From 32369c44dc79befa9a229d912aeba208fb8af82b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ronald=20Tschal=C3=A4r?= Date: Fri, 4 Aug 2017 19:53:40 -0700 Subject: [PATCH] Fix subjectAltName parsing to always generate GeneralNames. It now handles arbitrary lists of names and always produces a GeneralNames as required by the definition. Additionally, leading and trailing whitespace around separators and labels is properly removed. This fixes #134. --- .../ext/openssl/X509ExtensionFactory.java | 67 +++++++++---------- src/test/ruby/x509/test_x509ext.rb | 38 +++++++++-- 2 files changed, 62 insertions(+), 43 deletions(-) diff --git a/src/main/java/org/jruby/ext/openssl/X509ExtensionFactory.java b/src/main/java/org/jruby/ext/openssl/X509ExtensionFactory.java index cf691704..53920cca 100644 --- a/src/main/java/org/jruby/ext/openssl/X509ExtensionFactory.java +++ b/src/main/java/org/jruby/ext/openssl/X509ExtensionFactory.java @@ -490,69 +490,62 @@ private ASN1Encodable parseIssuerAltName(final ThreadContext context, final Stri private static final String DNS_ = "DNS:"; private static final String DNS_Name_ = "DNS Name:"; + private static final String IP_ = "IP:"; + private static final String IP_Address_ = "IP Address:"; private static final String URI_ = "URI:"; private static final String RID_ = "RID:"; private static final String email_ = "email:"; private static final String dirName_ = "dirName:"; private static final String otherName_ = "otherName:"; - private static ASN1Encodable parseSubjectAltName(final String valuex) throws IOException { + private static GeneralNames parseSubjectAltName(final String valuex) throws IOException { + final String[] vals = valuex.split("(? "email:foo@bar.com,DNS:a.b.com,email:baz@bar.com", + :output => "email:foo@bar.com, DNS:a.b.com, email:baz@bar.com", + :der => "0,\x06\x03U\x1D\x11\x04%0#\x81\vfoo@bar.com\x82\aa.b.com\x81\vbaz@bar.com", + }, + { + :input => "DNS:a.b.com, email:foo@bar.com", + :der => "0\x1f\x06\x03U\x1d\x11\x04\x180\x16\x82\x07a.b.com\x81\x0bfoo@bar.com", + }, + { + :input => "URI:https://a.b.com/, DNS:a.b.com", + :der => "0$\x06\x03U\x1d\x11\x04\x1d0\x1b\x86\x10https://a.b.com/\x82\x07a.b.com", + }, + { + :input => "IP:1.2.3.4,IP: fe80::12:345:5678, email:foo@bar.com, dirName: CN=John Doe\\,O=Acme", + :output => "IP:1.2.3.4, IP:fe80:0:0:0:0:12:345:5678, email:foo@bar.com, DirName:CN=John Doe,O=Acme", + :der => "0T\x06\x03U\x1d\x11\x04M0K\x87\x04\x01\x02\x03\x04\x87\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x03EVx\x81\x0bfoo@bar.com\xa4$0\"1\x110\x0f\x06\x03U\x04\x03\x0c\x08John Doe1\x0d0\x0b\x06\x03U\x04\x0a\x0c\x04Acme", + }, + { + :input => "RID:1.3.6.1.3.100.200", + :der => "0\x12\x06\x03U\x1d\x11\x04\x0b0\x09\x88\x07+\x06\x01\x03d\x81H", + }, + ] + extensions = OpenSSL::X509::ExtensionFactory.new - ext = extensions.create_extension("subjectAltName", "email:foo@bar.com,DNS:a.b.com,email:baz@bar.com") - assert_equal 'subjectAltName', ext.oid - assert_equal 'email:foo@bar.com, DNS:a.b.com, email:baz@bar.com', ext.value - mri_der = "0,\x06\x03U\x1D\x11\x04%0#\x81\vfoo@bar.com\x82\aa.b.com\x81\vbaz@bar.com" - assert_equal mri_der, ext.to_der + tests.each { |test| + ext = extensions.create_extension("subjectAltName", test[:input]) + assert_equal 'subjectAltName', ext.oid + assert_equal (test[:output] || test[:input]), ext.value + assert_equal test[:der], ext.to_der + } end def subject_alt_name(domains) @@ -165,4 +191,4 @@ def subject_alt_name(domains) end private :subject_alt_name -end \ No newline at end of file +end