Author: mcalmer
Date: Thu Sep 10 12:16:08 2009
New Revision: 2629
URL: http://svn.opensuse.org/viewcvs/limal?rev=2629&view=rev
Log:
allow DNS names starting with a number [bnc#537786]
Added:
limal-head/limal-ca-mgm/testsuite/CertificateTest6.cc
limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.err
limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.out
Modified:
limal-head/limal-ca-mgm/src/Utils.hpp
limal-head/limal-ca-mgm/testsuite/CertificateTest5.cc
limal-head/limal-ca-mgm/testsuite/Makefile.am
limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/cam.txt
limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/index.txt
limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/serial
limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest5.out
Modified: limal-head/limal-ca-mgm/src/Utils.hpp
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/src/Utils.hpp?rev=2629&r1=2628&r2=2629&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/src/Utils.hpp (original)
+++ limal-head/limal-ca-mgm/src/Utils.hpp Thu Sep 10 12:16:08 2009
@@ -140,7 +140,7 @@
inline limal::ValueCheck initDNSCheck() {
limal::ValueCheck checkDNS =
- limal::ValueCheck(new limal::ValuePosixRECheck("^[a-z]+[a-z0-9.-]*$"));
+ limal::ValueCheck(new limal::ValuePosixRECheck("^[^ ]+$"));
return checkDNS;
}
Modified: limal-head/limal-ca-mgm/testsuite/CertificateTest5.cc
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/CertificateTest5.cc?rev=2629&r1=2628&r2=2629&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/CertificateTest5.cc (original)
+++ limal-head/limal-ca-mgm/testsuite/CertificateTest5.cc Thu Sep 10 12:16:08 2009
@@ -93,6 +93,7 @@
List<LiteralValue> list;
list.push_back(LiteralValue("DNS", "ca.my-company.com"));
+ list.push_back(LiteralValue("DNS", "127-55-2-80ca.my-company.com"));
list.push_back(LiteralValue("email", "me@my-company.com"));
list.push_back(LiteralValue("1.3.6.1.4.1.311.20.2.3", "me@MY-COMPANY.COM")); // ms_upn
list.push_back(LiteralValue("1.3.6.1.5.2.2", "me@MY-COMPANY.COM")); // krb5PrincipalName
Added: limal-head/limal-ca-mgm/testsuite/CertificateTest6.cc
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/CertificateTest6.cc?rev=2629&view=auto
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/CertificateTest6.cc (added)
+++ limal-head/limal-ca-mgm/testsuite/CertificateTest6.cc Thu Sep 10 12:16:08 2009
@@ -0,0 +1,147 @@
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include <iostream>
+#include <fstream>
+#include
+
+using namespace blocxx;
+using namespace limal;
+using namespace limal::ca_mgm;
+using namespace std;
+
+int main()
+{
+ sleep( 2 ); // We have a request with the same name. So sleep 2 sec. to get a difference in the timestamp
+ try
+ {
+ cout << "START" << endl;
+
+ blocxx::StringArray cat;
+ cat.push_back("FATAL");
+ cat.push_back("ERROR");
+ cat.push_back("INFO");
+ //cat.push_back("DEBUG");
+
+ // Logging
+ LoggerRef l = limal::Logger::createCerrLogger(
+ "CertificateTest6",
+ LogAppender::ALL_COMPONENTS,
+ cat,
+ "%-5p %c - %m"
+ );
+ limal::Logger::setDefaultLogger(l);
+
+ CA ca("Test_CA1", "system", "./TestRepos/");
+ RequestGenerationData rgd = ca.getRequestDefaults(E_Client_Req);
+
+ // ------------------------ Set DN --------------------------------
+
+ List<RDNObject> dnl = rgd.getSubjectDN().getDN();
+ List<RDNObject>::iterator dnit;
+
