|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.jini.jeri.ssl.Utilities
net.jini.jeri.ssl.FilterX509TrustManager
net.jini.jeri.ssl.AuthManager
net.jini.jeri.ssl.ClientAuthManager
class ClientAuthManager
An AuthManager for clients. Uses the fact that client connections only share SSLContexts after a single client and server principal have been chosen.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities |
---|
Utilities.SSLContextInfo |
Field Summary | |
---|---|
private AuthenticationPermission |
authenticationPermission
The permission to check for the last cached credential |
private X500PrivateCredential |
clientCredential
The private credential supplied by chooseClientAlias in the last handshake or null if none was supplied. |
private Exception |
clientCredentialException
The exception that occurred within the last call to chooseClientAlias if no credential could be supplied. |
private X500Principal |
clientPrincipal
The client principal chosen by the first handshake. |
private long |
credentialsValidUntil
The latest time for which all client and server credentials remain valid. |
private static Logger |
logger
Client logger |
private X509Certificate |
serverCredential
The server certificate chosen by the first handshake. |
private X500Principal |
serverPrincipal
The server principal chosen by the first handshake. |
Fields inherited from class net.jini.jeri.ssl.AuthManager |
---|
subjectIsReadOnly |
Fields inherited from class net.jini.jeri.ssl.Utilities |
---|
ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL |
Constructor Summary | |
---|---|
ClientAuthManager(Subject subject,
Set permittedLocalPrincipals,
Set permittedRemotePrincipals)
Creates an AuthManager that retrieves principals and credentials for authentication from the specified subject. |
Method Summary | |
---|---|
(package private) void |
checkAuthentication()
Checks if the subject still contains the proper credentials, and the current access control context has the proper AuthenticationPermission, to use the current session. |
void |
checkServerTrusted(X509Certificate[] chain,
String authType)
Override this X509TrustManager method in order to cache the server principal and to continue to choose the same one. |
String |
chooseClientAlias(String[] keyTypes,
Principal[] issuers,
Socket socket)
|
String |
chooseServerAlias(String keyType,
Principal[] issuers,
Socket socket)
|
private AuthenticationPermission |
getAuthenticationPermission(X509Certificate cert)
Returns the permission needed to connect to the last server principal with the specified client certificate. |
String[] |
getClientAliases(String keyType,
Principal[] issuers)
|
(package private) boolean |
getClientAuthenticated()
Returns true if the last handshake authenticated the client, else false. |
(package private) Exception |
getClientCredentialException()
Returns the last SecurityException or GeneralSecurityException that occurred when attempting to choose client credentials, or null if no exception occurred. |
(package private) X500Principal |
getClientPrincipal()
Returns the client principal chosen. |
(package private) Logger |
getLogger()
Returns the client logger |
(package private) X500PrivateCredential |
getPrivateCredential(X509Certificate cert)
Gets the private credential for the specified X.509 certificate, checking for AuthenticationPermission to connect with the last server principal. |
private X500PrivateCredential |
getPrivateCredential(X509Certificate cert,
AuthenticationPermission ap)
Gets the private credential for the specified X.509 certificate, checking for the specified AuthenticationPermission. |
String[] |
getServerAliases(String keyType,
Principal[] issuers)
|
(package private) X500Principal |
getServerPrincipal()
Returns the server principal chosen. |
Methods inherited from class net.jini.jeri.ssl.AuthManager |
---|
certificatesValidUntil, certificatesValidUntil, chooseCredential, equalPrivateCredentials, getAliases, getCertificateChain, getPrivateKey, getSubject |
Methods inherited from class net.jini.jeri.ssl.FilterX509TrustManager |
---|
checkClientTrusted, getAcceptedIssuers, setPermittedRemotePrincipals |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private static final Logger logger
private X509Certificate serverCredential
private X500Principal serverPrincipal
private X500PrivateCredential clientCredential
private X500Principal clientPrincipal
private Exception clientCredentialException
private long credentialsValidUntil
private AuthenticationPermission authenticationPermission
Constructor Detail |
---|
ClientAuthManager(Subject subject, Set permittedLocalPrincipals, Set permittedRemotePrincipals) throws NoSuchAlgorithmException
subject
- the subject for retrieving principals and credentialspermittedLocalPrincipals
- if non-null, then only principals in
this set may be used for authenticationpermittedRemotePrincipals
- if non-null, then only principals in
this set will be trusted when authenticating the peer
NoSuchAlgorithmException
- if the trust manager factory algorithm
is not foundMethod Detail |
---|
boolean getClientAuthenticated()
Exception getClientCredentialException()
void checkAuthentication() throws UnsupportedConstraintException
SecurityException
- if the access control context does not have
the proper AuthenticationPermission
UnsupportedConstraintException
- if the subject does not contain
the proper credentialsX500PrivateCredential getPrivateCredential(X509Certificate cert)
getPrivateCredential
in class AuthManager
cert
- the certificate for the local principal
SecurityException
- if the access control context does not have
the proper AuthenticationPermissionprivate X500PrivateCredential getPrivateCredential(X509Certificate cert, AuthenticationPermission ap)
cert
- the certificate for the local principalap
- the permission needed to connect to the peer
SecurityException
- if the access control context does not have
the proper AuthenticationPermissionLogger getLogger()
getLogger
in class AuthManager
private AuthenticationPermission getAuthenticationPermission(X509Certificate cert)
X500Principal getServerPrincipal()
X500Principal getClientPrincipal()
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
checkServerTrusted
in interface X509TrustManager
checkServerTrusted
in class FilterX509TrustManager
CertificateException
public String[] getClientAliases(String keyType, Principal[] issuers)
public String[] getServerAliases(String keyType, Principal[] issuers)
public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket)
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |