Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ARTEMIS-5102 normalise option to DN value parsing for the Cert login module

This commit is contained in:
Gary Tully 2024-10-11 15:45:05 +01:00 committed by Justin Bertram
parent c3f1e09e88
commit e47698453a
9 changed files with 2257 additions and 2115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoader.java
View File

@ -41,7 +41,16 @@ public class PropertiesLoader {
}
}
interface NormaliseStringValues {
String normalize(String o);
}
public ReloadableProperties load(String nameProperty, String fallbackName, Map options) {
return load(nameProperty, fallbackName, options, null);
}
public ReloadableProperties load(String nameProperty, String fallbackName, Map options, NormaliseStringValues valueNormaliser) {
ReloadableProperties result;
FileNameKey key = new FileNameKey(nameProperty, fallbackName, options);
key.setDebug(debug);
@ -49,7 +58,16 @@ public class PropertiesLoader {
synchronized (staticCache) {
result = staticCache.get(key);
if (result == null) {
result = new ReloadableProperties(key);
if (valueNormaliser == null) {
result = new ReloadableProperties(key);
} else {
result = new ReloadableProperties(key) {
@Override
protected String normaliseStringValue(String value) {
return valueNormaliser.normalize(value);
}
};
}
staticCache.put(key, result);
}
}

7
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ReloadableProperties.java
View File

@ -78,6 +78,9 @@ public class ReloadableProperties {
adler32.update(sKey.getBytes(StandardCharsets.UTF_8));
adler32.update('=');
adler32.update(sValue.getBytes(StandardCharsets.UTF_8));
if (!looksLikeRegexp(sValue)) {
value = normaliseStringValue(sValue);
}
}
return super.put(key, value);
}
@ -103,6 +106,10 @@ public class ReloadableProperties {
return this;
}
protected String normaliseStringValue(String key) {
return key;
}
private void updateStatus() {
HashMap<String, String> statusAttributes = new HashMap<>();
statusAttributes.put("Alder32", String.valueOf(checksum));

9
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java
View File

@ -19,6 +19,7 @@ package org.apache.activemq.artemis.spi.core.security.jaas;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Map;
@ -44,6 +45,7 @@ public class TextFileCertificateLoginModule extends CertificateLoginModule {
private Map<String, Set<String>> rolesByUser;
private Map<String, Pattern> regexpByUser;
private Map<String, String> usersByDn;
boolean normalise = false; // leaving this off by default as it validates the input, which may blow up with preexisting config
/**
* Performs initialization of file paths. A standard JAAS override.
@ -54,7 +56,12 @@ public class TextFileCertificateLoginModule extends CertificateLoginModule {
Map<String, ?> sharedState,
Map<String, ?> options) {
super.initialize(subject, callbackHandler, sharedState, options);
usersByDn = load(USER_FILE_PROP_NAME, "", options).invertedPropertiesMap();
normalise = booleanOption("normalise", options);
if (normalise) {
usersByDn = load(USER_FILE_PROP_NAME, "", options, (String v) -> new X500Principal(v).getName()).invertedPropertiesMap();
} else {
usersByDn = load(USER_FILE_PROP_NAME, "", options).invertedPropertiesMap();
}
regexpByUser = load(USER_FILE_PROP_NAME, "", options).regexpPropertiesMap();
rolesByUser = load(ROLE_FILE_PROP_NAME, "", options).invertedPropertiesValuesMap();
}

52
artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileCertificateLoginModuleTest.java
View File

