Problems with subjectKeyIdentifier with non 20-bytes sha1 digested keys
-----------------------------------------------------------------------
Key: JRUBY-3888
URL: http://jira.codehaus.org/browse/JRUBY-3888
Project: JRuby
Issue Type: Bug
Components: OpenSSL
Affects Versions: JRuby-OpenSSL 0.5.1
Environment: linux , jvm 1.6 jrockit jruby 1.1.6
Reporter: Dave Garcia
Attachments: jruby-openssl-issue-with-ski.zip
X509Certificate extensions presents some problems dealing with subject key
identifier extensions on some types of certificate profiles.
Usually this extension contains encoded 20 byte long SHA1 digest from subject
public key but in Austrian eID certificates it contains 8 bit encoded
as theu define "0100 + last 60 Bit of SHA-1 of Public Key" . In this case
extension treat this as a string containing characters representing hexcodes.
If we try to parse a certificate with this 8-byte extension schema the message
is the following 2.5.29.14 = L¹áÜz¬5Ã: illegal hex digit
(OpenSSL::X509::ExtensionError) because it tries to parse it an array of chars
representing hexa values.
I provided a detection mechanism to check if we are dealing with a binary value
or a string filled with chards representing hexa values. The results given are
the same that ruby native OpenSSL performs.
I provide patch, test case and a pair of certificates one with 20-bytes ski and
one with 8-bytes (both reals).
This is a very quick & dirty patch so forgive me if something is missing :).
Best regards
Dave
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
