@Bean @RefreshScope @ConditionalOnMissingBean(name = "x509SerialNumberPrincipalResolver") public PrincipalResolver x509SerialNumberPrincipalResolver() { val x509 = casProperties.getAuthn().getX509(); return getX509SerialNumberPrincipalResolver(x509); }
@ConditionalOnMissingBean(name = "x509CertificateExtractor") @Bean public X509CertificateExtractor x509CertificateExtractor() { val sslHeaderName = casProperties.getAuthn().getX509().getSslHeaderName(); return new RequestHeaderX509CertificateExtractor(sslHeaderName); } }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "thresholdExpiredCRLRevocationPolicy") public RevocationPolicy thresholdExpiredCRLRevocationPolicy() { return new ThresholdExpiredCRLRevocationPolicy(casProperties.getAuthn().getX509().getRevocationPolicyThreshold()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "crlFetcher") public CRLFetcher crlFetcher() { val x509 = casProperties.getAuthn().getX509(); switch (x509.getCrlFetcher().toLowerCase()) { case "ldap": return ldaptiveResourceCRLFetcher(); case "resource": default: return resourceCrlFetcher(); } }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "resourceCrlRevocationChecker") public RevocationChecker resourceCrlRevocationChecker() { val x509 = casProperties.getAuthn().getX509(); val x509CrlResources = x509.getCrlResources() .stream() .map(s -> this.resourceLoader.getResource(s)) .collect(Collectors.toSet()); return new ResourceCRLRevocationChecker( x509.isCheckAll(), getRevocationPolicy(x509.getCrlResourceUnavailablePolicy()), getRevocationPolicy(x509.getCrlResourceExpiredPolicy()), x509.getRefreshIntervalSeconds(), crlFetcher(), x509CrlResources); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "x509SubjectDNPrincipalResolver") public PrincipalResolver x509SubjectDNPrincipalResolver() { val x509 = casProperties.getAuthn().getX509(); val personDirectory = casProperties.getPersonDirectory(); val principal = x509.getPrincipal(); val principalAttribute = StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new X509SubjectDNPrincipalResolver( attributeRepository.getIfAvailable(), x509PrincipalFactory(), principal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, principal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "ldaptiveResourceCRLFetcher") public CRLFetcher ldaptiveResourceCRLFetcher() { val x509 = casProperties.getAuthn().getX509(); return new LdaptiveResourceCRLFetcher(LdapUtils.newLdaptiveConnectionConfig(x509.getLdap()), LdapUtils.newLdaptiveSearchExecutor(x509.getLdap().getBaseDn(), x509.getLdap().getSearchFilter()), x509.getLdap().getCertificateAttribute()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "crlDistributionPointRevocationChecker") public RevocationChecker crlDistributionPointRevocationChecker() { val x509 = casProperties.getAuthn().getX509(); val cache = new Cache("CRL".concat(UUID.randomUUID().toString()), x509.getCacheMaxElementsInMemory(), x509.isCacheDiskOverflow(), x509.isCacheEternal(), x509.getCacheTimeToLiveSeconds(), x509.getCacheTimeToIdleSeconds()); return new CRLDistributionPointRevocationChecker( x509.isCheckAll(), getRevocationPolicy(x509.getCrlUnavailablePolicy()), getRevocationPolicy(x509.getCrlExpiredPolicy()), cache, crlFetcher(), x509.isThrowOnFetchFailure()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "x509SubjectPrincipalResolver") public PrincipalResolver x509SubjectPrincipalResolver() { val personDirectory = casProperties.getPersonDirectory(); val x509 = casProperties.getAuthn().getX509(); val principal = x509.getPrincipal(); val principalAttribute = StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new X509SubjectPrincipalResolver( attributeRepository.getIfAvailable(), x509PrincipalFactory(), principal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, x509.getPrincipalDescriptor(), principal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "x509SubjectAlternativeNameUPNPrincipalResolver") public PrincipalResolver x509SubjectAlternativeNameUPNPrincipalResolver() { val x509 = casProperties.getAuthn().getX509(); val personDirectory = casProperties.getPersonDirectory(); val subjectAltNameProperties = x509.getSubjectAltName(); val principal = x509.getPrincipal(); val principalAttribute = StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new X509SubjectAlternativeNameUPNPrincipalResolver( attributeRepository.getIfAvailable(), x509PrincipalFactory(), principal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, subjectAltNameProperties.getAlternatePrincipalAttribute(), principal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "x509CommonNameEDIPIPrincipalResolver") public PrincipalResolver x509CommonNameEDIPIPrincipalResolver() { val x509 = casProperties.getAuthn().getX509(); val cnEdipiProperties = x509.getCnEdipi(); val principal = x509.getPrincipal(); val personDirectory = casProperties.getPersonDirectory(); val principalAttribute = StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new X509CommonNameEDIPIPrincipalResolver(attributeRepository.getIfAvailable(), x509PrincipalFactory(), principal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, cnEdipiProperties.getAlternatePrincipalAttribute(), principal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "x509SerialNumberAndIssuerDNPrincipalResolver") public PrincipalResolver x509SerialNumberAndIssuerDNPrincipalResolver() { val x509 = casProperties.getAuthn().getX509(); val serialNoDnProperties = x509.getSerialNoDn(); val principal = x509.getPrincipal(); val personDirectory = casProperties.getPersonDirectory(); val principalAttribute = StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new X509SerialNumberAndIssuerDNPrincipalResolver(attributeRepository.getIfAvailable(), x509PrincipalFactory(), principal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, serialNoDnProperties.getSerialNumberPrefix(), serialNoDnProperties.getValueDelimiter(), principal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "x509CredentialsAuthenticationHandler") public AuthenticationHandler x509CredentialsAuthenticationHandler() { val x509 = casProperties.getAuthn().getX509(); val revChecker = getRevocationCheckerFrom(x509); val subjectDnPattern = StringUtils.isNotBlank(x509.getRegExSubjectDnPattern()) ? RegexUtils.createPattern(x509.getRegExSubjectDnPattern()) : null; val trustedIssuerDnPattern = StringUtils.isNotBlank(x509.getRegExTrustedIssuerDnPattern()) ? RegexUtils.createPattern(x509.getRegExTrustedIssuerDnPattern()) : null; return new X509CredentialsAuthenticationHandler( x509.getName(), servicesManager.getIfAvailable(), x509PrincipalFactory(), trustedIssuerDnPattern, x509.getMaxPathLength(), x509.isMaxPathLengthAllowUnspecified(), x509.isCheckKeyUsage(), x509.isRequireKeyUsage(), subjectDnPattern, revChecker, x509.getOrder()); }
private PrincipalResolver getPrincipalResolver() { val type = casProperties.getAuthn().getX509().getPrincipalType(); if (type == null) { return null; } if (type == X509Properties.PrincipalTypes.SERIAL_NO) { return x509SerialNumberPrincipalResolver(); } if (type == X509Properties.PrincipalTypes.SERIAL_NO_DN) { return x509SerialNumberAndIssuerDNPrincipalResolver(); } if (type == X509Properties.PrincipalTypes.SUBJECT) { return x509SubjectPrincipalResolver(); } if (type == X509Properties.PrincipalTypes.SUBJECT_ALT_NAME) { return x509SubjectAlternativeNameUPNPrincipalResolver(); } if (type == X509Properties.PrincipalTypes.CN_EDIPI) { return x509CommonNameEDIPIPrincipalResolver(); } return x509SubjectDNPrincipalResolver(); }