Skip to content

X509 Name Subject fields are enforced to UTF8String and not overridable #206

New issue
New issue
Closed
Closed
X509 Name Subject fields are enforced to UTF8String and not overridable#206
@ahmet2mir

Description

@ahmet2mir
ahmet2mir
opened on Aug 25, 2020

Hello,

When running this code, jruby doesn't wan't to set subject fields to printablestring, maybe a link with #100
Looks like jruby enforce utf8 no matter which value I set

require 'openssl'

def print_asn_strings(obj, depth = 0)
  if obj.respond_to? :each
    obj.each do |item|
      print_asn_strings(item, depth + 1)
    end
  else
    printf("%-40s %s\n", obj.value, obj.class) if (
      obj.class.to_s.match(/String/) &&
      obj.class != OpenSSL::ASN1::BitString
    )
  end
  nil
end

key = OpenSSL::PKey::RSA.new(4096)

subject = "/C=FR/ST=IDF/L=PARIS/O=Company/CN=myhost.example"

cert = OpenSSL::X509::Certificate.new

fields = []
OpenSSL::X509::Name.parse(subject).to_a.each do |field|
    fields << [field[0], field[1], OpenSSL::ASN1::PRINTABLESTRING]
end

subject_x509 = OpenSSL::X509::Name.new(fields)

cert.subject = cert.issuer = subject_x509

cert.not_before = Time.now
cert.not_after = Time.now + 365*24*60*60
cert.public_key = key.public_key
cert.serial = 0x0
cert.version = 2

ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = ef.issuer_certificate = cert

cert.add_extension ef.create_extension('basicConstraints', 'CA:FALSE', true)
cert.add_extension ef.create_extension('keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash')
cert.add_extension ef.create_extension('authorityKeyIdentifier', 'keyid:always,issuer:always')

cert.sign key, OpenSSL::Digest::SHA256.new

asn1 = OpenSSL::ASN1.decode(cert.to_der)

print_asn_strings(asn1)

When running with jruby

I have in output

FR                                       OpenSSL::ASN1::PrintableString
IDF                                      OpenSSL::ASN1::UTF8String
PARIS                                    OpenSSL::ASN1::UTF8String
Company                                  OpenSSL::ASN1::UTF8String
myhost.example                           OpenSSL::ASN1::UTF8String
FR                                       OpenSSL::ASN1::PrintableString
IDF                                      OpenSSL::ASN1::UTF8String
PARIS                                    OpenSSL::ASN1::UTF8String
Company                                  OpenSSL::ASN1::UTF8String
myhost.example                           OpenSSL::ASN1::UTF8String

But if I run with ruby

FR                                       OpenSSL::ASN1::PrintableString
IDF                                      OpenSSL::ASN1::PrintableString
PARIS                                    OpenSSL::ASN1::PrintableString
Company                                  OpenSSL::ASN1::PrintableString
myhost.example                           OpenSSL::ASN1::PrintableString
FR                                       OpenSSL::ASN1::PrintableString
IDF                                      OpenSSL::ASN1::PrintableString
PARIS                                    OpenSSL::ASN1::PrintableString
Company                                  OpenSSL::ASN1::PrintableString
myhost.example                           OpenSSL::ASN1::PrintableString

Using jruby embedded in PuppetServer

$ /opt/puppetlabs/server/bin/puppetserver ruby --version
jruby 9.2.11.1 (2.5.7) 2020-03-25 b1f55b1a40 OpenJDK 64-Bit Server VM 25.252-b09 on 1.8.0_252-b09 +jit [linux-x86_64]

$ /opt/puppetlabs/server/bin/puppetserver gem list jruby-openssl
*** LOCAL GEMS ***
jruby-openssl (default: 0.10.4 java)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions