Log Message: |
Merge the svn-auth-x509 branch to trunk.
This adds an X.509 parser which we use to display certificates via the auth
command rather than storing the details provided by serf from a connection.
* LICENSE,
NOTICE: Note that the X.509 parser is based on the parser from TropicSSL.
* build.conf
(libsvn_subr): Add svn_x509.h header to msvc-export.
(x509-test, __ALL_TESTS__): Add C tests for X.509 parser.
* subversion/include/private/svn_utf_private.h
(svn_utf__encode_ucs4_string, svn_utf__utf16_to_utf8,
svn_utf__utf32_to_utf8): New functions for converting various Unicode
character encodings needed by the X.509 parser.
* subversion/include/svn_x509.h: New header.
* subversion/include/svn_error_codes.h
(SVN_ERR_X509_CATEGORY_START): New category for errors from X.509 parser.
(SVN_ERR_ASN1_OUT_OF_DATA, SVN_ERR_ASN1_UNEXPECTED_TAG,
SVN_ERR_ASN1_INVALID_LENGTH, SVN_ERR_ASN1_LENGTH_MISMATCH,
SVN_ERR_ASN1_INVALID_DATA, SVN_ERR_X509_FEATURE_UNAVAILABLE,
SVN_ERR_X509_CERT_INVALID_PEM, SVN_ERR_X509_CERT_INVALID_FORMAT,
SVN_ERR_X509_CERT_INVALID_VERSION, SVN_ERR_X509_CERT_INVALID_SERIAL,
SVN_ERR_X509_CERT_INVALID_ALG, SVN_ERR_X509_CERT_INVALID_NAME,
SVN_ERR_X509_CERT_INVALID_DATE, SVN_ERR_X509_CERT_INVALID_PUBKEY,
SVN_ERR_X509_CERT_INVALID_SIGNATURE, SVN_ERR_X509_CERT_INVALID_EXTENSIONS,
SVN_ERR_X509_CERT_UNKNOWN_VERSION, SVN_ERR_X509_CERT_UNKNOWN_PK_ALG,
SVN_ERR_X509_CERT_SIG_MISMATCH, SVN_ERR_X509_CERT_VERIFY_FAILED):
New error codes.
* subversion/include/svn_config.h
(SVN_CONFIG_AUTHN_HOSTNAME_KEY, SVN_CONFIG_AUTHN_FINGERPRINT_KEY,
SVN_CONFIG_AUTHN_VALID_FROM_KEY, SVN_CONFIG_AUTHN_VALID_UNTIL_KEY,
SVN_CONFIG_AUTHN_ISSUER_DN_KEY): Remove constants used as keys for
storing parsed certificate info in authn files.
* subversion/libsvn_subr/x509parse.c,
subversion/libsvn_subr/x509info.c,
subversion/include/x509.h: New files for implementing the X.509 parser.
* subversion/libsvn_subr/ssl_server_trust_providers.c
(ssl_server_trust_file_first_credentials,
ssl_server_trust_file_save_credentials): Don't store/retrive parsed
details of X.509 certificates.
* subversion/libsvn_subr/utf.c
(membuf_insert_ucs4, svn_utf__utf16_to_utf8, svn_utf__utf32_to_utf8):
New functions to implement Unicode conversions.
* subversion/libsvn_subr/utf8proc.c
(encode_ucs4_string): Convert to the private function ...
(svn_utf__encode_ucs4_string): New function.
(svn_utf__glob): Update caller.
* subversion/svn/auth-cmd.c
(match_credential): Remove code to match the hostname/fingerprint since
the data isn't stored.
(show_cert): New function to drive the X.509 parser and then display
the certificate to the user.
(list_credential): Use show_cert().
* subversion/tests/libsvn_subr/utf-test.c
(test_utf_conversions, test_funcs): Add tests for new unicode character
set conversions.
* subversion/tests/libsvn_subr/x509-test.c: Add tests for X.509 parser.
[in subverison/bindings/javahl]
* native/jniwrapper/jni_base.cpp,
native/jniwrapper/jni_exception.hpp:
Add IllegalArgumentException exeption.
* native/AuthnCallback.cpp,
native/AuthnCallback.hpp,
src/org/apache/subversion/javahl/callback/AuthnCallback.java:
(AuthnCallback::SSLServerCertInfo): Update the getters and constructor to
reflect the info available from the X.509 parser.
* native/org_apache_subversion_javahl_util_ConfigLib.cpp
(build_credential): Update to feed AuthnCallback::SSLServerCertInfo the info
that is available.
(Java_org_apache_subversion_javahl_util_ConfigLib_nativeSearchCredentials):
Update the searching of the certificates to parse the certificate rather
than depending on the stored data.
* src/org/apache/subversion/javahl/SVNUtil.java
(SVNUtil.searchCredentials): Update hostnamePattern documentation.
* native/Promper.cpp
(Prompter::dispatch_ssl_server_trust_prompt): Update to reflect changes
to SSLServerCertInfo.
* src/org/apache/subversion/javahl/util/ConfigLib.java: Remove some commented
out code.
* tests/org/apache/subversion/javahl/UtilTests.java
(util_cred_ssl_server, testCredentials): Update tests as needed.
|