org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator の継承関係図

org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator 連携図

公開メンバ関数
Response	errorResponse (int status, String error, String errorDescription)

void	action (AuthenticationFlowContext context)

CertificateValidator.CertificateValidatorBuilder	certificateValidationParameters (X509AuthenticatorConfigModel config) throws Exception

void	close ()

UserIdentityExtractor	getUserIdentityExtractor (X509AuthenticatorConfigModel config)

UserIdentityToModelMapper	getUserIdentityToModelMapper (X509AuthenticatorConfigModel config)

boolean	requiresUser ()

boolean	configuredFor (KeycloakSession session, RealmModel realm, UserModel user)

void	setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)

void	authenticate (AuthenticationFlowContext context)

静的公開変数類
static final String	DEFAULT_ATTRIBUTE_NAME = "usercertificate"

static final String	REGULAR_EXPRESSION = "x509-cert-auth.regular-expression"

static final String	ENABLE_CRL = "x509-cert-auth.crl-checking-enabled"

static final String	ENABLE_OCSP = "x509-cert-auth.ocsp-checking-enabled"

static final String	ENABLE_CRLDP = "x509-cert-auth.crldp-checking-enabled"

static final String	CRL_RELATIVE_PATH = "x509-cert-auth.crl-relative-path"

static final String	OCSPRESPONDER_URI = "x509-cert-auth.ocsp-responder-uri"

static final String	MAPPING_SOURCE_SELECTION = "x509-cert-auth.mapping-source-selection"

static final String	MAPPING_SOURCE_CERT_SUBJECTDN = "Match SubjectDN using regular expression"

static final String	MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL = "Subject's e-mail"

static final String	MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL = "Subject's Alternative Name E-mail"

static final String	MAPPING_SOURCE_CERT_SUBJECTDN_CN = "Subject's Common Name"

static final String	MAPPING_SOURCE_CERT_ISSUERDN = "Match IssuerDN using regular expression"

static final String	MAPPING_SOURCE_CERT_ISSUERDN_EMAIL = "Issuer's e-mail"

static final String	MAPPING_SOURCE_CERT_ISSUERDN_CN = "Issuer's Common Name"

static final String	MAPPING_SOURCE_CERT_SERIALNUMBER = "Certificate Serial Number"

static final String	USER_MAPPER_SELECTION = "x509-cert-auth.mapper-selection"

static final String	USER_ATTRIBUTE_MAPPER = "Custom Attribute Mapper"

static final String	USERNAME_EMAIL_MAPPER = "Username or Email"

static final String	CUSTOM_ATTRIBUTE_NAME = "x509-cert-auth.mapper-selection.user-attribute-name"

static final String	CERTIFICATE_KEY_USAGE = "x509-cert-auth.keyusage"

static final String	CERTIFICATE_EXTENDED_KEY_USAGE = "x509-cert-auth.extendedkeyusage"

static final String	CONFIRMATION_PAGE_DISALLOWED = "x509-cert-auth.confirmation-page-disallowed"

限定公開メンバ関数
Response	createInfoResponse (AuthenticationFlowContext context, String infoMessage, Object ... parameters)

X509Certificate []	getCertificateChain (AuthenticationFlowContext context)

静的限定公開変数類
static ServicesLogger	logger = ServicesLogger.LOGGER

静的変数
static final String	DEFAULT_MATCH_ALL_EXPRESSION = "(.*?)(?:$)"

詳解

著者: Peter Nalyvayko

バージョン

Revision: 1

日付: 7/31/2016

関数詳解

◆ action()

void org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator.action ( AuthenticationFlowContext context )

inline

org.keycloak.authentication.Authenticatorを実装しています。

                                                           {
 
     }

◆ authenticate()

void org.keycloak.authentication.Authenticator.authenticate ( AuthenticationFlowContext context )

inherited

Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to

/realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId}

or

/realms/{realm}/login-actions/registration?code={session-code}&execution={executionId}

{session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution().

The action URL will invoke the action() method described below.

