Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11903

X509EvidenceVerifier.SubjectDnCertificateVerifier denies correct Subject DN due to incorrectly used equals

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 7.2.0.CD12
    • 7.1.0.ER1
    • Security

      X509EvidenceVerifier.SubjectDnCertificateVerifier verifies Subject DN based on String.equals method [1]. It means that valid Subject DN can be incorrectly denied because it includes (or does not include) space before comma etc.

      Example:
      When passed certificate includes DN CN=user,OU=EAP QE,... and LDAP entry includes entry with attribute value CN=user, OU=EAP QE, ... then it is not successfully verified.

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc759418105535cd4735c46d90/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java#L127

              yborgess1@redhat.com Yeray Borges Santana
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: