From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 13 Nov 2018 10:02:26 +0000 (+0100)
Subject: Improve certificate auth
X-Git-Tag: argeo-commons-2.1.76~31
X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=4ccae1bf1714f7adbb69a4505f424e70f2c39698;p=lgpl%2Fargeo-commons.git

Improve certificate auth
---

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 16cc7ac19..83accceb4 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -14,6 +14,7 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
+import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -94,8 +95,15 @@ public class UserAdminLoginModule implements LoginModule {
 			// // TODO locale?
 		} else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
 				&& sharedState.containsKey(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN)) {
-			// NB: required by Basic http auth
-			username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+			String certificateName = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+			LdapName ldapName;
+			try {
+				ldapName = new LdapName(certificateName);
+			} catch (InvalidNameException e) {
+				e.printStackTrace();
+				return false;
+			}
+			username = ldapName.getRdn(ldapName.size()-1).getValue().toString();
 			certificateChain = (X509Certificate[]) sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
 			password = null;
 		} else if (singleUser) {