mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
second argument to specify the output format (see also X509_NAME_print_ex). * ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants: OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253, OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE. * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN): new module to provide the parse for RFC2253 DN format. * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253): new method to parse RFC2253 DN format. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6902 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
f3721195a9
commit
07f245da37
4 changed files with 232 additions and 5 deletions
16
ChangeLog
16
ChangeLog
|
@ -1,3 +1,19 @@
|
||||||
|
Mon Sep 13 21:33:40 2004 GOTOU Yuuzou <gotoyuzo@notwork.org>
|
||||||
|
|
||||||
|
* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
|
||||||
|
second argument to specify the output format (see also
|
||||||
|
X509_NAME_print_ex).
|
||||||
|
|
||||||
|
* ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants:
|
||||||
|
OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253,
|
||||||
|
OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE.
|
||||||
|
|
||||||
|
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN):
|
||||||
|
new module to provide the parse for RFC2253 DN format.
|
||||||
|
|
||||||
|
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253):
|
||||||
|
new method to parse RFC2253 DN format.
|
||||||
|
|
||||||
Mon Sep 13 19:16:33 2004 WATANABE Hirofumi <eban@ruby-lang.org>
|
Mon Sep 13 19:16:33 2004 WATANABE Hirofumi <eban@ruby-lang.org>
|
||||||
|
|
||||||
* eval.c (blk_copy_prev): need frame_dup(). [ruby-dev:24103]
|
* eval.c (blk_copy_prev): need frame_dup(). [ruby-dev:24103]
|
||||||
|
|
|
@ -62,10 +62,93 @@ module OpenSSL
|
||||||
end
|
end
|
||||||
|
|
||||||
class Name
|
class Name
|
||||||
def self.parse(str, template=OBJECT_TYPE_TEMPLATE)
|
module RFC2253DN
|
||||||
|
Special = ',=+<>#;'
|
||||||
|
HexChar = /[0-9a-fA-F]/
|
||||||
|
HexPair = /#{HexChar}#{HexChar}/
|
||||||
|
HexString = /#{HexPair}+/
|
||||||
|
Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
|
||||||
|
StringChar = /[^#{Special}\\"]/
|
||||||
|
QuoteChar = /[^\\"]/
|
||||||
|
AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
|
||||||
|
AttributeValue = /
|
||||||
|
(?!["#])((?:#{StringChar}|#{Pair})*)|
|
||||||
|
\#(#{HexString})|
|
||||||
|
"((?:#{QuoteChar}|#{Pair})*)"
|
||||||
|
/x
|
||||||
|
TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
|
||||||
|
|
||||||
|
module_function
|
||||||
|
|
||||||
|
def expand_pair(str)
|
||||||
|
return nil unless str
|
||||||
|
return str.gsub(Pair){|pair|
|
||||||
|
case pair.size
|
||||||
|
when 2 then pair[1,1]
|
||||||
|
when 3 then Integer("0x#{pair[1,2]}").chr
|
||||||
|
else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
|
||||||
|
end
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
def expand_hexstring(str)
|
||||||
|
return nil unless str
|
||||||
|
der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
|
||||||
|
a1 = OpenSSL::ASN1.decode(der)
|
||||||
|
return a1.value, a1.tag
|
||||||
|
end
|
||||||
|
|
||||||
|
def expand_value(str1, str2, str3)
|
||||||
|
value = expand_pair(str1)
|
||||||
|
value, tag = expand_hexstring(str2) unless value
|
||||||
|
value = expand_pair(str3) unless value
|
||||||
|
return value, tag
|
||||||
|
end
|
||||||
|
|
||||||
|
def scan(dn)
|
||||||
|
str = dn
|
||||||
|
ary = []
|
||||||
|
while true
|
||||||
|
if md = TypeAndValue.match(str)
|
||||||
|
matched = md.to_s
|
||||||
|
remain = md.post_match
|
||||||
|
type = md[1]
|
||||||
|
value, tag = expand_value(md[2], md[3], md[4]) rescue nil
|
||||||
|
if value
|
||||||
|
type_and_value = [type, value]
|
||||||
|
type_and_value.push(tag) if tag
|
||||||
|
ary.unshift(type_and_value)
|
||||||
|
if remain.length > 2 && remain[0] == ?,
|
||||||
|
str = remain[1..-1]
|
||||||
|
next
|
||||||
|
elsif remain.length > 2 && remain[0] == ?+
|
||||||
|
raise OpenSSL::X509::NameError,
|
||||||
|
"multi-valued RDN is not supported: #{dn}"
|
||||||
|
elsif remain.empty?
|
||||||
|
break
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
msg_dn = dn[0, dn.length - str.length] + " =>" + str
|
||||||
|
raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
|
||||||
|
end
|
||||||
|
return ary
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
class <<self
|
||||||
|
def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
|
||||||
|
ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
|
||||||
|
self.new(ary, template)
|
||||||
|
end
|
||||||
|
|
||||||
|
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
||||||
ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
|
ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
|
||||||
self.new(ary, template)
|
self.new(ary, template)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
alias parse parse_openssl
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -158,7 +158,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
|
||||||
}
|
}
|
||||||
|
|
||||||
static VALUE
|
static VALUE
|
||||||
ossl_x509name_to_s(VALUE self)
|
ossl_x509name_to_s_old(VALUE self)
|
||||||
{
|
{
|
||||||
X509_NAME *name;
|
X509_NAME *name;
|
||||||
char *buf;
|
char *buf;
|
||||||
|
@ -172,6 +172,30 @@ ossl_x509name_to_s(VALUE self)
|
||||||
return str;
|
return str;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static VALUE
|
||||||
|
ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
|
||||||
|
{
|
||||||
|
X509_NAME *name;
|
||||||
|
VALUE flag, str;
|
||||||
|
BIO *out;
|
||||||
|
unsigned long iflag;
|
||||||
|
|
||||||
|
GetX509Name(self, name);
|
||||||
|
rb_scan_args(argc, argv, "01", &flag);
|
||||||
|
if (NIL_P(flag))
|
||||||
|
return ossl_x509name_to_s_old(self);
|
||||||
|
else iflag = NUM2ULONG(flag);
|
||||||
|
if (!(out = BIO_new(BIO_s_mem())))
|
||||||
|
rb_raise(eX509NameError, NULL);
|
||||||
|
if (!X509_NAME_print_ex(out, name, 0, iflag)){
|
||||||
|
BIO_free(out);
|
||||||
|
rb_raise(eX509NameError, NULL);
|
||||||
|
}
|
||||||
|
str = ossl_membio2str(out);
|
||||||
|
|
||||||
|
return str;
|
||||||
|
}
|
||||||
|
|
||||||
static VALUE
|
static VALUE
|
||||||
ossl_x509name_to_a(VALUE self)
|
ossl_x509name_to_a(VALUE self)
|
||||||
{
|
{
|
||||||
|
@ -287,7 +311,7 @@ Init_ossl_x509name()
|
||||||
rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
|
rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
|
||||||
rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
|
rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
|
||||||
rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
|
rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
|
||||||
rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0);
|
rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
|
||||||
rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
|
rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
|
||||||
rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1);
|
rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1);
|
||||||
rb_define_alias(cX509Name, "<=>", "cmp");
|
rb_define_alias(cX509Name, "<=>", "cmp");
|
||||||
|
@ -308,4 +332,9 @@ Init_ossl_x509name()
|
||||||
rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
|
rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
|
||||||
rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
|
rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
|
||||||
rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
|
rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
|
||||||
|
|
||||||
|
rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
|
||||||
|
rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
|
||||||
|
rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
|
||||||
|
rb_define_const(cX509Name, "MULTILINE", ULONG2NUM(XN_FLAG_MULTILINE));
|
||||||
}
|
}
|
||||||
|
|
|
@ -138,6 +138,105 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
|
||||||
assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[2][2])
|
assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[2][2])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_s_parse_rfc2253
|
||||||
|
scanner = OpenSSL::X509::Name::RFC2253DN.method(:scan)
|
||||||
|
|
||||||
|
assert_equal([["C", "JP"]], scanner.call("C=JP"))
|
||||||
|
assert_equal([
|
||||||
|
["DC", "org"],
|
||||||
|
["DC", "ruby-lang"],
|
||||||
|
["CN", "GOTOU Yuuzou"],
|
||||||
|
["emailAddress", "gotoyuzo@ruby-lang.org"],
|
||||||
|
],
|
||||||
|
scanner.call(
|
||||||
|
"emailAddress=gotoyuzo@ruby-lang.org,CN=GOTOU Yuuzou,"+
|
||||||
|
"DC=ruby-lang,DC=org")
|
||||||
|
)
|
||||||
|
|
||||||
|
u8 = OpenSSL::ASN1::UTF8STRING
|
||||||
|
assert_equal([
|
||||||
|
["DC", "org"],
|
||||||
|
["DC", "ruby-lang"],
|
||||||
|
["O", ",=+<>#;"],
|
||||||
|
["O", ",=+<>#;"],
|
||||||
|
["OU", ""],
|
||||||
|
["OU", ""],
|
||||||
|
["L", "aaa=\"bbb, ccc\""],
|
||||||
|
["L", "aaa=\"bbb, ccc\""],
|
||||||
|
["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
|
||||||
|
["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
|
||||||
|
["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"],
|
||||||
|
["CN", "\345\276\214\350\227\244\350\243\225\350\224\265", u8],
|
||||||
|
["2.5.4.3", "GOTOU, Yuuzou"],
|
||||||
|
["2.5.4.3", "GOTOU, Yuuzou"],
|
||||||
|
["2.5.4.3", "GOTOU, Yuuzou"],
|
||||||
|
["2.5.4.3", "GOTOU, Yuuzou"],
|
||||||
|
["CN", "GOTOU \"gotoyuzo\" Yuuzou"],
|
||||||
|
["CN", "GOTOU \"gotoyuzo\" Yuuzou"],
|
||||||
|
["1.2.840.113549.1.9.1", "gotoyuzo@ruby-lang.org"],
|
||||||
|
["emailAddress", "gotoyuzo@ruby-lang.org"],
|
||||||
|
],
|
||||||
|
scanner.call(
|
||||||
|
"emailAddress=gotoyuzo@ruby-lang.org," +
|
||||||
|
"1.2.840.113549.1.9.1=gotoyuzo@ruby-lang.org," +
|
||||||
|
'CN=GOTOU \"gotoyuzo\" Yuuzou,' +
|
||||||
|
'CN="GOTOU \"gotoyuzo\" Yuuzou",' +
|
||||||
|
'2.5.4.3=GOTOU\,\20Yuuzou,' +
|
||||||
|
'2.5.4.3=GOTOU\, Yuuzou,' +
|
||||||
|
'2.5.4.3="GOTOU, Yuuzou",' +
|
||||||
|
'2.5.4.3="GOTOU\, Yuuzou",' +
|
||||||
|
"CN=#0C0CE5BE8CE897A4E8A395E894B5," +
|
||||||
|
'CN=\E5\BE\8C\E8\97\A4\E8\A3\95\E8\94\B5,' +
|
||||||
|
"CN=\"\xE5\xBE\x8C\xE8\x97\xA4\xE8\xA3\x95\xE8\x94\xB5\"," +
|
||||||
|
"CN=\xE5\xBE\x8C\xE8\x97\xA4\xE8\xA3\x95\xE8\x94\xB5," +
|
||||||
|
'L=aaa\=\"bbb\, ccc\",' +
|
||||||
|
'L="aaa=\"bbb, ccc\"",' +
|
||||||
|
'OU=,' +
|
||||||
|
'OU="",' +
|
||||||
|
'O=\,\=\+\<\>\#\;,' +
|
||||||
|
'O=",=+<>#;",' +
|
||||||
|
"DC=ruby-lang," +
|
||||||
|
"DC=org")
|
||||||
|
)
|
||||||
|
|
||||||
|
[
|
||||||
|
"DC=org+DC=jp",
|
||||||
|
"DC=org,DC=ruby-lang+DC=rubyist,DC=www"
|
||||||
|
].each{|dn|
|
||||||
|
ex = scanner.call(dn) rescue $!
|
||||||
|
dn_r = Regexp.escape(dn)
|
||||||
|
assert_match(/^multi-valued RDN is not supported: #{dn_r}/, ex.message)
|
||||||
|
}
|
||||||
|
|
||||||
|
[
|
||||||
|
["DC=org,DC=exapmle,CN", "CN"],
|
||||||
|
["DC=org,DC=example,", ""],
|
||||||
|
["DC=org,DC=exapmle,CN=www.example.org;", "CN=www.example.org;"],
|
||||||
|
["DC=org,DC=exapmle,CN=#www.example.org", "CN=#www.example.org"],
|
||||||
|
["DC=org,DC=exapmle,CN=#777777.example.org", "CN=#777777.example.org"],
|
||||||
|
["DC=org,DC=exapmle,CN=\"www.example\".org", "CN=\"www.example\".org"],
|
||||||
|
["DC=org,DC=exapmle,CN=www.\"example.org\"", "CN=www.\"example.org\""],
|
||||||
|
["DC=org,DC=exapmle,CN=www.\"example\".org", "CN=www.\"example\".org"],
|
||||||
|
].each{|dn, msg|
|
||||||
|
ex = scanner.call(dn) rescue $!
|
||||||
|
assert_match(/^malformed RDN: .*=>#{Regexp.escape(msg)}/, ex.message)
|
||||||
|
}
|
||||||
|
|
||||||
|
dn = "CN=www.ruby-lang.org,DC=ruby-lang,DC=org"
|
||||||
|
name = OpenSSL::X509::Name.parse_rfc2253(dn)
|
||||||
|
assert_equal(dn, name.to_s(OpenSSL::X509::Name::RFC2253))
|
||||||
|
ary = name.to_a
|
||||||
|
assert_equal("DC", ary[0][0])
|
||||||
|
assert_equal("DC", ary[1][0])
|
||||||
|
assert_equal("CN", ary[2][0])
|
||||||
|
assert_equal("org", ary[0][1])
|
||||||
|
assert_equal("ruby-lang", ary[1][1])
|
||||||
|
assert_equal("www.ruby-lang.org", ary[2][1])
|
||||||
|
assert_equal(OpenSSL::ASN1::IA5STRING, ary[0][2])
|
||||||
|
assert_equal(OpenSSL::ASN1::IA5STRING, ary[1][2])
|
||||||
|
assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2])
|
||||||
|
end
|
||||||
|
|
||||||
def test_add_entry
|
def test_add_entry
|
||||||
dn = [
|
dn = [
|
||||||
["DC", "org"],
|
["DC", "org"],
|
||||||
|
|
Loading…
Reference in a new issue