keycloak-oidc-service
クラス | 公開メンバ関数 | 静的公開変数類 | 限定公開メンバ関数 | 静的限定公開変数類 | 静的変数 | 全メンバ一覧
org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator クラスabstract
org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator の継承関係図
Inheritance graph
org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator 連携図
Collaboration graph

クラス

class  CertificateValidatorConfigBuilder
 
class  UserIdentityExtractorBuilder
 
class  UserIdentityToModelMapperBuilder
 

公開メンバ関数

CertificateValidator.CertificateValidatorBuilder certificateValidationParameters (X509AuthenticatorConfigModel config) throws Exception
 
void close ()
 
UserIdentityExtractor getUserIdentityExtractor (X509AuthenticatorConfigModel config)
 
UserIdentityToModelMapper getUserIdentityToModelMapper (X509AuthenticatorConfigModel config)
 
boolean requiresUser ()
 
boolean configuredFor (KeycloakSession session, RealmModel realm, UserModel user)
 
void setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)
 
void authenticate (AuthenticationFlowContext context)
 
void action (AuthenticationFlowContext context)
 

静的公開変数類

static final String DEFAULT_ATTRIBUTE_NAME = "usercertificate"
 
static final String REGULAR_EXPRESSION = "x509-cert-auth.regular-expression"
 
static final String ENABLE_CRL = "x509-cert-auth.crl-checking-enabled"
 
static final String ENABLE_OCSP = "x509-cert-auth.ocsp-checking-enabled"
 
static final String ENABLE_CRLDP = "x509-cert-auth.crldp-checking-enabled"
 
static final String CRL_RELATIVE_PATH = "x509-cert-auth.crl-relative-path"
 
static final String OCSPRESPONDER_URI = "x509-cert-auth.ocsp-responder-uri"
 
static final String MAPPING_SOURCE_SELECTION = "x509-cert-auth.mapping-source-selection"
 
static final String MAPPING_SOURCE_CERT_SUBJECTDN = "Match SubjectDN using regular expression"
 
static final String MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL = "Subject's e-mail"
 
static final String MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL = "Subject's Alternative Name E-mail"
 
static final String MAPPING_SOURCE_CERT_SUBJECTDN_CN = "Subject's Common Name"
 
static final String MAPPING_SOURCE_CERT_ISSUERDN = "Match IssuerDN using regular expression"
 
static final String MAPPING_SOURCE_CERT_ISSUERDN_EMAIL = "Issuer's e-mail"
 
static final String MAPPING_SOURCE_CERT_ISSUERDN_CN = "Issuer's Common Name"
 
static final String MAPPING_SOURCE_CERT_SERIALNUMBER = "Certificate Serial Number"
 
static final String USER_MAPPER_SELECTION = "x509-cert-auth.mapper-selection"
 
static final String USER_ATTRIBUTE_MAPPER = "Custom Attribute Mapper"
 
static final String USERNAME_EMAIL_MAPPER = "Username or Email"
 
static final String CUSTOM_ATTRIBUTE_NAME = "x509-cert-auth.mapper-selection.user-attribute-name"
 
static final String CERTIFICATE_KEY_USAGE = "x509-cert-auth.keyusage"
 
static final String CERTIFICATE_EXTENDED_KEY_USAGE = "x509-cert-auth.extendedkeyusage"
 
static final String CONFIRMATION_PAGE_DISALLOWED = "x509-cert-auth.confirmation-page-disallowed"
 

限定公開メンバ関数

Response createInfoResponse (AuthenticationFlowContext context, String infoMessage, Object ... parameters)
 
X509Certificate [] getCertificateChain (AuthenticationFlowContext context)
 

静的限定公開変数類

static ServicesLogger logger = ServicesLogger.LOGGER
 

静的変数

static final String DEFAULT_MATCH_ALL_EXPRESSION = "(.*?)(?:$)"
 

詳解

著者
Peter Nalyvayko
バージョン
Revision
1
日付
7/31/2016

関数詳解

◆ action()

void org.keycloak.authentication.Authenticator.action ( AuthenticationFlowContext  context)
inherited

Called from a form action invocation.

引数
context

org.keycloak.authentication.authenticators.x509.X509ClientCertificateAuthenticator, org.keycloak.authentication.authenticators.x509.ValidateX509CertificateUsername, org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator, org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail, org.keycloak.authentication.authenticators.cli.CliUsernamePasswordAuthenticator, org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator, org.keycloak.authentication.authenticators.console.ConsoleUsernamePasswordAuthenticator, org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator, org.keycloak.authentication.authenticators.resetcred.ResetCredentialChooseUser, org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator, org.keycloak.authentication.authenticators.browser.CookieAuthenticator, org.keycloak.authentication.authenticators.challenge.NoCookieFlowRedirectAuthenticator, org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator, org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator, org.keycloak.authentication.authenticators.console.ConsoleOTPFormAuthenticator, org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator, org.keycloak.authentication.authenticators.resetcred.AbstractSetRequiredActionAuthenticator, org.keycloak.authentication.authenticators.browser.UsernamePasswordForm, org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator, org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator, org.keycloak.authentication.authenticators.AttemptedAuthenticator (計21項目)で実装されています。

◆ authenticate()

void org.keycloak.authentication.Authenticator.authenticate ( AuthenticationFlowContext  context)
inherited

Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to

/realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId}

or

/realms/{realm}/login-actions/registration?code={session-code}&execution={executionId}

{session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution().

The action URL will invoke the action() method described below.

引数
context

org.keycloak.authentication.authenticators.browser.ConditionalOtpFormAuthenticator, org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator, org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator, org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator, org.keycloak.authentication.authenticators.browser.UsernamePasswordForm, org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail, org.keycloak.authentication.authenticators.console.ConsoleOTPFormAuthenticator, org.keycloak.authentication.authenticators.console.ConsoleUsernamePasswordAuthenticator, org.keycloak.authentication.authenticators.x509.X509ClientCertificateAuthenticator, org.keycloak.authentication.authenticators.resetcred.ResetCredentialChooseUser, org.keycloak.authentication.authenticators.directgrant.ValidateUsername, org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator, org.keycloak.authentication.authenticators.cli.CliUsernamePasswordAuthenticator, org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator, org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator, org.keycloak.authentication.authenticators.directgrant.ValidateOTP, org.keycloak.authentication.authenticators.directgrant.ValidatePassword, org.keycloak.authentication.authenticators.x509.ValidateX509CertificateUsername, org.keycloak.authentication.authenticators.challenge.NoCookieFlowRedirectAuthenticator, org.keycloak.authentication.authenticators.browser.CookieAuthenticator, org.keycloak.authentication.authenticators.resetcred.ResetPassword, org.keycloak.authentication.authenticators.resetcred.ResetOTP, org.keycloak.authentication.authenticators.AttemptedAuthenticator (計23項目)で実装されています。

◆ certificateValidationParameters()

CertificateValidator.CertificateValidatorBuilder org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.certificateValidationParameters ( X509AuthenticatorConfigModel  config) throws Exception
inline
101  {
102  return CertificateValidatorConfigBuilder.fromConfig(config);
103  }

◆ close()

void org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.close ( )
inline

org.keycloak.provider.Providerを実装しています。

192  {
193 
194  }

◆ configuredFor()

boolean org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.configuredFor ( KeycloakSession  session,
RealmModel  realm,
UserModel  user 
)
inline

org.keycloak.authentication.Authenticatorを実装しています。

235  {
236  return true;
237  }

◆ createInfoResponse()

Response org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.createInfoResponse ( AuthenticationFlowContext  context,
String  infoMessage,
Object ...  parameters 
)
inlineprotected
76  {
77  LoginFormsProvider form = context.form();
78  return form.setInfo(infoMessage, parameters).createInfoPage();
79  }

◆ getCertificateChain()

X509Certificate [] org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.getCertificateChain ( AuthenticationFlowContext  context)
inlineprotected
196  {
197  try {
198  // Get a x509 client certificate
199  X509ClientCertificateLookup provider = context.getSession().getProvider(X509ClientCertificateLookup.class);
200  if (provider == null) {
201  logger.errorv("\"{0}\" Spi is not available, did you forget to update the configuration?",
202  X509ClientCertificateLookup.class);
203  return null;
204  }
205 
206  X509Certificate[] certs = provider.getCertificateChain(context.getHttpRequest());
207 
208  if (certs != null) {
209  for (X509Certificate cert : certs) {
210  logger.tracev("\"{0}\"", cert.getSubjectDN().getName());
211  }
212  }
213 
214  return certs;
215  }
216  catch (GeneralSecurityException e) {
217  logger.error(e.getMessage(), e);
218  }
219  return null;
220  }
org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.logger
static ServicesLogger logger
Definition: AbstractX509ClientCertificateAuthenticator.java:49

◆ getUserIdentityExtractor()

