diff options
| author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-07-19 19:21:28 +0000 |
|---|---|---|
| committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-07-19 19:21:28 +0000 |
| commit | bc0baf482e50a18cdbf155168006d36f77bc12c6 (patch) | |
| tree | 9285735bbb6e4ed251b17d4dfa3246fc762f6996 /pki/base | |
| parent | edd605f8ee83ffd902a9876136a80f586f0af637 (diff) | |
| download | pki-bc0baf482e50a18cdbf155168006d36f77bc12c6.tar.gz pki-bc0baf482e50a18cdbf155168006d36f77bc12c6.tar.xz pki-bc0baf482e50a18cdbf155168006d36f77bc12c6.zip | |
Bugzilla BZ#716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2065 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base')
3 files changed, 15 insertions, 7 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java index 21208b032..8da1809d7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java @@ -305,8 +305,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { if(ext == null) { return; } + if ((value == null) || (value.equals("null")) || (value.equals(""))) { + CMS.debug("NameConstraintsExtDefault:setValue : " + + "blank value for permitted subtrees ... returning"); + return; + } + Vector v = parseRecords(value); - + Vector permittedSubtrees = createSubtrees(locale, v); ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, @@ -318,6 +324,11 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { if(ext == null) { return; } + if ((value == null) || (value.equals("null")) || (value.equals(""))) { + CMS.debug("NameConstraintsExtDefault:setValue : " + + "blank value for excluded subtrees ... returning"); + return; + } Vector v = parseRecords(value); Vector excludedSubtrees = createSubtrees(locale, v); diff --git a/pki/base/util/src/netscape/security/x509/GeneralSubtree.java b/pki/base/util/src/netscape/security/x509/GeneralSubtree.java index ff94ce4f7..248e58c96 100644 --- a/pki/base/util/src/netscape/security/x509/GeneralSubtree.java +++ b/pki/base/util/src/netscape/security/x509/GeneralSubtree.java @@ -125,10 +125,7 @@ public class GeneralSubtree { name.encode(seq); - // XXX NSS 2.8 crashes when minimum is not set. - // always encode minimum as a workaround. - // REMOVE WHEN NSS HAS FIXED THE PROBLEM. - // if (minimum != MIN_DEFAULT) + if (minimum != MIN_DEFAULT) { DerOutputStream tmp = new DerOutputStream(); tmp.putInteger(new BigInt(minimum)); diff --git a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java index 9013242e5..037ff824d 100644 --- a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java @@ -85,13 +85,13 @@ implements CertAttrSet { DerOutputStream seq = new DerOutputStream(); DerOutputStream tagged = new DerOutputStream(); - if (permitted != null) { + if ((permitted != null) &&(permitted.getSubtrees().size()>0)) { DerOutputStream tmp = new DerOutputStream(); permitted.encode(tmp); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_PERMITTED), tmp); } - if (excluded != null) { + if ((excluded != null) && (excluded.getSubtrees().size()>0)) { DerOutputStream tmp = new DerOutputStream(); excluded.encode(tmp); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, |