Attachment 28200 Details for Bug 52500 – x509 java code

[patch] x509 java code

x509.patch (text/plain), 24.29 KB, created by Michael on 2012-01-24 15:49:44 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michael

Created: 2012-01-24 15:49:44 UTC

Size: 24.29 KB

patch

obsolete

>Index: org/apache/catalina/Realm.java
>===================================================================
>--- org/apache/catalina/Realm.java	(revision 1234938)
>+++ org/apache/catalina/Realm.java	(working copy)
>@@ -191,4 +191,10 @@
>     public void removePropertyChangeListener(PropertyChangeListener listener);
> 
> 
>+    public void setX509UserIdentifierRetrieveField(String userIdentifierRetrieveField);
>+
>+    public void setX509UserIdentifierRetrieveFieldPart(String userIdentifierRetrieveFieldPart);
>+    
>+    public void setX509UserIdentifierRetrieverClassName(String className);
>+
> }
>Index: org/apache/catalina/realm/UserIdentifierRetriever.java
>===================================================================
>--- org/apache/catalina/realm/UserIdentifierRetriever.java	(revision 0)
>+++ org/apache/catalina/realm/UserIdentifierRetriever.java	(revision 0)
>@@ -0,0 +1,10 @@
>+/**
>+ * @author Michael Furman
>+ */
>+package org.apache.catalina.realm;
>+
>+import java.security.cert.X509Certificate;
>+
>+public interface UserIdentifierRetriever {
>+	String getUserIdentifier(X509Certificate clientCert);
>+}
>Index: org/apache/catalina/realm/SubjectDnRetriever.java
>===================================================================
>--- org/apache/catalina/realm/SubjectDnRetriever.java	(revision 0)
>+++ org/apache/catalina/realm/SubjectDnRetriever.java	(revision 0)
>@@ -0,0 +1,138 @@
>+/**
>+ * @author Michael Furman
>+ */
>+package org.apache.catalina.realm;
>+
>+import java.security.cert.X509Certificate;
>+import java.util.List;
>+
>+import javax.naming.InvalidNameException;
>+import javax.naming.ldap.LdapName;
>+import javax.naming.ldap.Rdn;
>+
>+import org.apache.juli.logging.Log;
>+import org.apache.juli.logging.LogFactory;
>+
>+
>+public class SubjectDnRetriever implements UserIdentifierRetriever {
>+	/**
>+	 * Logger for this class
>+	 */
>+	protected final Log logger = LogFactory.getLog(getClass());	
>+	 
>+
>+	
>+	private String subjectDnAttribute = null;
>+	private String subjectDnAttributeConfiguration = null;
>+	
>+    protected SubjectDnRetriever() {
>+        setSubjectDnAttribute(null);
>+    }
>+
>+    protected SubjectDnRetriever(String retrieveAttr) {
>+        setSubjectDnAttribute(retrieveAttr);
>+    }
>+    
>+    public String getUserIdentifier(X509Certificate clientCert) {
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getUserIdentifier(X509Certificate) - start");
>+		}
>+		String subject = getSubjectDN(clientCert);
>+		String userIdentifier = null;
>+		if (subject != null) {
>+			if (logger.isDebugEnabled()) {
>+				logger.debug("Subject is [" + subject + "].");
>+			}
>+			if (subjectDnAttribute == null) {
>+				if (logger.isDebugEnabled()) {
>+					logger.debug("subjectDnAttribute is null, so return the whole subject.");
>+				}
>+				userIdentifier = subject;
>+			} else {
>+				try {
>+					boolean foundUserIdentifier = false;
>+					LdapName ldapName = new LdapName(subject);
>+					List<Rdn> list = ldapName.getRdns();
>+					if (list != null) {
>+						for (Rdn rdn : list) {
>+							String type = rdn.getType();
>+							if (subjectDnAttribute.equalsIgnoreCase(type.toString()))  {
>+								Object value = rdn.getValue();
>+								if (value instanceof String) {
>+									userIdentifier = (String) value;
>+									foundUserIdentifier = true;									
>+									if (logger.isDebugEnabled()) {
>+										logger.debug("Success to retreive userIdentifier [" + userIdentifier + "].");
>+									}
>+									break;
>+								}		
>+							}
>+						}
>+					}					
>+					if (!foundUserIdentifier) {
>+						if (logger.isDebugEnabled()) {
>+							logger.debug("subject [" + subject + "] does not contain the required attribute [" + subjectDnAttributeConfiguration + "].");
>+						}	
>+					}
>+				} catch (InvalidNameException e) {					
>+					logger.info("subject [" + subject + "] is not valid name : [" + e.getMessage() + "].");
>+				}				
>+			}
>+		}
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getUserIdentifier(X509Certificate) - end; Ret is [" + userIdentifier + "].");
>+		}
>+        return userIdentifier;
>+    }
>+
>+    private void setSubjectDnAttribute(String subjectDnAttributeConfiguration) {
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("setSubjectDnAttribute(String) - start; subjectDnAttribute [" +  subjectDnAttributeConfiguration + "].");
>+		}
>+		this.subjectDnAttributeConfiguration = subjectDnAttributeConfiguration;
>+		subjectDnAttribute = mapSubjectDnAttribute(subjectDnAttributeConfiguration);
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("setSubjectDnAttribute(String) - end; subjectDnAttribute [" +  subjectDnAttribute + "]; subjectDnAttributeConfiguration [" +  subjectDnAttributeConfiguration + "]");
>+		}
>+    }
>+    
>+    
>+
>+	private String  mapSubjectDnAttribute(String subjectDnAttributeConfiguration) {
>+		String ret = null;
>+		if (subjectDnAttributeConfiguration != null) {
>+			if (ClientCertificateConstants.EmailOptions.contains(subjectDnAttributeConfiguration.toLowerCase()))  {
>+				ret = ClientCertificateConstants.EMAIL_SUBJECT_ATTR;				
>+			} else {
>+				ret = subjectDnAttributeConfiguration;
>+			}
>+		}
>+		return ret;
>+	}
>+
>+	protected String getSubjectDN(X509Certificate clientCert) {
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getSubjectDN(X509Certificate) - start");
>+		}
>+		String subject = null;
>+		if (clientCert != null) {
>+			if ((clientCert.getSubjectDN()!= null) 
>+					&& (clientCert.getSubjectDN().getName() != null)) {
>+					subject = clientCert.getSubjectDN().getName();
>+			}  else {
>+				if (logger.isDebugEnabled()) {
>+					logger.debug("Can not getSubjectDN, SubjectDN is null");
>+				}
>+			}
>+		} else {
>+			if (logger.isDebugEnabled()) {
>+				logger.debug("Can not getSubjectDN, clientCert is null");
>+			}
>+		}			
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getSubjectDN(X509Certificate) - end; Ret is [" + subject + "].");
>+		}
>+        return subject;
>+        
>+	}
>+}
>Index: org/apache/catalina/realm/ClientCertificateConstants.java
>===================================================================
>--- org/apache/catalina/realm/ClientCertificateConstants.java	(revision 0)
>+++ org/apache/catalina/realm/ClientCertificateConstants.java	(revision 0)
>@@ -0,0 +1,60 @@
>+/**
>+ * @author Michael Furman
>+ */
>+package org.apache.catalina.realm;
>+
>+import java.util.Arrays;
>+import java.util.List;
>+
>+public class ClientCertificateConstants {
>+	
>+
>+	public enum UserIdentifierRetrieveField {
>+		SubjectDN, SubjectAlternativeName;		
>+		public boolean equals(final String str) {
>+			return name().equals(str);
>+		}
>+	}	
>+
>+	
>+	public static final String EMAIL_SUBJECT_ATTR = "emailAddress";
>+
>+		
>+	public enum SubjectAlternativeNameGeneralNames {
>+		
>+		otherName, // byte arrays containing the ASN.1 DER encoded form 
>+		rfc822Name, // String
>+		dNSName, // String
>+		x400Address, // byte arrays containing the ASN.1 DER encoded form 
>+		directoryName, // String: RFC 2253 string format
>+		ediPartyName, // byte arrays containing the ASN.1 DER encoded form 
>+		uniformResourceIdentifier, // String
>+		iPAddress, // String: IPv4 address - dotted quad notation, IPv6 address - form "a1:a2:...:a8"
>+		registeredID;
>+		
>+		public boolean equals(final String str) {
>+			return name().equals(str);
>+		}
>+		
>+		public boolean equalsIgnoreCase(final String str) {
>+			return name().equalsIgnoreCase(str);
>+		}
>+	}
>+	
>+	// !!! important - set value only in lower case !!!
