diff options
author | Brian Carlstrom <bdc@google.com> | 2013-01-07 11:49:35 -0800 |
---|---|---|
committer | Paul Kocialkowski <contact@paulk.fr> | 2014-11-16 13:52:44 +0100 |
commit | 77dbb153e181bcccef4386eadb207f7bf96936fb (patch) | |
tree | 914ff4d2abf1d72da488c91a7b9935c140a1fafc | |
parent | 4417e2559ac202e01f9d795970df5319ea31f83d (diff) | |
download | libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.zip libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.tar.gz libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.tar.bz2 |
Should favor most specific CN when working with distinguished names
This reverts a regression introduced in commit 1331404bf45cb2f220ee9aa2c0c108ce59453a74
that was caught by tests.api.javax.net.ssl.HostnameVerifierTest.testVerify
Bug: 7894348
Bug: http://code.google.com/p/android/issues/detail?id=41662
Change-Id: Iec8000b716e3d99ca7af4aa2c3fd7b43e22c68cd
-rw-r--r-- | luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java | 16 | ||||
-rw-r--r-- | luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java | 30 |
2 files changed, 24 insertions, 22 deletions
diff --git a/luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java b/luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java index 6280baa..fb74d9b 100644 --- a/luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java +++ b/luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java @@ -39,6 +39,9 @@ public final class DistinguishedNameParser { private char[] chars; public DistinguishedNameParser(X500Principal principal) { + // RFC2253 is used to ensure we get attributes in the reverse + // order of the underlying ASN.1 encoding, so that the most + // significant values of repeated attributes occur first. this.dn = principal.getName(X500Principal.RFC2253); this.length = this.dn.length(); } @@ -357,15 +360,11 @@ public final class DistinguishedNameParser { if (attType == null) { return null; } - // Values are ordered from least specific to most specific. We - // remember the most recent choice in result and return it - // when we reach the end of the input. - String result = null; while (true) { String attValue = ""; if (pos == length) { - return result; + return null; } switch (chars[pos]) { @@ -384,12 +383,15 @@ public final class DistinguishedNameParser { attValue = escapedAV(); } + // Values are ordered from most specific to least specific + // due to the RFC2253 formatting. So take the first match + // we see. if (attributeType.equalsIgnoreCase(attType)) { - result = attValue; + return attValue; } if (pos >= length) { - return result; + return null; } if (chars[pos] == ',' || chars[pos] == ';') { diff --git a/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java b/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java index 19430de..723c697 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java @@ -21,35 +21,35 @@ import javax.security.auth.x500.X500Principal; import junit.framework.TestCase; public final class DistinguishedNameParserTest extends TestCase { - public void testGetLastCn() { - assertLastCn("", null); - assertLastCn("ou=xxx", null); - assertLastCn("ou=xxx,cn=xxx", "xxx"); - assertLastCn("ou=xxx+cn=yyy,cn=zzz+cn=abc", "abc"); - assertLastCn("cn=a,cn=b", "b"); - assertLastCn("cn=Cc,cn=Bb,cn=Aa", "Aa"); - assertLastCn("cn=imap.gmail.com", "imap.gmail.com"); + public void testGetFirstCn() { + assertFirstCn("", null); + assertFirstCn("ou=xxx", null); + assertFirstCn("ou=xxx,cn=xxx", "xxx"); + assertFirstCn("ou=xxx+cn=yyy,cn=zzz+cn=abc", "yyy"); + assertFirstCn("cn=a,cn=b", "a"); + assertFirstCn("cn=Cc,cn=Bb,cn=Aa", "Cc"); + assertFirstCn("cn=imap.gmail.com", "imap.gmail.com"); } public void testGetFirstCnWithOid() { - assertLastCn("2.5.4.3=a,ou=xxx", "a"); + assertFirstCn("2.5.4.3=a,ou=xxx", "a"); } public void testGetFirstCnWithQuotedStrings() { - assertLastCn("cn=\"\\\" a ,=<>#;\"", "\" a ,=<>#;"); - assertLastCn("cn=abc\\,def", "abc,def"); + assertFirstCn("cn=\"\\\" a ,=<>#;\"", "\" a ,=<>#;"); + assertFirstCn("cn=abc\\,def", "abc,def"); } public void testGetFirstCnWithUtf8() { - assertLastCn("cn=Lu\\C4\\8Di\\C4\\87", "\u004c\u0075\u010d\u0069\u0107"); + assertFirstCn("cn=Lu\\C4\\8Di\\C4\\87", "\u004c\u0075\u010d\u0069\u0107"); } public void testGetFirstCnWithWhitespace() { - assertLastCn("ou=a, cn= a b ,o=x", "a b"); - assertLastCn("cn=\" a b \" ,o=x", " a b "); + assertFirstCn("ou=a, cn= a b ,o=x", "a b"); + assertFirstCn("cn=\" a b \" ,o=x", " a b "); } - private void assertLastCn(String dn, String expected) { + private void assertFirstCn(String dn, String expected) { X500Principal principal = new X500Principal(dn); assertEquals(dn, expected, new DistinguishedNameParser(principal).findMostSpecific("cn")); } |