@Override public String toString() { return "userName: " + getUsername(); } }
public String getUsername() { if (this.userName == null) { Properties prop = new Properties(); this.userName = getCertificatePrincipal().getName(); try { prop.load(new StringReader(userName.replaceAll(",", "\n"))); } catch (IOException e) { e.printStackTrace(); } userName = prop.getProperty("CN"); } return this.userName; }
Agent agent = identityStore.getAgent(certCredentials.getUsername()); certCredentials.setStatus(Status.INVALID); X509Certificate storedCert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream( certBytes)); X509Cert providedCert = certCredentials.getCertificate(); certCredentials.setStatus(Status.VALID);
X509Certificate clientCert = getTestingCertificate("servercert.txt"); X509Cert certCredential = new X509Cert(clientCert); X509CertificateCredentials credential = new X509CertificateCredentials(certCredential); User user = loadOrCreateUser(credential.getUsername(), true); Assert.assertEquals(Status.VALID, credential.getStatus()); X509CertificateCredentials badCredential = new X509CertificateCredentials(badClientCertCredential); badCredential.setUserName(user.getId()); Assert.assertEquals(Status.INVALID, badCredential.getStatus());
@Override public void extractCredential(HttpServletRequest request, DefaultLoginCredentials creds) { X509Certificate[] clientCerts = getClientCertificate(request); if (clientCerts != null && clientCerts.length > 0) { X509CertificateCredentials credential = new X509CertificateCredentials(clientCerts[0], config.getSubjectRegex()); credential.setTrusted(true); creds.setCredential(credential); } }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final X509CertificateCredentials credentials, CredentialStore<?> store) { X509CertificateStorage certificateStorage = (X509CertificateStorage) storage; if (!credentials.isTrusted()) { try { byte[] certBytes = Base64.decode(certificateStorage.getBase64Cert()); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate storedCert = (X509Certificate) certFactory .generateCertificate(new ByteArrayInputStream(certBytes)); X509Certificate providedCert = credentials.getCertificate(); return storedCert.equals(providedCert); } catch (Exception e) { throw new IdentityManagementException("Error while checking user's certificate.", e); } } return true; }
@Override public void extractCredential(HttpServletRequest request, DefaultLoginCredentials creds) { X509Certificate[] clientCerts = getClientCertificate(request); if (clientCerts != null && clientCerts.length > 0) { X509CertificateCredentials credential = new X509CertificateCredentials(clientCerts[0], config.getSubjectRegex()); credential.setTrusted(true); creds.setCredential(credential); } }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final X509CertificateCredentials credentials, CredentialStore<?> store) { X509CertificateStorage certificateStorage = (X509CertificateStorage) storage; if (!credentials.isTrusted()) { try { byte[] certBytes = Base64.decode(certificateStorage.getBase64Cert()); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate storedCert = (X509Certificate) certFactory .generateCertificate(new ByteArrayInputStream(certBytes)); X509Certificate providedCert = credentials.getCertificate(); return storedCert.equals(providedCert); } catch (Exception e) { throw new IdentityManagementException("Error while checking user's certificate.", e); } } return true; }
@Override public void extractCredential(HttpServletRequest request, DefaultLoginCredentials creds) { X509Certificate[] clientCerts = getClientCertificate(request); if (clientCerts != null && clientCerts.length > 0) { X509CertificateCredentials credential = new X509CertificateCredentials(clientCerts[0], config.getSubjectRegex()); credential.setTrusted(true); creds.setCredential(credential); } }
@Override public String toString() { return "userName: " + getUsername(); } }
public String getUsername() { if (this.userName == null) { this.userName = getCertificatePrincipal().getName(); if (subjectRegex == null) { try { LdapName ldapName = new LdapName(this.userName); this.userName = ldapName.getRdn(ldapName.size() - 1).getValue().toString(); } catch (Exception e) { throw new IdentityManagementException("Could not extract CN from X509.", e); } } else { Matcher matcher = Pattern.compile(this.subjectRegex).matcher(this.userName); if (matcher.find()) if (matcher.groupCount() != 1) { throw new IdentityManagementException("Single group expected from expression."); } this.userName = matcher.group(1); } } return this.userName; }
@Override protected Account getAccount(final IdentityContext context, final X509CertificateCredentials credentials) { return getAccount(context, credentials.getUsername()); }
public String getUsername() { if (this.userName == null) { this.userName = getCertificatePrincipal().getName(); if (subjectRegex == null) { try { LdapName ldapName = new LdapName(this.userName); this.userName = ldapName.getRdn(ldapName.size() - 1).getValue().toString(); } catch (Exception e) { throw new IdentityManagementException("Could not extract CN from X509.", e); } } else { Matcher matcher = Pattern.compile(this.subjectRegex).matcher(this.userName); if (matcher.find()) if (matcher.groupCount() != 1) { throw new IdentityManagementException("Single group expected from expression."); } this.userName = matcher.group(1); } } return this.userName; }
@Override protected Account getAccount(final IdentityContext context, final X509CertificateCredentials credentials) { return getAccount(context, credentials.getUsername()); }