public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo(); if (sslSession != null) { try { Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext); if (clientCerts[0] instanceof X509Certificate) { Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]); IdentityManager idm = getIdentityManager(securityContext); Account account = idm.verify(credential); if (account != null) { securityContext.authenticationComplete(account, name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; } } } catch (SSLPeerUnverifiedException e) { // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out // to NOT_ATTEMPTED. } } /* * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but * does not mandate success. */ return AuthenticationMechanismOutcome.NOT_ATTEMPTED; }
@Override public Account verify(Credential credential) { if (credential instanceof X509CertificateCredential) { X509CertificateCredential certCredential = (X509CertificateCredential) credential; X509Certificate certificate = certCredential.getCertificate(); AccountImpl account = getAccount(certificate.getSubjectDN().getName()); return verifyCredential(account, certificate); } throw new IllegalArgumentException("Parameter must be a X509CertificateCredential"); }
@Override public Account verify(Credential credential) { if (credential instanceof X509CertificateCredential) { X509CertificateCredential certCredential = (X509CertificateCredential) credential; X509Certificate certificate = certCredential.getCertificate(); AccountImpl account = getAccount(certificate.getSubjectDN().getName()); return verifyCredential(account, certificate); } throw new IllegalArgumentException("Parameter must be a X509CertificateCredential"); }
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo(); if (sslSession != null) { try { Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext); if (clientCerts[0] instanceof X509Certificate) { Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]); IdentityManager idm = getIdentityManager(securityContext); Account account = idm.verify(credential); if (account != null) { securityContext.authenticationComplete(account, name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; } } } catch (SSLPeerUnverifiedException e) { // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out // to NOT_ATTEMPTED. } } /* * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but * does not mandate success. */ return AuthenticationMechanismOutcome.NOT_ATTEMPTED; }
@Override public Account verify(Credential credential) { if (credential instanceof X509CertificateCredential) { X509CertificateCredential certCredential = (X509CertificateCredential) credential; X509Certificate certificate = certCredential.getCertificate(); AccountImpl account = getAccount(certificate.getSubjectDN().getName()); return verifyCredential(account, certificate); } throw new IllegalArgumentException("Parameter must be a X509CertificateCredential"); }
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo(); if (sslSession != null) { try { Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext); if (clientCerts[0] instanceof X509Certificate) { Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]); IdentityManager idm = getIdentityManager(securityContext); Account account = idm.verify(credential); if (account != null) { securityContext.authenticationComplete(account, name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; } } } catch (SSLPeerUnverifiedException e) { // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out // to NOT_ATTEMPTED. } } /* * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but * does not mandate success. */ return AuthenticationMechanismOutcome.NOT_ATTEMPTED; }
user = certCred.getCertificate().getSubjectDN(); } else if (credential instanceof GSSContextCredential) { GSSContextCredential gssCred = (GSSContextCredential) credential;