X509SerialNumberAndIssuerDNPrincipalResolver.java

package org.apereo.cas.adaptors.x509.authentication.principal;

import org.apache.commons.lang3.builder.ToStringBuilder;

import java.security.cert.X509Certificate;

/**
 * This class is targeted at usage for mapping to an existing user record. It
 * can construct a highly-likely unique DN based on a certificate's serialnumber
 * and its issuerDN. example:
 * SERIALNUMBER=20267647332258882251479793556682961758, SERIALNUMBER=200301,
 * CN=Citizen CA, C=BE see RFC3280 The combination of a certificate serial
 * number and the issuerDN *should* be unique: - The certificate serialNumber is
 * by its nature unique for a certain issuer. - The issuerDN is RECOMMENDED to
 * be unique. Both the serial number and the issuerDN are REQUIRED in a
 * certificate. Note: comparison rules state the compare should be
 * case-insensitive. LDAP value description: EQUALITY distinguishedNameMatch
 * SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 [=distinguishedName]
 *
 * @author Jan Van der Velpen
 * @since 3.1
 */
public class X509SerialNumberAndIssuerDNPrincipalResolver extends AbstractX509PrincipalResolver {

    /**
     * Prefix for Certificate Serial Number.
     */
    private String serialNumberPrefix = "SERIALNUMBER=";

    /**
     * Prefix for Value Delimiter.
     */
    private String valueDelimiter = ", ";

    /**
     * Creates a new instance.
     *
     * @param serialNumberPrefix prefix for the certificate serialnumber (default: "SERIALNUMBER=").
     * @param valueDelimiter delimiter to separate the two certificate properties in the string.
     * (default: ", ")
     */
    public X509SerialNumberAndIssuerDNPrincipalResolver(final String serialNumberPrefix, final String valueDelimiter) {
        if (serialNumberPrefix != null) {
            this.serialNumberPrefix = serialNumberPrefix;
        }
        if (valueDelimiter != null) {
            this.valueDelimiter = valueDelimiter;
        }
    }

    @Override
    protected String resolvePrincipalInternal(final X509Certificate certificate) {
        return new StringBuilder(this.serialNumberPrefix)
                .append(certificate.getSerialNumber())
                .append(this.valueDelimiter)
                .append(certificate.getIssuerDN().getName())
                .toString();
    }


    @Override
    public String toString() {
        return new ToStringBuilder(this)
                .appendSuper(super.toString())
                .append("serialNumberPrefix", serialNumberPrefix)
                .append("valueDelimiter", valueDelimiter)
                .toString();
    }
}