org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder 連携図

静的関数
static UserIdentityExtractor	fromConfig (X509AuthenticatorConfigModel config)

静的非公開変数類
static final Function< X509Certificate[], X500Name >	subject

static final Function< X509Certificate[], X500Name >	issuer

詳解

関数詳解

◆ fromConfig()

static UserIdentityExtractor org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder.fromConfig ( X509AuthenticatorConfigModel config )

inlinestaticpackage

                                                                                      {
 
             X509AuthenticatorConfigModel.MappingSourceType userIdentitySource = config.getMappingSourceType();
             String pattern = config.getRegularExpression();
 
             UserIdentityExtractor extractor = null;
             switch(userIdentitySource) {
 
                 case SUBJECTDN:
                     extractor = UserIdentityExtractor.getPatternIdentityExtractor(pattern, certs -> certs[0].getSubjectDN().getName());
                     break;
                 case ISSUERDN:
                     extractor = UserIdentityExtractor.getPatternIdentityExtractor(pattern, certs -> certs[0].getIssuerDN().getName());
                     break;
                 case SERIALNUMBER:
                     extractor = UserIdentityExtractor.getPatternIdentityExtractor(DEFAULT_MATCH_ALL_EXPRESSION, certs -> certs[0].getSerialNumber().toString());
                     break;
                 case SUBJECTDN_CN:
                     extractor = UserIdentityExtractor.getX500NameExtractor(BCStyle.CN, subject);
                     break;
                 case SUBJECTDN_EMAIL:
                     extractor = UserIdentityExtractor
                             .either(UserIdentityExtractor.getX500NameExtractor(BCStyle.EmailAddress, subject))
                             .or(UserIdentityExtractor.getX500NameExtractor(BCStyle.E, subject));
                     break;
                 case SUBJECTALTNAME_EMAIL:
                     extractor = UserIdentityExtractor.getSubjectAltNameExtractor(1);
                     break;
                 case ISSUERDN_CN:
                     extractor = UserIdentityExtractor.getX500NameExtractor(BCStyle.CN, issuer);
                     break;
                 case ISSUERDN_EMAIL:
                     extractor = UserIdentityExtractor
                             .either(UserIdentityExtractor.getX500NameExtractor(BCStyle.EmailAddress, issuer))
                             .or(UserIdentityExtractor.getX500NameExtractor(BCStyle.E, issuer));
                     break;
                 default:
                     logger.warnf("[UserIdentityExtractorBuilder:fromConfig] Unknown or unsupported user identity source: \"%s\"", userIdentitySource.getName());
                     break;
             }
             return extractor;
         }

メンバ詳解

◆ issuer

final Function<X509Certificate[],X500Name> org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder.issuer

staticprivate

初期値:

= certs -> {
            try {
                return new JcaX509CertificateHolder(certs[0]).getIssuer();
            } catch (CertificateEncodingException e) {
                logger.warn("Unable to get certificate Issuer", e);
            }
            return null;
        }

◆ subject

final Function<X509Certificate[],X500Name> org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder.subject