com.netscape.cms.authentication
Class CMCAuth

java.lang.Object
  extended by com.netscape.cms.authentication.CMCAuth
All Implemented Interfaces:
IAuthManager, IExtendedPluginInfo, IProfileAuthenticator

public class CMCAuth
extends java.lang.Object
implements IAuthManager, IExtendedPluginInfo, IProfileAuthenticator

UID/CMC authentication plug-in

Version:
$Revision: 1310 $, $Date: 2010-09-20 17:28:48 -0700 (Mon, 20 Sep 2010) $

Field Summary
static java.lang.String CRED_CMC
           
protected static java.lang.String[] mConfigParams
           
protected static java.util.Vector mExtendedPluginInfo
           
protected static java.lang.String[] mRequiredCreds
           
static java.lang.String REASON_CODE
           
static java.lang.String TOKEN_CERT_SERIAL
           
 
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
 
Fields inherited from interface com.netscape.certsrv.profile.IProfileAuthenticator
AUTHENTICATED_NAME
 
Fields inherited from interface com.netscape.certsrv.authentication.IAuthManager
CRED_CERT_SERIAL_TO_REVOKE, CRED_HOST_NAME, CRED_SESSION_ID, CRED_SSL_CLIENT_CERT
 
Constructor Summary
CMCAuth()
          Default constructor, initialization must follow.
 
Method Summary
 IAuthToken authenticate(IAuthCredentials authCred)
          Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT for the subject name.
 java.lang.String[] getConfigParams()
          Returns a list of configuration parameter names.
 IConfigStore getConfigStore()
          gets the configuration substore used by this authentication plug-in
 java.lang.String[] getExtendedPluginInfo()
          Activate the help system.
 java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
          This method returns an array of strings.
 java.lang.String getImplName()
          gets the plug-in name of this authentication plug-in.
 java.lang.String getName()
          gets the name of this authentication plug-in instance
 java.lang.String getName(java.util.Locale locale)
          Retrieves the localizable name of this policy.
 java.lang.String[] getRequiredCreds()
          get the list of required credentials.
 java.lang.String getText(java.util.Locale locale)
          Retrieves the localizable description of this policy.
 IDescriptor getValueDescriptor(java.util.Locale locale, java.lang.String name)
          Retrieves the descriptor of the given value parameter by name.
 java.util.Enumeration getValueNames()
          Retrieves a list of names of the value parameter.
 void init(IProfile profile, IConfigStore config)
          Initializes this default policy.
 void init(java.lang.String name, java.lang.String implName, IConfigStore config)
          Initializes the CMCAuth authentication plug-in.
 boolean isSSLClientRequired()
          Checks if this authenticator requires SSL client authentication.
 boolean isValueWriteable(java.lang.String name)
          Checks if the value of the given property should be serializable into the request.
protected  void log(int level, java.lang.String msg)
          Logs a message for this class in the system log file.
 void populate(IAuthToken token, IRequest request)
          Populates authentication specific information into the request for auditing purposes.
 void shutdown()
          prepares for shutdown.
protected  IAuthToken verifySignerInfo(AuthToken authToken, org.mozilla.jss.pkix.cms.SignedData cmcFullReq)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

TOKEN_CERT_SERIAL

public static final java.lang.String TOKEN_CERT_SERIAL
See Also:
Constant Field Values

REASON_CODE

public static final java.lang.String REASON_CODE
See Also:
Constant Field Values

mConfigParams

protected static java.lang.String[] mConfigParams

CRED_CMC

public static final java.lang.String CRED_CMC
See Also:
Constant Field Values

mRequiredCreds

protected static java.lang.String[] mRequiredCreds

mExtendedPluginInfo

protected static java.util.Vector mExtendedPluginInfo
Constructor Detail

CMCAuth

public CMCAuth()
Default constructor, initialization must follow.

Method Detail

init

public void init(java.lang.String name,
                 java.lang.String implName,
                 IConfigStore config)
          throws EBaseException
Initializes the CMCAuth authentication plug-in.

Specified by:
init in interface IAuthManager
Parameters:
name - The name for this authentication plug-in instance.
implName - The name of the authentication plug-in.
config - - The configuration store for this instance.
Throws:
EBaseException - If an error occurs during initialization.

authenticate

public IAuthToken authenticate(IAuthCredentials authCred)
                        throws EMissingCredential,
                               EInvalidCredentials,
                               EBaseException
Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT for the subject name.

