tyrex.security.cert

Class X509CertificateLoginModule

public final class X509CertificateLoginModule extends Object implements LoginModule

Implements an X509 certificate validation login module.

This module will read the client certificates associated with the subject and determine whether at least one of them was issued by a trusted party. These certificates will further be validated and against a CRL list. The principal of all the validated certificates are added to the subject.

A login exception is reported only if the client certificate failed validation (indicates a forged certificate), has expired, or has been listed as revoked in the CRL.

This module should be used in one of two modes:

The following options are supported:

By using this module with no configuration options, the default key store for the JVM will be used (typically JKS) and all the trusted certificates in that key store will be used. If at least one client certificate is found that is trusted, the login will succeed. If no client certificate is found that is trusted, the login will fail.

Version: $Revision: 1.6 $ $Date: 2004/04/21 04:18:21 $

Author: Assaf Arkin

Field Summary
static StringOPTION_CRL_CLASS
The CRL class (crl-class).
static StringOPTION_KEY_STORE
The key store name (key-store).
static StringOPTION_LOG_ERRORS
Log errors (log-errors).
static StringOPTION_TRUSTED_CERTS
The trusted certificate list (trusted-certs).
Method Summary
booleanabort()
booleancommit()
voidinitialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
booleanlogin()
booleanlogout()

Field Detail

OPTION_CRL_CLASS

public static final String OPTION_CRL_CLASS
The CRL class (crl-class). If this option is specified the named class is used to obtain an X590 CRL implementation.

OPTION_KEY_STORE

public static final String OPTION_KEY_STORE
The key store name (key-store). If this option is not specified, the default key store is used (typically JKS).

OPTION_LOG_ERRORS

public static final String OPTION_LOG_ERRORS
Log errors (log-errors). If this option is specified, initialization errors are logged to the console.

OPTION_TRUSTED_CERTS

public static final String OPTION_TRUSTED_CERTS
The trusted certificate list (trusted-certs). If this option is not specified, all the trusted certificates in the key store are used.

Method Detail

abort

public boolean abort()

commit

public boolean commit()

initialize

public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)

login

public boolean login()

logout

public boolean logout()
Original code is Copyright (c) 1999-2001, Intalio, Inc. All Rights Reserved. Contributions by MetaBoss team are Copyright (c) 2003-2005, Softaris Pty. Ltd. All Rights Reserved.