Please sign in to comment.
Change CertDN to print Subject DN strings similarly to Globus
The CertDN class is used in the new user operation to obtain the Subject DN when only the CN has been provided, or when an existing certificate is used. This Subject DN is printed as the result of the nimbus-new-user call, and is also added to the gridmap and the group-authz files. A problem appeared when a CN was containing an equal sign, such as Bob Oblaw_97/Emailfirstname.lastname@example.org. The existing CertDN code would escape this equal sign and produce Bob Oblaw_97/Email\=email@example.com. The escaped string would be used for the gridmap and group-authz files. However, Globus does not use escaped strings internally, and would fail to match the DN of a service request against these files. Another bug appears for certificates with emailAddress fields, such as CN=Bob Oblaw_97/emailAddressfirstname.lastname@example.org. In this case, Globus will recognize it as CN=Bob Oblaw_97/Eemail@example.com, and fail to find the DN in gridmap and group-authz. Changing the CertDN code to be closer to existing Globus code, namely org.globus.tools.CertInfo, creates Subject DN strings that Globus can recognize. Closes #75.
- Loading branch information...
Showing with 24 additions and 36 deletions.