[fix] handle X509::Name type conversion

resolve GH-206

Author: kares

src/main/java/org/jruby/ext/openssl/X509Name.java

@@ -49,7 +49,21 @@
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1String;
 import org.bouncycastle.asn1.BERTags;
+import org.bouncycastle.asn1.DERBMPString;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERGeneralString;
+import org.bouncycastle.asn1.DERGeneralizedTime;
+import org.bouncycastle.asn1.DERGraphicString;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERNumericString;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERT61String;
+import org.bouncycastle.asn1.DERUTCTime;
 import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.DERUniversalString;
+import org.bouncycastle.asn1.DERVideotexString;
+import org.bouncycastle.asn1.DERVisibleString;
 import org.bouncycastle.asn1.DLSequence;
 import org.bouncycastle.asn1.DLSet;
 import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
@@ -58,15 +72,13 @@
 import org.bouncycastle.asn1.x500.X500NameBuilder;
 import org.bouncycastle.asn1.x500.style.BCStyle;
 import org.bouncycastle.asn1.x509.X509DefaultEntryConverter;
-import org.bouncycastle.asn1.x509.X509NameEntryConverter;
 
 import org.jruby.Ruby;
 import org.jruby.RubyArray;
 import org.jruby.RubyBoolean;
 import org.jruby.RubyClass;
 import org.jruby.RubyFixnum;
 import org.jruby.RubyHash;
-import org.jruby.RubyInteger;
 import org.jruby.RubyModule;
 import org.jruby.RubyNumeric;
 import org.jruby.RubyObject;
@@ -246,16 +258,61 @@ private void addType(final Ruby runtime, final ASN1Encodable value) {
         this.types.add(type);
     }
 
+    /**
+     * @param oid
+     * @param value
+     * @param type expected to be legit at this point
+     * @throws RuntimeException
+     */
     private void addEntry(ASN1ObjectIdentifier oid, RubyString value, final int type) throws RuntimeException {
         this.name = null;
         this.canonicalName = null;
+        this.values.add(NAME_ENTRY_CONVERTER.convertValueFor(oid, value, type));
         this.oids.add(oid);
-        this.values.add( getNameEntryConverted().getConvertedValue(oid, value.toString()) );
         this.types.add(type);
     }
 
-    private static X509NameEntryConverter getNameEntryConverted() {
-        return new X509DefaultEntryConverter();
+    private static final X509NameEntryConverterImpl NAME_ENTRY_CONVERTER = new X509NameEntryConverterImpl();
+
+    private static class X509NameEntryConverterImpl extends X509DefaultEntryConverter {
+
+        ASN1Primitive convertValueFor(final ASN1ObjectIdentifier oid, final RubyString value, final int type) {
+            switch (type) {
+                case ASN1.BIT_STRING:
+                    return new DERBitString(value.getBytes());
+                case ASN1.OCTET_STRING:
+                    return new DEROctetString(value.getBytes());
+                case ASN1.UTF8STRING:
+                    return new DERUTF8String(value.asJavaString());
+                case ASN1.NUMERICSTRING:
+                    return new DERNumericString(value.asJavaString()); // validate?
+                case ASN1.PRINTABLESTRING:
+                    return new DERPrintableString(value.asJavaString());
+                case ASN1.T61STRING:
+                    return new DERT61String(value.asJavaString());
+                case ASN1.VIDEOTEXSTRING:
+                    return new DERVideotexString(value.getBytes());
+                case ASN1.IA5STRING:
+                    return new DERIA5String(value.asJavaString());
+                case ASN1.GENERALIZEDTIME:
+                    return new DERGeneralizedTime(value.asJavaString());
+                case ASN1.UTCTIME:
+                    return new DERUTCTime(value.asJavaString());
+                case ASN1.GRAPHICSTRING:
+                    return new DERGraphicString(value.getBytes());
+                //case ASN1.ISO64STRING:
+                    //return new DERVisibleString(value.asJavaString());
+                case ASN1.GENERALSTRING:
+                    return new DERGeneralString(value.asJavaString());
+                case ASN1.UNIVERSALSTRING:
+                    return new DERUniversalString(value.getBytes());
+                case ASN1.BMPSTRING:
+                    return new DERBMPString(value.asJavaString());
+            }
+
+            return super.getConvertedValue(oid, value.toString());
+        }
+
     }
 
     @Override

src/test/ruby/x509/test_x509name.rb

@@ -118,4 +118,269 @@ def test_hash_old
     assert_equal 3294068023, name.hash_old
   end
 
