From ab0cb37875648abfc07e7d781fa91c368f67d313 Mon Sep 17 00:00:00 2001 From: Christina Fu Date: Tue, 25 Jul 2017 18:02:02 -0700 Subject: [PATCH] Ticket #2788 Missing CN in user signing cert would cause error in cmc user-signed This patch takes care of the issue that CMCUserSignedAuth cannot handle cases when CN is not in the subjectDN Change-Id: Ieac0712d051dcb993498d9680f005c04158b5549 (cherry picked from commit 507a8888b6eccfe716ca7bc4647f71cee973afcf) --- .../netscape/cms/authentication/CMCUserSignedAuth.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java index e11a34427..7f872c83d 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java @@ -371,9 +371,9 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, } else { CMS.debug(method + "signed with user cert"); userid = userToken.getInString("userid"); - uid = userToken.getInString("cn"); + uid = userToken.getInString("id"); if (userid == null && uid == null) { - msg = " verifySignerInfo failure... missing userid and cn"; + msg = " verifySignerInfo failure... missing id"; CMS.debug(method + msg); throw new EBaseException(msg); } @@ -1069,7 +1069,8 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, // cert subject principal later in CMCOutputTemplate // in case of user signed revocation auditContext.put(SessionContext.CMC_SIGNER_PRINCIPAL, cmcPrincipal); - auditContext.put(SessionContext.CMC_SIGNER_INFO, cmcPrincipal.getCommonName()); + auditContext.put(SessionContext.CMC_SIGNER_INFO, + cmcPrincipal.toString()); // check ssl client cert against cmc signer if (!clientPrincipal.equals(cmcPrincipal)) { @@ -1160,13 +1161,13 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, IAuthToken tempToken = new AuthToken(null); netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN(); - String CN = tempPrincipal.getCommonName(); //tempToken.get("userid"); - CMS.debug(method + " Principal name = " + CN); + String ID = tempPrincipal.toString(); //tempToken.get("userid"); + CMS.debug(method + " Principal name = " + ID); BigInteger certSerial = x509Certs[0].getSerialNumber(); CMS.debug(method + " verified cert serial=" + certSerial.toString()); authToken.set(IAuthManager.CRED_CMC_SIGNING_CERT, certSerial.toString()); - tempToken.set("cn", CN); + tempToken.set("id", ID); s.close(); return tempToken; @@ -1221,9 +1222,8 @@ public class CMCUserSignedAuth implements IAuthManager, IExtendedPluginInfo, netscape.security.x509.X500Name principal = (X500Name) cert.getSubjectDN(); - String CN = principal.getCommonName(); - CMS.debug(method + " Principal name = " + CN); - auditContext.put(SessionContext.USER_ID, CN); + CMS.debug(method + " Principal name = " + principal.toString()); + auditContext.put(SessionContext.USER_ID, principal.toString()); } public String[] getExtendedPluginInfo(Locale locale) { -- 2.13.5