Skip to content

[fix] OpenSSL::ASN1::ASN1Data encoding/decoding compatibility #265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 12, 2025
+116 −14
Merged

[fix] OpenSSL::ASN1::ASN1Data encoding/decoding compatibility #265

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7be1d05
to_der on ASN1Data should convert ruby strings into java strings befo…
HoneyryderChuck Aug 20, 2022
ac7a9d4
handle string in asn1data
HoneyryderChuck May 8, 2024
0273793
unify how taggedobjects get decoded
HoneyryderChuck May 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 86 additions & 14 deletions src/main/java/org/jruby/ext/openssl/ASN1.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1071,15 +1071,14 @@ else if ( obj instanceof ASN1GraphicString ) {
break;
}

if (taggedObj.getTagClass() == BERTags.APPLICATION) {
try {
final ASN1Sequence sequence = (ASN1Sequence) taggedObj.getBaseUniversal(false, SEQUENCE);
@SuppressWarnings("unchecked")
final RubyArray valArr = decodeObjects(context, ASN1, sequence.getObjects());
return ASN1.getClass("ASN1Data").newInstance(context, new IRubyObject[] { valArr, tag, tag_class }, Block.NULL_BLOCK);
} else {
IRubyObject val = decodeObject(context, ASN1, taggedObj.getBaseObject());
final RubyArray valArr = runtime.newArray(val);
return ASN1.getClass("ASN1Data").newInstance(context, new IRubyObject[] { valArr, tag, tag_class }, Block.NULL_BLOCK);
} catch (IllegalStateException e) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems a bit unusual, is there a reason why we have to resort to the exception as flow control?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I couldn't make the decoding of "@\x03bla" work in any other way (see the respective unit test, it fails with " unexpected implicit primitive encoding" without this). Do you know of a better alternative?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, thanks - there does not seem to be a way API to check (e.g. isParsed()) isn't public 😞

IRubyObject val = decodeObject(context, ASN1, taggedObj.getBaseObject()).callMethod(context, "value");
return ASN1.getClass("ASN1Data").newInstance(context, new IRubyObject[] { val, tag, tag_class }, Block.NULL_BLOCK);
}
}

Expand Down Expand Up @@ -1357,6 +1356,10 @@ boolean isEOC() {
return "EndOfContent".equals( getClassBaseName() );
}

boolean isUniversal(final ThreadContext context) {
return "ASN1Data".equals(getClassBaseName()) && getTagClass(context) == 0;
}

IRubyObject tagging() {
return getInstanceVariable("@tagging");
}
Expand Down Expand Up @@ -1395,22 +1398,51 @@ final ASN1TaggedObject toASN1TaggedObject(final ThreadContext context) {

final IRubyObject value = callMethod(context, "value");
if (value instanceof RubyArray) {
// Cruby openssl joins elements of array and casts to string
final RubyArray arr = (RubyArray) value;
assert ! arr.isEmpty();

StringBuilder values = new StringBuilder();
ASN1EncodableVector vec = new ASN1EncodableVector();

for (final IRubyObject obj : arr.toJavaArray()) {
ASN1Encodable data = ((ASN1Data) obj).toASN1(context);
if ( data == null ) break;
vec.add( data );
if (obj instanceof ASN1Data) {
ASN1Encodable data = ((ASN1Data) obj).toASN1(context);
if (data == null) break;
vec.add(data);
} else {
final IRubyObject string = obj.checkStringType();
if (string instanceof RubyString) {
values.append(string.asJavaString());
} else {
throw context.runtime.newTypeError(
"no implicit conversion of " + obj.getMetaClass().getBaseName() + " into String");
}
}
}
return new DERTaggedObject(isExplicitTagging(), tag, new DERSequence(vec));
}

if (!(value instanceof ASN1Data)) {
throw new UnsupportedOperationException("toASN1 " + inspect() + " value: " + value.inspect() + " (" + value.getMetaClass() + ")");
if (vec.size() > 0) {
// array of asn1 objects as value
return new DERTaggedObject(isExplicitTagging(), tag, new DERSequence(vec));
}

// array of strings as value (default)
return new DERTaggedObject(isExplicitTagging(), tagClass, tag,
new DERGeneralString(values.toString()));
} else if (value instanceof ASN1Data) {
return new DERTaggedObject(isExplicitTagging(), tagClass, tag, ((ASN1Data) value).toASN1(context));
} else if (value instanceof RubyObject) {
final IRubyObject string = value.checkStringType();
if (string instanceof RubyString) {
return new DERTaggedObject(isExplicitTagging(), tagClass, tag,
new DERGeneralString(string.asJavaString()));
} else {
throw context.runtime.newTypeError(
"no implicit conversion of " + value.getMetaClass().getBaseName() + " into String");
}
} else {
throw context.runtime.newTypeError(
"no implicit conversion of " + value.getMetaClass().getBaseName() + " into String");
}
return new DERTaggedObject(isExplicitTagging(), tagClass, tag, ((ASN1Data) value).toASN1(context));
}

