Re: ldap cert retrieval and pem encoding

["Arne Jørgensen" <arne@arnested.dk>]

[-- Attachment #1: Type: text/plain, Size: 697 bytes --]

Arne Jørgensen <arne@arnested.dk> skriver:

> What we could do in Gnus is:
>
> 1. If it contains "-----BEGIN CERTIFICATE-----" it is in PEM-format.
>
> 2. Otherwise try to base64-decode it and if that succeeds also assumed
>    it is in PEM-format.
>
> 3. Finally decide it must be in DER-format.
>
> This shouldn't be difficult to implement. I have time make an
> implementation on Tuesday.

I have implemented the above strategy.

I had no way to test it (except that it still works with DER encoded
certificates).

The attached patch also includes the patch for LDAP handling in XEmacs
(from some weeks ago).

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Patch for XEmacs compability and certificates in PEM format --]
[-- Type: text/x-patch, Size: 4628 bytes --]

Index: lisp/ChangeLog
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/ChangeLog,v
retrieving revision 7.706
diff -u -p -r7.706 ChangeLog
--- lisp/ChangeLog	30 May 2005 14:45:12 -0000	7.706
+++ lisp/ChangeLog	31 May 2005 09:17:50 -0000
@@ -1,3 +1,10 @@
+2005-05-31  Arne J^[,Ax^[(Brgensen  <arne@arnested.dk>
+
+	* smime-ldap.el (smime-ldap-search): Add compatibility for XEmacs.
+
+	* smime.el (smime-cert-by-ldap-1): Handle certificates distributed
+	in PEM format. Adjust to the XEmacs compability.
+
 2005-05-30  Reiner Steib  <Reiner.Steib@gmx.de>
 
 	* encrypt.el (encrypt-xor-process-buffer): Replace `string-to-int'
Index: lisp/smime-ldap.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/smime-ldap.el,v
retrieving revision 7.3
diff -u -p -r7.3 smime-ldap.el
--- lisp/smime-ldap.el	15 Feb 2005 01:58:42 -0000	7.3
+++ lisp/smime-ldap.el	31 May 2005 09:17:51 -0000
@@ -31,14 +31,7 @@
 ;; made to achieve compatibility with OpenLDAP v2 and to make it
 ;; possible to retrieve LDAP attributes that are tagged ie ";binary".
 
-;; When Gnus drops support for Emacs 21.x this file can be removed and
-;; smime.el changed to
-
-;;   - (require 'smime-ldap)   =>   (require 'ldap)
-;;   - (smime-ldap-search ...) =>   (ldap-search ...)
-
-;; If we are running in Emacs 22 or newer it just uses the build-in
-;; version of ldap-search.
+;; The file also adds a compatibility layer for Emacs and XEmacs.
 
 ;;; Code:
 
@@ -57,26 +50,31 @@ its distinguished name WITHDN.
 Additional search parameters can be specified through
 `ldap-host-parameters-alist', which see."
   (interactive "sFilter:")
-  (if (>= emacs-major-version 22)
-      (ldap-search filter host attributes attrsonly)
-    (or host
-	(setq host ldap-default-host)
-	(error "No LDAP host specified"))
-    (let ((host-plist (cdr (assoc host ldap-host-parameters-alist)))
-	  result)
-      (setq result (smime-ldap-search-internal
-		    (append host-plist
-			    (list 'host host
-				  'filter filter
-				  'attributes attributes
-				  'attrsonly attrsonly
-				  'withdn withdn))))
-      (if ldap-ignore-attribute-codings
-	  result
-	(mapcar (function
-		 (lambda (record)
-		   (mapcar 'ldap-decode-attribute record)))
-		result)))))
+  ;; for XEmacs
+  (if (fboundp 'ldap-search-entries)
+      (ldap-search-entries filter host attributes attrsonly)
+    ;; for Emacs 22
+    (if (>= emacs-major-version 22)
+	(cdr (ldap-search filter host attributes attrsonly))
+      ;; for Emacs 21.x
+      (or host
+	  (setq host ldap-default-host)
+	  (error "No LDAP host specified"))
+      (let ((host-plist (cdr (assoc host ldap-host-parameters-alist)))
+	    result)
+	(setq result (smime-ldap-search-internal
+		      (append host-plist
+			      (list 'host host
+				    'filter filter
+				    'attributes attributes
+				    'attrsonly attrsonly
+				    'withdn withdn))))
+	(cdr (if ldap-ignore-attribute-codings
+		 result
+	       (mapcar (function
+			(lambda (record)
+			  (mapcar 'ldap-decode-attribute record)))
+		       result)))))))
 
 (defun smime-ldap-search-internal (search-plist)
   "Perform a search on a LDAP server.
Index: lisp/smime.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v
retrieving revision 7.11
diff -u -p -r7.11 smime.el
--- lisp/smime.el	17 May 2005 08:02:16 -0000	7.11
+++ lisp/smime.el	31 May 2005 09:17:51 -0000
@@ -578,9 +578,20 @@ A string or a list of strings is returne
 				       host '("userCertificate") nil))
 	(retbuf (generate-new-buffer (format "*certificate for %s*" mail)))
 	cert)
-    (if (> (length ldapresult) 1)
+    (if (>= (length ldapresult) 1)
 	(with-current-buffer retbuf
-	  (setq cert (base64-encode-string (nth 1 (car (nth 1 ldapresult))) t))
+	  ;; Certificates on LDAP servers _should_ be in DER format,
+	  ;; but there are some servers out there that distributes the
+	  ;; certificates in PEM format (with or without
+	  ;; header/footer) so we try to handle them anyway.
+	  (if (or (string= (substring (cadaar ldapresult) 0 27)
+			   "-----BEGIN CERTIFICATE-----")
+		  (condition-case nil
+		      (base64-decode-string (cadaar ldapresult))
+		    (error nil)))
+	      (setq cert
+		    (replace-regexp-in-string "\\(\n\||\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)" "" (cadaar ldapresult) t))
+	    (setq cert (base64-encode-string (cadaar ldapresult) t)))
 	  (insert "-----BEGIN CERTIFICATE-----\n")
 	  (let ((i 0) (len (length cert)))
 	    (while (> (- len 64) i)