Decode challengePassword attribute as DirectoryString

The PKCS #9 challengePassword attribute has DirectoryString syntax. Dogtag currently attempts only to decode it as a PrintableString, causing failures when the attribute is encoded as a UTF8String. Add method DerValue.getDirectoryString() to decode any of the valid DirectoryString encodings and update ChallengePassword to use it. https://fedorahosted.org/pki/ticket/1221
dogtagpki · Dec 16, 2014 · cdebcd5 · cdebcd5
1 parent 8f06f41
commit cdebcd5
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 1 deletion.
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
@@ -88,7 +88,7 @@ public void decode(InputStream in)
 
     private void construct(DerValue derVal) throws IOException {
         try {
-            cpw = derVal.getPrintableString();
+            cpw = derVal.getDirectoryString();
         } catch (NullPointerException e) {
             cpw = "";
         }

diff --git a/base/util/src/netscape/security/util/DerInputStream.java b/base/util/src/netscape/security/util/DerInputStream.java
@@ -369,6 +369,10 @@ public String getUniversalString() throws IOException {
         return (new DerValue(buffer)).getUniversalString();
     }
 
+    public String getDirectoryString() throws IOException {
+        return (new DerValue(buffer)).getDirectoryString();
+    }
+
     /**
      * Get a UTC encoded time value from the input stream.
      */

diff --git a/base/util/src/netscape/security/util/DerValue.java b/base/util/src/netscape/security/util/DerValue.java
@@ -130,6 +130,13 @@ public class DerValue {
     /** Tag value indicating an ASN.1 "UTF8String" value. (since 1998) */
     public final static byte tag_UTF8String = 0x0C;
 
+    public final static byte[] tags_DirectoryString =
+        { tag_T61String
+        , tag_PrintableString
+        , tag_UniversalString
+        , tag_UTF8String
+        , tag_BMPString };
+
     // CONSTRUCTED seq/set
 
     /**
@@ -521,6 +528,21 @@ public String getPrintableString()
         return getASN1CharString();
     }
 
+    public String getDirectoryString() throws IOException {
+        boolean tagValid = false;
+        for (int i = 0; i < tags_DirectoryString.length; i++) {
+            if (tag == tags_DirectoryString[i]) {
+                tagValid = true;
+                break;
+            }
+        }
+        if (!tagValid)
+            throw new IOException(
+                "DerValue.getDirectoryString: invalid tag: " + tag);
+
+        return getASN1CharString();
+    }
+
     /*
      * @eturns a string if the DerValue is a ASN.1 character string type and
      * if there is a decoder for the type. Returns null otherwise.