>+	
>+	// SubjectDN
>+	public static final List<String> EmailOptions = Arrays.asList(EMAIL_SUBJECT_ATTR.toLowerCase(), "e") ;
>+
>+	// Subject Alternative Name
>+	public static final List<String> OtherNameOptions = Arrays.asList("other name", "principalname", "principal name", "microsoft principal name") ;
>+	public static final List<String> RFC822NameOptions = Arrays.asList("rfc822 name", "rfc822name", "emailaddress", "email address", "e-mail address", "e-mailaddress") ;
>+	public static final List<String> DNSNameOptions = Arrays.asList("dns name", "dnsname") ;
>+	// x400Address - empty
>+	public static final List<String> DirectoryNameOptions = Arrays.asList("directory address", "directory address", "x500 name", "x500name", "x.500 name", "x.500name") ;
>+	// ediPartyName - empty
>+	public static final List<String> UriOptions = Arrays.asList("url", "uri") ;
>+	public static final List<String> IPAddressOptions = Arrays.asList("ip address", "ipaddress");
>+	public static final List<String> RegisteredIDOptions = Arrays.asList("registered id", "registeredid","registered oid", "registeredoid");
>+
>+}
>Index: org/apache/catalina/realm/DefaultSubjectDnRetriever.java
>===================================================================
>--- org/apache/catalina/realm/DefaultSubjectDnRetriever.java	(revision 0)
>+++ org/apache/catalina/realm/DefaultSubjectDnRetriever.java	(revision 0)
>@@ -0,0 +1,29 @@
>+/**
>+ * @author Michael Furman
>+ */
>+package org.apache.catalina.realm;
>+
>+import java.security.cert.X509Certificate;
>+
>+import org.apache.juli.logging.Log;
>+import org.apache.juli.logging.LogFactory;
>+
>+
>+public class DefaultSubjectDnRetriever implements UserIdentifierRetriever {
>+	/**
>+	 * Logger for this class
>+	 */
>+	protected final Log logger = LogFactory.getLog(getClass());	
>+    
>+    public String getUserIdentifier(X509Certificate clientCert) {
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getUserIdentifier(X509Certificate) - start");
>+		}
>+		String userIdentifier = clientCert.getSubjectDN().getName();
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getUserIdentifier(X509Certificate) - end; Ret is [" + userIdentifier + "].");
>+		}
>+        return userIdentifier;
>+    }
>+
>+}
>Index: org/apache/catalina/realm/SubjectAlternativeNameRetriever.java
>===================================================================
>--- org/apache/catalina/realm/SubjectAlternativeNameRetriever.java	(revision 0)
>+++ org/apache/catalina/realm/SubjectAlternativeNameRetriever.java	(revision 0)
>@@ -0,0 +1,205 @@
>+/**
>+ * @author Michael Furman
>+ */
>+package org.apache.catalina.realm;
>+
>+import java.io.ByteArrayInputStream;
>+import java.security.cert.CertificateParsingException;
>+import java.security.cert.X509Certificate;
>+import java.util.Collection;
>+import java.util.Iterator;
>+import java.util.List;
>+
>+import org.apache.juli.logging.Log;
>+import org.apache.juli.logging.LogFactory;
>+
>+import org.bouncycastle.asn1.ASN1InputStream;
>+import org.bouncycastle.asn1.ASN1Sequence;
>+import org.bouncycastle.asn1.ASN1TaggedObject;
>+import org.bouncycastle.asn1.DERObject;
>+import org.bouncycastle.asn1.DERUTF8String;
>+
>+
>+public class SubjectAlternativeNameRetriever extends SubjectDnRetriever {
>+	private static final int NOT_EXISTING_TYPE = -1;
