Pipes
2024.40 Pipes
2024.40 Pipes
  • Introduction
  • Configuration
  • Valves
    • API
      • HTTP Response Format Valve
    • Debug
      • Dump Request
      • Dump Session
      • Dump State
      • Wait
    • EntraID
      • Create User
      • Get User
      • List Users
      • Add User Groups
    • Flow
      • Flow Fail
      • Flow State Add
      • Assert Value
      • Pipe Exec
      • Pipe Call
    • Item
      • Item Create
      • Item Merge
      • Item Remove
      • Items Remove
      • Item Property Add
      • Item Property Split
      • Item Property Rename
      • Item Property Token Replace
      • MV Property To Items
      • JSON To Items
      • MV Property Join
    • Freja
    • BankID
      • BidOperation
      • BidToItems
    • DateTime
      • Instant Generator
      • Instant Transformer
    • HTTP
      • GET
      • PUT
      • POST
      • DELETE
    • JWT
      • CreateJwt
      • ParseJwt
    • JSON
      • JsonObjectCreate
    • LDAP
      • LDAP Search
      • LDAP Group Filter
      • LDAP Bind
      • LDAP Add
      • LDAP Delete
      • LDAP Modify
      • LDAP Move
      • DN Parse
    • JDBC Query
    • Cef event
    • Request
      • RequestParameterExist
      • RequestParameterRename
    • Session
      • Session Put
      • Session Create
      • CopyFromSession
    • ScriptEval
    • Codecs
      • Base64 Encode
      • Base64 Decode
    • Tokens
      • Token Authentication
    • PKI
      • X509 Certificate Extractor
      • Passcode Generator
      • X509 Certificate Validator
    • Delivery
      • Clean Mobile Valve
      • SMS Valve
      • Voice Valve
      • SMTP Valve
    • OTP
      • OTP Generation
      • OTP Validation
    • Misc
      • Basic Auth
Powered by GitBook
On this page
  • Introduction
  • Configuration
  1. Valves
  2. PKI

X509 Certificate Extractor

Valve for extracting X.509 certificate attributes

PreviousPKINextPasscode Generator

Last updated 1 year ago

Introduction

Use this valve to extract attributes from a X.509 v3 certificate.

This valve is a part of the item iteration API meaning that it operates on the current item set. For more information on item iteration, see .

Valve operates on current item set and extracted attributes will added as properties on the current item. If no item exist a new will be created using certificate subject as identifier.

The following attributes are extracted:

  • subject

  • issuer

  • serialNumber

  • notBefore

  • notAfter

  • subjectAltNames

  • publicKey

  • publicKeyAlgorithm

  • publicKeyFormat

  • publicKeyType (only RSA)

  • publicKeySize (only RSA)

  • crlDistributionPoints

  • ocspLocations

  • ocspIssuers

  • basicConstraints

  • sigAlgName

  • sigAlgOid

  • keyUsage

  • extKeyUsage

Item properties are prefixed (default "cert_") to avoid affection existing properties.

Certificate attributes with multiple values are added as multi valued item properties.

Certificate attributes that contain name-value pairs (like subjectAltNames) are added as multi-valued name-value string in format "name=value".

Configuration

Valve name: X509CertificateExtractor

Name
Description
Default value
Mandatory
Expanded

src

X509 certificate in PEM format.

prefix

Item property name prefix.

"cert_"

{
  "name" : "X509CertificateExtractor,
  "config" : {
    "src" : "pem",
    "prefix" : "cert_"
  }
}

Item