Class SSLclientCertAuthentication

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.netscape.certsrv.authentication.IAuthToken authenticate​(com.netscape.certsrv.authentication.IAuthCredentials authCred)
      authenticates user by certificate
      java.lang.String[] getConfigParams()
      get the list of configuration parameter names required by this authentication manager.
      AuthManagerConfig getConfigStore()
      gets the configuretion substore used by this authentication manager
      java.lang.String getImplName()
      Gets the plugin name of authentication manager.
      java.lang.String getName()
      Gets the name of this authentication manager.
      java.lang.String getName​(java.util.Locale locale)
      Retrieves the localizable name of this policy.
      java.lang.String[] getRequiredCreds()
      get the list of authentication credential attribute names required by this authentication manager.
      java.lang.String getText​(java.util.Locale locale)
      Retrieves the localizable description of this policy.
      com.netscape.certsrv.property.IDescriptor getValueDescriptor​(java.util.Locale locale, java.lang.String name)
      Retrieves the descriptor of the given value parameter by name.
      java.util.Enumeration<java.lang.String> getValueNames()
      Retrieves a list of names of the value parameter.
      void init​(Profile profile, IConfigStore config)
      Initializes this default policy.
      void init​(java.lang.String name, java.lang.String implName, AuthManagerConfig config)
      initializes the SSLClientCertAuthentication auth manager
      boolean isSSLClientRequired()
      Checks if this authenticator requires SSL client authentication.
      boolean isValueWriteable​(java.lang.String name)
      Checks if the value of the given property should be serializable into the request.
      void populate​(com.netscape.certsrv.authentication.IAuthToken token, com.netscape.certsrv.request.IRequest request)
      Populates authentication specific information into the request for auditing purposes.
      void shutdown()
      prepare this authentication manager for shutdown.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • mRequiredCreds

        protected java.lang.String[] mRequiredCreds
      • mConfigParams

        protected static java.lang.String[] mConfigParams
    • Constructor Detail

      • SSLclientCertAuthentication

        public SSLclientCertAuthentication()
    • Method Detail

      • init

        public void init​(java.lang.String name,
                         java.lang.String implName,
                         AuthManagerConfig config)
                  throws EBaseException
        initializes the SSLClientCertAuthentication auth manager

        called by AuthSubsystem init() method, when initializing all available authentication managers.

        Specified by:
        init in interface AuthManager
        Parameters:
        name - The name of this authentication manager instance.
        implName - The name of the authentication manager plugin.
        config - The configuration store for this authentication manager.
        Throws:
        EBaseException - If an initialization error occurred.
      • getName

        public java.lang.String getName()
        Gets the name of this authentication manager.
        Specified by:
        getName in interface AuthManager
        Returns:
        the name of this authentication manager.
      • getImplName

        public java.lang.String getImplName()
        Gets the plugin name of authentication manager.
        Specified by:
        getImplName in interface AuthManager
        Returns:
        the name of the authentication manager plugin.
      • isSSLClientRequired

        public boolean isSSLClientRequired()
        Description copied from interface: ProfileAuthenticator
        Checks if this authenticator requires SSL client authentication.
        Specified by:
        isSSLClientRequired in interface ProfileAuthenticator
        Returns:
        client authentication required or not
      • authenticate

        public com.netscape.certsrv.authentication.IAuthToken authenticate​(com.netscape.certsrv.authentication.IAuthCredentials authCred)
                                                                    throws com.netscape.certsrv.authentication.EMissingCredential,
                                                                           com.netscape.certsrv.authentication.EInvalidCredentials,
                                                                           EBaseException
        authenticates user by certificate

        called by other subsystems or their servlets to authenticate users

        Specified by:
        authenticate in interface AuthManager
        Parameters:
        authCred - - authentication credential that contains an usrgrp.Certificates of the user (agent)
        Returns:
        the authentication token that contains the following
        Throws:
        com.netscape.certsrv.authentication.EMissingCredential - If a required credential for this authentication manager is missing.
        com.netscape.certsrv.authentication.EInvalidCredentials - If credentials cannot be authenticated.
        EBaseException - If an internal error occurred.
        See Also:
        AuthToken, Certificates
      • getRequiredCreds

        public java.lang.String[] getRequiredCreds()
        get the list of authentication credential attribute names required by this authentication manager. Generally used by the servlets that handle agent operations to authenticate its users. It calls this method to know which are the required credentials from the user (e.g. Javascript form data)
        Specified by:
        getRequiredCreds in interface AuthManager
        Returns:
        attribute names in Vector
      • getConfigParams

        public java.lang.String[] getConfigParams()
        get the list of configuration parameter names required by this authentication manager. Generally used by the Certificate Server Console to display the table for configuration purposes. CertUserDBAuthentication is currently not exposed in this case, so this method is not to be used.
        Specified by:
        getConfigParams in interface AuthManager
        Returns:
        configuration parameter names in Hashtable of Vectors where each hashtable entry's key is the substore name, value is a Vector of parameter names. If no substore, the parameter name is the Hashtable key itself, with value same as key.
      • shutdown

        public void shutdown()
        prepare this authentication manager for shutdown.
        Specified by:
        shutdown in interface AuthManager
      • init

        public void init​(Profile profile,
                         IConfigStore config)
                  throws com.netscape.certsrv.profile.EProfileException
        Description copied from interface: ProfileAuthenticator
        Initializes this default policy.
        Specified by:
        init in interface ProfileAuthenticator
        Parameters:
        profile - owner of this authenticator
        config - configuration store
        Throws:
        com.netscape.certsrv.profile.EProfileException - failed to initialize
      • getName

        public java.lang.String getName​(java.util.Locale locale)
        Retrieves the localizable name of this policy.
        Specified by:
        getName in interface ProfileAuthenticator
        Parameters:
        locale - end user locale
        Returns:
        localized authenticator name
      • getText

        public java.lang.String getText​(java.util.Locale locale)
        Retrieves the localizable description of this policy.
        Specified by:
        getText in interface ProfileAuthenticator
        Parameters:
        locale - end user locale
        Returns:
        localized authenticator description
      • getValueNames

        public java.util.Enumeration<java.lang.String> getValueNames()
        Retrieves a list of names of the value parameter.
        Specified by:
        getValueNames in interface ProfileAuthenticator
        Returns:
        a list of property names
      • isValueWriteable

        public boolean isValueWriteable​(java.lang.String name)
        Description copied from interface: ProfileAuthenticator
        Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.
        Specified by:
        isValueWriteable in interface ProfileAuthenticator
        Parameters:
        name - property name
        Returns:
        true if the property is not security related
      • getValueDescriptor

        public com.netscape.certsrv.property.IDescriptor getValueDescriptor​(java.util.Locale locale,
                                                                            java.lang.String name)
        Retrieves the descriptor of the given value parameter by name.
        Specified by:
        getValueDescriptor in interface ProfileAuthenticator
        Parameters:
        locale - user locale
        name - property name
        Returns:
        descriptor of the requested property
      • populate

        public void populate​(com.netscape.certsrv.authentication.IAuthToken token,
                             com.netscape.certsrv.request.IRequest request)
                      throws com.netscape.certsrv.profile.EProfileException
        Description copied from interface: ProfileAuthenticator
        Populates authentication specific information into the request for auditing purposes.
        Specified by:
        populate in interface ProfileAuthenticator
        Parameters:
        token - authentication token
        request - request
        Throws:
        com.netscape.certsrv.profile.EProfileException - failed to populate