PKCS10ValidatorValve

Valve for validating content of a PKCS#10 certification signing requests (CSR).

Content validated:

  • Signature
  • Signature algorithm (if configured)
  • Key algorithm (if configured)
  • Key size (if configured, only for RSA)
  • Subject (if configured)

Validation is done using regular expressions.

Properties

Name Description Default value Mandatory Supports property expansion
source Expression expanding to a CSR in PEM format Yes Yes
signature_algorithm_regex Regular expression for validating CSR signature algorithm ".*" No No
key_algorithm_regex Regular expression for validating CSR public key algorithm ".*" No No
key_size_regex Regular expression for validating CSR public key size (only RSA) ".*" No No
subject_regex Regular expression for validating CSR subject ".*" No No

Example Configuration

{
  "name": "PKCS10ValidatorValve",
  "enabled": "true",
  "config": {
    "source": "csr",
    "key_algorithm_regex": "RSA",
    "key_size_regex": "2048",
    "subject_regex": "CN=user_[0-9]{1,2}"
  }
}