Example 16 with DefaultAuthenticationHandlerExecutionResult
use of org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult in project cas by apereo.
the class X509CredentialsAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException {
final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
final X509Certificate[] certificates = x509Credential.getCertificates();
X509Certificate clientCert = null;
boolean hasTrustedIssuer = false;
for (int i = certificates.length - 1; i >= 0; i--) {
final X509Certificate certificate = certificates[i];
LOGGER.debug("Evaluating [{}]", CertUtils.toString(certificate));
validate(certificate);
if (!hasTrustedIssuer) {
hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
}
// getBasicConstraints returns pathLenConstraints which is generally
// >=0 when this is a CA cert and -1 when it's not
final int pathLength = certificate.getBasicConstraints();
if (pathLength < 0) {
LOGGER.debug("Found valid client certificate");
clientCert = certificate;
} else {
LOGGER.debug("Found valid CA certificate");
}
}
if (hasTrustedIssuer && clientCert != null) {
x509Credential.setCertificate(clientCert);
return new DefaultAuthenticationHandlerExecutionResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
}
LOGGER.warn("Either client certificate could not be determined, or a trusted issuer could not be located");
throw new FailedLoginException();
}
Also used :
FailedLoginException(javax.security.auth.login.FailedLoginException)
X509CertificateCredential(org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential)
DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
DefaultAuthenticationHandlerExecutionResult (org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)16
BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)12
FailedLoginException (javax.security.auth.login.FailedLoginException)8
CredentialMetaData (org.apereo.cas.authentication.CredentialMetaData)6
AuthenticationHandlerExecutionResult (org.apereo.cas.authentication.AuthenticationHandlerExecutionResult)4
DefaultAuthenticationBuilder (org.apereo.cas.authentication.DefaultAuthenticationBuilder)4
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)4
DefaultPrincipalFactory (org.apereo.cas.authentication.principal.DefaultPrincipalFactory)4
AuthenticationBuilder (org.apereo.cas.authentication.AuthenticationBuilder)3
BasicIdentifiableCredential (org.apereo.cas.authentication.BasicIdentifiableCredential)3
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)3
GeneralSecurityException (java.security.GeneralSecurityException)2
HashMap (java.util.HashMap)2
X509CertificateCredential (org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential)2
AuthenticationHandler (org.apereo.cas.authentication.AuthenticationHandler)2
SimpleTestUsernamePasswordAuthenticationHandler (org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler)2
Principal (org.apereo.cas.authentication.principal.Principal)2
SpnegoCredential (org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)2
ServiceTicket (org.apereo.cas.ticket.ServiceTicket)2
URL (java.net.URL)1
