[fix] escaping with OpenSSL::X509::Name::RFC2253

kares · kares · commit db501d7bfb8f · 2022-05-08T17:14:35.000+02:00
diff --git a/src/main/java/org/jruby/ext/openssl/X509Name.java b/src/main/java/org/jruby/ext/openssl/X509Name.java
@@ -435,11 +435,12 @@ private StringBuilder toFormat(final Ruby runtime, final int format) {
             final ASN1ObjectIdentifier oid = oidsIter.next();
             String oName = name(runtime, oid);
             if ( oName == null ) oName = oid.toString();
-            final Object value = valuesIter.next();
+            final Object value = valuesIter.next(); // ASN1String impl (getString() -> toString())
 
             switch (format) {
                 case RFC2253:
-                    str.append(sep).append(oName).append('=').append(value);
+                    str.append(sep).append(oName).append('=');
+                    appendValueRFC2253(str, value);
                     sep = ",";
                     break;
                 case ONELINE:
@@ -464,6 +465,26 @@ private StringBuilder toFormat(final Ruby runtime, final int format) {
         return str;
     }
 
+    private static void appendValueRFC2253(final StringBuilder str, final Object value) {
+        final String val = value.toString();
+        for (int i = 0; i < val.length(); i++) {
+            char c = val.charAt(i);
+            switch (c) {
+                case ',' :
+                case '+' :
+                case '"' :
+                case '<' :
+                case '>' :
+                case ';' :
+                case '\\' :
+                    str.append('\\').append(c);
+                    break;
+                default :
+                    str.append(c);
+            }
+        }
+    }
+
     @JRubyMethod
     public IRubyObject to_utf8(ThreadContext context) {
         return StringHelper.newUTF8String(context.runtime, toFormat(context.runtime, RFC2253));
diff --git a/src/test/ruby/x509/test_x509name.rb b/src/test/ruby/x509/test_x509name.rb
@@ -1,20 +1,21 @@
+# encoding: UTF-8
 require File.expand_path('../test_helper', File.dirname(__FILE__))
 
 class TestX509Name < TestCase
 
-  def test_to_a_to_s
+  def test_to_a_to_s_and_to_utf8
     dn = [
       ["DC", "org"],
       ["DC", "jruby", 22],
       ["CN", "Karol Bucek"],
       ["UID", "kares"],
       ["emailAddress", "jruby@kares-x.org"],
       ["serialNumber", "1234567890"],
-      ["street", "Edelenyska"],
+      ["street", "Edelenska"],
       ['2.5.4.44', 'X'],
-      ['2.5.4.65', 'BUBS'],
-      ['postalCode', '04801', 22],
-      ['postalAddress', 'Edelenyska 1, Roznava'],
+      ['2.5.4.65', 'B;BS'],
+      ['postalCode', '048+01', 22],
+      ['postalAddress', "Edelénska 2022/11, RV"],
     ]
     name = OpenSSL::X509::Name.new
     dn.each { |attr| name.add_entry(*attr) }
@@ -27,20 +28,29 @@ def test_to_a_to_s
       ["UID", "kares", 12],
       ["emailAddress", "jruby@kares-x.org", 22],
       ["serialNumber", "1234567890", 19],
-      ["street", "Edelenyska", 12],
+      ["street", "Edelenska", 12],
       ['generationQualifier', 'X', 12],
-      ['pseudonym', 'BUBS', 12],
-      ['postalCode', '04801', 22],
-      ['postalAddress', 'Edelenyska 1, Roznava', 12],
+      ['pseudonym', 'B;BS', 12],
+      ['postalCode', '048+01', 22],
+      ['postalAddress', "Edelénska 2022/11, RV", 12],
     ]
 
     assert_equal exp_to_a.size, ary.size
     exp_to_a.each_with_index do |el, i|
       assert_equal el, ary[i]
     end
 
-    str = exp_to_a.map { |arr| "#{arr[0]}=#{arr[1]}" }.join('/')
-    assert_equal "/#{str}", name.to_s
+    assert_equal "/DC=org/DC=jruby/CN=Karol Bucek/UID=kares/emailAddress=jruby@kares-x.org/serialNumber=1234567890/street=Edelenska/generationQualifier=X/pseudonym=B;BS/postalCode=048+01/postalAddress=Edelénska 2022/11, RV",
+                 name.to_s
+    # assert_equal Encoding::ASCII_8BIT, name.to_s.encoding # MRI behavior
+    # assert_equal "DC=org, DC=jruby, CN=Karol Bucek/UID=kares/emailAddress=jruby@kares-x.org/serialNumber=1234567890/street=Edelenska/generationQualifier=X/pseudonym=B;BS/postalCode=048+01/postalAddress=Edelénska 2022/11, RV",
+    #              name.to_s(OpenSSL::X509::Name::COMPAT)
+    # assert_equal Encoding::ASCII_8BIT, name.to_s(OpenSSL::X509::Name::COMPAT).encoding # MRI behavior
+
+    assert_equal "postalAddress=Edelénska 2022/11\\, RV,postalCode=048\\+01,pseudonym=B\\;BS,generationQualifier=X,street=Edelenska,serialNumber=1234567890,emailAddress=jruby@kares-x.org,UID=kares,CN=Karol Bucek,DC=jruby,DC=org",
+                 name.to_s(OpenSSL::X509::Name::RFC2253)
+    assert_equal "postalAddress=Edelénska 2022/11\\, RV,postalCode=048\\+01,pseudonym=B\\;BS,generationQualifier=X,street=Edelenska,serialNumber=1234567890,emailAddress=jruby@kares-x.org,UID=kares,CN=Karol Bucek,DC=jruby,DC=org",
+                 name.to_utf8
   end
 
   def test_raise_on_invalid_field_name
@@ -76,7 +86,6 @@ def test_hash_multiple_spaces_mixed_case
   end
 
   def test_hash_long_name
-   puts 'test_hash_long_name'
     name = OpenSSL::X509::Name.new [['CN', 'a' * 255], ['DC', 'example']]
     assert_equal 214469118, name.hash
   end
