Class ClientCertAuthenticator

java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.authentication.ClientCertAuthenticator
All Implemented Interfaces:
Authenticator

public class ClientCertAuthenticator extends LoginAuthenticator
  • Field Details

    • PASSWORD_PROPERTY

      private static final String PASSWORD_PROPERTY
      String name of keystore password property.
      See Also:
    • _trustStorePath

      private String _trustStorePath
      Truststore path
    • _trustStoreProvider

      private String _trustStoreProvider
      Truststore provider name
    • _trustStoreType

      private String _trustStoreType
      Truststore type
    • _trustStorePassword

      private transient Password _trustStorePassword
      Truststore password
    • _validateCerts

      private boolean _validateCerts
      Set to true if SSL certificate validation is required
    • _crlPath

      private String _crlPath
      Path to file that contains Certificate Revocation List
    • _maxCertPathLength

      private int _maxCertPathLength
      Maximum certification path length (n - number of intermediate certs, -1 for unlimited)
    • _enableCRLDP

      private boolean _enableCRLDP
      CRL Distribution Points (CRLDP) support
    • _enableOCSP

      private boolean _enableOCSP
      On-Line Certificate Status Protocol (OCSP) support
    • _ocspResponderURL

      private String _ocspResponderURL
      Location of OCSP Responder
  • Constructor Details

    • ClientCertAuthenticator

      public ClientCertAuthenticator()
  • Method Details

    • getAuthMethod

      public String getAuthMethod()
      Returns:
      The name of the authentication method
    • validateRequest

      public Authentication validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) throws ServerAuthException
      Description copied from interface: Authenticator
      Validate a request
      Parameters:
      req - The request
      res - The response
      mandatory - True if authentication is mandatory.
      Returns:
      An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
      Throws:
      ServerAuthException - if unable to validate request
    • getKeyStore

      @Deprecated protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
      Deprecated.
      Throws:
      Exception
    • getKeyStore

      protected KeyStore getKeyStore(String storePath, String storeType, String storeProvider, String storePassword) throws Exception
      Loads keystore using an input stream or a file path in the same order of precedence. Required for integrations to be able to override the mechanism used to load a keystore in order to provide their own implementation.
      Parameters:
      storePath - path of keystore file
      storeType - keystore type
      storeProvider - keystore provider
      storePassword - keystore password
      Returns:
      created keystore
      Throws:
      Exception - if unable to get keystore
    • loadCRL

      protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
      Loads certificate revocation list (CRL) from a file. Required for integrations to be able to override the mechanism used to load CRL in order to provide their own implementation.
      Parameters:
      crlPath - path of certificate revocation list file
      Returns:
      a (possibly empty) collection view of java.security.cert.CRL objects initialized with the data from the input stream.
      Throws:
      Exception - if unable to load CRL
    • secureResponse

      public boolean secureResponse(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
      Description copied from interface: Authenticator
      is response secure
      Parameters:
      req - the request
      res - the response
      mandatory - if security is mandator
      validatedUser - the user that was validated
      Returns:
      true if response is secure
      Throws:
      ServerAuthException - if unable to test response
    • isValidateCerts

      public boolean isValidateCerts()
      Returns:
      true if SSL certificate has to be validated
    • setValidateCerts

      public void setValidateCerts(boolean validateCerts)
      Parameters:
      validateCerts - true if SSL certificates have to be validated
    • getTrustStore

      public String getTrustStore()
      Returns:
      The file name or URL of the trust store location
    • setTrustStore

      public void setTrustStore(String trustStorePath)
      Parameters:
      trustStorePath - The file name or URL of the trust store location
    • getTrustStoreProvider

      public String getTrustStoreProvider()
      Returns:
      The provider of the trust store
    • setTrustStoreProvider

      public void setTrustStoreProvider(String trustStoreProvider)
      Parameters:
      trustStoreProvider - The provider of the trust store
    • getTrustStoreType

      public String getTrustStoreType()
      Returns:
      The type of the trust store (default "JKS")
    • setTrustStoreType

      public void setTrustStoreType(String trustStoreType)
      Parameters:
      trustStoreType - The type of the trust store (default "JKS")
    • setTrustStorePassword

      public void setTrustStorePassword(String password)
      Parameters:
      password - The password for the trust store
    • getCrlPath

      public String getCrlPath()
      Get the crlPath.
      Returns:
      the crlPath
    • setCrlPath

      public void setCrlPath(String crlPath)
      Set the crlPath.
      Parameters:
      crlPath - the crlPath to set
    • getMaxCertPathLength

      public int getMaxCertPathLength()
      Returns:
      Maximum number of intermediate certificates in the certification path (-1 for unlimited)
    • setMaxCertPathLength

      public void setMaxCertPathLength(int maxCertPathLength)
      Parameters:
      maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)
    • isEnableCRLDP

      public boolean isEnableCRLDP()
      Returns:
      true if CRL Distribution Points support is enabled
    • setEnableCRLDP

      public void setEnableCRLDP(boolean enableCRLDP)
      Enables CRL Distribution Points Support
      Parameters:
      enableCRLDP - true - turn on, false - turns off
    • isEnableOCSP

      public boolean isEnableOCSP()
      Returns:
      true if On-Line Certificate Status Protocol support is enabled
    • setEnableOCSP

      public void setEnableOCSP(boolean enableOCSP)
      Enables On-Line Certificate Status Protocol support
      Parameters:
      enableOCSP - true - turn on, false - turn off
    • getOcspResponderURL

      public String getOcspResponderURL()
      Returns:
      Location of the OCSP Responder
    • setOcspResponderURL

      public void setOcspResponderURL(String ocspResponderURL)
      Set the location of the OCSP Responder.
      Parameters:
      ocspResponderURL - location of the OCSP Responder