+  def setup
+    super
+    @obj_type_tmpl = Hash.new(OpenSSL::ASN1::PRINTABLESTRING)
+    @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE)
+  end
+
+  def test_s_new
+    dn = [ ["C", "JP"], ["O", "example"], ["CN", "www.example.jp"] ]
+    name = OpenSSL::X509::Name.new(dn)
+    ary = name.to_a
+    assert_equal("/C=JP/O=example/CN=www.example.jp", name.to_s)
+    assert_equal("C", ary[0][0])
+    assert_equal("O", ary[1][0])
+    assert_equal("CN", ary[2][0])
+    assert_equal("JP", ary[0][1])
+    assert_equal("example", ary[1][1])
+    assert_equal("www.example.jp", ary[2][1])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::UTF8STRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2])
+
+    dn = [
+        ["countryName", "JP"],
+        ["organizationName", "example"],
+        ["commonName", "www.example.jp"]
+    ]
+    name = OpenSSL::X509::Name.new(dn)
+    ary = name.to_a
+    assert_equal("/C=JP/O=example/CN=www.example.jp", name.to_s)
+    assert_equal("C", ary[0][0])
+    assert_equal("O", ary[1][0])
+    assert_equal("CN", ary[2][0])
+    assert_equal("JP", ary[0][1])
+    assert_equal("example", ary[1][1])
+    assert_equal("www.example.jp", ary[2][1])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::UTF8STRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2])
+
+    name = OpenSSL::X509::Name.new(dn, @obj_type_tmpl)
+    ary = name.to_a
+    assert_equal("/C=JP/O=example/CN=www.example.jp", name.to_s)
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[2][2])
+
+    dn = [
+        ["countryName", "JP", OpenSSL::ASN1::PRINTABLESTRING],
+        ["organizationName", "example", OpenSSL::ASN1::PRINTABLESTRING],
+        ["commonName", "www.example.jp", OpenSSL::ASN1::PRINTABLESTRING]
+    ]
+    name = OpenSSL::X509::Name.new(dn)
+    ary = name.to_a
+    assert_equal("/C=JP/O=example/CN=www.example.jp", name.to_s)
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[2][2])
+
+    dn = [
+        ["DC", "org"],
+        ["DC", "ruby-lang"],
+        ["CN", "GOTOU Yuuzou"],
+        ["emailAddress", "[email protected]"],
+        ["serialNumber", "123"],
+    ]
+    name = OpenSSL::X509::Name.new(dn)
+    ary = name.to_a
+    assert_equal("/DC=org/DC=ruby-lang/CN=GOTOU Yuuzou/[email protected]/serialNumber=123", name.to_s)
+    assert_equal("DC", ary[0][0])
+    assert_equal("DC", ary[1][0])
+    assert_equal("CN", ary[2][0])
+    assert_equal("emailAddress", ary[3][0])
+    assert_equal("serialNumber", ary[4][0])
+    assert_equal("org", ary[0][1])
+    assert_equal("ruby-lang", ary[1][1])
+    assert_equal("GOTOU Yuuzou", ary[2][1])
+    assert_equal("[email protected]", ary[3][1])
+    assert_equal("123", ary[4][1])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[3][2])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[4][2])
+
+    name_from_der = OpenSSL::X509::Name.new(name.to_der)
+    assert_equal(name_from_der.to_s, name.to_s)
+    assert_equal(name_from_der.to_a, name.to_a)
+    assert_equal(name_from_der.to_der, name.to_der)
+  end
+
+  def test_unrecognized_oid_parse_encode_equality
+    dn = [ ["1.2.3.4.5.6.7.8.9.7.5.3.2", "Unknown OID1"],
+           ["1.1.2.3.5.8.13.21.35", "Unknown OID2"],
+           ["C", "US"],
+           ["postalCode", "60602"],
+           ["ST", "Illinois"],
+           ["L", "Chicago"],
+           #["street", "123 Fake St"],
+           ["O", "Some Company LLC"],
+           ["CN", "mydomain.com"] ]
+
+    name1 = OpenSSL::X509::Name.new(dn)
+    name2 = OpenSSL::X509::Name.parse(name1.to_s)
+    assert_equal(name1.to_s, name2.to_s)
+    assert_equal(name1.to_a, name2.to_a)
+  end
+
+  def test_s_parse
+    dn = "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org/1.2.3.4.5.6=A=BCD"
+    name = OpenSSL::X509::Name.parse(dn)
+    assert_equal(dn, name.to_s)
+    ary = name.to_a
+    assert_equal [
+                     ["DC", "org", OpenSSL::ASN1::IA5STRING],
+                     ["DC", "ruby-lang", OpenSSL::ASN1::IA5STRING],
+                     ["CN", "www.ruby-lang.org", OpenSSL::ASN1::UTF8STRING],
+                     ["1.2.3.4.5.6", "A=BCD", OpenSSL::ASN1::UTF8STRING],
+                 ], ary
+
+    dn2 = "DC=org, DC=ruby-lang, CN=www.ruby-lang.org, 1.2.3.4.5.6=A=BCD"
+    name = OpenSSL::X509::Name.parse(dn2)
+    assert_equal(dn, name.to_s)
+    assert_equal ary, name.to_a
+
+    name = OpenSSL::X509::Name.parse(dn2, @obj_type_tmpl)
+    ary = name.to_a
