Update everything so that a global provider is not needed

git-svn-id: svn+ssh://rubyforge.org/var/svn/jruby-extras/trunk/jopenssl@825 8ba958d5-0c1a-0410-94a6-a65dfc1b28a6

Author: olabini

src/java/org/jruby/ext/openssl/Cipher.java

@@ -165,7 +165,7 @@ private static String[] rubyToJavaCipher(String inName, String padding) {
 
     private static boolean tryCipher(String rubyName) {
         try {
-            javax.crypto.Cipher.getInstance(rubyToJavaCipher(rubyName, null)[3],"BC");
+            javax.crypto.Cipher.getInstance(rubyToJavaCipher(rubyName, null)[3],OpenSSLReal.PROVIDER);
             return true;
         } catch(Exception e) {
             return false;

src/java/org/jruby/ext/openssl/HMAC.java

@@ -74,7 +74,7 @@ public static void createHMAC(Ruby runtime, RubyModule ossl) {
     public static IRubyObject s_digest(IRubyObject recv, IRubyObject digest, IRubyObject kay, IRubyObject data) {
         String name = "HMAC" + ((Digest)digest).getAlgorithm();
         try {
-            Mac mac = Mac.getInstance(name);
+            Mac mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
             byte[] key = kay.convertToString().getBytes();
             SecretKey keysp = new SecretKeySpec(key,name);
             mac.init(keysp);
@@ -87,7 +87,7 @@ public static IRubyObject s_digest(IRubyObject recv, IRubyObject digest, IRubyOb
     public static IRubyObject s_hexdigest(IRubyObject recv, IRubyObject digest, IRubyObject kay, IRubyObject data) {
         String name = "HMAC" + ((Digest)digest).getAlgorithm();
         try {
-            Mac mac = Mac.getInstance(name);
+            Mac mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
             byte[] key = kay.convertToString().getBytes();
             SecretKey keysp = new SecretKeySpec(key,name);
             mac.init(keysp);
@@ -108,7 +108,7 @@ public HMAC(Ruby runtime, RubyClass type) {
     public IRubyObject initialize(IRubyObject kay, IRubyObject digest, Block unusedBlock) {
         String name = "HMAC" + ((Digest)digest).getAlgorithm();
         try {
-            mac = Mac.getInstance(name);
+            mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
             key = kay.convertToString().getBytes();
             SecretKey keysp = new SecretKeySpec(key,name);
             mac.init(keysp);
@@ -125,7 +125,7 @@ public IRubyObject initialize_copy(IRubyObject obj) {
         checkFrozen();
         String name = ((HMAC)obj).mac.getAlgorithm();
         try {
-            mac = Mac.getInstance(name);
+            mac = Mac.getInstance(name,OpenSSLReal.PROVIDER);
             key = ((HMAC)obj).key;
             SecretKey keysp = new SecretKeySpec(key,name);
             mac.init(keysp);

src/java/org/jruby/ext/openssl/NetscapeSPKI.java

@@ -92,10 +92,26 @@ public IRubyObject _initialize(IRubyObject[] args, Block unusedBlock) throws Exc
                 b = Base64Coder.decode(b);
             } catch(Exception e) {
             }
-            cert = new NetscapeCertRequest(b);
-            this.challenge = getRuntime().newString(cert.getChallenge());
-            String algo = cert.getPublicKey().getAlgorithm();;
-            byte[] enc = cert.getPublicKey().getEncoded();
+            final byte[] b2 = b;
+
+            final String[] result1 = new String[1];
+            final byte[][] result2 = new byte[1][];
+
+            OpenSSLReal.doWithBCProvider(new Runnable() {
+                    public void run() {
+                        try {
+                            cert = new NetscapeCertRequest(b2); //Uses "BC" as provider
+                            challenge = getRuntime().newString(cert.getChallenge()); //Uses "BC" as provider
+                            result1[0] = cert.getPublicKey().getAlgorithm(); //Uses "BC" as provider
+                            result2[0] = cert.getPublicKey().getEncoded(); //Uses "BC" as provider
+                        } catch(java.io.IOException e) {
+                        }
+                    }
+                });
+
+            String algo = result1[0];
+            byte[] enc = result2[0];
+
             if("RSA".equalsIgnoreCase(algo)) {
                 this.public_key = ((RubyModule)(getRuntime().getModule("OpenSSL").getConstant("PKey"))).getClass("RSA").callMethod(getRuntime().getCurrentContext(),"new",RubyString.newString(getRuntime(), enc));
             } else if("DSA".equalsIgnoreCase(algo)) {
@@ -155,18 +171,35 @@ public IRubyObject set_public_key(IRubyObject arg) {
         return arg;
     }
 
