Package org.wildfly.security.auth.realm.ldap

Class X509EvidenceVerifier

java.lang.Object

org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier

All Implemented Interfaces:

EvidenceVerifier

class X509EvidenceVerifier
extends Object
implements EvidenceVerifier

An EvidenceVerifier that verifies a X509PeerCertificateChainEvidence.

Author:

Jan Kalina

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
(package private) static interface	X509EvidenceVerifier.CertificateVerifier	Object allowing to verify X509 certificate against information from LDAP
(package private) static class	X509EvidenceVerifier.DigestCertificateVerifier
(package private) static class	X509EvidenceVerifier.EncodedCertificateVerifier
(package private) static class	X509EvidenceVerifier.SerialNumberCertificateVerifier
(package private) static class	X509EvidenceVerifier.SubjectDnCertificateVerifier

Field Summary

Fields

Modifier and Type	Field	Description
private List<X509EvidenceVerifier.CertificateVerifier>	certificateVerifiers

Constructor Summary

Constructors

Constructor	Description
X509EvidenceVerifier(List<X509EvidenceVerifier.CertificateVerifier> certificateVerifiers)

Method Summary

Modifier and Type	Method	Description
void	addBinaryIdentityAttributes(Collection<String> attributes)	Construct set of LDAP attributes, which should be loaded as binary data.
void	addRequiredIdentityAttributes(Collection<String> attributes)	Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.
IdentityEvidenceVerifier	forIdentity(DirContext dirContext, String distinguishedName, String url, Attributes attributes)	Obtain an IdentityEvidenceVerifier to verify the evidence for a specific identity.
SupportLevel	getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)	Get the SupportLevel for the level of evidence validation support for the named credential.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.wildfly.security.auth.realm.ldap.EvidenceVerifier

forIdentity

Field Detail

certificateVerifiers

private final List<X509EvidenceVerifier.CertificateVerifier> certificateVerifiers

Constructor Detail

X509EvidenceVerifier

X509EvidenceVerifier(List<X509EvidenceVerifier.CertificateVerifier> certificateVerifiers)

Method Detail

getEvidenceVerifySupport

public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType,
                                             String algorithmName)
                                      throws RealmUnavailableException

Description copied from interface: EvidenceVerifier

Get the SupportLevel for the level of evidence validation support for the named credential.

Specified by:

getEvidenceVerifySupport in interface EvidenceVerifier

Parameters:

evidenceType - the evidence type (must not be null)

algorithmName - the evidence algorithm name or null if none

Returns:

the level of support for the named credential

Throws:

RealmUnavailableException - if the realm is currently unable to handle requests

forIdentity

public IdentityEvidenceVerifier forIdentity(DirContext dirContext,
                                            String distinguishedName,
                                            String url,
                                            Attributes attributes)
                                     throws RealmUnavailableException

Description copied from interface: EvidenceVerifier

Obtain an IdentityEvidenceVerifier to verify the evidence for a specific identity. Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName

Specified by:

forIdentity in interface EvidenceVerifier

Parameters:

dirContext - the DirContext to use to connect to LDAP.

distinguishedName - the distinguished name of the identity entry.

url - the absolute distinguished name of identity LDAP entry as URL string (when identity is not in realm context)

attributes - the identity attributes requested by EvidenceVerifier.addRequiredIdentityAttributes(Collection).

Returns:

An IdentityEvidenceVerifier for the specified identity identified by their distinguished name.

Throws:

RealmUnavailableException

addRequiredIdentityAttributes

public void addRequiredIdentityAttributes(Collection<String> attributes)

Description copied from interface: EvidenceVerifier

Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.

Specified by:

addRequiredIdentityAttributes in interface EvidenceVerifier

Parameters:

attributes - output collection of attributes names, into which should be added

addBinaryIdentityAttributes

public void addBinaryIdentityAttributes(Collection<String> attributes)

Description copied from interface: EvidenceVerifier

Construct set of LDAP attributes, which should be loaded as binary data. Should be subset of EvidenceVerifier.addRequiredIdentityAttributes(Collection) output.

Specified by:

addBinaryIdentityAttributes in interface EvidenceVerifier

Parameters:

attributes - output collection of attributes names, into which should be added