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[2][2])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[3][2])
+  end
+
+  def test_s_parse_rfc2253
+    scanner = OpenSSL::X509::Name::RFC2253DN.method(:scan)
+
+    assert_equal([["C", "JP"]], scanner.call("C=JP"))
+    assert_equal([
+                     ["DC", "org"],
+                     ["DC", "ruby-lang"],
+                     ["CN", "GOTOU Yuuzou"],
+                     ["emailAddress", "[email protected]"],
+                 ],
+                 scanner.call(
+                     "[email protected],CN=GOTOU Yuuzou,"+
+                         "DC=ruby-lang,DC=org")
+    )
+
+    dn = "CN=www.ruby-lang.org,DC=ruby-lang,DC=org"
+    name = OpenSSL::X509::Name.parse_rfc2253(dn)
+    assert_equal(dn, name.to_s(OpenSSL::X509::Name::RFC2253))
+    ary = name.to_a
+    assert_equal("DC", ary[0][0])
+    assert_equal("DC", ary[1][0])
+    assert_equal("CN", ary[2][0])
+    assert_equal("org", ary[0][1])
+    assert_equal("ruby-lang", ary[1][1])
+    assert_equal("www.ruby-lang.org", ary[2][1])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2])
+  end
+
+  def test_add_entry
+    dn = [
+        ["DC", "org"],
+        ["DC", "ruby-lang"],
+        ["CN", "GOTOU Yuuzou"],
+        ["emailAddress", "[email protected]"],
+        ["serialNumber", "123"],
+    ]
+    name = OpenSSL::X509::Name.new
+    dn.each{|attr| name.add_entry(*attr) }
+    ary = name.to_a
+    assert_equal("/DC=org/DC=ruby-lang/CN=GOTOU Yuuzou/[email protected]/serialNumber=123", name.to_s)
+    assert_equal("DC", ary[0][0])
+    assert_equal("DC", ary[1][0])
+    assert_equal("CN", ary[2][0])
+    assert_equal("emailAddress", ary[3][0])
+    assert_equal("serialNumber", ary[4][0])
+    assert_equal("org", ary[0][1])
+    assert_equal("ruby-lang", ary[1][1])
+    assert_equal("GOTOU Yuuzou", ary[2][1])
+    assert_equal("[email protected]", ary[3][1])
+    assert_equal("123", ary[4][1])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[0][2])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[1][2])
+    assert_equal(OpenSSL::ASN1::UTF8STRING, ary[2][2])
+    assert_equal(OpenSSL::ASN1::IA5STRING, ary[3][2])
+    assert_equal(OpenSSL::ASN1::PRINTABLESTRING, ary[4][2])
+  end
+
+  def test_add_entry_street
+    # openssl/crypto/objects/obj_mac.h 1.83
+    dn = [
+        ["DC", "org"],
+        ["DC", "ruby-lang"],
+        ["CN", "GOTOU Yuuzou"],
+        ["emailAddress", "[email protected]"],
+        ["serialNumber", "123"],
+        ["street", "Namiki"],
+    ]
+    name = OpenSSL::X509::Name.new
+    dn.each{|attr| name.add_entry(*attr) }
+    ary = name.to_a
+    assert_equal("/DC=org/DC=ruby-lang/CN=GOTOU Yuuzou/[email protected]/serialNumber=123/street=Namiki", name.to_s)
+    assert_equal("Namiki", ary[5][1])
+  end
+
+  ###
+
+  def test_integration
+    key = OpenSSL::PKey::RSA.new(4096)
+
+    subject = "/C=FR/ST=IDF/L=PARIS/O=Company/CN=myhost.example"
+
+    cert = OpenSSL::X509::Certificate.new
+
+    fields = []
+    OpenSSL::X509::Name.parse(subject).to_a.each do |field|
+      fields << [field[0], field[1], OpenSSL::ASN1::PRINTABLESTRING]
+    end
+
+    subject_x509 = OpenSSL::X509::Name.new(fields)
+
+    assert_equal '#<OpenSSL::X509::Name CN=myhost.example,O=Company,L=PARIS,ST=IDF,C=FR>', subject_x509.inspect
+
+    cert.subject = cert.issuer = subject_x509
+
+    cert.not_before = Time.now
+    cert.not_after = Time.now + 365*24*60*60
+    cert.public_key = key.public_key
+    cert.serial = 0x0
+    cert.version = 2
+
+    ef = OpenSSL::X509::ExtensionFactory.new
+    ef.subject_certificate = ef.issuer_certificate = cert
+
+    cert.add_extension ef.create_extension('basicConstraints', 'CA:FALSE', true)
+    cert.add_extension ef.create_extension('keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
+    cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash')
+    cert.add_extension ef.create_extension('authorityKeyIdentifier', 'keyid:always,issuer:always')
+
+    cert.sign key, OpenSSL::Digest::SHA256.new
+
+    asn1 = OpenSSL::ASN1.decode(cert.to_der)
+
+    print_asn_strings(asn1)
+  end
+
+  private
+
+  def print_asn_strings(obj, depth = 0)
+    if obj.respond_to? :each
+      obj.each do |item|
+        print_asn_strings(item, depth + 1)
+      end
+    else
+      # printf("%-40s %s\n", obj.value, obj.class)
+      assert_equal OpenSSL::ASN1::PrintableString, obj.class if (
+        obj.class.to_s.match(/String/) && obj.class != OpenSSL::ASN1::BitString
+      )
+    end
+    nil
+  end
+
 end