-    public IRubyObject sign(IRubyObject key, IRubyObject digest) throws Exception {
+    public IRubyObject sign(final IRubyObject key, IRubyObject digest) throws Exception {
         String keyAlg = ((PKey)key).getAlgorithm();
         String digAlg = ((Digest)digest).getAlgorithm();
         DERObjectIdentifier alg = (DERObjectIdentifier)(ASN1.getOIDLookup(getRuntime()).get(keyAlg.toLowerCase() + "-" + digAlg.toLowerCase()));
         cert = new NetscapeCertRequest(challenge.toString(),new AlgorithmIdentifier(alg),((PKey)public_key).getPublicKey());
-        cert.sign(((PKey)key).getPrivateKey());
+
+        OpenSSLReal.doWithBCProvider(new Runnable() {
+                public void run() {
+                    try {
+                        cert.sign(((PKey)key).getPrivateKey());
+                    } catch(java.security.GeneralSecurityException e) {}
+                }
+            });
         return this;
     }
 
-    public IRubyObject verify(IRubyObject pkey) throws Exception {
+    public IRubyObject verify(final IRubyObject pkey) throws Exception {
         cert.setPublicKey(((PKey)pkey).getPublicKey());
-        return cert.verify(challenge.toString()) ? getRuntime().getTrue() : getRuntime().getFalse();
+
+        final boolean[] result = new boolean[1];
+        OpenSSLReal.doWithBCProvider(new Runnable() {
+                public void run() {
+                    try {
+                        result[0] = cert.verify(challenge.toString());
+                    } catch(java.security.GeneralSecurityException e) {}
+                }
+            });
+
+        return result[0] ? getRuntime().getTrue() : getRuntime().getFalse();
     }
 
     public IRubyObject challenge() {

src/java/org/jruby/ext/openssl/OpenSSLReal.java

@@ -35,8 +35,21 @@
  * @author <a href="mailto:ola.bini@ki.se">Ola Bini</a>
  */
 public class OpenSSLReal {
+    public static java.security.Provider PROVIDER;
+    
+    public static void doWithBCProvider(Runnable toRun) {
+        try {
+            java.security.Security.insertProviderAt(PROVIDER,1);
+            toRun.run();
+        } finally {
+            java.security.Security.removeProvider("BC");
+        }
+    }
+
     public static void createOpenSSL(Ruby runtime) {
-        java.security.Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(),2);
+        if(PROVIDER == null) {
+            PROVIDER = new org.bouncycastle.jce.provider.BouncyCastleProvider();
+        }
 
         RubyModule ossl = runtime.getOrCreateModule("OpenSSL");
         RubyClass standardError = runtime.getClass("StandardError");
@@ -58,7 +71,7 @@ public static void createOpenSSL(Ruby runtime) {
         ossl.setConstant("OPENSSL_VERSION",runtime.newString("OpenSSL 0.9.8b 04 May 2006 (Java fake)"));
 
         try {
-            java.security.MessageDigest.getInstance("SHA224");
+            java.security.MessageDigest.getInstance("SHA224", PROVIDER);
             ossl.setConstant("OPENSSL_VERSION_NUMBER",runtime.newFixnum(9469999));
         } catch(java.security.NoSuchAlgorithmException e) {
             ossl.setConstant("OPENSSL_VERSION_NUMBER",runtime.newFixnum(9469952));

src/java/org/jruby/ext/openssl/PKCS10CertificationRequestExt.java

@@ -137,7 +137,7 @@ public int getVersion() {
     }
 
     public boolean verify(PublicKey pubkey) throws Exception {
-        Signature   sig = Signature.getInstance(sigAlgId.getObjectId().getId(),"BC");
+        Signature   sig = Signature.getInstance(sigAlgId.getObjectId().getId(),OpenSSLReal.PROVIDER);
         sig.initVerify(pubkey);
 
         try

src/java/org/jruby/ext/openssl/PKCS7.java

@@ -31,6 +31,7 @@
 import java.io.InputStreamReader;
 import java.io.StringWriter;
 import java.security.PrivateKey;
+import java.security.GeneralSecurityException;
 import java.security.cert.CertStore;
 import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.X509Certificate;
@@ -44,6 +45,7 @@
 import org.bouncycastle.cms.CMSProcessableByteArray;
 import org.bouncycastle.cms.CMSSignedData;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
+import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.SignerInformation;
 import org.bouncycastle.cms.SignerInformationStore;
 import org.jruby.Ruby;
@@ -163,14 +165,27 @@ public static IRubyObject sign(IRubyObject recv, IRubyObject[] args) throws Exce
             x509s.add(x509);
         }
 
