From commits-return-20841-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Tue Jan 06 16:55:35 2009 Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 14554 invoked from network); 6 Jan 2009 16:55:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Jan 2009 16:55:35 -0000 Received: (qmail 20371 invoked by uid 500); 6 Jan 2009 16:55:35 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 20339 invoked by uid 500); 6 Jan 2009 16:55:35 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 20325 invoked by uid 99); 6 Jan 2009 16:55:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2009 08:55:35 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2009 16:55:32 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 3C7EE2388AF8; Tue, 6 Jan 2009 08:55:11 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r732001 - in /directory/shared/trunk/ldap/src: main/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationGrammar.java test/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationRequestTest.java Date: Tue, 06 Jan 2009 16:55:11 -0000 To: commits@directory.apache.org From: kayyagari@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090106165511.3C7EE2388AF8@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: kayyagari Date: Tue Jan 6 08:55:10 2009 New Revision: 732001 URL: http://svn.apache.org/viewvc?rev=732001&view=rev Log: added few more tests and DN validation as suggested by Emmanuel Modified: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationGrammar.java directory/shared/trunk/ldap/src/test/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationRequestTest.java Modified: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationGrammar.java URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationGrammar.java?rev=732001&r1=732000&r2=732001&view=diff ============================================================================== --- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationGrammar.java (original) +++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationGrammar.java Tue Jan 6 08:55:10 2009 @@ -29,6 +29,7 @@ import org.apache.directory.shared.asn1.ber.tlv.UniversalTag; import org.apache.directory.shared.asn1.ber.tlv.Value; import org.apache.directory.shared.asn1.codec.DecoderException; +import org.apache.directory.shared.ldap.name.LdapDN; import org.apache.directory.shared.ldap.util.StringTools; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -121,6 +122,13 @@ if ( ( targetDN != null ) && ( targetDN.trim().length() > 0 ) ) { + if( !LdapDN.isValid( targetDN ) ) + { + String msg = "invalid target DN " + targetDN; + LOG.error( msg ); + throw new DecoderException( msg ); + } + CertGenContainer.getCertGenerationObject().setTargetDN( targetDN ); } else @@ -161,6 +169,13 @@ if ( ( issuerDN != null ) && ( issuerDN.trim().length() > 0 ) ) { + if( !LdapDN.isValid( issuerDN ) ) + { + String msg = "invalid issuer DN " + issuerDN; + LOG.error( msg ); + throw new DecoderException( msg ); + } + CertGenContainer.getCertGenerationObject().setIssuerDN( issuerDN ); } } @@ -194,8 +209,22 @@ if ( ( subjectDN != null ) && ( subjectDN.trim().length() > 0 ) ) { + if( !LdapDN.isValid( subjectDN ) ) + { + String msg = "invalid subject DN " + subjectDN; + LOG.error( msg ); + throw new DecoderException( msg ); + } + CertGenContainer.getCertGenerationObject().setSubjectDN( subjectDN ); } + else + { + String msg = "failed to decode the subject DN, it cannot be null or empty it is '" + + StringTools.dumpBytes( value.getData() ); + LOG.error( msg ); + throw new DecoderException( msg ); + } } } ); @@ -221,7 +250,7 @@ if ( IS_DEBUG ) { - LOG.debug( "subject DN = " + keyAlgorithm ); + LOG.debug( "key algorithm = " + keyAlgorithm ); } if ( keyAlgorithm != null && ( keyAlgorithm.trim().length() > 0 ) ) Modified: directory/shared/trunk/ldap/src/test/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationRequestTest.java URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/test/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationRequestTest.java?rev=732001&r1=732000&r2=732001&view=diff ============================================================================== --- directory/shared/trunk/ldap/src/test/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationRequestTest.java (original) +++ directory/shared/trunk/ldap/src/test/java/org/apache/directory/shared/ldap/codec/extended/operations/CertGenerationRequestTest.java Tue Jan 6 08:55:10 2009 @@ -125,7 +125,7 @@ @Test - public void testCertGenrationDecodeWithoutTargetDN() + public void testCertGenerationDecodeTargetDN() { Asn1Decoder decoder = new LdapDecoder(); @@ -135,7 +135,6 @@ { 0x30, 0x03, // CertGenerateObject ::= SEQUENCE { 0x04, 0x01, ' ' } ); // empty targetDN value - String decodedPdu = StringTools.dumpBytes( bb.array() ); bb.flip(); CertGenerationContainer container = new CertGenerationContainer(); @@ -150,19 +149,40 @@ assertTrue( true ); } + String dn = "=sys"; + + bb = ByteBuffer.allocate( dn.length() + 2 + 2 ); + + bb.put( new byte[] + { 0x30, ( byte )( dn.length() + 2 ), // CertGenerateObject ::= SEQUENCE { + 0x04, ( byte ) dn.length(), '=', 's', 'y', 's' } ); // empty targetDN value + + bb.flip(); + + try + { + decoder.decode( bb, container ); + fail( "shouldn't accept the invalid targetDN" ); + } + catch ( DecoderException e ) + { + assertTrue( true ); + } + } @Test - public void testNullvalues() + public void testCertGenerationDecodeIssuerDN() { Asn1Decoder decoder = new LdapDecoder(); - ByteBuffer bb = ByteBuffer.allocate( 5 ); + ByteBuffer bb = ByteBuffer.allocate( 11 ); bb.put( new byte[] - { 0x30, 0x03, // CertGenerateObject ::= SEQUENCE { - 0x04, 0x01, 'x' } ); // non empty DN string + { 0x30, 0x09, // CertGenerateObject ::= SEQUENCE { + 0x04, 0x04, 'c', 'n', '=', 'x', // target DN string + 0x04, 0x01, ' '} ); // empty issuer DN CertGenerationContainer container = new CertGenerationContainer(); bb.flip(); @@ -177,43 +197,74 @@ assertTrue( true ); } - /* - CertGenerationObject certGenObj = container.getCertGenerationObject(); - - assertEquals( "x", certGenObj.getTargetDN() ); - assertNull( certGenObj.getIssuerDN() ); - assertNull( certGenObj.getSubjectDN() ); - assertNull( certGenObj.getKeyAlgorithm() ); - */ + + bb = ByteBuffer.allocate( 12 ); + + bb.put( new byte[] + { 0x30, 0x10, // CertGenerateObject ::= SEQUENCE { + 0x04, 0x04, 'c', 'n', '=', 'x', // target DN string + 0x04, 0x02, '=', 'x' } ); // empty issuer DN + + bb.flip(); + + try + { + decoder.decode( bb, container ); + fail( "shouldn't accept the invalid issuerDN" ); + } + catch ( DecoderException e ) + { + assertTrue( true ); + } } @Test - public void testCertGenerationDecodeWithoutTargetDN() + public void testCertGenerationDecodeWithoutSubjectDN() { Asn1Decoder decoder = new LdapDecoder(); - - ByteBuffer bb = ByteBuffer.allocate( 5 ); + + ByteBuffer bb = ByteBuffer.allocate( 17 ); bb.put( new byte[] - { 0x30, 0x03, // CertGenerateObject ::= SEQUENCE { - 0x04, 0x01, ' ' } ); // empty targetDN value + { 0x30, 0x15, // CertGenerateObject ::= SEQUENCE { + 0x04, 0x04, 'c', 'n', '=', 'x', // target DN string + 0x04, 0x04, 'c', 'n', '=', 'x', // issuer DN + 0x04, 0x01, ' ' } ); // empty subject DN - String decodedPdu = StringTools.dumpBytes( bb.array() ); + CertGenerationContainer container = new CertGenerationContainer(); bb.flip(); - CertGenerationContainer container = new CertGenerationContainer(); + try + { + decoder.decode( bb, container ); + fail(); + } + catch ( DecoderException e ) + { + assertTrue( true ); + } + + + bb = ByteBuffer.allocate( 18 ); + + bb.put( new byte[] + { 0x30, 0x16, // CertGenerateObject ::= SEQUENCE { + 0x04, 0x04, 'c', 'n', '=', 'x', // target DN string + 0x04, 0x04, 'c', 'n', '=', 'x', // issuer DN + 0x04, 0x02, '=', 'x' } ); // invalid subject DN + + bb.flip(); try { decoder.decode( bb, container ); - fail( "shouldn't accept the empty targetDN" ); + fail( "shouldn't accept the invalid subject DN" ); } catch ( DecoderException e ) { assertTrue( true ); } - }