mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
second argument to specify the output format (see also X509_NAME_print_ex). * ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants: OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253, OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE. * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN): new module to provide the parse for RFC2253 DN format. * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253): new method to parse RFC2253 DN format. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6902 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
f3721195a9
commit
07f245da37
4 changed files with 232 additions and 5 deletions
16
ChangeLog
16
ChangeLog
|
@ -1,3 +1,19 @@
|
|||
Mon Sep 13 21:33:40 2004 GOTOU Yuuzou <gotoyuzo@notwork.org>
|
||||
|
||||
* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
|
||||
second argument to specify the output format (see also
|
||||
X509_NAME_print_ex).
|
||||
|
||||
* ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants:
|
||||
OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253,
|
||||
OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE.
|
||||
|
||||
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN):
|
||||
new module to provide the parse for RFC2253 DN format.
|
||||
|
||||
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253):
|
||||
new method to parse RFC2253 DN format.
|
||||
|
||||
Mon Sep 13 19:16:33 2004 WATANABE Hirofumi <eban@ruby-lang.org>
|
||||
|
||||
* eval.c (blk_copy_prev): need frame_dup(). [ruby-dev:24103]
|
||||
|
|
|
@ -62,9 +62,92 @@ module OpenSSL
|
|||
end
|
||||
|
||||
class Name
|
||||
def self.parse(str, template=OBJECT_TYPE_TEMPLATE)
|
||||
ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
|
||||
self.new(ary, template)
|
||||
module RFC2253DN
|
||||
Special = ',=+<>#;'
|
||||
HexChar = /[0-9a-fA-F]/
|
||||
HexPair = /#{HexChar}#{HexChar}/
|
||||
HexString = /#{HexPair}+/
|
||||
Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
|
||||
StringChar = /[^#{Special}\\"]/
|
||||
QuoteChar = /[^\\"]/
|
||||
AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
|
||||
AttributeValue = /
|
||||
(?!["#])((?:#{StringChar}|#{Pair})*)|
|
||||
\#(#{HexString})|
|
||||
"((?:#{QuoteChar}|#{Pair})*)"
|
||||
/x
|
||||
TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
|
||||
|
||||
module_function
|
||||
|
||||
def expand_pair(str)
|
||||
return nil unless str
|
||||
return str.gsub(Pair){|pair|
|
||||
case pair.size
|
||||
when 2 then pair[1,1]
|
||||
when 3 then Integer("0x#{pair[1,2]}").chr
|
||||
else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
|
||||
end
|
||||
}
|
||||
end
|
||||
|
||||
def expand_hexstring(str)
|
||||
return nil unless str
|
||||
der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
|
||||
a1 = OpenSSL::ASN1.decode(der)
|
||||
return a1.value, a1.tag
|
||||
end
|
||||
|
||||
def expand_value(str1, str2, str3)
|
||||
value = expand_pair(str1)
|
||||
value, tag = expand_hexstring(str2) unless value
|
||||
value = expand_pair(str3) unless value
|
||||
return value, tag
|
||||
end
|
||||
|
||||
def scan(dn)
|
||||
str = dn
|
||||
ary = []
|
||||
while true
|
||||
if md = TypeAndValue.match(str)
|
||||
matched = md.to_s
|
||||
remain = md.post_match
|
||||
type = md[1]
|
||||
value, tag = expand_value(md[2], md[3], md[4]) rescue nil
|
||||
if value
|
||||
type_and_value = [type, value]
|
||||
type_and_value.push(tag) if tag
|
||||
ary.unshift(type_and_value)
|
||||
if remain.length > 2 && remain[0] == ?,
|
||||
str = remain[1..-1]
|
||||
next
|
||||
elsif remain.length > 2 && remain[0] == ?+
|
||||
raise OpenSSL::X509::NameError,
|
||||
"multi-valued RDN is not supported: #{dn}"
|
||||
elsif remain.empty?
