ITA CNS Regulation

[giafar]

This addition will support three main features:

1. Permit to send the user certificate using an http header: usefull when there is no valve on tomcat;
2. Validate user certificate using a custom java truststore that can be uploaded via carbon;
3. Very first release of an oid checker that verify the presence of one or more oid in the user certificate.
4. Use regex capture group to extract username from field.

Features 2, 3 and 4 are usefull for the Italian CNS regulation.

<AuthenticatorConfig name="x509CertificateAuthenticator" enabled="true">
            <Parameter name="AuthenticationEndpoint">https://wso2is.local:9443/x509-certificate-servlet</Parameter>
            <Parameter name="username">CN</Parameter>
            <Parameter name="UserNamesRegex">^([A-Z0-9]{16})/.*$</Parameter>
            <Parameter name="IssuerTrustStoreName">cns.jks</Parameter>
            <Parameter name="CertificateRequiredOID">2.5.29.37;2.5.29.32;2.5.29.35;2.5.29.32</Parameter>
            <Parameter name="CertificateHeaderName">X-SSL-CERT</Parameter>
            <!--<Parameter name="setClaimURI">http://wso2.org/claims/identity/userCertificate</Parameter>-->
            <!--<Parameter name="EnforceSelfRegistration">true</Parameter>-->
</AuthenticatorConfig>

[claassistantio]

All committers have signed the CLA.

[giafar]

No feedback ... closing the PR