[direct-certificate-discovery-tool] 2 new revisions pushed by Elizabet...@esacinc.com on 2014-05-21 20:55 GMT
0 views
Skip to first unread message
direct-certifica...@googlecode.com
May 21, 2014, 4:55:42 PM5/21/14
to dcdt...@googlegroups.com
2 new revisions:
Revision: 2c337e920685
Branch: default
Author: Elizab...@esacinc.com
Date: Wed May 21 16:11:42 2014 UTC
Log: - Fixed bugs related to Direct addresses in Hosting testcases
(DCDT-22...
http://code.google.com/p/direct-certificate-discovery-tool/source/detail?r=2c337e920685
Revision: 2fbbd289df02
Branch: default
Author: Elizab...@esacinc.com
Date: Wed May 21 19:44:24 2014 UTC
Log: - Further supports DCDT-228, DCDT-229, DCDT-235...
http://code.google.com/p/direct-certificate-discovery-tool/source/detail?r=2fbbd289df02
==============================================================================
Revision: 2c337e920685
Branch: default
Author: Elizab...@esacinc.com
Date: Wed May 21 16:11:42 2014 UTC
Log: - Fixed bugs related to Direct addresses in Hosting testcases
(DCDT-228, DCDT-229, DCDT-235)
- Changed Subject DN and Subject Alt Names validator email verification so
that it is case-insensitive
- Changed assumption that email address in the subject DN is for the Direct
address associated with an address-bound certificate so that validation
doesn't fail for domain-bound certificates (H2, H4)
- Allowed underscores in Direct addresses
http://code.google.com/p/direct-certificate-discovery-tool/source/detail?r=2c337e920685
Modified:
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
Tue Apr 22 12:12:28 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
Wed May 21 16:11:42 2014 UTC
@@ -10,8 +10,8 @@
import gov.hhs.onc.dcdt.mail.MailAddress;
import gov.hhs.onc.dcdt.mail.impl.MailAddressImpl;
import java.security.cert.X509Certificate;
-import java.util.Objects;
import javax.validation.ConstraintValidatorContext;
+import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.style.BCStyle;
public class CertificateInfoSubjectAltNamesConstraintValidator extends
AbstractCertificateInfoConstraintValidator<CertificateInfoSubjectAltNames> {
@@ -25,16 +25,16 @@
// noinspection ConstantConditions
if (certSubjName.hasAltName(CertificateAltNameType.RFC822_NAME)) {
// noinspection ConstantConditions
- if (!Objects.equals((certSubjAltNameDirectAddr =
- new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.RFC822_NAME).getName().toString())),
- (directAddrBound =
directAddr.forBindingType(BindingType.ADDRESS)))) {
+ if (!StringUtils.equalsIgnoreCase((certSubjAltNameDirectAddr =
+ new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.RFC822_NAME).getName().toString())).toAddress(),
(directAddrBound =
+
directAddr.forBindingType(BindingType.ADDRESS)).toAddress())) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subjectAltName X509v3 extension rfc822Name value does not match: %s != %s",
certSubjName, certInfo.getSerialNumber(),
cert.getIssuerX500Principal().getName(), certSubjAltNameDirectAddr,
directAddrBound));
} else if (certSubjName.hasAttribute(BCStyle.EmailAddress)
- && !Objects.equals(certSubjAltNameDirectAddr,
- (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress)))))
{
+
&& !StringUtils.equalsIgnoreCase(certSubjAltNameDirectAddr.toAddress(),
+ (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress))).toAddress()))
{
// noinspection ConstantConditions
throw new CertificateException(
String
@@ -44,9 +44,9 @@
}
} else // noinspection ConstantConditions
if (certSubjName.hasAltName(CertificateAltNameType.DNS_NAME)
- && !Objects.equals(
- (certSubjAltNameDirectAddr = new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.DNS_NAME).getName().toString())),
- (directAddrBound =
directAddr.forBindingType(BindingType.DOMAIN)))) {
+ && !StringUtils.equalsIgnoreCase((certSubjAltNameDirectAddr =
+ new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.DNS_NAME).getName().toString())).toAddress(),
+ (directAddrBound =
directAddr.forBindingType(BindingType.DOMAIN)).toAddress())) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subjectAltName X509v3 extension dNSName value does not match: %s != %s",
certSubjName,
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
Tue Apr 22 12:12:28 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
Wed May 21 16:11:42 2014 UTC
@@ -9,8 +9,8 @@
import gov.hhs.onc.dcdt.mail.MailAddress;
import gov.hhs.onc.dcdt.mail.impl.MailAddressImpl;
import java.security.cert.X509Certificate;
-import java.util.Objects;
import javax.validation.ConstraintValidatorContext;
+import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.style.BCStyle;
public class CertificateInfoSubjectDnConstraintValidator extends
AbstractCertificateInfoConstraintValidator<CertificateInfoSubjectDn> {
@@ -23,8 +23,9 @@
// noinspection ConstantConditions
if (certSubjName.hasAttribute(BCStyle.EmailAddress)
- && !Objects.equals((certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress))),
(directAddrBound =
- directAddr.forBindingType(BindingType.ADDRESS)))) {
+ && (directAddrBound =
directAddr.forBindingType(BindingType.ADDRESS)) != null
+ && (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress)).forBindingType(BindingType.ADDRESS)) !=
null
+
&& !StringUtils.equalsIgnoreCase(certSubjDnDirectAddr.toAddress(),
directAddrBound.toAddress())) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subject Distinguished Name EmailAddress value does not match: %s != %s",
certSubjName,
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
Thu Mar 20 10:07:30 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
Wed May 21 16:11:42 2014 UTC
@@ -18,9 +18,9 @@
public final static String PATTERN_STR_DNS_NAME_DELIM = "\\" +
DNS_NAME_DELIM;
- public final static String PATTERN_STR_DNS_NAME_LBL_CHAR
= "\\w\\-&&[^_]";
+ public final static String PATTERN_STR_DNS_NAME_LBL_CHAR = "\\w\\-";
public final static String PATTERN_STR_DNS_NAME_LBL_CHAR_ANY =
PATTERN_STR_DNS_NAME_DELIM + PATTERN_STR_DNS_NAME_LBL_CHAR;
- public final static String PATTERN_STR_DNS_NAME_LBL = "(?!\\-)[" +
PATTERN_STR_DNS_NAME_LBL_CHAR + "]{1,63}(?<!\\-)";
+ public final static String PATTERN_STR_DNS_NAME_LBL = "(?![\\-|_])[" +
PATTERN_STR_DNS_NAME_LBL_CHAR + "]{1,63}(?<![\\-|_])";
/**
* Derived from the rules defined in:
=======================================
---
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
Sun Apr 6 03:15:28 2014 UTC
+++
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
Wed May 21 16:11:42 2014 UTC
@@ -32,7 +32,8 @@
#====================================================================================================
# MAIL
#====================================================================================================
-dcdt.mail.validation.constraints.DirectAddress.msg=Must be a Direct
address (domain-bound or address-bound).
+dcdt.mail.validation.constraints.DirectAddress.msg=Must be a Direct
address (domain-bound or address-bound). \
+ A Direct address can only contain letters, numbers, hyphens, periods,
and underscores.
dcdt.mail.validation.constraints.DirectAddress.MailAddress.msg=Must be an
email address.
dcdt.mail.validation.constraints.HasMxRecord.msg=No DNS MX records were
found for the email address domain.
dcdt.mail.validation.constraints.HasMxRecord.lookup.msg=DNS MX record
lookup failed for the email address domain.
==============================================================================
Revision: 2fbbd289df02
Branch: default
Author: Elizab...@esacinc.com
Date: Wed May 21 19:44:24 2014 UTC
Log: - Further supports DCDT-228, DCDT-229, DCDT-235
- Made changes as requested in review DCDT-90
http://code.google.com/p/direct-certificate-discovery-tool/source/detail?r=2fbbd289df02
Modified:
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/mail/DirectAddress.java
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
Wed May 21 16:11:42 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
Wed May 21 19:44:24 2014 UTC
@@ -25,9 +25,10 @@
// noinspection ConstantConditions
if (certSubjName.hasAltName(CertificateAltNameType.RFC822_NAME)) {
// noinspection ConstantConditions
- if (!StringUtils.equalsIgnoreCase((certSubjAltNameDirectAddr =
- new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.RFC822_NAME).getName().toString())).toAddress(),
(directAddrBound =
-
directAddr.forBindingType(BindingType.ADDRESS)).toAddress())) {
+ certSubjAltNameDirectAddr = new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.RFC822_NAME).getName().toString());
+ // noinspection ConstantConditions
+ if ((directAddrBound =
directAddr.forBindingType(BindingType.ADDRESS)) == null
+ |
| !StringUtils.equalsIgnoreCase(certSubjAltNameDirectAddr.toAddress(),
directAddrBound.toAddress())) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subjectAltName X509v3 extension rfc822Name value does not match: %s != %s",
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
Wed May 21 16:11:42 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
Wed May 21 19:44:24 2014 UTC
@@ -22,10 +22,10 @@
MailAddress directAddr = certValidInfo.getDirectAddress(),
directAddrBound, certSubjDnDirectAddr;
// noinspection ConstantConditions
- if (certSubjName.hasAttribute(BCStyle.EmailAddress)
+ if ((certSubjName.hasAttribute(BCStyle.EmailAddress)
&& (directAddrBound =
directAddr.forBindingType(BindingType.ADDRESS)) != null
- && (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress)).forBindingType(BindingType.ADDRESS)) !=
null
-
&& !StringUtils.equalsIgnoreCase(certSubjDnDirectAddr.toAddress(),
directAddrBound.toAddress())) {
+ && (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress)).forBindingType(BindingType.ADDRESS)) !=
null && !StringUtils
+ .equalsIgnoreCase(certSubjDnDirectAddr.toAddress(),
directAddrBound.toAddress()))) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subject Distinguished Name EmailAddress value does not match: %s != %s",
certSubjName,
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
Wed May 21 16:11:42 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
Wed May 21 19:44:24 2014 UTC
@@ -20,7 +20,7 @@
public final static String PATTERN_STR_DNS_NAME_LBL_CHAR = "\\w\\-";
public final static String PATTERN_STR_DNS_NAME_LBL_CHAR_ANY =
PATTERN_STR_DNS_NAME_DELIM + PATTERN_STR_DNS_NAME_LBL_CHAR;
- public final static String PATTERN_STR_DNS_NAME_LBL = "(?![\\-|_])[" +
PATTERN_STR_DNS_NAME_LBL_CHAR + "]{1,63}(?<![\\-|_])";
+ public final static String PATTERN_STR_DNS_NAME_LBL = "(?!\\-)[" +
PATTERN_STR_DNS_NAME_LBL_CHAR + "]{1,63}(?<!\\-)";
/**
* Derived from the rules defined in:
=======================================
--- /dcdt-core/src/main/java/gov/hhs/onc/dcdt/mail/DirectAddress.java Fri
Mar 14 08:15:20 2014 UTC
+++ /dcdt-core/src/main/java/gov/hhs/onc/dcdt/mail/DirectAddress.java Wed
May 21 19:44:24 2014 UTC
@@ -61,7 +61,7 @@
DirectAddress[] value();
}
- String message()
default "{dcdt.mail.validation.constraints.DirectAddress.msg}";
+ String message()
default "{dcdt.mail.validation.constraints.DirectAddress.msg} " +
ToolMailAddressUtils.PATTERN_STR_MAIL_ADDR_DIRECT;
Class<?>[] groups() default {};
=======================================
---
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
Wed May 21 16:11:42 2014 UTC
+++
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
Wed May 21 19:44:24 2014 UTC
@@ -33,7 +33,8 @@
# MAIL
#====================================================================================================
dcdt.mail.validation.constraints.DirectAddress.msg=Must be a Direct
address (domain-bound or address-bound). \
- A Direct address can only contain letters, numbers, hyphens, periods,
and underscores.
+ A Direct address can only contain letters, numbers, hyphens, periods,
and underscores. \
+ The regex matching pattern is:
dcdt.mail.validation.constraints.DirectAddress.MailAddress.msg=Must be an
email address.
dcdt.mail.validation.constraints.HasMxRecord.msg=No DNS MX records were
found for the email address domain.
dcdt.mail.validation.constraints.HasMxRecord.lookup.msg=DNS MX record
lookup failed for the email address domain.
