Class ClientCertAuthenticator

java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.authentication.ClientCertAuthenticator
All Implemented Interfaces:
Authenticator
public class ClientCertAuthenticator extends LoginAuthenticator

  • Field Details

    • PASSWORD_PROPERTY

      private static final String PASSWORD_PROPERTY
      String name of keystore password property.
      See Also:

    • _trustStorePath

      private String _trustStorePath
      Truststore path

    • _trustStoreProvider

      private String _trustStoreProvider
      Truststore provider name

    • _trustStoreType

      private String _trustStoreType
      Truststore type

    • _trustStorePassword

      private transient Password _trustStorePassword
      Truststore password

    • _validateCerts

      private boolean _validateCerts
      Set to true if SSL certificate validation is required

    • _crlPath

      private String _crlPath
      Path to file that contains Certificate Revocation List

    • _maxCertPathLength

      private int _maxCertPathLength
      Maximum certification path length (n - number of intermediate certs, -1 for unlimited)

    • _enableCRLDP

      private boolean _enableCRLDP
      CRL Distribution Points (CRLDP) support

    • _enableOCSP

      private boolean _enableOCSP
      On-Line Certificate Status Protocol (OCSP) support

    • _ocspResponderURL

      private String _ocspResponderURL
      Location of OCSP Responder

  • Constructor Details

    • ClientCertAuthenticator

      public ClientCertAuthenticator()

  • Method Details

    • getAuthMethod

      public String getAuthMethod()
      Returns:
      The name of the authentication method

    • validateRequest

      public Authentication validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) throws ServerAuthException
      Description copied from interface: Authenticator
      Validate a request
      Parameters:
      req - The request
      res - The response
      mandatory - True if authentication is mandatory.
      Returns:
      An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
      Throws:
      ServerAuthException - if unable to validate request

    • getKeyStore

      @Deprecated protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
      Deprecated.
      Throws:
      Exception

    • getKeyStore

      protected KeyStore getKeyStore(String storePath, String storeType, String storeProvider, String storePassword) throws Exception
      Loads keystore using an input stream or a file path in the same order of precedence. Required for integrations to be able to override the mechanism used to load a keystore in order to provide their own implementation.
      Parameters:
      storePath - path of keystore file
      storeType - keystore type
      storeProvider - keystore provider
      storePassword - keystore password
      Returns:
      created keystore
      Throws:
      Exception - if unable to get keystore

    • loadCRL

      protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
      Loads certificate revocation list (CRL) from a file. Required for integrations to be able to override the mechanism used to load CRL in order to provide their own implementation.
      Parameters:
      crlPath - path of certificate revocation list file
      Returns:
      a (possibly empty) collection view of java.security.cert.CRL objects initialized with the data from the input stream.
      Throws:
      Exception - if unable to load CRL

    • secureResponse

      public boolean secureResponse(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
      Description copied from interface: Authenticator
      is response secure
      Parameters:
      req - the request
      res - the response
      mandatory - if security is mandator
      validatedUser - the user that was validated
      Returns:
      true if response is secure
      Throws:
      ServerAuthException - if unable to test response

    • isValidateCerts

      public boolean isValidateCerts()
      Returns:
      true if SSL certificate has to be validated

    • setValidateCerts

      public void setValidateCerts(boolean validateCerts)
      Parameters:
      validateCerts - true if SSL certificates have to be validated

    • getTrustStore

      public String getTrustStore()
      Returns:
      The file name or URL of the trust store location

    • setTrustStore

      public void setTrustStore(String trustStorePath)
      Parameters:
      trustStorePath - The file name or URL of the trust store location

    • getTrustStoreProvider

      public String getTrustStoreProvider()
      Returns:
      The provider of the trust store

    • setTrustStoreProvider

      public void setTrustStoreProvider(String trustStoreProvider)
      Parameters:
      trustStoreProvider - The provider of the trust store

    • getTrustStoreType

      public String getTrustStoreType()
      Returns:
      The type of the trust store (default "JKS")

    • setTrustStoreType

      public void setTrustStoreType(String trustStoreType)
      Parameters:
      trustStoreType - The type of the trust store (default "JKS")

    • setTrustStorePassword

      public void setTrustStorePassword(String password)
      Parameters:
      password - The password for the trust store

    • getCrlPath

      public String getCrlPath()
      Get the crlPath.
      Returns:
      the crlPath

    • setCrlPath

      public void setCrlPath(String crlPath)
      Set the crlPath.
      Parameters:
      crlPath - the crlPath to set

    • getMaxCertPathLength

      public int getMaxCertPathLength()
      Returns:
      Maximum number of intermediate certificates in the certification path (-1 for unlimited)

    • setMaxCertPathLength

      public void setMaxCertPathLength(int maxCertPathLength)
      Parameters:
      maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)

    • isEnableCRLDP

      public boolean isEnableCRLDP()
      Returns:
      true if CRL Distribution Points support is enabled

    • setEnableCRLDP

      public void setEnableCRLDP(boolean enableCRLDP)
      Enables CRL Distribution Points Support
      Parameters:
      enableCRLDP - true - turn on, false - turns off

    • isEnableOCSP

      public boolean isEnableOCSP()
      Returns:
      true if On-Line Certificate Status Protocol support is enabled

    • setEnableOCSP

      public void setEnableOCSP(boolean enableOCSP)
      Enables On-Line Certificate Status Protocol support
      Parameters:
      enableOCSP - true - turn on, false - turn off

    • getOcspResponderURL

      public String getOcspResponderURL()
      Returns:
      Location of the OCSP Responder

    • setOcspResponderURL

      public void setOcspResponderURL(String ocspResponderURL)
      Set the location of the OCSP Responder.
      Parameters:
      ocspResponderURL - location of the OCSP Responder