Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PAYARA-3789 Unify DN Representation #4042

Merged

Conversation

@Pandrex247
Copy link
Member

commented Jun 12, 2019

Should also stop requiring OIDs for most known fields (e.g. EMAILADDRESS)

@Pandrex247 Pandrex247 requested review from arjantijms and rdebusscher Jun 12, 2019

@Pandrex247

This comment has been minimized.

Copy link
Member Author

commented Jun 12, 2019

Jenkins test please

@rdebusscher
Copy link
Contributor

left a comment

Some duplicates in Map

oidMapInitialiser.put("0.9.2342.19200300.100.1.1", "UID");
oidMapInitialiser.put("0.9.2342.19200300.100.1.25", "DC");
oidMapInitialiser.put("1.2.840.113549.1.9.1", "EMAIL");
oidMapInitialiser.put("1.2.840.113549.1.9.1", "EMAILADDRESS");

This comment has been minimized.

Copy link
@rdebusscher

rdebusscher Jun 13, 2019

Contributor

Duplicate, so always EMAILADDRESS used and never EMAIL.

@Pandrex247

This comment has been minimized.

Copy link
Member Author

commented Jun 13, 2019

I seem to have broken it with my recent changes, will reopen once it's all working again.

@Pandrex247 Pandrex247 closed this Jun 13, 2019

@Pandrex247 Pandrex247 reopened this Jun 14, 2019

@Pandrex247

This comment has been minimized.

Copy link
Member Author

commented Jun 14, 2019

Also tested using IAIK provider and seems to work

@Pandrex247

This comment has been minimized.

Copy link
Member Author

commented Jun 14, 2019

Jenkins test please

@@ -101,7 +103,30 @@

// Descriptive string of the authentication type of this realm.
public static final String AUTH_TYPE = "certificate";

public static final Map<String, String> oidMap;

This comment has been minimized.

Copy link
@rdebusscher

rdebusscher Jun 16, 2019

Contributor

OID_MAP as name?

@@ -173,7 +176,7 @@ private static String getPrincipalName(X509Certificate[] certificates, SecurityC
// Use the full DN name from the certificates. This should normally be the same as
// context.getCallerPrincipal(), but a realm could have decided to map the name in which
// case they will be different.
return certificates[0].getSubjectX500Principal().getName();
return certificates[0].getSubjectX500Principal().getName(X500Principal.RFC2253, CertificateRealm.oidMap);

This comment has been minimized.

Copy link
@rdebusscher

rdebusscher Jun 16, 2019

Contributor

We are using getName(X500Principal.RFC2253, CertificateRealm.oidMap) several times. Make a utility method so that X500Principal representation is only in 1 place for future?

This comment has been minimized.

Copy link
@Pandrex247

Pandrex247 Jun 17, 2019

Author Member

I'm not sure that's really worth it? Unless I'm misunderstanding you we'd just be replacing certificates[0].getSubjectX500Principal().getName(X500Principal.RFC2253, CertificateRealm.oidMap) with CertificateRealm.getX500PrincipalSubjectName(certificates[0]).

It seems fragile to me to store the name of the certificate somewhere outside of the actual certificate itself.

Also, it isn't strictly necessary for me to put the full X500Principal.RFC2253 stuff everywhere, it's me just being safe. From my testing as long as you get the name in this manner from the CertificateRealm it propagates outward such that simply doing getName() will still have the OIDs translated.

@cubastanley
Copy link
Contributor

left a comment

I second Rudy's requested changes but other than those I think it's good

@Pandrex247

This comment has been minimized.

Copy link
Member Author

commented Jun 17, 2019

Jenkins test please

@Pandrex247 Pandrex247 merged commit e0dc919 into payara:master Jun 17, 2019

59 checks passed

Payara Quick Build and Test Quick build and test passed!
Details
security/snyk - api/payara-api/pom.xml (payara-ci) No new issues
Details
security/snyk - api/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/admin/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/admingui/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/ant-tasks/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/appclient/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/batch/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/common/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/concurrent/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/connectors/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/core/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/deployment/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/distributions/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/ejb/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/extras/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/featuresets/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/flashlight/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/grizzly/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/ha/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/installer/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/javaee-api/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/jdbc/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/jms/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/load-balancer/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/orb/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/osgi-platforms/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/packager/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/payara-appserver-modules/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/persistence/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/registration/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/resources/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/security/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/tests/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/transaction/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/web/pom.xml (payara-ci) No new issues
Details
security/snyk - appserver/webservices/pom.xml (payara-ci) No new issues
Details
security/snyk - copyright/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/admin/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/cluster/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/common/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/core/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/deployment/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/diagnostics/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/distributions/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/flashlight/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/grizzly/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/hk2/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/osgi-platforms/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/packager/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/payara-modules/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/resources-l10n/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/resources/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/security/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/test-utils/pom.xml (payara-ci) No new issues
Details
security/snyk - nucleus/tests/pom.xml (payara-ci) No new issues
Details
security/snyk - pom.xml (payara-ci) No new issues
Details

@Pandrex247 Pandrex247 deleted the Pandrex247:PAYARA-3789-Unify-DN-Representation branch Jun 17, 2019

@Pandrex247

This comment has been minimized.

Copy link
Member Author

commented Jun 17, 2019

PAYARA-3937 Created to track code improvement request.

Cousjava pushed a commit to Cousjava/Payara that referenced this pull request Aug 21, 2019
Merge pull request payara#4042 from Pandrex247/PAYARA-3789-Unify-DN-R…
…epresentation

PAYARA-3789 Unify DN Representation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.