Revision: 2c337e920685
Branch: default
Author: Elizab...@esacinc.com
Date: Wed May 21 16:11:42 2014 UTC
Log: - Fixed bugs related to Direct addresses in Hosting testcases
(DCDT-22...
http://code.google.com/p/direct-certificate-discovery-tool/source/detail?r=2c337e920685
Revision: 2fbbd289df02
Branch: default
Author: Elizab...@esacinc.com
Date: Wed May 21 19:44:24 2014 UTC
Log: - Further supports DCDT-228, DCDT-229, DCDT-235...
http://code.google.com/p/direct-certificate-discovery-tool/source/detail?r=2fbbd289df02
==============================================================================
Revision: 2c337e920685
Branch: default
Author: Elizab...@esacinc.com
Date: Wed May 21 16:11:42 2014 UTC
Log: - Fixed bugs related to Direct addresses in Hosting testcases
(DCDT-228, DCDT-229, DCDT-235)
- Changed Subject DN and Subject Alt Names validator email verification so
that it is case-insensitive
- Changed assumption that email address in the subject DN is for the Direct
address associated with an address-bound certificate so that validation
doesn't fail for domain-bound certificates (H2, H4)
- Allowed underscores in Direct addresses
http://code.google.com/p/direct-certificate-discovery-tool/source/detail?r=2c337e920685
Modified:
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
Tue Apr 22 12:12:28 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
Wed May 21 16:11:42 2014 UTC
@@ -10,8 +10,8 @@
import gov.hhs.onc.dcdt.mail.MailAddress;
import gov.hhs.onc.dcdt.mail.impl.MailAddressImpl;
import java.security.cert.X509Certificate;
-import java.util.Objects;
import javax.validation.ConstraintValidatorContext;
+import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.style.BCStyle;
public class CertificateInfoSubjectAltNamesConstraintValidator extends
AbstractCertificateInfoConstraintValidator<CertificateInfoSubjectAltNames> {
@@ -25,16 +25,16 @@
// noinspection ConstantConditions
if (certSubjName.hasAltName(CertificateAltNameType.RFC822_NAME)) {
// noinspection ConstantConditions
- if (!Objects.equals((certSubjAltNameDirectAddr =
- new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.RFC822_NAME).getName().toString())),
- (directAddrBound =
directAddr.forBindingType(BindingType.ADDRESS)))) {
+ if (!StringUtils.equalsIgnoreCase((certSubjAltNameDirectAddr =
+ new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.RFC822_NAME).getName().toString())).toAddress(),
(directAddrBound =
+
directAddr.forBindingType(BindingType.ADDRESS)).toAddress())) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subjectAltName X509v3 extension rfc822Name value does not match: %s != %s",
certSubjName, certInfo.getSerialNumber(),
cert.getIssuerX500Principal().getName(), certSubjAltNameDirectAddr,
directAddrBound));
} else if (certSubjName.hasAttribute(BCStyle.EmailAddress)
- && !Objects.equals(certSubjAltNameDirectAddr,
- (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress)))))
{
+
&& !StringUtils.equalsIgnoreCase(certSubjAltNameDirectAddr.toAddress(),
+ (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress))).toAddress()))
{
// noinspection ConstantConditions
throw new CertificateException(
String
@@ -44,9 +44,9 @@
}
} else // noinspection ConstantConditions
if (certSubjName.hasAltName(CertificateAltNameType.DNS_NAME)
- && !Objects.equals(
- (certSubjAltNameDirectAddr = new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.DNS_NAME).getName().toString())),
- (directAddrBound =
directAddr.forBindingType(BindingType.DOMAIN)))) {
+ && !StringUtils.equalsIgnoreCase((certSubjAltNameDirectAddr =
+ new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.DNS_NAME).getName().toString())).toAddress(),
+ (directAddrBound =
directAddr.forBindingType(BindingType.DOMAIN)).toAddress())) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subjectAltName X509v3 extension dNSName value does not match: %s != %s",
certSubjName,
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
Tue Apr 22 12:12:28 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
Wed May 21 16:11:42 2014 UTC
@@ -9,8 +9,8 @@
