Fix escaping of certificate dnQualifier (public key digests) on creation (DoM #2716).

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index c1f90b106c61b14f1fa279854debf2afe65af914..c4e3a9b03fa5fc7a8ccebbd581ba77b1b8edb31e 100644 (file)
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -156,11 +156,9 @@ dcp::public_key_digest(RSA* public_key)
 
 string
 dcp::escape_digest(string digest)
-#ifdef LIBDCP_WINDOWS
+{
        boost::replace_all(digest, "/", "\\/");
-#else
-       boost::replace_all(digest, "/", "\\\\/");
-#endif
+       boost::replace_all(digest, "+", "\\+");
        return digest;
 }
 

diff --git a/test/certificates_test.cc b/test/certificates_test.cc
index 4795e45e55bda0a6f40fa81bb3419b904740d0a3..7ac0642829cda421e4635015f2a60565a857af38 100644 (file)
--- a/test/certificates_test.cc
+++ b/test/certificates_test.cc
@@ -279,3 +279,26 @@ BOOST_AUTO_TEST_CASE (certificate_not_before_after)
        BOOST_CHECK_EQUAL (not_after.month(), 6);
        BOOST_CHECK_EQUAL (not_after.year(), 2025);
 }
+
+
+/** Check for correct escaping of public key digests */
+BOOST_AUTO_TEST_CASE(certificate_public_key_digest)
+{
+       BOOST_CHECK_EQUAL(dcp::public_key_digest("test/data/private.key"), "MekIXGBkYdh28siMnnF\\/Zs2JeK8=");
+       BOOST_CHECK_EQUAL(dcp::public_key_digest("test/data/private2.key"), "dfjStQNFTdVpfzgmxQCb3x\\+y2SY=");
+}
+
+
+/** Create some certificates and check that the dnQualifier read from the header is always what is should be;
+ *  previously it would not be if the digest contained \ or + (DoM #2716).
+ */
+BOOST_AUTO_TEST_CASE(certificate_dn_qualifiers)
+{
+       for (auto i = 0; i < 50; ++i) {
+               dcp::CertificateChain chain(boost::filesystem::path("openssl"), 10 * 365);
+               for (auto cert: chain.unordered()) {
+                       BOOST_CHECK_EQUAL(dcp::escape_digest(cert.subject_dn_qualifier()), dcp::public_key_digest(cert.public_key()));
+               }
+       }
+}
+

diff --git a/test/data/private2.key b/test/data/private2.key
new file mode 100644 (file)
index 0000000..2bd5d65
--- /dev/null
+++ b/test/data/private2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCM3WNanE8/1eIg
+MQ5tiN8cJZmwIlVyw0dGnTxvvN705zI/fD9IxfCECavCGxpuH/23YC93K147k7UD
+tbj+jSlAhEqksWzC/ebrHyTAtL4iH1N4LeoKuLFv1YYOe2dtqNeJfMNegma0FyXN
+uoBShnju2FP5OX8nDFEQ2OnOatJ4TnA7+vUr2DVeEoD8yZxg36kGuJce/sJNGqqN
+J+2FIHq97gzHF5TrhIfxZN0lymUWkYJ5CHYJAMEGl+j/1D6JhV+vBX7sYmqR6+Fd
+OaHC8PEmrJjwJID8Dx8QgRjpaoJHvoC8tPknvtkoFbBLjVj6tPgmeqnoeZnpYgVj
+A5KSojchAgMBAAECggEACMu9K7gFcc688TYm+Lt6dQM7CsbGD6W2cmgYkUCZqnCy
+UEkFmZl0iIYjEbqIBrbcLKJmrFoKpw002R+0hr6RRBxOneSPTki07dsSvC69DZvn
+piI10kgQmlNarNZTUcNgfA8Mkv7xA09LtsItx5lqfT2IVtBainloKXVl+hPtAwKJ
+IyV0fN8yn3hpj34nZpulgbuKD4WwT5KQKpYKCEnwLW0L5hgFnl/NXeHkSYs9eHxh
+itMFmF2MHyzrEtb4g2n1fYTdRhimSWUSDgnJbMgwuZngzNscPD8EguBUl6xFpkbv
+egU9dTjD4ZQG+jLKeXHjDDmVQKkw5W2Uy7HglVEvrQKBgQDA4jDaa1ACSbGUvKMg
+nWvMG4WauA9Ugb3akXKXqlYfQXf98nK1o6iOieqhMJsoreljwe47yf+OmC0M0Ciw
+XdYYCw5ytksM4G1HGPeA64rz0uLfAS4IJAi+9SuLNoRFD+ZFJ1NhvzdoRoKDdCCE
+UfsMsJV6suYURVlMMsy0auEW7QKBgQC69ZklIbwDTn36kQYB2rCNTnmEPcnLpS3h
+KVi+QgMFTm+wJDTJnHEQfe9cseMGUFzMnJL71i5ZN/FzvxB0K2+qQ26/lMLHvaO7
+xl8oPAe7H5vYwnF4Nixk5iefbwB+NkqCTqmMnpyMLnqqNTKEOho2JZxGeyC50lvx
+HOeTHw7GhQKBgQDAbWhbn4/UmHynbII5+ZMfr51cu5/fqQglU9HE6VS+Hex91zEF
+cV6pxYHkib9hmA8tTL5Fu8JPGhZnoAvX1+XNWspxOtgo4oVi1s+lOFgJ5CweWuj3
+iiuHhsSIQD05QSFzgEY5UDEQwLdYObRvDfKtuEWIgY30TzNFR7DdlXs2CQKBgB8i
+e2iFn6vlTHGH6Tox0ykVIoN1Tr/NOEDBA/hbQemGUG9C+E+C8AlRD6WeMjKA+5NP
+l+K8nmdZO6qM7Q6LlUMDi9P30CA3YqcIuBwZMyhkcS294+ujCe2bromMkMZ0ACCH
+PREf8O4fZ2olBc6jZm4SAV5zbtXDRHB44c/MYkeJAoGBAI6VhJ3q7MGNUVkWKr4E
+eQG2mJtvB3XOzUvnKevJO3uuihBasj+e4w0GBehbkAjMVle43xWLUSryGGTeVayR
+sffPm36lxlgKiEfS/Q9f5g/FmuNZIjzrKD2EfFgk8oi45v0ghh8k+1JSHiDM+AJg
+/GXnb0eXvbHrgbKUxDi8dCYX
+-----END PRIVATE KEY-----