diff options
Diffstat (limited to 'base/common/src/com/netscape/certsrv/authentication')
20 files changed, 1832 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java b/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java new file mode 100644 index 000000000..5a0cdd3b8 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java @@ -0,0 +1,105 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.util.Enumeration; +import java.util.Hashtable; + +import com.netscape.certsrv.base.IArgBlock; + +/** + * Authentication Credentials as input to the authMgr. It contains all the + * information required for authentication in the authMgr. + * <P> + * + * @version $Revision$, $Date$ + */ +public class AuthCredentials implements IAuthCredentials { + + private static final long serialVersionUID = 5862936214648594328L; + private Hashtable<String, Object> authCreds = null; + private IArgBlock argblk = null; + + /** + * Constructor + */ + public AuthCredentials() { + authCreds = new Hashtable<String, Object>(); + } + + /** + * Sets an authentication credential with credential name and the credential object + * + * @param name credential name + * @param cred credential object + */ + public void set(String name, Object cred) { + if (name != null && cred != null) + authCreds.put(name, cred); + } + + /** + * Returns the credential to which the specified name is mapped in this + * credential set + * + * @param name credential name + * @return the authentication credential for the given name + */ + public Object get(String name) { + return authCreds.get(name); + } + + /** + * Removes the name and its corresponding credential from this + * credential set. This method does nothing if the named + * credential is not in the credential set. + * + * @param name credential name + */ + public void delete(String name) { + authCreds.remove(name); + } + + /** + * Returns an enumeration of the credential names in this credential + * set. Use the Enumeration methods on the returned object to + * fetch the elements sequentially. + * + * @return an enumeration of the names in this credential set + */ + public Enumeration<String> getElements() { + return authCreds.keys(); + } + + /** + * Set the given argblock + * i * @param blk the given argblock. + */ + public void setArgBlock(IArgBlock blk) { + argblk = blk; + } + + /** + * Returns the argblock. + * + * @return the argblock. + */ + public IArgBlock getArgBlock() { + return argblk; + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java b/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java new file mode 100644 index 000000000..76161e803 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java @@ -0,0 +1,59 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * A class represents an authentication manager. It contains an + * authentication manager instance and its state (enable or not). + * + * @version $Revision$, $Date$ + */ +public class AuthManagerProxy { + private boolean mEnable; + private IAuthManager mMgr; + + /** + * Constructor + * + * @param enable true if the authMgr is enabled; false otherwise + * @param mgr authentication manager instance + */ + public AuthManagerProxy(boolean enable, IAuthManager mgr) { + mEnable = enable; + mMgr = mgr; + } + + /** + * Returns the state of the authentication manager instance + * + * @return true if the state of the authentication manager instance is + * enabled; false otherwise. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * Returns an authentication manager instance. + * + * @return an authentication manager instance + */ + public IAuthManager getAuthManager() { + return mMgr; + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java b/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java new file mode 100644 index 000000000..4226fd83c --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java @@ -0,0 +1,82 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * This class represents a registered authentication manager plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public class AuthMgrPlugin { + protected String mId = null; + protected String mClassPath = null; + protected boolean mVisible = true; + + /** + * Constructs a AuthManager plugin. + * + * @param id auth manager implementation name + * @param classPath class path + */ + public AuthMgrPlugin(String id, String classPath) { + + /* + if (id == null || classPath == null) + throw new AssertionException("Authentication Manager id or classpath can't be null"); + */ + mId = id; + mClassPath = classPath; + } + + /** + * Returns an auth manager implementation name + * + * @return an auth manager implementation name + */ + public String getId() { + return mId; + } + + /** + * Returns a classpath of a AuthManager plugin + * + * @return a classpath of a AuthManager plugin + */ + public String getClassPath() { + return mClassPath; + } + + /** + * Returns a visibility of the plugin + * + * @return a visibility of the plugin + */ + public boolean isVisible() { + return mVisible; + } + + /** + * Sets visibility of the plugin + * + * @param visibility visibility of the plugin + */ + public void setVisible(boolean visibility) { + mVisible = visibility; + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/AuthResources.java b/base/common/src/com/netscape/certsrv/authentication/AuthResources.java new file mode 100644 index 000000000..35e810112 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/AuthResources.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.util.ListResourceBundle; + +/** + * A class represents a resource bundle for the authentication component. + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public class AuthResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + * + * @return the contents of this resource + */ + public Object[][] getContents() { + return contents; + } + + /** + * A set of constants for localized error messages. + */ + static final Object[][] contents = {}; +} diff --git a/base/common/src/com/netscape/certsrv/authentication/AuthToken.java b/base/common/src/com/netscape/certsrv/authentication/AuthToken.java new file mode 100644 index 000000000..0a2b1f0a2 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/AuthToken.java @@ -0,0 +1,451 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.Enumeration; +import java.util.Hashtable; + +import netscape.security.util.DerInputStream; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.X509CertImpl; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.usrgrp.Certificates; + +/** + * Authentication token returned by Authentication Managers. + * Upon return, it contains authentication/identification information + * as well as information retrieved from the database where the + * authentication was done against. Each authentication manager has + * its own list of such information. See individual authenticaiton + * manager for more details. + * <p> + * + * @version $Revision$, $Date$ + */ +public class AuthToken implements IAuthToken { + protected Hashtable<String, Object> mAttrs = null; + + /* Subject name of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_SUBJECT = "tokenCertSubject"; + + /* NotBefore value of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_NOTBEFORE = "tokenCertNotBefore"; + + /* NotAfter value of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_NOTAFTER = "tokenCertNotAfter"; + + /* Cert Extentions value of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_EXTENSIONS = "tokenCertExts"; + + /* Serial number of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_SERIALNUM = "certSerial"; + + /** + * Certificate to be renewed + */ + public static final String TOKEN_CERT = "tokenCert"; + + /* Certificate to be revoked */ + public static final String TOKEN_CERT_TO_REVOKE = "tokenCertToRevoke"; + + /** + * Plugin name of the authentication manager that created the + * AuthToken as a string. + */ + public static final String TOKEN_AUTHMGR_IMPL_NAME = "authMgrImplName"; + + /** + * Name of the authentication manager that created the AuthToken + * as a string. + */ + public static final String TOKEN_AUTHMGR_INST_NAME = "authMgrInstName"; + + /** + * Time of authentication as a java.util.Date + */ + public static final String TOKEN_AUTHTIME = "authTime"; + + /** + * Constructs an instance of a authentication token. + * The token by default contains the following attributes: <br> + * + * <pre> + * "authMgrInstName" - The authentication manager instance name. + * "authMgrImplName" - The authentication manager plugin name. + * "authTime" - The - The time of authentication. + * </pre> + * + * @param authMgr The authentication manager that created this Token. + */ + public AuthToken(IAuthManager authMgr) { + mAttrs = new Hashtable<String, Object>(); + if (authMgr != null) { + set(TOKEN_AUTHMGR_INST_NAME, authMgr.getName()); + set(TOKEN_AUTHMGR_IMPL_NAME, authMgr.getImplName()); + } + set(TOKEN_AUTHTIME, new Date()); + } + + public String getInString(String attrName) { + return (String) mAttrs.get(attrName); + } + + public boolean set(String attrName, String value) { + if (value == null) { + return false; + } + mAttrs.put(attrName, value); + return true; + } + + /** + * Removes an attribute in the AuthToken + * + * @param attrName The name of the attribute to remove. + */ + public void delete(String attrName) { + mAttrs.remove(attrName); + } + + /** + * Enumerate all attribute names in the AuthToken. + * + * @return Enumeration of all attribute names in this AuthToken. + */ + public Enumeration<String> getElements() { + return (mAttrs.keys()); + } + + public byte[] getInByteArray(String name) { + String value = getInString(name); + if (value == null) { + return null; + } + return CMS.AtoB(value); + } + + public boolean set(String name, byte[] value) { + if (value == null) { + return false; + } + return set(name, CMS.BtoA(value)); + } + + public Integer getInInteger(String name) { + String strVal = getInString(name); + if (strVal == null) { + return null; + } + try { + return Integer.valueOf(strVal); + } catch (NumberFormatException e) { + return null; + } + } + + public boolean set(String name, Integer value) { + if (value == null) { + return false; + } + return set(name, value.toString()); + } + + public BigInteger[] getInBigIntegerArray(String name) { + String value = getInString(name); + if (value == null) { + return null; + } + String[] values = value.split(","); + if (values.length == 0) { + return null; + } + BigInteger[] result = new BigInteger[values.length]; + for (int i = 0; i < values.length; i++) { + try { + result[i] = new BigInteger(values[i]); + } catch (NumberFormatException e) { + return null; + } + } + return result; + } + + public boolean set(String name, BigInteger[] value) { + if (value == null) { + return false; + } + StringBuffer buffer = new StringBuffer(); + for (int i = 0; i < value.length; i++) { + if (i != 0) { + buffer.append(","); + } + buffer.append(value[i].toString()); + } + return set(name, buffer.toString()); + } + + public Date getInDate(String name) { + String value = getInString(name); + if (value == null) { + return null; + } + try { + return new Date(Long.parseLong(value)); + } catch (NumberFormatException e) { + return null; + } + } + + public boolean set(String name, Date value) { + if (value == null) { + return false; + } + return set(name, String.valueOf(value.getTime())); + } + + public String[] getInStringArray(String name) { + String[] stringValues; + + byte[] byteValue = getInByteArray(name); + if (byteValue == null) { + return null; + } + try { + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + stringValues = new String[derValues.length]; + for (int i = 0; i < derValues.length; i++) { + stringValues[i] = derValues[i].getAsString(); + } + } catch (IOException e) { + return null; + } + return stringValues; + } + + public boolean set(String name, String[] value) { + if (value == null) { + return false; + } + DerOutputStream out = new DerOutputStream(); + DerValue[] derValues = new DerValue[value.length]; + try { + for (int i = 0; i < value.length; i++) { + derValues[i] = new DerValue(value[i]); + } + out.putSequence(derValues); + return set(name, out.toByteArray()); + } catch (IOException e) { + return false; + } + } + + public X509CertImpl getInCert(String name) { + byte[] data = getInByteArray(name); + if (data == null) { + return null; + } + try { + return new X509CertImpl(data); + } catch (CertificateException e) { + return null; + } + } + + public boolean set(String name, X509CertImpl value) { + if (value == null) { + return false; + } + ByteArrayOutputStream out = new ByteArrayOutputStream(); + try { + value.encode(out); + } catch (CertificateEncodingException e) { + return false; + } + return set(name, out.toByteArray()); + } + + public CertificateExtensions getInCertExts(String name) { + CertificateExtensions exts = null; + byte[] data = getInByteArray(name); + if (data != null) { + try { + exts = new CertificateExtensions(); + // exts.decode() doesn't work for empty CertExts + exts.decodeEx(new ByteArrayInputStream(data)); + } catch (IOException e) { + return null; + } + } + return exts; + } + + public boolean set(String name, CertificateExtensions value) { + if (value == null) { + return false; + } + ByteArrayOutputStream out = new ByteArrayOutputStream(); + try { + value.encode(out); + } catch (IOException e) { + return false; + } catch (CertificateException e) { + return false; + } + return set(name, out.toByteArray()); + } + + public Certificates getInCertificates(String name) { + X509CertImpl[] certArray; + + byte[] byteValue = getInByteArray(name); + if (byteValue == null) { + return null; + } + + try { + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + certArray = new X509CertImpl[derValues.length]; + for (int i = 0; i < derValues.length; i++) { + byte[] certData = derValues[i].toByteArray(); + certArray[i] = new X509CertImpl(certData); + } + } catch (IOException e) { + return null; + } catch (CertificateException e) { + return null; + } + return new Certificates(certArray); + } + + public boolean set(String name, Certificates value) { + if (value == null) { + return false; + } + DerOutputStream derStream = new DerOutputStream(); + X509Certificate[] certArray = value.getCertificates(); + DerValue[] derValues = new DerValue[certArray.length]; + try { + for (int i = 0; i < certArray.length; i++) { + ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); + try { + X509CertImpl certImpl = (X509CertImpl) certArray[i]; + certImpl.encode(byteStream); + derValues[i] = new