import gov.hhs.onc.dcdt.mail.MailAddress;
import gov.hhs.onc.dcdt.mail.impl.MailAddressImpl;
import java.security.cert.X509Certificate;
-import java.util.Objects;
import javax.validation.ConstraintValidatorContext;
+import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.style.BCStyle;
public class CertificateInfoSubjectDnConstraintValidator extends
AbstractCertificateInfoConstraintValidator<CertificateInfoSubjectDn> {
@@ -23,8 +23,9 @@
// noinspection ConstantConditions
if (certSubjName.hasAttribute(BCStyle.EmailAddress)
- && !Objects.equals((certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress))),
(directAddrBound =
- directAddr.forBindingType(BindingType.ADDRESS)))) {
+ && (directAddrBound =
directAddr.forBindingType(BindingType.ADDRESS)) != null
+ && (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress)).forBindingType(BindingType.ADDRESS)) !=
null
+
&& !StringUtils.equalsIgnoreCase(certSubjDnDirectAddr.toAddress(),
directAddrBound.toAddress())) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subject Distinguished Name EmailAddress value does not match: %s != %s",
certSubjName,
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
Thu Mar 20 10:07:30 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
Wed May 21 16:11:42 2014 UTC
@@ -18,9 +18,9 @@
public final static String PATTERN_STR_DNS_NAME_DELIM = "\\" +
DNS_NAME_DELIM;
- public final static String PATTERN_STR_DNS_NAME_LBL_CHAR
= "\\w\\-&&[^_]";
+ public final static String PATTERN_STR_DNS_NAME_LBL_CHAR = "\\w\\-";
public final static String PATTERN_STR_DNS_NAME_LBL_CHAR_ANY =
PATTERN_STR_DNS_NAME_DELIM + PATTERN_STR_DNS_NAME_LBL_CHAR;
- public final static String PATTERN_STR_DNS_NAME_LBL = "(?!\\-)[" +
PATTERN_STR_DNS_NAME_LBL_CHAR + "]{1,63}(?<!\\-)";
+ public final static String PATTERN_STR_DNS_NAME_LBL = "(?![\\-|_])[" +
PATTERN_STR_DNS_NAME_LBL_CHAR + "]{1,63}(?<![\\-|_])";
/**
* Derived from the rules defined in:
=======================================
---
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
Sun Apr 6 03:15:28 2014 UTC
+++
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
Wed May 21 16:11:42 2014 UTC
@@ -32,7 +32,8 @@
#====================================================================================================
#====================================================================================================
-dcdt.mail.validation.constraints.DirectAddress.msg=Must be a Direct
address (domain-bound or address-bound).
+dcdt.mail.validation.constraints.DirectAddress.msg=Must be a Direct
address (domain-bound or address-bound). \
+ A Direct address can only contain letters, numbers, hyphens, periods,
and underscores.
dcdt.mail.validation.constraints.DirectAddress.MailAddress.msg=Must be an
email address.
dcdt.mail.validation.constraints.HasMxRecord.msg=No DNS MX records were
found for the email address domain.
dcdt.mail.validation.constraints.HasMxRecord.lookup.msg=DNS MX record
lookup failed for the email address domain.
==============================================================================
Revision: 2fbbd289df02
Branch: default
Author: Elizab...@esacinc.com
Date: Wed May 21 19:44:24 2014 UTC
Log: - Further supports DCDT-228, DCDT-229, DCDT-235
- Made changes as requested in review DCDT-90
http://code.google.com/p/direct-certificate-discovery-tool/source/detail?r=2fbbd289df02
Modified:
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/mail/DirectAddress.java
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
Wed May 21 16:11:42 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectAltNamesConstraintValidator.java
Wed May 21 19:44:24 2014 UTC
@@ -25,9 +25,10 @@
// noinspection ConstantConditions
if (certSubjName.hasAltName(CertificateAltNameType.RFC822_NAME)) {
// noinspection ConstantConditions
- if (!StringUtils.equalsIgnoreCase((certSubjAltNameDirectAddr =
- new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.RFC822_NAME).getName().toString())).toAddress(),
(directAddrBound =
-
directAddr.forBindingType(BindingType.ADDRESS)).toAddress())) {
