[Pki-devel] [PATCH] 0019 Decode challengePassword attribute as DirectoryString
Fraser Tweedale
ftweedal at redhat.com
Fri Dec 5 01:38:02 UTC 2014
Fixes https://fedorahosted.org/pki/ticket/1221
-------------- next part --------------
>From b23bf0e1c3d0435022ab1724413937d3f24f3d09 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <frase at frase.id.au>
Date: Thu, 4 Dec 2014 02:01:38 -0500
Subject: [PATCH] Decode challengePassword attribute as DirectoryString
The PKCS #9 challengePassword attribute has DirectoryString syntax.
Dogtag currently attempts only to decode it as a PrintableString,
causing failures when the attribute is encoded as a UTF8String.
Add method DerValue.getDirectoryString() to decode any of the valid
DirectoryString encodings and update ChallengePassword to use it.
https://fedorahosted.org/pki/ticket/1221
---
.../cms/servlet/cert/scep/ChallengePassword.java | 2 +-
.../src/netscape/security/util/DerInputStream.java | 4 ++++
base/util/src/netscape/security/util/DerValue.java | 22 ++++++++++++++++++++++
3 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
index 5c7ac856f2157c71d69308e556213163d03d49c0..f21abcc807dc4ae7a5004d18804c91e082c7cf9c 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
@@ -88,7 +88,7 @@ public class ChallengePassword implements CertAttrSet {
private void construct(DerValue derVal) throws IOException {
try {
- cpw = derVal.getPrintableString();
+ cpw = derVal.getDirectoryString();
} catch (NullPointerException e) {
cpw = "";
}
diff --git a/base/util/src/netscape/security/util/DerInputStream.java b/base/util/src/netscape/security/util/DerInputStream.java
index 40763a6bab971f3c296844febc6f97352383b903..6c752da005a75df9ecb24ec82cbaf5787f9e21a0 100644
--- a/base/util/src/netscape/security/util/DerInputStream.java
+++ b/base/util/src/netscape/security/util/DerInputStream.java
@@ -369,6 +369,10 @@ public class DerInputStream {
return (new DerValue(buffer)).getUniversalString();
}
+ public String getDirectoryString() throws IOException {
+ return (new DerValue(buffer)).getDirectoryString();
+ }
+
/**
* Get a UTC encoded time value from the input stream.
*/
diff --git a/base/util/src/netscape/security/util/DerValue.java b/base/util/src/netscape/security/util/DerValue.java
index 87a0a38a3fab86f81431d2d175235b5081a44451..9c900c5c9205e5b2ba83e576bc01469f7716f039 100644
--- a/base/util/src/netscape/security/util/DerValue.java
+++ b/base/util/src/netscape/security/util/DerValue.java
@@ -130,6 +130,13 @@ public class DerValue {
/** Tag value indicating an ASN.1 "UTF8String" value. (since 1998) */
public final static byte tag_UTF8String = 0x0C;
+ public final static byte[] tags_DirectoryString =
+ { tag_T61String
+ , tag_PrintableString
+ , tag_UniversalString
+ , tag_UTF8String
+ , tag_BMPString };
+
// CONSTRUCTED seq/set
/**
@@ -521,6 +528,21 @@ public class DerValue {
return getASN1CharString();
}
+ public String getDirectoryString() throws IOException {
+ boolean tagValid = false;
+ for (int i = 0; i < tags_DirectoryString.length; i++) {
+ if (tag == tags_DirectoryString[i]) {
+ tagValid = true;
+ break;
+ }
+ }
+ if (!tagValid)
+ throw new IOException(
+ "DerValue.getDirectoryString: invalid tag: " + tag);
+
+ return getASN1CharString();
+ }
+
/*
* @eturns a string if the DerValue is a ASN.1 character string type and
* if there is a decoder for the type. Returns null otherwise.
--
1.9.3
More information about the Pki-devel
mailing list