public class X509AuthenticationProvider extends Object implements AuthenticationProvider
zookeeper.ssl.keyStore.location
zookeeper.ssl.trustStore.location
zookeeper.ssl.keyStore.password
zookeeper.ssl.trustStore.password
Constructor and Description |
---|
X509AuthenticationProvider()
Initialize the X509AuthenticationProvider with a JKS KeyStore and JKS
TrustStore according to the following system properties:
zookeeper.ssl.keyStore.location
zookeeper.ssl.trustStore.location
zookeeper.ssl.keyStore.password
zookeeper.ssl.trustStore.password |
X509AuthenticationProvider(X509TrustManager trustManager,
X509KeyManager keyManager)
Initialize the X509AuthenticationProvider with the provided
X509TrustManager and X509KeyManager.
|
Modifier and Type | Method and Description |
---|---|
protected String |
getClientId(X509Certificate clientCert)
Determine the string to be used as the remote host session Id for
authorization purposes.
|
X509KeyManager |
getKeyManager()
Get the X509KeyManager implementation used for certificate management.
|
String |
getScheme()
The String used to represent this provider.
|
X509TrustManager |
getTrustManager()
Get the X509TrustManager implementation used for remote host
authentication.
|
KeeperException.Code |
handleAuthentication(ServerCnxn cnxn,
byte[] authData)
This method is called when a client passes authentication data for this
scheme.
|
boolean |
isAuthenticated()
This method is used to check if the authentication done by this provider
should be used to identify the creator of a node.
|
boolean |
isValid(String id)
Validates the syntax of an id.
|
boolean |
matches(String id,
String aclExpr)
This method is called to see if the given id matches the given id
expression in the ACL.
|
public X509AuthenticationProvider() throws X509Exception
zookeeper.ssl.keyStore.location
zookeeper.ssl.trustStore.location
zookeeper.ssl.keyStore.password
zookeeper.ssl.trustStore.password
X509Exception
public X509AuthenticationProvider(X509TrustManager trustManager, X509KeyManager keyManager)
trustManager
- X509TrustManager implementation to use for remote
host authentication.keyManager
- X509KeyManager implementation to use for certificate
management.public String getScheme()
AuthenticationProvider
getScheme
in interface AuthenticationProvider
public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData)
AuthenticationProvider
handleAuthentication
in interface AuthenticationProvider
cnxn
- the cnxn that received the authentication information.authData
- the authentication data received.protected String getClientId(X509Certificate clientCert)
clientCert
- Authenticated X509Certificate associated with the
remote host.public boolean matches(String id, String aclExpr)
AuthenticationProvider
matches
in interface AuthenticationProvider
id
- the id to check.aclExpr
- the expression to match ids against.public boolean isAuthenticated()
AuthenticationProvider
isAuthenticated
in interface AuthenticationProvider
public boolean isValid(String id)
AuthenticationProvider
isValid
in interface AuthenticationProvider
id
- the id to validate.public X509TrustManager getTrustManager() throws X509Exception.TrustManagerException
X509Exception.TrustManagerException
- When there is no trust manager available.public X509KeyManager getKeyManager() throws X509Exception.KeyManagerException
X509Exception.KeyManagerException
- When there is no key manager available.Copyright © 2008–2019 The Apache Software Foundation. All rights reserved.