Package org.eclipse.jetty.security.authentication

Class ClientCertAuthenticator

    • Constructor Detail

      • ClientCertAuthenticator

        public ClientCertAuthenticator()

    • Method Detail

      • getAuthMethod

        public java.lang.String getAuthMethod()
        Returns:
        The name of the authentication method

      • validateRequest

        public Authentication validateRequest​(javax.servlet.ServletRequest req,
                                      javax.servlet.ServletResponse res,
                                      boolean mandatory)
                               throws ServerAuthException
        Description copied from interface: Authenticator
        Validate a request
        Parameters:
        req - The request
        res - The response
        mandatory - True if authentication is mandatory.
        Returns:
        An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
        Throws:
        ServerAuthException - if unable to validate request

      • getKeyStore

        @Deprecated
protected java.security.KeyStore getKeyStore​(java.io.InputStream storeStream,
                                             java.lang.String storePath,
                                             java.lang.String storeType,
                                             java.lang.String storeProvider,
                                             java.lang.String storePassword)
                                      throws java.lang.Exception
        Deprecated.
        Throws:
        java.lang.Exception

      • getKeyStore

        protected java.security.KeyStore getKeyStore​(java.lang.String storePath,
                                             java.lang.String storeType,
                                             java.lang.String storeProvider,
                                             java.lang.String storePassword)
                                      throws java.lang.Exception
        Loads keystore using an input stream or a file path in the same order of precedence. Required for integrations to be able to override the mechanism used to load a keystore in order to provide their own implementation.
        Parameters:
        storePath - path of keystore file
        storeType - keystore type
        storeProvider - keystore provider
        storePassword - keystore password
        Returns:
        created keystore
        Throws:
        java.lang.Exception - if unable to get keystore

      • loadCRL

        protected java.util.Collection<? extends java.security.cert.CRL> loadCRL​(java.lang.String crlPath)
                                                                  throws java.lang.Exception
        Loads certificate revocation list (CRL) from a file. Required for integrations to be able to override the mechanism used to load CRL in order to provide their own implementation.
        Parameters:
        crlPath - path of certificate revocation list file
        Returns:
        a (possibly empty) collection view of java.security.cert.CRL objects initialized with the data from the input stream.
        Throws:
        java.lang.Exception - if unable to load CRL

      • secureResponse

        public boolean secureResponse​(javax.servlet.ServletRequest req,
                              javax.servlet.ServletResponse res,
                              boolean mandatory,
                              Authentication.User validatedUser)
                       throws ServerAuthException
        Description copied from interface: Authenticator
        is response secure
        Parameters:
        req - the request
        res - the response
        mandatory - if security is mandator
        validatedUser - the user that was validated
        Returns:
        true if response is secure
        Throws:
        ServerAuthException - if unable to test response

      • isValidateCerts

        public boolean isValidateCerts()
        Returns:
        true if SSL certificate has to be validated

      • setValidateCerts

        public void setValidateCerts​(boolean validateCerts)
        Parameters:
        validateCerts - true if SSL certificates have to be validated

      • getTrustStore

        public java.lang.String getTrustStore()
        Returns:
        The file name or URL of the trust store location

      • setTrustStore

        public void setTrustStore​(java.lang.String trustStorePath)
        Parameters:
        trustStorePath - The file name or URL of the trust store location

      • getTrustStoreProvider

        public java.lang.String getTrustStoreProvider()
        Returns:
        The provider of the trust store

      • setTrustStoreProvider

        public void setTrustStoreProvider​(java.lang.String trustStoreProvider)
        Parameters:
        trustStoreProvider - The provider of the trust store

      • getTrustStoreType

        public java.lang.String getTrustStoreType()
        Returns:
        The type of the trust store (default "JKS")

      • setTrustStoreType

        public void setTrustStoreType​(java.lang.String trustStoreType)
        Parameters:
        trustStoreType - The type of the trust store (default "JKS")

      • setTrustStorePassword

        public void setTrustStorePassword​(java.lang.String password)
        Parameters:
        password - The password for the trust store

      • getCrlPath

        public java.lang.String getCrlPath()
        Get the crlPath.
        Returns:
        the crlPath

      • setCrlPath

        public void setCrlPath​(java.lang.String crlPath)
        Set the crlPath.
        Parameters:
        crlPath - the crlPath to set

      • getMaxCertPathLength

        public int getMaxCertPathLength()
        Returns:
        Maximum number of intermediate certificates in the certification path (-1 for unlimited)

      • setMaxCertPathLength

        public void setMaxCertPathLength​(int maxCertPathLength)
        Parameters:
        maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)

      • isEnableCRLDP

        public boolean isEnableCRLDP()
        Returns:
        true if CRL Distribution Points support is enabled

      • setEnableCRLDP

        public void setEnableCRLDP​(boolean enableCRLDP)
        Enables CRL Distribution Points Support
        Parameters:
        enableCRLDP - true - turn on, false - turns off

      • isEnableOCSP

        public boolean isEnableOCSP()
        Returns:
        true if On-Line Certificate Status Protocol support is enabled

      • setEnableOCSP

        public void setEnableOCSP​(boolean enableOCSP)
        Enables On-Line Certificate Status Protocol support
        Parameters:
        enableOCSP - true - turn on, false - turn off

      • getOcspResponderURL

        public java.lang.String getOcspResponderURL()
        Returns:
        Location of the OCSP Responder

      • setOcspResponderURL

        public void setOcspResponderURL​(java.lang.String ocspResponderURL)
        Set the location of the OCSP Responder.
        Parameters:
        ocspResponderURL - location of the OCSP Responder