Uploaded image for project: 'SignServer'
  1. SignServer
  2. DSS-1689

Adding an administrator by uploading a certificate does not grant access

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Cannot reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Issue discovered during:
      Customer

      Description

      When adding an administrator to SignServer by uploading a certificate, the administrator is not granted access because it seems like there is a mismatch between the stored subject DN and the subject DN loaded from the certificate.

      It should be investigated why this bug occurs, probably because we do a string comparison and the subject DN is reversed.

      An extract from the log file reveals the following:

      Jun  5 16:02:47 cos-signserver SignServer[2891] INFO  [AdminAuthHelper] ADMIN OPERATION; subjectDN=C=SE, O=PrimeKey, OU=Bug Department, CN=Bastian Fredriksson; serialNumber=XXX; issuerDN=C=SE, O=PrimeKey, OU=Bug Department, CN=PrimeKey Root; authorized=false; operation=getAllWorkers; arguments=;
      
      root@cos-signserver/100.127.255.7 [ /opt/signserver-ee/bin ]# ./signserver wsadmins -list
      Authorized administrators:
      XXX    CN=User1,OU=Bug Department,O=PrimeKey,C=SE
      ABC    CN=User2,OU=Bug Department,O=PrimeKey,C=SE
      GGG    C=SE, O=PrimeKey, OU=Bug Department, CN=User3
      UUU    CN=User4,OU=Bug Department,O=PrimeKey,C=SE
      ZZZ    CN=User5,OU=Bug Department,O=PrimeKey,C=SE
      

      The certificate with serial GG was added by clicking "Load current". The other four admins were added by uploading a certificate. As we can see, the subject DN is reversed when uploading a certificate.

      The order of subject DN attributes should not matter (if that's the source of the bug).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              markus Markus KilÄs
              Reporter:
              bastianf Bastian Fredriksson
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: