[QPID-4875] [Java] The parsing logic for certificate subjects doesn't work properly in all cases - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.25
Component/s: Broker-J, Java Common, JMS AMQP 0-x
Labels:
None

Description

The Java code seems to contain two places where the certificate subjects are being parsed. One is used in the client:
common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
and the second is used in the broker:
broker/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java

Both are actually doing the same - extracting the CN and DC components from the subject and creating the username. It should be reconsidered whether we want to reuse the SSLUtil functionality from the common part of the code in the broker code as well.

However, a bigger problem is that the implementation in both places are not working correctly in all situations. One can very easily create a certificate with a subject / DN like this:
C=CZ,O=Scholz,OU="JAKUB CN=USER1"
such certificate actually doesn't contain a CN. But both current implementations will still identify the CN as USER1" in the code. I would expect that this will happen only in very rare cases, but it should still be handled properly.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

cert_parsing.patch
24/May/13 14:08
8 kB
Michal Zerola

Activity

People

Assignee:: Robbie Gemmell

Reporter:: Jakub Scholz

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 22/May/13 09:40

Updated:: 19/Feb/14 11:30

Resolved:: 31/Jul/13 13:06