1
2
3
4
5
6
7 package org.opensciencegrid.authz.service;
8
9 import java.security.cert.X509Certificate;
10 import java.util.ArrayList;
11 import java.util.Collections;
12 import java.util.Iterator;
13 import java.util.List;
14 import org.apache.commons.logging.Log;
15 import org.apache.commons.logging.LogFactory;
16 import org.glite.security.SecurityContext;
17 import org.glite.security.util.axis.InitSecurityContext;
18
19 /***
20 *
21 * @author carcassi
22 */
23 public class SecurityUtil {
24 private static Log log = LogFactory.getLog(SecurityUtil.class);
25
26 public static String retrieveClientDN() {
27 try {
28 InitSecurityContext.init();
29 SecurityContext context = SecurityContext.getCurrentContext();
30 X509Certificate[] chain = context.getClientCertChain();
31 log.trace("Retrieved chain: " + chain);
32
33 X509Certificate cert = chain[0];
34 if (cert == null) return null;
35 String commaDN = cert.getSubjectX500Principal().toString();
36 if (commaDN.toLowerCase().indexOf("proxy") != -1) {
37 commaDN = cert.getIssuerX500Principal().toString();
38 }
39 log.trace("Retrieved DN: " + convertDN(commaDN));
40 return convertDN(commaDN);
41 } catch (Throwable e) {
42 log.error("Failed to retrieve client DN", e);
43 throw new RuntimeException("Failed to retrieve client DN: "+e.getMessage());
44 }
45 }
46
47 private static String convertDN(String commaDN) {
48 List pieces = new ArrayList();
49 while (commaDN.indexOf(", ") != -1) {
50 int pos = commaDN.indexOf(", ");
51 pieces.add(commaDN.substring(0, pos));
52 commaDN = commaDN.substring(pos+2);
53 }
54 pieces.add(commaDN);
55 Collections.reverse(pieces);
56 Iterator iter = pieces.iterator();
57 StringBuffer DN = new StringBuffer();
58 while (iter.hasNext()) {
59 DN.append("/");
60 DN.append((String) iter.next());
61 }
62 return DN.toString();
63 }
64
65 }