>+
>+
>+	/**
>+	 * Logger for this class
>+	 */
>+	protected final Log logger = LogFactory.getLog(getClass());
>+	
>+	
>+	private String alternativeIdentifierConfiguration = null; 
>+   
>+	private int alternativeIdentifierTypeValue = NOT_EXISTING_TYPE; 
>+
>+    protected SubjectAlternativeNameRetriever(String alternativeIdentifierConfiguration) {
>+        setSubjectAlternativeNameGeneralName(alternativeIdentifierConfiguration);
>+    }
>+
>+    
>+    
>+    @SuppressWarnings("unchecked")
>+	public String getUserIdentifier(X509Certificate clientCert) {
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getUserIdentifier(X509Certificate) - start");
>+		}
>+
>+		String userIdentifier = null;
>+		if (clientCert != null) {
>+			if (alternativeIdentifierTypeValue != NOT_EXISTING_TYPE) {
>+				boolean foundUserIdentifier = false;
>+				try {
>+					if (clientCert.getSubjectAlternativeNames() != null) {
>+						Collection subjectAlternativeNames = clientCert.getSubjectAlternativeNames();
>+						Iterator iter = subjectAlternativeNames.iterator();
>+						while (iter.hasNext()) {
>+							List subjectAlternativeName = (List) iter.next();
>+							Integer type = (Integer) subjectAlternativeName.get(0);
>+							if (type.intValue() == alternativeIdentifierTypeValue) {
>+								Object subjectAlternativeNameValue = subjectAlternativeName.get(1);
>+								if (subjectAlternativeNameValue instanceof String) {
>+									userIdentifier = (String) subjectAlternativeNameValue;
>+									foundUserIdentifier = true;					
>+									break;
>+								} else if (subjectAlternativeNameValue instanceof byte[]) {
>+									byte[] subjectAlternativeNameValueBytes = (byte[]) subjectAlternativeNameValue;
>+									userIdentifier = getStringFromASNDerEncodedByteArray(subjectAlternativeNameValueBytes);
>+									if (userIdentifier != null) {
>+										foundUserIdentifier = true;
>+										break;
>+									}
>+								} else {
>+									if (logger.isInfoEnabled()) {
>+										logger.info("Can not get UserIdentifier, the subjectAlternativeName not supported [" + subjectAlternativeNameValue + "].");
>+									}
>+								}
>+							}
>+						}
>+					}
>+				} catch (CertificateParsingException e) {
>+					logger.info("Can not get UserIdentifier, can not get subjectAlternativeNames from certificate [" + e.getMessage() + "].");
>+				}				
>+				if (foundUserIdentifier) {
>+					if (logger.isDebugEnabled()) {
>+						logger.debug("Found userIdentifier [" + userIdentifier + "] from part of subjectAlternativeName [" + alternativeIdentifierConfiguration + "].");
>+					}
>+				} else {
>+					if (logger.isDebugEnabled()) {
>+						logger.debug("Can not found userIdentifier as part of subjectAlternativeName [" + alternativeIdentifierConfiguration + "].");
>+					}
>+				}
>+				
>+			} else {
>+				if (logger.isDebugEnabled()) {
>+					logger.debug("Can not get UserIdentifier, generalName is null");
>+				}
>+			}
>+		} else {
>+			if (logger.isDebugEnabled()) {
>+				logger.debug("Can not get UserIdentifier, clientCert is null");
>+			}
>+		}
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getUserIdentifier(X509Certificate) - end; Ret is [" + userIdentifier + "].");
>+		}
>+
>+		return userIdentifier;
>+	}
>+
>+
>+
>+	
>+
