Use correct textual encoding for PKCS #7 objects

PKCS #7 objects are being output with the "CERTIFICATE CHAIN" label which is invalid (RFC 7468) and unrecognised by many programs (including OpenSSL). Use the correct "PKCS7" label instead. Also do a drive-by refactor of the normalizeCertAndReq to remove some redundant code. Fixes: https://fedorahosted.org/pki/ticket/1699
author: Fraser Tweedale <ftweedal@redhat.com> 2016-01-13 17:41:05 +1100
committer: Fraser Tweedale <ftweedal@redhat.com> 2016-02-15 14:33:53 +1000
commit: f6177fede9d1b688f0519953ec14839d513a6e2c (patch)
tree: 75093e7ae769a25f1d435b1aa9da44c617cc1279 /base/util
parent: 966b3e906b48fdb34cfe0f5bc9092b45bfc9067d (diff)
download: pki-f6177fede9d1b688f0519953ec14839d513a6e2c.tar.gz
pki-f6177fede9d1b688f0519953ec14839d513a6e2c.tar.xz
pki-f6177fede9d1b688f0519953ec14839d513a6e2c.zip
1 files changed, 2 insertions, 33 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index 2a3f95528..e98027dce 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -1116,46 +1116,15 @@ public class CryptoUtil {
         if (s == null) {
             return s;
         }
-        s = s.replaceAll("-----BEGIN CERTIFICATE REQUEST-----", "");
-        s = s.replaceAll("-----BEGIN NEW CERTIFICATE REQUEST-----", "");
-        s = s.replaceAll("-----END CERTIFICATE REQUEST-----", "");
-        s = s.replaceAll("-----END NEW CERTIFICATE REQUEST-----", "");
-        s = s.replaceAll("-----BEGIN CERTIFICATE-----", "");
-        s = s.replaceAll("-----END CERTIFICATE-----", "");
-        s = s.replaceAll("-----BEGIN CERTIFICATE CHAIN-----", "");
-        s = s.replaceAll("-----END CERTIFICATE CHAIN-----", "");
+        // grammar defined at https://tools.ietf.org/html/rfc7468#section-3
+        s = s.replaceAll("-----(BEGIN|END) [\\p{Print}&&[^- ]]([- ]?[\\p{Print}&&[^- ]])*-----", "");
 
         StringBuffer sb = new StringBuffer();
         StringTokenizer st = new StringTokenizer(s, "\r\n ");
 
         while (st.hasMoreTokens()) {
             String nextLine = st.nextToken();
-
             nextLine = nextLine.trim();
-            if (nextLine.equals("-----BEGIN CERTIFICATE REQUEST-----")) {
-                continue;
-            }
-            if (nextLine.equals("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
-                continue;
-            }
-            if (nextLine.equals("-----END CERTIFICATE REQUEST-----")) {
-                continue;
-            }
-            if (nextLine.equals("-----END NEW CERTIFICATE REQUEST-----")) {
-                continue;
-            }
-            if (nextLine.equals("-----BEGIN CERTIFICATE-----")) {
-                continue;
-            }
-            if (nextLine.equals("-----END CERTIFICATE-----")) {
-                continue;
-            }
-            if (nextLine.equals("-----BEGIN CERTIFICATE CHAIN-----")) {
-                continue;
-            }
-            if (nextLine.equals("-----END CERTIFICATE CHAIN-----")) {
-                continue;
-            }
             sb.append(nextLine);
         }
         return sb.toString();
author	Fraser Tweedale <ftweedal@redhat.com>	2016-01-13 17:41:05 +1100
committer	Fraser Tweedale <ftweedal@redhat.com>	2016-02-15 14:33:53 +1000
commit	f6177fede9d1b688f0519953ec14839d513a6e2c (patch)
tree	75093e7ae769a25f1d435b1aa9da44c617cc1279 /base/util
parent	966b3e906b48fdb34cfe0f5bc9092b45bfc9067d (diff)
download	pki-f6177fede9d1b688f0519953ec14839d513a6e2c.tar.gz pki-f6177fede9d1b688f0519953ec14839d513a6e2c.tar.xz pki-f6177fede9d1b688f0519953ec14839d513a6e2c.zip