+ for(dnit = dnl.begin(); dnit != dnl.end(); ++dnit)
+ {
+ cout << "DN Key " << (*dnit).getType() << endl;
+
+ if((*dnit).getType() == "countryName")
+ {
+ (*dnit).setRDNValue("DE");
+ }
+ else if((*dnit).getType() == "commonName")
+ {
+ (*dnit).setRDNValue("Full Test Certificate");
+ }
+ else if((*dnit).getType() == "emailAddress")
+ {
+ (*dnit).setRDNValue("suse@suse.de");
+ }
+ }
+
+ DNObject dn(dnl);
+ rgd.setSubjectDN(dn);
+
+ // ------------------------ create request --------------------------------
+
+ blocxx::String r = ca.createRequest("system", rgd, E_Client_Req);
+
+ cout << "RETURN Request " << endl;
+
+ // ------------------------ get issue defaults --------------------------------
+
+ CertificateIssueData cid = ca.getIssueDefaults(E_Client_Cert);
+
+ // ------------------------ create bit extension -----------------------------
+
+ cid.extensions().keyUsage().setKeyUsage(KeyUsageExt::decipherOnly);
+ cid.extensions().nsCertType().setNsCertType(NsCertTypeExt::objCA |
+ NsCertTypeExt::emailCA |
+ NsCertTypeExt::sslCA);
+
+ // ----------------- create basic constrains extension -----------------------
+
+ cid.extensions().basicConstraints().setBasicConstraints(true, 3);
+
+ // ------------------------ create alternative extension -----------------------------
+
+ List<LiteralValue> list;
+ list.push_back(LiteralValue("DNS", "ca.my-company.com"));
+ list.push_back(LiteralValue("DNS", "127-55-2-80 ca.my-company.com"));
+ list.push_back(LiteralValue("email", "me@my-company.com"));
+ list.push_back(LiteralValue("1.3.6.1.4.1.311.20.2.3", "me@MY-COMPANY.COM")); // ms_upn
+ list.push_back(LiteralValue("1.3.6.1.5.2.2", "me@MY-COMPANY.COM")); // krb5PrincipalName
+ list.push_back(LiteralValue("1.3.6.1.4.1.311.20.2.3", "me/admin@MY-COMPANY.COM")); // ms_upn
+ list.push_back(LiteralValue("1.3.6.1.5.2.2", "me/admin@MY-COMPANY.COM")); // krb5PrincipalName
+ list.push_back(LiteralValue("IP", "2001:780:101:a00:211:11ff:fee6:a5af")); // IPv6 address
+
+ cid.extensions().subjectAlternativeName().setCopyEmail(true);
+ cid.extensions().subjectAlternativeName().setAlternativeNameList(list);
+ cid.extensions().issuerAlternativeName().setCopyIssuer(true);
+ cid.extensions().issuerAlternativeName().setAlternativeNameList(list);
+
+
+ blocxx::String c = ca.issueCertificate(r, cid, E_CA_Cert);
+
+ //sleep(10000);
+
+ cout << "RETURN Certificate " << endl;
+
+ path::PathInfo pi("./TestRepos/Test_CA1/newcerts/" + c + ".pem");
+
+ cout << "Certificate exists: " << Bool(pi.exists()) << endl;
+
+ CertificateData cd = ca.getCertificate(c);
+
+ StringArray ret = cd.getExtensions().dump();
+ StringArray::const_iterator it;
+
+ for(it = ret.begin(); it != ret.end(); ++it)
+ {
+ if((*it).startsWith("KeyID"))
+ {
+ cout << "found KeyID" << endl;
+ }
+ else
+ {
+ cout << (*it) << endl;
+ }
+ }
+
+ cout << "DONE" << endl;
+ }
+ catch(Exception& e)
+ {
+ cerr << e << endl;
+ }
+
+ return 0;
+}
+
+/* vim: set ts=8 sts=8 sw=8 ai noet: */
Modified: limal-head/limal-ca-mgm/testsuite/Makefile.am
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/Makefile.am?rev=2629&r1=2628&r2=2629&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/Makefile.am (original)
+++ limal-head/limal-ca-mgm/testsuite/Makefile.am Thu Sep 10 12:16:08 2009
@@ -25,7 +25,7 @@
RemoveRequestTest.single RevxRemoveCertificateTest.single \
VerifyTest.single ParseCATest.single \
