>From b23bf0e1c3d0435022ab1724413937d3f24f3d09 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 4 Dec 2014 02:01:38 -0500 Subject: [PATCH] Decode challengePassword attribute as DirectoryString The PKCS #9 challengePassword attribute has DirectoryString syntax. Dogtag currently attempts only to decode it as a PrintableString, causing failures when the attribute is encoded as a UTF8String. Add method DerValue.getDirectoryString() to decode any of the valid DirectoryString encodings and update ChallengePassword to use it. https://fedorahosted.org/pki/ticket/1221 --- .../cms/servlet/cert/scep/ChallengePassword.java | 2 +- .../src/netscape/security/util/DerInputStream.java | 4 ++++ base/util/src/netscape/security/util/DerValue.java | 22 ++++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java index 5c7ac856f2157c71d69308e556213163d03d49c0..f21abcc807dc4ae7a5004d18804c91e082c7cf9c 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java @@ -88,7 +88,7 @@ public class ChallengePassword implements CertAttrSet { private void construct(DerValue derVal) throws IOException { try { - cpw = derVal.getPrintableString(); + cpw = derVal.getDirectoryString(); } catch (NullPointerException e) { cpw = ""; } diff --git a/base/util/src/netscape/security/util/DerInputStream.java b/base/util/src/netscape/security/util/DerInputStream.java index 40763a6bab971f3c296844febc6f97352383b903..6c752da005a75df9ecb24ec82cbaf5787f9e21a0 100644 --- a/base/util/src/netscape/security/util/DerInputStream.java +++ b/base/util/src/netscape/security/util/DerInputStream.java @@ -369,6 +369,10 @@ public class DerInputStream { return (new DerValue(buffer)).getUniversalString(); } + public String getDirectoryString() throws IOException { + return (new DerValue(buffer)).getDirectoryString(); + } + /** * Get a UTC encoded time value from the input stream. */ diff --git a/base/util/src/netscape/security/util/DerValue.java b/base/util/src/netscape/security/util/DerValue.java index 87a0a38a3fab86f81431d2d175235b5081a44451..9c900c5c9205e5b2ba83e576bc01469f7716f039 100644 --- a/base/util/src/netscape/security/util/DerValue.java +++ b/base/util/src/netscape/security/util/DerValue.java @@ -130,6 +130,13 @@ public class DerValue { /** Tag value indicating an ASN.1 "UTF8String" value. (since 1998) */ public final static byte tag_UTF8String = 0x0C; + public final static byte[] tags_DirectoryString = + { tag_T61String + , tag_PrintableString + , tag_UniversalString + , tag_UTF8String + , tag_BMPString }; + // CONSTRUCTED seq/set /** @@ -521,6 +528,21 @@ public class DerValue { return getASN1CharString(); } + public String getDirectoryString() throws IOException { + boolean tagValid = false; + for (int i = 0; i < tags_DirectoryString.length; i++) { + if (tag == tags_DirectoryString[i]) { + tagValid = true; + break; + } + } + if (!tagValid) + throw new IOException( + "DerValue.getDirectoryString: invalid tag: " + tag); + + return getASN1CharString(); + } + /* * @eturns a string if the DerValue is a ASN.1 character string type and * if there is a decoder for the type. Returns null otherwise. -- 1.9.3