diff options
| author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-09-16 19:53:28 +0000 |
|---|---|---|
| committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-09-16 19:53:28 +0000 |
| commit | 2c6a3daedb8cbe4cdcbb98418cd068562ec45e00 (patch) | |
| tree | 5cc949ab78b9db6d9fb8667d67a47cb9fc0702e9 | |
| parent | 78bdeb25861c9fd66457b73eecf7274913f271cb (diff) | |
462488 - IPAddress in SubjAltNameExt incorrectly padded with extra bytes in cert
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@111 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java | 12 | ||||
| -rw-r--r-- | pki/base/util/src/netscape/security/x509/IPAddressName.java | 27 | ||||
| -rw-r--r-- | pki/linux/common/pki-common.spec | 4 | ||||
| -rw-r--r-- | pki/linux/util/pki-util.spec | 4 |
4 files changed, 41 insertions, 6 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java index 46f442cf8..8b764eb97 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -432,7 +432,17 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe return new URIName(nameValue); } if (nameType.equalsIgnoreCase("IPAddress")) { - return new IPAddressName(nameValue); + CMS.debug("IP Value:" + nameValue); + if (nameValue.indexOf('/') != -1) { + // CIDR support for NameConstraintsExt + StringTokenizer st = new StringTokenizer(nameValue, "/"); + String addr = st.nextToken(); + String netmask = st.nextToken(); + CMS.debug("addr:" + addr +" netmask: "+netmask); + return new IPAddressName(addr, netmask); + } else { + return new IPAddressName(nameValue); + } } if (nameType.equalsIgnoreCase("OIDName")) { try { diff --git a/pki/base/util/src/netscape/security/x509/IPAddressName.java b/pki/base/util/src/netscape/security/x509/IPAddressName.java index caa5bcafd..4fe58145c 100644 --- a/pki/base/util/src/netscape/security/x509/IPAddressName.java +++ b/pki/base/util/src/netscape/security/x509/IPAddressName.java @@ -107,10 +107,10 @@ public class IPAddressName implements GeneralNameInterface { IPAddr ipAddr = null; if (s.indexOf(':') != -1) { ipAddr = IPv6; - address = new byte[IPv6_LEN*2]; + address = new byte[IPv6_LEN]; } else { ipAddr = IPv4; - address = new byte[IPv4_LEN*2]; + address = new byte[IPv4_LEN]; } ipAddr.getIPAddr(s, address, 0); } @@ -136,10 +136,31 @@ public class IPAddressName implements GeneralNameInterface { * Return a printable string of IPaddress */ public String toString() { - return ("IPAddress: " + (address[0] & 0xff) + "." + if (address.length == 4) { + return ("IPAddress: " + (address[0] & 0xff) + "." + (address[1] & 0xff) + "." + (address[2] & 0xff) + "." + (address[3] & 0xff)); + } else { + String r= "IPAddress: " + Integer.toHexString(address[0] & 0xff); + String hexString = Integer.toHexString(address[1] & 0xff); + if (hexString.length() ==1) { + r = r+ "0" + hexString; + } else { + r += hexString; + } + for (int i=2; i < address.length; ) { + r+= ":" + Integer.toHexString(address[i] & 0xff); + hexString = Integer.toHexString(address[i+1] & 0xff); + if (hexString.length() ==1) { + r = r +"0" + hexString; + } else { + r += hexString; + } + i+=2; + } + return r; + } } } diff --git a/pki/linux/common/pki-common.spec b/pki/linux/common/pki-common.spec index 676084971..da6707d33 100644 --- a/pki/linux/common/pki-common.spec +++ b/pki/linux/common/pki-common.spec @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.0.0 -%define base_release 17 +%define base_release 18 %define base_group System Environment/Base %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -298,6 +298,8 @@ chmod 00755 %{_datadir}/%{base_prefix}/setup/postinstall ############################################################################### %changelog +* Tue Sep 16 2008 Christina Fu <cfu@redhat.com> 1.0.0-1 +- Fix for bug #462488: IPAddress in SubjAltNameExt incorrectly padded with extra bytes in cert * Wed Aug 13 2008 Ade Lee <alee@redhat.com> 1.0.0-17 - Fix for Bug 458499: UniqueSubjectName plugin for plugins does not account for revoked certs * Fri Aug 8 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-16 diff --git a/pki/linux/util/pki-util.spec b/pki/linux/util/pki-util.spec index 316d412f5..2188a942b 100644 --- a/pki/linux/util/pki-util.spec +++ b/pki/linux/util/pki-util.spec @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.0.0 -%define base_release 4 +%define base_release 5 %define base_group System Environment/Base %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -278,6 +278,8 @@ rm -rf ${RPM_BUILD_ROOT} ############################################################################### %changelog +* Tue Sep 16 2008 Christina Fu <cfu@redhat.com> 1.0.0-5 +- Fix for bug #462488: IPAddress in SubjAltNameExt incorrectly padded with extra bytes in cert * Wed Aug 13 2008 Ade Lee <alee@redhat.com> 1.0.0-4 - Fix for bug #458317: certitificate policy extensions not displayed in PrettyPrintCert * Wed Jun 25 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-3 |