Class CMCAuth

    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • TOKEN_CERT_SERIAL

        public static final java.lang.String TOKEN_CERT_SERIAL
        See Also:
        Constant Field Values
      • mConfigParams

        protected static java.lang.String[] mConfigParams
      • mRequiredCreds

        protected static java.lang.String[] mRequiredCreds
      • mExtendedPluginInfo

        protected static java.util.Vector<java.lang.String> mExtendedPluginInfo
    • Constructor Detail

      • CMCAuth

        public CMCAuth()
        Default constructor, initialization must follow.
    • Method Detail

      • setAuthenticationConfig

        public void setAuthenticationConfig​(AuthenticationConfig authenticationConfig)
      • init

        public void init​(java.lang.String name,
                         java.lang.String implName,
                         AuthManagerConfig config)
                  throws EBaseException
        Initializes the CMCAuth authentication plug-in.

        Specified by:
        init in interface AuthManager
        Parameters:
        name - The name for this authentication plug-in instance.
        implName - The name of the authentication plug-in.
        config - - The configuration store for this instance.
        Throws:
        EBaseException - If an error occurs during initialization.
      • authenticate

        public com.netscape.certsrv.authentication.IAuthToken authenticate​(com.netscape.certsrv.authentication.IAuthCredentials authCred)
                                                                    throws com.netscape.certsrv.authentication.EMissingCredential,
                                                                           com.netscape.certsrv.authentication.EInvalidCredentials,
                                                                           EBaseException
        Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT for the subject name.

        • signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert requests or revocation requests are submitted and signature is verified
        Specified by:
        authenticate in interface AuthManager
        Parameters:
        authCred - Authentication credentials, CRED_UID and CRED_CMC.
        Returns:
        an AuthToken
        Throws:
        com.netscape.certsrv.authentication.EMissingCredential - If a required authentication credential is missing.
        com.netscape.certsrv.authentication.EInvalidCredentials - If credentials failed authentication.
        EBaseException - If an internal error occurred.
        See Also:
        AuthToken
      • getConfigParams

        public java.lang.String[] getConfigParams()
        Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.

        Specified by:
        getConfigParams in interface AuthManager
        Returns:
        String array of configuration parameter names.
      • getImplName

        public java.lang.String getImplName()
        gets the plug-in name of this authentication plug-in.
        Specified by:
        getImplName in interface AuthManager
        Returns:
        the name of the authentication manager plugin.
      • getName

        public java.lang.String getName()
        gets the name of this authentication plug-in instance
        Specified by:
        getName in interface AuthManager
        Returns:
        the name of this authentication manager.
      • getRequiredCreds

        public java.lang.String[] getRequiredCreds()
        get the list of required credentials.

        Specified by:
        getRequiredCreds in interface AuthManager
        Returns:
        list of required credentials as strings.
      • shutdown

        public void shutdown()
        prepares for shutdown.
        Specified by:
        shutdown in interface AuthManager
      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo()
        Activate the help system.

        Returns:
        help messages
      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
        Description copied from interface: IExtendedPluginInfo
        This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
        Specified by:
        getExtendedPluginInfo in interface IExtendedPluginInfo
      • init

        public void init​(Profile profile,
                         IConfigStore config)
                  throws com.netscape.certsrv.profile.EProfileException
        Description copied from interface: ProfileAuthenticator
        Initializes this default policy.
        Specified by:
        init in interface ProfileAuthenticator
        Parameters:
        profile - owner of this authenticator
        config - configuration store
        Throws:
        com.netscape.certsrv.profile.EProfileException - failed to initialize
      • getName

        public java.lang.String getName​(java.util.Locale locale)
        Retrieves the localizable name of this policy.
        Specified by:
        getName in interface ProfileAuthenticator
        Parameters:
        locale - end user locale
        Returns:
        localized authenticator name
      • getText

        public java.lang.String getText​(java.util.Locale locale)
        Retrieves the localizable description of this policy.
        Specified by:
        getText in interface ProfileAuthenticator
        Parameters:
        locale - end user locale
        Returns:
        localized authenticator description
      • getValueNames

        public java.util.Enumeration<java.lang.String> getValueNames()
        Retrieves a list of names of the value parameter.
        Specified by:
        getValueNames in interface ProfileAuthenticator
        Returns:
        a list of property names
      • isValueWriteable

        public boolean isValueWriteable​(java.lang.String name)
        Description copied from interface: ProfileAuthenticator
        Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.
        Specified by:
        isValueWriteable in interface ProfileAuthenticator
        Parameters:
        name - property name
        Returns:
        true if the property is not security related
      • getValueDescriptor

        public com.netscape.certsrv.property.IDescriptor getValueDescriptor​(java.util.Locale locale,
                                                                            java.lang.String name)
        Retrieves the descriptor of the given value parameter by name.
        Specified by:
        getValueDescriptor in interface ProfileAuthenticator
        Parameters:
        locale - user locale
        name - property name
        Returns:
        descriptor of the requested property
      • populate

        public void populate​(com.netscape.certsrv.authentication.IAuthToken token,
                             com.netscape.certsrv.request.IRequest request)
                      throws com.netscape.certsrv.profile.EProfileException
        Description copied from interface: ProfileAuthenticator
        Populates authentication specific information into the request for auditing purposes.
        Specified by:
        populate in interface ProfileAuthenticator
        Parameters:
        token - authentication token
        request - request
        Throws:
        com.netscape.certsrv.profile.EProfileException - failed to populate
      • isSSLClientRequired

        public boolean isSSLClientRequired()
        Description copied from interface: ProfileAuthenticator
        Checks if this authenticator requires SSL client authentication.
        Specified by:
        isSSLClientRequired in interface ProfileAuthenticator
        Returns:
        client authentication required or not