com.netscape.cms.authentication
Class SSLclientCertAuthentication

java.lang.Object
  com.netscape.cms.authentication.SSLclientCertAuthentication

All Implemented Interfaces:

IAuthManager, IProfileAuthenticator

public class SSLclientCertAuthentication
extends java.lang.Object
implements IAuthManager, IProfileAuthenticator

Certificate server SSL client authentication.

Author:

Christina Fu

Field Summary

static java.lang.String	CRED_CERT
protected static java.lang.String[]	mConfigParams
protected java.lang.String[]	mRequiredCreds
static java.lang.String	TOKEN_UID
static java.lang.String	TOKEN_USER_DN
static java.lang.String	TOKEN_USERDN
static java.lang.String	TOKEN_USERID

Fields inherited from interface com.netscape.certsrv.profile.IProfileAuthenticator

AUTHENTICATED_NAME

Fields inherited from interface com.netscape.certsrv.authentication.IAuthManager

CRED_CERT_SERIAL_TO_REVOKE, CRED_HOST_NAME, CRED_SESSION_ID, CRED_SSL_CLIENT_CERT

Constructor Summary

SSLclientCertAuthentication()

Method Summary

IAuthToken	authenticate(IAuthCredentials authCred) authenticates user by certificate
java.lang.String[]	getConfigParams() get the list of configuration parameter names required by this authentication manager.
IConfigStore	getConfigStore() gets the configuretion substore used by this authentication manager
java.lang.String	getImplName() Gets the plugin name of authentication manager.
java.lang.String	getName() Gets the name of this authentication manager.
java.lang.String	getName(java.util.Locale locale) Retrieves the localizable name of this policy.
java.lang.String[]	getRequiredCreds() get the list of authentication credential attribute names required by this authentication manager.
java.lang.String	getText(java.util.Locale locale) Retrieves the localizable description of this policy.
IDescriptor	getValueDescriptor(java.util.Locale locale, java.lang.String name) Retrieves the descriptor of the given value parameter by name.
java.util.Enumeration	getValueNames() Retrieves a list of names of the value parameter.
void	init(IProfile profile, IConfigStore config) Initializes this default policy.
void	init(java.lang.String name, java.lang.String implName, IConfigStore config) initializes the SSLClientCertAuthentication auth manager
boolean	isSSLClientRequired() Checks if this authenticator requires SSL client authentication.
boolean	isValueWriteable(java.lang.String name) Checks if the value of the given property should be serializable into the request.
void	populate(IAuthToken token, IRequest request) Populates authentication specific information into the request for auditing purposes.
void	shutdown() prepare this authentication manager for shutdown.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TOKEN_USERDN

public static final java.lang.String TOKEN_USERDN

See Also:

Constant Field Values

TOKEN_USER_DN

public static final java.lang.String TOKEN_USER_DN

See Also:

Constant Field Values

TOKEN_USERID

public static final java.lang.String TOKEN_USERID

See Also:

Constant Field Values

TOKEN_UID

public static final java.lang.String TOKEN_UID

See Also:

Constant Field Values

CRED_CERT

public static final java.lang.String CRED_CERT

See Also:

Constant Field Values

mRequiredCreds

protected java.lang.String[] mRequiredCreds

mConfigParams

protected static java.lang.String[] mConfigParams

Constructor Detail

SSLclientCertAuthentication

public SSLclientCertAuthentication()

Method Detail

init

public void init(java.lang.String name,
                 java.lang.String implName,
                 IConfigStore config)
          throws EBaseException

initializes the SSLClientCertAuthentication auth manager

called by AuthSubsystem init() method, when initializing all available authentication managers.

Specified by:

init in interface IAuthManager

Parameters:

name - The name of this authentication manager instance.

implName - The name of the authentication manager plugin.

config - The configuration store for this authentication manager.

Throws:

EBaseException - If an initialization error occurred.

getName

public java.lang.String getName()

Gets the name of this authentication manager.

Specified by:

getName in interface IAuthManager

Returns:

the name of this authentication manager.

getImplName

public java.lang.String getImplName()

Gets the plugin name of authentication manager.

