ASF Bugzilla – Attachment 28200 Details for
Bug 52500
Improve client certificate authentication
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
x509 java code
x509.patch (text/plain), 24.29 KB, created by
Michael
on 2012-01-24 15:49:44 UTC
(
hide
)
Description:
x509 java code
Filename:
MIME Type:
Creator:
Michael
Created:
2012-01-24 15:49:44 UTC
Size:
24.29 KB
patch
obsolete
>Index: org/apache/catalina/Realm.java >=================================================================== >--- org/apache/catalina/Realm.java (revision 1234938) >+++ org/apache/catalina/Realm.java (working copy) >@@ -191,4 +191,10 @@ > public void removePropertyChangeListener(PropertyChangeListener listener); > > >+ public void setX509UserIdentifierRetrieveField(String userIdentifierRetrieveField); >+ >+ public void setX509UserIdentifierRetrieveFieldPart(String userIdentifierRetrieveFieldPart); >+ >+ public void setX509UserIdentifierRetrieverClassName(String className); >+ > } >Index: org/apache/catalina/realm/UserIdentifierRetriever.java >=================================================================== >--- org/apache/catalina/realm/UserIdentifierRetriever.java (revision 0) >+++ org/apache/catalina/realm/UserIdentifierRetriever.java (revision 0) >@@ -0,0 +1,10 @@ >+/** >+ * @author Michael Furman >+ */ >+package org.apache.catalina.realm; >+ >+import java.security.cert.X509Certificate; >+ >+public interface UserIdentifierRetriever { >+ String getUserIdentifier(X509Certificate clientCert); >+} >Index: org/apache/catalina/realm/SubjectDnRetriever.java >=================================================================== >--- org/apache/catalina/realm/SubjectDnRetriever.java (revision 0) >+++ org/apache/catalina/realm/SubjectDnRetriever.java (revision 0) >@@ -0,0 +1,138 @@ >+/** >+ * @author Michael Furman >+ */ >+package org.apache.catalina.realm; >+ >+import java.security.cert.X509Certificate; >+import java.util.List; >+ >+import javax.naming.InvalidNameException; >+import javax.naming.ldap.LdapName; >+import javax.naming.ldap.Rdn; >+ >+import org.apache.juli.logging.Log; >+import org.apache.juli.logging.LogFactory; >+ >+ >+public class SubjectDnRetriever implements UserIdentifierRetriever { >+ /** >+ * Logger for this class >+ */ >+ protected final Log logger = LogFactory.getLog(getClass()); >+ >+ >+ >+ private String subjectDnAttribute = null; >+ private String subjectDnAttributeConfiguration = null; >+ >+ protected SubjectDnRetriever() { >+ setSubjectDnAttribute(null); >+ } >+ >+ protected SubjectDnRetriever(String retrieveAttr) { >+ setSubjectDnAttribute(retrieveAttr); >+ } >+ >+ public String getUserIdentifier(X509Certificate clientCert) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("getUserIdentifier(X509Certificate) - start"); >+ } >+ String subject = getSubjectDN(clientCert); >+ String userIdentifier = null; >+ if (subject != null) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Subject is [" + subject + "]."); >+ } >+ if (subjectDnAttribute == null) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("subjectDnAttribute is null, so return the whole subject."); >+ } >+ userIdentifier = subject; >+ } else { >+ try { >+ boolean foundUserIdentifier = false; >+ LdapName ldapName = new LdapName(subject); >+ List<Rdn> list = ldapName.getRdns(); >+ if (list != null) { >+ for (Rdn rdn : list) { >+ String type = rdn.getType(); >+ if (subjectDnAttribute.equalsIgnoreCase(type.toString())) { >+ Object value = rdn.getValue(); >+ if (value instanceof String) { >+ userIdentifier = (String) value; >+ foundUserIdentifier = true; >+ if (logger.isDebugEnabled()) { >+ logger.debug("Success to retreive userIdentifier [" + userIdentifier + "]."); >+ } >+ break; >+ } >+ } >+ } >+ } >+ if (!foundUserIdentifier) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("subject [" + subject + "] does not contain the required attribute [" + subjectDnAttributeConfiguration + "]."); >+ } >+ } >+ } catch (InvalidNameException e) { >+ logger.info("subject [" + subject + "] is not valid name : [" + e.getMessage() + "]."); >+ } >+ } >+ } >+ if (logger.isDebugEnabled()) { >+ logger.debug("getUserIdentifier(X509Certificate) - end; Ret is [" + userIdentifier + "]."); >+ } >+ return userIdentifier; >+ } >+ >+ private void setSubjectDnAttribute(String subjectDnAttributeConfiguration) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("setSubjectDnAttribute(String) - start; subjectDnAttribute [" + subjectDnAttributeConfiguration + "]."); >+ } >+ this.subjectDnAttributeConfiguration = subjectDnAttributeConfiguration; >+ subjectDnAttribute = mapSubjectDnAttribute(subjectDnAttributeConfiguration); >+ if (logger.isDebugEnabled()) { >+ logger.debug("setSubjectDnAttribute(String) - end; subjectDnAttribute [" + subjectDnAttribute + "]; subjectDnAttributeConfiguration [" + subjectDnAttributeConfiguration + "]"); >+ } >+ } >+ >+ >+ >+ private String mapSubjectDnAttribute(String subjectDnAttributeConfiguration) { >+ String ret = null; >+ if (subjectDnAttributeConfiguration != null) { >+ if (ClientCertificateConstants.EmailOptions.contains(subjectDnAttributeConfiguration.toLowerCase())) { >+ ret = ClientCertificateConstants.EMAIL_SUBJECT_ATTR; >+ } else { >+ ret = subjectDnAttributeConfiguration; >+ } >+ } >+ return ret; >+ } >+ >+ protected String getSubjectDN(X509Certificate clientCert) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("getSubjectDN(X509Certificate) - start"); >+ } >+ String subject = null; >+ if (clientCert != null) { >+ if ((clientCert.getSubjectDN()!= null) >+ && (clientCert.getSubjectDN().getName() != null)) { >+ subject = clientCert.getSubjectDN().getName(); >+ } else { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Can not getSubjectDN, SubjectDN is null"); >+ } >+ } >+ } else { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Can not getSubjectDN, clientCert is null"); >+ } >+ } >+ if (logger.isDebugEnabled()) { >+ logger.debug("getSubjectDN(X509Certificate) - end; Ret is [" + subject + "]."); >+ } >+ return subject; >+ >+ } >+} >Index: org/apache/catalina/realm/ClientCertificateConstants.java >=================================================================== >--- org/apache/catalina/realm/ClientCertificateConstants.java (revision 0) >+++ org/apache/catalina/realm/ClientCertificateConstants.java (revision 0) >@@ -0,0 +1,60 @@ >+/** >+ * @author Michael Furman >+ */ >+package org.apache.catalina.realm; >+ >+import java.util.Arrays; >+import java.util.List; >+ >+public class ClientCertificateConstants { >+ >+ >+ public enum UserIdentifierRetrieveField { >+ SubjectDN, SubjectAlternativeName; >+ public boolean equals(final String str) { >+ return name().equals(str); >+ } >+ } >+ >+ >+ public static final String EMAIL_SUBJECT_ATTR = "emailAddress"; >+ >+ >+ public enum SubjectAlternativeNameGeneralNames { >+ >+ otherName, // byte arrays containing the ASN.1 DER encoded form >+ rfc822Name, // String >+ dNSName, // String >+ x400Address, // byte arrays containing the ASN.1 DER encoded form >+ directoryName, // String: RFC 2253 string format >+ ediPartyName, // byte arrays containing the ASN.1 DER encoded form >+ uniformResourceIdentifier, // String >+ iPAddress, // String: IPv4 address - dotted quad notation, IPv6 address - form "a1:a2:...:a8" >+ registeredID; >+ >+ public boolean equals(final String str) { >+ return name().equals(str); >+ } >+ >+ public boolean equalsIgnoreCase(final String str) { >+ return name().equalsIgnoreCase(str); >+ } >+ } >+ >+ // !!! important - set value only in lower case !!! >+ >+ // SubjectDN >+ public static final List<String> EmailOptions = Arrays.asList(EMAIL_SUBJECT_ATTR.toLowerCase(), "e") ; >+ >+ // Subject Alternative Name >+ public static final List<String> OtherNameOptions = Arrays.asList("other name", "principalname", "principal name", "microsoft principal name") ; >+ public static final List<String> RFC822NameOptions = Arrays.asList("rfc822 name", "rfc822name", "emailaddress", "email address", "e-mail address", "e-mailaddress") ; >+ public static final List<String> DNSNameOptions = Arrays.asList("dns name", "dnsname") ; >+ // x400Address - empty >+ public static final List<String> DirectoryNameOptions = Arrays.asList("directory address", "directory address", "x500 name", "x500name", "x.500 name", "x.500name") ; >+ // ediPartyName - empty >+ public static final List<String> UriOptions = Arrays.asList("url", "uri") ; >+ public static final List<String> IPAddressOptions = Arrays.asList("ip address", "ipaddress"); >+ public static final List<String> RegisteredIDOptions = Arrays.asList("registered id", "registeredid","registered oid", "registeredoid"); >+ >+} >Index: org/apache/catalina/realm/DefaultSubjectDnRetriever.java >=================================================================== >--- org/apache/catalina/realm/DefaultSubjectDnRetriever.java (revision 0) >+++ org/apache/catalina/realm/DefaultSubjectDnRetriever.java (revision 0) >@@ -0,0 +1,29 @@ >+/** >+ * @author Michael Furman >+ */ >+package org.apache.catalina.realm; >+ >+import java.security.cert.X509Certificate; >+ >+import org.apache.juli.logging.Log; >+import org.apache.juli.logging.LogFactory; >+ >+ >+public class DefaultSubjectDnRetriever implements UserIdentifierRetriever { >+ /** >+ * Logger for this class >+ */ >+ protected final Log logger = LogFactory.getLog(getClass()); >+ >+ public String getUserIdentifier(X509Certificate clientCert) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("getUserIdentifier(X509Certificate) - start"); >+ } >+ String userIdentifier = clientCert.getSubjectDN().getName(); >+ if (logger.isDebugEnabled()) { >+ logger.debug("getUserIdentifier(X509Certificate) - end; Ret is [" + userIdentifier + "]."); >+ } >+ return userIdentifier; >+ } >+ >+} >Index: org/apache/catalina/realm/SubjectAlternativeNameRetriever.java >=================================================================== >--- org/apache/catalina/realm/SubjectAlternativeNameRetriever.java (revision 0) >+++ org/apache/catalina/realm/SubjectAlternativeNameRetriever.java (revision 0) >@@ -0,0 +1,205 @@ >+/** >+ * @author Michael Furman >+ */ >+package org.apache.catalina.realm; >+ >+import java.io.ByteArrayInputStream; >+import java.security.cert.CertificateParsingException; >+import java.security.cert.X509Certificate; >+import java.util.Collection; >+import java.util.Iterator; >+import java.util.List; >+ >+import org.apache.juli.logging.Log; >+import org.apache.juli.logging.LogFactory; >+ >+import org.bouncycastle.asn1.ASN1InputStream; >+import org.bouncycastle.asn1.ASN1Sequence; >+import org.bouncycastle.asn1.ASN1TaggedObject; >+import org.bouncycastle.asn1.DERObject; >+import org.bouncycastle.asn1.DERUTF8String; >+ >+ >+public class SubjectAlternativeNameRetriever extends SubjectDnRetriever { >+ private static final int NOT_EXISTING_TYPE = -1; >+ >+ >+ /** >+ * Logger for this class >+ */ >+ protected final Log logger = LogFactory.getLog(getClass()); >+ >+ >+ private String alternativeIdentifierConfiguration = null; >+ >+ private int alternativeIdentifierTypeValue = NOT_EXISTING_TYPE; >+ >+ protected SubjectAlternativeNameRetriever(String alternativeIdentifierConfiguration) { >+ setSubjectAlternativeNameGeneralName(alternativeIdentifierConfiguration); >+ } >+ >+ >+ >+ @SuppressWarnings("unchecked") >+ public String getUserIdentifier(X509Certificate clientCert) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("getUserIdentifier(X509Certificate) - start"); >+ } >+ >+ String userIdentifier = null; >+ if (clientCert != null) { >+ if (alternativeIdentifierTypeValue != NOT_EXISTING_TYPE) { >+ boolean foundUserIdentifier = false; >+ try { >+ if (clientCert.getSubjectAlternativeNames() != null) { >+ Collection subjectAlternativeNames = clientCert.getSubjectAlternativeNames(); >+ Iterator iter = subjectAlternativeNames.iterator(); >+ while (iter.hasNext()) { >+ List subjectAlternativeName = (List) iter.next(); >+ Integer type = (Integer) subjectAlternativeName.get(0); >+ if (type.intValue() == alternativeIdentifierTypeValue) { >+ Object subjectAlternativeNameValue = subjectAlternativeName.get(1); >+ if (subjectAlternativeNameValue instanceof String) { >+ userIdentifier = (String) subjectAlternativeNameValue; >+ foundUserIdentifier = true; >+ break; >+ } else if (subjectAlternativeNameValue instanceof byte[]) { >+ byte[] subjectAlternativeNameValueBytes = (byte[]) subjectAlternativeNameValue; >+ userIdentifier = getStringFromASNDerEncodedByteArray(subjectAlternativeNameValueBytes); >+ if (userIdentifier != null) { >+ foundUserIdentifier = true; >+ break; >+ } >+ } else { >+ if (logger.isInfoEnabled()) { >+ logger.info("Can not get UserIdentifier, the subjectAlternativeName not supported [" + subjectAlternativeNameValue + "]."); >+ } >+ } >+ } >+ } >+ } >+ } catch (CertificateParsingException e) { >+ logger.info("Can not get UserIdentifier, can not get subjectAlternativeNames from certificate [" + e.getMessage() + "]."); >+ } >+ if (foundUserIdentifier) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Found userIdentifier [" + userIdentifier + "] from part of subjectAlternativeName [" + alternativeIdentifierConfiguration + "]."); >+ } >+ } else { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Can not found userIdentifier as part of subjectAlternativeName [" + alternativeIdentifierConfiguration + "]."); >+ } >+ } >+ >+ } else { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Can not get UserIdentifier, generalName is null"); >+ } >+ } >+ } else { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Can not get UserIdentifier, clientCert is null"); >+ } >+ } >+ if (logger.isDebugEnabled()) { >+ logger.debug("getUserIdentifier(X509Certificate) - end; Ret is [" + userIdentifier + "]."); >+ } >+ >+ return userIdentifier; >+ } >+ >+ >+ >+ >+ >+ private void setSubjectAlternativeNameGeneralName(String alternativeIdentifierConfiguration) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("setSubjectAlternativeNameGeneralName(String) - start; alternativeIdentifier [" + alternativeIdentifierConfiguration + "]."); >+ } >+ this.alternativeIdentifierConfiguration = null; >+ alternativeIdentifierTypeValue = NOT_EXISTING_TYPE; >+ >+ if (alternativeIdentifierConfiguration != null) { >+ this.alternativeIdentifierConfiguration = alternativeIdentifierConfiguration; >+ String alternativeIdentifierConfigurationLowerCase = alternativeIdentifierConfiguration.toLowerCase(); >+ if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.otherName.equalsIgnoreCase (alternativeIdentifierConfiguration)) >+ || (ClientCertificateConstants.OtherNameOptions.contains(alternativeIdentifierConfigurationLowerCase))) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.otherName.ordinal(); >+ } else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.rfc822Name.equalsIgnoreCase (alternativeIdentifierConfiguration)) >+ || (ClientCertificateConstants.RFC822NameOptions.contains(alternativeIdentifierConfigurationLowerCase))) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.rfc822Name.ordinal(); >+ } else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.dNSName.equalsIgnoreCase (alternativeIdentifierConfiguration)) >+ || (ClientCertificateConstants.DNSNameOptions.contains(alternativeIdentifierConfigurationLowerCase))) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.dNSName.ordinal(); >+ } else if (ClientCertificateConstants.SubjectAlternativeNameGeneralNames.x400Address.equalsIgnoreCase (alternativeIdentifierConfiguration)) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.x400Address.ordinal(); >+ } else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.directoryName.equalsIgnoreCase (alternativeIdentifierConfiguration)) >+ || (ClientCertificateConstants.DirectoryNameOptions.contains(alternativeIdentifierConfigurationLowerCase))) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.directoryName.ordinal(); >+ } else if (ClientCertificateConstants.SubjectAlternativeNameGeneralNames.ediPartyName.equalsIgnoreCase (alternativeIdentifierConfiguration)) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.ediPartyName.ordinal(); >+ } else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.uniformResourceIdentifier.equalsIgnoreCase (alternativeIdentifierConfiguration)) >+ || (ClientCertificateConstants.UriOptions.contains(alternativeIdentifierConfigurationLowerCase))) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.uniformResourceIdentifier.ordinal(); >+ } else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.iPAddress.equalsIgnoreCase (alternativeIdentifierConfiguration)) >+ || (ClientCertificateConstants.IPAddressOptions.contains(alternativeIdentifierConfigurationLowerCase))) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.iPAddress.ordinal(); >+ } else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.registeredID.equalsIgnoreCase (alternativeIdentifierConfiguration)) >+ || (ClientCertificateConstants.RegisteredIDOptions.contains(alternativeIdentifierConfigurationLowerCase))) { >+ alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.registeredID.ordinal(); >+ } else { >+ try { >+ alternativeIdentifierTypeValue = (new Integer(alternativeIdentifierConfiguration)).intValue(); >+ }catch (NumberFormatException e) { >+ alternativeIdentifierTypeValue = NOT_EXISTING_TYPE; >+ } >+ } >+ >+ } >+ if (logger.isDebugEnabled()) { >+ logger.debug("setSubjectAlternativeNameGeneralName(String) - end; alternativeIdentifier [" + alternativeIdentifierConfiguration + "], alternativeIdentifierType [" + alternativeIdentifierTypeValue + "]."); >+ } >+ } >+ >+ >+ private String getStringFromASNDerEncodedByteArray(byte[] byteArray) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("getStringFromASNDerEncodedByteArray(byte[]) - start"); >+ } >+ >+ String ret = null; >+ try { >+ ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(byteArray)); >+ DERObject derObject = asn1InputStream.readObject(); >+ ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(derObject); >+ Object objectValue = asn1Sequence.getObjectAt(1); >+ if (objectValue instanceof ASN1TaggedObject) { >+ ASN1TaggedObject asn1TaggedObject = (ASN1TaggedObject) objectValue; >+ try { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Try to get string from DERUTF8String."); >+ } >+ DERObject derTaggedObject = asn1TaggedObject.getObject(); >+ DERUTF8String derUtf8String = DERUTF8String.getInstance(derTaggedObject); >+ ret = derUtf8String.getString(); >+ } catch (IllegalArgumentException e) { >+ if (logger.isDebugEnabled()) { >+ logger.debug("Can not get String From DERUTF8String, [" + e.getMessage() + "]."); >+ } >+ } >+ } >+ } catch (Exception e) { >+ if (logger.isInfoEnabled()) { >+ logger.info("Can not get String From ASNDerEncoded ByteArray, [" + e.getMessage() + "]."); >+ } >+ } >+ >+ if (logger.isDebugEnabled()) { >+ logger.debug("getStringFromASNDerEncodedByteArray(byte[]) - end. Ret is [" + ret + "]."); >+ } >+ return ret; >+ >+ } >+ >+ >+} >Index: org/apache/catalina/realm/RealmBase.java >=================================================================== >--- org/apache/catalina/realm/RealmBase.java (revision 1234938) >+++ org/apache/catalina/realm/RealmBase.java (working copy) >@@ -49,6 +49,7 @@ > import org.apache.catalina.deploy.SecurityCollection; > import org.apache.catalina.deploy.SecurityConstraint; > import org.apache.catalina.mbeans.MBeanUtils; >+import org.apache.catalina.realm.ClientCertificateConstants.UserIdentifierRetrieveField; > import org.apache.catalina.util.LifecycleMBeanBase; > import org.apache.catalina.util.MD5Encoder; > import org.apache.juli.logging.Log; >@@ -153,6 +154,14 @@ > protected boolean stripRealmForGss = true; > > >+ private UserIdentifierRetriever userIdentifierRetriever = null; >+ >+ private String x509UserIdentifierRetrieveField = null; >+ >+ private String x509UserIdentifierRetrieveFieldPart = null; >+ >+ private String x509UserIdentifierRetrieverClassName; >+ > // ------------------------------------------------------------- Properties > > >@@ -1194,7 +1203,12 @@ > * Return the Principal associated with the given certificate. > */ > protected Principal getPrincipal(X509Certificate usercert) { >- return(getPrincipal(usercert.getSubjectDN().getName())); >+ createUserIdentifierRetriever(); >+ String userIdentifier = userIdentifierRetriever.getUserIdentifier(usercert); >+ >+ if (log.isDebugEnabled()) >+ log.debug("Get principal for [" + userIdentifier + "]"); >+ return(getPrincipal(userIdentifier)); > } > > >@@ -1393,5 +1407,72 @@ > return name; > } > } >+ >+ public void setX509UserIdentifierRetrieveFieldPart(String userIdentifierRetrieveFieldPart) { >+ this.x509UserIdentifierRetrieveFieldPart = userIdentifierRetrieveFieldPart; > >+ } >+ >+ public void setX509UserIdentifierRetrieveField(String userIdentifierRetrieveField) { >+ this.x509UserIdentifierRetrieveField = userIdentifierRetrieveField; >+ } >+ >+ public void setX509UserIdentifierRetrieverClassName(String className) { >+ this.x509UserIdentifierRetrieverClassName = className; >+ } >+ private void createUserIdentifierRetriever() { >+ >+ if (userIdentifierRetriever == null) { >+ boolean created = createUserIdentifierRetrieverFromClassName(); >+ if (!created) { >+ if (UserIdentifierRetrieveField.SubjectDN.equals(x509UserIdentifierRetrieveField)) { >+ if (x509UserIdentifierRetrieveFieldPart == null) { >+ userIdentifierRetriever = new SubjectDnRetriever(); >+ } else { >+ userIdentifierRetriever = new SubjectDnRetriever(x509UserIdentifierRetrieveFieldPart); >+ } >+ } else if (UserIdentifierRetrieveField.SubjectAlternativeName.equals(x509UserIdentifierRetrieveField)) { >+ if (x509UserIdentifierRetrieveFieldPart == null) { >+ userIdentifierRetriever = new SubjectDnRetriever(); >+ String warnString = "Can not create userIdentifierRetriever : userIdentifierRetrieveFieldPart is null when userIdentifierRetrieveField is [" + x509UserIdentifierRetrieveField + "]. userIdentifierRetriever is created for SubjectDn field."; >+ log.warn(warnString); >+ } else { >+ userIdentifierRetriever = new SubjectAlternativeNameRetriever(x509UserIdentifierRetrieveFieldPart); >+ } >+ } else { >+ userIdentifierRetriever = new DefaultSubjectDnRetriever(); >+ } >+ } >+ } >+ } >+ >+ @SuppressWarnings("unchecked") >+ private boolean createUserIdentifierRetrieverFromClassName() { >+ >+ boolean created = false; >+ if ((x509UserIdentifierRetrieverClassName != null) && (x509UserIdentifierRetrieverClassName != "")) { >+ Class<? extends UserIdentifierRetriever> x509UserIdentifierRetrieverClass = null; >+ try { >+ x509UserIdentifierRetrieverClass = (Class<? extends UserIdentifierRetriever>) Class.forName(x509UserIdentifierRetrieverClassName); >+ userIdentifierRetriever = x509UserIdentifierRetrieverClass.newInstance(); >+ created = true; >+ } catch (ClassCastException e) { >+ String warnString = "Class [" + x509UserIdentifierRetrieverClassName + "] is not instance of [" + UserIdentifierRetriever.class.getSimpleName() + "]."; >+ log.warn(warnString); >+ } catch (ClassNotFoundException e) { >+ String warnString = "Class [" + x509UserIdentifierRetrieverClassName + "] was not found."; >+ log.warn(warnString, e); >+ } catch (InstantiationException e) { >+ String warnString = "Cannot instantiate class [" + x509UserIdentifierRetrieverClassName + "]."; >+ log.warn(warnString); >+ } catch (IllegalAccessException e) { >+ String warnString = "Cannot instantiate class [" + x509UserIdentifierRetrieverClassName + "]."; >+ log.warn(warnString); >+ } >+ >+ } >+ return created; >+ } >+ >+ > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 52500
:
28190
|
28191
|
28199
|
28200
|
28237
|
28238
|
28308
|
28309
|
28348
|
28349
|
28386
|
28387
|
28450