* {@inheritDoc}
*/
public Entry mapCertificateToUser(Certificate[] certificateChain)
throws DirectoryException
{
SubjectAttributeToUserAttributeCertificateMapperCfg config =
currentConfig;
LinkedHashMap<String,AttributeType> attributeMap = this.attributeMap;
// Make sure that a peer certificate was provided.
if ((certificateChain == null) || (certificateChain.length == 0))
{
Message message = ERR_SATUACM_NO_PEER_CERTIFICATE.get();
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
}
// Get the first certificate in the chain. It must be an X.509 certificate.
X509Certificate peerCertificate;
try
{
peerCertificate = (X509Certificate) certificateChain[0];
}
catch (Exception e)
{
if (debugEnabled())
{
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_SATUACM_PEER_CERT_NOT_X509.get(
String.valueOf(certificateChain[0].getType()));
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
}
// Get the subject from the peer certificate and use it to create a search
// filter.
DN peerDN;
X500Principal peerPrincipal = peerCertificate.getSubjectX500Principal();
String peerName = peerPrincipal.getName(X500Principal.RFC2253);
try
{
peerDN = DN.decode(peerName);
}
catch (DirectoryException de)
{
Message message = ERR_SATUACM_CANNOT_DECODE_SUBJECT_AS_DN.get(
peerName, de.getMessageObject());
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message,
de);
}
LinkedList<SearchFilter> filterComps = new LinkedList<SearchFilter>();
for (int i=0; i < peerDN.getNumComponents(); i++)
{
RDN rdn = peerDN.getRDN(i);
for (int j=0; j < rdn.getNumValues(); j++)
{
String lowerName = toLowerCase(rdn.getAttributeName(j));
AttributeType attrType = attributeMap.get(lowerName);
if (attrType != null)
{
filterComps.add(SearchFilter.createEqualityFilter(attrType,
rdn.getAttributeValue(j)));
}
}
}
if (filterComps.isEmpty())
{
Message message = ERR_SATUACM_NO_MAPPABLE_ATTRIBUTES.get(peerName);
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
}
SearchFilter filter = SearchFilter.createANDFilter(filterComps);
// If we have an explicit set of base DNs, then use it. Otherwise, use the
// set of public naming contexts in the server.
Collection<DN> baseDNs = config.getUserBaseDN();
if ((baseDNs == null) || baseDNs.isEmpty())
{
baseDNs = DirectoryServer.getPublicNamingContexts().keySet();
}