Examples of com.sun.security.auth.module.KeyStoreLoginModule

com.sun.security.auth.module.KeyStoreLoginModule
Provides a JAAS login module that prompts for a key store alias and populates the subject with the alias's principal and credentials. Stores an X500Principal for the subject distinguished name of the first certificate in the alias's credentials in the subject's principals, the alias's certificate path in the subject's public credentials, and a X500PrivateCredential whose certificate is the first certificate in the alias's certificate path and whose private key is the alias's private key in the subject's private credentials.
Recognizes the following options in the configuration file:

keyStoreURL

A URL that specifies the location of the key store. Defaults to a URL pointing to the .keystore file in the directory specified by the user.home system property. The input stream from this URL is passed to the KeyStore.load method. "NONE" may be specified if a null stream must be passed to the KeyStore.load method. "NONE" should be specified if the KeyStore resides on a hardware token device, for example.

keyStoreType

The key store type. If not specified, defaults to the result of calling KeyStore.getDefaultType(). If the type is "PKCS11", then keyStoreURL must be "NONE" and privateKeyPasswordURL must not be specified.

keyStoreProvider

The key store provider. If not specified, uses the standard search order to find the provider.

keyStoreAlias

The alias in the key store to login as. Required when no callback handler is provided. No default value.

keyStorePasswordURL

A URL that specifies the location of the key store password. Required when no callback handler is provided and protected is false. No default value.

privateKeyPasswordURL

A URL that specifies the location of the specific private key password needed to access the private key for this alias. The keystore password is used if this value is needed and not specified.

protected

This value should be set to "true" if the KeyStore has a separate, protected authentication path (for example, a dedicated PIN-pad attached to a smart card). Defaults to "false". If "true" keyStorePasswordURL and privateKeyPasswordURL must not be specified.


    private static void testInvalidOptions() throws Exception {


        // if keyStoreType is PKCS11, keyStoreURL must be NONE


        KeyStoreLoginModule m = new KeyStoreLoginModule();
        Subject s = new Subject();
        Map options = new HashMap();
        options.put(O_TYPE, P11KEYSTORE);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }


        // if keyStoreType is PKCS11, keyStoreURL is NONE,
        // then privateKeyPasswordURL must not be specified


        options = new HashMap();
        options.put(O_TYPE, P11KEYSTORE);
        options.put(O_URL, NONE);
        options.put(O_KPASS_URL, KPASS_URL);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }


        // if protected is true, keyStorePasswordURL must not be specified


        options = new HashMap();
        options.put(O_PPATH, "true");
        options.put(O_SPASS_URL, SPASS_URL);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }


        // if protected is true, privateKeyPasswordURL must not be specified


        options = new HashMap();
        options.put(O_PPATH, "true");
        options.put(O_KPASS_URL, KPASS_URL);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");

View Full Code Here


    private static void testNullCallbackHandler() throws Exception {


        // no options (missing alias)


        KeyStoreLoginModule m = new KeyStoreLoginModule();
        Subject s = new Subject();
        Map options = new HashMap();
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }


        // missing passwords


        options.put(O_ALIAS, ALIAS);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }


        // no private key password
        // (private key password is different from store password)


        options.put(O_SPASS_URL, SPASS_URL);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }


        // all necessary options
        // (private key password is different from store password)


        options.put(O_URL, URL);
        options.put(O_KPASS_URL, KPASS_URL);
        m.initialize(s, null, null, options);
        m.login();
        System.out.println("test " + testnum++ + " passed");
    }

View Full Code Here

        System.out.println("test " + testnum++ + " passed");
    }


    private static void testWithCallbackHandler() throws Exception {


        KeyStoreLoginModule m = new KeyStoreLoginModule();
        Subject s = new Subject();
        Map options = new HashMap();
        options.put(O_URL, URL);


        CallbackHandler goodHandler = new MyCallbackHandler(true);
        m.initialize(s, goodHandler, null, options);
        m.login();
        System.out.println("test " + testnum++ + " passed");


        CallbackHandler badHandler = new MyCallbackHandler(false);
        m.initialize(s, badHandler, null, options);
        try {
            m.login();
            throw new SecurityException("expected LoginException");
        } catch (LoginException le) {
            // good
            System.out.println("test " + testnum++ + " passed");
        }

View Full Code Here


    private static void testReadOnly() throws Exception {


        // setup


        KeyStoreLoginModule m = new KeyStoreLoginModule();
        Subject s = new Subject();
        Map options = new HashMap();
        options.put(O_URL, URL);
        options.put(O_ALIAS, ALIAS);
        options.put(O_SPASS_URL, SPASS_URL);
        options.put(O_KPASS_URL, KPASS_URL);
        m.initialize(s, null, null, options);


        // login first
        m.login();
        m.commit();
        System.out.println("test " + testnum++ + " passed");


        // test regular logout
        m.logout();
        if (s.getPrincipals().size() != 0) {
            throw new SecurityException("expected no principals");
        }
        if (s.getPublicCredentials().size() != 0) {
            throw new SecurityException("expected no public creds");
        }
        if (s.getPrivateCredentials().size() != 0) {
            throw new SecurityException("expected no private creds");
        }
        System.out.println("test " + testnum++ + " passed");


        // login again
        m.login();
        m.commit();
        System.out.println("test " + testnum++ + " passed");


        // set subject to read-only
        s.setReadOnly();


        // try to logout
        try {
            m.logout();
            throw new SecurityException("expected login exception");
        } catch (LoginException le) {
            // good
            System.out.println("test " + testnum++ + " passed");
        }

View Full Code Here

TOP

Related Classes of com.sun.security.auth.module.KeyStoreLoginModule

java.security.AuthProvider

java.security.Provider

javax.security.auth.login.FailedLoginException

javax.security.auth.callback.NameCallback

javax.security.auth.callback.PasswordCallback

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.