[OPENDJ-6113] DN BER encoded values and unrecognized types are not handled correctly Created: 19/Mar/19  Updated: 08/Nov/19  Resolved: 22/Mar/19

Status: QA Backlog
Project: OpenDJ
Component/s: core apis
Affects Version/s: 7.0.0
Fix Version/s: 7.0.0

Type: Bug Priority: Major
Reporter: Matthew Swift Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: backport-candidate

Issue Links:
is backported by OPENDJ-6731 Backport OPENDJ-6113: DN BER encoded ... Done
is required by OPENAM-14570 OAuth mTLS DN comparison fails when D... Resolved
caused OPENDJ-6157 Exception during FilterChain executio... Done
relates to OPENDJ-2776 Searches return DNs containing illega... Done
Epic Link: Bugs 7.0
Story Points: 3
Dev Assignee: Matthew Swift


The AVA class should conform to the follow rules when decoding and encoding the string representation of an AVA:

  • Ava.valueOf(string).toString() should always preserve the original user provided representation. In particular, if the user provided an unusual attribute name during parsing, then it should be kept in the encoded string representation. Likewise, the original encoding of the attribute value should be preserved - LDAP, legacy (hex), or BER
  • when an AVA is constructed then we should take care to follow the rules defined in RFC 4514 section 2.3 and 2.4:
    • if the attribute name is numeric then attempt to BER encode the value
    • if the attribute name is unrecognized then assume that the value is human-readable and encode it as a string
    • if the attribute name is recognized then encode it as a string or BER depending on whether its syntax is human-readable.

There are a number of bugs at the moment:

  • BER values are not decoded correctly: instead of parsing them as ASN.1 they are simply decoded as HEX. Likewise for encoding of BER values
  • the original representation of attribute values is not preserved. The toString() method encodes octet-string values as UTF-8 strings, unless the attribute name is a numeric OID
  • unrecognized attribute types are treated as octet string syntax requiring the octet string syntax to be flagged as human readable in order to cope with the common case
  • unrecognized attribute types whose name is a numeric OID are decoded as a placeholder attribute type whose numeric OID has the string "-oid" appended.

Generated at Mon Aug 10 00:19:40 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.