|
26 | 26 | import java.util.regex.Matcher;
|
27 | 27 | import java.util.regex.Pattern;
|
28 | 28 |
|
| 29 | +/** Validates the Common Name of a terminal API certificate. */ |
29 | 30 | public final class TerminalCommonNameValidator {
|
30 | 31 |
|
31 |
| - private static final String ENVIRONMENT_WILDCARD = "{ENVIRONMENT}"; |
32 |
| - private static final String TERMINAL_API_CN_REGEX = |
33 |
| - "[a-zA-Z0-9]{3,}-[0-9]{9,15}\\." + ENVIRONMENT_WILDCARD + "\\.terminal\\.adyen\\.com"; |
34 |
| - private static final String TERMINAL_API_LEGACY_CN = |
35 |
| - "legacy-terminal-certificate." + ENVIRONMENT_WILDCARD + ".terminal.adyen.com"; |
| 32 | + // Precompiled regex for Terminal API CN format |
| 33 | + private static final Pattern TERMINAL_API_CN_TEST = |
| 34 | + Pattern.compile("[a-zA-Z0-9]{3,}-[a-zA-Z0-9]{9,15}\\.test\\.terminal\\.adyen\\.com"); |
| 35 | + private static final Pattern TERMINAL_API_CN_LIVE = |
| 36 | + Pattern.compile("[a-zA-Z0-9]{3,}-[a-zA-Z0-9]{9,15}\\.live\\.terminal\\.adyen\\.com"); |
| 37 | + |
| 38 | + // Exact strings for legacy format (no regex needed) |
| 39 | + private static final String TERMINAL_API_LEGACY_TEST = |
| 40 | + "legacy-terminal-certificate.test.terminal.adyen.com"; |
| 41 | + private static final String TERMINAL_API_LEGACY_LIVE = |
| 42 | + "legacy-terminal-certificate.live.terminal.adyen.com"; |
| 43 | + |
| 44 | + // Regex to extract CN from subject string |
| 45 | + private static final Pattern SUBJECT_ATTRIBUTE_PATTERN = |
| 46 | + Pattern.compile("(?:^|,\\s?)([A-Z]+)=((?:\"[^\"]+\")|[^,]+)"); |
36 | 47 |
|
37 | 48 | private TerminalCommonNameValidator() {}
|
38 | 49 |
|
| 50 | + /** |
| 51 | + * Validates the Common Name of the given {@link X509Certificate} for the given {@link |
| 52 | + * Environment}. |
| 53 | + * |
| 54 | + * @param certificate the {@link X509Certificate} to validate. |
| 55 | + * @param environment the {@link Environment}. |
| 56 | + * @return true if the Common Name is valid, false otherwise. |
| 57 | + */ |
39 | 58 | public static boolean validateCertificate(X509Certificate certificate, Environment environment) {
|
40 |
| - String environmentName = environment.name().toLowerCase(); |
41 | 59 | String name = certificate.getSubjectX500Principal().getName();
|
42 |
| - String patternRegex = "(?:^|,\\s?)(?:([A-Z]+)=(\"(?:[^\"]|\"\")+\"|[^,]+))+"; |
43 |
| - Pattern pattern = Pattern.compile(patternRegex); |
44 |
| - Matcher matcher = pattern.matcher(name); |
45 |
| - boolean valid = false; |
46 |
| - while (matcher.find() && !valid) { |
| 60 | + Matcher matcher = SUBJECT_ATTRIBUTE_PATTERN.matcher(name); |
| 61 | + |
| 62 | + while (matcher.find()) { |
47 | 63 | String groupName = matcher.group(1);
|
48 | 64 | if ("CN".equals(groupName)) {
|
49 | 65 | String commonName = matcher.group(2);
|
50 |
| - valid = |
51 |
| - commonName != null |
52 |
| - && (commonName.matches( |
53 |
| - TERMINAL_API_CN_REGEX.replace(ENVIRONMENT_WILDCARD, environmentName)) |
54 |
| - || commonName.equals( |
55 |
| - TERMINAL_API_LEGACY_CN.replace(ENVIRONMENT_WILDCARD, environmentName))); |
| 66 | + return isValidCommonName(commonName, environment); |
56 | 67 | }
|
57 | 68 | }
|
| 69 | + return false; |
| 70 | + } |
58 | 71 |
|
59 |
| - return valid; |
| 72 | + private static boolean isValidCommonName(String commonName, Environment environment) { |
| 73 | + if (commonName == null) { |
| 74 | + return false; |
| 75 | + } |
| 76 | + |
| 77 | + switch (environment) { |
| 78 | + case LIVE: |
| 79 | + return TERMINAL_API_CN_LIVE.matcher(commonName).matches() |
| 80 | + || TERMINAL_API_LEGACY_LIVE.equals(commonName); |
| 81 | + case TEST: |
| 82 | + return TERMINAL_API_CN_TEST.matcher(commonName).matches() |
| 83 | + || TERMINAL_API_LEGACY_TEST.equals(commonName); |
| 84 | + default: |
| 85 | + return false; |
| 86 | + } |
60 | 87 | }
|
61 | 88 | }
|
0 commit comments