From ab0cb37875648abfc07e7d781fa91c368f67d313 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Tue, 25 Jul 2017 18:02:02 -0700
Subject: [PATCH] Ticket #2788 Missing CN in user signing cert would cause
error in cmc user-signed This patch takes care of the issue that
CMCUserSignedAuth cannot handle cases when CN is not in the subjectDN
Change-Id: Ieac0712d051dcb993498d9680f005c04158b5549
(cherry picked from commit 507a8888b6eccfe716ca7bc4647f71cee973afcf)
---
.../netscape/cms/authentication/CMCUserSignedAuth.java | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
index e11a34427..7f872c83d 100644
--- a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
+++ b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
@@ -371,9 +371,9 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo,
} else {
CMS.debug(method + "signed with user cert");
userid = userToken.getInString("userid");
- uid = userToken.getInString("cn");
+ uid = userToken.getInString("id");
if (userid == null && uid == null) {
- msg = " verifySignerInfo failure... missing userid and cn";
+ msg = " verifySignerInfo failure... missing id";
CMS.debug(method + msg);
throw new EBaseException(msg);
}
@@ -1069,7 +1069,8 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo,
// cert subject principal later in CMCOutputTemplate
// in case of user signed revocation
auditContext.put(SessionContext.CMC_SIGNER_PRINCIPAL, cmcPrincipal);
- auditContext.put(SessionContext.CMC_SIGNER_INFO, cmcPrincipal.getCommonName());
+ auditContext.put(SessionContext.CMC_SIGNER_INFO,
+ cmcPrincipal.toString());
// check ssl client cert against cmc signer
if (!clientPrincipal.equals(cmcPrincipal)) {
@@ -1160,13 +1161,13 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo,
IAuthToken tempToken = new AuthToken(null);
netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN();
- String CN = tempPrincipal.getCommonName(); //tempToken.get("userid");
- CMS.debug(method + " Principal name = " + CN);
+ String ID = tempPrincipal.toString(); //tempToken.get("userid");
+ CMS.debug(method + " Principal name = " + ID);
BigInteger certSerial = x509Certs[0].getSerialNumber();
CMS.debug(method + " verified cert serial=" + certSerial.toString());
authToken.set(IAuthManager.CRED_CMC_SIGNING_CERT, certSerial.toString());
- tempToken.set("cn", CN);
+ tempToken.set("id", ID);
s.close();
return tempToken;
@@ -1221,9 +1222,8 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo,
netscape.security.x509.X500Name principal =
(X500Name) cert.getSubjectDN();
- String CN = principal.getCommonName();
- CMS.debug(method + " Principal name = " + CN);
- auditContext.put(SessionContext.USER_ID, CN);
+ CMS.debug(method + " Principal name = " + principal.toString());
+ auditContext.put(SessionContext.USER_ID, principal.toString());
}
public String[] getExtendedPluginInfo(Locale locale) {
--
2.13.5