|
||||
break
|
||||
end
|
||||
end
|
||||
end
|
||||
msg_dn = dn[0, dn.length - str.length] + " =>" + str
|
||||
raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
|
||||
end
|
||||
return ary
|
||||
end
|
||||
end
|
||||
|
||||
class <<self
|
||||
def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
|
||||
ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
|
||||
self.new(ary, template)
|
||||
end
|
||||
|
||||
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
||||
ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
|
||||
self.new(ary, template)
|
||||
end
|
||||
|
||||
alias parse parse_openssl
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -158,7 +158,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
|
|||
}
|
||||
|
||||
static VALUE
|
||||
ossl_x509name_to_s(VALUE self)
|
||||
ossl_x509name_to_s_old(VALUE self)
|
||||
{
|
||||
X509_NAME *name;
|
||||
char *buf;
|
||||
|
@ -172,6 +172,30 @@ ossl_x509name_to_s(VALUE self)
|
|||
return str;
|
||||
}
|
||||
|
||||
static VALUE
|
||||
ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
|
||||
{
|
||||
X509_NAME *name;
|
||||
VALUE flag, str;
|
||||
BIO *out;
|
||||
unsigned long iflag;
|
||||
|
||||
GetX509Name(self, name);
|
||||
rb_scan_args(argc, argv, "01", &flag);
|
||||
if (NIL_P(flag))
|
||||
return ossl_x509name_to_s_old(self);
|
||||
else iflag = NUM2ULONG(flag);
|
||||
if (!(out = BIO_new(BIO_s_mem())))
|
||||
rb_raise(eX509NameError, NULL);
|
||||
if (!X509_NAME_print_ex(out, name, 0, iflag)){
|
||||
BIO_free(out);
|
||||
rb_raise(eX509NameError, NULL);
|
||||
}
|
||||
str = ossl_membio2str(out);
|
||||
|
||||
return str;
|
||||
}
|
||||
|
||||
static VALUE
|
||||
ossl_x509name_to_a(VALUE self)
|
||||
{
|
||||
|
@ -287,7 +311,7 @@ Init_ossl_x509name()
|
|||
rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
|
||||
rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
|
||||
rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
|
||||
rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0);
|
||||
rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
|
||||
rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
|
||||
rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1);
|
||||
rb_define_alias(cX509Name, "<=>", "cmp");
|
||||
|
@ -308,4 +332,9 @@ Init_ossl_x509name()
|
|||
rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
|
||||
rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
|
||||
rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
|
||||
|
||||
rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
|
||||
rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
|
||||
rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
|
||||
rb_define_const(cX509Name, "MULTILINE", ULONG2NUM(XN_FLAG_MULTILINE));
|
||||
}
|
||||
|
|
|
@ -138,6 +138,105 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
|
|||
assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[2][2])
|
||||
end
|
||||
|
||||
def test_s_parse_rfc2253
|
||||
scanner = OpenSSL::X509::Name::RFC2253DN.method(:scan)
|
||||
|
||||
assert_equal([["C", "JP"]], scanner.call("C=JP"))
|
||||
assert_equal([
|
||||
["DC", "org"],
|
||||
["DC", "ruby-lang"],
|
||||
["CN", "GOTOU Yuuzou"],
|
||||
["emailAddress", "gotoyuzo@ruby-lang.org"],
|
||||
],
|
||||
scanner.call(
|
||||
"emailAddress=gotoyuzo@ruby-lang.org,CN=GOTOU Yuuzou,"+
|
||||
"DC=ruby-lang,DC=org")
|
||||
)
|
||||
|
||||
u8 = OpenSSL::ASN1::UTF8STRING
|
||||
assert_equal([
|
||||
["DC", "org"],
|
||||
["DC", "ruby-lang"],
|
||||
["O", ",=+<>#;"],
|
||||
["O", ",=+<>#;"],
|
||||
["OU", ""],
|
||||
["OU", ""],
|
||||
["L", "aaa=\"bbb, ccc\""],
|
||||
["L", "aaa=\"bbb, ccc\""],
|
||||
["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
|
||||
["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
|
||||
["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
|
||||
["CN", "\345\276\214\350\227\244\350\243\225\350\224\265", u8],
|
||||
["2.5.4.3", "GOTOU, Yuuzou"],
|
||||
["2.5.4.3", "GOTOU, Yuuzou"],
|
||||
["2.5.4.3", "GOTOU, Yuuzou"],
|
||||
["2.5.4.3", "GOTOU, Yuuzou"],
|
||||
["CN", "GOTOU \"gotoyuzo\" Yuuzou"],
|
||||
["CN", "GOTOU \"gotoyuzo\" Yuuzou"],
|
||||
["1.2.840.113549.1.9.1", "gotoyuzo@ruby-lang.org"],
|
||||
["emailAddress", "gotoyuzo@ruby-lang.org"],
|
||||
],
|
||||
scanner.call(
|
||||
"emailAddress=gotoyuzo@ruby-lang.org," +
|
||||
"1.2.840.113549.1.9.1=gotoyuzo@ruby-lang.org," +
|
||||
'CN=GOTOU \"gotoyuzo\" Yuuzou,' +
|
||||
'CN="GOTOU \"gotoyuzo\" Yuuzou",' +
|
||||
'2.5.4.3=GOTOU\,\20Yuuzou,' +
|
||||
'2.5.4.3=GOTOU\, Yuuzou,' +
|
||||
'2.5.4.3="GOTOU, Yuuzou",' +
|
||||
'2.5.4.3="GOTOU\, Yuuzou",' +
|
||||
"CN=#0C0CE5BE8CE897A4E8A395E894B5," +
|
||||
'CN=\E5\BE\8C\E8\97\A4\E8\A3\95\E8\94\B5,' +
|
||||
"CN=\"\xE5\xBE\x8C\xE8\x97\xA4\xE8\xA3\x95\xE8\x94\xB5\"," +
|
||||
"CN=\xE5\xBE\x8C\xE8\x97\xA4\xE8\xA3\x95\xE8\x94\xB5," +
|
||||
'L=aaa\=\"bbb\, ccc\",' +
|
||||
'L="aaa=\"bbb, ccc\"",' +
|
||||
'OU=,' +
|
||||
'OU="",' +
|
||||
'O=\,\=\+\<\>\#\;,' +
|
||||
'O=",=+<>#;",' +
|
||||
"DC=ruby-lang," +
|
||||
"DC=org")
|
||||
)
|
||||
|
||||
[
|
||||
"DC=org+DC=jp",
|
||||
"DC=org,DC=ruby-lang+DC=rubyist,DC=www"
|
||||
].each{|dn|
|
||||
ex = scanner.call(dn) rescue $!
|
||||
dn_r = Regexp.escape(dn)
|
||||
assert_match(/^multi-valued RDN is not supported: #{dn_r}/, ex.message)
|
||||
}
|
||||
|
||||
[
|
||||
["DC=org,DC=exapmle,CN", "CN"],
|
||||
["DC=org,DC=example,", ""],
|
||||
["DC=org,DC=exapmle,CN=www.example.org;", "CN=www.example.org;"],
|
||||
["DC=org,DC=exapmle,CN=#www.example.org", "CN=#www.example.org"],
|
||||
["DC=org,DC=exapmle,CN=#777777.example.org", "CN=#777777.example.org"],
|
||||
["DC=org,DC=exapmle,CN=\"www.example\".org", "CN=\"www.example\".org"],
|
||||
["DC=org,DC=exapmle,CN=www.\"example.org\"", "CN=www.\"example.org\""],
|
||||
["DC=org,DC=exapmle,CN=www.\"example\".org", "CN=www.\"example\".org"],
|
||||
].each{|dn, msg|
|
||||
ex = scanner.call(dn) rescue $!
|
||||
assert_match(/^malformed RDN: .*=>#{Regexp.escape(msg)}/, ex.message)
|
||||
}
|
||||
|
||||
dn = "CN=www.ruby-lang.org,DC=ruby-lang,DC=org"
|
||||
name = OpenSSL::X509::Name.parse_rfc2253(dn)
|
||||
assert_equal(dn, name.to_s(OpenSSL::X509::Name::RFC2253))
|
||||
ary = name.to_a
|
||||
assert_equal("DC", ary[0][0])
|
||||
assert_equal("DC", ary[1][0])
|
||||
assert_equal("CN", ary[2][0])
|
||||
assert_equal("org", ary[0][1])
|
||||
assert_equal("ruby-lang", ary[1][1])
|
||||
assert_equal("www.ruby-lang.org", ary[2][1])
|
||||
assert_equal(OpenSSL::ASN1::IA5STRING, ary[0][2])
|
||||
assert_equal(OpenSSL::ASN1::IA5STRING, ary[1][2])
|
||||
assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2])
|
||||
end
|
||||
|
||||
def test_add_entry
|
||||
dn = [
|
||||
["DC", "org"],
|
||||
|
|
Loading…
Reference in a new issue