Package com.netscape.cms.authentication
Class SSLclientCertAuthentication
- java.lang.Object
-
- com.netscape.cms.authentication.SSLclientCertAuthentication
-
- All Implemented Interfaces:
IAuthManager
,IProfileAuthenticator
public class SSLclientCertAuthentication extends java.lang.Object implements IAuthManager, IProfileAuthenticator
Certificate server SSL client authentication.- Author:
- Christina Fu
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
CRED_CERT
protected static java.lang.String[]
mConfigParams
protected java.lang.String[]
mRequiredCreds
static java.lang.String
TOKEN_UID
static java.lang.String
TOKEN_USER_DN
static java.lang.String
TOKEN_USERDN
static java.lang.String
TOKEN_USERID
-
Fields inherited from interface com.netscape.certsrv.authentication.IAuthManager
CRED_CERT_SERIAL_TO_REVOKE, CRED_CMC_SELF_SIGNED, CRED_CMC_SIGNING_CERT, CRED_HOST_NAME, CRED_SESSION_ID, CRED_SSL_CLIENT_CERT
-
Fields inherited from interface com.netscape.certsrv.profile.IProfileAuthenticator
AUTHENTICATED_NAME
-
-
Constructor Summary
Constructors Constructor Description SSLclientCertAuthentication()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description IAuthToken
authenticate(IAuthCredentials authCred)
authenticates user by certificatejava.lang.String[]
getConfigParams()
get the list of configuration parameter names required by this authentication manager.IConfigStore
getConfigStore()
gets the configuretion substore used by this authentication managerjava.lang.String
getImplName()
Gets the plugin name of authentication manager.java.lang.String
getName()
Gets the name of this authentication manager.java.lang.String
getName(java.util.Locale locale)
Retrieves the localizable name of this policy.java.lang.String[]
getRequiredCreds()
get the list of authentication credential attribute names required by this authentication manager.java.lang.String
getText(java.util.Locale locale)
Retrieves the localizable description of this policy.IDescriptor
getValueDescriptor(java.util.Locale locale, java.lang.String name)
Retrieves the descriptor of the given value parameter by name.java.util.Enumeration<java.lang.String>
getValueNames()
Retrieves a list of names of the value parameter.void
init(IProfile profile, IConfigStore config)
Initializes this default policy.void
init(java.lang.String name, java.lang.String implName, IConfigStore config)
initializes the SSLClientCertAuthentication auth managerboolean
isSSLClientRequired()
Checks if this authenticator requires SSL client authentication.boolean
isValueWriteable(java.lang.String name)
Checks if the value of the given property should be serializable into the request.void
populate(IAuthToken token, IRequest request)
Populates authentication specific information into the request for auditing purposes.void
shutdown()
prepare this authentication manager for shutdown.
-
-
-
Field Detail
-
TOKEN_USERDN
public static final java.lang.String TOKEN_USERDN
- See Also:
- Constant Field Values
-
TOKEN_USER_DN
public static final java.lang.String TOKEN_USER_DN
- See Also:
- Constant Field Values
-
TOKEN_USERID
public static final java.lang.String TOKEN_USERID
- See Also:
- Constant Field Values
-
TOKEN_UID
public static final java.lang.String TOKEN_UID
- See Also:
- Constant Field Values
-
CRED_CERT
public static final java.lang.String CRED_CERT
- See Also:
- Constant Field Values
-
mRequiredCreds
protected java.lang.String[] mRequiredCreds
-
mConfigParams
protected static java.lang.String[] mConfigParams
-
-
Method Detail
-
init
public void init(java.lang.String name, java.lang.String implName, IConfigStore config) throws EBaseException
initializes the SSLClientCertAuthentication auth managercalled by AuthSubsystem init() method, when initializing all available authentication managers.
- Specified by:
init
in interfaceIAuthManager
- Parameters:
name
- The name of this authentication manager instance.implName
- The name of the authentication manager plugin.config
- The configuration store for this authentication manager.- Throws:
EBaseException
- If an initialization error occurred.
-
getName
public java.lang.String getName()
Gets the name of this authentication manager.- Specified by:
getName
in interfaceIAuthManager
- Returns:
- the name of this authentication manager.
