Author: brane
Date: Wed Jul 30 13:02:00 2014
New Revision: 1614648
URL: http://svn.apache.org/r1614648
Log:
On the svn-auth-x509 branch: Expose the subject CN as a separate property
in JavaHL, and restrict the subject pattern in the search to the CN
instead of the whole subject (the latter is still scanned in full-text
search mode).
[in subversion/bindings/javahl]
* src/org/apache/subversion/javahl/SVNUtil.java
(SVNUtil.searchCredentials): Update docs about the subjectPattern.
(top-level): Remove unused, commented-out boilerplate code.
* src/org/apache/subversion/javahl/callback/AuthnCallback.java
(AuthnCallback.SSLServerCertInfo.getSubject): Update docstring.
(AuthnCallback.SSLServerCertInfo.getIssuer): Update docstring.
(AuthnCallback.SSLServerCertInfo.getSubjectCommonName): New.
(AuthnCallback.SSLServerCertInfo.SSLServerCertInfo):
Update constructor signature with a new subjectCN parameter.
* native/AuthnCallback.cpp
(AuthnCallback::SSLServerCertInfo::ClassImpl::ClassImpl):
Update the Java constructor signature.
(AuthnCallback::SSLServerCertInfo::SSLServerCertInfo):
Pass the subject CN to the Java constructor.
* native/org_apache_subversion_javahl_util_ConfigLib.cpp
(Java_org_apache_subversion_javahl_util_ConfigLib_nativeSearchCredentials):
Restrict the subjectPattern search to the subject CN + hostnames.
* tests/org/apache/subversion/javahl/UtilTests.java
(UtilTests.testCredentials): Test the new getSubjectCommonName function.
Modified:
subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/AuthnCallback.cpp
subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/org_apache_subversion_javahl_util_ConfigLib.cpp
subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/SVNUtil.java
subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/callback/AuthnCallback.java
subversion/branches/svn-auth-x509/subversion/bindings/javahl/tests/org/apache/subversion/javahl/UtilTests.java
Modified:
subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/AuthnCallback.cpp
URL:
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/AuthnCallback.cpp?rev=1614648&r1=1614647&r2=1614648&view=diff
==============================================================================
---
subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/AuthnCallback.cpp
(original)
+++
subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/AuthnCallback.cpp
Wed Jul 30 13:02:00 2014
@@ -185,7 +185,9 @@ AuthnCallback::SSLServerCertInfo::ClassI
: ::Java::Object::ClassImpl(env, cls),
m_mid_ctor(env.GetMethodID(cls, "<init>",
"(Ljava/lang/String;"
- "Ljava/lang/String;JJ[B"
+ "Ljava/lang/String;"
+ "Ljava/lang/String;"
+ "JJ[B"
"Ljava/util/List;"
"Ljava/lang/String;)V"))
{}
@@ -209,6 +211,7 @@ AuthnCallback::SSLServerCertInfo::SSLSer
pool.getPool(), pool.getPool()));
const ::Java::String subject(env, svn_x509_certinfo_get_subject(certinfo));
+ const ::Java::String cn(env, svn_x509_certinfo_get_subject_cn(certinfo));
const ::Java::String issuer(env, svn_x509_certinfo_get_subject(certinfo));
const ::Java::String cert(env, ascii_cert);
const jlong valid_from =
@@ -247,11 +250,9 @@ AuthnCallback::SSLServerCertInfo::SSLSer
}
set_this(env.NewObject(get_class(), impl().m_mid_ctor,
- subject.get(), issuer.get(),
- valid_from, valid_to,
- fingerprint.get(),
- jhostnames,
- cert.get()));
+ subject.get(), cn.get(), issuer.get(),
+ valid_from, valid_to, fingerprint.get(),
+ jhostnames, cert.get()));
}
Modified:
subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/org_apache_subversion_javahl_util_ConfigLib.cpp
URL:
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/org_apache_subversion_javahl_util_ConfigLib.cpp?rev=1614648&r1=1614647&r2=1614648&view=diff
==============================================================================
---
subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/org_apache_subversion_javahl_util_ConfigLib.cpp
(original)
+++
subversion/branches/svn-auth-x509/subversion/bindings/javahl/native/org_apache_subversion_javahl_util_ConfigLib.cpp
Wed Jul 30 13:02:00 2014
@@ -404,6 +404,7 @@ Java_org_apache_subversion_javahl_util_C
/* Parsed certificate data. */
const char* subject = NULL;
+ const char* subject_cn = NULL;
const char* issuer = NULL;
const char* fingerprint = NULL;
const apr_array_header_t* hostnames = NULL;
@@ -425,6 +426,7 @@ Java_org_apache_subversion_javahl_util_C
else
{
subject = svn_x509_certinfo_get_subject(certinfo);
+ subject_cn = svn_x509_certinfo_get_subject_cn(certinfo);
issuer = svn_x509_certinfo_get_issuer(certinfo);
fingerprint = svn_checksum_to_cstring_display(
svn_x509_certinfo_get_digest(certinfo),
@@ -444,7 +446,7 @@ Java_org_apache_subversion_javahl_util_C
if (!match && m_subject_pattern)
{
match = (match
- || (subject
+ || (subject_cn
&& !apr_fnmatch(m_subject_pattern, subject, 0)));
if (!match && hostnames)
match = (match || match_array(m_subject_pattern, hostnames));
Modified:
subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/SVNUtil.java
URL:
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/SVNUtil.java?rev=1614648&r1=1614647&r2=1614648&view=diff
==============================================================================
---
subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/SVNUtil.java
(original)
+++
subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/SVNUtil.java
Wed Jul 30 13:02:00 2014
@@ -261,58 +261,6 @@ public class SVNUtil
return passphrase;
}
- // ### TODO: There are currently no proper APIs in Subversion
- // for adding credentials. These factory methods are
- // placeholders.
- //
- ///**
- // * Creates an "svn.username" credential.
- // * @param realm The realm string.
- // * @param username The username for <code>realm</code>.
- // */
- //public static Credential
- // createUsername(String realm, String username)
- //{
- // return new Credential(Kind.username, realm, null,
- // username, null, null, null, null);
- //}
- //
- ///**
- // * Creates an "svn.simple" credential.
- // * @param realm The realm string.
- // * @param username The username for <code>realm</code>.
- // * @param password The password for <code>username</code>.
- // */
- //public static Credential
- // createSimple(String realm, String username, String password)
- //{
- // return new Credential(Kind.simple, realm, null,
- // username, password, null, null, null);
- //}
- //
- ///** Creates an "svn.ssl.server" credential. */
- //public static Credential
- // createSSLServerCertTrust(String realm,
- // AuthnCallback.SSLServerCertInfo info,
- // AuthnCallback.SSLServerCertFailures
failures)
- //{
- // return new Credential(Kind.sslServer, realm, null,
- // null, null, info, failures, null);
- //}
- //
- ///**
- // * Creates an "svn.ssl.client-passphrase" credential.
- // * @param realm The realm string.
- // * @param passphrase The passphrase for for the client certificate
- // * used for <code>realm</code>.
- // */
- //public static Credential
- // createSSLClientCertPassphrase(String realm, String passphrase)
- //{
- // return new Credential(Kind.simple, realm, null,
- // null, null, null, null, passphrase);
- //}
-
private Credential(Kind kind, String realm, String store,
String username, String password,
AuthnCallback.SSLServerCertInfo info,
@@ -414,38 +362,6 @@ public class SVNUtil
return configLib.removeCredential(configDir, kind, realm);
}
- // ### TODO: There are currently no proper APIs in Subversion for
- // adding credentials. This method is a placeholder.
- //
- ///**
- // * Store a new credential, or replace an existing credential.
- // * <p>
- // * <b>Note:</b> If the native credentials store is disabled, this
- // * method will always return <code>null</code>.
- // *
- // * @param configDir The path to the configuration directory; if
- // * <code>null</code>, the default (system-specific) user
- // * configuration path will be used.
- // * @param credential The credential to store.
- // * @param replace If <code>true</code>, any existing matching
- // * credential will be replaced.
