Dear Community,
I need support in accessing a field of a ssl certificate in the API-Gateway.
My current task is to log ssl certificate details to our logging infrastrure. The project is part of the PSD2 implementation which is a regulatory demand of the EU mainly for banks. So called third party providers send requests through our API-Gateway to banking services. They present a client certificate. Those certificates hold custom extensions with certain roles which we need to log.
So far I encoded a base26-decoded certificate into a variable of type X.509 Certificate. I am able to access the issuer or subject by calling ${certificate.issuer} or ${certificate.subject}. Unfortunatly I cannot find the correct property in the documentation
Certificate Attributes Context Variables https://docops.ca.com/ca-api-gateway/9-2/en/reference/context-variables/certificate-attributes-context-variables I am only able to dump the complete certificate:
[ |
|
[ |
|
Version: V3 |
|
... |
|
|
|
Certificate Extensions: 1 |
|
[1]: ObjectId: 1.3.6.1.5.5.7.1.3 Criticality=false |
|
Extension unknown: DER encoded OCTET string = |
|
0000: 04 6E 30 6C 06 06 04 00 81 98 27 02 30 62 30 39 .n0l......'.0b09 |
|
0010: 30 11 06 07 04 00 81 98 27 01 03 0C 06 50 53 50 0.......'....PSP |
|
0020: 5F 41 49 30 11 06 07 04 00 81 98 27 01 02 0C 06 _AI0.......'.... |
|
0030: 50 53 50 5F 50 49 30 11 06 07 04 00 81 98 27 01 PSP_PI0.......'. |
|
0040: 04 0C 06 50 53 50 5F 49 43 0C 19 54 72 75 73 74 ...PSP_IC..Trust |
|
0050: 20 53 65 72 76 69 63 65 20 50 72 6F 76 69 64 65 Service Provide |
|
0060: 72 20 41 47 0C 0A 44 45 2D 46 41 4B 45 4E 43 41 r AG..DE-FAKENCA |
|
|
|
|
|
] |
|
Algorithm: [SHA256withRSA] |
|
Signature: |
|
... |
|
|
|
] |
How can I access the highlighted section via a context variable in order to log those custom roles?
Kind regards
Niklas