summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java143
1 files changed, 62 insertions, 81 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
index 5e9e8dea4..c82142942 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
import java.security.cert.X509Certificate;
import netscape.security.x509.X509CertImpl;
@@ -37,11 +38,13 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
import com.netscape.cmscore.usrgrp.ExactMatchCertUserLocator;
import com.netscape.cmscore.usrgrp.User;
+
/**
- * Certificate server agent authentication. Maps a SSL client authenticate
- * certificate to a user (agent) entry in the internal database.
+ * Certificate server agent authentication.
+ * Maps a SSL client authenticate certificate to a user (agent) entry in the
+ * internal database.
* <P>
- *
+ *
* @author lhsiao
* @author cfu
* @version $Revision$, $Date$
@@ -78,15 +81,15 @@ public class CertUserDBAuthentication implements IAuthManager {
/**
* initializes the CertUserDBAuthentication auth manager
* <p>
- * called by AuthSubsystem init() method, when initializing all available
- * authentication managers.
- *
- * @param owner - The authentication subsystem that hosts this auth manager
- * @param config - The configuration store used by the authentication
- * subsystem
+ * called by AuthSubsystem init() method, when initializing
+ * all available authentication managers.
+ * @param owner - The authentication subsystem that hosts this
+ * auth manager
+ * @param config - The configuration store used by the
+ * authentication subsystem
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -95,25 +98,21 @@ public class CertUserDBAuthentication implements IAuthManager {
mRevocationChecking = mConfig.getSubStore("revocationChecking");
}
if (mRevocationChecking != null) {
- mRevocationCheckingEnabled = mRevocationChecking.getBoolean(
- "enabled", false);
+ mRevocationCheckingEnabled = mRevocationChecking.getBoolean("enabled", false);
if (mRevocationCheckingEnabled) {
int size = mRevocationChecking.getInteger("bufferSize", 0);
- long interval = (long) mRevocationChecking.getInteger(
- "validityInterval", 28800);
- long unknownStateInterval = (long) mRevocationChecking
- .getInteger("unknownStateInterval", 1800);
+ long interval = (long) mRevocationChecking.getInteger("validityInterval", 28800);
+ long unknownStateInterval = (long) mRevocationChecking.getInteger("unknownStateInterval", 1800);
if (size > 0)
- CMS.setListOfVerifiedCerts(size, interval,
- unknownStateInterval);
+ CMS.setListOfVerifiedCerts(size, interval, unknownStateInterval);
}
}
mCULocator = new ExactMatchCertUserLocator();
log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name));
}
-
+
/**
* Gets the name of this authentication manager.
*/
@@ -127,52 +126,45 @@ public class CertUserDBAuthentication implements IAuthManager {
public String getImplName() {
return mImplName;
}
-
+
/**
* authenticates user(agent) by certificate
* <p>
- * called by other subsystems or their servlets to authenticate users
- * (agents)
- *
- * @param authCred - authentication credential that contains an
- * usrgrp.Certificates of the user (agent)
+ * called by other subsystems or their servlets to authenticate
+ * users (agents)
+ * @param authCred - authentication credential that contains
+ * an usrgrp.Certificates of the user (agent)
* @return the authentication token that contains the following
- *
- * @exception com.netscape.certsrv.base.EAuthsException any authentication
- * failure or insufficient credentials
+ *
+ * @exception com.netscape.certsrv.base.EAuthsException any
+ * authentication failure or insufficient credentials
* @see com.netscape.certsrv.authentication.AuthToken
* @see com.netscape.certsrv.usrgrp.Certificates
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
CMS.debug("CertUserDBAuth: started");
AuthToken authToken = new AuthToken(this);
CMS.debug("CertUserDBAuth: Retrieving client certificate");
- X509Certificate[] x509Certs = (X509Certificate[]) authCred
- .get(CRED_CERT);
+ X509Certificate[] x509Certs =
+ (X509Certificate[]) authCred.get(CRED_CERT);
if (x509Certs == null) {
CMS.debug("CertUserDBAuth: no client certificate found");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
- throw new EMissingCredential(CMS.getUserMessage(
- "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
+ throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT));
}
CMS.debug("CertUserDBAuth: Got client certificate");
if (mRevocationCheckingEnabled) {
X509CertImpl cert0 = (X509CertImpl) x509Certs[0];
if (cert0 == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_NO_CERT"));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_NO_CERT"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_NO_CERT"));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_NO_CERT"));
}
if (CMS.isRevoked(x509Certs)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_REVOKED_CERT"));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_REVOKED_CERT"));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
}
@@ -185,28 +177,19 @@ public class CertUserDBAuthentication implements IAuthManager {
try {
user = (User) mCULocator.locateUser(certs);
} catch (EUsrGrpException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_AUTH_AGENT_AUTH_FAILED", x509Certs[0]
- .getSerialNumber().toString(16), x509Certs[0]
- .getSubjectDN().toString(), e.toString()));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_AUTH_FAILED", x509Certs[0].getSerialNumber().toString(16), x509Certs[0].getSubjectDN().toString(), e.toString()));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
} catch (netscape.ldap.LDAPException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_CANNOT_AGENT_AUTH",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANNOT_AGENT_AUTH", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
}
- // any unexpected error occurs like internal db down,
+ // any unexpected error occurs like internal db down,
// UGSubsystem only returns null for user.
