Closed Bug 386351 Opened 18 years ago Closed 8 years ago

SignerInfo class inserts wrong version # into the resulting structure

Categories

(JSS Graveyard :: Library, defect, P1)

Product:
JSS Graveyard
Version:
4.2.5
Platform:
x86
Windows XP
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: david.konrad.stutzman, Assigned: david.konrad.stutzman)

Details

Attachments

(1 file, 2 obsolete files)

386351.patch
1.68 KB, patch
david.konrad.stutzman
: review?
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 Build Identifier: JSS 4.2 The CMS rfc (http://www.faqs.org/rfcs/rfc3852.html) says the following about SignerInfo version: "version is the syntax version number. If the SignerIdentifier is the CHOICE issuerAndSerialNumber, then the version MUST be 1. If the SignerIdentifier is subjectKeyIdentifier, then the version MUST be 3." I have constructed a SignerInfo object passing in a SignerIdentifier as the first argument that was constructed with an IssuerAndSerialNumber and the resulting structure has a version of 3 when it should have a version of 1 according to the spec. Reproducible: Always Steps to Reproduce: 1. construct an IssuerAndSerialNumber 2. construct a SignerIdentifier using the IssuerAndSerialNumber you just created 3. construct a SignerInfo using the SignerIdentifier you just created 4. call getVersion() on the resulting SignerInfo object and get a 3 Actual Results: SignerInfo.getVersion() returns a 3 Expected Results: SignerInfo.getVersion() returns a 1 I haven't tested what version you get if you make a SignerIdentifier with a SubjectKeyIdentifier.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P1
Target Milestone: --- → 4.3
QA Contact: jss-qa
Target Milestone: 4.3 → 4.2.7
Version: unspecified → 4.2.5
Assignee: gbmozilla → nobody
Attached patch 386351.patch (obsolete) — Splinter Review
Fix versioning of SignerInfo to match CMS spec. Tested with constructing a SignerInfo with a SignerIdentifier that is an IASN and calling SignerInfo.getVersion() which returns 1 now and constructing with a SignerIdentifier that is a SKI yields version 3. Also encoded and decoded the objects and correct versions persist.
Attachment #8942262 - Flags: review?(cfu)
Comment on attachment 8942262 [details] [diff] [review] 386351.patch Review of attachment 8942262 [details] [diff] [review]: ----------------------------------------------------------------- logic looks reasonable. My only suggestion is to add null check for signerIdentifier. I see the existing code doesn't do much of that, but since you are dereferencing it, it would be a safer practice.
Attached patch 386351.patch (obsolete) — Splinter Review
Added null-check for signerIdentifier param as noted from code review.
Attachment #8942262 - Attachment is obsolete: true
Attachment #8942262 - Flags: review?(cfu)
Comment on attachment 8942656 [details] [diff] [review] 386351.patch Review of attachment 8942656 [details] [diff] [review]: ----------------------------------------------------------------- Hi Dave, thanks for the update. I have trouble applying the patch to the latest tip. Did you make sure that you did a pull before creating the patch? Please let me know. thanks.
Attachment #8942656 - Flags: review?
Attached patch 386351.patchSplinter Review
Sorry, working on an offline box. New patch against current tip (8746a3fc7478)
Attachment #8942656 - Attachment is obsolete: true
Attachment #8942656 - Flags: review?
Attachment #8942899 - Flags: review?
pushed: https://hg.mozilla.org/projects/jss/rev/1d858c6d4626b625bb671426e6899d98c2f5bb2e
Assignee: nobody → david.konrad.stutzman
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: