Example 1 with X509CertificateCredential
use of io.undertow.security.idm.X509CertificateCredential in project undertow by undertow-io.
the class ClientCertAuthenticationMechanism method authenticate.
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
if (sslSession != null) {
try {
Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
if (clientCerts[0] instanceof X509Certificate) {
Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);
IdentityManager idm = getIdentityManager(securityContext);
Account account = idm.verify(credential);
if (account != null) {
securityContext.authenticationComplete(account, name, false);
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
} catch (SSLPeerUnverifiedException e) {
// No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
// to NOT_ATTEMPTED.
}
}
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Also used :
Account(io.undertow.security.idm.Account)
Credential(io.undertow.security.idm.Credential)
X509CertificateCredential(io.undertow.security.idm.X509CertificateCredential)
IdentityManager(io.undertow.security.idm.IdentityManager)
SSLSessionInfo(io.undertow.server.SSLSessionInfo)
X509CertificateCredential(io.undertow.security.idm.X509CertificateCredential)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 2 with X509CertificateCredential
use of io.undertow.security.idm.X509CertificateCredential in project wildfly by wildfly.
the class JAASIdentityManagerImpl method verify.
@Override
public Account verify(Credential credential) {
if (credential instanceof X509CertificateCredential) {
X509CertificateCredential certCredential = (X509CertificateCredential) credential;
X509Certificate certificate = certCredential.getCertificate();
AccountImpl account = getAccount(certificate.getSubjectDN().getName());
return verifyCredential(account, certificate);
}
throw new IllegalArgumentException("Parameter must be a X509CertificateCredential");
}
Also used :
X509CertificateCredential(io.undertow.security.idm.X509CertificateCredential)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X509CertificateCredential (io.undertow.security.idm.X509CertificateCredential)2
X509Certificate (java.security.cert.X509Certificate)2
Account (io.undertow.security.idm.Account)1
Credential (io.undertow.security.idm.Credential)1
IdentityManager (io.undertow.security.idm.IdentityManager)1
SSLSessionInfo (io.undertow.server.SSLSessionInfo)1
Certificate (java.security.cert.Certificate)1
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)1
