Author: klape
Date: 2012-02-02 13:16:56 -0500 (Thu, 02 Feb 2012)
New Revision: 15579
Added:
stack/native/branches/jbossws-native-3.1.2.SP7_JBPAPP-8007/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/IssuerMatchTestCase.java
Modified:
stack/native/branches/jbossws-native-3.1.2.SP7_JBPAPP-8007/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java
Log:
[JBPAPP-8007] Enhance X509 certificate issuer comparison
Modified:
stack/native/branches/jbossws-native-3.1.2.SP7_JBPAPP-8007/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2.SP7_JBPAPP-8007/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java 2012-02-02
18:15:39 UTC (rev 15578)
+++
stack/native/branches/jbossws-native-3.1.2.SP7_JBPAPP-8007/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java 2012-02-02
18:16:56 UTC (rev 15579)
@@ -49,6 +49,8 @@
import java.util.List;
import java.util.StringTokenizer;
+import javax.security.auth.x500.X500Principal;
+
import org.jboss.logging.Logger;
import org.jboss.ws.extensions.security.exception.FailedAuthenticationException;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
@@ -437,11 +439,12 @@
continue;
X509Certificate x509 = (X509Certificate)cert;
- if (issuer.equals(x509.getIssuerDN().toString()) &&
serial.equals(x509.getSerialNumber().toString()))
+ X500Principal principal = new X500Principal(issuer);
+ if (principal.equals(x509.getIssuerX500Principal()) &&
serial.equals(x509.getSerialNumber().toString()))
return x509;
}
}
- catch (KeyStoreException e)
+ catch (Exception e)
{
throw new WSSecurityException("Problems retrieving cert: " +
e.getMessage(), e);
}
Added:
stack/native/branches/jbossws-native-3.1.2.SP7_JBPAPP-8007/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/IssuerMatchTestCase.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2.SP7_JBPAPP-8007/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/IssuerMatchTestCase.java
(rev 0)
+++
stack/native/branches/jbossws-native-3.1.2.SP7_JBPAPP-8007/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/IssuerMatchTestCase.java 2012-02-02
18:16:56 UTC (rev 15579)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wssecurity;
+
+import java.net.URL;
+import java.security.cert.X509Certificate;
+
+import org.jboss.ws.extensions.security.SecurityStore;
+
+import org.jboss.wsf.test.JBossWSTest;
+
+public class IssuerMatchTestCase extends JBossWSTest
+{
+ public void testIssuerMatch() throws Exception
+ {
+ //The space at the beginning of the issuer string causes
+ //the signer to not match exactly
+ //TODO: get these values from the certificate
+ String issuer = " EMAILADDRESS=admin(a)jboss.com,
CN=jboss.com, OU=QA, O=JBoss
Inc., L=Snoqualmie Pass, ST=Washington, C=US";
+ String serial = "3";
+
+ URL keystoreUrl =
getResourceURL("jaxws/samples/wssecurity/wsse.keystore");
+ SecurityStore store = new SecurityStore(keystoreUrl, "jks",
"jbossws", null);
+ X509Certificate cert = store.getCertificateByIssuerSerial(issuer, serial);
+
+ assertNotNull("Certificate null?", cert);
+ }
+}