[jbossws-users] [JBossWS] - X509 Certificate issuer comparison

Wednesday, 9 July 2008

Grant Sheppar says:
anonymous wrote : Hi Alessio,
  | 
  | I'm relatively new to JBoss so I'm not sure whether what I've found is a
bug however it seems to be. In the org.jboss.ws.extensions.security.SecurityStore class
there is a method getCertificateByIssuerSerial(String issuer, String serial) that attempts
to find a X509Certificate based on the given issuer and serial.  The method iterates over
the stored certificates and compare the issuer and serial given with the issuer and serial
from each certificate. The comparison of the issuer (based on the DN of the cert) is a
simple string comparison which does not take into account the various formats that a DN
can take (see RFC 2253). So if a client sends an issuer DN that is not identical to one
stored in a cert then the match fails.
  | 
  | The solution I think would be to take the component parts of the DN and do the
comparison based on these individual parts, ignoring any separator characters or extra
whitespace.
  | 
  | Hope this makes sense and helps,
  | 
  | Regards,
  | 
  | Grant Sheppard 

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163199#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jbossws-users] [JBossWS] - X509 Certificate issuer comparison