Module iu.util.auth.pki
Package iu.auth.pki

Class PkiVerifier

java.lang.Object
iu.auth.pki.PkiVerifier
All Implemented Interfaces:
IuAuthConfig, IuTrustedIssuer, PrincipalVerifier<PkiPrincipal>
public final class PkiVerifier extends Object implements PrincipalVerifier<PkiPrincipal>, IuTrustedIssuer
Verifies PkiPrincipal end-entity identities.

  • Constructor Details

    • PkiVerifier

      public PkiVerifier(IuPrivateKeyPrincipal pkp)
      Constructor.
      Parameters:
      pkp - private key principal

  • Method Details

    • getAuthScheme

      public String getAuthScheme()
      Description copied from interface: IuAuthConfig
      Gets the authorization scheme.
      Specified by:
      getAuthScheme in interface IuAuthConfig
      Returns:
      authorization scheme; null if the realm doesn't define authorization logic

    • getAuthenticationEndpoint

      public URI getAuthenticationEndpoint()
      Description copied from interface: IuAuthConfig
      Gets the authentication endpoint.

      This endpoint is responsible for authentication server interactions for an application module. This endpoint sets an authenticated session cookie and redirects the user to an application-specific entry point.

      Specified by:
      getAuthenticationEndpoint in interface IuAuthConfig
      Returns:
      authentication endpoint

    • getType

      public Class<PkiPrincipal> getType()
      Description copied from interface: PrincipalVerifier
      Gets the identity type.
      Specified by:
      getType in interface PrincipalVerifier<PkiPrincipal>
      Returns:
      identity type; must be a final implementation class

    • getRealm

      public String getRealm()
      Description copied from interface: IuAuthConfig
      Gets the authentication realm.
      Specified by:
      getRealm in interface IuAuthConfig
      Returns:
      authentication realm

    • isAuthoritative

      public boolean isAuthoritative()
      Description copied from interface: PrincipalVerifier
      Determines if this verifier is authoritative for the realm.
      Specified by:
      isAuthoritative in interface PrincipalVerifier<PkiPrincipal>
      Returns:
      true if the identity principal is managed by the authorization module, or verifiable through an established trust relationship with a remote authentication provider; false verification is based solely on an implicit trust relationship based on well-known information about the authentication provider.

    • verify

      public void verify(PkiPrincipal pki) throws IuAuthenticationException
      Description copied from interface: PrincipalVerifier
      Verifies a principal identity.
      Specified by:
      verify in interface PrincipalVerifier<PkiPrincipal>
      Parameters:
      pki - principal identity
      Throws:
      IuAuthenticationException - If the principal could not be verified

    • getPrincipal

      public PkiPrincipal getPrincipal(IuPrivateKeyPrincipal pkp)
      Description copied from interface: IuTrustedIssuer
      Gets a verifiable IuPrincipalIdentity that corresponds to a configured private key principal, if the private key was registered as trusted.

      If the private key is held locally by the incoming config, the principal returned by this method will verify as authoritative. If a certificate in the private key's well-known certificate chain is held, but not the private key itself, the principal returned will verify as non-authoritative.

      Specified by:
      getPrincipal in interface IuTrustedIssuer
      Parameters:
      pkp - private key principal configuration
      Returns:
      Verifiable IuPrincipalIdentity if trusted; else null

    • toString

      public String toString()
      Overrides:
      toString in class Object