org.dcache.xrootd.plugins.authn.gsi

Class GSIServerRequestHandler

java.lang.Object

org.dcache.xrootd.plugins.authn.gsi.GSIRequestHandler

org.dcache.xrootd.plugins.authn.gsi.GSIServerRequestHandler

Direct Known Subclasses:

GSIPost49ServerRequestHandler, GSIPre49ServerRequestHandler

public abstract class GSIServerRequestHandler
extends GSIRequestHandler

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	GSIServerRequestHandler.CertRequestBuckets

Field Summary

Fields

Modifier and Type	Field and Description
protected static org.slf4j.Logger	LOGGER
protected Subject	subject

Fields inherited from class org.dcache.xrootd.plugins.authn.gsi.GSIRequestHandler

ASYNC_CIPHER_MODE, bufferHandler, challenge, CHALLENGE_BYTES, credentialManager, CRYPTO_MODE, CRYPTO_MODE_NO_PAD, dhSession, lastRequest, MAX_TIME_SKEW, noPadding, PROTO_PRE_DELEGATION, PROTO_WITH_DELEGATION, PROTOCOL, PROTOCOL_VERSION, PUBLIC_KEY_ALGORITHM, PUBLIC_KEY_FOOTER, PUBLIC_KEY_HEADER, RANDOM, rsaSession, SESSION_IV_DELIM, SESSION_IV_LEN, SUPPORTED_CIPHER_ALGORITHM, SUPPORTED_DIGESTS, SYNC_CIPHER_BLOCKSIZE, SYNC_CIPHER_MODE_PADDED, SYNC_CIPHER_MODE_UNPADDED, SYNC_CIPHER_NAME

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	GSIServerRequestHandler(Subject subject, GSICredentialManager credentialManager)

Method Summary

Modifier and Type	Method and Description
void	cancelHandshake()
BufferDecrypter	getDecrypter()
abstract XrootdResponse<AuthenticationRequest>	handleCertReqStep(AuthenticationRequest request)
protected XrootdResponse<AuthenticationRequest>	handleCertReqStep(AuthenticationRequest request, boolean signDHParams, XrootdSecurityProtocol.BucketType dhParamBucketType) Handle the kXGC_certreq step.
abstract XrootdResponse<AuthenticationRequest>	handleCertStep(AuthenticationRequest request)
abstract XrootdResponse<AuthenticationRequest>	handleSigPxyStep(AuthenticationRequest request)
abstract boolean	isFinished(AuthenticationRequest request)
protected String	validateCiphers(AuthenticationRequest request)
protected String	validateDigests(AuthenticationRequest request)

Methods inherited from class org.dcache.xrootd.plugins.authn.gsi.GSIRequestHandler

decryptMainBucketWithSessionKey, dhParams, extractChain, finalizeSessionKey, findSessionIVLen, generateChallengeString, getProtocolVersion, getSyncCipherMode, isRequestExpired, postProcessMainBucket, processRSAVerification, updateLastRequest, validateCiphers, validateCryptoMode, validateDigests, verifySignedRTag

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGGER

protected static org.slf4j.Logger LOGGER

subject

protected final Subject subject

Constructor Detail

GSIServerRequestHandler

protected GSIServerRequestHandler(Subject subject,
                                  GSICredentialManager credentialManager)
                           throws XrootdException

Throws:

XrootdException

Method Detail

getDecrypter

public BufferDecrypter getDecrypter()

cancelHandshake

public void cancelHandshake()

handleCertReqStep

public abstract XrootdResponse<AuthenticationRequest> handleCertReqStep(AuthenticationRequest request)
                                                                 throws XrootdException

Throws:

XrootdException

handleCertStep

public abstract XrootdResponse<AuthenticationRequest> handleCertStep(AuthenticationRequest request)
                                                              throws XrootdException

Throws:

XrootdException

handleSigPxyStep

public abstract XrootdResponse<AuthenticationRequest> handleSigPxyStep(AuthenticationRequest request)
                                                                throws XrootdException

Throws:

XrootdException

isFinished

public abstract boolean isFinished(AuthenticationRequest request)

handleCertReqStep

protected XrootdResponse<AuthenticationRequest> handleCertReqStep(AuthenticationRequest request,
                                                                  boolean signDHParams,
                                                                  XrootdSecurityProtocol.BucketType dhParamBucketType)
                                                           throws XrootdException

Handle the kXGC_certreq step. This step is basically unchanged between pre-4.9 and 4.9+ versions. Use host credential private key to encrypt challenge tag. Pass this along with DH parameters needed for symmetric key exchange, a list of supported symmetric ciphers and digests, to the client. Depending on the protocol implementation, the DH-parameters may or may not be signed using the RSA private key.

Parameters:

request - The received authentication request

signDHParams - if true, sign using RSA private key

dhParamBucketType - either kXRS_puk (pre-4.9) or kXRS_cipher (4.9+).

Returns:

AuthenticationResponse with kXR_authmore

Throws:

XrootdException

validateCiphers

protected String validateCiphers(AuthenticationRequest request)
                          throws XrootdException

Throws:

XrootdException

validateDigests

protected String validateDigests(AuthenticationRequest request)
                          throws XrootdException

Throws:

XrootdException