Hey all,

Out of sheer curiosity, why does the provided implementation of SubjectDnX509PrincipalExtractor use a regex for extracting the CN?

Seeing as how this is the provided implementation I can see this as being simple. But Java's library contains the LdapName class which is capable of parsing the DN into more discrete objects.

I only ask as I've run into an oddity with another application and DN strings that are not RFC2253 formatted instead are openssl "oneline" format. Oddly enough, the CN for a particular entry included a "/" which is not escaped. As such it could not be parsed correctly.

So with regard to that, if the DN extracted by the provided SubjectDnX509PrincipalExtractor contains a comma (say CN="Doe, John") the default regex of CN=(.*), would only match ["Doe] and stop matching. Would it be advisable to possibly update this implementation to use the LdapName or are there other issues involved with this.

Thanks in advance