引数

context

◆ certificateValidationParameters()

CertificateValidator.CertificateValidatorBuilder org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.certificateValidationParameters ( X509AuthenticatorConfigModel config ) throws Exception

inlineinherited

                                                                                                                                                   {
         return CertificateValidatorConfigBuilder.fromConfig(config);
     }

◆ close()

void org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.close ( )

inlineinherited

org.keycloak.provider.Providerを実装しています。

                         {
 
     }

◆ configuredFor()

boolean org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.configuredFor	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inlineinherited

org.keycloak.authentication.Authenticatorを実装しています。

                                                                                             {
         return true;
     }

◆ createInfoResponse()

Response org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.createInfoResponse	(	AuthenticationFlowContext	context,
		String	infoMessage,
		Object ...	parameters
	)

inlineprotectedinherited

                                                                                                                         {
         LoginFormsProvider form = context.form();
         return form.setInfo(infoMessage, parameters).createInfoPage();
     }

◆ errorResponse()

Response org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator.errorResponse	(	int	status,
		String	error,
		String	errorDescription
	)

inline

                                                                                      {
         Map<String, String> e = new HashMap<String, String>();
         e.put(OAuth2Constants.ERROR, error);
         if (errorDescription != null) {
             e.put(OAuth2Constants.ERROR_DESCRIPTION, errorDescription);
         }
         return Response.status(status).entity(e).type(MediaType.APPLICATION_JSON_TYPE).build();
     }

◆ getCertificateChain()

X509Certificate [] org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.getCertificateChain ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                                        {
         try {
             // Get a x509 client certificate
             X509ClientCertificateLookup provider = context.getSession().getProvider(X509ClientCertificateLookup.class);
             if (provider == null) {
                 logger.errorv("\"{0}\" Spi is not available, did you forget to update the configuration?",
                         X509ClientCertificateLookup.class);
                 return null;
             }
 
             X509Certificate[] certs = provider.getCertificateChain(context.getHttpRequest());
 
             if (certs != null) {
                 for (X509Certificate cert : certs) {
                     logger.tracev("\"{0}\"", cert.getSubjectDN().getName());
                 }
             }
 
             return certs;
         }
         catch (GeneralSecurityException e) {
             logger.error(e.getMessage(), e);
         }
         return null;
     }

◆ getUserIdentityExtractor()

UserIdentityExtractor org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.getUserIdentityExtractor ( X509AuthenticatorConfigModel config )

inlineinherited

                                                                                                {
         return UserIdentityExtractorBuilder.fromConfig(config);
     }

◆ getUserIdentityToModelMapper()

UserIdentityToModelMapper org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.getUserIdentityToModelMapper ( X509AuthenticatorConfigModel config )

inlineinherited

                                                                                                        {
         return UserIdentityToModelMapperBuilder.fromConfig(config);
     }

◆ requiresUser()

boolean org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.requiresUser ( )

inlineinherited

org.keycloak.authentication.Authenticatorを実装しています。

                                   {
         return false;
     }

◆ setRequiredActions()

void org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.setRequiredActions	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inlineinherited

org.keycloak.authentication.Authenticatorを実装しています。

240 {

241 }

メンバ詳解

◆ CERTIFICATE_EXTENDED_KEY_USAGE

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CERTIFICATE_EXTENDED_KEY_USAGE = "x509-cert-auth.extendedkeyusage"

staticinherited

◆ CERTIFICATE_KEY_USAGE

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CERTIFICATE_KEY_USAGE = "x509-cert-auth.keyusage"

staticinherited

◆ CONFIRMATION_PAGE_DISALLOWED

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CONFIRMATION_PAGE_DISALLOWED = "x509-cert-auth.confirmation-page-disallowed"

staticinherited

◆ CRL_RELATIVE_PATH

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CRL_RELATIVE_PATH = "x509-cert-auth.crl-relative-path"

staticinherited

◆ CUSTOM_ATTRIBUTE_NAME

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CUSTOM_ATTRIBUTE_NAME = "x509-cert-auth.mapper-selection.user-attribute-name"

staticinherited

◆ DEFAULT_ATTRIBUTE_NAME

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.DEFAULT_ATTRIBUTE_NAME = "usercertificate"

staticinherited

◆ DEFAULT_MATCH_ALL_EXPRESSION

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.DEFAULT_MATCH_ALL_EXPRESSION = "(.*?)(?:$)"

staticpackageinherited

◆ ENABLE_CRL

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.ENABLE_CRL = "x509-cert-auth.crl-checking-enabled"