- // *
- // * @return the stored credential. If <code>replace</code> was
- // * <code>false</code>, and a credential with the same kind and
- // * for the same realm exists, it will be returned. If the given
- // * credential was successfully added, the same object reference
- // * will be returned (the calling code can compare reference values
- // * to determine this). Will return <code>null</code> if the
- // * credential could not be stored for any reason.
- // */
- //public static Credential addCredential(String configDir,
- // Credential credential,
- // boolean replace)
- // throws ClientException, SubversionException
- //{
- // return configLib.addCredential(configDir, credential, replace);
- //}
-
/**
* Find stored credentials that match the given search criteria.
* <p>
@@ -466,8 +382,8 @@ public class SVNUtil
* otherwise, only those credentials that have a username,
* and where the username matches the pattern, will be
* returned.
- * @param subjectPattern A glob pattern for the subject and
- * hostnames of a server certificate; if
+ * @param subjectPattern A glob pattern for the subject Common
+ * Name and hostnames of a server certificate; if
* <code>null</code>, all credntials will be
* considered; otherwise, only those credentials that
* have a server certificate with a hostname that
Modified:
subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/callback/AuthnCallback.java
URL:
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/callback/AuthnCallback.java?rev=1614648&r1=1614647&r2=1614648&view=diff
==============================================================================
---
subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/callback/AuthnCallback.java
(original)
+++
subversion/branches/svn-auth-x509/subversion/bindings/javahl/src/org/apache/subversion/javahl/callback/AuthnCallback.java
Wed Jul 30 13:02:00 2014
@@ -245,7 +245,7 @@ public interface AuthnCallback
private static final long serialVersionUID = 1L;
/**
- * @return The subject of the certificate.
+ * @return The subject DN of the certificate.
*/
public String getSubject()
{
@@ -253,7 +253,15 @@ public interface AuthnCallback
}
/**
- * @return The certificate issuer.
+ * @return The subject CN of the certificate.
+ */
+ public String getSubjectCommonName()
+ {
+ return subjectCN;
+ }
+
+ /**
+ * @return The certificate issuer DN.
*/
public String getIssuer()
{
@@ -301,13 +309,14 @@ public interface AuthnCallback
}
/* This private constructor is used by the native implementation. */
- private SSLServerCertInfo(String subject, String issuer,
- long validFrom, long validTo,
+ private SSLServerCertInfo(String subject, String subjectCN,
+ String issuer, long validFrom, long validTo,
byte[] fingerprint,
List<String> hostnames,
String asciiCert)
{
this.subject = subject;
+ this.subjectCN = subjectCN;
this.issuer = issuer;
this.validFrom = new Date(validFrom);
this.validTo = new Date(validTo);
@@ -317,6 +326,7 @@ public interface AuthnCallback
}
private String subject;
+ private String subjectCN;
private String issuer;
private Date validFrom;
private Date validTo;
Modified:
subversion/branches/svn-auth-x509/subversion/bindings/javahl/tests/org/apache/subversion/javahl/UtilTests.java
URL:
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/bindings/javahl/tests/org/apache/subversion/javahl/UtilTests.java?rev=1614648&r1=1614647&r2=1614648&view=diff
==============================================================================
---
subversion/branches/svn-auth-x509/subversion/bindings/javahl/tests/org/apache/subversion/javahl/UtilTests.java
(original)
+++
subversion/branches/svn-auth-x509/subversion/bindings/javahl/tests/org/apache/subversion/javahl/UtilTests.java
Wed Jul 30 13:02:00 2014
@@ -744,10 +744,8 @@ public class UtilTests extends SVNTests
SVNUtil.Credential.Kind.sslServer,
"https://svn.apache.org:443";);
assertNotNull(cred);
- assertEquals(cred.getServerCertInfo().getSubject(),
- "C=US, ST=Maryland, L=Forest Hill, " +
- "O=Apache Software Foundation, OU=Infrastructure, " +
- "CN=*.apache.org");
+ assertEquals(cred.getServerCertInfo().getSubjectCommonName(),
+ "*.apache.org");
/* one SSL client passphrase credential */
cred = SVNUtil.getCredential(configDir,
