From d53fd14c12e4e3d3e0d3a280a2f7c79c05eb8972 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 29 Oct 2010 00:54:01 -0400 Subject: [PATCH] fix up the pem-handling code, and test it --- Changelog | 3 ++- Crypt/Monkeysphere/MSVA.pm | 7 ++++--- tests/basic | 26 +++++++++++++++++--------- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/Changelog b/Changelog index 25dde74..4f5e0ae 100644 --- a/Changelog +++ b/Changelog @@ -12,8 +12,9 @@ msva-perl (0.6~pre) upstream; (closes MS #2567) * report server implementation name and version with every query (closes MS # 2564) + * support x509pem PKC format in addition to x509der (addresses MS #2566) - -- Daniel Kahn Gillmor Thu, 28 Oct 2010 17:14:35 -0400 + -- Daniel Kahn Gillmor Fri, 29 Oct 2010 00:53:37 -0400 msva-perl (0.5) upstream; diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm index 55dc5bc..624ff86 100755 --- a/Crypt/Monkeysphere/MSVA.pm +++ b/Crypt/Monkeysphere/MSVA.pm @@ -396,14 +396,15 @@ my $ready = 0; use MIME::Base64; foreach my $line (@lines) { - if ($ready) { + if ($line eq '-----END CERTIFICATE-----') { + last; + } elsif ($ready) { push @goodlines, $line; } elsif ($line eq '-----BEGIN CERTIFICATE-----') { $ready = 1; - } elsif ($line eq '-----END CERTIFICATE-----') { - last; } } + msvalog('debug', "%d lines of base64:\n%s\n", $#goodlines + 1, join("\n", @goodlines)); return decode_base64(join('', @goodlines)); } diff --git a/tests/basic b/tests/basic index 266d8a2..14cbf2e 100755 --- a/tests/basic +++ b/tests/basic @@ -51,6 +51,7 @@ printf "Key-Type: RSA\nKey-Length: 1024\nKey-Usage: sign\nName-Real: MSVA Test C # make 3 websites (X, Y, and Z) with self-signed certs: for name in x y z ; do openssl req -x509 -subj "/CN=${name}.example.net/" -nodes -sha256 -newkey rsa:1024 -keyout "${WORKDIR}/sec/${name}.key" -outform DER -out "${WORKDIR}/x509/${name}.der" + openssl x509 -inform DER -outform PEM < "${WORKDIR}/x509/${name}.der" > "${WORKDIR}/x509/${name}.pem" done # translate X and Y's keys into OpenPGP cert @@ -62,23 +63,30 @@ runtests() { # X should not validate as X or Y or Z: for name in x y z; do ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" x509der < "${WORKDIR}/x509/x.der" + ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" x509pem < "${WORKDIR}/x509/x.pem" done # certify X's OpenPGP cert with CA gpg --batch --yes --sign-key https://x.example.net - - # X should now validate as X - "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net x509der < "${WORKDIR}/x509/x.der" + # it should fail if we pass it the wrong kind of data: + ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net "x509der" < "${WORKDIR}/x509/x.pem" + ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net "x509pem" < "${WORKDIR}/x509/x.der" + + for ctype in pem der; do + # X should now validate as X + "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net "x509${ctype}" < "${WORKDIR}/x509/x.${ctype}" + # but X should not validate as Y or Z: - for name in x y z; do - ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" x509der < "${WORKDIR}/x509/x.der" - done + for name in x y z; do + ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" "x509${ctype}" < "${WORKDIR}/x509/x.${ctype}" + done # neither Y nor Z should validate as any of them: - for src in y z; do - for targ in x y z; do - ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${targ}.example.net" x509der < "${WORKDIR}/x509/${src}.der" + for src in y z; do + for targ in x y z; do + ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${targ}.example.net" "x509${ctype}" < "${WORKDIR}/x509/${src}.${ctype}" + done done done } -- 2.26.2