DerValue(byteStream.toByteArray()); + } catch (CertificateEncodingException e) { + return false; + } catch (ClassCastException e) { + return false; + } + } + derStream.putSequence(derValues); + return set(name, derStream.toByteArray()); + } catch (IOException e) { + return false; + } + } + + public byte[][] getInByteArrayArray(String name) { + byte[][] retval; + + byte[] byteValue = getInByteArray(name); + if (byteValue == null) { + return null; + } + try { + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + retval = new byte[derValues.length][]; + for (int i = 0; i < derValues.length; i++) { + retval[i] = derValues[i].getOctetString(); + } + } catch (IOException e) { + return null; + } + return retval; + } + + public boolean set(String name, byte[][] value) { + if (value == null) { + return false; + } + DerOutputStream out = new DerOutputStream(); + DerValue[] derValues = new DerValue[value.length]; + try { + for (int i = 0; i < value.length; i++) { + derValues[i] = new DerValue(DerValue.tag_OctetString, value[i]); + } + out.putSequence(derValues); + return set(name, out.toByteArray()); + } catch (IOException e) { + return false; + } + } + + /** + * Enumerate all attribute values in the AuthToken. + * + * @return Enumeration of all attribute names in this AuthToken. + */ + public Enumeration<Object> getVals() { + return (mAttrs.elements()); + } + + /** + * Gets the name of the authentication manager instance that created + * this token. + * + * @return The name of the authentication manager instance that created + * this token. + */ + public String getAuthManagerInstName() { + return ((String) mAttrs.get(TOKEN_AUTHMGR_INST_NAME)); + } + + /** + * Gets the plugin name of the authentication manager that created this + * token. + * + * @return The plugin name of the authentication manager that created this + * token. + */ + public String getAuthManagerImplName() { + return ((String) mAttrs.get(TOKEN_AUTHMGR_IMPL_NAME)); + } + + /** + * Gets the time of authentication. + * + * @return The time of authentication + */ + public Date getAuthTime() { + return ((Date) mAttrs.get(TOKEN_AUTHTIME)); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/EAuthException.java b/base/common/src/com/netscape/certsrv/authentication/EAuthException.java new file mode 100644 index 000000000..c79c3e9a7 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/EAuthException.java @@ -0,0 +1,91 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import com.netscape.certsrv.base.EBaseException; + +/** + * This class represents authentication exceptions. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EAuthException extends EBaseException { + + /** + * + */ + private static final long serialVersionUID = -2763649418082002427L; + /** + * Resource class name + */ + private static final String AUTH_RESOURCES = AuthResources.class.getName(); + + /** + * Constructs an authentication exception + * <P> + * + * @param msgFormat exception details + */ + public EAuthException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs an authentication exception with a parameter. + * <p> + * + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EAuthException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a auth exception with a exception parameter. + * <P> + * + * @param msgFormat exception details in message string format + * @param exception system exception + */ + public EAuthException(String msgFormat, Exception exception) { + super(msgFormat, exception); + } + + /** + * Constructs a auth exception with a list of parameters. + * <P> + * + * @param msgFormat the message format. + * @param params list of message format parameters + */ + public EAuthException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Returns the resource bundle name + * + * @return resource bundle name. + */ + protected String getBundleName() { + return AUTH_RESOURCES; + } + +} diff --git a/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java b/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java new file mode 100644 index 000000000..52688f922 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * An exception for authentication internal error. + */ +public class EAuthInternalError extends EAuthException { + + /** + * + */ + private static final long serialVersionUID = -4020816090107820450L; + + /** + * Constructs an authentication internal error exception + * with a detailed message. + * + * @param errorString Detailed error message. + */ + public EAuthInternalError(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java b/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java new file mode 100644 index 000000000..925aaabf0 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * Exception for authentication manager not found. + */ +public class EAuthMgrNotFound extends EAuthException { + + /** + * + */ + private static final long serialVersionUID = 3102946146034004983L; + + /** + * Constructs a exception for a missing authentication manager + * + * @param errorString error string for missing authentication manager + */ + public EAuthMgrNotFound(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java b/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java new file mode 100644 index 000000000..2ca90e3c8 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * Exception for authentication manager not found. + */ +public class EAuthMgrPluginNotFound extends EAuthException { + + /** + * + */ + private static final long serialVersionUID = 7422356574227925974L; + + /** + * Constructs a exception for a missing authentication manager plugin + * + * @param errorString error for a missing authentication manager plugin + */ + public EAuthMgrPluginNotFound(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java b/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java new file mode 100644 index 000000000..f816c35e8 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * Exception for invalid attribute value + */ +public class EAuthUserError extends EAuthException { + + /** + * + */ + private static final long serialVersionUID = 287839079094761375L; + + /** + * Constructs a exception for a Invalid attribute value + * + * @param errorString Detailed error message. + */ + public EAuthUserError(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java b/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java new file mode 100644 index 000000000..84725bb96 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * An exception for DN component syntax error. + */ +public class ECompSyntaxErr extends EAuthException { + + /** + * + */ + private static final long serialVersionUID = 5434000917203952218L; + + /** + * Constructs an component syntax error + * + * @param errorString Detailed error message. + */ + public ECompSyntaxErr(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java b/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java new file mode 100644 index 000000000..952824481 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * An exception for Error formulating the subject name (X500Name) + */ +public class EFormSubjectDN extends EAuthException { + + /** + * + */ + private static final long serialVersionUID = 4052335779095200482L; + + /** + * Constructs an Error on formulating the subject dn. + * + * @param errorString Detailed error message. + */ + public EFormSubjectDN(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java b/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java new file mode 100644 index 000000000..3e4daaf0d --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * An exception for invalid credentials. + */ +public class EInvalidCredentials extends EAuthException { + + /** + * + */ + private static final long serialVersionUID = -5695804026210904331L; + + /** + * Constructs an Invalid Credentials exception. + * + * @param errorString Detailed error message. + */ + public EInvalidCredentials(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java b/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java new file mode 100644 index 000000000..5de73aa0d --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * Exception for missing a required authentication credential. + */ +public class EMissingCredential extends EAuthException { + + /** + * + */ + private static final long serialVersionUID = 1252384491944341767L; + + /** + * Constructs a exception for a missing required authentication credential + * + * @param errorString Detailed error message. + */ + public EMissingCredential(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java b/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java new file mode 100644 index 000000000..cd8434433 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import com.netscape.certsrv.base.IArgBlock; +import com.netscape.certsrv.base.IAttrSet; + +/** + * An interface represents authentication credentials: + * e.g. uid/pwd, uid/pin, certificate, etc. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthCredentials extends IAttrSet { + + /** + * Set argblock. + * + * @param blk argblock + */ + public void setArgBlock(IArgBlock blk); + + /** + * Returns argblock. + * + * @return Argblock. + */ + public IArgBlock getArgBlock(); +} diff --git a/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java b/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java new file mode 100644 index 000000000..1ff46af7d --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java @@ -0,0 +1,112 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; + +/** + * Authentication Manager interface. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthManager { + + /* standard credential for client cert from ssl client auth */ + public static final String CRED_SSL_CLIENT_CERT = "sslClientCert"; + + /** + * Standard credential for client cert's serial number from revocation. + */ + public static final String CRED_CERT_SERIAL_TO_REVOKE = "certSerialToRevoke"; + public static final String CRED_SESSION_ID = "sessionID"; + public static final String CRED_HOST_NAME = "hostname"; + + /** + * Get the name of this authentication manager instance. + * <p> + * + * @return the name of this authentication manager. + */ + public String getName(); + + /** + * Get name of authentication manager plugin. + * <p> + * + * @return the name of the authentication manager plugin. + */ + public String getImplName(); + + /** + * Authenticate the given credentials. + * + * @param authCred The authentication credentials + * @return authentication token + * @exception EMissingCredential If a required credential for this + * authentication manager is missing. + * @exception EInvalidCredentials If credentials cannot be authenticated. + * @exception EBaseException If an internal error occurred. + */ + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException; + + /** + * Initialize this authentication manager. + * + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException; + + /** + * Prepare this authentication manager for a shutdown. + * Called when the server is exiting for any cleanup needed. + */ + public void shutdown(); + + /** + * Gets a list of the required credentials for this authentication manager. + * + * @return The required credential attributes. + */ + public String[] getRequiredCreds(); + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @return a list of configuration parameters. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException; + + /** + * Get the configuration store for this authentication manager. + * + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore(); +} diff --git a/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java b/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java new file mode 100644 index 000000000..329b6802e --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java @@ -0,0 +1,239 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.util.Enumeration; +import java.util.Hashtable; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ISubsystem; + +/** + * An interface that represents an authentication component + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthSubsystem extends ISubsystem { + + /** + * Constant for auths. + */ + public static final String ID = "auths"; + + /** + * Constant for class. + */ + public static final String PROP_CLASS = "class"; + + /** + * Constant for impl + */ + public static final String PROP_IMPL = "impl"; + + /** + * Constant for pluginName. + */ + public static final String PROP_PLUGIN = "pluginName"; + + /** + * Constant for instance. + */ + public static final String PROP_INSTANCE = "instance"; + + /* XXX should not be here */ + + /** + * Constant for password based authentication plugin ID. + */ + public static final String PASSWDUSERDB_PLUGIN_ID = "passwdUserDBAuthPlugin"; + + /** + * Constant for certificate based authentication plugin ID. + */ + public static final String CERTUSERDB_PLUGIN_ID = "certUserDBAuthPlugin"; + + /** + * Constant for challenge based authentication plugin ID. + */ + public static final String CHALLENGE_PLUGIN_ID = "challengeAuthPlugin"; + + /** + * Constant for null authentication plugin ID. + */ + public static final String NULL_PLUGIN_ID = "nullAuthPlugin"; + + /** + * Constant for ssl client authentication plugin ID. + */ + public static final String SSLCLIENTCERT_PLUGIN_ID = "sslClientCertAuthPlugin"; + + /** + * Constant for password based authentication manager ID. + */ + public static final String PASSWDUSERDB_AUTHMGR_ID = "passwdUserDBAuthMgr"; + + /** + * Constant for certificate based authentication manager ID. + */ + public static final String CERTUSERDB_AUTHMGR_ID = "certUserDBAuthMgr"; + + /** + * Constant for challenge based authentication manager ID. + */ + public static final String CHALLENGE_AUTHMGR_ID = "challengeAuthMgr"; + + /** + * Constant for null authentication manager ID. + */ + public static final String NULL_AUTHMGR_ID = "nullAuthMgr"; + + /** + * Constant for ssl client authentication manager ID. + */ + public static final String SSLCLIENTCERT_AUTHMGR_ID = "sslClientCertAuthMgr"; + + /** + * Constant for CMC authentication plugin ID. + */ + public static final String CMCAUTH_PLUGIN_ID = "CMCAuth"; + + /** + * Constant for CMC authentication manager ID. + */ + public static final String CMCAUTH_AUTHMGR_ID = "CMCAuth"; + + /** + * Authenticate the given credentials using the given manager name. + * + * @param authCred The authentication credentials + * @param authMgrName