You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2022/04/14 08:48:00 UTC

[tomcat] branch 10.0.x updated: 66009: Use getSubjectX500Principal().toString()

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
     new 8f474f0ae3 66009: Use getSubjectX500Principal().toString()
8f474f0ae3 is described below

commit 8f474f0ae3ed2bc4c7482f7951fd8008648bb377
Author: remm <re...@apache.org>
AuthorDate: Thu Apr 14 10:41:48 2022 +0200

    66009: Use getSubjectX500Principal().toString()
    
    Although this is configurable, the default was not supposed to change
    after resolving the deprecation warning.
    getSubjectX500Principal().getName(...) does not have the same output as
    getSubjectDN().getName() however, while
    getSubjectX500Principal().toString() does.
---
 java/org/apache/catalina/realm/X509SubjectDnRetriever.java | 4 +---
 webapps/docs/changelog.xml                                 | 6 ++++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/realm/X509SubjectDnRetriever.java b/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
index d342154a3b..6636e810a1 100644
--- a/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
+++ b/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
@@ -18,8 +18,6 @@ package org.apache.catalina.realm;
 
 import java.security.cert.X509Certificate;
 
-import javax.security.auth.x500.X500Principal;
-
 /**
  * An X509UsernameRetriever that returns a certificate's entire
  * SubjectDN as the username.
@@ -28,6 +26,6 @@ public class X509SubjectDnRetriever implements X509UsernameRetriever {
 
     @Override
     public String getUsername(X509Certificate clientCert) {
-        return clientCert.getSubjectX500Principal().getName(X500Principal.RFC1779);
+        return clientCert.getSubjectX500Principal().toString();
     }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1b4037334d..22bf590a2c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,6 +112,12 @@
         <code>boundOnInit</code> is used on a connector, during the check
         for client certificate authentication availability. (remm)
       </fix>
+      <fix>
+        <bug>66009</bug>: Use <code>getSubjectX500Principal().toString()</code>
+        rather than <code>getSubjectX500Principal().getName(...)</code> to
+        retrieve a certificate DN, to match the output of the deprecated
+        <code>getSubjectDN().getName()</code> that was used previously. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org