-
Bug
-
Resolution: Fixed
-
P3
-
1.4.0
-
None
-
beta3
-
generic
-
generic
Suppose you have a grant like this:
grant principal "someAlias" {
...
};
PolicyFile uses x509Cert.getSubjectDN().getName() to get the name string from the certificate associated with the alias, which ends up being X500Name.getName(), which returns a string in RFC 1779 format. But when PolicyFile extracts principal names from a protection domain (in getPermissions), it uses getName() on the principal, which for an X500Principal returns a string in RFC 2253 format, and so the string compare fails.
grant principal "someAlias" {
...
};
PolicyFile uses x509Cert.getSubjectDN().getName() to get the name string from the certificate associated with the alias, which ends up being X500Name.getName(), which returns a string in RFC 1779 format. But when PolicyFile extracts principal names from a protection domain (in getPermissions), it uses getName() on the principal, which for an X500Principal returns a string in RFC 2253 format, and so the string compare fails.