Package com.netscape.cms.authentication

Class CMCUserSignedAuth

  • All Implemented Interfaces:
    IExtendedPluginInfo, IProfileAuthenticator, IAuthManager
    public class CMCUserSignedAuth
extends java.lang.Object
implements IAuthManager, IExtendedPluginInfo, IProfileAuthenticator
    User Signed CMC authentication plug-in note: - this version differs from CMCAuth in that it allows non-agent users to sign own cmc requests; It is expected to be used with CMCUserSignedSubjectNameDefault and CMCUserSignedSubjectNameConstraint so that the resulting cert will bear the same subjectDN of that of the CMC signing cert - it originates from CMCAuth with modification for user-signed cmc
    Version:
    $Revision$, $Date$
    Author:
    cfu - user signed cmc authentication

    • Field Detail

      • logger

        public static org.slf4j.Logger logger

      • TOKEN_CERT_SERIAL

        public static final java.lang.String TOKEN_CERT_SERIAL
        See Also:
        Constant Field Values

      • mConfigParams

        protected static java.lang.String[] mConfigParams

      • mRequiredCreds

        protected static java.lang.String[] mRequiredCreds

      • mExtendedPluginInfo

        protected static java.util.Vector<java.lang.String> mExtendedPluginInfo

    • Constructor Detail

      • CMCUserSignedAuth

        public CMCUserSignedAuth()
        Default constructor, initialization must follow.

    • Method Detail

      • init

        public void init​(java.lang.String name,
                 java.lang.String implName,
                 AuthManagerConfig config)
          throws EBaseException
        Initializes the CMCUserSignedAuth authentication plug-in.

        Specified by:
        init in interface IAuthManager
        Parameters:
        name - The name for this authentication plug-in instance.
        implName - The name of the authentication plug-in.
        config - - The configuration store for this instance.
        Throws:
        EBaseException - If an error occurs during initialization.

      • verifySelfSignedCMC

        protected void verifySelfSignedCMC​(org.mozilla.jss.pkix.cms.SignerInfo signerInfo,
                                   org.mozilla.jss.asn1.OBJECT_IDENTIFIER id)
                            throws EBaseException
        Throws:
        EBaseException

      • getConfigParams

        public java.lang.String[] getConfigParams()
        Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.

        Specified by:
        getConfigParams in interface IAuthManager
        Returns:
        String array of configuration parameter names.

      • getImplName

        public java.lang.String getImplName()
        gets the plug-in name of this authentication plug-in.
        Specified by:
        getImplName in interface IAuthManager
        Returns:
        the name of the authentication manager plugin.

      • getName

        public java.lang.String getName()
        gets the name of this authentication plug-in instance
        Specified by:
        getName in interface IAuthManager
        Returns:
        the name of this authentication manager.

      • getRequiredCreds

        public java.lang.String[] getRequiredCreds()
        get the list of required credentials.

        Specified by:
        getRequiredCreds in interface IAuthManager
        Returns:
        list of required credentials as strings.

      • shutdown

        public void shutdown()
        prepares for shutdown.
        Specified by:
        shutdown in interface IAuthManager

      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo()
        Activate the help system.

        Returns:
        help messages

      • verifySignerInfo

        protected IAuthToken verifySignerInfo​(SessionContext auditContext,
                                      AuthToken authToken,
                                      org.mozilla.jss.pkix.cms.SignedData cmcFullReq)
                               throws EBaseException,
                                      EInvalidCredentials,
                                      EMissingCredential
        User-signed CMC requests can be signed in two ways: a. signed with previously issued user signing cert b. self-signed with the private key paired with the public key in the request In case "a", the resulting authToke would contain (IAuthManager.CRED_CMC_SIGNING_CERT, signing cert serial number) In case "b", the resulting authToke would not contain the attribute IAuthManager.CRED_CMC_SIGNING_CERT
        Throws:
        EBaseException
        EInvalidCredentials
        EMissingCredential

      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
        Description copied from interface: IExtendedPluginInfo
        This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
        Specified by:
        getExtendedPluginInfo in interface IExtendedPluginInfo

      • getName

        public java.lang.String getName​(java.util.Locale locale)
        Retrieves the localizable name of this policy.
        Specified by:
        getName in interface IProfileAuthenticator
        Parameters:
        locale - end user locale
        Returns:
        localized authenticator name

      • getText

        public java.lang.String getText​(java.util.Locale locale)
        Retrieves the localizable description of this policy.
        Specified by:
        getText in interface IProfileAuthenticator
        Parameters:
        locale - end user locale
        Returns:
        localized authenticator description

      • getValueNames

        public java.util.Enumeration<java.lang.String> getValueNames()
        Retrieves a list of names of the value parameter.
        Specified by:
        getValueNames in interface IProfileAuthenticator
        Returns:
        a list of property names

      • isValueWriteable

        public boolean isValueWriteable​(java.lang.String name)
        Description copied from interface: IProfileAuthenticator
        Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.
        Specified by:
        isValueWriteable in interface IProfileAuthenticator
        Parameters:
        name - property name
        Returns:
        true if the property is not security related

      • getValueDescriptor

        public IDescriptor getValueDescriptor​(java.util.Locale locale,
                                      java.lang.String name)
        Retrieves the descriptor of the given value parameter by name.
        Specified by:
        getValueDescriptor in interface IProfileAuthenticator
        Parameters:
        locale - user locale
        name - property name
        Returns:
        descriptor of the requested property