[Pkg-privacy-commits] [msva-perl] 193/356: fix up the pem-handling code, and test it

Mon Aug 24 07:41:55 UTC 2015

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch debian
in repository msva-perl.

commit d53fd14c12e4e3d3e0d3a280a2f7c79c05eb8972
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Fri Oct 29 00:54:01 2010 -0400

    fix up the pem-handling code, and test it
---
 Changelog                  |  3 ++-
 Crypt/Monkeysphere/MSVA.pm |  7 ++++---
 tests/basic                | 26 +++++++++++++++++---------
 3 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/Changelog b/Changelog
index 25dde74..4f5e0ae 100644
--- a/Changelog
+++ b/Changelog
@@ -12,8 +12,9 @@ msva-perl (0.6~pre) upstream;
     (closes MS #2567)
   * report server implementation name and version with every query (closes
     MS # 2564)
+  * support x509pem PKC format in addition to x509der (addresses MS #2566)
 
- -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>  Thu, 28 Oct 2010 17:14:35 -0400
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>  Fri, 29 Oct 2010 00:53:37 -0400
 
 msva-perl (0.5) upstream;
 
diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm
index 55dc5bc..624ff86 100755
--- a/Crypt/Monkeysphere/MSVA.pm
+++ b/Crypt/Monkeysphere/MSVA.pm
@@ -396,14 +396,15 @@
     my $ready = 0;
     use MIME::Base64;
     foreach my $line (@lines) {
-      if ($ready) {
+      if ($line eq '-----END CERTIFICATE-----') {
+        last;
+      } elsif ($ready) {
         push @goodlines, $line;
       } elsif ($line eq '-----BEGIN CERTIFICATE-----') {
         $ready = 1;
-      } elsif ($line eq '-----END CERTIFICATE-----') {
-        last;
       }
     }
+    msvalog('debug', "%d lines of base64:\n%s\n", $#goodlines + 1, join("\n", @goodlines));
     return decode_base64(join('', @goodlines));
   }
 
diff --git a/tests/basic b/tests/basic
index 266d8a2..14cbf2e 100755
--- a/tests/basic
+++ b/tests/basic
@@ -51,6 +51,7 @@ printf "Key-Type: RSA\nKey-Length: 1024\nKey-Usage: sign\nName-Real: MSVA Test C
 # make 3 websites (X, Y, and Z) with self-signed certs:
 for name in x y z ; do 
     openssl req -x509 -subj "/CN=${name}.example.net/" -nodes -sha256 -newkey rsa:1024 -keyout "${WORKDIR}/sec/${name}.key" -outform DER -out "${WORKDIR}/x509/${name}.der"
+    openssl x509 -inform DER -outform PEM < "${WORKDIR}/x509/${name}.der" > "${WORKDIR}/x509/${name}.pem"
 done
 
 # translate X and Y's keys into OpenPGP cert
@@ -62,23 +63,30 @@ runtests() {
     # X should not validate as X or Y or Z:
     for name in x y z; do
         ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" x509der < "${WORKDIR}/x509/x.der"
+        ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" x509pem < "${WORKDIR}/x509/x.pem"
     done
     
     # certify X's OpenPGP cert with CA
     gpg --batch --yes --sign-key https://x.example.net
-    
-    # X should now validate as X
-    "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net x509der < "${WORKDIR}/x509/x.der"
 
+    # it should fail if we pass it the wrong kind of data:
+    ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net "x509der" < "${WORKDIR}/x509/x.pem"
+    ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net "x509pem" < "${WORKDIR}/x509/x.der"
+        
+    for ctype in pem der; do 
+    # X should now validate as X
+        "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https x.example.net "x509${ctype}" < "${WORKDIR}/x509/x.${ctype}"
+        
     # but X should not validate as Y or Z:
-    for name in x y z; do
-        ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" x509der < "${WORKDIR}/x509/x.der"
-    done
+        for name in x y z; do
+            ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${name}.example.net" "x509${ctype}" < "${WORKDIR}/x509/x.${ctype}"
+        done
 
     # neither Y nor Z should validate as any of them:
-    for src in y z; do
-        for targ in x y z; do
-            ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${targ}.example.net" x509der < "${WORKDIR}/x509/${src}.der"
+        for src in y z; do
+            for targ in x y z; do
+                ! "${srcdir}"/test-msva msva-perl "${srcdir}"/test-msva msva-query-agent https "${targ}.example.net" "x509${ctype}" < "${WORKDIR}/x509/${src}.${ctype}"
+            done
         done
     done
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/msva-perl.git

