Bug in class SignSW in SAML engine

Published on: 18/10/2010
Discussion

final String isu = certificate.getIssuerDN().getName(); if (serialNum.equalsIgnoreCase(serialNumber) && isu.equalsIgnoreCase(issuer)) { alias = aliasCert; find = true; } isu.equalsIgnoreCase(issuer) compares the complete DN of a certificate as String. However, the String returned by certificate.getIssuerDN().getName() depends on the underlying implementation and registered security provider. Thus the complete DN must not be compared but only the individual elements of the DN separately. This means individual comparison of e.g. CN, O, L... of the certificate's DN.



HardwareAll
ProductCommon functionalities
Operating SystemAll
ComponentSAML engine
VersionNone
Severitynormal
ResolutionAccepted As Bug

Component

Code

Category

Bugs

Comments

Mon, 12/12/2011 - 18:11

Has been solved in March

Wed, 14/12/2011 - 09:50