Class CMCAuth

java.lang.Object
com.netscape.cms.authentication.CMCAuth
All Implemented Interfaces:
IExtendedPluginInfo, ProfileAuthenticator, AuthManager

public class CMCAuth extends Object implements IExtendedPluginInfo, ProfileAuthenticator
UID/CMC authentication plug-in

Version:
$Revision$, $Date$
  • Field Details

  • Constructor Details

    • CMCAuth

      public CMCAuth()
      Default constructor, initialization must follow.
  • Method Details

    • getAuthenticationConfig

      public AuthenticationConfig getAuthenticationConfig()
    • setAuthenticationConfig

      public void setAuthenticationConfig(AuthenticationConfig authenticationConfig)
    • init

      public void init(String name, String implName, AuthManagerConfig config) throws EBaseException
      Initializes the CMCAuth authentication plug-in.

      Specified by:
      init in interface AuthManager
      Parameters:
      name - The name for this authentication plug-in instance.
      implName - The name of the authentication plug-in.
      config - - The configuration store for this instance.
      Throws:
      EBaseException - If an error occurs during initialization.
    • authenticate

      Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT for the subject name.

      • signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert requests or revocation requests are submitted and signature is verified
      Specified by:
      authenticate in interface AuthManager
      Parameters:
      authCred - Authentication credentials, CRED_UID and CRED_CMC.
      Returns:
      an AuthToken
      Throws:
      EMissingCredential - If a required authentication credential is missing.
      EInvalidCredentials - If credentials failed authentication.
      EBaseException - If an internal error occurred.
      See Also:
    • getConfigParams

      public String[] getConfigParams()
      Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.

      Specified by:
      getConfigParams in interface AuthManager
      Returns:
      String array of configuration parameter names.
    • getConfigStore

      public AuthManagerConfig getConfigStore()
      gets the configuration substore used by this authentication plug-in

      Specified by:
      getConfigStore in interface AuthManager
      Specified by:
      getConfigStore in interface ProfileAuthenticator
      Returns:
      configuration store
    • getImplName

      public String getImplName()
      gets the plug-in name of this authentication plug-in.
      Specified by:
      getImplName in interface AuthManager
      Returns:
      the name of the authentication manager plugin.
    • getName

      public String getName()
      gets the name of this authentication plug-in instance
      Specified by:
      getName in interface AuthManager
      Returns:
      the name of this authentication manager.
    • getRequiredCreds

      public String[] getRequiredCreds()
      get the list of required credentials.

      Specified by:
      getRequiredCreds in interface AuthManager
      Returns:
      list of required credentials as strings.
    • shutdown

      public void shutdown()
      prepares for shutdown.
      Specified by:
      shutdown in interface AuthManager
    • getExtendedPluginInfo

      public String[] getExtendedPluginInfo()
      Activate the help system.

      Specified by:
      getExtendedPluginInfo in interface IExtendedPluginInfo
      Returns:
      help messages
    • verifySignerInfo

      protected IAuthToken verifySignerInfo(SessionContext auditContext, AuthToken authToken, org.mozilla.jss.pkix.cms.SignedData cmcFullReq) throws EBaseException
      Throws:
      EBaseException
    • init

      public void init(Profile profile, ConfigStore config) throws EProfileException
      Description copied from interface: ProfileAuthenticator
      Initializes this default policy.
      Specified by:
      init in interface ProfileAuthenticator
      Parameters:
      profile - owner of this authenticator
      config - configuration store
      Throws:
      EProfileException - failed to initialize
    • getName

      public String getName(Locale locale)
      Retrieves the localizable name of this policy.
      Specified by:
      getName in interface ProfileAuthenticator
      Parameters:
      locale - end user locale
      Returns:
      localized authenticator name
    • getText

      public String getText(Locale locale)
      Retrieves the localizable description of this policy.
      Specified by:
      getText in interface ProfileAuthenticator
      Parameters:
      locale - end user locale
      Returns:
      localized authenticator description
    • getValueNames

      public Enumeration<String> getValueNames()
      Retrieves a list of names of the value parameter.
      Specified by:
      getValueNames in interface ProfileAuthenticator
      Returns:
      a list of property names
    • isValueWriteable

      public boolean isValueWriteable(String name)
      Description copied from interface: ProfileAuthenticator
      Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.
      Specified by:
      isValueWriteable in interface ProfileAuthenticator
      Parameters:
      name - property name
      Returns:
      true if the property is not security related
    • getValueDescriptor

      public IDescriptor getValueDescriptor(Locale locale, String name)
      Retrieves the descriptor of the given value parameter by name.
      Specified by:
      getValueDescriptor in interface ProfileAuthenticator
      Parameters:
      locale - user locale
      name - property name
      Returns:
      descriptor of the requested property
    • populate

      public void populate(IAuthToken token, Request request) throws EProfileException
      Description copied from interface: ProfileAuthenticator
      Populates authentication specific information into the request for auditing purposes.
      Specified by:
      populate in interface ProfileAuthenticator
      Parameters:
      token - authentication token
      request - request
      Throws:
      EProfileException - failed to populate
    • isSSLClientRequired

      public boolean isSSLClientRequired()
      Description copied from interface: ProfileAuthenticator
      Checks if this authenticator requires SSL client authentication.
      Specified by:
      isSSLClientRequired in interface ProfileAuthenticator
      Returns:
      client authentication required or not