UserIdentityExtractor org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.getUserIdentityExtractor ( X509AuthenticatorConfigModel  config)
inline
222  {
223  return UserIdentityExtractorBuilder.fromConfig(config);
224  }

◆ getUserIdentityToModelMapper()

UserIdentityToModelMapper org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.getUserIdentityToModelMapper ( X509AuthenticatorConfigModel  config)
inline
226  {
227  return UserIdentityToModelMapperBuilder.fromConfig(config);
228  }

◆ requiresUser()

boolean org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.requiresUser ( )
inline

org.keycloak.authentication.Authenticatorを実装しています。

230  {
231  return false;
232  }

◆ setRequiredActions()

void org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.setRequiredActions ( KeycloakSession  session,
RealmModel  realm,
UserModel  user 
)
inline

org.keycloak.authentication.Authenticatorを実装しています。

240  {
241  }

メンバ詳解

◆ CERTIFICATE_EXTENDED_KEY_USAGE

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CERTIFICATE_EXTENDED_KEY_USAGE = "x509-cert-auth.extendedkeyusage"
static

◆ CERTIFICATE_KEY_USAGE

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CERTIFICATE_KEY_USAGE = "x509-cert-auth.keyusage"
static

◆ CONFIRMATION_PAGE_DISALLOWED

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CONFIRMATION_PAGE_DISALLOWED = "x509-cert-auth.confirmation-page-disallowed"
static

◆ CRL_RELATIVE_PATH

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CRL_RELATIVE_PATH = "x509-cert-auth.crl-relative-path"
static

◆ CUSTOM_ATTRIBUTE_NAME

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.CUSTOM_ATTRIBUTE_NAME = "x509-cert-auth.mapper-selection.user-attribute-name"
static

◆ DEFAULT_ATTRIBUTE_NAME

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.DEFAULT_ATTRIBUTE_NAME = "usercertificate"
static

◆ DEFAULT_MATCH_ALL_EXPRESSION

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.DEFAULT_MATCH_ALL_EXPRESSION = "(.*?)(?:$)"
staticpackage

◆ ENABLE_CRL

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.ENABLE_CRL = "x509-cert-auth.crl-checking-enabled"
static

◆ ENABLE_CRLDP

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.ENABLE_CRLDP = "x509-cert-auth.crldp-checking-enabled"
static

◆ ENABLE_OCSP

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.ENABLE_OCSP = "x509-cert-auth.ocsp-checking-enabled"
static

◆ logger

ServicesLogger org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.logger = ServicesLogger.LOGGER
staticprotected

◆ MAPPING_SOURCE_CERT_ISSUERDN

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_ISSUERDN = "Match IssuerDN using regular expression"
static

◆ MAPPING_SOURCE_CERT_ISSUERDN_CN

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_ISSUERDN_CN = "Issuer's Common Name"
static

◆ MAPPING_SOURCE_CERT_ISSUERDN_EMAIL

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_ISSUERDN_EMAIL = "Issuer's e-mail"
static

◆ MAPPING_SOURCE_CERT_SERIALNUMBER

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SERIALNUMBER = "Certificate Serial Number"
static

◆ MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL = "Subject's Alternative Name E-mail"
static

◆ MAPPING_SOURCE_CERT_SUBJECTDN

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SUBJECTDN = "Match SubjectDN using regular expression"
static

◆ MAPPING_SOURCE_CERT_SUBJECTDN_CN

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SUBJECTDN_CN = "Subject's Common Name"
static

◆ MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL = "Subject's e-mail"
static

◆ MAPPING_SOURCE_SELECTION

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.MAPPING_SOURCE_SELECTION = "x509-cert-auth.mapping-source-selection"
static

◆ OCSPRESPONDER_URI

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.OCSPRESPONDER_URI = "x509-cert-auth.ocsp-responder-uri"
static

◆ REGULAR_EXPRESSION

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.REGULAR_EXPRESSION = "x509-cert-auth.regular-expression"
static

◆ USER_ATTRIBUTE_MAPPER

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.USER_ATTRIBUTE_MAPPER = "Custom Attribute Mapper"
static

◆ USER_MAPPER_SELECTION

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.USER_MAPPER_SELECTION = "x509-cert-auth.mapper-selection"
static

◆ USERNAME_EMAIL_MAPPER

final String org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator.USERNAME_EMAIL_MAPPER = "Username or Email"
static
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時17分16秒作成 - keycloak-oidc-service / 構成:   doxygen 1.8.13