CertificateExtractorValve
Note
Valve for extracting attributes from a certificate in PEM format. All certificate attributes will be added as item properties.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| cert | The certificate to read. Must be in PEM format. | Yes | Yes | |
| attributes | Select which certificate attributes to read. * means all. | * | No | No |
| prefix | Item property prefix. All item properties added will start with this prefix. | cert_ | No | No |
Attributes
Supports extraction of the following certificate attributes:
| Name | Description |
|---|---|
| subject | Certificate subject name |
| issuer | Certificate issuer name |
| not_before | Certificate not before value as an ISO date/time |
| not_after | Certificate not after value as an ISO date/time |
| serial | Serial number |
| key_usage | Key usage as a comma separated string of booleans (true/false), see About X509 Valves |
| basic_contraints | Basic constraints as int |
| sign_algorithm | Algorithm used for signing |
| ext_key_usage | Comma separated string of extended key usage values, see About X509 Valves |
| pub_key | Certificate public key in PEM |
| pub_key_algorithm | Public key algorithm |
| pub_key_format | Public key algorithm (X.509) |
| pub_key_type | Public key type (RSA) |
| pub_key_size | Public key size (1024, 2048, etc) |
| crl_distribution_points | Comma separated list of CRL distribution points |
| ocsp_locations | Comma separated list of OCSP location |
| ocsp_issuers | Comma separated list of OCSP issuers |
| san_otherName | Subject Alternative Name - Other name |
| san_rfc822Name | Subject Alternative Name - Email |
| san_dNSName | Subject Alternative Name - DNS |
| san_x400Address | Subject Alternative Name -X.400 |
| san_directoryName | Subject Alternative Name - DirName |
| san_ediPartyName | Subject Alternative Name - EID |
| san_uniformResourceIdentifier | Subject Alternative Name - URL |
| san_iPAddress | Subject Alternative Name - IP address |
| san_registeredID |
Subject Alternative Name - OID |
Example Configuration
{
"name": "CertificateExtractorValve",
"config": {
"cert": "{{item.certToParse}}",
"prefix" : "mycert_",
"attributes" : "subject,not_before,not_after"
}
}