Specified by:
authenticate in interface IAuthManager
Parameters:
authCred - Authentication credentials, CRED_UID and CRED_CMC.
Returns:
an AuthToken
Throws:
EMissingCredential - If a required authentication credential is missing.
EInvalidCredentials - If credentials failed authentication.
EBaseException - If an internal error occurred.
See Also:
AuthToken

getConfigParams

public java.lang.String[] getConfigParams()
Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.

Specified by:
getConfigParams in interface IAuthManager
Returns:
String array of configuration parameter names.

getConfigStore

public IConfigStore getConfigStore()
gets the configuration substore used by this authentication plug-in

Specified by:
getConfigStore in interface IAuthManager
Specified by:
getConfigStore in interface IProfileAuthenticator
Returns:
configuration store

getImplName

public java.lang.String getImplName()
gets the plug-in name of this authentication plug-in.

Specified by:
getImplName in interface IAuthManager
Returns:
the name of the authentication manager plugin.

getName

public java.lang.String getName()
gets the name of this authentication plug-in instance

Specified by:
getName in interface IAuthManager
Returns:
the name of this authentication manager.

getRequiredCreds

public java.lang.String[] getRequiredCreds()
get the list of required credentials.

Specified by:
getRequiredCreds in interface IAuthManager
Returns:
list of required credentials as strings.

shutdown

public void shutdown()
prepares for shutdown.

Specified by:
shutdown in interface IAuthManager

getExtendedPluginInfo

public java.lang.String[] getExtendedPluginInfo()
Activate the help system.

Returns:
help messages

log

protected void log(int level,
                   java.lang.String msg)
Logs a message for this class in the system log file.

Parameters:
level - The log level.
msg - The message to log.
See Also:
ILogger

verifySignerInfo

protected IAuthToken verifySignerInfo(AuthToken authToken,
                                      org.mozilla.jss.pkix.cms.SignedData cmcFullReq)
                               throws EInvalidCredentials
Throws:
EInvalidCredentials

getExtendedPluginInfo

public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
Description copied from interface: IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"

Specified by:
getExtendedPluginInfo in interface IExtendedPluginInfo

init

public void init(IProfile profile,
                 IConfigStore config)
          throws EProfileException
Description copied from interface: IProfileAuthenticator
Initializes this default policy.

Specified by:
init in interface IProfileAuthenticator
Parameters:
profile - owner of this authenticator
config - configuration store
Throws:
EProfileException - failed to initialize

getName

public java.lang.String getName(java.util.Locale locale)
Retrieves the localizable name of this policy.

Specified by:
getName in interface IProfileAuthenticator
Parameters:
locale - end user locale
Returns:
localized authenticator name

getText

public java.lang.String getText(java.util.Locale locale)
Retrieves the localizable description of this policy.

Specified by:
getText in interface IProfileAuthenticator
Parameters:
locale - end user locale
Returns:
localized authenticator description

getValueNames

public java.util.Enumeration getValueNames()
Retrieves a list of names of the value parameter.

Specified by:
getValueNames in interface IProfileAuthenticator
Returns:
a list of property names

isValueWriteable

public boolean isValueWriteable(java.lang.String name)
Description copied from interface: IProfileAuthenticator
Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.

Specified by:
isValueWriteable in interface IProfileAuthenticator
Parameters:
name - property name
Returns:
true if the property is not security related

getValueDescriptor

public IDescriptor getValueDescriptor(java.util.Locale locale,
                                      java.lang.String name)
Retrieves the descriptor of the given value parameter by name.

Specified by:
getValueDescriptor in interface IProfileAuthenticator
Parameters:
locale - user locale
name - property name
Returns:
descriptor of the requested property

populate

public void populate(IAuthToken token,
                     IRequest request)
              throws EProfileException
Description copied from interface: IProfileAuthenticator
Populates authentication specific information into the request for auditing purposes.

Specified by:
populate in interface IProfileAuthenticator
Parameters:
token - authentication token
request - request
Throws:
EProfileException - failed to populate

isSSLClientRequired

public boolean isSSLClientRequired()
Description copied from interface: IProfileAuthenticator
Checks if this authenticator requires SSL client authentication.

Specified by:
isSSLClientRequired in interface IProfileAuthenticator
Returns:
client authentication required or not