* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional

second argument to specify the output format (see also X509_NAME_print_ex). * ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants: OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253, OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE. * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN): new module to provide the parse for RFC2253 DN format. * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253): new method to parse RFC2253 DN format. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6902 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2004-09-13 12:35:25 +00:00 · 2004-09-13 12:35:25 +00:00 · 07f245da37
commit 07f245da37
parent f3721195a9
4 changed files with 232 additions and 5 deletions
--- a/16
+++ b/16
@ -1,3 +1,19 @@
+Mon Sep 13 21:33:40 2004  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
+	  second argument to specify the output format (see also
+	   X509_NAME_print_ex).
+
+	* ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants:
+	  OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253,
+	  OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE.
+
+	* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN):
+	  new module to provide the parse for RFC2253 DN format.
+
+	* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253):
+	  new method to parse RFC2253 DN format.
+
 Mon Sep 13 19:16:33 2004  WATANABE Hirofumi  <eban@ruby-lang.org>

 	* eval.c (blk_copy_prev): need frame_dup().  [ruby-dev:24103]
--- a/ext/openssl/lib/openssl/x509.rb
+++ b/ext/openssl/lib/openssl/x509.rb
@ -62,9 +62,92 @@ module OpenSSL
    end

    class Name
-      def self.parse(str, template=OBJECT_TYPE_TEMPLATE)
-        ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
-        self.new(ary, template)
+      module RFC2253DN
+        Special = ',=+<>#;'
+        HexChar = /[0-9a-fA-F]/
+        HexPair = /#{HexChar}#{HexChar}/
+        HexString = /#{HexPair}+/
+        Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
+        StringChar = /[^#{Special}\\"]/
+        QuoteChar = /[^\\"]/
+        AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
+        AttributeValue = /
+          (?!["#])((?:#{StringChar}|#{Pair})*)|
+          \#(#{HexString})|
+          "((?:#{QuoteChar}|#{Pair})*)"
+        /x
+        TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
+
+        module_function
+
+        def expand_pair(str)
+          return nil unless str
+          return str.gsub(Pair){|pair|
+            case pair.size
+            when 2 then pair[1,1]
+            when 3 then Integer("0x#{pair[1,2]}").chr
+            else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
+            end
+          }
+        end
+
+        def expand_hexstring(str)
+          return nil unless str
+          der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
+          a1 = OpenSSL::ASN1.decode(der)
+          return a1.value, a1.tag
+        end
+
+        def expand_value(str1, str2, str3)
+          value = expand_pair(str1)
+          value, tag = expand_hexstring(str2) unless value
+          value = expand_pair(str3) unless value
+          return value, tag
+        end
+
+        def scan(dn)
+          str = dn
+          ary = []
+          while true
+            if md = TypeAndValue.match(str)
+              matched = md.to_s
+              remain = md.post_match
+              type = md[1]
+              value, tag = expand_value(md[2], md[3], md[4]) rescue nil
+              if value
+                type_and_value = [type, value]
+                type_and_value.push(tag) if tag
+                ary.unshift(type_and_value)
+                if remain.length > 2 && remain[0] == ?,
+                  str = remain[1..-1]
+                  next
+                elsif remain.length > 2 && remain[0] == ?+
+                  raise OpenSSL::X509::NameError,
+                    "multi-valued RDN is not supported: #{dn}"
+                elsif remain.empty?
+                  break
+                end
+              end
+            end
+            msg_dn = dn[0, dn.length - str.length] + " =>" + str
+            raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
+          end
+          return ary
+        end
+      end
+
+      class <<self
+        def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
+          ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
+          self.new(ary, template)
+        end
+
+        def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
+          ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
+          self.new(ary, template)
+        end
+
+        alias parse parse_openssl
      end
    end
  end
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@ -158,7 +158,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
 }

 static VALUE
-ossl_x509name_to_s(VALUE self)
+ossl_x509name_to_s_old(VALUE self)
 {
    X509_NAME *name;
    char *buf;
@ -172,6 +172,30 @@ ossl_x509name_to_s(VALUE self)
    return str;
 }

+static VALUE
+ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
+{
+    X509_NAME *name;
+    VALUE flag, str;
+    BIO *out;
+    unsigned long iflag;
+
+    GetX509Name(self, name);
+    rb_scan_args(argc, argv, "01", &flag);
+    if (NIL_P(flag))
+	return ossl_x509name_to_s_old(self);
+    else iflag = NUM2ULONG(flag);
+    if (!(out = BIO_new(BIO_s_mem())))
+	rb_raise(eX509NameError, NULL);
+    if (!X509_NAME_print_ex(out, name, 0, iflag)){
+	BIO_free(out);
+	rb_raise(eX509NameError, NULL);
+    }
+    str = ossl_membio2str(out);
+
+    return str;
+}
+
 static VALUE 
 ossl_x509name_to_a(VALUE self)
 {
@ -287,7 +311,7 @@ Init_ossl_x509name()
    rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
    rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
    rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
-    rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0);
+    rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
    rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
    rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1);
    rb_define_alias(cX509Name, "<=>", "cmp");
@ -308,4 +332,9 @@ Init_ossl_x509name()
    rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
    rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
    rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
+
+    rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
+    rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
+    rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
+    rb_define_const(cX509Name, "MULTILINE", ULONG2NUM(XN_FLAG_MULTILINE));
 }
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@ -138,6 +138,105 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[2][2])
  end

