Mercurial > hg > icedtea7

changeset 1934:dd483ae1e6ca

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
2009-06-24 Omair Majid <omajid@redhat.com> * netx/net/sourceforge/jnlp/security/CertWarningPane.java (installComponents): Call SecurityUtil.getCN instead of getCN. (getCN): Removed. * netx/net/sourceforge/jnlp/security/CertsInfoPane.java (buildTree): Call SecurityUtil.getCN instead of getCN. (populateTable): Likewise. (getCN): Removed. * netx/net/sourceforge/jnlp/security/SecurityUtil.java (getCN): Follow RFC 2253 partially and understand escaping. (isHexDigit): New function. * netx/net/sourceforge/jnlp/security/SingleCertInfoPane.java (buildTree): Call SecurityUtil.getCN instead of getCN. (populateTable): Likewise. * netx/net/sourceforge/jnlp/tools/KeyTool.java: (doPrintEntry): Call SecurityUtil.getCN instead of getCN. (getCN): Removed.
author Omair Majid <omajid@redhat.com>
date Wed, 24 Jun 2009 16:26:08 -0400
parents 9528fc8f3555
children 0a41b2f5f086
files ChangeLog netx/net/sourceforge/jnlp/security/CertWarningPane.java netx/net/sourceforge/jnlp/security/CertsInfoPane.java netx/net/sourceforge/jnlp/security/SecurityUtil.java netx/net/sourceforge/jnlp/security/SingleCertInfoPane.java netx/net/sourceforge/jnlp/tools/KeyTool.java
diffstat 6 files changed, 128 insertions(+), 75 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Jun 24 15:10:22 2009 -0400
+++ b/ChangeLog	Wed Jun 24 16:26:08 2009 -0400
@@ -1,3 +1,22 @@
+2009-06-24  Omair Majid  <omajid@redhat.com>
+
+	* netx/net/sourceforge/jnlp/security/CertWarningPane.java
+	(installComponents): Call SecurityUtil.getCN instead of getCN.
+	(getCN): Removed.
+	* netx/net/sourceforge/jnlp/security/CertsInfoPane.java
+	(buildTree): Call SecurityUtil.getCN instead of getCN.
+	(populateTable): Likewise.
+	(getCN): Removed.
+	* netx/net/sourceforge/jnlp/security/SecurityUtil.java
+	(getCN): Follow RFC 2253 partially and understand escaping.
+	(isHexDigit): New function.
+	* netx/net/sourceforge/jnlp/security/SingleCertInfoPane.java
+	(buildTree): Call SecurityUtil.getCN instead of getCN.
+	(populateTable): Likewise.
+	* netx/net/sourceforge/jnlp/tools/KeyTool.java:
+	(doPrintEntry): Call SecurityUtil.getCN instead of getCN.
+	(getCN): Removed. 
+
 2009-06-24  Omair Majid  <omajid@redhat.com>
 
 	* netx/net/sourceforge/jnlp/Launcher.java
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java	Wed Jun 24 15:10:22 2009 -0400
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java	Wed Jun 24 16:26:08 2009 -0400
@@ -101,7 +101,7 @@
 		try {
 			if ((certVerifier instanceof HttpsCertVerifier) && 
 			     (c instanceof X509Certificate))
-			   name = getCN(((X509Certificate)c)
+			   name = SecurityUtil.getCN(((X509Certificate)c)
                                         .getSubjectX500Principal().getName());
 			else if (file instanceof PluginBridge)
 				name = file.getTitle();
@@ -112,7 +112,7 @@
 
 		try {
 			if (c instanceof X509Certificate) {
-				publisher = getCN(((X509Certificate)c)
+				publisher = SecurityUtil.getCN(((X509Certificate)c)
 					.getSubjectX500Principal().getName());
 			}
 		} catch (Exception e) {
@@ -236,24 +236,6 @@
         return "<html>"+s+"</html>";
     }
 
-
-    /**
-     * Extracts the CN field from a Certificate principal string.
-     */
-    private String getCN(String principal) {
-        int start = principal.indexOf("CN=");
-        int end = principal.indexOf(",", start);
-
-        if (end == -1) {
-            end = principal.length();
-        }
-
-        if (start >= 0)
-            return principal.substring(start+3, end);
-        else
-            return principal;
-    }
-
 	private class MoreInfoButtonListener implements ActionListener {
 		public void actionPerformed(ActionEvent e) {
 			
--- a/netx/net/sourceforge/jnlp/security/CertsInfoPane.java	Wed Jun 24 15:10:22 2009 -0400
+++ b/netx/net/sourceforge/jnlp/security/CertsInfoPane.java	Wed Jun 24 16:26:08 2009 -0400
@@ -91,9 +91,9 @@
 		X509Certificate firstCert = 
 			((X509Certificate)firstPath.getCertificates().get(0));
 		String subjectString = 
-			getCN(firstCert.getSubjectX500Principal().getName());
+			SecurityUtil.getCN(firstCert.getSubjectX500Principal().getName());
 		String issuerString = 
-			getCN(firstCert.getIssuerX500Principal().getName());
+			SecurityUtil.getCN(firstCert.getIssuerX500Principal().getName());
 
 		DefaultMutableTreeNode top =
 			new DefaultMutableTreeNode(subjectString 
@@ -105,9 +105,9 @@
 			X509Certificate secondCert = 
 				((X509Certificate)firstPath.getCertificates().get(1));
 			subjectString = 
-				getCN(secondCert.getSubjectX500Principal().getName());
+				SecurityUtil.getCN(secondCert.getSubjectX500Principal().getName());
 			issuerString = 
-				getCN(secondCert.getIssuerX500Principal().getName());
+				SecurityUtil.getCN(secondCert.getIssuerX500Principal().getName());
 			top.add(new DefaultMutableTreeNode(subjectString 
 				+ " (" + issuerString + ")"));
 		}
@@ -129,8 +129,8 @@
 
             X509Certificate c = (X509Certificate) certs.get(0).getCertificates().get(i);
             certsData.add(parseCert(c));
-            certNames[i] = getCN(c.getSubjectX500Principal().getName())
-				+ " (" + getCN(c.getIssuerX500Principal().getName()) + ")";
+            certNames[i] = SecurityUtil.getCN(c.getSubjectX500Principal().getName())
+				+ " (" + SecurityUtil.getCN(c.getIssuerX500Principal().getName()) + ")";
         }
 	}
 	
@@ -235,23 +235,6 @@
 	}
 
 	/**
-	 * Extracts the CN field from a Certificate principal string.
-	 */
-	protected String getCN(String principal) {
-        int start = principal.indexOf("CN=");
-        int end = principal.indexOf(",", start);
-
-		if (end == -1) {
-			end = principal.length();
-		}
-
-        if (start >= 0)
-            return principal.substring(start+3, end);
-        else
-            return principal;
-    }
-
-	/**
 	 * Copies the currently selected certificate to the system Clipboard.
 	 */
 	private class CopyToClipboardHandler implements ActionListener {
--- a/netx/net/sourceforge/jnlp/security/SecurityUtil.java	Wed Jun 24 15:10:22 2009 -0400
+++ b/netx/net/sourceforge/jnlp/security/SecurityUtil.java	Wed Jun 24 16:26:08 2009 -0400
@@ -63,20 +63,106 @@
 		return password;
 	}
 	
-	public static String getCN(String principal) {
+    /**
+     * Extracts the CN field from a Certificate principal string. Or, if it
+     * can't find that, return the principal unmodified.
+     * 
+     * This is a simple (and hence 'wrong') version. See
+     * http://www.ietf.org/rfc/rfc2253.txt for all the gory details.
+     */
+    public static String getCN(String principal) {
+
+        /*
+         * FIXME Incomplete
+         * 
+         * This does not implement RFC 2253 completely
+         * 
+         * Issues:
+         * - rfc2253 talks about utf8, java uses utf16.
+         * - theoretically, java should have dealt with all byte encodings
+         *   so we shouldnt even see cases like \FF
+         * - if the above is wrong, then we need to deal with cases like 
+         *   \FF\FF
+         */
+
         int start = principal.indexOf("CN=");
-        int end = principal.indexOf(",", start);
+        if (start == -1) {
+            return principal;
+        }
+
+        StringBuilder commonName = new StringBuilder();
+
+        boolean inQuotes = false;
+        boolean escaped = false;
+
+        /*
+         * bit 0 = high order bit. bit 1 = low order bit
+         */
+        char[] hexBits = null;
+
+        for (int i = start + 3; i < principal.length(); i++) {
+            char ch = principal.charAt(i);
+            switch (ch) {
+            case '"':
+                if (escaped) {
+                    commonName.append(ch);
+                    escaped = false;
+                } else {
+                    inQuotes = !inQuotes;
+                }
+                break;
 
