eric_haupt1
Sep 06, 2017Nimbostratus
Client Certificate - Regex to parse numbers from cert subject
I've been using an irule from Devcentral for quite some time to parse the othername:UPN x509 field from our client certificates for APM use. However, our clients are provided two certs and one of these certs does not have this .x509 extension field. We typically tell the clients which cert to use, but I'm trying to build logic to pull the UPN identifier from the cert subject field on the second cert. This identifier will be a set of either 10 numbers or 16 numbers. I'm having a bit of difficulty with the regex on this one. The lines of interest are in the "else" section. Basically I'd like to take the cert subject - extract the 10 or 16 numbers from it - add the site ID - then query LDAP for this user.
Thanks!
when ACCESS_POLICY_AGENT_EVENT {
switch [ACCESS::policy agent_id] {
"CACPROCESSING" {
if { [ACCESS::session data get session.ssl.cert.x509extension] contains "othername:UPN<" } {
set tempupn [findstr [ACCESS::session data get session.ssl.cert.x509extension] "othername:UPN<" 14 ">"]
ACCESS::session data set session.custom.certupn $tempupn }
else { set temppiv [regxp ([0-9]{16}|[0-9]{10}) [ACCESS::session data get session.ssl.cert.subject] ]
set tempupn $temppiv + "@company"
ACCESS::session data set session.custom.certupn $tempupn }
}
}