Skip to content

Commit 06d51ea

Browse files
authored
TerminalCommonNameValidator: Update validation regex (#1564)
* Update validation regex * Correct javadoc * Refactor to use static regex * Precompile regex
1 parent 820f56d commit 06d51ea

File tree

2 files changed

+50
-18
lines changed

2 files changed

+50
-18
lines changed

src/main/java/com/adyen/terminal/security/TerminalCommonNameValidator.java

Lines changed: 45 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -26,36 +26,63 @@
2626
import java.util.regex.Matcher;
2727
import java.util.regex.Pattern;
2828

29+
/** Validates the Common Name of a terminal API certificate. */
2930
public final class TerminalCommonNameValidator {
3031

31-
private static final String ENVIRONMENT_WILDCARD = "{ENVIRONMENT}";
32-
private static final String TERMINAL_API_CN_REGEX =
33-
"[a-zA-Z0-9]{3,}-[0-9]{9,15}\\." + ENVIRONMENT_WILDCARD + "\\.terminal\\.adyen\\.com";
34-
private static final String TERMINAL_API_LEGACY_CN =
35-
"legacy-terminal-certificate." + ENVIRONMENT_WILDCARD + ".terminal.adyen.com";
32+
// Precompiled regex for Terminal API CN format
33+
private static final Pattern TERMINAL_API_CN_TEST =
34+
Pattern.compile("[a-zA-Z0-9]{3,}-[a-zA-Z0-9]{9,15}\\.test\\.terminal\\.adyen\\.com");
35+
private static final Pattern TERMINAL_API_CN_LIVE =
36+
Pattern.compile("[a-zA-Z0-9]{3,}-[a-zA-Z0-9]{9,15}\\.live\\.terminal\\.adyen\\.com");
37+
38+
// Exact strings for legacy format (no regex needed)
39+
private static final String TERMINAL_API_LEGACY_TEST =
40+
"legacy-terminal-certificate.test.terminal.adyen.com";
41+
private static final String TERMINAL_API_LEGACY_LIVE =
42+
"legacy-terminal-certificate.live.terminal.adyen.com";
43+
44+
// Regex to extract CN from subject string
45+
private static final Pattern SUBJECT_ATTRIBUTE_PATTERN =
46+
Pattern.compile("(?:^|,\\s?)([A-Z]+)=((?:\"[^\"]+\")|[^,]+)");
3647

3748
private TerminalCommonNameValidator() {}
3849

50+
/**
51+
* Validates the Common Name of the given {@link X509Certificate} for the given {@link
52+
* Environment}.
53+
*
54+
* @param certificate the {@link X509Certificate} to validate.
55+
* @param environment the {@link Environment}.
56+
* @return true if the Common Name is valid, false otherwise.
57+
*/
3958
public static boolean validateCertificate(X509Certificate certificate, Environment environment) {
40-
String environmentName = environment.name().toLowerCase();
4159
String name = certificate.getSubjectX500Principal().getName();
42-
String patternRegex = "(?:^|,\\s?)(?:([A-Z]+)=(\"(?:[^\"]|\"\")+\"|[^,]+))+";
43-
Pattern pattern = Pattern.compile(patternRegex);
44-
Matcher matcher = pattern.matcher(name);
45-
boolean valid = false;
46-
while (matcher.find() && !valid) {
60+
Matcher matcher = SUBJECT_ATTRIBUTE_PATTERN.matcher(name);
61+
62+
while (matcher.find()) {
4763
String groupName = matcher.group(1);
4864
if ("CN".equals(groupName)) {
4965
String commonName = matcher.group(2);
50-
valid =
51-
commonName != null
52-
&& (commonName.matches(
53-
TERMINAL_API_CN_REGEX.replace(ENVIRONMENT_WILDCARD, environmentName))
54-
|| commonName.equals(
55-
TERMINAL_API_LEGACY_CN.replace(ENVIRONMENT_WILDCARD, environmentName)));
66+
return isValidCommonName(commonName, environment);
5667
}
5768
}
69+
return false;
70+
}
5871

59-
return valid;
72+
private static boolean isValidCommonName(String commonName, Environment environment) {
73+
if (commonName == null) {
74+
return false;
75+
}
76+
77+
switch (environment) {
78+
case LIVE:
79+
return TERMINAL_API_CN_LIVE.matcher(commonName).matches()
80+
|| TERMINAL_API_LEGACY_LIVE.equals(commonName);
81+
case TEST:
82+
return TERMINAL_API_CN_TEST.matcher(commonName).matches()
83+
|| TERMINAL_API_LEGACY_TEST.equals(commonName);
84+
default:
85+
return false;
86+
}
6087
}
6188
}

src/test/java/com/adyen/terminal/security/TerminalCommonNameValidatorTest.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,11 @@ public static Collection<Object[]> data() {
4545
return Arrays.asList(
4646
new Object[][] {
4747
// Valid CNs and environment
48+
{
49+
"[email protected], CN=TG300-G10M257M70004.test.terminal.adyen.com, OU=Mock, O=Mock, L=Mock, ST=MO, C=MO",
50+
Environment.TEST,
51+
true
52+
},
4853
{
4954
"[email protected], CN=legacy-terminal-certificate.test.terminal.adyen.com, OU=Mock, O=Mock, L=Mock, ST=MO, C=MO",
5055
Environment.TEST,

0 commit comments

Comments
 (0)