>+    private void setSubjectAlternativeNameGeneralName(String alternativeIdentifierConfiguration) {
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("setSubjectAlternativeNameGeneralName(String) - start; alternativeIdentifier [" +  alternativeIdentifierConfiguration + "].");
>+		}
>+		this.alternativeIdentifierConfiguration = null;
>+		alternativeIdentifierTypeValue = NOT_EXISTING_TYPE;
>+		
>+		if (alternativeIdentifierConfiguration != null) {
>+			this.alternativeIdentifierConfiguration = alternativeIdentifierConfiguration;
>+			String alternativeIdentifierConfigurationLowerCase = alternativeIdentifierConfiguration.toLowerCase();
>+			if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.otherName.equalsIgnoreCase (alternativeIdentifierConfiguration)) 
>+					|| (ClientCertificateConstants.OtherNameOptions.contains(alternativeIdentifierConfigurationLowerCase))) {
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.otherName.ordinal();				
>+			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.rfc822Name.equalsIgnoreCase (alternativeIdentifierConfiguration)) 
>+					|| (ClientCertificateConstants.RFC822NameOptions.contains(alternativeIdentifierConfigurationLowerCase))) {
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.rfc822Name.ordinal();				
>+			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.dNSName.equalsIgnoreCase (alternativeIdentifierConfiguration)) 
>+					|| (ClientCertificateConstants.DNSNameOptions.contains(alternativeIdentifierConfigurationLowerCase))) {
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.dNSName.ordinal();				
>+			} else if (ClientCertificateConstants.SubjectAlternativeNameGeneralNames.x400Address.equalsIgnoreCase (alternativeIdentifierConfiguration)) {
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.x400Address.ordinal();				
>+			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.directoryName.equalsIgnoreCase (alternativeIdentifierConfiguration)) 
>+					|| (ClientCertificateConstants.DirectoryNameOptions.contains(alternativeIdentifierConfigurationLowerCase))) {
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.directoryName.ordinal();				
>+			} else if (ClientCertificateConstants.SubjectAlternativeNameGeneralNames.ediPartyName.equalsIgnoreCase (alternativeIdentifierConfiguration)) {
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.ediPartyName.ordinal();				
>+			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.uniformResourceIdentifier.equalsIgnoreCase (alternativeIdentifierConfiguration)) 
>+					|| (ClientCertificateConstants.UriOptions.contains(alternativeIdentifierConfigurationLowerCase))) {				
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.uniformResourceIdentifier.ordinal();				
>+			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.iPAddress.equalsIgnoreCase (alternativeIdentifierConfiguration)) 
>+					|| (ClientCertificateConstants.IPAddressOptions.contains(alternativeIdentifierConfigurationLowerCase))) {					
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.iPAddress.ordinal();				
>+			} else if ((ClientCertificateConstants.SubjectAlternativeNameGeneralNames.registeredID.equalsIgnoreCase (alternativeIdentifierConfiguration)) 
>+				|| (ClientCertificateConstants.RegisteredIDOptions.contains(alternativeIdentifierConfigurationLowerCase))) {									
