nl.nikhef.slcshttps
Class SURFCAHttps

java.lang.Object
  extended by nl.nikhef.slcshttps.CAHttps
      extended by nl.nikhef.slcshttps.SURFCAHttps

public class SURFCAHttps
extends CAHttps

Implementation of the abstract CAHttps for obtaining a certificate from the SURFnet online CA. This typically consists of calling

Version:
0.2
Author:
Mischa Sallé

Nested Class Summary
(package private) static class SURFCAHttps.StdioComm
          Implementation of a SURFCAHttps.SURFCACommunicator using simple text via stdin/stderr/stdout.
static interface SURFCAHttps.SURFCACommunicator
          Interface for SURFCAHttps communication with the user.
 
Field Summary
static String AUTH_URL
          URL to send the CSR hash to, its value is set using the property AUTH_URL_PROPERTY.
static String AUTH_URL_PROPERTY
          Name of property defining where to send the CSR hash to via webbrowser: "nl.nikhef.slcshttps.AUTH_URL"; use for example "https://knikker.surfnet.nl/onlineca/x509.php?hash=" or just "?hash=" as its value.
static String CERT_URL
          URL to send the CSR itself to, its value is be set using the property CERT_URL_PROPERTY.
static String CERT_URL_PROPERTY
          Name of property defining where to get the certificate from: "nl.nikhef.slcshttps.CERT_URL"; use for example "https://knikker.surfnet.nl/onlineca/x509.php" as its value.
private  SURFCAHttps.SURFCACommunicator comm
          The SURFCAHttps.SURFCACommunicator to be used for this instance, either equal to defaultComm or set using the constructor SURFCAHttps(SURFCACommunicator).
static String COMMPROP
          Name of property defining which SURFCAHttps.SURFCACommunicator to use: "nl.nikhef.slcshttps.comm".
private static String commString
          Contains the the value of the property "nl.nikhef.slcshttps.comm".
private static SURFCAHttps.SURFCACommunicator defaultComm
          The default SURFCAHttps.SURFCACommunicator to be used for new instances of SURFCAHttps, can be set using setCommunicator(String).
private static boolean showSuccess
          Defines whether to acknowledge successful certificate import, download etc.
 
Fields inherited from class nl.nikhef.slcshttps.CAHttps
cryptoStore, HTTPS_PROP, SUCCESS_PROP
 
Constructor Summary
SURFCAHttps()
          constructs a default SURFCAHttps object, which includes creation of a Certificate Signing Request (CSR).
SURFCAHttps(PrintStream myErr, PrintStream myOut, InputStream myIn, SURFCAHttps.SURFCACommunicator communicator)
          constructs a SURFCAHttps object and changes stdout/stdin to the streams specified.
SURFCAHttps(SURFCAHttps.SURFCACommunicator communicator)
          constructs a SURFCAHttps object and will use communicator for communication with the user.
 
Method Summary
static String getCommunicator()
          Returns the default type of SURFCAHttps.SURFCACommunicator used for user interaction.
static boolean getShowSuccess()
          Getter method for the local private showSuccess.
 void initialize()
          method to initialize contact with the CA: this consists of sending the SHA1 hash of the CSR via a HTTP GET to a URL, constructed using the property "nl.nikhef.slcshttps.AUTH_URL", using a webbrowser, which then redirects via Shibboleth to a Shibboleth IdP.
 void initialize(String authURL)
          method to initialize contact with the CA: this consists of sending the SHA1 hash of the CSR via a HTTP GET to a URL, constructed using the parameter authURL using a webbrowser, which then redirects via Shibboleth to a Shibboleth IdP.
static String setCommunicator(String commInput)
          Sets the default SURFCAHttps.SURFCACommunicator to use for user interaction, the actual communicator used for new instances of SURFCAHttps can be overriden using the constructor SURFCAHttps(SURFCACommunicator).
static void setShowSuccess(boolean set)
          Setter method for the local private showSuccess.
 void storeCertificate()
          method to retrieve the certificate from the CA after successful authentication.
 void storeCertificate(boolean set)
          method to retrieve the certificate from the CA after successful authentication.
 void storeCertificate(String certURL)
          method to retrieve the certificate from the CA after successful authentication.
 void storeCertificate(String certURL, boolean set)
          method to retrieve the certificate from the CA after successful authentication.
 
Methods inherited from class nl.nikhef.slcshttps.CAHttps
getCAHttpsCertNo, getCAHttxCertNo, getCertificate, getMaskHttps, getSerialString, getUseHttps, getUseHttx, resetHttpsSSLSocketFactory, resetHttxSSLSocketFactory, resetSSLSocketFactory, setHttpsSSLSocketFactory, setHttxSSLSocketFactory, setSSLSocketFactory
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

COMMPROP

public static final String COMMPROP
Name of property defining which SURFCAHttps.SURFCACommunicator to use: "nl.nikhef.slcshttps.comm". Valid values of this property are

See Also:
setCommunicator(String), Constant Field Values

CERT_URL_PROPERTY

public static final String CERT_URL_PROPERTY
Name of property defining where to get the certificate from: "nl.nikhef.slcshttps.CERT_URL"; use for example "https://knikker.surfnet.nl/onlineca/x509.php" as its value.

See Also:
Constant Field Values

AUTH_URL_PROPERTY

public static final String AUTH_URL_PROPERTY
Name of property defining where to send the CSR hash to via webbrowser: "nl.nikhef.slcshttps.AUTH_URL"; use for example "https://knikker.surfnet.nl/onlineca/x509.php?hash=" or just "?hash=" as its value.

See Also:
Constant Field Values

AUTH_URL

public static final String AUTH_URL
URL to send the CSR hash to, its value is set using the property AUTH_URL_PROPERTY.


CERT_URL

public static final String CERT_URL
URL to send the CSR itself to, its value is be set using the property CERT_URL_PROPERTY.


commString

private static String commString
Contains the the value of the property "nl.nikhef.slcshttps.comm".

See Also:
getCommunicator()

defaultComm

private static SURFCAHttps.SURFCACommunicator defaultComm
The default SURFCAHttps.SURFCACommunicator to be used for new instances of SURFCAHttps, can be set using setCommunicator(String).


showSuccess

private static boolean showSuccess
Defines whether to acknowledge successful certificate import, download etc. Valid options are true or false. The default is same as the value in the superclass CAHttps.showSuccess which in turn is set by CAHttps.SUCCESS_PROP, but it can be overridden.

See Also:
getShowSuccess(), setShowSuccess(boolean)

comm

private SURFCAHttps.SURFCACommunicator comm
The SURFCAHttps.SURFCACommunicator to be used for this instance, either equal to defaultComm or set using the constructor SURFCAHttps(SURFCACommunicator).

Constructor Detail

SURFCAHttps

public SURFCAHttps()
            throws KeyStoreException
constructs a default SURFCAHttps object, which includes creation of a Certificate Signing Request (CSR).

Throws:
KeyStoreException - when initialization failed.
See Also:
SURFCAHttps(SURFCACommunicator)

SURFCAHttps

public SURFCAHttps(SURFCAHttps.SURFCACommunicator communicator)
            throws KeyStoreException
constructs a SURFCAHttps object and will use communicator for communication with the user.

Parameters:
communicator - SURFCAHttps.SURFCACommunicator to use for this SURFCAHttps instance.
Throws:
KeyStoreException - when initialization failed.

SURFCAHttps

public SURFCAHttps(PrintStream myErr,
                   PrintStream myOut,
                   InputStream myIn,
                   SURFCAHttps.SURFCACommunicator communicator)
            throws KeyStoreException
constructs a SURFCAHttps object and changes stdout/stdin to the streams specified.

Parameters:
myErr - use this stream instead of stderr, null for stderr
myOut - use this stream instead of stdout, null for stdout.
myIn - use this stream instead of stdin, null for stdin.
communicator - SURFCAHttps.SURFCACommunicator to use for this SURFCAHttps instance.
Throws:
KeyStoreException - when initialization failed.
Method Detail

initialize

public void initialize()
                throws IOException
method to initialize contact with the CA: this consists of sending the SHA1 hash of the CSR via a HTTP GET to a URL, constructed using the property "nl.nikhef.slcshttps.AUTH_URL", using a webbrowser, which then redirects via Shibboleth to a Shibboleth IdP. The actual URL consists of the value of "nl.nikhef.slcshttps.AUTH_URL" plus the CSR hash.

Throws:
IOException - if something has gone wrong
See Also:
initialize(String), SURFCAHttps.SURFCACommunicator

initialize

public void initialize(String authURL)
                throws IOException
method to initialize contact with the CA: this consists of sending the SHA1 hash of the CSR via a HTTP GET to a URL, constructed using the parameter authURL using a webbrowser, which then redirects via Shibboleth to a Shibboleth IdP. . The actual URL consists of the value of "nl.nikhef.slcshttps.AUTH_URL" plus the CSR hash.

