Decode challengePassword attribute as DirectoryString

The PKCS #9 challengePassword attribute has DirectoryString syntax.
Dogtag currently attempts only to decode it as a PrintableString,
causing failures when the attribute is encoded as a UTF8String.

Add method DerValue.getDirectoryString() to decode any of the valid
DirectoryString encodings and update ChallengePassword to use it.

https://fedorahosted.org/pki/ticket/1221

2 files changed, 26 insertions, 0 deletions

diff --git a/base/util/src/netscape/security/util/DerInputStream.java b/base/util/src/netscape/security/util/DerInputStream.java
index 40763a6ba..6c752da00 100644
--- a/base/util/src/netscape/security/util/DerInputStream.java
+++ b/base/util/src/netscape/security/util/DerInputStream.java
@@ -369,6 +369,10 @@ public class DerInputStream {
         return (new DerValue(buffer)).getUniversalString();
     }
 
+    public String getDirectoryString() throws IOException {
+        return (new DerValue(buffer)).getDirectoryString();
+    }
+
     /**
      * Get a UTC encoded time value from the input stream.
      */
diff --git a/base/util/src/netscape/security/util/DerValue.java b/base/util/src/netscape/security/util/DerValue.java
index 87a0a38a3..9c900c5c9 100644
--- a/base/util/src/netscape/security/util/DerValue.java
+++ b/base/util/src/netscape/security/util/DerValue.java
@@ -130,6 +130,13 @@ public class DerValue {
     /** Tag value indicating an ASN.1 "UTF8String" value. (since 1998) */
     public final static byte tag_UTF8String = 0x0C;
 
+    public final static byte[] tags_DirectoryString =
+        { tag_T61String
+        , tag_PrintableString
+        , tag_UniversalString
+        , tag_UTF8String
+        , tag_BMPString };
+
     // CONSTRUCTED seq/set
 
     /**
@@ -521,6 +528,21 @@ public class DerValue {
         return getASN1CharString();
     }
 
+    public String getDirectoryString() throws IOException {
+        boolean tagValid = false;
+        for (int i = 0; i < tags_DirectoryString.length; i++) {
+            if (tag == tags_DirectoryString[i]) {
+                tagValid = true;
+                break;
+            }
+        }
+        if (!tagValid)
+            throw new IOException(
+                "DerValue.getDirectoryString: invalid tag: " + tag);
+
+        return getASN1CharString();
+    }
+
     /*
      * @eturns a string if the DerValue is a ASN.1 character string type and
      * if there is a decoder for the type. Returns null otherwise.