Package com.netscape.cms.authentication
Class CMCAuth
java.lang.Object
com.netscape.cms.authentication.CMCAuth
- All Implemented Interfaces:
IExtendedPluginInfo
,ProfileAuthenticator
,AuthManager
UID/CMC authentication plug-in
- Version:
- $Revision$, $Date$
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
static org.slf4j.Logger
protected static String[]
protected static String[]
static final String
static final String
Fields inherited from interface org.dogtagpki.server.authentication.AuthManager
CRED_CERT_SERIAL_TO_REVOKE, CRED_CMC_SELF_SIGNED, CRED_CMC_SIGNING_CERT, CRED_HOST_NAME, CRED_SESSION_ID, CRED_SSL_CLIENT_CERT
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
Fields inherited from interface com.netscape.cms.profile.ProfileAuthenticator
AUTHENTICATED_NAME
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(IAuthCredentials authCred) Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT for the subject name.String[]
Returns a list of configuration parameter names.gets the configuration substore used by this authentication plug-inString[]
Activate the help system.gets the plug-in name of this authentication plug-in.getName()
gets the name of this authentication plug-in instanceRetrieves the localizable name of this policy.String[]
get the list of required credentials.Retrieves the localizable description of this policy.getValueDescriptor
(Locale locale, String name) Retrieves the descriptor of the given value parameter by name.Retrieves a list of names of the value parameter.void
init
(Profile profile, ConfigStore config) Initializes this default policy.void
init
(String name, String implName, AuthManagerConfig config) Initializes the CMCAuth authentication plug-in.boolean
Checks if this authenticator requires SSL client authentication.boolean
isValueWriteable
(String name) Checks if the value of the given property should be serializable into the request.void
populate
(IAuthToken token, Request request) Populates authentication specific information into the request for auditing purposes.void
setAuthenticationConfig
(AuthenticationConfig authenticationConfig) void
shutdown()
prepares for shutdown.protected IAuthToken
verifySignerInfo
(SessionContext auditContext, AuthToken authToken, org.mozilla.jss.pkix.cms.SignedData cmcFullReq)
-
Field Details
-
logger
public static org.slf4j.Logger logger -
TOKEN_CERT_SERIAL
- See Also:
-
REASON_CODE
- See Also:
-
mConfigParams
-
CRED_CMC
- See Also:
-
mRequiredCreds
-
mExtendedPluginInfo
-
-
Constructor Details
-
CMCAuth
public CMCAuth()Default constructor, initialization must follow.
-
-
Method Details
-
getAuthenticationConfig
-
setAuthenticationConfig
-
init
Initializes the CMCAuth authentication plug-in.- Specified by:
init
in interfaceAuthManager
- Parameters:
name
- The name for this authentication plug-in instance.implName
- The name of the authentication plug-in.config
- - The configuration store for this instance.- Throws:
EBaseException
- If an error occurs during initialization.
-
authenticate
public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT for the subject name.- signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert requests or revocation requests are submitted and signature is verified
- Specified by:
authenticate
in interfaceAuthManager
- Parameters:
authCred
- Authentication credentials, CRED_UID and CRED_CMC.- Returns:
- an AuthToken
- Throws:
EMissingCredential
- If a required authentication credential is missing.EInvalidCredentials
- If credentials failed authentication.EBaseException
- If an internal error occurred.- See Also:
-
getConfigParams
Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.- Specified by:
getConfigParams
in interfaceAuthManager
- Returns:
- String array of configuration parameter names.
-
getConfigStore
gets the configuration substore used by this authentication plug-in- Specified by:
getConfigStore
in interfaceAuthManager
- Specified by:
getConfigStore
in interfaceProfileAuthenticator
- Returns:
- configuration store
-
getImplName
gets the plug-in name of this authentication plug-in.- Specified by:
getImplName
in interfaceAuthManager
- Returns:
- the name of the authentication manager plugin.
-
getName
gets the name of this authentication plug-in instance- Specified by:
getName
in interfaceAuthManager
- Returns:
- the name of this authentication manager.
-
getRequiredCreds
get the list of required credentials.- Specified by:
getRequiredCreds
in interfaceAuthManager
- Returns:
- list of required credentials as strings.
-
shutdown
public void shutdown()prepares for shutdown.- Specified by:
shutdown
in interfaceAuthManager
-
getExtendedPluginInfo
Activate the help system.- Specified by:
getExtendedPluginInfo
in interfaceIExtendedPluginInfo
- Returns:
- help messages
-
verifySignerInfo
protected IAuthToken verifySignerInfo(SessionContext auditContext, AuthToken authToken, org.mozilla.jss.pkix.cms.SignedData cmcFullReq) throws EBaseException - Throws:
EBaseException
-
init
Description copied from interface:ProfileAuthenticator
Initializes this default policy.- Specified by:
init
in interfaceProfileAuthenticator
- Parameters:
profile
- owner of this authenticatorconfig
- configuration store- Throws:
EProfileException
- failed to initialize
-
getName
Retrieves the localizable name of this policy.- Specified by:
getName
in interfaceProfileAuthenticator
- Parameters:
locale
- end user locale- Returns:
- localized authenticator name
-
getText
Retrieves the localizable description of this policy.- Specified by:
getText
in interfaceProfileAuthenticator
- Parameters:
locale
- end user locale- Returns:
- localized authenticator description
-
getValueNames
Retrieves a list of names of the value parameter.- Specified by:
getValueNames
in interfaceProfileAuthenticator
- Returns:
- a list of property names
-
isValueWriteable
Description copied from interface:ProfileAuthenticator
Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.- Specified by:
isValueWriteable
in interfaceProfileAuthenticator
- Parameters:
name
- property name- Returns:
- true if the property is not security related
-
getValueDescriptor
Retrieves the descriptor of the given value parameter by name.- Specified by:
getValueDescriptor
in interfaceProfileAuthenticator
- Parameters:
locale
- user localename
- property name- Returns:
- descriptor of the requested property
-
populate
Description copied from interface:ProfileAuthenticator
Populates authentication specific information into the request for auditing purposes.- Specified by:
populate
in interfaceProfileAuthenticator
- Parameters:
token
- authentication tokenrequest
- request- Throws:
EProfileException
- failed to populate
-
isSSLClientRequired
public boolean isSSLClientRequired()Description copied from interface:ProfileAuthenticator
Checks if this authenticator requires SSL client authentication.- Specified by:
isSSLClientRequired
in interfaceProfileAuthenticator
- Returns:
- client authentication required or not
-