Announcement Announcement Module
No announcement yet.
SubjectDnX509PrincipalExtractor and escaping of content Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • SubjectDnX509PrincipalExtractor and escaping of content

    Hey all,

    Out of sheer curiosity, why does the provided implementation of SubjectDnX509PrincipalExtractor use a regex for extracting the CN?

    Seeing as how this is the provided implementation I can see this as being simple. But Java's library contains the LdapName class which is capable of parsing the DN into more discrete objects.

    I only ask as I've run into an oddity with another application and DN strings that are not RFC2253 formatted instead are openssl "oneline" format. Oddly enough, the CN for a particular entry included a "/" which is not escaped. As such it could not be parsed correctly.

    So with regard to that, if the DN extracted by the provided SubjectDnX509PrincipalExtractor contains a comma (say CN="Doe, John") the default regex of CN=(.*), would only match ["Doe] and stop matching. Would it be advisable to possibly update this implementation to use the LdapName or are there other issues involved with this.

    Thanks in advance