CertificateTest3.single CertificateTest4.single \
- CertificateTest5.single ParseCertificateTest.multi \
+ CertificateTest5.single CertificateTest6.single ParseCertificateTest.multi \
ParseCertificateTest2.multi ParseRequestTest.multi ParseCRLTest.multi \
RevokeTest5.single ImportRequestTest.single \
DeleteCATest.single ImportCATest.single \
@@ -65,6 +65,8 @@
CertificateTest5_single_SOURCES = CertificateTest5.cc
+CertificateTest6_single_SOURCES = CertificateTest6.cc
+
RevokeTest_single_SOURCES = RevokeTest.cc
RevokeTest2_single_SOURCES = RevokeTest2.cc
Modified: limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/cam.txt
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/cam.txt?rev=2629&r1=2628&r2=2629&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/cam.txt (original)
+++ limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/cam.txt Thu Sep 10 12:16:08 2009
@@ -0,0 +1,16 @@
+b4d4e48e6de644c953290eb2854a6ced-1252572675 /C=DE/CN=Test CA\/SUSE Inc.\\Gmbh/emailAddress=suse@suse.de
+bc5324c7f5c2a27492fb6795745b596b-1252572675 /C=DE/CN=Test Server Certificate\/SUSE Inc.\\Gmbh/emailAddress=suse@suse.de
+40717a16174dc4d516f6fa7ee8eeb18c-1252572678 /C=DE/CN=Full Test Certificate/emailAddress=suse@suse.de
+40717a16174dc4d516f6fa7ee8eeb18c-1252572680 /C=DE/CN=Full Test Certificate/emailAddress=suse@suse.de
+40717a16174dc4d516f6fa7ee8eeb18c-1252572683 /C=DE/CN=Full Test Certificate/emailAddress=suse@suse.de
+b4d4e48e6de644c953290eb2854a6ced-1252572689 /C=DE/CN=Test CA\/SUSE Inc.\\Gmbh/emailAddress=suse@suse.de
+c293624b6a877f401407ce8f8f1f327e-1252572690 /C=DE/L=Nuremberg/O=SUSE Linux GmbH/OU=IT/CN=SUSE User CA/emailAddress=security-team@suse.de
+b4d4e48e6de644c953290eb2854a6ced-1252572691 /C=DE/CN=Test CA\/SUSE Inc.\\Gmbh/emailAddress=suse@suse.de
+c1943ae4b9bd7320fae3e29f217483e3-1252572691 /C=DE/CN=Test Request/emailAddress=suse@suse.de
+d816690a832b0e52becd255d3a62e975-1252572692 /C=DE/CN=Test Certificate for revocation 2/emailAddress=suse@suse.de
+9198f6798d9da70d7cbfb67b610633f5-1252572693 /C=DE/CN=Test Certificate for revocation 3/emailAddress=suse@suse.de
+3e248858337c2b46dc67a0f9389376dd-1252572694 /C=DE/CN=Test Certificate for revocation 4/emailAddress=suse@suse.de
+bf04fdd95062554800c1556085f47063-1252572694 /C=DE/CN=Test Certificate for revocation 5 oid test/emailAddress=suse@suse.de
+9797ac11af29f94b82c1e5b0499ab5f2-1252572695 /C=DE/CN=Test Sub CA/emailAddress=suse@suse.de
+40717a16174dc4d516f6fa7ee8eeb18c-1252572697 /C=DE/CN=Full Test Certificate/emailAddress=suse@suse.de
+c1943ae4b9bd7320fae3e29f217483e3-1252572698 /C=DE/CN=Test Request/emailAddress=suse@suse.de
Modified: limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/index.txt
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/index.txt?rev=2629&r1=2628&r2=2629&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/index.txt (original)
+++ limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/index.txt Thu Sep 10 12:16:08 2009
@@ -0,0 +1,12 @@
+V 100910085115Z 01 unknown /C=DE/CN=Test CA/SUSE Inc.\Gmbh/emailAddress=suse@suse.de
+V 100910085115Z 02 unknown /C=DE/CN=Test Server Certificate/SUSE Inc.\Gmbh/emailAddress=suse@suse.de
+V 100910085116Z 03 unknown /C=DE/CN=Full Test Certificate/emailAddress=suse@suse.de
+V 100910085118Z 04 unknown /C=DE/CN=Full Test Certificate/emailAddress=suse@suse.de
+V 100910085121Z 05 unknown /C=DE/CN=Full Test Certificate/emailAddress=suse@suse.de
+R 100910085132Z 090910085132Z 06 unknown /C=DE/CN=Test Certificate for revocation/emailAddress=suse@suse.de
+R 100910085132Z 090910085133Z,holdInstruction,holdInstructionCallIssuer 07 unknown /C=DE/CN=Test Certificate for revocation 2/emailAddress=suse@suse.de
+R 100910085133Z 090910085133Z,keyTime,20090910103453Z 08 unknown /C=DE/CN=Test Certificate for revocation 3/emailAddress=suse@suse.de
+R 100910085134Z 090910085134Z,CAkeyTime,20090910103454Z 09 unknown /C=DE/CN=Test Certificate for revocation 4/emailAddress=suse@suse.de
+R 100910085134Z 090910085134Z,holdInstruction,1.6.21.43 0A unknown /C=DE/CN=Test Certificate for revocation 5 oid test/emailAddress=suse@suse.de
+V 110910085135Z 0B unknown /C=DE/CN=Test Sub CA/emailAddress=suse@suse.de
+V 100910085137Z 0C unknown /C=DE/CN=Full Test Certificate/emailAddress=suse@suse.de
Modified: limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/serial
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/serial?rev=2629&r1=2628&r2=2629&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/serial (original)
+++ limal-head/limal-ca-mgm/testsuite/TestRepos/Test_CA1/serial Thu Sep 10 12:16:08 2009
@@ -1 +1 @@
-01
\ No newline at end of file
+0D
Modified: limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest5.out
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest5.out?rev=2629&r1=2628&r2=2629&view=diff
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest5.out (original)
+++ limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest5.out Thu Sep 10 12:16:08 2009
@@ -75,6 +75,8 @@
LiteralValue::dump()
DNS:ca.my-company.com
LiteralValue::dump()
+DNS:127-55-2-80ca.my-company.com
+LiteralValue::dump()
email:me@my-company.com
LiteralValue::dump()
1.3.6.1.4.1.311.20.2.3:me@MY-COMPANY.COM
@@ -96,6 +98,8 @@
LiteralValue::dump()
DNS:ca.my-company.com
LiteralValue::dump()
+DNS:127-55-2-80ca.my-company.com
+LiteralValue::dump()
email:me@my-company.com
LiteralValue::dump()
1.3.6.1.4.1.311.20.2.3:me@MY-COMPANY.COM
Added: limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.err
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.err?rev=2629&view=auto
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.err (added)
+++ limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.err Thu Sep 10 12:16:08 2009
@@ -0,0 +1,2 @@
+ERROR ca-mgm - Wrong LiteralValue for type 'DNS': 127-55-2-80 ca.my-company.com
+LiteralValues.cpp: 82 ValueException: Wrong LiteralValue for type 'DNS': 127-55-2-80 ca.my-company.com
Added: limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.out
URL: http://svn.opensuse.org/viewcvs/limal/limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.out?rev=2629&view=auto
==============================================================================
--- limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.out (added)
+++ limal-head/limal-ca-mgm/testsuite/single.out/CertificateTest6.out Thu Sep 10 12:16:08 2009
@@ -0,0 +1,9 @@
+START
+DN Key countryName
+DN Key stateOrProvinceName
+DN Key localityName
+DN Key organizationName
+DN Key organizationalUnitName
+DN Key commonName
+DN Key emailAddress
+RETURN Request
--
To unsubscribe, e-mail: limal-commit+unsubscribe@opensuse.org
For additional commands, e-mail: limal-commit+help@opensuse.org