if (user == null) {
CMS.debug("Authentication: cannot map certificate to user");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_AGENT_USER_NOT_FOUND"));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_USER_NOT_FOUND"));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
CMS.debug("Authentication: mapped certificate to user");
@@ -215,22 +198,20 @@ public class CertUserDBAuthentication implements IAuthManager {
authToken.set(TOKEN_USER_DN, user.getUserDN());
authToken.set(TOKEN_USERID, user.getUserID());
authToken.set(TOKEN_UID, user.getUserID());
- authToken.set(CRED_CERT, certs);
+ authToken.set(CRED_CERT, certs);
- log(ILogger.LL_INFO,
- CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", user.getUserID()));
+ log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", user.getUserID()));
CMS.debug("authenticated " + user.getUserDN());
return authToken;
}
/**
- * get the list of authentication credential attribute names required by
- * this authentication manager. Generally used by the servlets that handle
- * agent operations to authenticate its users. It calls this method to know
- * which are the required credentials from the user (e.g. Javascript form
- * data)
- *
+ * get the list of authentication credential attribute names
+ * required by this authentication manager. Generally used by
+ * the servlets that handle agent operations to authenticate its
+ * users. It calls this method to know which are the
+ * required credentials from the user (e.g. Javascript form data)
* @return attribute names in Vector
*/
public String[] getRequiredCreds() {
@@ -238,15 +219,15 @@ public class CertUserDBAuthentication implements IAuthManager {
}
/**
- * get the list of configuration parameter names required by this
- * authentication manager. Generally used by the Certificate Server Console
- * to display the table for configuration purposes. CertUserDBAuthentication
- * is currently not exposed in this case, so this method is not to be used.
- *
- * @return configuration parameter names in Hashtable of Vectors where each
- * hashtable entry's key is the substore name, value is a Vector of
- * parameter names. If no substore, the parameter name is the
- * Hashtable key itself, with value same as key.
+ * get the list of configuration parameter names
+ * required by this authentication manager. Generally used by
+ * the Certificate Server Console to display the table for
+ * configuration purposes. CertUserDBAuthentication is currently not
+ * exposed in this case, so this method is not to be used.
+ * @return configuration parameter names in Hashtable of Vectors
+ * where each hashtable entry's key is the substore name, value is a
+ * Vector of parameter names. If no substore, the parameter name
+ * is the Hashtable key itself, with value same as key.
*/
public String[] getConfigParams() {
return (mConfigParams);
@@ -259,8 +240,8 @@ public class CertUserDBAuthentication implements IAuthManager {
}
/**
- * gets the configuretion substore used by this authentication manager
- *
+ * gets the configuretion substore used by this authentication
+ * manager
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -270,8 +251,8 @@ public class CertUserDBAuthentication implements IAuthManager {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
- msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+ level, msg);
}
}
generated by cgit (git 2.34.1) at 2024-05-18 04:29:51 +0000