From 16959fe509d2d36c85fb5a2a6b14d7ab0211a74a Mon Sep 17 00:00:00 2001 From: Simon MacMullen Date: Tue, 9 Apr 2013 17:19:43 +0100 Subject: Replace all uses of io_lib:format/2 with rabbit_misc:format/2 - we want something that returns a flat list. --- src/rabbit_ssl.erl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index b1238623..7c9e6027 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -165,12 +165,12 @@ format_rdn(#'AttributeTypeAndValue'{type = T, value = V}) -> {?'street-address' , "STREET"}], case proplists:lookup(T, Fmts) of {_, Fmt} -> - io_lib:format(Fmt ++ "=~s", [FV]); + rabbit_misc:format(Fmt ++ "=~s", [FV]); none when is_tuple(T) -> - TypeL = [io_lib:format("~w", [X]) || X <- tuple_to_list(T)], - io_lib:format("~s:~s", [string:join(TypeL, "."), FV]); + TypeL = [rabbit_misc:format("~w", [X]) || X <- tuple_to_list(T)], + rabbit_misc:format("~s:~s", [string:join(TypeL, "."), FV]); none -> - io_lib:format("~p:~s", [T, FV]) + rabbit_misc:format("~p:~s", [T, FV]) end. %% Escape a string as per RFC4514. @@ -204,14 +204,14 @@ format_asn1_value({ST, S}) when ST =:= teletexString; ST =:= printableString; format_directory_string(ST, S); format_asn1_value({utcTime, [Y1, Y2, M1, M2, D1, D2, H1, H2, Min1, Min2, S1, S2, $Z]}) -> - io_lib:format("20~c~c-~c~c-~c~cT~c~c:~c~c:~c~cZ", - [Y1, Y2, M1, M2, D1, D2, H1, H2, Min1, Min2, S1, S2]); + rabbit_misc:format("20~c~c-~c~c-~c~cT~c~c:~c~c:~c~cZ", + [Y1, Y2, M1, M2, D1, D2, H1, H2, Min1, Min2, S1, S2]); %% We appear to get an untagged value back for an ia5string %% (e.g. domainComponent). format_asn1_value(V) when is_list(V) -> V; format_asn1_value(V) -> - io_lib:format("~p", [V]). + rabbit_misc:format("~p", [V]). %% DirectoryString { INTEGER : maxSize } ::= CHOICE { %% teletexString TeletexString (SIZE (1..maxSize)), -- cgit v1.2.1 From 1e731ffa29684325053caf4b4ce88f4d4be52f5b Mon Sep 17 00:00:00 2001 From: Simon MacMullen Date: Tue, 9 Apr 2013 17:48:31 +0100 Subject: Insert a hack. --- src/rabbit_ssl.erl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index 7c9e6027..c769f35d 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -210,6 +210,16 @@ format_asn1_value({utcTime, [Y1, Y2, M1, M2, D1, D2, H1, H2, %% (e.g. domainComponent). format_asn1_value(V) when is_list(V) -> V; +format_asn1_value(V) when is_binary(V) -> + %% OTP does not decode some values when combined with an unknown + %% type. That's probably wrong, so as a last ditch effort let's + %% try manually decoding. This is certainly not guaranteed to work + %% in all cases, but if we have a printableString we're in luck. + try + public_key:der_decode('CommonName', V) + catch _:_ -> + rabbit_misc:format("~p", [V]) + end; format_asn1_value(V) -> rabbit_misc:format("~p", [V]). -- cgit v1.2.1 From 939f5838af410660bc25dd02edb40ce86f369e75 Mon Sep 17 00:00:00 2001 From: Simon MacMullen Date: Tue, 9 Apr 2013 17:55:11 +0100 Subject: Also RFC4514 suggests we always use = even if we don't recognise an OID. --- src/rabbit_ssl.