diff options
8 files changed, 14 insertions, 130 deletions
diff --git a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java index 5ae8596ba..832a1c5f4 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java +++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java @@ -824,12 +824,12 @@ public class CertSearchRequest { lf.append("(x509cert.subject=*"); lf.append(avaName); lf.append("="); - lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param))); lf.append(",*)"); lf.append("(x509cert.subject=*"); lf.append(avaName); lf.append("="); - lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param))); lf.append(")"); lf.append(")"); } else { @@ -837,7 +837,7 @@ public class CertSearchRequest { lf.append(avaName); lf.append("="); lf.append("*"); - lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param))); lf.append("*)"); } } diff --git a/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java index 162d1647c..53ec23b40 100644 --- a/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -772,44 +772,4 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe } return p.substitute2("request", attrSet); } - - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { - StringBuffer result = new StringBuffer(); - - // Do we need to escape any characters - for (int i = 0; i < v.length(); i++) { - int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i + 1) < v.length())) { - int nextC = v.charAt(i + 1); - if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || - nextC == '<' || nextC == '>' || nextC == '#' || - nextC == ';' || nextC == '\r' || nextC == '\n' || - nextC == '\\' || nextC == '"')) { - if (doubleEscape) - result.append('\\'); - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } - if (c == '\r') { - result.append("0D"); - } else if (c == '\n') { - result.append("0A"); - } else { - result.append((char) c); - } - } - return result; - } - } diff --git a/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index dff36748c..01cc73aba 100644 --- a/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -40,6 +40,7 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import com.netscape.cmsutil.ldap.LDAPUtil; /** * This class implements an enrollment default policy @@ -429,8 +430,8 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { String[] sla = la.getStringValueArray(); CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + mLdapStringAttrs[i] + - "=" + escapeValueRfc1779(sla[0], false).toString()); - request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); + "=" + LDAPUtil.escapeDN(sla[0])); + request.setExtData(mLdapStringAttrs[i], LDAPUtil.escapeDN(sla[0])); } } CMS.debug("pattern = " + pattern); diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index a4922ab25..72ced2c53 100644 --- a/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -2257,44 +2257,4 @@ public abstract class CMSServlet extends HttpServlet { CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); } } - - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { - StringBuffer result = new StringBuffer(); - - // Do we need to escape any characters - for (int i = 0; i < v.length(); i++) { - int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i + 1) < v.length())) { - int nextC = v.charAt(i + 1); - if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || - nextC == '<' || nextC == '>' || nextC == '#' || - nextC == ';' || nextC == '\r' || nextC == '\n' || - nextC == '\\' || nextC == '"')) { - if (doubleEscape) - result.append('\\'); - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } - if (c == '\r') { - result.append("0D"); - } else if (c == '\n') { - result.append("0A"); - } else { - result.append((char) c); - } - } - return result; - } - } diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java index 4acc94d07..4e24b5862 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java +++ b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java @@ -43,6 +43,7 @@ import com.netscape.certsrv.request.INotify; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.processors.Processor; +import com.netscape.cmsutil.ldap.LDAPUtil; public class CertProcessor extends Processor { @@ -98,8 +99,7 @@ public class CertProcessor extends Processor { // special characters in subject names parameters must be escaped if (inputName.matches("^sn_.*")) { req.setExtData(inputName, - escapeValueRfc1779(dataInputs.get(inputName), false) - .toString()); + LDAPUtil.escapeDN(dataInputs.get(inputName))); } else { req.setExtData(inputName, dataInputs.get(inputName)); } diff --git a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java index 911b30fa3..03d0bb20c 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java +++ b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java @@ -39,6 +39,7 @@ import com.netscape.certsrv.profile.ProfileInput; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.profile.SSLClientCertProvider; +import com.netscape.cmsutil.ldap.LDAPUtil; public class EnrollmentProcessor extends CertProcessor { @@ -69,7 +70,7 @@ public class EnrollmentProcessor extends CertProcessor { if (dataInputs.containsKey(inputName)) { // all subject name parameters start with sn_, no other input parameters do if (inputName.matches("^sn_.*")) { - ctx.set(inputName, escapeValueRfc1779(dataInputs.get(inputName), false).toString()); + ctx.set(inputName, LDAPUtil.escapeDN(dataInputs.get(inputName))); } else { ctx.set(inputName, dataInputs.get(inputName)); } diff --git a/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index d538ce675..b35ca054c 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -58,6 +58,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; +import com.netscape.cmsutil.ldap.LDAPUtil; /** * Search for certificates matching complex query filter @@ -224,12 +225,12 @@ public class SrchCerts extends CMSServlet { lf.append("(x509cert.subject=*"); lf.append(avaName); lf.append("="); - lf.append(escapeValueRfc1779(val, true)); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(val))); lf.append(",*)"); lf.append("(x509cert.subject=*"); lf.append(avaName); lf.append("="); - lf.append(escapeValueRfc1779(val, true)); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(val))); lf.append(")"); lf.append(")"); } else { @@ -237,7 +238,7 @@ public class SrchCerts extends CMSServlet { lf.append(avaName); lf.append("="); lf.append("*"); - lf.append(escapeValueRfc1779(val, true)); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(val))); lf.append("*)"); } } diff --git a/base/common/src/com/netscape/cms/servlet/processors/Processor.java b/base/common/src/com/netscape/cms/servlet/processors/Processor.java index a39ba715b..fdbc85dd5 100644 --- a/base/common/src/com/netscape/cms/servlet/processors/Processor.java +++ b/base/common/src/com/netscape/cms/servlet/processors/Processor.java @@ -294,45 +294,6 @@ public class Processor { CMS.debug("End of CertProcessor Input Parameters"); } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { - StringBuffer result = new StringBuffer(); - - // Do we need to escape any characters - for (int i = 0; i < v.length(); i++) { - int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i + 1) < v.length())) { - int nextC = v.charAt(i + 1); - if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || - nextC == '<' || nextC == '>' || nextC == '#' || - nextC == ';' || nextC == '\r' || nextC == '\n' || - nextC == '\\' || nextC == '"')) { - if (doubleEscape) - result.append('\\'); - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } else { - result.append('\\'); - if (doubleEscape) - result.append('\\'); - } - } - if (c == '\r') { - result.append("0D"); - } else if (c == '\n') { - result.append("0A"); - } else { - result.append((char) c); - } - } - return result; - } - /** * get ssl client authenticated certificate */ |