Blob Blame History Raw
From ab0cb37875648abfc07e7d781fa91c368f67d313 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Tue, 25 Jul 2017 18:02:02 -0700
Subject: [PATCH] Ticket #2788 Missing CN in user signing cert would cause
 error in cmc user-signed This patch takes care of the issue that
 CMCUserSignedAuth cannot handle cases when CN is not in the subjectDN

Change-Id: Ieac0712d051dcb993498d9680f005c04158b5549
(cherry picked from commit 507a8888b6eccfe716ca7bc4647f71cee973afcf)
---
 .../netscape/cms/authentication/CMCUserSignedAuth.java | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
index e11a34427..7f872c83d 100644
--- a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
+++ b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
@@ -371,9 +371,9 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo,
                             } else {
                                 CMS.debug(method + "signed with user cert");
                                 userid = userToken.getInString("userid");
-                                uid = userToken.getInString("cn");
+                                uid = userToken.getInString("id");
                                 if (userid == null && uid == null) {
-                                    msg = " verifySignerInfo failure... missing userid and cn";
+                                    msg = " verifySignerInfo failure... missing id";
                                     CMS.debug(method + msg);
                                     throw new EBaseException(msg);
                                 }
@@ -1069,7 +1069,8 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo,
                             // cert subject principal later in CMCOutputTemplate
                             // in case of user signed revocation
                             auditContext.put(SessionContext.CMC_SIGNER_PRINCIPAL, cmcPrincipal);
-                            auditContext.put(SessionContext.CMC_SIGNER_INFO, cmcPrincipal.getCommonName());
+                            auditContext.put(SessionContext.CMC_SIGNER_INFO,
+                                cmcPrincipal.toString());
 
                             // check ssl client cert against cmc signer
                             if (!clientPrincipal.equals(cmcPrincipal)) {
@@ -1160,13 +1161,13 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo,
 
                         IAuthToken tempToken = new AuthToken(null);
                         netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN();
-                        String CN = tempPrincipal.getCommonName(); //tempToken.get("userid");
-                        CMS.debug(method + " Principal name = " + CN);
+                        String ID = tempPrincipal.toString(); //tempToken.get("userid");
+                        CMS.debug(method + " Principal name = " + ID);
 
                         BigInteger certSerial = x509Certs[0].getSerialNumber();
                         CMS.debug(method + " verified cert serial=" + certSerial.toString());
                         authToken.set(IAuthManager.CRED_CMC_SIGNING_CERT, certSerial.toString());
-                        tempToken.set("cn", CN);
+                        tempToken.set("id", ID);
 
                         s.close();
                         return tempToken;
@@ -1221,9 +1222,8 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo,
         netscape.security.x509.X500Name principal =
                 (X500Name) cert.getSubjectDN();
 
-        String CN = principal.getCommonName();
-        CMS.debug(method + " Principal name = " + CN);
-        auditContext.put(SessionContext.USER_ID, CN);
+        CMS.debug(method + " Principal name = " + principal.toString());
+        auditContext.put(SessionContext.USER_ID, principal.toString());
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
-- 
2.13.5