X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=b50bf8ac4699ba5098fff3cac93d041d5c687efd;hb=54fb8849152a3d91f7ba52aeeffb236f5e70fbdf;hp=16cc7ac19548141679bc25d9c5c4c8673bc5475f;hpb=f9ee9620626e471a99f25e84175e27380d902957;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 16cc7ac19..b50bf8ac4 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -5,7 +5,6 @@ import static org.argeo.naming.LdapAttrs.description;
 
 import java.io.IOException;
 import java.security.PrivilegedAction;
-import java.security.cert.X509Certificate;
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.HashSet;
@@ -14,6 +13,7 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
+import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -85,7 +85,7 @@ public class UserAdminLoginModule implements LoginModule {
 		UserAdmin userAdmin = Activator.getUserAdmin();
 		final String username;
 		final char[] password;
-		X509Certificate[] certificateChain = null;
+		Object certificateChain = null;
 		if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
 				&& sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) {
 			// NB: required by Basic http auth
@@ -94,9 +94,16 @@ public class UserAdminLoginModule implements LoginModule {
 			// // TODO locale?
 		} else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
 				&& sharedState.containsKey(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN)) {
-			// NB: required by Basic http auth
-			username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
-			certificateChain = (X509Certificate[]) sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
+			String certificateName = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+			LdapName ldapName;
+			try {
+				ldapName = new LdapName(certificateName);
+			} catch (InvalidNameException e) {
+				e.printStackTrace();
+				return false;
+			}
+			username = ldapName.getRdn(ldapName.size() - 1).getValue().toString();
+			certificateChain = sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
 			password = null;
 		} else if (singleUser) {
 			username = OsUserUtils.getOsUsername();