Example usage for javax.security.cert X509Certificate getSerialNumber

List of usage examples for javax.security.cert X509Certificate getSerialNumber

  1. HOME
  2. Java
  3. javax
  4. javax.security.cert.*
  5. X509Certificate
  6. getSerialNumber

Introduction

In this page you can find the example usage for javax.security.cert X509Certificate getSerialNumber.

Prototype

public abstract BigInteger getSerialNumber();

Source Link

Document

Gets the serialNumber value from the certificate.

Usage

From source file:org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator.java

/**
 * To set the authentication context in current message context.
 *
 * @param messageContext Relevant message context.
 * @param sslCertObject  SSL certificate object.
 * @throws APISecurityException API Security Exception.
 */// w  ww. ja v a 2 s.  co m
private void setAuthContext(MessageContext messageContext, Object sslCertObject) throws APISecurityException {

    X509Certificate[] certs = (X509Certificate[]) sslCertObject;
    X509Certificate x509Certificate = certs[0];
    String subjectDN = x509Certificate.getSubjectDN().getName();
    String uniqueIdentifier = String
            .valueOf(x509Certificate.getSerialNumber() + "_" + x509Certificate.getIssuerDN())
            .replaceAll(",", "#").replaceAll("\"", "'").trim();
    String tier = certificates.get(uniqueIdentifier);
    if (StringUtils.isEmpty(tier)) {
        if (log.isDebugEnabled()) {
            log.debug(
                    "The client certificate presented is available in gateway, however it was not added against "
                            + "the API " + getAPIIdentifier(messageContext));
        }
        throw new APISecurityException(APISecurityConstants.MUTUAL_SSL_VALIDATION_FAILURE,
                APISecurityConstants.MUTUAL_SSL_VALIDATION_FAILURE_MESSAGE);
    }
    AuthenticationContext authContext = new AuthenticationContext();
    authContext.setAuthenticated(true);
    authContext.setUsername(subjectDN);
    try {
        LdapName ldapDN = new LdapName(subjectDN);
        for (Rdn rdn : ldapDN.getRdns()) {
            if (APIConstants.CERTIFICATE_COMMON_NAME.equalsIgnoreCase(rdn.getType())) {
                authContext.setUsername((String) rdn.getValue());
            }
        }
    } catch (InvalidNameException e) {
        log.warn("Cannot get the CN name from certificate:" + e.getMessage() + ". Please make sure the "
                + "certificate to include a proper common name that follows naming convention.");
        authContext.setUsername(subjectDN);
    }
    authContext.setApiTier(apiLevelPolicy);
    APIIdentifier apiIdentifier = getAPIIdentifier(messageContext);
    authContext.setKeyType(APIConstants.API_KEY_TYPE_PRODUCTION);
    authContext.setStopOnQuotaReach(true);
    authContext.setApiKey(uniqueIdentifier + "_" + apiIdentifier.toString());
    authContext.setTier(tier);
    /* For the mutual SSL based authenticated request, the resource level throttling is not considered, hence
    assigning the unlimited tier for that. */
    VerbInfoDTO verbInfoDTO = new VerbInfoDTO();
    verbInfoDTO.setThrottling(APIConstants.UNLIMITED_TIER);
    messageContext.setProperty(APIConstants.VERB_INFO_DTO, verbInfoDTO);
    if (log.isDebugEnabled()) {
        log.debug("Auth context for the API " + getAPIIdentifier(messageContext) + ": Username["
                + authContext.getUsername() + "APIKey[(" + authContext.getApiKey() + "] Tier["
                + authContext.getTier() + "]");
    }
    APISecurityUtils.setAuthenticationContext(messageContext, authContext, null);
}