Specified by:

getImplName in interface IAuthManager

Returns:

the name of the authentication manager plugin.

isSSLClientRequired

public boolean isSSLClientRequired()

Description copied from interface: IProfileAuthenticator

Checks if this authenticator requires SSL client authentication.

Specified by:

isSSLClientRequired in interface IProfileAuthenticator

Returns:

client authentication required or not

authenticate

public IAuthToken authenticate(IAuthCredentials authCred)
                        throws EMissingCredential,
                               EInvalidCredentials,
                               EBaseException

authenticates user by certificate

called by other subsystems or their servlets to authenticate users

Specified by:

authenticate in interface IAuthManager

Parameters:

authCred - - authentication credential that contains an usrgrp.Certificates of the user (agent)

Returns:

the authentication token that contains the following

Throws:

EMissingCredential - If a required credential for this authentication manager is missing.

EInvalidCredentials - If credentials cannot be authenticated.

EBaseException - If an internal error occurred.

See Also:

AuthToken, Certificates

getRequiredCreds

public java.lang.String[] getRequiredCreds()

get the list of authentication credential attribute names required by this authentication manager. Generally used by the servlets that handle agent operations to authenticate its users. It calls this method to know which are the required credentials from the user (e.g. Javascript form data)

Specified by:

getRequiredCreds in interface IAuthManager

Returns:

attribute names in Vector

getConfigParams

public java.lang.String[] getConfigParams()

get the list of configuration parameter names required by this authentication manager. Generally used by the Certificate Server Console to display the table for configuration purposes. CertUserDBAuthentication is currently not exposed in this case, so this method is not to be used.

Specified by:

getConfigParams in interface IAuthManager

Returns:

configuration parameter names in Hashtable of Vectors where each hashtable entry's key is the substore name, value is a Vector of parameter names. If no substore, the parameter name is the Hashtable key itself, with value same as key.

shutdown

public void shutdown()

prepare this authentication manager for shutdown.

Specified by:

shutdown in interface IAuthManager

getConfigStore

public IConfigStore getConfigStore()

gets the configuretion substore used by this authentication manager

Specified by:

getConfigStore in interface IAuthManager

Specified by:

getConfigStore in interface IProfileAuthenticator

Returns:

configuration store

init

public void init(IProfile profile,
                 IConfigStore config)
          throws EProfileException

Description copied from interface: IProfileAuthenticator

Initializes this default policy.

Specified by:

init in interface IProfileAuthenticator

Parameters:

profile - owner of this authenticator

config - configuration store

Throws:

EProfileException - failed to initialize

getName

public java.lang.String getName(java.util.Locale locale)

Retrieves the localizable name of this policy.

Specified by:

getName in interface IProfileAuthenticator

Parameters:

locale - end user locale

Returns:

localized authenticator name

getText

public java.lang.String getText(java.util.Locale locale)

Retrieves the localizable description of this policy.

Specified by:

getText in interface IProfileAuthenticator

Parameters:

locale - end user locale

Returns:

localized authenticator description

getValueNames

public java.util.Enumeration getValueNames()

Retrieves a list of names of the value parameter.

Specified by:

getValueNames in interface IProfileAuthenticator

Returns:

a list of property names

isValueWriteable

public boolean isValueWriteable(java.lang.String name)

Description copied from interface: IProfileAuthenticator

Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.

Specified by:

isValueWriteable in interface IProfileAuthenticator

Parameters:

name - property name

Returns:

true if the property is not security related

getValueDescriptor

public IDescriptor getValueDescriptor(java.util.Locale locale,
                                      java.lang.String name)

Retrieves the descriptor of the given value parameter by name.

Specified by:

getValueDescriptor in interface IProfileAuthenticator

Parameters:

locale - user locale

name - property name

Returns:

descriptor of the requested property

populate

public void populate(IAuthToken token,
                     IRequest request)
              throws EProfileException

Description copied from interface: IProfileAuthenticator

Populates authentication specific information into the request for auditing purposes.

Specified by:

populate in interface IProfileAuthenticator

Parameters:

token - authentication token

request - request

Throws:

EProfileException - failed to populate