@JRubyMethod
Expand All @@ -1426,6 +1458,41 @@ public IRubyObject to_der(final ThreadContext context) {

byte[] toDER(final ThreadContext context) throws IOException {
if ( isEOC() ) return new byte[] { 0x00, 0x00 };

if (isUniversal(context)) {
// handstitch conversion
final java.io.ByteArrayOutputStream out = new ByteArrayOutputStream();
final IRubyObject value = callMethod(context, "value");

final byte[] valueBytes;
if (value instanceof RubyArray) {
final RubyArray arr = (RubyArray) value;
final java.io.ByteArrayOutputStream valueOut = new ByteArrayOutputStream();

for (final IRubyObject obj : arr.toJavaArray()) {
final IRubyObject string = value.checkStringType();
if (string instanceof RubyString) {
valueOut.write(((RubyString) string).getBytes());
} else {
throw context.runtime.newTypeError(
"no implicit conversion of " + obj.getMetaClass().getBaseName() + " into String");
}
}
valueBytes = valueOut.toByteArray();
} else {
final IRubyObject string = value.checkStringType();
if (string instanceof RubyString) {
valueBytes = ((RubyString) string).getBytes();
} else {
throw context.runtime.newTypeError(
"no implicit conversion of " + value.getMetaClass().getBaseName() + " into String");
}
}
out.write(getTag(context));
out.write(valueBytes.length);
out.write(valueBytes);
return out.toByteArray();
}
return toASN1(context).toASN1Primitive().getEncoded(ASN1Encoding.DER);
}

Expand Down Expand Up @@ -1619,6 +1686,11 @@ boolean isEOC() {
return false;
}

@Override
boolean isUniversal(final ThreadContext context) {
return false;
}

private boolean isNull() {
return "Null".equals(getMetaClass().getRealClass().getBaseName());
}
Expand Down
30 changes: 30 additions & 0 deletions src/test/ruby/test_asn1.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,36 @@ def test_null
}
end

def test_encode_asn1_data
ai = OpenSSL::ASN1::ASN1Data.new(i = "bla", 0, :APPLICATION)
ai2 = OpenSSL::ASN1.decode(ai.to_der)
assert_equal :APPLICATION, ai2.tag_class
assert_equal 0, ai2.tag
assert_equal i, ai2.value

ai = OpenSSL::ASN1::ASN1Data.new(i = "bla", 4, :UNIVERSAL)
ai2 = OpenSSL::ASN1.decode(ai.to_der)
assert_equal :UNIVERSAL, ai2.tag_class
assert_equal 4, ai2.tag
assert_equal i, ai2.value

ai = OpenSSL::ASN1::ASN1Data.new(i = ["bla"], 0, :APPLICATION)
ai2 = OpenSSL::ASN1.decode(ai.to_der)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still need to check with OpenSSL 1.x but recent Ruby versions do not support decoding the array:

`decode': too long (OpenSSL::ASN1::ASN1Error)

it's a bit of an edge case and I am happy to leave it as is (to_der seems to work the same), just interested in your thought here, does this happen in the real-world?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe so (I think I took this example from an SNMP use case, but it's been some time to give you precise details).

assert_equal :APPLICATION, ai2.tag_class
assert_equal 0, ai2.tag
assert_equal "bla", ai2.value

ai = OpenSSL::ASN1::ASN1Data.new(i = ["bla", "bla"], 0, :APPLICATION)
ai2 = OpenSSL::ASN1.decode(ai.to_der)
assert_equal :APPLICATION, ai2.tag_class
assert_equal 0, ai2.tag
assert_equal "blabla", ai2.value

assert_raise(ArgumentError) { OpenSSL::ASN1::ASN1Data.new(1).to_der }
assert_raise("no implicit conversion of Integer into String") { OpenSSL::ASN1::ASN1Data.new(1, 0, :APPLICATION).to_der }
assert_raise("no implicit conversion of Integer into String") { OpenSSL::ASN1::ASN1Data.new(1, 0, :CONTEXT_SPECIFIC).to_der }
end

def test_encode_nil
#Primitives raise TypeError, Constructives NoMethodError

Expand Down
Loading