[jboss-jira] [JBoss JIRA] (ELY-1587) X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3]
Martin Choma (JIRA)
issues at jboss.org
Mon May 21 05:43:00 EDT 2018
Martin Choma created ELY-1587:
---------------------------------
Summary: X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3]
Key: ELY-1587
URL: https://issues.jboss.org/browse/ELY-1587
Project: WildFly Elytron
Issue Type: Bug
Components: Certificate Authority, X.500
Affects Versions: 1.3.2.Final
Reporter: Martin Choma
Priority: Critical
Debugging revealed certificate use {{utf8String}} representation wherease Elytron is expecting {{printableString}}
In rfc 5280 [1] chapter 4.1.2.4. Issuer there is specified value of ssubject/issuer can be of 5 types
{code}
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
{code}
However Elytron X500 principal decoder [2] can handle only 2 of them PRINTABLE_STRING_TYPE and IA5_STRING_TYPE (not sure which type of rfc does that match)
Definitely missing {{utf8String}} (my case). Also revise for backward compatibility {{teletexString}}, {{bmpString}} and {{universalString}}
[1] https://www.ietf.org/rfc/rfc5280.txt
[2] https://github.com/wildfly-security/wildfly-elytron/blob/32ff7c17965b3ecae6be7ce1c9b96ab642ddc4ad/src/main/java/org/wildfly/security/x500/util/X500PrincipalUtil.java#L95
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list