summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java6
-rw-r--r--base/common/src/com/netscape/cms/profile/def/EnrollDefault.java40
-rw-r--r--base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java5
-rw-r--r--base/common/src/com/netscape/cms/servlet/base/CMSServlet.java40
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java4
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java3
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java7
-rw-r--r--base/common/src/com/netscape/cms/servlet/processors/Processor.java39
8 files changed, 14 insertions, 130 deletions
diff --git a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
index 5ae8596ba..832a1c5f4 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
@@ -824,12 +824,12 @@ public class CertSearchRequest {
lf.append("(x509cert.subject=*");
lf.append(avaName);
lf.append("=");
- lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param)));
lf.append(",*)");
lf.append("(x509cert.subject=*");
lf.append(avaName);
lf.append("=");
- lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param)));
lf.append(")");
lf.append(")");
} else {
@@ -837,7 +837,7 @@ public class CertSearchRequest {
lf.append(avaName);
lf.append("=");
lf.append("*");
- lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param)));
lf.append("*)");
}
}
diff --git a/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
index 162d1647c..53ec23b40 100644
--- a/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
+++ b/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
@@ -772,44 +772,4 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
}
return p.substitute2("request", attrSet);
}
-
- protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
- StringBuffer result = new StringBuffer();
-
- // Do we need to escape any characters
- for (int i = 0; i < v.length(); i++) {
- int c = v.charAt(i);
- if (c == ',' || c == '=' || c == '+' || c == '<' ||
- c == '>' || c == '#' || c == ';' || c == '\r' ||
- c == '\n' || c == '\\' || c == '"') {
- if ((c == 0x5c) && ((i + 1) < v.length())) {
- int nextC = v.charAt(i + 1);
- if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
- nextC == '<' || nextC == '>' || nextC == '#' ||
- nextC == ';' || nextC == '\r' || nextC == '\n' ||
- nextC == '\\' || nextC == '"')) {
- if (doubleEscape)
- result.append('\\');
- } else {
- result.append('\\');
- if (doubleEscape)
- result.append('\\');
- }
- } else {
- result.append('\\');
- if (doubleEscape)
- result.append('\\');
- }
- }
- if (c == '\r') {
- result.append("0D");
- } else if (c == '\n') {
- result.append("0A");
- } else {
- result.append((char) c);
- }
- }
- return result;
- }
-
}
diff --git a/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
index dff36748c..01cc73aba 100644
--- a/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
+++ b/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
@@ -40,6 +40,7 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
+import com.netscape.cmsutil.ldap.LDAPUtil;
/**
* This class implements an enrollment default policy
@@ -429,8 +430,8 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
String[] sla = la.getStringValueArray();
CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "
+ mLdapStringAttrs[i] +
- "=" + escapeValueRfc1779(sla[0], false).toString());
- request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString());
+ "=" + LDAPUtil.escapeDN(sla[0]));
+ request.setExtData(mLdapStringAttrs[i], LDAPUtil.escapeDN(sla[0]));
}
}
CMS.debug("pattern = " + pattern);
diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index a4922ab25..72ced2c53 100644
--- a/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -2257,44 +2257,4 @@ public abstract class CMSServlet extends HttpServlet {
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
}
}
-
- protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
- StringBuffer result = new StringBuffer();
-
- // Do we need to escape any characters
- for (int i = 0; i < v.length(); i++) {
- int c = v.charAt(i);
- if (c == ',' || c == '=' || c == '+' || c == '<' ||
- c == '>' || c == '#' || c == ';' || c == '\r' ||
- c == '\n' || c == '\\' || c == '"') {
- if ((c == 0x5c) && ((i + 1) < v.length())) {
- int nextC = v.charAt(i + 1);
- if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
- nextC == '<' || nextC == '>' || nextC == '#' ||
- nextC == ';' || nextC == '\r' || nextC == '\n' ||
- nextC == '\\' || nextC == '"')) {