staticinherited

◆ ENABLE_CRLDP

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.ENABLE_CRLDP = "x509-cert-auth.crldp-checking-enabled"

staticinherited

◆ ENABLE_OCSP

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.ENABLE_OCSP = "x509-cert-auth.ocsp-checking-enabled"

staticinherited

◆ logger

ServicesLogger org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.logger = ServicesLogger.LOGGER

staticprotectedinherited

◆ MAPPING_SOURCE_CERT_ISSUERDN

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_ISSUERDN = "Match IssuerDN using regular expression"

staticinherited

◆ MAPPING_SOURCE_CERT_ISSUERDN_CN

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_ISSUERDN_CN = "Issuer's Common Name"

staticinherited

◆ MAPPING_SOURCE_CERT_ISSUERDN_EMAIL

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_ISSUERDN_EMAIL = "Issuer's e-mail"

staticinherited

◆ MAPPING_SOURCE_CERT_SERIALNUMBER

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SERIALNUMBER = "Certificate Serial Number"

staticinherited

◆ MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL = "Subject's Alternative Name E-mail"

staticinherited

◆ MAPPING_SOURCE_CERT_SUBJECTDN

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SUBJECTDN = "Match SubjectDN using regular expression"

staticinherited

◆ MAPPING_SOURCE_CERT_SUBJECTDN_CN

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SUBJECTDN_CN = "Subject's Common Name"

staticinherited

◆ MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL = "Subject's e-mail"

staticinherited

◆ MAPPING_SOURCE_SELECTION

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_SELECTION = "x509-cert-auth.mapping-source-selection"

staticinherited

◆ OCSPRESPONDER_URI

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.OCSPRESPONDER_URI = "x509-cert-auth.ocsp-responder-uri"

staticinherited

◆ REGULAR_EXPRESSION

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.REGULAR_EXPRESSION = "x509-cert-auth.regular-expression"

staticinherited

◆ USER_ATTRIBUTE_MAPPER

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.USER_ATTRIBUTE_MAPPER = "Custom Attribute Mapper"

staticinherited

◆ USER_MAPPER_SELECTION

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.USER_MAPPER_SELECTION = "x509-cert-auth.mapper-selection"

staticinherited

◆ USERNAME_EMAIL_MAPPER

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.USERNAME_EMAIL_MAPPER = "Username or Email"

staticinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/authentication/authenticators/x509/AbstractX509ClientCertificateDirectGrantAuthenticator.java

公開メンバ関数

静的公開変数類

限定公開メンバ関数

静的限定公開変数類

静的変数

詳解

関数詳解

◆ action()

◆ authenticate()

◆ certificateValidationParameters()

◆ close()

◆ configuredFor()

◆ createInfoResponse()

◆ errorResponse()

◆ getCertificateChain()

◆ getUserIdentityExtractor()

◆ getUserIdentityToModelMapper()

◆ requiresUser()

◆ setRequiredActions()

メンバ詳解

◆ CERTIFICATE_EXTENDED_KEY_USAGE

◆ CERTIFICATE_KEY_USAGE

◆ CONFIRMATION_PAGE_DISALLOWED

◆ CRL_RELATIVE_PATH

◆ CUSTOM_ATTRIBUTE_NAME

◆ DEFAULT_ATTRIBUTE_NAME

◆ DEFAULT_MATCH_ALL_EXPRESSION

◆ ENABLE_CRL

◆ ENABLE_CRLDP

◆ ENABLE_OCSP

◆ logger

◆ MAPPING_SOURCE_CERT_ISSUERDN

◆ MAPPING_SOURCE_CERT_ISSUERDN_CN

◆ MAPPING_SOURCE_CERT_ISSUERDN_EMAIL

◆ MAPPING_SOURCE_CERT_SERIALNUMBER

◆ MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL

◆ MAPPING_SOURCE_CERT_SUBJECTDN

◆ MAPPING_SOURCE_CERT_SUBJECTDN_CN

◆ MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL

◆ MAPPING_SOURCE_SELECTION

◆ OCSPRESPONDER_URI

◆ REGULAR_EXPRESSION

◆ USER_ATTRIBUTE_MAPPER

◆ USER_MAPPER_SELECTION

◆ USERNAME_EMAIL_MAPPER