Skip to content

Change default subjectDnRegex pattern in SubjectDnX509PrincipalExtractor to match CN at end of DN #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Change default subjectDnRegex pattern in SubjectDnX509PrincipalExtractor to match CN at end of DN #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
92f3253
SubjectDnRegex that extracts CN from any position in string
May 22, 2012
8cc75e1
Additional unit test for SubjectDnX509PrincipalExtractor
May 23, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ...ngframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
* Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call
* to {@link X509Certificate#getSubjectDN()}).
* <p>
* The regular expression should contain a single group; for example the default expression "CN=(.?)," matches the
* The regular expression should contain a single group; for example the default expression "CN=(.*?)(?:,.*)*$" matches the
* common name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".
* <p>
* The matches are case insensitive. So "emailAddress=(.?)," will match "[email protected], CN=..." giving a
Expand All @@ -33,7 +33,7 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
private Pattern subjectDnPattern;

public SubjectDnX509PrincipalExtractor() {
setSubjectDnRegex("CN=(.*?),");
setSubjectDnRegex("CN=(.*?)(?:,.*)*$");
}

public Object extractPrincipal(X509Certificate clientCert) {
Expand Down
6 changes: 6 additions & 0 deletions ...mework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,10 @@ public void matchOnShoeSizeThrowsBadCredentials() throws Exception {
extractor.setSubjectDnRegex("shoeSize=(.*?),");
extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
}

@Test
public void defaultCNPatternReturnsPrincipalAtEndOfDNString() throws Exception {
Object principal = extractor.extractPrincipal(X509TestUtils.buildTestCertificateWithCnAtEnd());
assertEquals("Duke", principal);
}
}
37 changes: 37 additions & 0 deletions ...test/java/org/springframework/security/web/authentication/preauth/x509/X509TestUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,4 +98,41 @@ public static X509Certificate buildTestCertificate() throws Exception {

return (X509Certificate) cf.generateCertificate(in);
}

/**
* Builds an X.509 certificate with a subject DN where the CN field is at the end of the line.
* The actual DN line is:
* <pre>
* L=Cupertino,C=US,ST=CA,OU=Java Software,O=Sun Microsystems\, Inc,CN=Duke
* </pre>
*
*/
public static X509Certificate buildTestCertificateWithCnAtEnd() throws Exception {
String cert = "-----BEGIN CERTIFICATE-----\n" +
"MIIDjTCCAnWgAwIBAgIBATALBgkqhkiG9w0BAQswdTENMAsGA1UEAwwERHVrZTEe\n" +
"MBwGA1UECgwVU3VuIE1pY3Jvc3lzdGVtcywgSW5jMRYwFAYDVQQLDA1KYXZhIFNv\n" +
"ZnR3YXJlMQswCQYDVQQIDAJDQTELMAkGA1UEBhMCVVMxEjAQBgNVBAcMCUN1cGVy\n" +
"dGlubzAeFw0xMjA1MTgxNDQ4MzBaFw0xMzA1MTgxNDQ4MzBaMHUxDTALBgNVBAMM\n" +
"BER1a2UxHjAcBgNVBAoMFVN1biBNaWNyb3N5c3RlbXMsIEluYzEWMBQGA1UECwwN\n" +
"SmF2YSBTb2Z0d2FyZTELMAkGA1UECAwCQ0ExCzAJBgNVBAYTAlVTMRIwEAYDVQQH\n" +
"DAlDdXBlcnRpbm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGLaCx\n" +
"Dy5oRJ/FelcoO/lAEApAhR4wxmUIu0guzN0Tx/cuWfyo4349NOxf5XfRcje37B//\n" +
"hyMwK1Q/pRhRYtZlK+O+9tNCAupekmSxEw9wNsRXNJ18QTTvQRPReXhG8gOiGmU2\n" +
"kpTVjpZURo/0WGuEyAWYzH99cQfUM92vIaGKq2fApNfwCULtFnAY9WPDZtwSZYhC\n" +
"qSAoy6B1I2A3i+G5Ep++eCa9PZKCZIPWJiC5+nMmzwCOnQqcZlorsrQ+M+I4GgE2\n" +
"Rryb/AeKoSPsrm4t0aWhFhKcuHpk3jfKhJhi5e+5bnY17pCoY9hx5EK3WqfKL/x1\n" +
"3HKsPpf/MieRWiAdAgMBAAGjKjAoMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8E\n" +
"DDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAdAtXZYCdb7JKzfwY7vEO\n" +
"9TOMyxxwxhxs+26urL2wQWqtRgHXopoi/GGSuZG5aPQcHWLoqZ1f7nZoWfKzJMKw\n" +
"MOvaw6wSSkmEoEvdek3s/bH6Gp0spnykqtb+kunGr/XFxyBhHmfdSroEgzspslFh\n" +
"Glqe/XfrQmFgPWd13GH8mqzSU1zc+0Ka7s68jcuNfz9ble5rT0IrdjRm5E64mVGk\n" +
"aJTAO5N87ks5JjkDHDJzcyYRcIpqBGotJtyZTjGpIeAG8xLGlkSsUg88iUOchI7s\n" +
"dOmse9mpgEjCb4kdZ0PnoxMFjsPR8AoGOz4A5vA19nKqWM8bxK9hqLGKsaiQpQg7\n" +
"bA==\n" +
"-----END CERTIFICATE-----\n";
ByteArrayInputStream in = new ByteArrayInputStream(cert.getBytes());
CertificateFactory cf = CertificateFactory.getInstance("X.509");

return (X509Certificate) cf.generateCertificate(in);
}
}