Class X500SubjectCanonicalization

All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class X500SubjectCanonicalization
extends AbstractSubjectCanonicalizationAction
An action that operates on a SubjectCanonicalizationContext child of the current ProfileRequestContext, and transforms the input Subject into a principal name by searching for one and only one X509Certificate public credential, or in its absence one and only one X500Principal.

A list of OIDs is used to locate an RDN to extract from the Subject DN and use as the principal name after applying the transforms from the base class.

Alternatively, a list of subjectAltName extension types may be specified, which takes precedence over the subject, if a match is found.

Event:
EventIds.PROCEED_EVENT_ID, AuthnEventIds.INVALID_SUBJECT
Precondition:
ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
Postcondition:
SubjectCanonicalizationContext.getPrincipalName() != null
  || SubjectCanonicalizationContext.getException() != null
  • Field Details

  • Constructor Details

    • X500SubjectCanonicalization

      public X500SubjectCanonicalization()
      Constructor.
  • Method Details

    • setSubjectAltNameTypes

      public void setSubjectAltNameTypes​(@Nullable @NonnullElements List<Integer> types)
      Set the subjectAltName types to search for, in order of preference.
      Parameters:
      types - types to search for
    • setObjectIds

      public void setObjectIds​(@Nullable @NonnullElements List<String> ids)
      Set the OIDs to search for, in order of preference.
      Parameters:
      ids - RDN OIDs to search for
    • doPreExecute

      protected boolean doPreExecute​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext)
      Performs this c14n action's pre-execute step. Default implementation just returns true iff a subject is set.
      Overrides:
      doPreExecute in class AbstractSubjectCanonicalizationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      c14nContext - the current subject canonicalization context
      Returns:
      true iff execution should continue
    • doExecute

      protected void doExecute​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext)
      Performs this authentication action. Default implementation throws an exception.
      Overrides:
      doExecute in class AbstractSubjectCanonicalizationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      c14nContext - the current subject canonicalization context
    • findRDN

      @Nullable protected String findRDN​(@Nonnull org.cryptacular.x509.dn.RDNSequence sequence, @Nonnull @NotEmpty String oid)
      Find an RDN with the specified OID.
      Parameters:
      sequence - the DN components
      oid - the OID to look for
      Returns:
      the first matching RDN value, or null