Author: coheigea
Date: Wed May 26 11:02:22 2010
New Revision: 948393
URL: http://svn.apache.org/viewvc?rev=948393&view=rev
Log:
[WSS-225] - 'Unprintable' characters in Distinguished Name causing comparison
failure
- Ported BouncyCastle fix from getAliasForX509Cert to getAliasesForDN
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS86.java
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java?rev=948393&r1=948392&r2=948393&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java
Wed May 26 11:02:22 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.components.crypto;
@@ -648,13 +650,26 @@ public abstract class CryptoBase impleme
*/
public String[] getAliasesForDN(String subjectDN) throws
WSSecurityException {
- // The DN to search the keystore for
- X500Principal subjectRDN = new X500Principal(subjectDN);
- Vector aliases = getAlias(subjectRDN, keystore);
+ //
+ // Convert the subject DN to a java X500Principal object first. This
is to ensure
+ // interop with a DN constructed from .NET, where e.g. it uses "S"
instead of "ST".
+ // Then convert it to a BouncyCastle X509Name, which will order the
attributes of
+ // the DN in a particular way (see WSS-168). If the conversion to an
X500Principal
+ // object fails (e.g. if the DN contains "E" instead of
"EMAILADDRESS"), then fall
+ // back on a direct conversion to a BC X509Name
+ //
+ Object subject;
+ try {
+ X500Principal subjectRDN = new X500Principal(subjectDN);
+ subject = createBCX509Name(subjectRDN.getName());
+ } catch (java.lang.IllegalArgumentException ex) {
+ subject = createBCX509Name(subjectDN);
+ }
+ Vector aliases = getAlias(subject, keystore);
//If we can't find the issuer in the keystore then look at cacerts
if (aliases.size() == 0 && cacerts != null) {
- aliases = getAlias(subjectRDN, cacerts);
+ aliases = getAlias(subject, cacerts);
}
// Convert the vector into an array
@@ -820,7 +835,10 @@ public abstract class CryptoBase impleme
return true;
}
- private Vector getAlias(X500Principal subjectRDN, KeyStore store) throws
WSSecurityException {
+ /**
+ * The subjectRDN argument is either an X500Principal or a BouncyCastle
X509Name instance.
+ */
+ private Vector getAlias(Object subjectRDN, KeyStore store) throws
WSSecurityException {
// Store the aliases found
Vector aliases = new Vector();
Certificate cert = null;
@@ -842,8 +860,9 @@ public abstract class CryptoBase impleme
}
if (cert instanceof X509Certificate) {
X500Principal foundRDN = ((X509Certificate)
cert).getSubjectX500Principal();
+ Object certName = createBCX509Name(foundRDN.getName());
- if (subjectRDN.equals(foundRDN)) {
+ if (subjectRDN.equals(certName)) {
aliases.add(alias);
}
}
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS86.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS86.java?rev=948393&r1=948392&r2=948393&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS86.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS86.java
Wed May 26 11:02:22 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package wssec;
@@ -153,6 +155,19 @@ public class TestWSSecurityWSS86 extends
}
/**
+ * A unit test...
+ */
+ public void testGetAliasWithReversedDN() throws Exception {
+ String issuer =
"C=DE,ST=Bayern,L=Munich,O=Apache,OU=WSS4J,CN=Werner,[email protected]";
+
+ String alias = crypto.getAliasForX509Cert(issuer);
+ assertNotNull("Alias not found using a reversed DN", alias);
+
+ String[] aliases = crypto.getAliasesForDN(issuer);
+ assertNotNull("Alias not found using a reversed DN", aliases[0]);
+ }
+
+ /**
* Test signing a SOAP message using a cert with an OID
*/
public void testSignatureOID() throws Exception {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
