[cp-patches] FYI: fix GeneralNames

Wed, 01 Feb 2006 23:14:14 -0800

This fixes some problems in parsing the `GeneralNames' extension of X. 509 certificates. Again, part of this patch is from someone whose name escapes me (both this and the previous fix were trivial enough that we decided we did not need a copyright assignment for them). 

2006-02-01  Casey Marshall  <[EMAIL PROTECTED]>

        Tag check and OTHER_NAME fixes suggested by ???.
        * gnu/java/security/x509/ext/GeneralNames.java (<init>): fix tag
        check; fix OTHER_NAME parsing; fix DIRECTORY_NAME parsing.

Committed,


Index: gnu/java/security/x509/ext/GeneralNames.java
===================================================================
RCS file: 
/cvsroot/classpath/classpath/gnu/java/security/x509/ext/GeneralNames.java,v
retrieving revision 1.3
diff -u -b -B -r1.3 GeneralNames.java
--- gnu/java/security/x509/ext/GeneralNames.java        2 Jul 2005 20:32:14 
-0000       1.3
+++ gnu/java/security/x509/ext/GeneralNames.java        2 Feb 2006 07:07:43 
-0000
@@ -52,6 +52,8 @@
 import java.util.LinkedList;
 import java.util.List;
 
+import javax.security.auth.x500.X500Principal;
+
 public class GeneralNames
 {
 
@@ -81,12 +83,14 @@
     if (!nameList.isConstructed())
       throw new IOException("malformed GeneralNames");
     int len = 0;
+    int i = 0;
     while (len < nameList.getLength())
       {
         DERValue name = der.read();
         List namePair = new ArrayList(2);
-        if (name.getTagClass() != DER.APPLICATION)
-          throw new IOException("malformed GeneralName");
+        int tagClass = name.getTagClass();
+        if (tagClass != DER.CONTEXT)
+          throw new IOException("malformed GeneralName: Tag class is " + 
tagClass);
         namePair.add(new Integer(name.getTag()));
         DERValue val = null;
         switch (name.getTag())
@@ -99,6 +103,15 @@
             break;
 
           case OTHER_NAME:
+            // MUST return the encoded bytes of the OID/OctetString sequence
+            byte[] anotherName = name.getEncoded();
+            anotherName[0] = (byte) (DER.CONSTRUCTED|DER.SEQUENCE);
+            namePair.add(anotherName);
+            // DERReader goes back on Constructed things so we need to skip 
over them
+            DERValue skip = der.read(); // skip OID
+            skip = der.read(); // skip Octet String
+            break;
+            
           case EDI_PARTY_NAME:
             namePair.add(name.getValue());
             break;
@@ -106,7 +119,9 @@
           case DIRECTORY_NAME:
             byte[] b = name.getEncoded();
             b[0] = (byte) (DER.CONSTRUCTED|DER.SEQUENCE);
-            namePair.add(new X500DistinguishedName(b).toString());
+            DERReader r = new DERReader (b);
+            r.read ();
+            namePair.add(new X500Principal(r.read ().getEncoded 
()).toString());
             break;
 
           case IP_ADDRESS:














    











					Reply via email to