[
https://issues.apache.org/jira/browse/WSS-225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12873941#action_12873941
]
Colm O hEigeartaigh commented on WSS-225:
-----------------------------------------
Are you sure you're using WSS4J 1.5.9-SNAPSHOT and not trunk? Trunk will not
work with Rampart at the moment. In any case, that method signature does not
exist in WSS4J.
You can checkout the rampart trunk here:
http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
WSS4J 1.5.9-SNAPSHOT is here:
https://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes
Colm.
> 'Unprintable' characters in Distinguished Name causing comparison failure
> -------------------------------------------------------------------------
>
> Key: WSS-225
> URL: https://issues.apache.org/jira/browse/WSS-225
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.8
> Environment: XP, Java 1.6
> Reporter: Tom Trader
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
>
> Certain characters used in elements of a DN are considered unprintable as per
> RFC2252. The underscore '_' character is one of these characters.
> If the certificate is read from a java key store, and using the
> ((X509Certificate) cert).getSubjectX500Principal() to obtain the
> X500Principal, and doing a getName(X500Principal.CANONICAL) on it I find that
> its common name has been hex encoded as follows:
> cn=#14076d795f74657374
> In the getAlias method of org.apache.ws.security.components.crypto.CryptoBase
> the equal method of X500Principal is used to compare certificates in a trust
> store against a given DN.
> The canonical form of the DN is used in this comparison.
> The problem is that the given DN X500Prinicpal object is created using the
> X500Principal(String DN) constructor. This object results in a canonical name
> that is not encoded. So the equal comparison fails as the cert from the
> keystore is encoded and the given one isn't.
> Here's a suggested change that overcomes this problem:
> private Vector getAlias(X500Principal subjectRDN, KeyStore store) throws
> WSSecurityException {
> // Store the aliases found
> Vector aliases = new Vector();
> Certificate cert = null;
>
> try {
> for (Enumeration e = store.aliases(); e.hasMoreElements();) {
> String alias = (String) e.nextElement();
> Certificate[] certs = store.getCertificateChain(alias);
> if (certs == null || certs.length == 0) {
> // no cert chain, so lets check if getCertificate gives
> us a result.
> cert = store.getCertificate(alias);
> if (cert == null) {
> return null;
> }
> certs = new Certificate[]{cert};
> } else {
> cert = certs[0];
> }
> if (cert instanceof X509Certificate) {
> X500Principal foundRDN = ((X509Certificate)
> cert).getSubjectX500Principal();
> X500Principal foundRDNUnencoded = new
> X500Principal(foundRDN.getName(X500Principal.RFC1779));
> if (subjectRDN.equals(foundRDNUnencoded)) {
> aliases.add(alias);
> }
> }
> }
> } catch (KeyStoreException e) {
> throw new WSSecurityException(
> WSSecurityException.FAILURE, "keystore", null, e
> );
> }
> return aliases;
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
