1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
Subject: Collected Debian patches for <libxmltooling-java>
Author: Matthew Vernon <matthew@debian.org>
The libxmltooling-java package is maintained in Git rather than
maintaining patches as separate files, and separating the patches
doesn't seem to be worth the effort. They are therefore all included
in this single Debian patch.
For full commit history and separated commits, see the packaging Git
repository.
--- libxmltooling-java-1.4.2.orig/pom.xml
+++ libxmltooling-java-1.4.2/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>net.shibboleth</groupId>
<artifactId>parent-v2</artifactId>
- <version>1</version>
+ <version>debian</version>
</parent>
<groupId>org.opensaml</groupId>
@@ -44,7 +44,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15</artifactId>
- <version>1.46</version>
+ <version>1.49</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
@@ -80,23 +80,26 @@
<!-- Runtime dependencies -->
<dependency>
- <groupId>${xerces.groupId}</groupId>
+ <groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
+ <version>debian</version>
</dependency>
<dependency>
- <groupId>${xerces.groupId}</groupId>
+ <groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
+ <version>debian</version>
</dependency>
<dependency>
- <groupId>${xerces.groupId}</groupId>
+ <groupId>xalan</groupId>
<artifactId>serializer</artifactId>
+ <version>debian</version>
</dependency>
<dependency>
<groupId>xml-resolver</groupId>
<artifactId>xml-resolver</artifactId>
</dependency>
<dependency>
- <groupId>${xalan.groupId}</groupId>
+ <groupId>xalan</groupId>
<artifactId>xalan</artifactId>
</dependency>
@@ -104,6 +107,7 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
+ <version>debian</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
--- libxmltooling-java-1.4.2.orig/src/main/java/org/opensaml/xml/security/x509/X509Util.java
+++ libxmltooling-java-1.4.2/src/main/java/org/opensaml/xml/security/x509/X509Util.java
@@ -39,11 +39,12 @@ import javax.security.auth.x500.X500Prin
import org.apache.commons.ssl.TrustMaterial;
import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERString;
+import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.util.Arrays;
@@ -153,14 +154,14 @@ public class X509Util {
List<String> commonNames = new LinkedList<String>();
try {
ASN1InputStream asn1Stream = new ASN1InputStream(dn.getEncoded());
- DERObject parent = asn1Stream.readObject();
+ ASN1Primitive parent = asn1Stream.readObject();
String cn = null;
- DERObject dnComponent;
+ ASN1Primitive dnComponent;
DERSequence grandChild;
- DERObjectIdentifier componentId;
+ ASN1ObjectIdentifier componentId;
for (int i = 0; i < ((DERSequence) parent).size(); i++) {
- dnComponent = ((DERSequence) parent).getObjectAt(i).getDERObject();
+ dnComponent = ((DERSequence) parent).getObjectAt(i).toASN1Primitive();
if (!(dnComponent instanceof DERSet)) {
log.debug("No DN components.");
continue;
@@ -168,17 +169,17 @@ public class X509Util {
// Each DN component is a set
for (int j = 0; j < ((DERSet) dnComponent).size(); j++) {
- grandChild = (DERSequence) ((DERSet) dnComponent).getObjectAt(j).getDERObject();
+ grandChild = (DERSequence) ((DERSet) dnComponent).getObjectAt(j).toASN1Primitive();
if (grandChild.getObjectAt(0) != null
- && grandChild.getObjectAt(0).getDERObject() instanceof DERObjectIdentifier) {
- componentId = (DERObjectIdentifier) grandChild.getObjectAt(0).getDERObject();
+ && grandChild.getObjectAt(0).toASN1Primitive() instanceof ASN1ObjectIdentifier) {
+ componentId = (ASN1ObjectIdentifier) grandChild.getObjectAt(0).toASN1Primitive();
if (CN_OID.equals(componentId.getId())) {
// OK, this dn component is actually a cn attribute
if (grandChild.getObjectAt(1) != null
- && grandChild.getObjectAt(1).getDERObject() instanceof DERString) {
- cn = ((DERString) grandChild.getObjectAt(1).getDERObject()).getString();
+ && grandChild.getObjectAt(1).toASN1Primitive() instanceof ASN1String) {
+ cn = ((ASN1String) grandChild.getObjectAt(1).toASN1Primitive()).getString();
commonNames.add(cn);
}
}
@@ -465,8 +466,15 @@ public class X509Util {
if (EDI_PARTY_ALT_NAME.equals(nameType) || X400ADDRESS_ALT_NAME.equals(nameType)
|| OTHER_ALT_NAME.equals(nameType)) {
- // these have no defined representation, just return a DER-encoded byte[]
- return ((DERObject) nameValue).getDEREncoded();
+ // these have no defined representation, just return a DER-encoded byte[] (or null if that fails)
+ byte [] x;
+ try {
+ x = ((ASN1Primitive) nameValue).getEncoded(ASN1Encoding.DER);
+ } catch (java.io.IOException e) {
+ x = null;
+ }
+ return x;
+
}
log.warn("Encountered unknown alt name type '{}', adding as-is", nameType);
|
