jax-ws
  1. jax-ws
  2. JAX_WS-1148

Replace usage of X509Certificate.getIssuerDN() with getIssuerX500Principal()

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2.7
    • Fix Version/s: None
    • Component/s: runtime
    • Labels:
      None

      Description

      X509Certificate.getIssuerDN() should not be used any more, X509Certificate.getIssuerX500Principal() should be used instead, see:
      http://docs.oracle.com/javase/7/docs/api/java/security/cert/X509Certificate.html#getIssuerDN%28%29

      Some JCE provider like Bouncy Castle return a wrongly formated String there, because it is not specified.

      The return value of "xCert.getIssuerDN().getName()" on a X509Certificate is not specified, but metro assumes that it is a string formated accordingly to RFC 4514 section 2.1, because http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html says so.

      When replacing this call with getIssuerX500Principal() Bouncy Castle returns the correctly formated string.

      The main Problem I see is in ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/opt/impl/keyinfo/X509TokenBuilder.java

      metro returns the following part in the Soap Webservice when using a certificate from Bouncy castle:

      <ds:KeyInfo>
      <wsse:SecurityTokenReference>
      <ds:X509Data>
      <ds:X509IssuerSerial>
      <ds:X509IssuerName>CN=bos CA eID Communication Certs,O=bremen online services,C=DE</ds:X509IssuerName>
      <ds:X509SerialNumber>904391263803916562</ds:X509SerialNumber>
      </ds:X509IssuerSerial>
      </ds:X509Data>
      </wsse:SecurityTokenReference>
      </ds:KeyInfo>

      The X509IssuerName element should be ordered the other way around.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            hme
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: