feat: add support for organization certificates

mrts · mrts · commit a07737dc79b8 · 2025-05-26T10:48:10.000+03:00
diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java
@@ -52,8 +52,13 @@ private WebEidAuthentication(String principalName, String idCode, List<GrantedAu
     }
 
     private static String getPrincipalNameFromCertificate(X509Certificate userCertificate) throws CertificateEncodingException {
-        return Objects.requireNonNull(CertificateData.getSubjectGivenName(userCertificate)) + ' ' +
-                Objects.requireNonNull(CertificateData.getSubjectSurname(userCertificate));
+        try {
+            return Objects.requireNonNull(CertificateData.getSubjectGivenName(userCertificate)) + ' ' +
+                    Objects.requireNonNull(CertificateData.getSubjectSurname(userCertificate));
+        } catch (CertificateEncodingException e) {
+            // Organization certificates do not have given name and surname fields.
+            return Objects.requireNonNull(CertificateData.getSubjectCN(userCertificate));
+        }
     }
 
 }
diff --git a/example/src/main/resources/application-dev.yaml b/example/src/main/resources/application-dev.yaml
@@ -1,4 +1,4 @@
 web-eid-auth-token:
   validation:
     use-digidoc4j-prod-configuration: false
-    local-origin: "https://528bc9f21520.ngrok.io"
+    local-origin: "https://test.web-eid.eu"
diff --git a/example/src/main/resources/certs/dev/TEST_of_KLASS3-SK_2016.cer b/example/src/main/resources/certs/dev/TEST_of_KLASS3-SK_2016.cer
diff --git a/example/src/test/java/eu/webeid/example/security/WebEidAuthenticationTest.java b/example/src/test/java/eu/webeid/example/security/WebEidAuthenticationTest.java
@@ -0,0 +1,23 @@
+package eu.webeid.example.security;
+
+import eu.webeid.security.certificate.CertificateLoader;
+import org.junit.jupiter.api.Test;
+import org.springframework.security.core.Authentication;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class WebEidAuthenticationTest {
+
+    private static final String ORGANIZATION_CERT = "MIIF2zCCA8OgAwIBAgIQJs4xyGoNzixjYmV9gUjYljANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYwHhcNMjIxMTAyMTI0MTA0WhcNMjUxMjAxMTI0MTA0WjB7MREwDwYDVQQFEwgxMjI3NjI3OTERMA8GA1UECAwISGFyanVtYWExEDAOBgNVBAcMB1RhbGxpbm4xCzAJBgNVBAYTAkVFMRAwDgYDVQQKDAdUVFQgT8OcMSIwIAYDVQQDDBlUZXN0aWphZC5lZSBpc2lrdXR1dmFzdHVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSV4zydk5WY2AuUJ50lNpH3q2C+WH0dE/wqq4nFqpNYkyzFNHecFDFlU0YcpPrhFKDZfJtaAP/drvmdqaVdAcCGIPnXhZ+01pCvmlebe7//kQXaZ6ZHS3EAtwy0EBsVVOMapw1kC58YYymlJhTrdzDFrqjdgv1t1Ph9Gkg/PhaHvqGtKp3IY+v33EwxEV3nPIhZHHC/d0YnzVaN5QiSHbU+mRt8+d2vHPNPNY3qVDh8MPOrJIDeIHp9oSS1+FF4crnvfxmg99d7zemsSstR8/SXedYuvWZb6iSybAjhucp21uF0tcqJ2k6+ZH/976AEy0IC8r4tgf7r70hhYu6KOOQIDAQABo4IBRTCCAUEwCQYDVR0TBAIwADBUBgNVHSAETTBLMDIGCysGAQQBzh8HAQIGMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL2NwczAIBgYEAI96AQEwCwYJKwYBBAHOHwkDMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFC4bj7sBLzT42jAEi1zB8lwl49j3MA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUbNSRZSddDUofhxlpoSVEunofez8weQYIKwYBBQUHAQEEbTBrMC0GCCsGAQUFBzABhiFodHRwOi8vYWlhLmRlbW8uc2suZWUva2xhc3MzLTIwMTYwOgYIKwYBBQUHMAKGLmh0dHBzOi8vYy5zay5lZS9URVNUX29mX0tMQVNTMy1TS18yMDE2LmRlci5jcnQwDQYJKoZIhvcNAQELBQADggIBAE8Z/GIEfPWGMe1fHYqCQ2v3zSOuIzyeEId595wrknl7IcLY8ogG10oDUw6rDWQ6jMBS5PINUG+WpH6Wo8qxkPY5Dz4WQvBB2qnuJTH3Bvm/PFpsD1Jk7dOF35P4kfX63NnsCkccRxwlhjFE56WdxDOwhC+neF5FP4hvYvbIIK73DVxRg6yBe4i/Y/g5MOXKrzpHvRzMTURqR3lF0dAgIwMNluik4so/B2DIXMYHi6jZVJlwdQriyL7HI4/Ub3QwyTrbfJtXkwWINsMaCFG+Ccjae3TVRFDJvIIE/gQd4wEh+PK0RJBYfOnAypFEKyH+giID7LIAnO90MY6mNl1QSLQWrdlqMxv+fDdEi/JwGLZyHzEOxKs9C4S8zngwCiDFBHMtJcL9A1vq512yBz5aXYwlqcmjcQDegLT6s6otu+AXO8ZOdqsA+/ak7BEl0FUWlsc8yLKa4cuLiV68iArfl+VFVIZ+jgdMplwUuf5c2QN5f0gPZZxkiAXQ8D8qssW1yI+dLCuPXPwyMENGxWTzyodcSdkpZsdIyOg7/o+WK3RczvMjjT8X8F4XKo8JPjZBYyGBx5XkqhwVrX3SjEmRPFdcvy+glYRoTslgM2fsj5fSNxCIsq1fQN8yVjYnxk8/X53AsorcpWpLMHxtoxT+YvNZzryY00QjS5kgUQBNmFaU";
+
+    @Test
+    void whenOrganizationCertificate_thenSucceeds() throws Exception {
+        final X509Certificate certificate = CertificateLoader.decodeCertificateFromBase64(ORGANIZATION_CERT);
+        final Authentication authentication = WebEidAuthentication.fromCertificate(certificate, Collections.emptyList());
+        assertThat(authentication.getPrincipal()).isEqualTo("Testijad.ee isikutuvastus");
+    }
+
+}

Original file line number	Diff line number	Diff line change
`@@ -52,8 +52,13 @@ private WebEidAuthentication(String principalName, String idCode, List<GrantedAu`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`private static String getPrincipalNameFromCertificate(X509Certificate userCertificate) throws CertificateEncodingException {`
`55`		`- return Objects.requireNonNull(CertificateData.getSubjectGivenName(userCertificate)) + ' ' +`
`56`		`- Objects.requireNonNull(CertificateData.getSubjectSurname(userCertificate));`
	`55`	`+ try {`
	`56`	`+ return Objects.requireNonNull(CertificateData.getSubjectGivenName(userCertificate)) + ' ' +`
	`57`	`+ Objects.requireNonNull(CertificateData.getSubjectSurname(userCertificate));`
	`58`	`+ } catch (CertificateEncodingException e) {`
	`59`	`+ // Organization certificates do not have given name and surname fields.`
	`60`	`+ return Objects.requireNonNull(CertificateData.getSubjectCN(userCertificate));`
	`61`	`+ }`
`57`	`62`	`}`
`58`	`63`
`59`	`64`	`}`