|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnl.nikhef.slcshttps.CAHttps
nl.nikhef.slcshttps.SURFCAHttps
public class SURFCAHttps
Implementation of the abstract
CAHttps
for obtaining a
certificate from the SURFnet online CA.
This typically consists of calling
initialize()
- which start a webbrowser pointing to the
address set using the property "nl.nikhef.slcshttps.AUTH_URL" with a hash of the
Certificate Signing Request (CSR
).
storeCertificate()
- which sends the CSR
as a pemstring
to the address set using the property "nl.nikhef.slcshttps.CERT_URL".
CAHttps.setSSLSocketFactory()
- which sets the default SSLSocketFactory
to use the certificate for client side
authentication. This can be combined with the previous by using
storeCertificate(true)
.
Nested Class Summary | |
---|---|
(package private) static class |
SURFCAHttps.StdioComm
Implementation of a SURFCAHttps.SURFCACommunicator using simple text via
stdin/stderr/stdout. |
static interface |
SURFCAHttps.SURFCACommunicator
Interface for SURFCAHttps communication with the user. |
Field Summary | |
---|---|
static String |
AUTH_URL
URL to send the CSR hash to, its value is set using the property AUTH_URL_PROPERTY . |
static String |
AUTH_URL_PROPERTY
Name of property defining where to send the CSR hash to via webbrowser: "nl.nikhef.slcshttps.AUTH_URL"; use for example "https://knikker.surfnet.nl/onlineca/x509.php?hash=" or just
"?hash=" as its value. |
static String |
CERT_URL
URL to send the CSR itself to, its value is be set using the property CERT_URL_PROPERTY . |
static String |
CERT_URL_PROPERTY
Name of property defining where to get the certificate from: "nl.nikhef.slcshttps.CERT_URL"; use for example "https://knikker.surfnet.nl/onlineca/x509.php" as
its value. |
private SURFCAHttps.SURFCACommunicator |
comm
The SURFCAHttps.SURFCACommunicator to be used for this instance, either
equal to defaultComm or set using the constructor SURFCAHttps(SURFCACommunicator) . |
static String |
COMMPROP
Name of property defining which SURFCAHttps.SURFCACommunicator to use:
"nl.nikhef.slcshttps.comm". |
private static String |
commString
Contains the the value of the property "nl.nikhef.slcshttps.comm". |
private static SURFCAHttps.SURFCACommunicator |
defaultComm
The default SURFCAHttps.SURFCACommunicator to be used for new instances of
SURFCAHttps , can be set using setCommunicator(String) . |
private static boolean |
showSuccess
Defines whether to acknowledge successful certificate import, download etc. |
Fields inherited from class nl.nikhef.slcshttps.CAHttps |
---|
cryptoStore, HTTPS_PROP, SUCCESS_PROP |
Constructor Summary | |
---|---|
SURFCAHttps()
constructs a default SURFCAHttps object, which includes
creation of a Certificate Signing Request (CSR ). |
|
SURFCAHttps(PrintStream myErr,
PrintStream myOut,
InputStream myIn,
SURFCAHttps.SURFCACommunicator communicator)
constructs a SURFCAHttps object and changes
stdout/stdin to the streams specified. |
|
SURFCAHttps(SURFCAHttps.SURFCACommunicator communicator)
constructs a SURFCAHttps object and will use
communicator for communication with the user. |
Method Summary | |
---|---|
static String |
getCommunicator()
Returns the default type of SURFCAHttps.SURFCACommunicator used for user
interaction. |
static boolean |
getShowSuccess()
Getter method for the local private showSuccess . |
void |
initialize()
method to initialize contact with the CA: this consists of sending the SHA1 hash of the CSR via a HTTP GET to a URL, constructed using
the property "nl.nikhef.slcshttps.AUTH_URL", using a webbrowser, which then
redirects via Shibboleth to a Shibboleth IdP. |
void |
initialize(String authURL)
method to initialize contact with the CA: this consists of sending the SHA1 hash of the CSR via a HTTP GET to a URL, constructed using
the parameter authURL using a webbrowser, which then
redirects via Shibboleth to a Shibboleth IdP. |
static String |
setCommunicator(String commInput)
Sets the default SURFCAHttps.SURFCACommunicator to use for user interaction,
the actual communicator used for new instances of
SURFCAHttps can be overriden using the constructor SURFCAHttps(SURFCACommunicator) . |
static void |
setShowSuccess(boolean set)
Setter method for the local private showSuccess . |
void |
storeCertificate()
method to retrieve the certificate from the CA after successful authentication. |
void |
storeCertificate(boolean set)
method to retrieve the certificate from the CA after successful authentication. |
void |
storeCertificate(String certURL)
method to retrieve the certificate from the CA after successful authentication. |
void |
storeCertificate(String certURL,
boolean set)
method to retrieve the certificate from the CA after successful authentication. |
Methods inherited from class nl.nikhef.slcshttps.CAHttps |
---|
getCAHttpsCertNo, getCAHttxCertNo, getCertificate, getMaskHttps, getSerialString, getUseHttps, getUseHttx, resetHttpsSSLSocketFactory, resetHttxSSLSocketFactory, resetSSLSocketFactory, setHttpsSSLSocketFactory, setHttxSSLSocketFactory, setSSLSocketFactory |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String COMMPROP
SURFCAHttps.SURFCACommunicator
to use:
"nl.nikhef.slcshttps.comm". Valid values of this property are
"stdio"
use stdio/stderr
"popup"
use (swing) popups
setCommunicator(String)
,
Constant Field Valuespublic static final String CERT_URL_PROPERTY
"https://knikker.surfnet.nl/onlineca/x509.php"
as
its value.
public static final String AUTH_URL_PROPERTY
"https://knikker.surfnet.nl/onlineca/x509.php?hash="
or just
"?hash="
as its value.
public static final String AUTH_URL
AUTH_URL_PROPERTY
.
public static final String CERT_URL
CERT_URL_PROPERTY
.
private static String commString
getCommunicator()
private static SURFCAHttps.SURFCACommunicator defaultComm
SURFCAHttps.SURFCACommunicator
to be used for new instances of
SURFCAHttps
, can be set using setCommunicator(String)
.
private static boolean showSuccess
true
or false
. The default
is same as the value in the superclass CAHttps.showSuccess
which
in turn is set by CAHttps.SUCCESS_PROP
, but it can be overridden.
getShowSuccess()
,
setShowSuccess(boolean)
private SURFCAHttps.SURFCACommunicator comm
SURFCAHttps.SURFCACommunicator
to be used for this instance, either
equal to defaultComm
or set using the constructor SURFCAHttps(SURFCACommunicator)
.
Constructor Detail |
---|
public SURFCAHttps() throws KeyStoreException
SURFCAHttps
object, which includes
creation of a Certificate Signing Request (CSR
).
KeyStoreException
- when initialization failed.SURFCAHttps(SURFCACommunicator)
public SURFCAHttps(SURFCAHttps.SURFCACommunicator communicator) throws KeyStoreException
SURFCAHttps
object and will use
communicator
for communication with the user.
communicator
- SURFCAHttps.SURFCACommunicator
to use for this
SURFCAHttps instance.
KeyStoreException
- when initialization failed.public SURFCAHttps(PrintStream myErr, PrintStream myOut, InputStream myIn, SURFCAHttps.SURFCACommunicator communicator) throws KeyStoreException
SURFCAHttps
object and changes
stdout/stdin
to the streams specified.
myErr
- use this stream instead of stderr
,
null
for stderr
myOut
- use this stream instead of stdout
,
null
for stdout
.myIn
- use this stream instead of stdin
,
null
for stdin
.communicator
- SURFCAHttps.SURFCACommunicator
to use for this
SURFCAHttps instance.
KeyStoreException
- when initialization failed.Method Detail |
---|
public void initialize() throws IOException
CSR
via a HTTP GET to a URL, constructed using
the property "nl.nikhef.slcshttps.AUTH_URL", using a webbrowser, which then
redirects via Shibboleth to a Shibboleth IdP. The actual URL consists of
the value of "nl.nikhef.slcshttps.AUTH_URL" plus the CSR hash.
IOException
- if something has gone wronginitialize(String)
,
SURFCAHttps.SURFCACommunicator
public void initialize(String authURL) throws IOException
CSR
via a HTTP GET to a URL, constructed using
the parameter authURL
using a webbrowser, which then
redirects via Shibboleth to a Shibboleth IdP. . The actual URL consists of
the value of "nl.nikhef.slcshttps.AUTH_URL" plus the CSR hash.
initialize
in class CAHttps
authURL
- String
representation of the base URL where
to authenticate, the CSR hash will be added to this.
IOException
- if something has gone wrongSURFCAHttps.SURFCACommunicator
,
BareBonesBrowserLaunch
public void storeCertificate() throws IOException, CertificateException, KeyStoreException, KeyManagementException
CSR
, pemencoded. It expects as
reply a pem encoded certificate, which will be stored in the internal
CryptoStore
. It uses the CERT_URL
from the
property "nl.nikhef.slcshttps.CERT_URL" to talk to and does
NOT set the SSLSocketFactory
.
IOException
CertificateException
KeyStoreException
KeyManagementException
storeCertificate(String,boolean)
public void storeCertificate(boolean set) throws IOException, CertificateException, KeyStoreException, KeyManagementException
CSR
, pemencoded. It expects as
reply a pem encoded certificate, which will be stored in the internal
CryptoStore
. It uses the CERT_URL
from the
property "nl.nikhef.slcshttps.CERT_URL" to talk to and optionally sets
the SSLSocketFactory
.
set
- boolean
whether or not to set the
SSLSocketFactory
to use the just downloaded certificate.
IOException
CertificateException
KeyStoreException
KeyManagementException
- when setting the
SSLSocketFactory
failsstoreCertificate(String,boolean)
public void storeCertificate(String certURL) throws IOException, CertificateException, KeyStoreException, KeyManagementException
CSR
, pemencoded. It expects as
reply a pem encoded certificate, which will be stored in the internal
CryptoStore
. It uses the parameter certURL
to
talk to. It does not set the SSLSocketFactory
.
storeCertificate
in class CAHttps
certURL
- URL to send the CSR to.
IOException
CertificateException
KeyStoreException
KeyManagementException
public void storeCertificate(String certURL, boolean set) throws IOException, CertificateException, KeyStoreException, KeyManagementException
CSR
, pemencoded. It expects as
reply a pem encoded certificate, which will be stored in the internal
CryptoStore
. It uses the parameter certURL
to
talk to and optionally sets the SSLSocketFactory
.
certURL
- URL to send the CSR to.set
- boolean
whether or not to set the
SSLSocketFactory
to use the just downloaded certificate.
IOException
CertificateException
KeyStoreException
KeyManagementException
- when setting the
SSLSocketFactory
failspublic static String setCommunicator(String commInput)
SURFCAHttps.SURFCACommunicator
to use for user interaction,
the actual communicator used for new instances of
SURFCAHttps
can be overriden using the constructor SURFCAHttps(SURFCACommunicator)
.
It checks whether the requested method is possible, otherwise it uses the
default "stdio"
.
commInput
- String
describing which type to use, valid
values are
"stdio"
- use stdio/stderr
"popup"
- use (swing) popups
null
- use default "stdio"
getCommunicator()
public static String getCommunicator()
SURFCAHttps.SURFCACommunicator
used for user
interaction.
setCommunicator(String)
public static void setShowSuccess(boolean set)
showSuccess
.
set
- boolean
to put into private
showSuccess
field.CAHttps.SUCCESS_PROP
,
getShowSuccess()
public static boolean getShowSuccess()
showSuccess
.
boolean
value of private field
showSuccess
.CAHttps.SUCCESS_PROP
,
setShowSuccess(boolean)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
nl.nikhef.slcshttps | Mischa Sallé - msalle(AT)nikhef.nl |