The authentication manager name + * @return a authentication token. + * @exception EMissingCredential when missing credential during authentication + * @exception EInvalidCredentials when the credential is invalid + * @exception EBaseException If an error occurs during authentication. + */ + public IAuthToken authenticate(IAuthCredentials authCred, String authMgrName) + throws EMissingCredential, EInvalidCredentials, EBaseException; + + /** + * Gets the required credential attributes for the given authentication + * manager. + * + * @param authMgrName The authentication manager name + * @return a Vector of required credential attribute names. + * @exception EBaseException If the required credential is missing + */ + public String[] getRequiredCreds(String authMgrName) throws EBaseException; + + /** + * Adds (registers) the given authentication manager. + * + * @param name The authentication manager name + * @param authMgr The authentication manager instance. + */ + public void add(String name, IAuthManager authMgr); + + /** + * Deletes (deregisters) the given authentication manager. + * + * @param name The authentication manager name to delete. + */ + public void delete(String name); + + /** + * Gets the Authentication manager instance of the specified name. + * + * @param name The authentication manager's name. + * @exception EBaseException when internal error occurs. + */ + public IAuthManager getAuthManager(String name) throws EBaseException; + + /** + * Gets an enumeration of authentication managers registered to the + * authentication subsystem. + * + * @return a list of authentication managers + */ + public Enumeration<IAuthManager> getAuthManagers(); + + /** + * Gets an enumeration of authentication manager plugins. + * + * @return a list of authentication plugins + */ + public Enumeration<AuthMgrPlugin> getAuthManagerPlugins(); + + /** + * Gets a single authentication manager plugin implementation + * + * @param name given authentication plugin name + * @return the given authentication plugin + */ + public IAuthManager getAuthManagerPlugin(String name); + + /** + * Get configuration parameters for a authentication mgr plugin. + * + * @param implName The plugin name. + * @return configuration parameters for the given authentication manager plugin + * @exception EAuthMgrPluginNotFound If the authentication manager + * plugin is not found. + * @exception EBaseException If an internal error occurred. + */ + public String[] getConfigParams(String implName) + throws EAuthMgrPluginNotFound, EBaseException; + + /** + * Log error message. + * + * @param level log level + * @param msg error message + */ + public void log(int level, String msg); + + /** + * Get a hashtable containing all authentication plugins. + * + * @return all authentication plugins. + */ + public Hashtable<String, AuthMgrPlugin> getPlugins(); + + /** + * Get a hashtable containing all authentication instances. + * + * @return all authentication instances. + */ + public Hashtable<?, ?> getInstances(); + + /** + * Get an authentication manager interface for the given name. + * + * @param name given authentication manager name. + * @return an authentication manager for the given manager name. + */ + public IAuthManager get(String name); + + /** + * Get an authentication manager plugin impl for the given name. + * + * @param name given authentication manager name. + * @return an authentication manager plugin + */ + public AuthMgrPlugin getAuthManagerPluginImpl(String name); +} diff --git a/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java b/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java new file mode 100644 index 000000000..f46ee3ca1 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java @@ -0,0 +1,225 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.math.BigInteger; +import java.util.Date; +import java.util.Enumeration; + +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.X509CertImpl; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.usrgrp.Certificates; + +/** + * AuthToken interface. + */ +public interface IAuthToken { + + /** + * Constant for userid. + */ + public static final String USER_ID = "userid"; + + /** + * Sets an attribute value within this AttrSet. + * + * @param name the name of the attribute + * @param value the attribute object. + * @return false on an error + */ + public boolean set(String name, String value); + + /** + * Gets an attribute value. + * + * @param name the name of the attribute to return. + * @exception EBaseException on attribute handling errors. + * @return the attribute value + */ + public String getInString(String name); + + /** + * Returns an enumeration of the names of the attributes existing within + * this AttrSet. + * + * @return an enumeration of the attribute names. + */ + public Enumeration<String> getElements(); + + /************ + * Helpers for non-string sets and gets. + * These are needed because AuthToken is stored in IRequest (which can + * only store string values + */ + + /** + * Retrieves the byte array value for name. The value should have been + * previously stored as a byte array (it will be CMS.AtoB decoded). + * + * @param name The attribute name. + * @return The byte array or null on error. + */ + public byte[] getInByteArray(String name); + + /** + * Stores the byte array with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return false on an error + */ + public boolean set(String name, byte[] value); + + /** + * Retrieves the Integer value for name. + * + * @param name The attribute name. + * @return The Integer or null on error. + */ + public Integer getInInteger(String name); + + /** + * Stores the Integer with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return false on an error + */ + public boolean set(String name, Integer value); + + /** + * Retrieves the BigInteger array value for name. + * + * @param name The attribute name. + * @return The value or null on error. + */ + public BigInteger[] getInBigIntegerArray(String name); + + /** + * Stores the BigInteger array with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return false on an error + */ + public boolean set(String name, BigInteger[] value); + + /** + * Retrieves the Date value for name. + * + * @param name The attribute name. + * @return The value or null on error. + */ + public Date getInDate(String name); + + /** + * Stores the Date with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return false on an error + */ + public boolean set(String name, Date value); + + /** + * Retrieves the String array value for name. + * + * @param name The attribute name. + * @return The value or null on error. + */ + public String[] getInStringArray(String name); + + /** + * Stores the String array with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return False on error. + */ + public boolean set(String name, String[] value); + + /** + * Retrieves the X509CertImpl value for name. + * + * @param name The attribute name. + * @return The value or null on error. + */ + public X509CertImpl getInCert(String name); + + /** + * Stores the X509CertImpl with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return false on error + */ + public boolean set(String name, X509CertImpl value); + + /** + * Retrieves the CertificateExtensions value for name. + * + * @param name The attribute name. + * @return The value or null on error. + */ + public CertificateExtensions getInCertExts(String name); + + /** + * Stores the CertificateExtensions with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return false on error + */ + public boolean set(String name, CertificateExtensions value); + + /** + * Retrieves the Certificates value for name. + * + * @param name The attribute name. + * @return The value or null on error. + */ + public Certificates getInCertificates(String name); + + /** + * Stores the Certificates with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return false on error + */ + public boolean set(String name, Certificates value); + + /** + * Retrieves the byte[][] value for name. + * + * @param name The attribute name. + * @return The value or null on error. + */ + public byte[][] getInByteArrayArray(String name); + + /** + * Stores the byte[][] with the associated key. + * + * @param name The attribute name. + * @param value The value to store + * @return false on error + */ + public boolean set(String name, byte[][] value); +} diff --git a/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java b/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java new file mode 100644 index 000000000..6932decc0 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.security.cert.X509Certificate; + +/** + * This interface represents an object that captures the + * SSL client certificate in a SSL session. Normally, this + * object is a servlet. + * <p> + * + * This interface is used to avoid the internal imeplemtnation to have servlet (protocol handler) dependency. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface ISSLClientCertProvider { + + /** + * Retrieves the SSL client certificate chain. + * + * @return certificate chain + */ + public X509Certificate[] getClientCertificateChain(); + +} diff --git a/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java b/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java new file mode 100644 index 000000000..830c8866e --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.math.BigInteger; + +import org.mozilla.jss.pkix.cmc.PKIData; + +/** + * Shared Token interface. + */ +public interface ISharedToken { + + public String getSharedToken(PKIData cmcData); + + public String getSharedToken(BigInteger serialnum); +} |