+ certSubjAltNameDirectAddr = new
MailAddressImpl(certSubjName.getAltName(CertificateAltNameType.RFC822_NAME).getName().toString());
+ // noinspection ConstantConditions
+ if ((directAddrBound =
directAddr.forBindingType(BindingType.ADDRESS)) == null
+ |
| !StringUtils.equalsIgnoreCase(certSubjAltNameDirectAddr.toAddress(),
directAddrBound.toAddress())) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subjectAltName X509v3 extension rfc822Name value does not match: %s != %s",
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
Wed May 21 16:11:42 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/crypto/certs/impl/CertificateInfoSubjectDnConstraintValidator.java
Wed May 21 19:44:24 2014 UTC
@@ -22,10 +22,10 @@
MailAddress directAddr = certValidInfo.getDirectAddress(),
directAddrBound, certSubjDnDirectAddr;
// noinspection ConstantConditions
- if (certSubjName.hasAttribute(BCStyle.EmailAddress)
+ if ((certSubjName.hasAttribute(BCStyle.EmailAddress)
&& (directAddrBound =
directAddr.forBindingType(BindingType.ADDRESS)) != null
- && (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress)).forBindingType(BindingType.ADDRESS)) !=
null
-
&& !StringUtils.equalsIgnoreCase(certSubjDnDirectAddr.toAddress(),
directAddrBound.toAddress())) {
+ && (certSubjDnDirectAddr = new
MailAddressImpl(certSubjName.getAttributeValueString(BCStyle.EmailAddress)).forBindingType(BindingType.ADDRESS)) !=
null && !StringUtils
+ .equalsIgnoreCase(certSubjDnDirectAddr.toAddress(),
directAddrBound.toAddress()))) {
// noinspection ConstantConditions
throw new CertificateException(String.format(
"Certificate (subj={%s}, serialNum=%s, issuer={%s})
subject Distinguished Name EmailAddress value does not match: %s != %s",
certSubjName,
=======================================
---
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
Wed May 21 16:11:42 2014 UTC
+++
/dcdt-core/src/main/java/gov/hhs/onc/dcdt/dns/utils/ToolDnsNameUtils.java
Wed May 21 19:44:24 2014 UTC
@@ -20,7 +20,7 @@
public final static String PATTERN_STR_DNS_NAME_LBL_CHAR = "\\w\\-";
public final static String PATTERN_STR_DNS_NAME_LBL_CHAR_ANY =
PATTERN_STR_DNS_NAME_DELIM + PATTERN_STR_DNS_NAME_LBL_CHAR;
- public final static String PATTERN_STR_DNS_NAME_LBL = "(?![\\-|_])[" +
PATTERN_STR_DNS_NAME_LBL_CHAR + "]{1,63}(?<![\\-|_])";
+ public final static String PATTERN_STR_DNS_NAME_LBL = "(?!\\-)[" +
PATTERN_STR_DNS_NAME_LBL_CHAR + "]{1,63}(?<!\\-)";
/**
* Derived from the rules defined in:
=======================================
--- /dcdt-core/src/main/java/gov/hhs/onc/dcdt/mail/DirectAddress.java Fri
Mar 14 08:15:20 2014 UTC
+++ /dcdt-core/src/main/java/gov/hhs/onc/dcdt/mail/DirectAddress.java Wed
May 21 19:44:24 2014 UTC
@@ -61,7 +61,7 @@
DirectAddress[] value();
}
- String message()
default "{dcdt.mail.validation.constraints.DirectAddress.msg}";
+ String message()
default "{dcdt.mail.validation.constraints.DirectAddress.msg} " +
ToolMailAddressUtils.PATTERN_STR_MAIL_ADDR_DIRECT;
Class<?>[] groups() default {};
=======================================
---
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
Wed May 21 16:11:42 2014 UTC
+++
/dcdt-core/src/main/resources/META-INF/core/core-messages-validation.properties
Wed May 21 19:44:24 2014 UTC
@@ -33,7 +33,8 @@
#====================================================================================================
dcdt.mail.validation.constraints.DirectAddress.msg=Must be a Direct
address (domain-bound or address-bound). \
- A Direct address can only contain letters, numbers, hyphens, periods,
and underscores.
+ A Direct address can only contain letters, numbers, hyphens, periods,
and underscores. \
+ The regex matching pattern is:
dcdt.mail.validation.constraints.DirectAddress.MailAddress.msg=Must be an
email address.
dcdt.mail.validation.constraints.HasMxRecord.msg=No DNS MX records were
found for the email address domain.
dcdt.mail.validation.constraints.HasMxRecord.lookup.msg=DNS MX record
lookup failed for the email address domain.
Reply all
Reply to author
Forward
0 new messages