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index c769f35d..4db0ea7e 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -168,9 +168,9 @@ format_rdn(#'AttributeTypeAndValue'{type = T, value = V}) -> rabbit_misc:format(Fmt ++ "=~s", [FV]); none when is_tuple(T) -> TypeL = [rabbit_misc:format("~w", [X]) || X <- tuple_to_list(T)], - rabbit_misc:format("~s:~s", [string:join(TypeL, "."), FV]); + rabbit_misc:format("~s=~s", [string:join(TypeL, "."), FV]); none -> - rabbit_misc:format("~p:~s", [T, FV]) + rabbit_misc:format("~p=~s", [T, FV]) end. %% Escape a string as per RFC4514. -- cgit v1.2.1 From dc19bbcbeaf4bcd4a735eab344eff84d4955cd55 Mon Sep 17 00:00:00 2001 From: Simon MacMullen Date: Tue, 9 Apr 2013 18:04:28 +0100 Subject: Add support for UID. No, it's not in public_key.hrl. Grrr. --- src/rabbit_ssl.erl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index 4db0ea7e..68593413 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -162,7 +162,8 @@ format_rdn(#'AttributeTypeAndValue'{type = T, value = V}) -> {?'id-at-pseudonym' , "PSEUDONYM"}, {?'id-domainComponent' , "DC"}, {?'id-emailAddress' , "EMAILADDRESS"}, - {?'street-address' , "STREET"}], + {?'street-address' , "STREET"}, + {{0,9,2342,19200300,100,1,1} , "UID"}], case proplists:lookup(T, Fmts) of {_, Fmt} -> rabbit_misc:format(Fmt ++ "=~s", [FV]); -- cgit v1.2.1 From a74670bbb63046bdb6e2f4e6d417c8711c25b44d Mon Sep 17 00:00:00 2001 From: Simon MacMullen Date: Tue, 9 Apr 2013 18:04:52 +0100 Subject: Explain a bit more WTF we're doing. --- src/rabbit_ssl.erl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index 68593413..8ef31fb6 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -216,6 +216,8 @@ format_asn1_value(V) when is_binary(V) -> %% type. That's probably wrong, so as a last ditch effort let's %% try manually decoding. This is certainly not guaranteed to work %% in all cases, but if we have a printableString we're in luck. + %% 'CommonName' is somewhat arbitrary - we need a valid type, and + %% der_decode/2 will do some type checking against it. try public_key:der_decode('CommonName', V) catch _:_ -> -- cgit v1.2.1 From 7e1c3ef4831ca32b38522e1913d3c0a3a18e1dda Mon Sep 17 00:00:00 2001 From: Simon MacMullen Date: Tue, 9 Apr 2013 18:08:23 +0100 Subject: Excuse --- src/rabbit_ssl.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index 8ef31fb6..0bcbc5f1 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -163,7 +163,7 @@ format_rdn(#'AttributeTypeAndValue'{type = T, value = V}) -> {?'id-domainComponent' , "DC"}, {?'id-emailAddress' , "EMAILADDRESS"}, {?'street-address' , "STREET"}, - {{0,9,2342,19200300,100,1,1} , "UID"}], + {{0,9,2342,19200300,100,1,1} , "UID"}], %% Not in public_key.hrl case proplists:lookup(T, Fmts) of {_, Fmt} -> rabbit_misc:format(Fmt ++ "=~s", [FV]); -- cgit v1.2.1 From d5f090520c771a70e0349923cc973512142293a7 Mon Sep 17 00:00:00 2001 From: Simon MacMullen Date: Tue, 9 Apr 2013 18:17:05 +0100 Subject: Be rather less arbitrary. But still a bit. --- src/rabbit_ssl.erl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index 0bcbc5f1..96277b68 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -214,12 +214,12 @@ format_asn1_value(V) when is_list(V) -> format_asn1_value(V) when is_binary(V) -> %% OTP does not decode some values when combined with an unknown %% type. That's probably wrong, so as a last ditch effort let's - %% try manually decoding. This is certainly not guaranteed to work - %% in all cases, but if we have a printableString we're in luck. - %% 'CommonName' is somewhat arbitrary - we need a valid type, and - %% der_decode/2 will do some type checking against it. + %% try manually decoding. 'DirectoryString' is semi-arbitrary - + %% but it is the type which covers the various string types we + %% handle below. try - public_key:der_decode('CommonName', V) + {ST, S} = public_key:der_decode('DirectoryString', V), + format_directory_string(ST, S) catch _:_ -> rabbit_misc:format("~p", [V]) end; -- cgit v1.2.1