Class AgentCertAuthentication

java.lang.Object
com.netscape.cms.authentication.AgentCertAuthentication
All Implemented Interfaces:
ProfileAuthenticator, AuthManager
public class AgentCertAuthentication extends Object implements ProfileAuthenticator
Certificate server agent authentication. Maps a SSL client authenticate certificate to a user (agent) entry in the internal database.

Version:
$Revision$, $Date$

  • Field Details

    • logger

      public static org.slf4j.Logger logger

    • CRED_CERT

      public static final String CRED_CERT
      See Also:

    • mRequiredCreds

      protected String[] mRequiredCreds

    • mConfigParams

      protected static String[] mConfigParams

  • Constructor Details

    • AgentCertAuthentication

      public AgentCertAuthentication()

  • Method Details

    • init

      public void init(String name, String implName, AuthManagerConfig config) throws EBaseException
      initializes the CertUserDBAuthentication auth manager

      called by AuthSubsystem init() method, when initializing all available authentication managers.

      Specified by:
      init in interface AuthManager
      Parameters:
      name - The name of this authentication manager instance.
      implName - The name of the authentication manager plugin.
      config - The configuration store for this authentication manager.
      Throws:
      EBaseException - If an initialization error occurred.

    • getName

      public String getName()
      Gets the name of this authentication manager.
      Specified by:
      getName in interface AuthManager
      Returns:
      the name of this authentication manager.

    • getImplName

      public String getImplName()
      Gets the plugin name of authentication manager.
      Specified by:
      getImplName in interface AuthManager
      Returns:
      the name of the authentication manager plugin.

    • isSSLClientRequired

      public boolean isSSLClientRequired()
      Description copied from interface: ProfileAuthenticator
      Checks if this authenticator requires SSL client authentication.
      Specified by:
      isSSLClientRequired in interface ProfileAuthenticator
      Returns:
      client authentication required or not

    • authenticate

      public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException
      authenticates user(agent) by certificate

      called by other subsystems or their servlets to authenticate users (agents)

      Specified by:
      authenticate in interface AuthManager
      Parameters:
      authCred - - authentication credential that contains an usrgrp.Certificates of the user (agent)
      Returns:
      the authentication token that contains the following
      Throws:
      EMissingCredential - If a required credential for this authentication manager is missing.
      EInvalidCredentials - If credentials cannot be authenticated.
      EBaseException - If an internal error occurred.
      See Also:

    • getRequiredCreds

      public String[] getRequiredCreds()
      get the list of authentication credential attribute names required by this authentication manager. Generally used by the servlets that handle agent operations to authenticate its users. It calls this method to know which are the required credentials from the user (e.g. Javascript form data)
      Specified by:
      getRequiredCreds in interface AuthManager
      Returns:
      attribute names in Vector

    • getConfigParams

      public String[] getConfigParams()
      get the list of configuration parameter names required by this authentication manager. Generally used by the Certificate Server Console to display the table for configuration purposes. CertUserDBAuthentication is currently not exposed in this case, so this method is not to be used.
      Specified by:
      getConfigParams in interface AuthManager
      Returns:
      configuration parameter names in Hashtable of Vectors where each hashtable entry's key is the substore name, value is a Vector of parameter names. If no substore, the parameter name is the Hashtable key itself, with value same as key.

    • shutdown

      public void shutdown()
      prepare this authentication manager for shutdown.
      Specified by:
      shutdown in interface AuthManager

    • getConfigStore

      public AuthManagerConfig getConfigStore()
      gets the configuration substore used by this authentication manager
      Specified by:
      getConfigStore in interface AuthManager
      Specified by:
      getConfigStore in interface ProfileAuthenticator
      Returns:
      configuration store

    • init

      public void init(Profile profile, IConfigStore config) throws EProfileException
      Description copied from interface: ProfileAuthenticator
      Initializes this default policy.
      Specified by:
      init in interface ProfileAuthenticator
      Parameters:
      profile - owner of this authenticator
      config - configuration store
      Throws:
      EProfileException - failed to initialize

    • getName

      public String getName(Locale locale)
      Retrieves the localizable name of this policy.
      Specified by:
      getName in interface ProfileAuthenticator
      Parameters:
      locale - end user locale
      Returns:
      localized authenticator name

    • getText

      public String getText(Locale locale)
      Retrieves the localizable description of this policy.
      Specified by:
      getText in interface ProfileAuthenticator
      Parameters:
      locale - end user locale
      Returns:
      localized authenticator description

    • getValueNames

      public Enumeration<String> getValueNames()
      Retrieves a list of names of the value parameter.
      Specified by:
      getValueNames in interface ProfileAuthenticator
      Returns:
      a list of property names

    • isValueWriteable

      public boolean isValueWriteable(String name)
      Description copied from interface: ProfileAuthenticator
      Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.
      Specified by:
      isValueWriteable in interface ProfileAuthenticator
      Parameters:
      name - property name
      Returns:
      true if the property is not security related

    • getValueDescriptor

      public IDescriptor getValueDescriptor(Locale locale, String name)
      Retrieves the descriptor of the given value parameter by name.
      Specified by:
      getValueDescriptor in interface ProfileAuthenticator
      Parameters:
      locale - user locale
      name - property name
      Returns:
      descriptor of the requested property

    • populate

      public void populate(IAuthToken token, IRequest request) throws EProfileException
      Description copied from interface: ProfileAuthenticator
      Populates authentication specific information into the request for auditing purposes.
      Specified by:
      populate in interface ProfileAuthenticator
      Parameters:
      token - authentication token
      request - request
      Throws:
      EProfileException - failed to populate