diff options
author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-09-13 12:35:25 +0000 |
---|---|---|
committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-09-13 12:35:25 +0000 |
commit | 07f245da375d80612bf3abd987cf51e69cee6bf2 (patch) | |
tree | e6479be5664f7f66925b9a8d4ab0458ee1c6a290 | |
parent | f3721195a939a36457d0fbbe1991b4b9e93f199a (diff) | |
download | ruby-07f245da375d80612bf3abd987cf51e69cee6bf2.tar.gz |
* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
second argument to specify the output format (see also
X509_NAME_print_ex).
* ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants:
OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253,
OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE.
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN):
new module to provide the parse for RFC2253 DN format.
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253):
new method to parse RFC2253 DN format.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6902 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 16 | ||||
-rw-r--r-- | ext/openssl/lib/openssl/x509.rb | 89 | ||||
-rw-r--r-- | ext/openssl/ossl_x509name.c | 33 | ||||
-rw-r--r-- | test/openssl/test_x509name.rb | 99 |
4 files changed, 232 insertions, 5 deletions
@@ -1,3 +1,19 @@ +Mon Sep 13 21:33:40 2004 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional + second argument to specify the output format (see also + X509_NAME_print_ex). + + * ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants: + OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253, + OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE. + + * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN): + new module to provide the parse for RFC2253 DN format. + + * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253): + new method to parse RFC2253 DN format. + Mon Sep 13 19:16:33 2004 WATANABE Hirofumi <eban@ruby-lang.org> * eval.c (blk_copy_prev): need frame_dup(). [ruby-dev:24103] diff --git a/ext/openssl/lib/openssl/x509.rb b/ext/openssl/lib/openssl/x509.rb index 6dd469827a..e711bda39c 100644 --- a/ext/openssl/lib/openssl/x509.rb +++ b/ext/openssl/lib/openssl/x509.rb @@ -62,9 +62,92 @@ module OpenSSL end class Name - def self.parse(str, template=OBJECT_TYPE_TEMPLATE) - ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) } - self.new(ary, template) + module RFC2253DN + Special = ',=+<>#;' + HexChar = /[0-9a-fA-F]/ + HexPair = /#{HexChar}#{HexChar}/ + HexString = /#{HexPair}+/ + Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/ + StringChar = /[^#{Special}\\"]/ + QuoteChar = /[^\\"]/ + AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/ + AttributeValue = / + (?!["#])((?:#{StringChar}|#{Pair})*)| + \#(#{HexString})| + "((?:#{QuoteChar}|#{Pair})*)" + /x + TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/ + + module_function + + def expand_pair(str) + return nil unless str + return str.gsub(Pair){|pair| + case pair.size + when 2 then pair[1,1] + when 3 then Integer("0x#{pair[1,2]}").chr + else raise OpenSSL::X509::NameError, "invalid pair: #{str}" + end + } + end + + def expand_hexstring(str) + return nil unless str + der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr } + a1 = OpenSSL::ASN1.decode(der) + return a1.value, a1.tag + end + + def expand_value(str1, str2, str3) + value = expand_pair(str1) + value, tag = expand_hexstring(str2) unless value + value = expand_pair(str3) unless value + return value, tag + end + + def scan(dn) + str = dn + ary = [] + while true + if md = TypeAndValue.match(str) + matched = md.to_s + remain = md.post_match + type = md[1] + value, tag = expand_value(md[2], md[3], md[4]) rescue nil + if value + type_and_value = [type, value] + type_and_value.push(tag) if tag + ary.unshift(type_and_value) + if remain.length > 2 && remain[0] == ?, + str = remain[1..-1] + next + elsif remain.length > 2 && remain[0] == ?+ + raise OpenSSL::X509::NameError, + "multi-valued RDN is not supported: #{dn}" + elsif remain.empty? + break + end + end + end + msg_dn = dn[0, dn.length - str.length] + " =>" + str + raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}" + end + return ary + end + end + + class <<self + def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE) + ary = OpenSSL::X509::Name::RFC2253DN.scan(str) + self.new(ary, template) + end + + def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE) + ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) } + self.new(ary, template) + end + + alias parse parse_openssl end end end diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index b198157504..dc43261d8b 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -158,7 +158,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self) } static VALUE -ossl_x509name_to_s(VALUE self) +ossl_x509name_to_s_old(VALUE self) { X509_NAME *name; char *buf; @@ -172,6 +172,30 @@ ossl_x509name_to_s(VALUE self) return str; } +static VALUE +ossl_x509name_to_s(int argc, VALUE *argv, VALUE self) +{ + X509_NAME *name; + VALUE flag, str; + BIO *out; + unsigned long iflag; + + GetX509Name(self, name); + rb_scan_args(argc, argv, "01", &flag); + if (NIL_P(flag)) + return ossl_x509name_to_s_old(self); + else iflag = NUM2ULONG(flag); + if (!(out = BIO_new(BIO_s_mem()))) + rb_raise(eX509NameError, NULL); + if (!X509_NAME_print_ex(out, name, 0, iflag)){ + BIO_free(out); + rb_raise(eX509NameError, NULL); + } + str = ossl_membio2str(out); + + return str; +} + static VALUE ossl_x509name_to_a(VALUE self) { @@ -287,7 +311,7 @@ Init_ossl_x509name() rb_define_alloc_func(cX509Name, ossl_x509name_alloc); rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1); rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1); - rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0); + rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1); rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0); rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1); rb_define_alias(cX509Name, "<=>", "cmp"); @@ -308,4 +332,9 @@ Init_ossl_x509name() rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str); rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str); rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash); + + rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT)); + rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253)); + rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE)); + rb_define_const(cX509Name, "MULTILINE", ULONG2NUM(XN_FLAG_MULTILINE)); } diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb index 14004a4e20..8d6d9cb534 100644 --- a/test/openssl/test_x509name.rb +++ b/test/openssl/test_x509name.rb @@ -138,6 +138,105 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[2][2]) end + def test_s_parse_rfc2253 + scanner = OpenSSL::X509::Name::RFC2253DN.method(:scan) + + assert_equal([["C", "JP"]], scanner.call("C=JP")) + assert_equal([ + ["DC", "org"], + ["DC", "ruby-lang"], + ["CN", "GOTOU Yuuzou"], + ["emailAddress", "gotoyuzo@ruby-lang.org"], + ], + scanner.call( + "emailAddress=gotoyuzo@ruby-lang.org,CN=GOTOU Yuuzou,"+ + "DC=ruby-lang,DC=org") + ) + + u8 = OpenSSL::ASN1::UTF8STRING + assert_equal([ + ["DC", "org"], + ["DC", "ruby-lang"], + ["O", ",=+<>#;"], + ["O", ",=+<>#;"], + ["OU", ""], + ["OU", ""], + ["L", "aaa=\"bbb, ccc\""], + ["L", "aaa=\"bbb, ccc\""], + ["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"], + ["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"], + ["CN", "\345\276\214\350\227\244\350\243\225\350\224\265"], + ["CN", "\345\276\214\350\227\244\350\243\225\350\224\265", u8], + ["2.5.4.3", "GOTOU, Yuuzou"], + ["2.5.4.3", "GOTOU, Yuuzou"], + ["2.5.4.3", "GOTOU, Yuuzou"], + ["2.5.4.3", "GOTOU, Yuuzou"], + ["CN", "GOTOU \"gotoyuzo\" Yuuzou"], + ["CN", "GOTOU \"gotoyuzo\" Yuuzou"], + ["1.2.840.113549.1.9.1", "gotoyuzo@ruby-lang.org"], + ["emailAddress", "gotoyuzo@ruby-lang.org"], + ], + scanner.call( + "emailAddress=gotoyuzo@ruby-lang.org," + + "1.2.840.113549.1.9.1=gotoyuzo@ruby-lang.org," + + 'CN=GOTOU \"gotoyuzo\" Yuuzou,' + + 'CN="GOTOU \"gotoyuzo\" Yuuzou",' + + '2.5.4.3=GOTOU\,\20Yuuzou,' + + '2.5.4.3=GOTOU\, Yuuzou,' + + '2.5.4.3="GOTOU, Yuuzou",' + + '2.5.4.3="GOTOU\, Yuuzou",' + + "CN=#0C0CE5BE8CE897A4E8A395E894B5," + + 'CN=\E5\BE\8C\E8\97\A4\E8\A3\95\E8\94\B5,' + + "CN=\"\xE5\xBE\x8C\xE8\x97\xA4\xE8\xA3\x95\xE8\x94\xB5\"," + + "CN=\xE5\xBE\x8C\xE8\x97\xA4\xE8\xA3\x95\xE8\x94\xB5," + + 'L=aaa\=\"bbb\, ccc\",' + + 'L="aaa=\"bbb, ccc\"",' + + 'OU=,' + + 'OU="",' + + 'O=\,\=\+\<\>\#\;,' + + 'O=",=+<>#;",' + + "DC=ruby-lang," + + "DC=org") + ) + + [ + "DC=org+DC=jp", + "DC=org,DC=ruby-lang+DC=rubyist,DC=www" + ].each{|dn| + ex = scanner.call(dn) rescue $! + dn_r = Regexp.escape(dn) + assert_match(/^multi-valued RDN is not supported: #{dn_r}/, ex.message) + } + + [ + ["DC=org,DC=exapmle,CN", "CN"], + ["DC=org,DC=example,", ""], + ["DC=org,DC=exapmle,CN=www.example.org;", "CN=www.example.org;"], + ["DC=org,DC=exapmle,CN=#www.example.org", "CN=#www.example.org"], + ["DC=org,DC=exapmle,CN=#777777.example.org", "CN=#777777.example.org"], + ["DC=org,DC=exapmle,CN=\"www.example\".org", "CN=\"www.example\".org"], + ["DC=org,DC=exapmle,CN=www.\"example.org\"", "CN=www.\"example.org\""], + ["DC=org,DC=exapmle,CN=www.\"example\".org", "CN=www.\"example\".org"], + ].each{|dn, msg| + ex = scanner.call(dn) rescue $! + assert_match(/^malformed RDN: .*=>#{Regexp.escape(msg)}/, ex.message) + } + + dn = "CN=www.ruby-lang.org,DC=ruby-lang,DC=org" + name = OpenSSL::X509::Name.parse_rfc2253(dn) + assert_equal(dn, name.to_s(OpenSSL::X509::Name::RFC2253)) + ary = name.to_a + assert_equal("DC", ary[0][0]) + assert_equal("DC", ary[1][0]) + assert_equal("CN", ary[2][0]) + assert_equal("org", ary[0][1]) + assert_equal("ruby-lang", ary[1][1]) + assert_equal("www.ruby-lang.org", ary[2][1]) + assert_equal(OpenSSL::ASN1::IA5STRING, ary[0][2]) + assert_equal(OpenSSL::ASN1::IA5STRING, ary[1][2]) + assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2]) + end + def test_add_entry dn = [ ["DC", "org"], |