To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=103519 Issue #|103519 Summary|xmlsecurity: Signature certificate names are trunked i |f CN contains commas enclosed withing quotes Component|xml Version|OOO310m11 Platform|All URL| OS/Version|All Status|UNCONFIRMED Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P1 Subcomponent|code Assigned to|jl Reported by|clawgrip
------- Additional comments from [email protected] Mon Jul 13 16:21:14 +0000 2009 ------- we're working on a project for promoting the use of the new (smartcard and certificate based) Spanish National ID Card (called DNIe) on Open Source environments. The project is promoted by CENATIC, a working group of Spanish public administration organisms (Spanish Ministry of Industry and some local and regional governments among others) and some private corporations (Atos Origin Spain, Sun Microsystems Spain, etc.). Within the scope of our project, we've found a few interoperability problems between the DNIe and OpenOffice.org (OOo). I'll try to describe the problem and how we're trying to fix it (you can find our patch at the end of this description): Problem description: When parsing RFC 2253 DN's for showing the available certificates for signing the current document to the user, OOo does the tokenizer directly using the ',' character as separator, but the Spanish National ID Card (smartcard-based) has certificates with their principals according to the following format: CN="NAME SURNAME1, SURNAME2 (CERTUSE)",givenNAME=NAME,SN=SURNAME,serialNumber=... So, instead of showing the Common Name as: "NAME SURNAME1, SURNAME2 (CERTUSE)" OOo shows: "NAME SURNAME1 Because the ',' between SURNAME1 and SURNAME2 is interpreted as token separator. The bug is critical, since there are two certificates on the Spanish ID card, one for digital signature and the other for authentication, with CNs as: "NAME SURNAME1, SURNAME2 (SIGNATURE)" "NAME SURNAME1, SURNAME2 (AUTHENTICATION)" But OOs shows them as: "NAME SURNAME1 "NAME SURNAME1 That is, with the same description for both certificates, which leads users to confusion, because you cannot identify which certificate is for signing and which is for authentication. Our Fix: Now, ',' characters enclosed between a pair of '"' characters are not interpreted as token separators. We've changed only the "String GetContentPart( const String& _rRawString )" method of the OOO310_m11/xmlsecurity/source/dialogs/resourcemanager.cxx file, but not the other variants (there's at least another variant that allows to choose which RDN to retrieve, "String GetContentPart( const String& _rRawString, const String& _rPartId )"), mainly because only the changed one was used for showing certificate descriptions (CNs) to the users. We've contacted Peng Chandler (author of the patched code), and although he finds the patch right, since he's no longer involved on OOo development he suggested we should send the patch and bug description to OOo directly. Please, don't hesitate to ask for any other information or change you need. PATH: --- OOO310_m11/xmlsecurity/source/dialogs/resourcemanager.cxx 2008-04-11 02:14:16.000000000 +0200 +++ OOO310_m11/xmlsecurity/source/dialogs/resourcemanager.cxx 2009-07-07 14:31:10.000000000 +0200 @@ -219,7 +219,25 @@ { nContStart = nContStart + sPartId.Len(); //++nContStart; // now it's start of content, directly after Id // delete By CP - xub_StrLen nContEnd = _rRawString.Search( sal_Unicode( ',' ), nContStart ); + + xub_StrLen nContEnd = STRING_NOTFOUND; + xub_StrLen nTempPos = nContStart; + do { + xub_StrLen nNextCommaPos = _rRawString.Search( sal_Unicode( ',' ), nTempPos ); + xub_StrLen nInvComBegin = _rRawString.Search( sal_Unicode( '"' ), nTempPos ); + + if(nInvComBegin == STRING_NOTFOUND || nInvComBegin >= nNextCommaPos) + nContEnd = nNextCommaPos; + else + { + xub_StrLen nInvComEnd = _rRawString.Search( sal_Unicode( '"' ), nInvComBegin+1 ); + if(nInvComEnd == STRING_NOTFOUND) + nContEnd = nNextCommaPos; + else + nTempPos = nInvComEnd+1; + } + } while (nContEnd == STRING_NOTFOUND); + sPart = String( _rRawString, nContStart, nContEnd - nContStart ); break; } --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