>+				alternativeIdentifierTypeValue = ClientCertificateConstants.SubjectAlternativeNameGeneralNames.registeredID.ordinal();				
>+			} else {
>+				try {
>+					alternativeIdentifierTypeValue = (new Integer(alternativeIdentifierConfiguration)).intValue();
>+				}catch (NumberFormatException e) {
>+					alternativeIdentifierTypeValue = NOT_EXISTING_TYPE;
>+				}
>+			}
>+		
>+		}
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("setSubjectAlternativeNameGeneralName(String) - end; alternativeIdentifier [" +  alternativeIdentifierConfiguration + "], alternativeIdentifierType [" +  alternativeIdentifierTypeValue + "].");
>+		}
>+    }
>+
>+
>+	private String getStringFromASNDerEncodedByteArray(byte[] byteArray) {
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getStringFromASNDerEncodedByteArray(byte[]) - start");
>+		}
>+
>+		String ret = null;
>+		try {	
>+			ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(byteArray));
>+			DERObject derObject = asn1InputStream.readObject();
>+			ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(derObject);
>+			Object objectValue = asn1Sequence.getObjectAt(1);
>+			if (objectValue instanceof ASN1TaggedObject) {
>+				ASN1TaggedObject asn1TaggedObject = (ASN1TaggedObject) objectValue;
>+				try {
>+					if (logger.isDebugEnabled()) {
>+						logger.debug("Try to get string from DERUTF8String.");
>+					}
>+					DERObject derTaggedObject = asn1TaggedObject.getObject();
>+					DERUTF8String derUtf8String = DERUTF8String.getInstance(derTaggedObject);
>+					ret = derUtf8String.getString();
>+				} catch (IllegalArgumentException e) {
>+					if (logger.isDebugEnabled()) {
>+						logger.debug("Can not get String From DERUTF8String, [" + e.getMessage() + "].");
>+					}
>+				}				
>+			}
>+		} catch (Exception e) {
>+			if (logger.isInfoEnabled()) {
>+				logger.info("Can not get String From ASNDerEncoded ByteArray, [" + e.getMessage() + "].");
>+			}
>+		}
>+
>+		if (logger.isDebugEnabled()) {
>+			logger.debug("getStringFromASNDerEncodedByteArray(byte[]) - end. Ret is [" + ret + "].");
>+		}
>+		return ret;
>+
>+	}
>+	
>+
>+}
>Index: org/apache/catalina/realm/RealmBase.java
>===================================================================
>--- org/apache/catalina/realm/RealmBase.java	(revision 1234938)
>+++ org/apache/catalina/realm/RealmBase.java	(working copy)
>@@ -49,6 +49,7 @@
> import org.apache.catalina.deploy.SecurityCollection;
> import org.apache.catalina.deploy.SecurityConstraint;
> import org.apache.catalina.mbeans.MBeanUtils;
>+import org.apache.catalina.realm.ClientCertificateConstants.UserIdentifierRetrieveField;
> import org.apache.catalina.util.LifecycleMBeanBase;
> import org.apache.catalina.util.MD5Encoder;
> import org.apache.juli.logging.Log;
>@@ -153,6 +154,14 @@
>     protected boolean stripRealmForGss = true;
> 
> 
>+    private UserIdentifierRetriever userIdentifierRetriever = null;
>+    
>+	private String x509UserIdentifierRetrieveField = null;
>+	
>+	private String x509UserIdentifierRetrieveFieldPart = null;
>+    
>+	private String x509UserIdentifierRetrieverClassName;
>+    
>     // ------------------------------------------------------------- Properties
> 
> 
>@@ -1194,7 +1203,12 @@
>      * Return the Principal associated with the given certificate.
