Class GSIServerRequestHandler
- java.lang.Object
-
- org.dcache.xrootd.plugins.authn.gsi.GSIRequestHandler
-
- org.dcache.xrootd.plugins.authn.gsi.GSIServerRequestHandler
-
- Direct Known Subclasses:
GSIPost49ServerRequestHandler,GSIPre49ServerRequestHandler
public abstract class GSIServerRequestHandler extends GSIRequestHandler
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected classGSIServerRequestHandler.CertRequestBuckets
-
Field Summary
Fields Modifier and Type Field Description protected static org.slf4j.LoggerLOGGERprotected javax.security.auth.Subjectsubject-
Fields inherited from class org.dcache.xrootd.plugins.authn.gsi.GSIRequestHandler
ASYNC_CIPHER_MODE, bufferHandler, CERT_AUTH_KEY, challenge, CHALLENGE_BYTES, credentialManager, CRYPTO_MODE, CRYPTO_MODE_NO_PAD, dhSession, ENCRYPTION_KEY, lastRequest, MAX_TIME_SKEW, noPadding, PROTO_PRE_DELEGATION, PROTO_WITH_DELEGATION, PROTOCOL, PROTOCOL_VERSION, PUBLIC_KEY_ALGORITHM, PUBLIC_KEY_FOOTER, PUBLIC_KEY_HEADER, RANDOM, rsaSession, SESSION_IV_DELIM, SESSION_IV_LEN, SUPPORTED_CIPHER_ALGORITHM, SUPPORTED_DIGESTS, SYNC_CIPHER_BLOCKSIZE, SYNC_CIPHER_MODE_PADDED, SYNC_CIPHER_MODE_UNPADDED, SYNC_CIPHER_NAME, VERSION_KEY
-
-
Constructor Summary
Constructors Modifier Constructor Description protectedGSIServerRequestHandler(javax.security.auth.Subject subject, GSICredentialManager credentialManager)
-
Method Summary
-
Methods inherited from class org.dcache.xrootd.plugins.authn.gsi.GSIRequestHandler
decryptMainBucketWithSessionKey, dhParams, extractChain, finalizeSessionKey, findSessionIVLen, generateChallengeString, getProtocolVersion, getSyncCipherMode, isRequestExpired, postProcessMainBucket, processRSAVerification, updateLastRequest, validateCiphers, validateCryptoMode, validateDigests, verifySignedRTag
-
-
-
-
Constructor Detail
-
GSIServerRequestHandler
protected GSIServerRequestHandler(javax.security.auth.Subject subject, GSICredentialManager credentialManager) throws XrootdException- Throws:
XrootdException
-
-
Method Detail
-
getDecrypter
public BufferDecrypter getDecrypter()
-
cancelHandshake
public void cancelHandshake()
-
handleCertReqStep
public abstract XrootdResponse<AuthenticationRequest> handleCertReqStep(AuthenticationRequest request, GSIBucketUtils.BucketData data) throws XrootdException
- Throws:
XrootdException
-
handleCertStep
public abstract XrootdResponse<AuthenticationRequest> handleCertStep(AuthenticationRequest request, GSIBucketUtils.BucketData data) throws XrootdException
- Throws:
XrootdException
-
handleSigPxyStep
public abstract XrootdResponse<AuthenticationRequest> handleSigPxyStep(AuthenticationRequest request, GSIBucketUtils.BucketData data) throws XrootdException
- Throws:
XrootdException
-
isFinished
public abstract boolean isFinished(GSIBucketUtils.BucketData data)
-
handleCertReqStep
protected XrootdResponse<AuthenticationRequest> handleCertReqStep(AuthenticationRequest request, GSIBucketUtils.BucketData data, boolean signDHParams, XrootdSecurityProtocol.BucketType dhParamBucketType) throws XrootdException
Handle the kXGC_certreq step. This step is basically unchanged between pre-4.9 and 4.9+ versions. Use host credential private key to encrypt challenge tag. Pass this along with DH parameters needed for symmetric key exchange, a list of supported symmetric ciphers and digests, to the client. Depending on the protocol implementation, the DH-parameters may or may not be signed using the RSA private key.- Parameters:
request- The received authentication requestdata- Parsed bucketssignDHParams- if true, sign using RSA private keydhParamBucketType- either kXRS_puk (pre-4.9) or kXRS_cipher (4.9+).- Returns:
- AuthenticationResponse with kXR_authmore
- Throws:
XrootdException
-
validateCiphers
protected java.lang.String validateCiphers(java.util.Map<XrootdSecurityProtocol.BucketType,GSIBucket> map) throws XrootdException
- Throws:
XrootdException
-
validateDigests
protected java.lang.String validateDigests(java.util.Map<XrootdSecurityProtocol.BucketType,GSIBucket> map) throws XrootdException
- Throws:
XrootdException
-
-