@ -20,6 +20,7 @@ import javax.management.remote.JMXPrincipal;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import java.security.cert.X509Certificate;
import java.io.IOException;
@ -41,6 +42,9 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.lang.invoke.MethodHandles;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class TextFileCertificateLoginModuleTest {
private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
@ -95,6 +99,52 @@ public class TextFileCertificateLoginModuleTest {
loginTest(CERT_USERS_FILE_REGEXP, CERT_GROUPS_FILE);
}
@Test()
public void testLoginNormaliseFalseSpace() throws Exception {
HashMap<String, String> options = new HashMap<>();
options.put("org.apache.activemq.jaas.textfiledn.user", CERT_USERS_FILE_SMALL);
options.put("org.apache.activemq.jaas.textfiledn.role", CERT_GROUPS_FILE);
options.put("normalise", "false");
assertThrows(FailedLoginException.class, ()-> {
loginOneTest(options, "CN=TEST_CS,OU=TEST,O=TEST", "COMMA_SPACE");
});
}
@Test()
public void testLoginNormaliseDefaultSpace() throws Exception {
HashMap<String, String> options = new HashMap<>();
options.put("org.apache.activemq.jaas.textfiledn.user", CERT_USERS_FILE_SMALL);
options.put("org.apache.activemq.jaas.textfiledn.role", CERT_GROUPS_FILE);
assertThrows(FailedLoginException.class, ()-> {
loginOneTest(options, "CN=TEST_CS,OU=TEST,O=TEST", "COMMA_SPACE");
});
}
@Test()
public void testLoginNormaliseTrueCommaSpace() throws Exception {
HashMap<String, String> options = new HashMap<>();
options.put("org.apache.activemq.jaas.textfiledn.user", CERT_USERS_FILE_SMALL);
options.put("org.apache.activemq.jaas.textfiledn.role", CERT_GROUPS_FILE);
options.put("normalise", "true");
loginOneTest(options, "CN=TEST_CS,OU=TEST,O=TEST", "COMMA_SPACE");
}
@Test
public void testLoginNormaliseNoSpace() throws Exception {
HashMap<String, String> options = new HashMap<>();
options.put("org.apache.activemq.jaas.textfiledn.user", CERT_USERS_FILE_SMALL);
options.put("org.apache.activemq.jaas.textfiledn.role", CERT_GROUPS_FILE);
options.put("normalise", "true");
loginOneTest(options, "CN=TEST_CNS,OU=TEST,O=TEST", "COMMA_NO_SPACE");
}
private void loginOneTest(HashMap options, String dnFromCert, String user) throws LoginException {
Subject subject = doAuthenticate(options, getJaasCertificateCallbackHandler(dnFromCert));
assertTrue(subject.getPrincipals().stream().findFirst().toString().contains(user));
}
private void loginTest(String usersFiles, String groupsFile) throws LoginException {
HashMap<String, String> options = new HashMap<>();
@ -106,7 +156,7 @@ public class TextFileCertificateLoginModuleTest {
Subject[] subjects = new Subject[NUMBER_SUBJECTS];
for (int i = 0; i < callbackHandlers.length; i++) {
callbackHandlers[i] = getJaasCertificateCallbackHandler("DN=TEST_USER_" + (i + 1));
callbackHandlers[i] = getJaasCertificateCallbackHandler("CN=TEST_USER_" + (i + 1));
}
long startTime = System.currentTimeMillis();

54
artemis-server/src/test/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoaderTest.java Normal file
View File

@ -0,0 +1,54 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.artemis.spi.core.security.jaas;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Path;
import java.util.HashMap;
import java.util.Locale;
import java.util.Properties;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.assertFalse;
class PropertiesLoaderTest {
@Test
void load(@TempDir Path tempDir) throws IOException {
Path file = tempDir.resolve("p.properties");
Properties properties = new Properties();
properties.put("p1", "b");
properties.put("p2", "b");
properties.put("p3", "/b/"); // regexp
FileWriter fileWriter = new FileWriter(file.toFile());
properties.store(fileWriter, "");
PropertiesLoader underTest = new PropertiesLoader();
HashMap options = new HashMap();
options.put("baseDir", file.getParent().toString());
ReloadableProperties props = underTest.load("", file.toFile().getName(), options, (String v) -> v.toUpperCase(Locale.ROOT));
assertTrue(props.getProps().getProperty("p1").equals("B"));
assertTrue(props.getProps().getProperty("p2").equals("B"));
assertFalse(props.getProps().getProperty("p3").contains("B"));
}
}

4020
artemis-server/src/test/resources/cert-users-LARGE.properties
View File

File diff suppressed because it is too large Load Diff

4
artemis-server/src/test/resources/cert-users-REGEXP.properties
View File

@ -14,5 +14,5 @@
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
CNODD=/DN=TEST_USER_\\d*[13579]/
CNEVEN=/DN=TEST_USER_\\d*[02468]/
CNODD=/CN=TEST_USER_\\d*[13579]/
CNEVEN=/CN=TEST_USER_\\d*[02468]/

202
artemis-server/src/test/resources/cert-users-SMALL.properties
View File

@ -14,103 +14,105 @@
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
1CN=TEST0000001, OU=TEST, O=TEST TEST TEST1 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
2CN=TEST0000001, OU=TEST, O=TEST TEST TEST2 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
3CN=TEST0000001, OU=TEST, O=TEST TEST TEST3 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
4CN=TEST0000001, OU=TEST, O=TEST TEST TEST4 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
5CN=TEST0000001, OU=TEST, O=TEST TEST TEST5 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
6CN=TEST0000001, OU=TEST, O=TEST TEST TEST6 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
7CN=TEST0000001, OU=TEST, O=TEST TEST TEST7 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
8CN=TEST0000001, OU=TEST, O=TEST TEST TEST8 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
9CN=TEST0000001, OU=TEST, O=TEST TEST TEST9 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
10CN=TEST0000001, OU=TEST, O=TEST TEST TEST10 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
11CN=TEST0000001, OU=TEST, O=TEST TEST TEST11 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
12CN=TEST0000001, OU=TEST, O=TEST TEST TEST12 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
13CN=TEST0000001, OU=TEST, O=TEST TEST TEST13 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
14CN=TEST0000001, OU=TEST, O=TEST TEST TEST14 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
15CN=TEST0000001, OU=TEST, O=TEST TEST TEST15 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
16CN=TEST0000001, OU=TEST, O=TEST TEST TEST16 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
17CN=TEST0000001, OU=TEST, O=TEST TEST TEST17 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
18CN=TEST0000001, OU=TEST, O=TEST TEST TEST18 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
19CN=TEST0000001, OU=TEST, O=TEST TEST TEST19 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
20CN=TEST0000001, OU=TEST, O=TEST TEST TEST20 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
21CN=TEST0000001, OU=TEST, O=TEST TEST TEST21 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
22CN=TEST0000001, OU=TEST, O=TEST TEST TEST22 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
23CN=TEST0000001, OU=TEST, O=TEST TEST TEST23 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
24CN=TEST0000001, OU=TEST, O=TEST TEST TEST24 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
25CN=TEST0000001, OU=TEST, O=TEST TEST TEST25 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
26CN=TEST0000001, OU=TEST, O=TEST TEST TEST26 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
27CN=TEST0000001, OU=TEST, O=TEST TEST TEST27 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
28CN=TEST0000001, OU=TEST, O=TEST TEST TEST28 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
29CN=TEST0000001, OU=TEST, O=TEST TEST TEST29 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
30CN=TEST0000001, OU=TEST, O=TEST TEST TEST30 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
31CN=TEST0000001, OU=TEST, O=TEST TEST TEST31 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
32CN=TEST0000001, OU=TEST, O=TEST TEST TEST32 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
33CN=TEST0000001, OU=TEST, O=TEST TEST TEST33 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
34CN=TEST0000001, OU=TEST, O=TEST TEST TEST34 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
35CN=TEST0000001, OU=TEST, O=TEST TEST TEST35 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
36CN=TEST0000001, OU=TEST, O=TEST TEST TEST36 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
37CN=TEST0000001, OU=TEST, O=TEST TEST TEST37 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
38CN=TEST0000001, OU=TEST, O=TEST TEST TEST38 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
39CN=TEST0000001, OU=TEST, O=TEST TEST TEST39 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
40CN=TEST0000001, OU=TEST, O=TEST TEST TEST40 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
41CN=TEST0000001, OU=TEST, O=TEST TEST TEST41 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
42CN=TEST0000001, OU=TEST, O=TEST TEST TEST42 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
43CN=TEST0000001, OU=TEST, O=TEST TEST TEST43 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
44CN=TEST0000001, OU=TEST, O=TEST TEST TEST44 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
45CN=TEST0000001, OU=TEST, O=TEST TEST TEST45 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
46CN=TEST0000001, OU=TEST, O=TEST TEST TEST46 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
47CN=TEST0000001, OU=TEST, O=TEST TEST TEST47 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
48CN=TEST0000001, OU=TEST, O=TEST TEST TEST48 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
49CN=TEST0000001, OU=TEST, O=TEST TEST TEST49 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
50CN=TEST0000001, OU=TEST, O=TEST TEST TEST50 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
51CN=TEST0000001, OU=TEST, O=TEST TEST TEST51 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
52CN=TEST0000001, OU=TEST, O=TEST TEST TEST52 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
53CN=TEST0000001, OU=TEST, O=TEST TEST TEST53 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
54CN=TEST0000001, OU=TEST, O=TEST TEST TEST54 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
55CN=TEST0000001, OU=TEST, O=TEST TEST TEST55 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
56CN=TEST0000001, OU=TEST, O=TEST TEST TEST56 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
57CN=TEST0000001, OU=TEST, O=TEST TEST TEST57 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
58CN=TEST0000001, OU=TEST, O=TEST TEST TEST58 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
59CN=TEST0000001, OU=TEST, O=TEST TEST TEST59 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
60CN=TEST0000001, OU=TEST, O=TEST TEST TEST60 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
61CN=TEST0000001, OU=TEST, O=TEST TEST TEST61 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
62CN=TEST0000001, OU=TEST, O=TEST TEST TEST62 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
63CN=TEST0000001, OU=TEST, O=TEST TEST TEST63 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
64CN=TEST0000001, OU=TEST, O=TEST TEST TEST64 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
65CN=TEST0000001, OU=TEST, O=TEST TEST TEST65 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
66CN=TEST0000001, OU=TEST, O=TEST TEST TEST66 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
67CN=TEST0000001, OU=TEST, O=TEST TEST TEST67 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
68CN=TEST0000001, OU=TEST, O=TEST TEST TEST68 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
69CN=TEST0000001, OU=TEST, O=TEST TEST TEST69 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
70CN=TEST0000001, OU=TEST, O=TEST TEST TEST70 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
71CN=TEST0000001, OU=TEST, O=TEST TEST TEST71 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
72CN=TEST0000001, OU=TEST, O=TEST TEST TEST72 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
73CN=TEST0000001, OU=TEST, O=TEST TEST TEST73 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
74CN=TEST0000001, OU=TEST, O=TEST TEST TEST74 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
75CN=TEST0000001, OU=TEST, O=TEST TEST TEST75 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
76CN=TEST0000001, OU=TEST, O=TEST TEST TEST76 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
77CN=TEST0000001, OU=TEST, O=TEST TEST TEST77 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
78CN=TEST0000001, OU=TEST, O=TEST TEST TEST78 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
79CN=TEST0000001, OU=TEST, O=TEST TEST TEST79 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
80CN=TEST0000001, OU=TEST, O=TEST TEST TEST80 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
81CN=TEST0000001, OU=TEST, O=TEST TEST TEST81 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
82CN=TEST0000001, OU=TEST, O=TEST TEST TEST82 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
83CN=TEST0000001, OU=TEST, O=TEST TEST TEST83 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
84CN=TEST0000001, OU=TEST, O=TEST TEST TEST84 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
85CN=TEST0000001, OU=TEST, O=TEST TEST TEST85 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
86CN=TEST0000001, OU=TEST, O=TEST TEST TEST86 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
87CN=TEST0000001, OU=TEST, O=TEST TEST TEST87 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
88CN=TEST0000001, OU=TEST, O=TEST TEST TEST88 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
89CN=TEST0000001, OU=TEST, O=TEST TEST TEST89 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
90CN=TEST0000001, OU=TEST, O=TEST TEST TEST90 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
10001CN=DN=TEST_USER_1
10002CN=DN=TEST_USER_2
10003CN=DN=TEST_USER_3
10004CN=DN=TEST_USER_4
10005CN=DN=TEST_USER_5
10006CN=DN=TEST_USER_6
10007CN=DN=TEST_USER_7
10008CN=DN=TEST_USER_8
10009CN=DN=TEST_USER_9
10010CN=DN=TEST_USER_10
1CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST1 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
2CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST2 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
3CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST3 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
4CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST4 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
5CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST5 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
6CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST6 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
7CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST7 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
8CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST8 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
9CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST9 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
10CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST10 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
11CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST11 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
12CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST12 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
13CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST13 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
14CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST14 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
15CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST15 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
16CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST16 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
17CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST17 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
18CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST18 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
19CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST19 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
20CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST20 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
21CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST21 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
22CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST22 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
23CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST23 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
24CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST24 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
25CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST25 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
26CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST26 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
27CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST27 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
28CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST28 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
29CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST29 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
30CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST30 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
31CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST31 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
32CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST32 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
33CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST33 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
34CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST34 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
35CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST35 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
36CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST36 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
37CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST37 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
38CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST38 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
39CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST39 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
40CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST40 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
41CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST41 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
42CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST42 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
43CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST43 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
44CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST44 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
45CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST45 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
46CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST46 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
47CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST47 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
48CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST48 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
49CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST49 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
50CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST50 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
51CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST51 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
52CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST52 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
53CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST53 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
54CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST54 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
55CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST55 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
56CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST56 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
57CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST57 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
58CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST58 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
59CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST59 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
60CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST60 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
61CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST61 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
62CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST62 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
63CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST63 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
64CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST64 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
65CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST65 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
66CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST66 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
67CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST67 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
68CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST68 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
69CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST69 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
70CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST70 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
71CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST71 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
72CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST72 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
73CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST73 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
74CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST74 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
75CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST75 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
76CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST76 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
77CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST77 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
78CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST78 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
79CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST79 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
80CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST80 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
81CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST81 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
82CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST82 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
83CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST83 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
84CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST84 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
85CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST85 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
86CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST86 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
87CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST87 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
88CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST88 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
89CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST89 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
90CN=CN=TEST0000001, OU=TEST, O=TEST TEST TEST90 TEST TEST TEST TEST TEST TEST, L=TEST, ST=TEST, C=GB
10001CN=CN=TEST_USER_1
10002CN=CN=TEST_USER_2
10003CN=CN=TEST_USER_3
10004CN=CN=TEST_USER_4
10005CN=CN=TEST_USER_5
10006CN=CN=TEST_USER_6
10007CN=CN=TEST_USER_7
10008CN=CN=TEST_USER_8
10009CN=CN=TEST_USER_9
10010CN=CN=TEST_USER_10
COMMA_NO_SPACE=CN=TEST_CNS,OU=TEST,O=TEST
COMMA_SPACE=CN=TEST_CS, OU=TEST, O=TEST

4
docs/user-manual/security.adoc
View File

@ -828,6 +828,10 @@ boolean flag;
whether or not to reload the properties files when a modification occurs;
default is `false`
normalise::
boolean flag; whether the DN values should be validated and normalised into the X500Name string format used for matching; default is false.
Using this option can avoid the ambiguity around the string form of a DN that is discussed below. When true, the DN string is validated, and then normalised into the internal X500Name format.
In the context of the certificate login module, the `users.properties` file consists of a list of properties of the form, `UserName=StringifiedSubjectDN` or `UserName=/SubjectDNRegExp/`.
For example, to define the users, `system`, `user` and `guest` as well as a `hosts` user matching several DNs, you could create a file like the following: