search

OpenBankingToolkit / cdr-standards-application-services

ForgeRock Consumer Data Right Standards Application Services is an example of how you can bundle all the micro-services together to create an CDR eco-system
1 stars 1 forks source link

Incorrect certificateCn saved when registering a TPP #29

Open benjefferies opened 4 years ago

benjefferies commented 4 years ago

Describe the bug When I register a TPP the CN is being parsed incorrectly meaning the whole subject is used in place of the CN.

The way we currently try to get the CN

authentication.getCertificateChain()[0].getSubjectDN().toString()

The correct way to get the CN

        try {
            X500Name x500name = new JcaX509CertificateHolder(x509Certificate).getSubject();
            RDN cn = x500name.getRDNs(BCStyle.CN)[0];
            return IETFUtils.valueToString(cn.getFirst().getValue());
        } catch (CertificateEncodingException e) {
            return null;
        }

To Reproduce Steps to reproduce the behaviour:

  1. Do dynamic registration
  2. Investigate the tpp mongo collection db.tpp.find({}, {certificateCn: 1})

Expected behaviour

{ "_id" : "6f19ccbc-10db-43e6-a286-1b0e918b4722", "certificateCn" : "5e281d67ca5b7a0011693c97" }

Current behaviour

{ "_id" : "6f19ccbc-10db-43e6-a286-1b0e918b4722", "certificateCn" : "OID.2.5.4.97=PSDGB-FFA-5e281d67ca5b7a0011693c96, C=UK, ST=Avon, L=Bristol, O=ForgeRock, OU=5e281d67ca5b7a0011693c96, CN=5e281d67ca5b7a0011693c97" }
benjefferies commented 4 years ago

Equivalent changes in openbanking-reference-implementation https://github.com/OpenBankingToolkit/openbanking-reference-implementation/pull/105