directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Seelmann (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-1198) Requests of usercertificate;binary are not supported
Date Thu, 10 Jul 2008 13:22:32 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12612484#action_12612484
] 

Stefan Seelmann commented on DIRSERVER-1198:
--------------------------------------------

Moved back to Server. I found two more bugs:


1st)
There is a problem when writing ;binary values greater than 0x80. The following test write
four bytes 0x80, 0x81, 0x82, 0x83 when reading it from the server I get 12 bytes.

    /**
     * Add a new ;binary attribute with bytes greater than 0x80
     * to a person entry.
     * Test for DIRSERVER-1146
     * 
     * @throws NamingException
     */
    public void testAddNewBinaryAttributeValue0x80() throws NamingException
    {
        // Add a ;binary attribute with high-bytes 
        byte[] newValue = new byte[]{(byte)0x80, (byte)0x81, (byte)0x82, (byte)0x83};
        Attributes attrs = new AttributesImpl( "userCertificate;binary", newValue );
        ctx.modifyAttributes( RDN_TORI_AMOS, DirContext.ADD_ATTRIBUTE, attrs );
        
        // Verify, that attribute value is added
        attrs = ctx.getAttributes( RDN_TORI_AMOS );
        Attribute attr = attrs.get( "userCertificate" );
        assertNotNull( attr );
        assertTrue( attr.contains( newValue ) );
        byte[] certificate = (byte[])attr.get();
        assertTrue( Arrays.equals( newValue, certificate ) );
        assertEquals( 1, attr.size() );
    }



2nd)
Reading the entry and requesting userCertificate;binary (including the ;binary) doesn't work

    /**
     * Retrieve a ;binary attribute from a person entry.
     * Test for DIRSERVER-1146
     * 
     * @throws NamingException
     */
    public void testRetrieveEntryWithBinaryAttributeValue() throws NamingException
    {
        // Add a ;binary attribute
        byte[] newValue = new byte[]{0x00, 0x01, 0x02, 0x03};
        Attributes attrs = new AttributesImpl( "userCertificate;binary", newValue );
        ctx.modifyAttributes( RDN_TORI_AMOS, DirContext.ADD_ATTRIBUTE, attrs );
        
        // Search entry an request ;binary attribute
        SearchControls sctls = new SearchControls();
        sctls.setSearchScope(SearchControls.OBJECT_SCOPE);
        sctls.setReturningAttributes( new String[]{ "userCertificate;binary" } );
        String filter = "(objectClass=*)";
        String base = RDN_TORI_AMOS;
        
        // Test that ;binary attribute is present
        NamingEnumeration<SearchResult> enm = ctx.search( base, filter, sctls);
        assertTrue(enm.hasMore());
        while (enm.hasMore()) {
            SearchResult sr = enm.next();
            attrs = sr.getAttributes();
            Attribute attr = attrs.get("userCertificate;binary");
            assertNotNull(attr);
            assertTrue( attr.contains( newValue ) );
            byte[] certificate = (byte[])attr.get();
            assertTrue( Arrays.equals( newValue, certificate ) );
            assertEquals( 1, attr.size() );
        }
    }



> Requests of usercertificate;binary are not supported
> ----------------------------------------------------
>
>                 Key: DIRSERVER-1198
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1198
>             Project: Directory ApacheDS
>          Issue Type: Bug
>            Reporter: Chris Trobridge
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.5.3
>
>
> ApacheDS only supports the retrieval of certificates without the ;binary transfer suffix.
> RFC4523 states certificates must be transferred using the ;binary transfer option.
> In practice we have clients in the field that are making requests both with and without
the option so we'd need support for both methods to be able to consider deploying ApacheDS.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message