[jboss-jira] [JBoss JIRA] (ELY-1274) X509EvidenceVerifier.SubjectDnCertificateVerifier denies correct Subject DN due to incorrectly used equals
Ondrej Lukas (JIRA)
issues at jboss.org
Fri Jun 30 09:13:01 EDT 2017
Ondrej Lukas created ELY-1274:
---------------------------------
Summary: X509EvidenceVerifier.SubjectDnCertificateVerifier denies correct Subject DN due to incorrectly used equals
Key: ELY-1274
URL: https://issues.jboss.org/browse/ELY-1274
Project: WildFly Elytron
Issue Type: Bug
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
X509EvidenceVerifier.SubjectDnCertificateVerifier verifies Subject DN based on String.equals method [1]. It means that valid Subject DN can be incorrectly denied because it includes (or does not include) space before comma etc.
Example:
When passed certificate includes DN {{CN=user,OU=EAP QE,...}} and LDAP entry includes entry with attribute value {{CN=user, OU=EAP QE, ...}} then it is not successfully verified.
[1] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc759418105535cd4735c46d90/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java#L127
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list