Skip to content

Commit

Permalink
8297955: LDAP CertStore should use LdapName and not String for DNs
Browse files Browse the repository at this point in the history
8224768: Test ActalisCA.java fails

Reviewed-by: lucy
Backport-of: 96adf073565e9a65912392510df8575e49695734
  • Loading branch information
GoeLin committed Jun 25, 2023
1 parent 4a7557e commit 7f1047e
Show file tree
Hide file tree
Showing 3 changed files with 211 additions and 239 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -44,6 +44,7 @@
import javax.naming.CommunicationException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.security.auth.x500.X500Principal;

import com.sun.jndi.ldap.LdapReferralException;
Expand Down Expand Up @@ -198,6 +199,49 @@ private void createInitialDirContext(String server, int port)
}
}

private static String checkName(String name) throws CertStoreException {
if (name == null) {
throw new CertStoreException("Name absent");
}
try {
if (new CompositeName(name).size() > 1) {
throw new CertStoreException("Invalid name: " + name);
}
} catch (InvalidNameException ine) {
throw new CertStoreException("Invalid name: " + name, ine);
}
return name;
}

/**
* Get the values for the given attribute. If the attribute is null
* or does not contain any values, a zero length byte array is
* returned. NOTE that it is assumed that all values are byte arrays.
*/
private static byte[][] getAttributeValues(Attribute attr)
throws NamingException {
byte[][] values;
if (attr == null) {
values = BB0;
} else {
values = new byte[attr.size()][];
int i = 0;
NamingEnumeration<?> enum_ = attr.getAll();
while (enum_.hasMore()) {
Object obj = enum_.next();
if (debug != null) {
if (obj instanceof String) {
debug.println("LDAPCertStore.getAttrValues() "
+ "enum.next is a string!: " + obj);
}
}
byte[] value = (byte[])obj;
values[i++] = value;
}
}
return values;
}

/**
* Private class encapsulating the actual LDAP operations and cache
* handling. Use:
Expand All @@ -216,27 +260,20 @@ private void createInitialDirContext(String server, int port)
*/
private class LDAPRequest {

private final String name;
private final LdapName name;
private Map<String, byte[][]> valueMap;
private final List<String> requestedAttributes;

LDAPRequest(String name) throws CertStoreException {
this.name = checkName(name);
requestedAttributes = new ArrayList<>(5);
}

private String checkName(String name) throws CertStoreException {
if (name == null) {
throw new CertStoreException("Name absent");
}
try {
if (new CompositeName(name).size() > 1) {
throw new CertStoreException("Invalid name: " + name);
}
// Convert DN to an LdapName so that it is not treated as a
// composite name by JNDI. In JNDI, using a string name is
// equivalent to calling new CompositeName(stringName).
this.name = new LdapName(name);
} catch (InvalidNameException ine) {
throw new CertStoreException("Invalid name: " + name, ine);
}
return name;
requestedAttributes = new ArrayList<>(5);
}

void addRequestedAttribute(String attrId) {
Expand Down Expand Up @@ -319,6 +356,9 @@ private Map<String, byte[][]> getValueMap() throws NamingException {
if (newDn != null && newDn.charAt(0) == '/') {
newDn = newDn.substring(1);
}
// In JNDI, it is not possible to use an LdapName for
// the referral DN, so we must validate the syntax of
// the string DN.
checkName(newDn);
} catch (Exception e) {
throw new NamingException("Cannot follow referral to "
Expand Down Expand Up @@ -363,36 +403,6 @@ private void cacheAttribute(String attrId, byte[][] values) {
String cacheKey = name + "|" + attrId;
valueCache.put(cacheKey, values);
}

/**
* Get the values for the given attribute. If the attribute is null
* or does not contain any values, a zero length byte array is
* returned. NOTE that it is assumed that all values are byte arrays.
*/
private byte[][] getAttributeValues(Attribute attr)
throws NamingException {
byte[][] values;
if (attr == null) {
values = BB0;
} else {
values = new byte[attr.size()][];
int i = 0;
NamingEnumeration<?> enum_ = attr.getAll();
while (enum_.hasMore()) {
Object obj = enum_.next();
if (debug != null) {
if (obj instanceof String) {
debug.println("LDAPCertStore.getAttrValues() "
+ "enum.next is a string!: " + obj);
}
}
byte[] value = (byte[])obj;
values[i++] = value;
}
}
return values;
}

}

/*
Expand Down
2 changes: 0 additions & 2 deletions test/jdk/ProblemList.txt
Original file line number Diff line number Diff line change
Expand Up @@ -624,8 +624,6 @@ sun/security/provider/KeyStore/DKSTest.sh 8180266 windows-

sun/security/pkcs11/KeyStore/SecretKeysBasic.java 8209398 generic-all

security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java 8224768 generic-all

sun/security/smartcardio/TestChannel.java 8039280 generic-all
sun/security/smartcardio/TestConnect.java 8039280 generic-all
sun/security/smartcardio/TestConnectAgain.java 8039280 generic-all
Expand Down
Loading

1 comment on commit 7f1047e

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.