You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2010/05/18 15:33:06 UTC
[jira] Assigned: (WSS-225) 'Unprintable' characters in
Distinguished Name causing comparison failure
[ https://issues.apache.org/jira/browse/WSS-225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned WSS-225:
---------------------------------------
Assignee: Colm O hEigeartaigh (was: Ruchith Udayanga Fernando)
> 'Unprintable' characters in Distinguished Name causing comparison failure
> -------------------------------------------------------------------------
>
> Key: WSS-225
> URL: https://issues.apache.org/jira/browse/WSS-225
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.8
> Environment: XP, Java 1.6
> Reporter: Tom Trader
> Assignee: Colm O hEigeartaigh
>
> Certain characters used in elements of a DN are considered unprintable as per RFC2252. The underscore '_' character is one of these characters.
> If the certificate is read from a java key store, and using the ((X509Certificate) cert).getSubjectX500Principal() to obtain the X500Principal, and doing a getName(X500Principal.CANONICAL) on it I find that its common name has been hex encoded as follows:
> cn=#14076d795f74657374
> In the getAlias method of org.apache.ws.security.components.crypto.CryptoBase the equal method of X500Principal is used to compare certificates in a trust store against a given DN.
> The canonical form of the DN is used in this comparison.
> The problem is that the given DN X500Prinicpal object is created using the X500Principal(String DN) constructor. This object results in a canonical name that is not encoded. So the equal comparison fails as the cert from the keystore is encoded and the given one isn't.
> Here's a suggested change that overcomes this problem:
> private Vector getAlias(X500Principal subjectRDN, KeyStore store) throws WSSecurityException {
> // Store the aliases found
> Vector aliases = new Vector();
> Certificate cert = null;
>
> try {
> for (Enumeration e = store.aliases(); e.hasMoreElements();) {
> String alias = (String) e.nextElement();
> Certificate[] certs = store.getCertificateChain(alias);
> if (certs == null || certs.length == 0) {
> // no cert chain, so lets check if getCertificate gives us a result.
> cert = store.getCertificate(alias);
> if (cert == null) {
> return null;
> }
> certs = new Certificate[]{cert};
> } else {
> cert = certs[0];
> }
> if (cert instanceof X509Certificate) {
> X500Principal foundRDN = ((X509Certificate) cert).getSubjectX500Principal();
> X500Principal foundRDNUnencoded = new X500Principal(foundRDN.getName(X500Principal.RFC1779));
> if (subjectRDN.equals(foundRDNUnencoded)) {
> aliases.add(alias);
> }
> }
> }
> } catch (KeyStoreException e) {
> throw new WSSecurityException(
> WSSecurityException.FAILURE, "keystore", null, e
> );
> }
> return aliases;
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org