Menu
Let me begin by stating that this is a question of aesthetics. I've solved my own problem, I'm just curious about better ways of doing it.
So, I've got a certificate DN, something like this:
CN=Jimmy Blooptoop,OU=Someplace,OU=Employees,DC=Bloopsoft-Inc
Now, I want to grab the CN out of that. In java, there isn't native support to grab anything but the full DN from the X509 certificate without using some 3rd party library like bouncy castle - which I can't use. So I've got to parse it out, which isn't much of problem. The only thing that makes it slightly tricky is the fact that the CN isn't always going to be formatted as <first name> <last name>. More often than not, it's actually going to be <last name>, <first name> <middle initial>. So, in the example above, the CN could be Jimmy Blooptoop or Blooptoop, Jimmy J (short for the Joop of course).
After going and reading up about about regular expressions, I wrote the following, which works well enough:
Matcher m = Pattern.compile("CN=[A-Za-z]*[, ]*[ A-Za-z]*").matcher(dn); if (m.find()) cn = m.group(); I'm just curious if there are expressions that would look less like crap. I'm fairly confident that there are since I worked that out after reading just an introduction to regex.
831
2 Indeed, thanks to gtrakit appears that to get the client certificate and extract the CN, this most likely works.
Now, I want to grab the CN out of that. In java, there isn't native support to grab anything but the full DN from the X509 certificate without using some 3rd party library like bouncy castle - which I can't use. So I've got to parse it out, which isn't much of problem.
The CN usually indicate the host/server/name protected by the SSL certificate. Your SSL certificate is valid only if hostname matches the CN. Your browser can display the CN: How do I get common name (CN) from SSL certificate? You can install certtool using the gnutls-bin package on Debian or Ubuntu Linux.
0 Get the common name of the certificate Without using any library. with using regular expression To get the name String name = x509Certificate.getSubjectDN().getName(); to get the extract the common name from the full name
How about javax.naming.ldap.LdapName?
String dn = "CN=Jimmy Blooptoop,OU=Someplace,OU=Employees,DC=Bloopsoft-Inc"; LdapName ln = new LdapName(dn); for(Rdn rdn : ln.getRdns()) { if(rdn.getType().equalsIgnoreCase("CN")) { System.err.println("CN is: " + rdn.getValue()); break; } } It's not the most beautiful interface since there is something missing like LdapName#getByType(String) but it saves you the trouble of having to think about what strange features DNs might have.
157
You can use Spring Frameworks LdapUtils to extract CN in a neat way like below :
String cn = LdapUtils.getStringValue(new LdapName(group),"cn"); OR
Without using Spring Framework like below :
String cn = (String)new LdapName(group).getRdns().stream().filter(rdn -> rdn.getType().equalsIgnoreCase("CN")).findFirst().get().getValue(); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