Specified by:
initialize in class CAHttps
Parameters:
authURL - String representation of the base URL where to authenticate, the CSR hash will be added to this.
Throws:
IOException - if something has gone wrong
See Also:
SURFCAHttps.SURFCACommunicator, BareBonesBrowserLaunch

storeCertificate

public void storeCertificate()
                      throws IOException,
                             CertificateException,
                             KeyStoreException,
                             KeyManagementException
method to retrieve the certificate from the CA after successful authentication. It sends the full CSR, pemencoded. It expects as reply a pem encoded certificate, which will be stored in the internal CryptoStore. It uses the CERT_URL from the property "nl.nikhef.slcshttps.CERT_URL" to talk to and does NOT set the SSLSocketFactory.

Throws:
IOException
CertificateException
KeyStoreException
KeyManagementException
See Also:
storeCertificate(String,boolean)

storeCertificate

public void storeCertificate(boolean set)
                      throws IOException,
                             CertificateException,
                             KeyStoreException,
                             KeyManagementException
method to retrieve the certificate from the CA after successful authentication. It sends the full CSR, pemencoded. It expects as reply a pem encoded certificate, which will be stored in the internal CryptoStore. It uses the CERT_URL from the property "nl.nikhef.slcshttps.CERT_URL" to talk to and optionally sets the SSLSocketFactory.

Parameters:
set - boolean whether or not to set the SSLSocketFactory to use the just downloaded certificate.
Throws:
IOException
CertificateException
KeyStoreException
KeyManagementException - when setting the SSLSocketFactory fails
See Also:
storeCertificate(String,boolean)

storeCertificate

public void storeCertificate(String certURL)
                      throws IOException,
                             CertificateException,
                             KeyStoreException,
                             KeyManagementException
method to retrieve the certificate from the CA after successful authentication. It sends the full CSR, pemencoded. It expects as reply a pem encoded certificate, which will be stored in the internal CryptoStore. It uses the parameter certURL to talk to. It does not set the SSLSocketFactory.

Specified by:
storeCertificate in class CAHttps
Parameters:
certURL - URL to send the CSR to.
Throws:
IOException
CertificateException
KeyStoreException
KeyManagementException

storeCertificate

public void storeCertificate(String certURL,
                             boolean set)
                      throws IOException,
                             CertificateException,
                             KeyStoreException,
                             KeyManagementException
method to retrieve the certificate from the CA after successful authentication. It sends the full CSR, pemencoded. It expects as reply a pem encoded certificate, which will be stored in the internal CryptoStore. It uses the parameter certURL to talk to and optionally sets the SSLSocketFactory.

Parameters:
certURL - URL to send the CSR to.
set - boolean whether or not to set the SSLSocketFactory to use the just downloaded certificate.
Throws:
IOException
CertificateException
KeyStoreException
KeyManagementException - when setting the SSLSocketFactory fails

setCommunicator

public static String setCommunicator(String commInput)
Sets the default SURFCAHttps.SURFCACommunicator to use for user interaction, the actual communicator used for new instances of SURFCAHttps can be overriden using the constructor SURFCAHttps(SURFCACommunicator). It checks whether the requested method is possible, otherwise it uses the default "stdio".

Parameters:
commInput - String describing which type to use, valid values are
  • "stdio" - use stdio/stderr
  • "popup" - use (swing) popups
  • null - use default "stdio"
Returns:
String describing the actual type being used.
See Also:
getCommunicator()

getCommunicator

public static String getCommunicator()
Returns the default type of SURFCAHttps.SURFCACommunicator used for user interaction.

Returns:
String describing the type being used.
See Also:
setCommunicator(String)

setShowSuccess

public static void setShowSuccess(boolean set)
Setter method for the local private showSuccess.

Parameters:
set - boolean to put into private showSuccess field.
See Also:
CAHttps.SUCCESS_PROP, getShowSuccess()

getShowSuccess

public static boolean getShowSuccess()
Getter method for the local private showSuccess.

Returns:
boolean value of private field showSuccess.
See Also:
CAHttps.SUCCESS_PROP, setShowSuccess(boolean)


nl.nikhef.slcshttps Mischa Sallé - msalle(AT)nikhef.nl