DE388462- Special character handling on CSR generation

Rodrigo Reis · Rodrigo Reis · commit d4bffa05caaa · 2018-10-22T12:56:37.000-07:00
diff --git a/mas-foundation/src/androidTest/java/com/ca/mas/foundation/MASRegistrationTest.java b/mas-foundation/src/androidTest/java/com/ca/mas/foundation/MASRegistrationTest.java
@@ -287,5 +287,10 @@ protected MockResponse registerDeviceResponse(RecordedRequest request) {
         assertNotNull(getRecordRequest(GatewayDefaultDispatcher.CONNECT_DEVICE_RENEW));
     }
 
-
+    @Test
+    public void testWithSpecialCharacterUserName() throws ExecutionException, InterruptedException {
+        MASCallbackFuture<MASUser> callback = new MASCallbackFuture<>();
+        MASUser.login("admin!#$%&'*+-/=?^_`{|}~@ca.com\"", "test".toCharArray(), callback);
+        assertNotNull(callback.get());
+    }
 }
diff --git a/mas-foundation/src/main/java/com/ca/mas/core/cert/CertUtils.java b/mas-foundation/src/main/java/com/ca/mas/core/cert/CertUtils.java
@@ -14,9 +14,6 @@
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -25,9 +22,6 @@
 import java.util.Collection;
 import java.util.List;
 
-import sun.security.pkcs.PKCS10;
-import sun.security.x509.X500Signer;
-
 import static com.ca.mas.foundation.MAS.DEBUG;
 import static com.ca.mas.foundation.MAS.TAG;
 
@@ -72,37 +66,6 @@ public static X509Certificate decodeCertFromPem(String certificateText) throws I
         }
     }
 
-
-    /**
-     * Generate a PKCS#10 certificate signing request from the specified parameters.
-     *
-     * @param commonName  the username.  Required.
-     * @param deviceId  the device ID.  Required.
-     * @param deviceName  the device name.  Required.
-     * @param organization  the organization.  Required.
-     * @param publicKey  the client's public key.  Required.
-     * @param privateKey  the client's private key.  Required.
-     * @return a signed PKCS#10 CertificationRequest structure in binary DER format.  Never null.
-     * @throws CertificateException if a CSR cannot be created
-     */
-    public static byte[] generateCertificateSigningRequest(String commonName,
-               String deviceId, String deviceName, String organization,
-               PublicKey publicKey, PrivateKey privateKey) throws CertificateException {
-        try {
-            PKCS10 pkcs10 = new PKCS10(publicKey);
-            Signature signature = Signature.getInstance("SHA256withRSA");
-            signature.initSign(privateKey);
-            sun.security.x509.X500Name x500Name = new sun.security.x509.X500Name("cn=" + commonName + ", ou=" + deviceId + ", dc=" + deviceName + ", o=" + organization);
-
-            pkcs10.encodeAndSign(new X500Signer(signature, x500Name));
-            return pkcs10.getEncoded();
-        } catch (Exception t) {
-            if (DEBUG) Log.e(TAG, "Unable to generate certificate signing request: " + t, t);
-            throw new CertificateException("Unable to generate certificate signing request: " + t);
-        }
-    }
-
-
     /**
      * Convert the specified Certificate array into an X509Certificate array.
      *
diff --git a/mas-foundation/src/main/java/com/ca/mas/core/security/AndroidJellyBeanKeyRepository.java b/mas-foundation/src/main/java/com/ca/mas/core/security/AndroidJellyBeanKeyRepository.java
@@ -103,7 +103,15 @@ public void deleteCertificateChain(String alias) {
     @Override
     public byte[] generateCertificateSigningRequest(String commonName, String deviceId, String deviceName, String organization, PrivateKey privateKey, PublicKey publicKey) throws CertificateException {
         try {
-            X500Principal subject = new X500Principal("cn=" + commonName + ", ou=" + deviceId + ", dc=" + deviceName + ", o=" + organization);
+            commonName = commonName.replace("\"", "\\\"");
+            deviceId = deviceId.replace("\"", "\\\"");
+            deviceName = deviceName.replace("\"", "\\\"");
+            organization = organization.replace("\"", "\\\"");
+
+            X500Principal subject = new X500Principal("cn=\"" + commonName +
+                    "\", ou=\"" + deviceId +
+                    "\", dc=\"" + deviceName +
+                    "\", o=\"" + organization + "\"");
             ASN1Set attrs = new DERSet(new ASN1EncodableVector());
             PKCS10CertificationRequest csr = new PKCS10CertificationRequest("SHA1withRSA", subject, publicKey, attrs, privateKey, null);
             return csr.getEncoded();
diff --git a/mas-foundation/src/main/java/com/ca/mas/core/security/AndroidKeyStoreRepository.java b/mas-foundation/src/main/java/com/ca/mas/core/security/AndroidKeyStoreRepository.java
@@ -156,7 +156,17 @@ public byte[] generateCertificateSigningRequest(String commonName, String device
             PKCS10 pkcs10 = new PKCS10(publicKey);
             Signature signature = Signature.getInstance("SHA256withRSA");
             signature.initSign(privateKey);
-            sun.security.x509.X500Name x500Name = new sun.security.x509.X500Name("cn=" + commonName + ", ou=" + deviceId + ", dc=" + deviceName + ", o=" + organization);
+
+            commonName = commonName.replace("\"", "\\\"");
+            deviceId = deviceId.replace("\"", "\\\"");
+            deviceName = deviceName.replace("\"", "\\\"");
+            organization = organization.replace("\"", "\\\"");
+
+            sun.security.x509.X500Name x500Name = new sun.security.x509.X500Name(
+                    "cn=\"" + commonName +
+                            "\", ou=\"" + deviceId +
+                            "\", dc=\"" + deviceName +
+                            "\", o=\"" + organization + "\"");
 
             pkcs10.encodeAndSign(new X500Signer(signature, x500Name));
             return pkcs10.getEncoded();

Original file line number	Diff line number	Diff line change
`@@ -287,5 +287,10 @@ protected MockResponse registerDeviceResponse(RecordedRequest request) {`
`287`	`287`	`assertNotNull(getRecordRequest(GatewayDefaultDispatcher.CONNECT_DEVICE_RENEW));`
`288`	`288`	`}`
`289`	`289`
`290`		`-`
	`290`	`+ @Test`
	`291`	`+ public void testWithSpecialCharacterUserName() throws ExecutionException, InterruptedException {`
	`292`	`+ MASCallbackFuture<MASUser> callback = new MASCallbackFuture<>();`
	`293`	+ MASUser.login("admin!#$%&'*+-/=?^_`{\|}~@ca.com\"", "test".toCharArray(), callback);
	`294`	`+ assertNotNull(callback.get());`
	`295`	`+ }`
`291`	`296`	`}`