Bug 3623 - org.globus.gsi.CertUtil functionality/comment problem
: org.globus.gsi.CertUtil functionality/comment problem
Status: RESOLVED FIXED
: CoG jglobus
security
: 1.2
: All Windows XP
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2005-08-05 13:30 by
Modified: 2005-12-05 17:03 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2005-08-05 13:30:04
The functionality of CertUtil.toGlobusID(String dn), CertUtil.toGlobusID(String
dn, boolean reverse), and CertUtil.toGlobusID(Principle name) is not intuative.
 From the comments on CertUtil.toGlobusID(String dn) and
CertUtil.toGlobusID(String dn, boolean reverse) it seems as though the methods
simply tokenize the DN, parse the tokens, remove commas and replace them with
slashes.  This is howerver not the case.  It actually reverses the ordering of
the tokens as well so the comment:

/**
     * Converts DN of the form "CN=foo, O=bar" into Globus 
     * format "/CN=foo/O=bar". This function might return incorrect 
     * Globus-formatted ID when one of the RDNs in the DN contains commas.
     *
     * @param dn the DN to convert to Globus format.
     * @param reverse the direction of the conversion.
     * @return the converted DN in Globus format.
     */

should actually read:

/**
     * Converts DN of the form "CN=foo, O=bar" into Globus 
     * format "/O=bar/CN=foo". 
....

*/

Notice that the values foo and bar are reversed.  When trying to figure out why
my DNs were getting reversed I decided to use the toGlobusID method with an
additional boolean parameter "reverse" thinking that specifying a value of
"true" would put my reversed DN back into the original format.  This does not
work because the default value of CertUtil.toGlobusID(String dn) and
CertUtil.toGlobusID(Principle name) is to call CertUtil.toGlobusID(String dn,
boolean reverse) with the value "true".

In order to fix my DN reverse issue I had to call CertUtil.toGlobusID(String dn,
boolean reverse) with the reverse value of false, thus telling the toGlobusID
method to not reverse my DN.  

The default value of reversing a DN should be to leave the DN in its original
order and only replace ',' with '/' according to the comment.  If the
functionality is not changed in CertUtil.toGlobusID to not reverse the DN then
the comment should be changed and user warned about the functionality.  A full
description or elaborated description of these methods are needed. 

I had to contact Rachana to find out that this was the functionality which most
developers will not have the ability to do.  
     *
------- Comment #1 From 2005-08-05 13:52:40 -------
well, yes and no, I think.  The typical comma'd DN format is to have the CN
first, like in LDAP (rfc2253), and the typical Globus format has CN last. 
Changing to NOTABUG unless you strongly disagree.  I think the javadoc could use
enhancement maybe. 
------- Comment #2 From 2005-08-05 13:59:39 -------
Forget I said maybe, sorry.  I think the parameter should be changed to
"noreverse" and the javadoc fixed.
------- Comment #3 From 2005-08-05 15:23:29 -------
I agree.  A parameter change, updated javadoc and comment updates would be
great.  So should this be reopend as a bug or possibly somehow list as an
enhancement?
------- Comment #4 From 2005-08-07 21:35:19 -------
I'll fix the javadocs.
------- Comment #5 From 2005-08-08 11:30:47 -------
I updated the parameter and javadocs appropriately.
------- Comment #6 From 2005-08-08 11:47:40 -------
Great, Thanks Jarek!