|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.jini.jeri.ssl.Utilities
net.jini.jeri.ssl.FilterX509TrustManager
net.jini.jeri.ssl.AuthManager
net.jini.jeri.ssl.ServerAuthManager
class ServerAuthManager
An AuthManager for servers. Invalidates sessions when a new key is returned of a particular key type.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities |
---|
Utilities.SSLContextInfo |
Field Summary | |
---|---|
private Map |
credentialCache
Maps a key type to last private credentials returned for that key type, or a String describing problems that prevented getting private credentials. |
private long |
credentialsValidUntil
The time when the credentials for the session in the session cache become invalid. |
private static Logger |
logger
Server transport logger |
private X500PrivateCredential[] |
readOnlyPrivateCredentials
The subject's private credentials, if the subject is read-only. |
private Reference |
sessionCache
The SSL session for the last successful call to checkCredentials. |
private SSLSessionContext |
sslSessionContext
The SSLSessionContext for all connections. |
Fields inherited from class net.jini.jeri.ssl.AuthManager |
---|
subjectIsReadOnly |
Fields inherited from class net.jini.jeri.ssl.Utilities |
---|
ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL |
Constructor Summary | |
---|---|
ServerAuthManager(Subject subject,
Set permittedPrincipals,
SSLSessionContext sslSessionContext)
Creates an AuthManager that retrieves principals and credentials for authentication from the specified subject. |
Method Summary | |
---|---|
(package private) void |
checkCredentials(SSLSession session,
Subject clientSubject)
Checks if the server subject still contains the proper credentials to use the specified session. |
private long |
checkCredentials(X500PrivateCredential cred,
Subject clientSubject,
String permissionAction)
Checks that the principals and credentials associated with the specified private credential are present and valid in the server subject, and that the caller has permission to access them given the specified client subject and permission action. |
String |
chooseClientAlias(String[] keyTypes,
Principal[] issuers,
Socket socket)
|
String |
chooseServerAlias(String keyType,
Principal[] issuers,
Socket socket)
Returns the last server credential selected for this key type, if still usable. |
private AuthenticationPermission |
getAuthPermission(X509Certificate cert,
String peer,
String action)
Returns the authentication permission for the specified principals and action. |
String[] |
getClientAliases(String keyType,
Principal[] issuers)
|
(package private) Logger |
getLogger()
Returns the server logger |
private String |
getPeerPrincipalName(Subject peerSubject)
Returns the name of the principal for the peer subject, which should be read-only if it is not null. |
(package private) X500PrivateCredential |
getPrivateCredential(X509Certificate cert)
Gets the private credential for the specified X.509 certificate, checking for AuthenticationPermission to listen for the specified local principal and all peers. |
private X500PrivateCredential |
getPrivateCredential(X509Certificate cert,
String peer,
String permissionAction)
Checks for AuthenticationPermission to accept for the specified local and peer principals. |
String[] |
getServerAliases(String keyType,
Principal[] issuers)
|
(package private) X509Certificate |
getServerCertificate(SSLSession session)
Returns the principal that the server used to authenticate for the specified session. |
Methods inherited from class net.jini.jeri.ssl.AuthManager |
---|
certificatesValidUntil, certificatesValidUntil, chooseCredential, equalPrivateCredentials, getAliases, getCertificateChain, getPrivateKey, getSubject |
Methods inherited from class net.jini.jeri.ssl.FilterX509TrustManager |
---|
checkClientTrusted, checkServerTrusted, getAcceptedIssuers, setPermittedRemotePrincipals |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private static final Logger logger
private final SSLSessionContext sslSessionContext
private final X500PrivateCredential[] readOnlyPrivateCredentials
private final Map credentialCache
private Reference sessionCache
private long credentialsValidUntil
Constructor Detail |
---|
ServerAuthManager(Subject subject, Set permittedPrincipals, SSLSessionContext sslSessionContext) throws NoSuchAlgorithmException
subject
- the subject for retrieving principals and credentials
NoSuchAlgorithmException
- if the trust manager factory algorithm
is not foundMethod Detail |
---|
X509Certificate getServerCertificate(SSLSession session)
void checkCredentials(SSLSession session, Subject clientSubject) throws GeneralSecurityException
session
- the session to checkclientSubject
- the client subject for the connection, which should
be read-only if it is not null
GeneralSecurityException
- if there is a problem with the
credentials
SecurityException
- if the current access control context does not
have the proper AuthenticationPermission or if the subject does
not contain the proper credentialsprivate long checkCredentials(X500PrivateCredential cred, Subject clientSubject, String permissionAction)
private String getPeerPrincipalName(Subject peerSubject)
Logger getLogger()
getLogger
in class AuthManager
X500PrivateCredential getPrivateCredential(X509Certificate cert)
getPrivateCredential
in class AuthManager
cert
- the certificate for the local principal
SecurityException
- if the current access control context does not
have the proper AuthenticationPermissionprivate X500PrivateCredential getPrivateCredential(X509Certificate cert, String peer, String permissionAction)
cert
- the certificate for the local principalpeer
- the name of the peer principal or null if not knownpermissionAction
- the AuthenticationPermission action
SecurityException
- if the current access control context does not
have the proper AuthenticationPermissionprivate AuthenticationPermission getAuthPermission(X509Certificate cert, String peer, String action)
public String[] getClientAliases(String keyType, Principal[] issuers)
public String[] getServerAliases(String keyType, Principal[] issuers)
public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket)
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |