[jira] Commented: (WSS-225) 'Unprintable' characters in Distinguished Name causing comparison failure

Mon, 31 May 2010 15:04:03 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12873800#action_12873800
 ] 

Tom Trader commented on WSS-225:
--------------------------------

Here's the exception I get:

Exception in thread "main" java.lang.NoSuchMethodError: 
org.apache.rampart.handler.WSDoAllSender.doSenderAction(ILorg/w3c/dom/Document;Lorg/apache/ws/security/handler/RequestData;Ljava/util/Vector;Z)V
        at 
org.apache.rampart.handler.WSDoAllSender.processBasic(WSDoAllSender.java:201)
        at 
org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:64)
        at 
org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
        at 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
        at 
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
        at 
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
        at 
com.btfin.sample.soapservice.v1.axis2stub.http.SOAPServiceStub.concatName(SOAPServiceStub.java:196)
        at 
com.btfin.icc.SOAPServiceHTTPClient.<init>(SOAPServiceHTTPClient.java:128)
        at 
com.btfin.icc.SOAPServiceHTTPClient.main(SOAPServiceHTTPClient.java:233)

I'm using the Rampart 1.5. I couldn't checkout the trunk for Rampart using the 
URL on their web site as it contained no source

Can you provide links to the Rampart/WSS4J snapshots you are using so I can 
test against them?



> 'Unprintable' characters in Distinguished Name causing comparison failure
> -------------------------------------------------------------------------
>
>                 Key: WSS-225
>                 URL: https://issues.apache.org/jira/browse/WSS-225
>             Project: WSS4J
>          Issue Type: Bug
>    Affects Versions: 1.5.8
>         Environment: XP,  Java 1.6
>            Reporter: Tom Trader
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.5.9, 1.6
>
>
> Certain characters used in elements of a DN are considered unprintable as per 
> RFC2252. The underscore '_' character is one of these characters. 
> If the certificate is read from a java key store, and using the 
> ((X509Certificate) cert).getSubjectX500Principal() to obtain the 
> X500Principal, and doing a getName(X500Principal.CANONICAL) on it I find that 
> its common name has been hex encoded as follows:
> cn=#14076d795f74657374
> In the getAlias method of org.apache.ws.security.components.crypto.CryptoBase 
> the equal method of X500Principal is used to compare certificates in a trust 
> store against a given DN.
> The canonical form of the DN is used in this comparison.
> The problem is that the given DN X500Prinicpal object is created using the 
> X500Principal(String DN) constructor. This object results in a canonical name 
> that is not encoded. So the equal comparison fails as the cert from the 
> keystore is encoded and the given one isn't.
> Here's a suggested change that overcomes this problem:
> private Vector getAlias(X500Principal subjectRDN, KeyStore store) throws 
> WSSecurityException {
>         // Store the aliases found
>         Vector aliases = new Vector();
>         Certificate cert = null;
>         
>         try {
>             for (Enumeration e = store.aliases(); e.hasMoreElements();) {
>                 String alias = (String) e.nextElement();
>                 Certificate[] certs = store.getCertificateChain(alias);
>                 if (certs == null || certs.length == 0) {
>                     // no cert chain, so lets check if getCertificate gives 
> us a  result.
>                     cert = store.getCertificate(alias);
>                     if (cert == null) {
>                         return null;
>                     }
>                     certs = new Certificate[]{cert};
>                 } else {
>                     cert = certs[0];
>                 }
>                 if (cert instanceof X509Certificate) {
>                     X500Principal foundRDN = ((X509Certificate) 
> cert).getSubjectX500Principal();
>                                       X500Principal foundRDNUnencoded = new 
> X500Principal(foundRDN.getName(X500Principal.RFC1779));
>                     if (subjectRDN.equals(foundRDNUnencoded)) {
>                         aliases.add(alias);
>                     }
>                 }
>             }
>         } catch (KeyStoreException e) {
>             throw new WSSecurityException(
>                 WSSecurityException.FAILURE, "keystore", null, e
>             );
>         }
>         return aliases;
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org

Reply via email to