View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.authentication;
15  
16  import java.io.IOException;
17  import java.security.Principal;
18  import java.security.cert.X509Certificate;
19  
20  import javax.servlet.ServletRequest;
21  import javax.servlet.ServletResponse;
22  import javax.servlet.http.HttpServletRequest;
23  import javax.servlet.http.HttpServletResponse;
24  
25  import org.eclipse.jetty.http.security.Constraint;
26  import org.eclipse.jetty.security.ServerAuthException;
27  import org.eclipse.jetty.security.UserAuthentication;
28  import org.eclipse.jetty.server.Authentication;
29  import org.eclipse.jetty.server.UserIdentity;
30  import org.eclipse.jetty.server.Authentication.User;
31  import org.eclipse.jetty.util.B64Code;
32  
33  /**
34   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
35   */
36  public class ClientCertAuthenticator extends LoginAuthenticator
37  {
38      public ClientCertAuthenticator()
39      {
40          super();
41      }
42  
43      public String getAuthMethod()
44      {
45          return Constraint.__CERT_AUTH;
46      }
47      
48      /**
49       * @return Authentication for request
50       * @throws ServerAuthException
51       */
52      public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
53      {
54          if (!mandatory)
55              return _deferred;
56          
57          HttpServletRequest request = (HttpServletRequest)req;
58          HttpServletResponse response = (HttpServletResponse)res;
59          X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
60  
61          try
62          {
63              // Need certificates.
64              if (certs != null && certs.length > 0)
65              {
66                  for (X509Certificate cert: certs)
67                  {
68                      if (cert==null)
69                          continue;
70                      Principal principal = cert.getSubjectDN();
71                      if (principal == null) principal = cert.getIssuerDN();
72                      final String username = principal == null ? "clientcert" : principal.getName();
73  
74                      final char[] credential = B64Code.encode(cert.getSignature());
75  
76                      UserIdentity user = _loginService.login(username,credential);
77                      if (user!=null)
78                      {
79                          renewSessionOnAuthentication(request,response);
80                          return new UserAuthentication(getAuthMethod(),user);
81                      }
82                  }
83              }
84                  
85              if (!_deferred.isDeferred(response))
86              {
87                  response.sendError(HttpServletResponse.SC_FORBIDDEN);
88                  return Authentication.SEND_FAILURE;
89              }
90              
91              return Authentication.UNAUTHENTICATED;
92          }
93          catch (IOException e)
94          {
95              throw new ServerAuthException(e.getMessage());
96          }
97      }
98  
99      public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
100     {
101         return true;
102     }
103 }