[jboss-jira] [JBoss JIRA] (ELY-1274) X509EvidenceVerifier.SubjectDnCertificateVerifier denies correct Subject DN due to incorrectly used equals
Yeray Borges (JIRA)
issues at jboss.org
Tue Jul 4 05:39:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yeray Borges reassigned ELY-1274:
---------------------------------
Assignee: Yeray Borges (was: Darran Lofthouse)
> X509EvidenceVerifier.SubjectDnCertificateVerifier denies correct Subject DN due to incorrectly used equals
> ----------------------------------------------------------------------------------------------------------
>
> Key: ELY-1274
> URL: https://issues.jboss.org/browse/ELY-1274
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta52
> Reporter: Ondrej Lukas
> Assignee: Yeray Borges
> Priority: Critical
>
> X509EvidenceVerifier.SubjectDnCertificateVerifier verifies Subject DN based on String.equals method [1]. It means that valid Subject DN can be incorrectly denied because it includes (or does not include) space before comma etc.
> Example:
> When passed certificate includes DN {{CN=user,OU=EAP QE,...}} and LDAP entry includes entry with attribute value {{CN=user, OU=EAP QE, ...}} then it is not successfully verified.
> [1] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc759418105535cd4735c46d90/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java#L127
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list