>      */
>     protected Principal getPrincipal(X509Certificate usercert) {
>-        return(getPrincipal(usercert.getSubjectDN().getName()));
>+		createUserIdentifierRetriever();
>+		String userIdentifier = userIdentifierRetriever.getUserIdentifier(usercert);
>+
>+		if (log.isDebugEnabled())
>+            log.debug("Get principal for [" + userIdentifier + "]");		
>+        return(getPrincipal(userIdentifier));
>     }
> 
> 
>@@ -1393,5 +1407,72 @@
>             return name;
>         }
>     }
>+    
>+	public void setX509UserIdentifierRetrieveFieldPart(String userIdentifierRetrieveFieldPart) {
>+		this.x509UserIdentifierRetrieveFieldPart = userIdentifierRetrieveFieldPart;
> 
>+	}
>+
>+	public void setX509UserIdentifierRetrieveField(String userIdentifierRetrieveField) {
>+		this.x509UserIdentifierRetrieveField = userIdentifierRetrieveField;	
>+	}
>+
>+	public void setX509UserIdentifierRetrieverClassName(String className) {
>+		 this.x509UserIdentifierRetrieverClassName = className;
>+	}
>+	private void createUserIdentifierRetriever() {
>+		
>+		if (userIdentifierRetriever == null) {
>+			boolean created = createUserIdentifierRetrieverFromClassName();				
>+			if (!created) {
>+				if (UserIdentifierRetrieveField.SubjectDN.equals(x509UserIdentifierRetrieveField)) {
>+					if (x509UserIdentifierRetrieveFieldPart == null) {
>+					     userIdentifierRetriever = new SubjectDnRetriever();		    			
>+					} else {
>+						userIdentifierRetriever = new SubjectDnRetriever(x509UserIdentifierRetrieveFieldPart);
>+					}			
>+				} else if (UserIdentifierRetrieveField.SubjectAlternativeName.equals(x509UserIdentifierRetrieveField)) {						
>+					if (x509UserIdentifierRetrieveFieldPart == null) {
>+						userIdentifierRetriever = new SubjectDnRetriever();				
>+						String warnString = "Can not create userIdentifierRetriever : userIdentifierRetrieveFieldPart is null when userIdentifierRetrieveField is [" + x509UserIdentifierRetrieveField + "]. userIdentifierRetriever is created for SubjectDn field.";
>+						log.warn(warnString);				
>+					} else {
>+						userIdentifierRetriever = new SubjectAlternativeNameRetriever(x509UserIdentifierRetrieveFieldPart);
>+					}
>+				} else {
>+					userIdentifierRetriever = new DefaultSubjectDnRetriever();
>+				}
>+			}
>+		}
>+	}
>+	
>+	@SuppressWarnings("unchecked")
>+	private boolean createUserIdentifierRetrieverFromClassName() {
>+
>+		boolean created = false;
>+		if ((x509UserIdentifierRetrieverClassName != null) && (x509UserIdentifierRetrieverClassName != "")) {
>+			Class<? extends UserIdentifierRetriever> x509UserIdentifierRetrieverClass = null;
>+			try {
>+				x509UserIdentifierRetrieverClass = (Class<? extends UserIdentifierRetriever>) Class.forName(x509UserIdentifierRetrieverClassName);
>+				userIdentifierRetriever = x509UserIdentifierRetrieverClass.newInstance(); 
>+				created = true;
>+			} catch (ClassCastException e) {
>+				String warnString = "Class [" + x509UserIdentifierRetrieverClassName + "] is not instance of  [" + UserIdentifierRetriever.class.getSimpleName() + "].";  
>+				log.warn(warnString);
>+			} catch (ClassNotFoundException e) {
>+				String warnString = "Class [" + x509UserIdentifierRetrieverClassName + "] was not found.";  
>+				log.warn(warnString, e);
>+			} catch (InstantiationException e) {
>+				String warnString = "Cannot instantiate class [" + x509UserIdentifierRetrieverClassName + "].";  
>+				log.warn(warnString);
>+			} catch (IllegalAccessException e) {
>+				String warnString = "Cannot instantiate class [" + x509UserIdentifierRetrieverClassName + "].";  
>+				log.warn(warnString);
>+			}
>+			
>+		}
>+		return created;
>+	}
>+    
>+
> }

Actions: View | Diff

Attachments on bug 52500: 28190 | 28191 | 28199 | 28200 | 28237 | 28238 | 28308 | 28309 | 28348 | 28349 | 28386 | 28387 | 28450