-        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
+        final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
 
         gen.addSigner(pkey,x509,"1.3.14.3.2.26"); //SHA1 OID
         if(x509s != null) {
-            CertStore store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(x509s));
+            CertStore store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(x509s), OpenSSLReal.PROVIDER);
             gen.addCertificatesAndCRLs(store);
         }
-        CMSSignedData sdata = gen.generate(new CMSProcessableByteArray(data.convertToString().getBytes()),"BC");
+
+        final CMSSignedData[] result = new CMSSignedData[1];
+        final byte[] bdata = data.convertToString().getBytes();
+        OpenSSLReal.doWithBCProvider(new Runnable() {
+                public void run() {
+                    try {
+                        result[0] = gen.generate(new CMSProcessableByteArray(bdata), "BC");
+                    } catch(GeneralSecurityException e) {
+                    } catch(CMSException e) {
+                    }
+                }
+            });
+
+        CMSSignedData sdata = result[0];
 
         PKCS7 ret = new PKCS7(recv.getRuntime(),((RubyClass)((RubyModule)(recv.getRuntime().getModule("OpenSSL").getConstant("PKCS7"))).getConstant("PKCS7")));
         ret.setInstanceVariable("@data",recv.getRuntime().getNil());
@@ -276,7 +291,17 @@ public IRubyObject set_certificates(IRubyObject obj) {
     }
 
     public IRubyObject certificates() throws Exception {
-        CertStore cc = signedData.getCertificatesAndCRLs("Collection","BC");
+        final CertStore[] result = new CertStore[1];
+        OpenSSLReal.doWithBCProvider(new Runnable() {
+                public void run() {
+                    try {
+                        result[0] = signedData.getCertificatesAndCRLs("Collection","BC");
+                    } catch(GeneralSecurityException e) {
+                    } catch(CMSException e) {
+                    }
+                }
+            });
+        CertStore cc = result[0];
         List l = X509_STORE_CTX.transform(cc.getCertificates(null));
         return getRuntime().newArray(l);
     }
@@ -327,17 +352,28 @@ public IRubyObject verify(IRubyObject[] args) throws Exception {
             }
         }
 
-        CertStore _x509s = CertStore.getInstance("Collection", new CollectionCertStoreParameters(x509s));
+        CertStore _x509s = CertStore.getInstance("Collection", new CollectionCertStoreParameters(x509s),OpenSSLReal.PROVIDER);
 
         int verified = 0;
 
         SignerInformationStore  signers =  signedData.getSignerInfos();
-        CertStore  cs =                    signedData.getCertificatesAndCRLs("Collection","BC");
+
+        final CertStore[] result2 = new CertStore[1];
+        OpenSSLReal.doWithBCProvider(new Runnable() {
+                public void run() {
+                    try {
+                        result2[0] = signedData.getCertificatesAndCRLs("Collection","BC");
+                    } catch(GeneralSecurityException e) {
+                    } catch(CMSException e) {
+                    }
+                }
+            });
+        CertStore  cs = result2[0];
         Collection              c = signers.getSigners();
         Iterator                it = c.iterator();
 
         while(it.hasNext()) {
-            SignerInformation   signer = (SignerInformation)it.next();
+            final SignerInformation   signer = (SignerInformation)it.next();
             System.err.println(signer.getSignedAttributes().toHashtable());
 
             Collection          certCollection = _x509s.getCertificates(signer.getSID());
@@ -354,9 +390,23 @@ public IRubyObject verify(IRubyObject[] args) throws Exception {
                     cert = (X509Certificate)certIt2.next();
                 }                
             }
-            if(null != cert && signer.verify(cert,"BC")) {
-                verified++;
-            }   
+
+            final boolean[] result = new boolean[]{false};
+            final X509Certificate cert2 = cert;
+            if(null != cert) {
+                OpenSSLReal.doWithBCProvider(new Runnable() {
+                        public void run() {
+                            try {
+                                result[0] = signer.verify(cert2, "BC");
+                            } catch(GeneralSecurityException e) {
+                            } catch(CMSException e) {
+                            }
+                        }
+                    });
+                if(result[0]) {
+                    verified++;
+                }
+            }
         }
 
         return (verified != 0) ? getRuntime().getTrue() : getRuntime().getFalse();