-
getImplName
public java.lang.String getImplName()
Gets the plugin name of authentication manager.- Specified by:
getImplName
in interfaceIAuthManager
- Returns:
- the name of the authentication manager plugin.
-
isSSLClientRequired
public boolean isSSLClientRequired()
Description copied from interface:IProfileAuthenticator
Checks if this authenticator requires SSL client authentication.- Specified by:
isSSLClientRequired
in interfaceIProfileAuthenticator
- Returns:
- client authentication required or not
-
authenticate
public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException
authenticates user by certificatecalled by other subsystems or their servlets to authenticate users
- Specified by:
authenticate
in interfaceIAuthManager
- Parameters:
authCred
- - authentication credential that contains an usrgrp.Certificates of the user (agent)- Returns:
- the authentication token that contains the following
- Throws:
EMissingCredential
- If a required credential for this authentication manager is missing.EInvalidCredentials
- If credentials cannot be authenticated.EBaseException
- If an internal error occurred.- See Also:
AuthToken
,Certificates
-
getRequiredCreds
public java.lang.String[] getRequiredCreds()
get the list of authentication credential attribute names required by this authentication manager. Generally used by the servlets that handle agent operations to authenticate its users. It calls this method to know which are the required credentials from the user (e.g. Javascript form data)- Specified by:
getRequiredCreds
in interfaceIAuthManager
- Returns:
- attribute names in Vector
-
getConfigParams
public java.lang.String[] getConfigParams()
get the list of configuration parameter names required by this authentication manager. Generally used by the Certificate Server Console to display the table for configuration purposes. CertUserDBAuthentication is currently not exposed in this case, so this method is not to be used.- Specified by:
getConfigParams
in interfaceIAuthManager
- Returns:
- configuration parameter names in Hashtable of Vectors where each hashtable entry's key is the substore name, value is a Vector of parameter names. If no substore, the parameter name is the Hashtable key itself, with value same as key.
-
shutdown
public void shutdown()
prepare this authentication manager for shutdown.- Specified by:
shutdown
in interfaceIAuthManager
-
getConfigStore
public IConfigStore getConfigStore()
gets the configuretion substore used by this authentication manager- Specified by:
getConfigStore
in interfaceIAuthManager
- Specified by:
getConfigStore
in interfaceIProfileAuthenticator
- Returns:
- configuration store
-
init
public void init(IProfile profile, IConfigStore config) throws EProfileException
Description copied from interface:IProfileAuthenticator
Initializes this default policy.- Specified by:
init
in interfaceIProfileAuthenticator
- Parameters:
profile
- owner of this authenticatorconfig
- configuration store- Throws:
EProfileException
- failed to initialize
-
getName
public java.lang.String getName(java.util.Locale locale)
Retrieves the localizable name of this policy.- Specified by:
getName
in interfaceIProfileAuthenticator
- Parameters:
locale
- end user locale- Returns:
- localized authenticator name
-
getText
public java.lang.String getText(java.util.Locale locale)
Retrieves the localizable description of this policy.- Specified by:
getText
in interfaceIProfileAuthenticator
- Parameters:
locale
- end user locale- Returns:
- localized authenticator description
-
getValueNames
public java.util.Enumeration<java.lang.String> getValueNames()
Retrieves a list of names of the value parameter.- Specified by:
getValueNames
in interfaceIProfileAuthenticator
- Returns:
- a list of property names
-
isValueWriteable
public boolean isValueWriteable(java.lang.String name)
Description copied from interface:IProfileAuthenticator
Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.- Specified by:
isValueWriteable
in interfaceIProfileAuthenticator
- Parameters:
name
- property name- Returns:
- true if the property is not security related
-
getValueDescriptor
public IDescriptor getValueDescriptor(java.util.Locale locale, java.lang.String name)
Retrieves the descriptor of the given value parameter by name.- Specified by:
getValueDescriptor
in interfaceIProfileAuthenticator
- Parameters:
locale
- user localename
- property name- Returns:
- descriptor of the requested property
-
populate
public void populate(IAuthToken token, IRequest request) throws EProfileException
Description copied from interface:IProfileAuthenticator
Populates authentication specific information into the request for auditing purposes.- Specified by:
populate
in interfaceIProfileAuthenticator
- Parameters:
token
- authentication tokenrequest
- request- Throws:
EProfileException
- failed to populate
-
-