From: James Moger <james.moger@gitblit.com>
Date: Fri, 22 May 2015 15:25:37 +0000 (-0400)
Subject: Parse X509 DN with LdapName
X-Git-Tag: v1.7.0~1^2~68^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Ftickets%2F49%2F249%2F1;p=gitblit.git

Parse X509 DN with LdapName
---

diff --git a/src/main/java/com/gitblit/utils/X509Utils.java b/src/main/java/com/gitblit/utils/X509Utils.java
index fc0b797d..a2650be4 100644
--- a/src/main/java/com/gitblit/utils/X509Utils.java
+++ b/src/main/java/com/gitblit/utils/X509Utils.java
@@ -61,6 +61,7 @@ import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
 
 import javax.crypto.Cipher;
+import javax.naming.ldap.LdapName;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -1117,17 +1118,18 @@ public class X509Utils {
 	}
 
 	public static X509Metadata getMetadata(X509Certificate cert) {
-		// manually split DN into OID components
-		// this is instead of parsing with LdapName which:
-		// (1) I don't trust the order of values
-		// (2) it filters out values like EMAILADDRESS
-		String dn = cert.getSubjectDN().getName();
 		Map<String, String> oids = new HashMap<String, String>();
-		for (String kvp : dn.split(",")) {
-			String [] val = kvp.trim().split("=");
-			String oid = val[0].toUpperCase().trim();
-			String data = val[1].trim();
-			oids.put(oid, data);
+		try {
+			String dn = cert.getSubjectDN().getName();
+			LdapName ldapName = new LdapName(dn);
+			for (int i = 0; i < ldapName.size(); i++) {
+				String [] val = ldapName.get(i).trim().split("=", 2);
+				String oid = val[0].toUpperCase().trim();
+				String data = val[1].trim();
+				oids.put(oid, data);
+			}
+		} catch (Exception e) {
+			throw new RuntimeException(e);
 		}
 
 		X509Metadata metadata = new X509Metadata(oids.get("CN"), "whocares");