src/java/org/jruby/ext/openssl/PKey.java

@@ -89,7 +89,7 @@ public IRubyObject sign(IRubyObject digest, IRubyObject data) throws Exception {
         if(!this.callMethod(getRuntime().getCurrentContext(),"private?").isTrue()) {
             throw getRuntime().newArgumentError("Private key is needed.");
         }
-        Signature sig = Signature.getInstance(((Digest)digest).getAlgorithm() + "WITH" + getAlgorithm(),"BC");
+        Signature sig = Signature.getInstance(((Digest)digest).getAlgorithm() + "WITH" + getAlgorithm(),OpenSSLReal.PROVIDER);
         sig.initSign(getPrivateKey());
         byte[] inp = data.convertToString().getBytes();
         sig.update(inp);

src/java/org/jruby/ext/openssl/PKeyDSA.java

@@ -125,7 +125,7 @@ public IRubyObject initialize(IRubyObject[] args, Block unusedBlock) {
                 Object val = null;
                 KeyFactory fact = null;
                 try {
-                    fact = KeyFactory.getInstance("DSA");
+                    fact = KeyFactory.getInstance("DSA",OpenSSLReal.PROVIDER);
                 } catch(Exception e) {
                     throw getRuntime().newLoadError("unsupported key algorithm (DSA)");
                 }

src/java/org/jruby/ext/openssl/PKeyRSA.java

@@ -135,7 +135,7 @@ public IRubyObject initialize(IRubyObject[] args, Block block) {
                     pubExp = BigInteger.valueOf(RubyNumeric.num2long(pass));
                 }
                 try {
-                    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
+                    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA",OpenSSLReal.PROVIDER);
                     gen.initialize(new RSAKeyGenParameterSpec(keyLen,pubExp));
                     KeyPair pair = gen.generateKeyPair();
                     privKey = (RSAPrivateCrtKey)(pair.getPrivate());
@@ -152,7 +152,7 @@ public IRubyObject initialize(IRubyObject[] args, Block block) {
                 Object val = null;
                 KeyFactory fact = null;
                 try {
-                    fact = KeyFactory.getInstance("RSA");
+                    fact = KeyFactory.getInstance("RSA", OpenSSLReal.PROVIDER);
                 } catch(Exception e) {
                     throw getRuntime().newLoadError("unsupported key algorithm (RSA)");
                 }
@@ -336,7 +336,7 @@ public IRubyObject private_encrypt(IRubyObject[] args) throws Exception {
             throw new RaiseException(getRuntime(), (RubyClass)(((RubyModule)(getRuntime().getModule("OpenSSL").getConstant("PKey"))).getConstant("RSAError")), "private key needed.", true);
         }
 
-        Cipher engine = Cipher.getInstance("RSA"+p);
+        Cipher engine = Cipher.getInstance("RSA"+p,OpenSSLReal.PROVIDER);
         engine.init(Cipher.ENCRYPT_MODE,privKey);
         byte[] outp = engine.doFinal(buffer.getBytes());
         return RubyString.newString(getRuntime(), outp);
@@ -354,7 +354,7 @@ public IRubyObject private_decrypt(IRubyObject[] args) throws Exception {
             throw new RaiseException(getRuntime(), (RubyClass)(((RubyModule)(getRuntime().getModule("OpenSSL").getConstant("PKey"))).getConstant("RSAError")), "private key needed.", true);
         }
 
-        Cipher engine = Cipher.getInstance("RSA"+p);
+        Cipher engine = Cipher.getInstance("RSA"+p,OpenSSLReal.PROVIDER);
         engine.init(Cipher.DECRYPT_MODE,privKey);
         byte[] outp = engine.doFinal(buffer.getBytes());
         return RubyString.newString(getRuntime(), outp);
@@ -368,7 +368,7 @@ public IRubyObject public_encrypt(IRubyObject[] args) throws Exception {
         String p = getPadding(padding);
 
         RubyString buffer = args[0].convertToString();
-        Cipher engine = Cipher.getInstance("RSA"+p);
+        Cipher engine = Cipher.getInstance("RSA"+p,OpenSSLReal.PROVIDER);
         engine.init(Cipher.ENCRYPT_MODE,pubKey);
         byte[] outp = engine.doFinal(buffer.getBytes());
         return RubyString.newString(getRuntime(), outp);
@@ -382,7 +382,7 @@ public IRubyObject public_decrypt(IRubyObject[] args) throws Exception {
         String p = getPadding(padding);
 
         RubyString buffer = args[0].convertToString();
-        Cipher engine = Cipher.getInstance("RSA"+p);
+        Cipher engine = Cipher.getInstance("RSA"+p,OpenSSLReal.PROVIDER);
         engine.init(Cipher.DECRYPT_MODE,pubKey);
         byte[] outp = engine.doFinal(buffer.getBytes());
         return RubyString.newString(getRuntime(), outp);