IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

x509: fix SAN directoryName parsing

Browse Source 
The subjectAltName extension parsing code in ipalib.x509 fails on
directoryName values because the Choice structure is not endowed
with an inner type.  Implement the Name structure, whose inner type
is a CHOICE { SEQUENCE OF RelativeDistinguishedName }, to resolve.

Note that the structure still does not get fully parsed; only enough
to recognise the SequenceOf tag and not fail.

Part of: https://fedorahosted.org/freeipa/ticket/6022

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Fraser Tweedale 2016-07-22 12:05:13 +10:00 committed by Jan Cholasta
parent 0245d2aadf
commit dae82b25bd
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ipalib/x509.py
View File

@ -196,6 +196,12 @@ def is_self_signed(certificate, datatype=PEM, dbdir=None):
del nsscert
return self_signed
class _Name(univ.Choice):
componentType = namedtype.NamedTypes(
namedtype.NamedType('rdnSequence',
univ.SequenceOf()),
)
class _TBSCertificate(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType(
@ -204,9 +210,9 @@ class _TBSCertificate(univ.Sequence):
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('serialNumber', univ.Integer()),
namedtype.NamedType('signature', univ.Sequence()),
namedtype.NamedType('issuer', univ.Sequence()),
namedtype.NamedType('issuer', _Name()),
namedtype.NamedType('validity', univ.Sequence()),
namedtype.NamedType('subject', univ.Sequence()),
namedtype.NamedType('subject', _Name()),
namedtype.NamedType('subjectPublicKeyInfo', univ.Sequence()),
namedtype.OptionalNamedType(
'issuerUniquedID',
@ -403,7 +409,7 @@ class _GeneralName(univ.Choice):
namedtype.NamedType('x400Address', univ.Sequence().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))
),
namedtype.NamedType('directoryName', univ.Choice().subtype(
namedtype.NamedType('directoryName', _Name().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))
),
namedtype.NamedType('ediPartyName', univ.Sequence().subtype(