; this is ugly, I know.
86- Mac mac;
87- try {
88- name = "HMAC" + algoName;
89- mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
90- } catch (NoSuchAlgorithmException nsae) {
91- name = "HMAC-" + algoName.replaceAll("-", "");
92- mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
93- }
94- byte[] key = kay.convertToString().getBytes();
95- SecretKey keysp = new SecretKeySpec(key,name);
96- mac.init(keysp);
97 return RubyString.newString(recv.getRuntime(), ByteList.plain(Utils.toHex(mac.doFinal(data.convertToString().getBytes()))));
98 } catch(Exception e) {
99 throw recv.getRuntime().newNotImplementedError(e.getMessage());
100@@ -119,22 +94,8 @@ public class HMAC extends RubyObject {
101 @JRubyMethod
102 public IRubyObject initialize(IRubyObject kay, IRubyObject digest) {
103 String algoName = ((Digest)digest).getAlgorithm();
104- String name = null;
105- try {
106- // some algorithms need the - removed; this is ugly, I know.
107- try {
108- name = "HMAC" + algoName;
109- mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
110- } catch (NoSuchAlgorithmException nsae) {
111- name = "HMAC-" + algoName.replaceAll("-", "");
112- mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
113- }
114- key = kay.convertToString().getBytes();
115- SecretKey keysp = new SecretKeySpec(key,name);
116- mac.init(keysp);
117- } catch(Exception e) {
118- throw getRuntime().newNotImplementedError(e.getMessage());
119- }
120+ key = kay.convertToString().getBytes();
121+ mac = findMac(algoName, false, key, this);
122 return this;
123 }
124
125@@ -145,20 +106,46 @@ public class HMAC extends RubyObject {
126 }
127 checkFrozen();
128 String name = ((HMAC)obj).mac.getAlgorithm();
129- try {
130- mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
131- key = ((HMAC)obj).key;
132- SecretKey keysp = new SecretKeySpec(key,name);
133- mac.init(keysp);
134- } catch(Exception e) {
135- throw getRuntime().newNotImplementedError("Unsupported MAC algorithm (" + name + ")");
136- }
137+ key = ((HMAC)obj).key;
138+ mac = findMac(name, true, key, this);
139
140 data = new StringBuffer(((HMAC)obj).data.toString());
141
142 return this;
143 }
144
145+ private static Mac findMac(final String algoName,
146+ final boolean nameIsComplete,
147+ final byte[] key,
148+ final IRubyObject obj) {
149+ return (Mac) OpenSSLReal.getWithBCProvider(new Callable() {
150+ public Object call() {
151+ String name = algoName;
152+ Mac mac = null;
153+ try {
154+ try {
155+ if (!nameIsComplete) {
156+ name = "HMAC" + algoName;
157+ }
158+ mac = Mac.getInstance(name);
159+ } catch (NoSuchAlgorithmException nsae) {
160+ if (nameIsComplete) {
161+ throw nsae;
162+ } else {
163+ name = "HMAC-" + algoName.replaceAll("-", "");
164+ mac = Mac.getInstance(name);
165+ }
166+ }
167+ SecretKey keyspec = new SecretKeySpec(key, name);
168+ mac.init(keyspec);
169+ return mac;
170+ } catch (Exception e) {
171+ throw obj.getRuntime().newNotImplementedError(e.getMessage());
172+ }
173+ }
174+ });
175+ }
176+
177 @JRubyMethod(name={"update", "<<"})
178 public IRubyObject update(IRubyObject obj) {
179 data.append(obj);
180diff --git a/src/java/org/jruby/ext/openssl/OpenSSLReal.java b/src/java/org/jruby/ext/openssl/OpenSSLReal.java
181index 70761fe..da0c9d4 100644
182--- a/src/java/org/jruby/ext/openssl/OpenSSLReal.java
183+++ b/src/java/org/jruby/ext/openssl/OpenSSLReal.java
184@@ -41,7 +41,7 @@ public class OpenSSLReal {
185 try {
186 PROVIDER = (java.security.Provider)
187 Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance();
188- } catch (Exception exception) {
189+ } catch (Throwable t) {
190 // no bouncy castle available
191 }
192 }
193@@ -60,10 +60,14 @@ public class OpenSSLReal {
194 if (PROVIDER != null) {
195 synchronized (java.security.Security.class) {
196 try {
197- java.security.Security.addProvider(PROVIDER);
198+ try {
199+ java.security.Security.addProvider(PROVIDER);
200+ } catch (SecurityException ex) {}
201 return toRun.call();
202 } finally {
203- java.security.Security.removeProvider("BC");
204+ try {
205+ java.security.Security.removeProvider("BC");
206+ } catch (SecurityException ex) {}
207 }
208 }
209 } else {
210diff --git a/src/java/org/jruby/ext/openssl/SSLSocket.java b/src/java/org/jruby/ext/openssl/SSLSocket.java
211index c116a60..307bbc4 100644
212--- a/src/java/org/jruby/ext/openssl/SSLSocket.java
213+++ b/src/java/org/jruby/ext/openssl/SSLSocket.java
214@@ -85,7 +85,9 @@ public class SSLSocket extends RubyObject {
215 cSSLSocket.attr_accessor(runtime.getCurrentContext(), new IRubyObject[]{runtime.newSymbol("sync_close")});
216 cSSLSocket.defineAlias("to_io","io");
217
218- cSSLSocket.defineAnnotatedMethods(SSLSocket.class);
219+ try {
220+ cSSLSocket.defineAnnotatedMethods(SSLSocket.class);
221+ } catch (SecurityException ex) {}
222 }
223
224 public SSLSocket(Ruby runtime, RubyClass type) {