com.netscape.cms.authentication

Class CMCAuth

java.lang.Object

com.netscape.cms.authentication.CMCAuth

All Implemented Interfaces:

IAuthManager, IExtendedPluginInfo, IProfileAuthenticator

public class CMCAuth
extends java.lang.Object
implements IAuthManager, IExtendedPluginInfo, IProfileAuthenticator

UID/CMC authentication plug-in

Version:

$Revision$, $Date$

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CRED_CMC
protected static java.lang.String[]	mConfigParams
protected static java.util.Vector<java.lang.String>	mExtendedPluginInfo
protected static java.lang.String[]	mRequiredCreds
static java.lang.String	REASON_CODE
static java.lang.String	TOKEN_CERT_SERIAL

Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo

HELP_TEXT, HELP_TOKEN

Fields inherited from interface com.netscape.certsrv.profile.IProfileAuthenticator

AUTHENTICATED_NAME

Fields inherited from interface com.netscape.certsrv.authentication.IAuthManager

CRED_CERT_SERIAL_TO_REVOKE, CRED_HOST_NAME, CRED_SESSION_ID, CRED_SSL_CLIENT_CERT

Constructor Summary

Constructors

Constructor and Description
CMCAuth() Default constructor, initialization must follow.

Method Summary

Modifier and Type	Method and Description
IAuthToken	authenticate(IAuthCredentials authCred) Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT for the subject name.
java.lang.String[]	getConfigParams() Returns a list of configuration parameter names.
IConfigStore	getConfigStore() gets the configuration substore used by this authentication plug-in
java.lang.String[]	getExtendedPluginInfo() Activate the help system.
java.lang.String[]	getExtendedPluginInfo(java.util.Locale locale) This method returns an array of strings.
java.lang.String	getImplName() gets the plug-in name of this authentication plug-in.
java.lang.String	getName() gets the name of this authentication plug-in instance
java.lang.String	getName(java.util.Locale locale) Retrieves the localizable name of this policy.
java.lang.String[]	getRequiredCreds() get the list of required credentials.
java.lang.String	getText(java.util.Locale locale) Retrieves the localizable description of this policy.
IDescriptor	getValueDescriptor(java.util.Locale locale, java.lang.String name) Retrieves the descriptor of the given value parameter by name.
java.util.Enumeration<java.lang.String>	getValueNames() Retrieves a list of names of the value parameter.
void	init(IProfile profile, IConfigStore config) Initializes this default policy.
void	init(java.lang.String name, java.lang.String implName, IConfigStore config) Initializes the CMCAuth authentication plug-in.
boolean	isSSLClientRequired() Checks if this authenticator requires SSL client authentication.
boolean	isValueWriteable(java.lang.String name) Checks if the value of the given property should be serializable into the request.
protected void	log(int level, java.lang.String msg) Logs a message for this class in the system log file.
void	populate(IAuthToken token, IRequest request) Populates authentication specific information into the request for auditing purposes.
void	shutdown() prepares for shutdown.
protected IAuthToken	verifySignerInfo(AuthToken authToken, org.mozilla.jss.pkix.cms.SignedData cmcFullReq)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TOKEN_CERT_SERIAL

public static final java.lang.String TOKEN_CERT_SERIAL

See Also:

Constant Field Values

REASON_CODE

public static final java.lang.String REASON_CODE

See Also:

Constant Field Values

mConfigParams

protected static java.lang.String[] mConfigParams

CRED_CMC

public static final java.lang.String CRED_CMC

See Also:

Constant Field Values

mRequiredCreds

protected static java.lang.String[] mRequiredCreds

mExtendedPluginInfo

protected static java.util.Vector<java.lang.String> mExtendedPluginInfo

Constructor Detail

CMCAuth

public CMCAuth()

Default constructor, initialization must follow.

Method Detail

init

public void init(java.lang.String name,
                 java.lang.String implName,
                 IConfigStore config)
          throws EBaseException

Initializes the CMCAuth authentication plug-in.

Specified by:

init in interface IAuthManager

Parameters:

name - The name for this authentication plug-in instance.

implName - The name of the authentication plug-in.

config - - The configuration store for this instance.

Throws:

EBaseException - If an error occurs during initialization.

authenticate

public IAuthToken authenticate(IAuthCredentials authCred)
                        throws EMissingCredential,
                               EInvalidCredentials,
                               EBaseException

Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT for the subject name.

• signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert requests or revocation requests are submitted and signature is verified

Specified by:

authenticate in interface IAuthManager

Parameters:

authCred - Authentication credentials, CRED_UID and CRED_CMC.

Returns:

an AuthToken

Throws:

EMissingCredential - If a required authentication credential is missing.

EInvalidCredentials - If credentials failed authentication.

EBaseException - If an internal error occurred.

See Also:

AuthToken

getConfigParams

public java.lang.String[] getConfigParams()

Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.

Specified by:

getConfigParams in interface IAuthManager

Returns:

String array of configuration parameter names.

getConfigStore

public IConfigStore getConfigStore()

gets the configuration substore used by this authentication plug-in

Specified by:

getConfigStore in interface IAuthManager

Specified by:

getConfigStore in interface IProfileAuthenticator

Returns:

configuration store

getImplName

public java.lang.String getImplName()

gets the plug-in name of this authentication plug-in.

Specified by:

getImplName in interface IAuthManager

Returns:

the name of the authentication manager plugin.

getName

public java.lang.String getName()

gets the name of this authentication plug-in instance

Specified by:

getName in interface IAuthManager

Returns:

the name of this authentication manager.

getRequiredCreds

public java.lang.String[] getRequiredCreds()

get the list of required credentials.

Specified by:

getRequiredCreds in interface IAuthManager

Returns:

list of required credentials as strings.

shutdown

public void shutdown()

prepares for shutdown.

Specified by:

shutdown in interface IAuthManager

getExtendedPluginInfo

public java.lang.String[] getExtendedPluginInfo()

Activate the help system.

Returns:

help messages

log

protected void log(int level,
                   java.lang.String msg)

Logs a message for this class in the system log file.

Parameters:

level - The log level.

msg - The message to log.

See Also:

ILogger

verifySignerInfo

protected IAuthToken verifySignerInfo(AuthToken authToken,
                                      org.mozilla.jss.pkix.cms.SignedData cmcFullReq)
                               throws EBaseException

Throws:

EBaseException

getExtendedPluginInfo

public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)

Description copied from interface: IExtendedPluginInfo

This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"

Specified by:

getExtendedPluginInfo in interface IExtendedPluginInfo

init

public void init(IProfile profile,
                 IConfigStore config)
          throws EProfileException

Description copied from interface: IProfileAuthenticator

Initializes this default policy.

Specified by:

init in interface IProfileAuthenticator

Parameters:

profile - owner of this authenticator

config - configuration store

Throws:

EProfileException - failed to initialize

getName

public java.lang.String getName(java.util.Locale locale)

Retrieves the localizable name of this policy.

Specified by:

getName in interface IProfileAuthenticator

Parameters:

locale - end user locale

Returns:

localized authenticator name

getText

public java.lang.String getText(java.util.Locale locale)

Retrieves the localizable description of this policy.

Specified by:

getText in interface IProfileAuthenticator

Parameters:

locale - end user locale

Returns:

localized authenticator description

getValueNames

public java.util.Enumeration<java.lang.String> getValueNames()

Retrieves a list of names of the value parameter.

Specified by:

getValueNames in interface IProfileAuthenticator

Returns:

a list of property names

isValueWriteable

public boolean isValueWriteable(java.lang.String name)

Description copied from interface: IProfileAuthenticator

Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.

Specified by:

isValueWriteable in interface IProfileAuthenticator

Parameters:

name - property name

Returns:

true if the property is not security related

getValueDescriptor

public IDescriptor getValueDescriptor(java.util.Locale locale,
                                      java.lang.String name)

Retrieves the descriptor of the given value parameter by name.

Specified by:

getValueDescriptor in interface IProfileAuthenticator

Parameters:

locale - user locale

name - property name

Returns:

descriptor of the requested property

populate

public void populate(IAuthToken token,
                     IRequest request)
              throws EProfileException

Description copied from interface: IProfileAuthenticator

Populates authentication specific information into the request for auditing purposes.

Specified by:

populate in interface IProfileAuthenticator

Parameters:

token - authentication token

request - request

Throws:

EProfileException - failed to populate

isSSLClientRequired

public boolean isSSLClientRequired()

Description copied from interface: IProfileAuthenticator

Checks if this authenticator requires SSL client authentication.

Specified by:

isSSLClientRequired in interface IProfileAuthenticator

Returns:

client authentication required or not