Endeca Platform Services Security Guide · Version 6.0.3 · June 2012
Copyright © 2003, 2012, Oracle and/or its affiliates. All rights reserved.
The first step is for the application to extract the user identity from the user’s X.509 certificate.
Requiring X.509 certificates from your users is one way to provide secure user authentication. Although using X.509 certificates is not a requirement for any type of authentication, it is a often used in Web browsers that support the SSL protocol.
To extract the contents of the certificate, use the methods in the Java Certificate API, which is in the java.security.cert package available from Sun. In particular, the X509Certificate class provides a standard way to access all the attributes of an X.509 certificate.
<%@ page import="java.security.cert.X509Certificate" %>
<%@ page import="java.security.Principal" %>
<%
// Later in the page...
// Get the client SSL certificates associated with the request
X509Certificate[] certs = (X509Certificate[])
request.getAttribute("javax.servlet.request.X509Certificate");
// Check that a certificate was obtained
if (certs.length < 1) {
System.err.println("SSL not client authenticated");
return;
}
// The base of the certificate chain contains the client's info
X509Certificate principalCert = certs[0];
// Get the Distinguished Name from the certificate
// Ex/ "E=joeuser@endeca.com, CN=joeuser, O=Endeca,
// "L=Cambridge, S=MA, C=US"
Principal principal = principalCert.getSubjectDN();
// Extract the common name (CN)
int start = principal.getName().indexOf("CN");
String tmpName, name = "";
if (start > 0) {
tmpName = principal.getName().substring(start+3);
int end = tmpName.indexOf(",");
if (end > 0) {
name = tmpName.substring(0, end);
}
else {
name = tmpName;
}
}
// Now query the LDAP server for authentication
...
%>
The ASPX front end can also extract user information from X.509 certificates. The .NET Framework includes the System.Security.Cryptography.X509Certificates namespace that contains the X509Certificate class. For details on its usage, refer to the Microsoft .NET Framework documentation.
Endeca Platform Services Security Guide · Version 6.0.3 · June 2012
Copyright © 2003, 2012, Oracle and/or its affiliates. All rights reserved.