|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object issrg.security.DefaultVerifier issrg.security.DefaultSecurity
public abstract class DefaultSecurity
This is the default security class. It can sign and verify signatures on the given objects. The signing key should be provided as a part of PKCS#12 file (e.g. generated using openssl utility).
This default security supports:
Sample key generation using openssl:
openssl x509 -newkey rsa:1024 -out pkc.1 -keyout sk.1 -outform DER
The above line will generate a self-signed PKC and will output a private RSA 1024-bit long key into sk.1 file. The PKC will be saved in pkc.1 file.
Field Summary | |
---|---|
protected javax.security.auth.callback.CallbackHandler |
ch
|
static java.lang.String |
DEFAULT_FILE
|
static java.lang.String |
DEFAULT_FILE_STRING
Configuration variable for setting a default file to be used by the login method: "DefaultSecurity.DefaultFile". |
static java.lang.String |
DIGEST_ALGORITHM
This variable specifies what digest algorithm to use to generate digital signatures. |
protected java.lang.String |
digestAlgorithm
This variable specifies the digest algorithm used by the actual instance; the value is copied from DIGEST_ALGORITHM at instantiation time. |
static java.util.Map |
DSA_ALGORITHMS
|
static java.util.Map |
KEY_ALGORITHMS
This is a Map of Public Key cryptography algorithms supported. |
static java.lang.String |
LAST_FILE_STRING
Configuration variable for setting the last file to be used by the login method: "DefaultSecurity.LastFile". |
static java.lang.String |
MD2_WITH_RSA_ALGORITHM
This is the OID of the MD2 with RSA signature algorithm. |
static java.lang.String |
MD4_WITH_RSA_ALGORITHM
This is the OID of the MD4 with RSA signature algorithm. |
static java.lang.String |
MD5_WITH_RSA_ALGORITHM
This is the OID of the MD5 with RSA signature algorithm. |
protected java.util.Map |
options
|
static java.lang.String |
PASSWORD_SHARES_INTEGER
Configuration variable containing the number of password shares: "DefaultSecurity.PasswordShares" |
static java.lang.String |
PASSWORD_SHARES_STRING
Configuration variable containing the prompt to be displayed before each password share is input (the number will be appended automatically): "DefaultSecurity.PasswordSharesPrompt" |
static java.lang.String |
PASSWORD_STORED
This is the name under which we can store and retrieve the password for PKCS12 signing key. |
static java.lang.String |
PASSWORDS
This is the name under which we can store and collect passwords |
static java.lang.String |
PROMPT_STRING
Configuration variable containing the prompt to be displayed right before the file selection and passwords: "DefaultSecurity.Prompt" |
static java.util.Map |
RSA_ALGORITHMS
|
static java.lang.String |
SHA1_WITH_DSA_ALGORITHM
This is the OID of the SHA-1 with DSA signature algorithm. |
static java.lang.String |
SHA1_WITH_RSA_ALGORITHM
This is the OID of the SHA-1 with RSA signature algorithm. |
protected java.util.Map |
sharedState
|
protected javax.security.auth.Subject |
subj
|
static java.lang.String |
TITLE_STRING
Configuration variable containing the title to be displayed at the beginning of the authentication process: "DefaultSecurity.Title" |
Constructor Summary | |
---|---|
DefaultSecurity()
|
Method Summary | |
---|---|
boolean |
abort()
This method aborts the current log in process. |
boolean |
commit()
This method confirms that the identity of the user must be accepted by the authentication mechanism, as per JAAS specification. |
java.lang.String |
getDigestAlgorithm()
This method returns the default Digest Algorithm used by this object when signing. |
protected abstract FilenameCallback |
getFilenameCallback(java.lang.String filename)
This method returns a FilenameCallback that prompts for implementation-specific type of files. |
java.security.PrivateKey |
getPrivateKey()
This method returns the PrivateKey of the logged in user. |
protected java.security.Signature |
getSignature()
This method returns the current Signature implementation that will be used by sign method. |
java.lang.String |
getSigningAlgorithmID()
This method returns the signing Algorithm Identifier, which is a combination of the default hashing algorithm and the encryption algorithm of the Private Key. |
java.security.cert.X509Certificate |
getVerificationCertificate()
The method returns the verification certificate of just signed in user. |
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map sharedState,
java.util.Map options)
This method prepares the Login Module for logging in the specified subject using the given callback handlers and the maps of configuration parameters. |
boolean |
isLoggedIn()
This method checks whether any user has logged in. |
boolean |
login()
This method logs the user in by authenticating him against a file. |
abstract void |
login(java.lang.String filename,
char[] password)
This method logs in using a single password. |
protected void |
login(java.lang.String filename,
char[][] ps)
This method logs in using multiple password shares. |
boolean |
logout()
Logs the user out by removing his secret key. |
void |
setDigestAlgorithm(java.lang.String da)
This method sets the Digest Algorithm to be used to produce hash of the to-be-signed data. |
void |
setPrivateKey(java.security.PrivateKey pk)
This method sets the PrivateKey of the logged in user. |
protected void |
setSignature(java.security.Signature sig)
This method should be called by the login method to set the Signature implementation. |
byte[] |
sign(byte[] toBeSigned)
This method signs the data using the secret key of the logged in user. |
Methods inherited from class issrg.security.DefaultVerifier |
---|
getPKCRepository, getRootCAs, getVerificationCertificates, setPKCRepository, setRootCA, setRootCA, setRootCAs, setRootCAs, verify, verifyByRoot |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String DEFAULT_FILE_STRING
public static final java.lang.String LAST_FILE_STRING
public static final java.lang.String PROMPT_STRING
public static final java.lang.String TITLE_STRING
public static final java.lang.String PASSWORD_SHARES_INTEGER
public static final java.lang.String PASSWORD_SHARES_STRING
public static final java.lang.String DEFAULT_FILE
public static java.lang.String DIGEST_ALGORITHM
protected java.lang.String digestAlgorithm
public static java.util.Map DSA_ALGORITHMS
public static java.util.Map RSA_ALGORITHMS
public static java.util.Map KEY_ALGORITHMS
public static final java.lang.String SHA1_WITH_DSA_ALGORITHM
public static final java.lang.String SHA1_WITH_RSA_ALGORITHM
public static final java.lang.String MD5_WITH_RSA_ALGORITHM
public static final java.lang.String MD4_WITH_RSA_ALGORITHM
public static final java.lang.String MD2_WITH_RSA_ALGORITHM
public static final java.lang.String PASSWORD_STORED
public static final java.lang.String PASSWORDS
protected javax.security.auth.Subject subj
protected javax.security.auth.callback.CallbackHandler ch
protected java.util.Map sharedState
protected java.util.Map options
Constructor Detail |
---|
public DefaultSecurity() throws SecurityException
SecurityException
Method Detail |
---|
public java.security.cert.X509Certificate getVerificationCertificate() throws SecurityException
getVerificationCertificate
in interface Signer
SecurityException
- if the certificate cannot be returned (for
example, a session is not open, or the certificate is not available)public byte[] sign(byte[] toBeSigned) throws SecurityException
sign
in interface Signer
toBeSigned
- - the byte array for which a digital signature must be
generated
SecurityException
- if there was a problem when signing the datapublic boolean isLoggedIn()
isLoggedIn
in interface SessionOriented
public java.security.PrivateKey getPrivateKey()
public void setPrivateKey(java.security.PrivateKey pk)
Normally you should not use this method, if a user has been logged in.
pk
- - the PrivateKey to use for signing and decryption for the logged
in userpublic boolean logout()
logout
in interface javax.security.auth.spi.LoginModule
public boolean abort()
abort
in interface javax.security.auth.spi.LoginModule
public boolean commit()
commit
in interface javax.security.auth.spi.LoginModule
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
initialize
in interface javax.security.auth.spi.LoginModule
subject
- - the Subject that should be populated with the data about
the user that logs incallbackHandler
- - the CallbackHandler to be used to display the user
input controlssharedState
- - the Map of settings shared between multiple
LoginModule instances, or between the login attempts on the same
LoginModuleoptions
- - the options configuring the behaviour of this LoginModulepublic boolean login() throws javax.security.auth.login.LoginException
Upon successful authentication the Public Credentials of the Subject (provided via initialize) are set to contain the X.509 PKC of the user obtained from the file; the Private Credentials of the Subject are set to contain the PrivateKey from the file, and the reference to this DefaultSecurity object; the SubjectDN from the PKC is added to the set of Principals of the Subject.
The file is remembered in the sharedState map, and will be reused for subsequent invocations of this method.
login
in interface javax.security.auth.spi.LoginModule
javax.security.auth.login.LoginException
- if the object is not in the right state, an
exception occured during some operation, or if authentication failedprotected void login(java.lang.String filename, char[][] ps) throws SecurityException
SecurityException
protected void setSignature(java.security.Signature sig)
sig
- - the Signature implementation to be used by sign methodprotected java.security.Signature getSignature()
protected abstract FilenameCallback getFilenameCallback(java.lang.String filename)
filename
- - the default file to be prompted by CallbackHandler
public abstract void login(java.lang.String filename, char[] password) throws SecurityException
filename
- - the file containing the encrypted Private Key of the userpassword
- - the password to be used to decrypt the key
SecurityException
public java.lang.String getSigningAlgorithmID() throws SecurityException
getSigningAlgorithmID
in interface Signer
SecurityException
- if no user was logged in, or the Algorithm ID is
not known (e.g. obscure hashing algorithm has been set, or the Private
Key cannot be used to generate digital signatures)public java.lang.String getDigestAlgorithm()
public void setDigestAlgorithm(java.lang.String da)
da
- - the name of the Digest Algorithm
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |