You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2010/05/26 13:31:33 UTC
svn commit: r948399 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/components/crypto/CryptoBase.java
src/org/apache/ws/security/message/EnvelopeIdResolver.java
test/wssec/TestWSSecurityWSS86.java
Author: coheigea
Date: Wed May 26 11:31:32 2010
New Revision: 948399
URL: http://svn.apache.org/viewvc?rev=948399&view=rev
Log:
[WSS-225] - 'Unprintable' characters in Distinguished Name causing comparison failure
- Ported BouncyCastle fix from getAliasForX509Cert to getAliasesForDN
Removed:
webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java?rev=948399&r1=948398&r2=948399&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java Wed May 26 11:31:32 2010
@@ -731,16 +731,29 @@ public abstract class CryptoBase impleme
*/
public String[] getAliasesForDN(String subjectDN) throws WSSecurityException {
- // The DN to search the keystore for
- X500Principal subjectRDN = new X500Principal(subjectDN);
+ //
+ // Convert the subject DN to a java X500Principal object first. This is to ensure
+ // interop with a DN constructed from .NET, where e.g. it uses "S" instead of "ST".
+ // Then convert it to a BouncyCastle X509Name, which will order the attributes of
+ // the DN in a particular way (see WSS-168). If the conversion to an X500Principal
+ // object fails (e.g. if the DN contains "E" instead of "EMAILADDRESS"), then fall
+ // back on a direct conversion to a BC X509Name
+ //
+ Object subject;
+ try {
+ X500Principal subjectRDN = new X500Principal(subjectDN);
+ subject = createBCX509Name(subjectRDN.getName());
+ } catch (java.lang.IllegalArgumentException ex) {
+ subject = createBCX509Name(subjectDN);
+ }
List aliases = null;
if (keystore != null) {
- aliases = getAliases(subjectRDN, keystore);
+ aliases = getAliases(subject, keystore);
}
-
+
//If we can't find the issuer in the keystore then look at the truststore
if ((aliases == null || aliases.size() == 0) && truststore != null) {
- aliases = getAliases(subjectRDN, truststore);
+ aliases = getAliases(subject, truststore);
}
// Convert the vector into an array
@@ -915,12 +928,12 @@ public abstract class CryptoBase impleme
/**
* Get all of the aliases of the X500Principal argument in the supplied KeyStore
- * @param subjectRDN The X500Principal
+ * @param subjectRDN either an X500Principal or a BouncyCastle X509Name instance.
* @param store The KeyStore
* @return A list of aliases
* @throws WSSecurityException
*/
- private static List getAliases(X500Principal subjectRDN, KeyStore store)
+ private List getAliases(Object subjectRDN, KeyStore store)
throws WSSecurityException {
// Store the aliases found
List aliases = new Vector();
@@ -943,8 +956,9 @@ public abstract class CryptoBase impleme
}
if (cert instanceof X509Certificate) {
X500Principal foundRDN = ((X509Certificate) cert).getSubjectX500Principal();
+ Object certName = createBCX509Name(foundRDN.getName());
- if (subjectRDN.equals(foundRDN)) {
+ if (subjectRDN.equals(certName)) {
aliases.add(alias);
}
}
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java?rev=948399&r1=948398&r2=948399&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java Wed May 26 11:31:32 2010
@@ -95,6 +95,19 @@ public class TestWSSecurityWSS86 extends
/**
+ * A unit test...
+ */
+ public void testGetAliasWithReversedDN() throws Exception {
+ String issuer = "C=DE,ST=Bayern,L=Munich,O=Apache,OU=WSS4J,CN=Werner,E=Werner@example.com";
+
+ String alias = crypto.getAliasForX509Cert(issuer, new java.math.BigInteger("1237819491"));
+ assertNotNull("Alias not found using a reversed DN", alias);
+
+ String[] aliases = crypto.getAliasesForDN(issuer);
+ assertNotNull("Alias not found using a reversed DN", aliases[0]);
+ }
+
+ /**
* Test signing a SOAP message using a cert with an OID
*/
public void testSignatureOID() throws Exception {
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org