* {@inheritDoc}
*/
public Entry mapCertificateToUser(Certificate[] certificateChain)
throws DirectoryException
{
SubjectDNToUserAttributeCertificateMapperCfg config =
currentConfig;
AttributeType subjectAttributeType = config.getSubjectAttribute();
// Make sure that a peer certificate was provided.
if ((certificateChain == null) || (certificateChain.length == 0))
{
Message message = ERR_SDTUACM_NO_PEER_CERTIFICATE.get();
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
}
// Get the first certificate in the chain. It must be an X.509 certificate.
X509Certificate peerCertificate;
try
{
peerCertificate = (X509Certificate) certificateChain[0];
}
catch (Exception e)
{
if (debugEnabled())
{
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_SDTUACM_PEER_CERT_NOT_X509.get(
String.valueOf(certificateChain[0].getType()));
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
}
// Get the subject from the peer certificate and use it to create a search
// filter.
X500Principal peerPrincipal = peerCertificate.getSubjectX500Principal();
String peerName = peerPrincipal.getName(X500Principal.RFC2253);
AttributeValue value =
AttributeValues.create(subjectAttributeType, peerName);
SearchFilter filter =
SearchFilter.createEqualityFilter(subjectAttributeType, value);
// If we have an explicit set of base DNs, then use it. Otherwise, use the
// set of public naming contexts in the server.
Collection<DN> baseDNs = config.getUserBaseDN();
if ((baseDNs == null) || baseDNs.isEmpty())
{
baseDNs = DirectoryServer.getPublicNamingContexts().keySet();
}