+  def test_s_parse_rfc2253
+    scanner = OpenSSL::X509::Name::RFC2253DN.method(:scan)
+
+    assert_equal([["C", "JP"]], scanner.call("C=JP"))
+    assert_equal([
+        ["DC", "org"],
+        ["DC", "ruby-lang"],
+        ["CN", "GOTOU Yuuzou"],
+        ["emailAddress", "gotoyuzo@ruby-lang.org"],
+      ],
+      scanner.call(
+        "emailAddress=gotoyuzo@ruby-lang.org,CN=GOTOU Yuuzou,"+
+        "DC=ruby-lang,DC=org")
+    )
+
+    u8 = OpenSSL::ASN1::UTF8STRING
+    assert_equal([
+        ["DC", "org"],
+        ["DC", "ruby-lang"],
+        ["O", ",=+<>#;"],
+        ["O", ",=+<>#;"],
+        ["OU", ""],
+        ["OU", ""],
+        ["L", "aaa=\"bbb, ccc\""],
+        ["L", "aaa=\"bbb, ccc\""],
+        ["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
+        ["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
+        ["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
+        ["CN", "\345\276\214\350\227\244\350\243\225\350\224\265", u8],
+        ["2.5.4.3", "GOTOU, Yuuzou"],
+        ["2.5.4.3", "GOTOU, Yuuzou"],
+        ["2.5.4.3", "GOTOU, Yuuzou"],
+        ["2.5.4.3", "GOTOU, Yuuzou"],
+        ["CN", "GOTOU \"gotoyuzo\" Yuuzou"],
+        ["CN", "GOTOU \"gotoyuzo\" Yuuzou"],
+        ["1.2.840.113549.1.9.1", "gotoyuzo@ruby-lang.org"],
+        ["emailAddress", "gotoyuzo@ruby-lang.org"],
+      ],
+      scanner.call(
+        "emailAddress=gotoyuzo@ruby-lang.org," +
+        "1.2.840.113549.1.9.1=gotoyuzo@ruby-lang.org," +
+        'CN=GOTOU \"gotoyuzo\" Yuuzou,' +
+        'CN="GOTOU \"gotoyuzo\" Yuuzou",' +
+        '2.5.4.3=GOTOU\,\20Yuuzou,' +
+        '2.5.4.3=GOTOU\, Yuuzou,' +
+        '2.5.4.3="GOTOU, Yuuzou",' +
+        '2.5.4.3="GOTOU\, Yuuzou",' +
+        "CN=#0C0CE5BE8CE897A4E8A395E894B5," +
+        'CN=\E5\BE\8C\E8\97\A4\E8\A3\95\E8\94\B5,' +
+        "CN=\"\xE5\xBE\x8C\xE8\x97\xA4\xE8\xA3\x95\xE8\x94\xB5\"," +
+        "CN=\xE5\xBE\x8C\xE8\x97\xA4\xE8\xA3\x95\xE8\x94\xB5," +
+        'L=aaa\=\"bbb\, ccc\",' +
+        'L="aaa=\"bbb, ccc\"",' +
+        'OU=,' +
+        'OU="",' +
+        'O=\,\=\+\<\>\#\;,' +
+        'O=",=+<>#;",' +
+        "DC=ruby-lang," +
+        "DC=org")
+    )
+
+    [
+      "DC=org+DC=jp",
+      "DC=org,DC=ruby-lang+DC=rubyist,DC=www"
+    ].each{|dn|
+      ex = scanner.call(dn) rescue $!
+      dn_r = Regexp.escape(dn)
+      assert_match(/^multi-valued RDN is not supported: #{dn_r}/, ex.message)
+    }
+
+    [
+      ["DC=org,DC=exapmle,CN", "CN"],
+      ["DC=org,DC=example,", ""],
+      ["DC=org,DC=exapmle,CN=www.example.org;", "CN=www.example.org;"],
+      ["DC=org,DC=exapmle,CN=#www.example.org", "CN=#www.example.org"],
+      ["DC=org,DC=exapmle,CN=#777777.example.org", "CN=#777777.example.org"],
+      ["DC=org,DC=exapmle,CN=\"www.example\".org", "CN=\"www.example\".org"],
+      ["DC=org,DC=exapmle,CN=www.\"example.org\"", "CN=www.\"example.org\""],
+      ["DC=org,DC=exapmle,CN=www.\"example\".org", "CN=www.\"example\".org"],
+    ].each{|dn, msg|
+      ex = scanner.call(dn) rescue $!
+      assert_match(/^malformed RDN: .*=>#{Regexp.escape(msg)}/, ex.message)
+    }
+
+    dn = "CN=www.ruby-lang.org,DC=ruby-lang,DC=org"
+    name = OpenSSL::X509::Name.parse_rfc2253(dn)
+    assert_equal(dn, name.to_s(OpenSSL::X509::Name::RFC2253))
+    ary = name.to_a
+    assert_equal("DC", ary[0][0])
+    assert_equal("DC", ary[1][0])
+    assert_equal("CN", ary[2][0])
+    assert_equal("org", ary[0][1])
+    assert_equal("ruby-lang", ary[1][1])
+    assert_equal("www.ruby-lang.org", ary[2][1])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2])
+  end
+
  def test_add_entry
    dn = [
      ["DC", "org"],