-		if (end == -1) {
-			end = principal.length();
-		}
+            case '\\':
+                if (escaped) {
+                    commonName.append(ch);
+                    escaped = false;
+                } else {
+                    escaped = true;
+                }
+                break;
+
+            case ',':
+                /* fall through */
+            case ';':
+                /* fall through */
+            case '+':
+                if (escaped || inQuotes) {
+                    commonName.append(ch);
+                    if (escaped) {
+                        escaped = false;
+                    }
+                } else {
+                    return commonName.toString();
+                }
+                break;
 
-        if (start >= 0)
-            return principal.substring(start+3, end);
-        else
-            return principal;
+            default:
+                if (escaped && isHexDigit(ch)) {
+                    hexBits = new char[2];
+                    hexBits[0] = ch;
+                } else if (hexBits != null) {
+                    if (!isHexDigit(ch)) {
+                        /* error parsing */
+                        return "";
+                    }
+                    hexBits[1] = ch;
+                    commonName.append((char) Integer.parseInt(new String(hexBits), 16));
+                    hexBits = null;
+                } else {
+                    commonName.append(ch);
+                }
+                escaped = false;
+            }
+        }
+
+        return commonName.toString();
+
     }
-	
+
+    private static boolean isHexDigit(char ch) {
+        return ((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'F') || (ch >= 'a' && ch <= 'f'));
+    }
+
 	/**
 	 * Checks the user's home directory to see if the trusted.certs file exists.
 	 * If it does not exist, it tries to create an empty keystore.
--- a/netx/net/sourceforge/jnlp/security/SingleCertInfoPane.java	Wed Jun 24 15:10:22 2009 -0400
+++ b/netx/net/sourceforge/jnlp/security/SingleCertInfoPane.java	Wed Jun 24 16:26:08 2009 -0400
@@ -55,9 +55,9 @@
 	protected void buildTree() {
 		X509Certificate cert = ((SecurityWarningDialog)optionPane).getCert();
 		String subjectString = 
-			getCN(cert.getSubjectX500Principal().getName());
+			SecurityUtil.getCN(cert.getSubjectX500Principal().getName());
 		String issuerString = 
-			getCN(cert.getIssuerX500Principal().getName());
+			SecurityUtil.getCN(cert.getIssuerX500Principal().getName());
 
 		DefaultMutableTreeNode top = new DefaultMutableTreeNode(subjectString 
 				+ " (" + issuerString + ")");
@@ -72,7 +72,7 @@
 		certNames = new String[1];
 		certsData = new ArrayList<String[][]>();
 		certsData.add(parseCert(c));
-		certNames[0] = getCN(c.getSubjectX500Principal().getName())
-		+ " (" + getCN(c.getIssuerX500Principal().getName()) + ")";
+		certNames[0] = SecurityUtil.getCN(c.getSubjectX500Principal().getName())
+		+ " (" + SecurityUtil.getCN(c.getIssuerX500Principal().getName()) + ")";
 	}
 }
--- a/netx/net/sourceforge/jnlp/tools/KeyTool.java	Wed Jun 24 15:10:22 2009 -0400
+++ b/netx/net/sourceforge/jnlp/tools/KeyTool.java	Wed Jun 24 16:26:08 2009 -0400
@@ -176,7 +176,7 @@
 
 			out.println("Alias: " + alias);
 			out.println("Date Created: " + usercerts.getCreationDate(alias));
-			out.println("Subject: " + getCN(((X509Certificate)usercerts
+			out.println("Subject: " + SecurityUtil.getCN(((X509Certificate)usercerts
 				.getCertificate(alias)).getSubjectX500Principal().getName()));
 			out.println("Certificate fingerprint (MD5): "
 					+ getCertFingerPrint("MD5", cert));
@@ -184,23 +184,6 @@
 		}
 	}
 
-	/**
-	 * Extracts the CN field from a Certificate principal string.
-	 */
-	private String getCN(String principal) {
-		int start = principal.indexOf("CN=");
-		int end = principal.indexOf(",", start);
-
-		if (end == -1) {
-			end = principal.length();
-		}
-
-		if (start >= 0)
-			return principal.substring(start+3, end);
-		else
-			return principal;
-    }
-
     /**
      * Gets the requested finger print of the certificate.
      */