public class X509AuthenticationProvider extends Object implements AuthenticationProvider
zookeeper.ssl.keyStore.location
zookeeper.ssl.trustStore.location
zookeeper.ssl.keyStore.password
zookeeper.ssl.trustStore.password
| Constructor and Description |
|---|
X509AuthenticationProvider()
Initialize the X509AuthenticationProvider with a JKS KeyStore and JKS
TrustStore according to the following system properties:
zookeeper.ssl.keyStore.location
zookeeper.ssl.trustStore.location
zookeeper.ssl.keyStore.password
zookeeper.ssl.trustStore.password |
X509AuthenticationProvider(X509TrustManager trustManager,
X509KeyManager keyManager)
Initialize the X509AuthenticationProvider with the provided
X509TrustManager and X509KeyManager.
|
| Modifier and Type | Method and Description |
|---|---|
protected String |
getClientId(X509Certificate clientCert)
Determine the string to be used as the remote host session Id for
authorization purposes.
|
X509KeyManager |
getKeyManager()
Get the X509KeyManager implementation used for certificate management.
|
String |
getScheme()
The String used to represent this provider.
|
X509TrustManager |
getTrustManager()
Get the X509TrustManager implementation used for remote host
authentication.
|
KeeperException.Code |
handleAuthentication(ServerCnxn cnxn,
byte[] authData)
This method is called when a client passes authentication data for this
scheme.
|
boolean |
isAuthenticated()
This method is used to check if the authentication done by this provider
should be used to identify the creator of a node.
|
boolean |
isValid(String id)
Validates the syntax of an id.
|
boolean |
matches(String id,
String aclExpr)
This method is called to see if the given id matches the given id
expression in the ACL.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetUserNamepublic X509AuthenticationProvider()
throws X509Exception
zookeeper.ssl.keyStore.location
zookeeper.ssl.trustStore.location
zookeeper.ssl.keyStore.password
zookeeper.ssl.trustStore.passwordX509Exceptionpublic X509AuthenticationProvider(X509TrustManager trustManager, X509KeyManager keyManager)
trustManager - X509TrustManager implementation to use for remote
host authentication.keyManager - X509KeyManager implementation to use for certificate
management.public String getScheme()
AuthenticationProvidergetScheme in interface AuthenticationProviderpublic KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData)
AuthenticationProviderhandleAuthentication in interface AuthenticationProvidercnxn - the cnxn that received the authentication information.authData - the authentication data received.protected String getClientId(X509Certificate clientCert)
clientCert - Authenticated X509Certificate associated with the
remote host.public boolean matches(String id, String aclExpr)
AuthenticationProvidermatches in interface AuthenticationProviderid - the id to check.aclExpr - the expression to match ids against.public boolean isAuthenticated()
AuthenticationProviderisAuthenticated in interface AuthenticationProviderpublic boolean isValid(String id)
AuthenticationProviderisValid in interface AuthenticationProviderid - the id to validate.public X509TrustManager getTrustManager() throws X509Exception.TrustManagerException
X509Exception.TrustManagerException - When there is no trust manager available.public X509KeyManager getKeyManager() throws X509Exception.KeyManagerException
X509Exception.KeyManagerException - When there is no key manager available.Copyright © 2008–2021 The Apache Software Foundation. All rights reserved.