From: Carl Hetherington Date: Mon, 8 Jan 2024 16:53:04 +0000 (+0100) Subject: Fix escaping of certificate dnQualifier (public key digests) on creation (DoM #2716). X-Git-Tag: v1.8.93 X-Git-Url: https://main.carlh.net/gitweb/?a=commitdiff_plain;h=75d6411bb1f04a1375b00f361a0c1358d6e8d7ab;p=libdcp.git Fix escaping of certificate dnQualifier (public key digests) on creation (DoM #2716). --- diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc index c1f90b10..c4e3a9b0 100644 --- a/src/certificate_chain.cc +++ b/src/certificate_chain.cc @@ -156,11 +156,9 @@ dcp::public_key_digest(RSA* public_key) string dcp::escape_digest(string digest) -#ifdef LIBDCP_WINDOWS +{ boost::replace_all(digest, "/", "\\/"); -#else - boost::replace_all(digest, "/", "\\\\/"); -#endif + boost::replace_all(digest, "+", "\\+"); return digest; } diff --git a/test/certificates_test.cc b/test/certificates_test.cc index 4795e45e..7ac06428 100644 --- a/test/certificates_test.cc +++ b/test/certificates_test.cc @@ -279,3 +279,26 @@ BOOST_AUTO_TEST_CASE (certificate_not_before_after) BOOST_CHECK_EQUAL (not_after.month(), 6); BOOST_CHECK_EQUAL (not_after.year(), 2025); } + + +/** Check for correct escaping of public key digests */ +BOOST_AUTO_TEST_CASE(certificate_public_key_digest) +{ + BOOST_CHECK_EQUAL(dcp::public_key_digest("test/data/private.key"), "MekIXGBkYdh28siMnnF\\/Zs2JeK8="); + BOOST_CHECK_EQUAL(dcp::public_key_digest("test/data/private2.key"), "dfjStQNFTdVpfzgmxQCb3x\\+y2SY="); +} + + +/** Create some certificates and check that the dnQualifier read from the header is always what is should be; + * previously it would not be if the digest contained \ or + (DoM #2716). + */ +BOOST_AUTO_TEST_CASE(certificate_dn_qualifiers) +{ + for (auto i = 0; i < 50; ++i) { + dcp::CertificateChain chain(boost::filesystem::path("openssl"), 10 * 365); + for (auto cert: chain.unordered()) { + BOOST_CHECK_EQUAL(dcp::escape_digest(cert.subject_dn_qualifier()), dcp::public_key_digest(cert.public_key())); + } + } +} + diff --git a/test/data/private2.key b/test/data/private2.key new file mode 100644 index 00000000..2bd5d65f --- /dev/null +++ b/test/data/private2.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCM3WNanE8/1eIg +MQ5tiN8cJZmwIlVyw0dGnTxvvN705zI/fD9IxfCECavCGxpuH/23YC93K147k7UD +tbj+jSlAhEqksWzC/ebrHyTAtL4iH1N4LeoKuLFv1YYOe2dtqNeJfMNegma0FyXN +uoBShnju2FP5OX8nDFEQ2OnOatJ4TnA7+vUr2DVeEoD8yZxg36kGuJce/sJNGqqN +J+2FIHq97gzHF5TrhIfxZN0lymUWkYJ5CHYJAMEGl+j/1D6JhV+vBX7sYmqR6+Fd +OaHC8PEmrJjwJID8Dx8QgRjpaoJHvoC8tPknvtkoFbBLjVj6tPgmeqnoeZnpYgVj +A5KSojchAgMBAAECggEACMu9K7gFcc688TYm+Lt6dQM7CsbGD6W2cmgYkUCZqnCy +UEkFmZl0iIYjEbqIBrbcLKJmrFoKpw002R+0hr6RRBxOneSPTki07dsSvC69DZvn +piI10kgQmlNarNZTUcNgfA8Mkv7xA09LtsItx5lqfT2IVtBainloKXVl+hPtAwKJ +IyV0fN8yn3hpj34nZpulgbuKD4WwT5KQKpYKCEnwLW0L5hgFnl/NXeHkSYs9eHxh +itMFmF2MHyzrEtb4g2n1fYTdRhimSWUSDgnJbMgwuZngzNscPD8EguBUl6xFpkbv +egU9dTjD4ZQG+jLKeXHjDDmVQKkw5W2Uy7HglVEvrQKBgQDA4jDaa1ACSbGUvKMg +nWvMG4WauA9Ugb3akXKXqlYfQXf98nK1o6iOieqhMJsoreljwe47yf+OmC0M0Ciw +XdYYCw5ytksM4G1HGPeA64rz0uLfAS4IJAi+9SuLNoRFD+ZFJ1NhvzdoRoKDdCCE +UfsMsJV6suYURVlMMsy0auEW7QKBgQC69ZklIbwDTn36kQYB2rCNTnmEPcnLpS3h +KVi+QgMFTm+wJDTJnHEQfe9cseMGUFzMnJL71i5ZN/FzvxB0K2+qQ26/lMLHvaO7 +xl8oPAe7H5vYwnF4Nixk5iefbwB+NkqCTqmMnpyMLnqqNTKEOho2JZxGeyC50lvx +HOeTHw7GhQKBgQDAbWhbn4/UmHynbII5+ZMfr51cu5/fqQglU9HE6VS+Hex91zEF +cV6pxYHkib9hmA8tTL5Fu8JPGhZnoAvX1+XNWspxOtgo4oVi1s+lOFgJ5CweWuj3 +iiuHhsSIQD05QSFzgEY5UDEQwLdYObRvDfKtuEWIgY30TzNFR7DdlXs2CQKBgB8i +e2iFn6vlTHGH6Tox0ykVIoN1Tr/NOEDBA/hbQemGUG9C+E+C8AlRD6WeMjKA+5NP +l+K8nmdZO6qM7Q6LlUMDi9P30CA3YqcIuBwZMyhkcS294+ujCe2bromMkMZ0ACCH +PREf8O4fZ2olBc6jZm4SAV5zbtXDRHB44c/MYkeJAoGBAI6VhJ3q7MGNUVkWKr4E +eQG2mJtvB3XOzUvnKevJO3uuihBasj+e4w0GBehbkAjMVle43xWLUSryGGTeVayR +sffPm36lxlgKiEfS/Q9f5g/FmuNZIjzrKD2EfFgk8oi45v0ghh8k+1JSHiDM+AJg +/GXnb0eXvbHrgbKUxDi8dCYX +-----END PRIVATE KEY-----