org.keycloak.services.x509.HaProxySslClientCertificateLookup の継承関係図

org.keycloak.services.x509.HaProxySslClientCertificateLookup 連携図

公開メンバ関数
	HaProxySslClientCertificateLookup (String sslCientCertHttpHeader, String sslCertChainHttpHeaderPrefix, int certificateChainLength)

void	close ()

X509Certificate []	getCertificateChain (HttpRequest httpRequest) throws GeneralSecurityException

限定公開メンバ関数
X509Certificate	decodeCertificateFromPem (String pem) throws PemException

X509Certificate	getCertificateFromHttpHeader (HttpRequest request, String httpHeader) throws GeneralSecurityException

限定公開変数類
final String	sslClientCertHttpHeader

final String	sslCertChainHttpHeaderPrefix

静的関数
static String	getHeaderValue (HttpRequest httpRequest, String headerName)

静的非公開変数類
static final Logger	logger = Logger.getLogger(HaProxySslClientCertificateLookup.class)

詳解

The provider allows to extract X.509 client certificate forwarded to the keycloak middleware configured behind the haproxy reverse proxy.

著者: Peter Nalyvayko

バージョン

Revision: 1

から: 3/27/2017

構築子と解体子

◆ HaProxySslClientCertificateLookup()

org.keycloak.services.x509.HaProxySslClientCertificateLookup.HaProxySslClientCertificateLookup	(	String	sslCientCertHttpHeader,
		String	sslCertChainHttpHeaderPrefix,
		int	certificateChainLength
	)

inline

                                                                          {
         super(sslCientCertHttpHeader, sslCertChainHttpHeaderPrefix, certificateChainLength);
     }

関数詳解

◆ close()

void org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookup.close ( )

inlineinherited

                         {
 
     }

◆ decodeCertificateFromPem()

X509Certificate org.keycloak.services.x509.HaProxySslClientCertificateLookup.decodeCertificateFromPem ( String pem ) throws PemException

inlineprotected

                                                                                        {
 
         if (pem == null) {
             return null;
         }
         return PemUtils.decodeCertificate(pem);
     }

◆ getCertificateChain()

X509Certificate [] org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookup.getCertificateChain ( HttpRequest httpRequest ) throws GeneralSecurityException

inlineinherited

org.keycloak.services.x509.X509ClientCertificateLookupを実装しています。

                                                                                                           {
         List<X509Certificate> chain = new ArrayList<>();
 
         // Get the client certificate
         X509Certificate cert = getCertificateFromHttpHeader(httpRequest, sslClientCertHttpHeader);
         if (cert != null) {
             chain.add(cert);
             // Get the certificate of the client certificate chain
             for (int i = 0; i < certificateChainLength; i++) {
                 try {
                     String s = String.format("%s_%s", sslCertChainHttpHeaderPrefix, i);
                     cert = getCertificateFromHttpHeader(httpRequest, s);
                     if (cert != null) {
                         chain.add(cert);
                     }
                 }
                 catch(GeneralSecurityException e) {
                     logger.warn(e.getMessage(), e);
                 }
             }
         }
         return chain.toArray(new X509Certificate[0]);
     }

◆ getCertificateFromHttpHeader()

X509Certificate org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookup.getCertificateFromHttpHeader	(	HttpRequest	request,
		String	httpHeader
	)		throws GeneralSecurityException

inlineprotectedinherited

                                                                                                                                    {
 
         String encodedCertificate = getHeaderValue(request, httpHeader);
 
         // Remove double quotes
         encodedCertificate = trimDoubleQuotes(encodedCertificate);
 
         if (encodedCertificate == null ||
                 encodedCertificate.trim().length() == 0) {
             logger.warnf("HTTP header \"%s\" is empty", httpHeader);
             return null;
         }
 
         try {
             X509Certificate cert = decodeCertificateFromPem(encodedCertificate);
             if (cert == null) {
                 logger.warnf("HTTP header \"%s\" does not contain a valid x.509 certificate\n%s",
                         httpHeader, encodedCertificate);
             } else {
                 logger.debugf("Found a valid x.509 certificate in \"%s\" HTTP header",
                         httpHeader);
             }
             return cert;
         }
         catch(PemException e) {
             logger.error(e.getMessage(), e);
             throw new GeneralSecurityException(e);
         }
     }

◆ getHeaderValue()

static String org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookup.getHeaderValue	(	HttpRequest	httpRequest,
		String	headerName
	)

inlinestaticpackageinherited

                                                                              {
         return httpRequest.getHttpHeaders().getRequestHeaders().getFirst(headerName);
     }

メンバ詳解

◆ logger

final Logger org.keycloak.services.x509.HaProxySslClientCertificateLookup.logger = Logger.getLogger(HaProxySslClientCertificateLookup.class)

staticprivate

◆ sslCertChainHttpHeaderPrefix

final String org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookup.sslCertChainHttpHeaderPrefix

protectedinherited

◆ sslClientCertHttpHeader

final String org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookup.sslClientCertHttpHeader

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/x509/HaProxySslClientCertificateLookup.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

静的関数

静的非公開変数類

詳解