- if (doubleEscape)
- result.append('\\');
- } else {
- result.append('\\');
- if (doubleEscape)
- result.append('\\');
- }
- } else {
- result.append('\\');
- if (doubleEscape)
- result.append('\\');
- }
- }
- if (c == '\r') {
- result.append("0D");
- } else if (c == '\n') {
- result.append("0A");
- } else {
- result.append((char) c);
- }
- }
- return result;
- }
-
}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
index 4acc94d07..4e24b5862 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
@@ -43,6 +43,7 @@ import com.netscape.certsrv.request.INotify;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.processors.Processor;
+import com.netscape.cmsutil.ldap.LDAPUtil;
public class CertProcessor extends Processor {
@@ -98,8 +99,7 @@ public class CertProcessor extends Processor {
// special characters in subject names parameters must be escaped
if (inputName.matches("^sn_.*")) {
req.setExtData(inputName,
- escapeValueRfc1779(dataInputs.get(inputName), false)
- .toString());
+ LDAPUtil.escapeDN(dataInputs.get(inputName)));
} else {
req.setExtData(inputName, dataInputs.get(inputName));
}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
index 911b30fa3..03d0bb20c 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
@@ -39,6 +39,7 @@ import com.netscape.certsrv.profile.ProfileInput;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.profile.SSLClientCertProvider;
+import com.netscape.cmsutil.ldap.LDAPUtil;
public class EnrollmentProcessor extends CertProcessor {
@@ -69,7 +70,7 @@ public class EnrollmentProcessor extends CertProcessor {
if (dataInputs.containsKey(inputName)) {
// all subject name parameters start with sn_, no other input parameters do
if (inputName.matches("^sn_.*")) {
- ctx.set(inputName, escapeValueRfc1779(dataInputs.get(inputName), false).toString());
+ ctx.set(inputName, LDAPUtil.escapeDN(dataInputs.get(inputName)));
} else {
ctx.set(inputName, dataInputs.get(inputName));
}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
index d538ce675..b35ca054c 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
@@ -58,6 +58,7 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
+import com.netscape.cmsutil.ldap.LDAPUtil;
/**
* Search for certificates matching complex query filter
@@ -224,12 +225,12 @@ public class SrchCerts extends CMSServlet {
lf.append("(x509cert.subject=*");
lf.append(avaName);
lf.append("=");
- lf.append(escapeValueRfc1779(val, true));
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(val)));
lf.append(",*)");
lf.append("(x509cert.subject=*");
lf.append(avaName);
lf.append("=");
- lf.append(escapeValueRfc1779(val, true));
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(val)));
lf.append(")");
lf.append(")");
} else {
@@ -237,7 +238,7 @@ public class SrchCerts extends CMSServlet {
lf.append(avaName);
lf.append("=");
lf.append("*");
- lf.append(escapeValueRfc1779(val, true));
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(val)));
lf.append("*)");
}
}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/Processor.java b/base/common/src/com/netscape/cms/servlet/processors/Processor.java
index a39ba715b..fdbc85dd5 100644
--- a/base/common/src/com/netscape/cms/servlet/processors/Processor.java
+++ b/base/common/src/com/netscape/cms/servlet/processors/Processor.java
@@ -294,45 +294,6 @@ public class Processor {
CMS.debug("End of CertProcessor Input Parameters");
}
- protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
- StringBuffer result = new StringBuffer();
-
- // Do we need to escape any characters
- for (int i = 0; i < v.length(); i++) {
- int c = v.charAt(i);
- if (c == ',' || c == '=' || c == '+' || c == '<' ||
- c == '>' || c == '#' || c == ';' || c == '\r' ||
- c == '\n' || c == '\\' || c == '"') {
- if ((c == 0x5c) && ((i + 1) < v.length())) {
- int nextC = v.charAt(i + 1);
- if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
- nextC == '<' || nextC == '>' || nextC == '#' ||
- nextC == ';' || nextC == '\r' || nextC == '\n' ||
- nextC == '\\' || nextC == '"')) {
- if (doubleEscape)
- result.append('\\');
- } else {
- result.append('\\');
- if (doubleEscape)
- result.append('\\');
- }
- } else {
- result.append('\\');
- if (doubleEscape)
- result.append('\\');
- }
- }
- if (c == '\r') {
- result.append("0D");
- } else if (c == '\n') {
- result.append("0A");
- } else {
- result.append((char) c);
- }
- }
- return result;
- }
-
/**
* get ssl client authenticated certificate
*/