|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.jini.jeri.ssl.Utilities
net.jini.jeri.ssl.FilterX509TrustManager
net.jini.jeri.ssl.AuthManager
abstract class AuthManager
Implements X509KeyManager by getting its key and credential information from a JAAS subject, and X509TrustManager by using FilterX509TrustManager. Combines both the key and trust managers to enable subclasses to use information for both when checking permissions.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities |
---|
Utilities.SSLContextInfo |
Field Summary | |
---|---|
private Set |
permittedLocalPrincipals
If non-null, then only principals in this set may be used to authenticate the local end of the connection. |
(package private) boolean |
subjectIsReadOnly
Whether the subject was read-only when it was stored -- used to avoid checking for changes in the contents of the subject. |
private WeakReference |
subjectRef
The Subject from which to retrieve principals and credentials. |
Fields inherited from class net.jini.jeri.ssl.Utilities |
---|
ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL |
Constructor Summary | |
---|---|
AuthManager(Subject subject,
Set permittedLocalPrincipals,
Set permittedRemotePrincipals)
Creates an AuthManager that retrieves principals and credentials for authentication from the specified subject. |
Method Summary | |
---|---|
(package private) static long |
certificatesValidUntil(CertPath chain)
Returns the latest time for which all of the X.509 certificates in the certificate chain are valid. |
(package private) static long |
certificatesValidUntil(X509Certificate[] chain)
Returns the latest time for which all of the X.509 certificates in the certificate chain are valid. |
private X500PrivateCredential |
checkChain(CertPath chain,
String keyType,
Principal[] issuers)
Checks if the specified certificate chain can be used for keys of the specified type and with the specified issuers. |
(package private) X500PrivateCredential |
chooseCredential(String keyType,
Principal[] issuers)
Returns a private credential that matches the specified key type and issuers for which checkChain returns a non-null value, or null if no matching credentials are found. |
(package private) boolean |
equalPrivateCredentials(X500PrivateCredential cred1,
X500PrivateCredential cred2)
Checks if the two private credentials refer to the same principal and have the equivalent private key. |
(package private) String[] |
getAliases(String keyType,
Principal[] issuers)
Returns all the aliases that match the specified key type and issuers for which checkChain succeeds. |
X509Certificate[] |
getCertificateChain(String alias)
|
(package private) abstract Logger |
getLogger()
Returns the logger to use for logging. |
(package private) abstract X500PrivateCredential |
getPrivateCredential(X509Certificate cert)
Gets the private credential for the specified X.509 certificate. |
PrivateKey |
getPrivateKey(String alias)
|
(package private) Subject |
getSubject()
Returns the Subject, or null if the subject was null or if the weak reference has been cleared. |
Methods inherited from class net.jini.jeri.ssl.FilterX509TrustManager |
---|
checkClientTrusted, checkServerTrusted, getAcceptedIssuers, setPermittedRemotePrincipals |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface javax.net.ssl.X509KeyManager |
---|
chooseClientAlias, chooseServerAlias, getClientAliases, getServerAliases |
Field Detail |
---|
private final WeakReference subjectRef
final boolean subjectIsReadOnly
private final Set permittedLocalPrincipals
Constructor Detail |
---|
AuthManager(Subject subject, Set permittedLocalPrincipals, Set permittedRemotePrincipals) throws NoSuchAlgorithmException
subject
- the subject for retrieving principals and credentialspermittedLocalPrincipals
- if non-null, then only principals in
this set may be used to authenticate the local end of the
connectionpermittedRemotePrincipals
- if non-null, then only principals in
this set will be trusted to authenticate the peer
NoSuchAlgorithmException
- if the trust manager factory algorithm
is not foundMethod Detail |
---|
abstract X500PrivateCredential getPrivateCredential(X509Certificate cert)
cert
- the X.509 certificate
SecurityException
- if the current access control context does not
have the proper AuthenticationPermissionabstract Logger getLogger()
Subject getSubject()
String[] getAliases(String keyType, Principal[] issuers)
X500PrivateCredential chooseCredential(String keyType, Principal[] issuers) throws GeneralSecurityException
GeneralSecurityException
private X500PrivateCredential checkChain(CertPath chain, String keyType, Principal[] issuers) throws GeneralSecurityException
Checks that:
Because the following things should only occur because of a configuration problem, this method does not check for:
GeneralSecurityException
static long certificatesValidUntil(CertPath chain)
static long certificatesValidUntil(X509Certificate[] chain)
boolean equalPrivateCredentials(X500PrivateCredential cred1, X500PrivateCredential cred2)
public X509Certificate[] getCertificateChain(String alias)
getCertificateChain
in interface X509KeyManager
public PrivateKey getPrivateKey(String alias)
getPrivateKey
in interface X509KeyManager
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |