org.aselect.authspserver.authsp.pki
Class PKIAuthSP

java.lang.Object
  extended by javax.servlet.GenericServlet
      extended by javax.servlet.http.HttpServlet
          extended by org.aselect.authspserver.authsp.pki.PKIAuthSP
All Implemented Interfaces:
java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class PKIAuthSP
extends javax.servlet.http.HttpServlet

PKI AuthSP.

Description:
The PKI AuthSP implements PKI-based authentication for A-Select 1.4.1 through CA validation, Backend validation and optionally 2-Factor authentication.

Requirements:

Concurrency issues:
None

Author:
Alfa & Ariss
See Also:
Serialized Form

Field Summary
static java.lang.String MODULE
          The name of this module, that is used in the system logging.
 
Constructor Summary
PKIAuthSP()
           
 
Method Summary
 void destroy()
          Destroys the PKIManager with all its threads.
protected  void doGet(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)
          Entrypoint for handling the A-Select PKI AuthSP protocol requests.
protected  void doPost(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)
          Entrypoint for handling 2-Factor user input form.
 void handleAuthenticate(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)
          Handles the PKI authentication.
 void init(javax.servlet.ServletConfig oServletConfig)
          Initializes the PKI AuthSP

 void initHtmlTemplates()
          Initializes the HTML Templates.
 boolean validateBinaryBlob(java.lang.Object oConfig, java.lang.String sSubjectDn, java.security.cert.X509Certificate oClientCert)
          Validates the the binary blob of the incoming client certificate.
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service
 
Methods inherited from class javax.servlet.GenericServlet
getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MODULE

public static final java.lang.String MODULE
The name of this module, that is used in the system logging.

See Also:
Constant Field Values
Constructor Detail

PKIAuthSP

public PKIAuthSP()
Method Detail

init

public void init(javax.servlet.ServletConfig oServletConfig)
          throws javax.servlet.ServletException
Initializes the PKI AuthSP

Specified by:
init in interface javax.servlet.Servlet
Overrides:
init in class javax.servlet.GenericServlet
Throws:
javax.servlet.ServletException
See Also:
Servlet.init(javax.servlet.ServletConfig)

destroy

public void destroy()
Destroys the PKIManager with all its threads.

Specified by:
destroy in interface javax.servlet.Servlet
Overrides:
destroy in class javax.servlet.GenericServlet
See Also:
GenericServlet.destroy()

initHtmlTemplates

public void initHtmlTemplates()
                       throws javax.servlet.ServletException
Initializes the HTML Templates.

Description:
Initialize the Error and the Two Factor HTML Templates

Concurrency issues:
None

Preconditions:
None

Postconditions:
None

Throws:
javax.servlet.ServletException - when a template file can't be found or read.

doPost

protected void doPost(javax.servlet.http.HttpServletRequest servletRequest,
                      javax.servlet.http.HttpServletResponse servletResponse)
               throws javax.servlet.ServletException,
                      java.io.IOException
Entrypoint for handling 2-Factor user input form.

Overrides:
doPost in class javax.servlet.http.HttpServlet
Throws:
javax.servlet.ServletException
java.io.IOException
See Also:
HttpServlet.doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)

doGet

protected void doGet(javax.servlet.http.HttpServletRequest servletRequest,
                     javax.servlet.http.HttpServletResponse servletResponse)
              throws javax.servlet.ServletException
Entrypoint for handling the A-Select PKI AuthSP protocol requests.

Overrides:
doGet in class javax.servlet.http.HttpServlet
Throws:
javax.servlet.ServletException
See Also:
HttpServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)

handleAuthenticate

public void handleAuthenticate(javax.servlet.http.HttpServletRequest servletRequest,
                               javax.servlet.http.HttpServletResponse servletResponse)
                        throws javax.servlet.ServletException
Handles the PKI authentication.

Description:
After the request is handled by doGet and/or doPost and eventually 2-Factor authentication is handled successfully the PKI part of the authentication will be handled by this function

Concurrency issues:
-

Preconditions:
PKI AuthSP must be successfully initialized

Postconditions:

Parameters:
servletRequest - Incoming Request
servletResponse - Outgoing Response
Throws:
javax.servlet.ServletException - If something goes wrong with the handle result

validateBinaryBlob

public boolean validateBinaryBlob(java.lang.Object oConfig,
                                  java.lang.String sSubjectDn,
                                  java.security.cert.X509Certificate oClientCert)
                           throws ASelectException
Validates the the binary blob of the incoming client certificate.

Description:
Validates if the the binary blob of a client certificate is equals with the one stored in the back-end

Concurrency issues:
None

Preconditions:
oConfig != null, sSubjectDn != null oClientCertificate != null

Postconditions:
none

Parameters:
oConfig - The binary blob configuration
sSubjectDn - The Id used as index in the backend
oClientCert - The incoming client certificate
Returns:
true if oClientCert is equals with the one stored in the back-end
Throws:
ASelectException


Copyright © 2008 SURFnet BV. All Rights Reserved.