Should favor most specific CN when working with distinguished names

This reverts a regression introduced in commit 1331404bf45cb2f220ee9aa2c0c108ce59453a74 that was caught by tests.api.javax.net.ssl.HostnameVerifierTest.testVerify Bug: 7894348 Bug: http://code.google.com/p/android/issues/detail?id=41662 Change-Id: Iec8000b716e3d99ca7af4aa2c3fd7b43e22c68cd
author: Brian Carlstrom <bdc@google.com> 2013-01-07 11:49:35 -0800
committer: Paul Kocialkowski <contact@paulk.fr> 2014-11-16 13:52:44 +0100
commit: 77dbb153e181bcccef4386eadb207f7bf96936fb (patch)
tree: 914ff4d2abf1d72da488c91a7b9935c140a1fafc
parent: 4417e2559ac202e01f9d795970df5319ea31f83d (diff)
download: libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.zip
libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.tar.gz
libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.tar.bz2
2 files changed, 24 insertions, 22 deletions
diff --git a/luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java b/luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java
index 6280baa..fb74d9b 100644
--- a/luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java
+++ b/luni/src/main/java/javax/net/ssl/DistinguishedNameParser.java
@@ -39,6 +39,9 @@ public final class DistinguishedNameParser {
     private char[] chars;
 
     public DistinguishedNameParser(X500Principal principal) {
+        // RFC2253 is used to ensure we get attributes in the reverse
+        // order of the underlying ASN.1 encoding, so that the most
+        // significant values of repeated attributes occur first.
         this.dn = principal.getName(X500Principal.RFC2253);
         this.length = this.dn.length();
     }
@@ -357,15 +360,11 @@ public final class DistinguishedNameParser {
         if (attType == null) {
             return null;
         }
-        // Values are ordered from least specific to most specific. We
-        // remember the most recent choice in result and return it
-        // when we reach the end of the input.
-        String result = null;
         while (true) {
             String attValue = "";
 
             if (pos == length) {
-                return result;
+                return null;
             }
 
             switch (chars[pos]) {
@@ -384,12 +383,15 @@ public final class DistinguishedNameParser {
                 attValue = escapedAV();
             }
 
+            // Values are ordered from most specific to least specific
+            // due to the RFC2253 formatting. So take the first match
+            // we see.
             if (attributeType.equalsIgnoreCase(attType)) {
-                result = attValue;
+                return attValue;
             }
 
             if (pos >= length) {
-                return result;
+                return null;
             }
 
             if (chars[pos] == ',' || chars[pos] == ';') {
diff --git a/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java b/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java
index 19430de..723c697 100644
--- a/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java
+++ b/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java
@@ -21,35 +21,35 @@ import javax.security.auth.x500.X500Principal;
 import junit.framework.TestCase;
 
 public final class DistinguishedNameParserTest extends TestCase {
-    public void testGetLastCn() {
-        assertLastCn("", null);
-        assertLastCn("ou=xxx", null);
-        assertLastCn("ou=xxx,cn=xxx", "xxx");
-        assertLastCn("ou=xxx+cn=yyy,cn=zzz+cn=abc", "abc");
-        assertLastCn("cn=a,cn=b", "b");
-        assertLastCn("cn=Cc,cn=Bb,cn=Aa", "Aa");
-        assertLastCn("cn=imap.gmail.com", "imap.gmail.com");
+    public void testGetFirstCn() {
+        assertFirstCn("", null);
+        assertFirstCn("ou=xxx", null);
+        assertFirstCn("ou=xxx,cn=xxx", "xxx");
+        assertFirstCn("ou=xxx+cn=yyy,cn=zzz+cn=abc", "yyy");
+        assertFirstCn("cn=a,cn=b", "a");
+        assertFirstCn("cn=Cc,cn=Bb,cn=Aa", "Cc");
+        assertFirstCn("cn=imap.gmail.com", "imap.gmail.com");
     }
 
     public void testGetFirstCnWithOid() {
-        assertLastCn("2.5.4.3=a,ou=xxx", "a");
+        assertFirstCn("2.5.4.3=a,ou=xxx", "a");
     }
 
     public void testGetFirstCnWithQuotedStrings() {
-        assertLastCn("cn=\"\\\" a ,=<>#;\"", "\" a ,=<>#;");
-        assertLastCn("cn=abc\\,def", "abc,def");
+        assertFirstCn("cn=\"\\\" a ,=<>#;\"", "\" a ,=<>#;");
+        assertFirstCn("cn=abc\\,def", "abc,def");
     }
 
     public void testGetFirstCnWithUtf8() {
-        assertLastCn("cn=Lu\\C4\\8Di\\C4\\87", "\u004c\u0075\u010d\u0069\u0107");
+        assertFirstCn("cn=Lu\\C4\\8Di\\C4\\87", "\u004c\u0075\u010d\u0069\u0107");
     }
 
     public void testGetFirstCnWithWhitespace() {
-        assertLastCn("ou=a, cn=  a  b  ,o=x", "a  b");
-        assertLastCn("cn=\"  a  b  \" ,o=x", "  a  b  ");
+        assertFirstCn("ou=a, cn=  a  b  ,o=x", "a  b");
+        assertFirstCn("cn=\"  a  b  \" ,o=x", "  a  b  ");
     }
 
-    private void assertLastCn(String dn, String expected) {
+    private void assertFirstCn(String dn, String expected) {
         X500Principal principal = new X500Principal(dn);
         assertEquals(dn, expected, new DistinguishedNameParser(principal).findMostSpecific("cn"));
     }
author	Brian Carlstrom <bdc@google.com>	2013-01-07 11:49:35 -0800
committer	Paul Kocialkowski <contact@paulk.fr>	2014-11-16 13:52:44 +0100
commit	77dbb153e181bcccef4386eadb207f7bf96936fb (patch)
tree	914ff4d2abf1d72da488c91a7b9935c140a1fafc
parent	4417e2559ac202e01f9d795970df5319ea31f83d (diff)
download	libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.zip libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.tar.gz libcore-77dbb153e181bcccef4386eadb207f7bf96936fb.tar.bz2