diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-01-13 17:41:05 +1100 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-02-15 14:33:53 +1000 |
commit | f6177fede9d1b688f0519953ec14839d513a6e2c (patch) | |
tree | 75093e7ae769a25f1d435b1aa9da44c617cc1279 /base/util | |
parent | 966b3e906b48fdb34cfe0f5bc9092b45bfc9067d (diff) | |
download | pki-f6177fede9d1b688f0519953ec14839d513a6e2c.tar.gz pki-f6177fede9d1b688f0519953ec14839d513a6e2c.tar.xz pki-f6177fede9d1b688f0519953ec14839d513a6e2c.zip |
Use correct textual encoding for PKCS #7 objects
PKCS #7 objects are being output with the "CERTIFICATE CHAIN" label
which is invalid (RFC 7468) and unrecognised by many programs
(including OpenSSL). Use the correct "PKCS7" label instead.
Also do a drive-by refactor of the normalizeCertAndReq to remove
some redundant code.
Fixes: https://fedorahosted.org/pki/ticket/1699
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 35 |
1 files changed, 2 insertions, 33 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 2a3f95528..e98027dce 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -1116,46 +1116,15 @@ public class CryptoUtil { if (s == null) { return s; } - s = s.replaceAll("-----BEGIN CERTIFICATE REQUEST-----", ""); - s = s.replaceAll("-----BEGIN NEW CERTIFICATE REQUEST-----", ""); - s = s.replaceAll("-----END CERTIFICATE REQUEST-----", ""); - s = s.replaceAll("-----END NEW CERTIFICATE REQUEST-----", ""); - s = s.replaceAll("-----BEGIN CERTIFICATE-----", ""); - s = s.replaceAll("-----END CERTIFICATE-----", ""); - s = s.replaceAll("-----BEGIN CERTIFICATE CHAIN-----", ""); - s = s.replaceAll("-----END CERTIFICATE CHAIN-----", ""); + // grammar defined at https://tools.ietf.org/html/rfc7468#section-3 + s = s.replaceAll("-----(BEGIN|END) [\\p{Print}&&[^- ]]([- ]?[\\p{Print}&&[^- ]])*-----", ""); StringBuffer sb = new StringBuffer(); StringTokenizer st = new StringTokenizer(s, "\r\n "); while (st.hasMoreTokens()) { String nextLine = st.nextToken(); - nextLine = nextLine.trim(); - if (nextLine.equals("-----BEGIN CERTIFICATE REQUEST-----")) { - continue; - } - if (nextLine.equals("-----BEGIN NEW CERTIFICATE REQUEST-----")) { - continue; - } - if (nextLine.equals("-----END CERTIFICATE REQUEST-----")) { - continue; - } - if (nextLine.equals("-----END NEW CERTIFICATE REQUEST-----")) { - continue; - } - if (nextLine.equals("-----BEGIN CERTIFICATE-----")) { - continue; - } - if (nextLine.equals("-----END CERTIFICATE-----")) { - continue; - } - if (nextLine.equals("-----BEGIN CERTIFICATE CHAIN-----")) { - continue; - } - if (nextLine.equals("-----END CERTIFICATE CHAIN-----")) { - continue; - } sb.append(nextLine); } return sb.toString(); |