Package org.eclipse.hono.util

Class AuthenticationConstants

  • public final class AuthenticationConstants
extends Object
    Constants related to authentication.

    • Field Detail

      • APPLICATION_PROPERTY_TYPE

        public static final String APPLICATION_PROPERTY_TYPE
        The name of the AMQP message application property holding the type of token contained in the body.
        See Also:
        Constant Field Values

      • ENDPOINT_NAME_AUTHENTICATION

        public static final String ENDPOINT_NAME_AUTHENTICATION
        The name of the authentication endpoint.
        See Also:
        Constant Field Values

      • EVENT_BUS_ADDRESS_AUTHENTICATION_IN

        public static final String EVENT_BUS_ADDRESS_AUTHENTICATION_IN
        The vert.x event bus address inbound authentication requests are published on.
        See Also:
        Constant Field Values

      • FIELD_AUTHORIZATION_ID

        public static final String FIELD_AUTHORIZATION_ID
        The name of the field containing the authorization ID granted as the result of a successful authentication.
        See Also:
        Constant Field Values

      • FIELD_MECHANISM

        public static final String FIELD_MECHANISM
        The name of the field containing the SASL mechanism used for authentication.
        See Also:
        Constant Field Values

      • FIELD_SASL_RESPONSE

        public static final String FIELD_SASL_RESPONSE
        The name of the field containing the SASL response the client has provided.
        See Also:
        Constant Field Values

      • FIELD_SUBJECT_DN

        public static final String FIELD_SUBJECT_DN
        The name of the field containing the Subject DN of the certificate the client has used for EXTERNAL auth.
        See Also:
        Constant Field Values

      • FIELD_TOKEN

        public static final String FIELD_TOKEN
        The name of the field containing the JSON Web Token representing an authenticated client and its authorities.
        See Also:
        Constant Field Values

      • QUALIFIER_AUTHENTICATION

        public static final String QUALIFIER_AUTHENTICATION
        The qualifier to use for referring to components scoped to authentication.
        See Also:
        Constant Field Values

      • TYPE_AMQP_JWT

        public static final String TYPE_AMQP_JWT
        The type indicating a JSON Web Token being contained in a message body.
        See Also:
        Constant Field Values

    • Method Detail

      • getAuthenticationRequest

        public static io.vertx.core.json.JsonObject getAuthenticationRequest​(String mechanism,
                                                                     byte[] saslResponse)
        Creates a message for authenticating a client using SASL.
        Parameters:
        mechanism - The SASL mechanism to use for authentication.
        saslResponse - The SASL response containing the authentication information provided by the client.
        Returns:
        the message to be sent to the AuthenticationService.
        Throws:
        NullPointerException - if any of the params is null.

      • getAuthenticationReply

        public static io.vertx.core.json.JsonObject getAuthenticationReply​(String token)
        Creates a message containing the JSON Web Token representing the successful authentication of a client.
        Parameters:
        token - The token containing the client's authorization ID and authorities as claims.
        Returns:
        The message.

      • getCommonName

        public static String getCommonName​(String subject)
        Extracts the Common Name (CN) from a subject Distinguished Name (DN).
        Parameters:
        subject - The distinguished name.
        Returns:
        The common name or null if the subject does not contain a CN.

      • parseSaslResponse

        public static String[] parseSaslResponse​(byte[] saslResponse)
                                  throws CredentialException
        Parses the SASL response and extracts the authzid, authcid and pwd from the response.

        The specification for the SASL PLAIN mechanism mandates the format of the credentials to be of the form: [authzid] UTF8NUL authcid UTF8NUL passwd.

        Parameters:
        saslResponse - The SASL response to parse.
        Returns:
        A String array containing the elements in the SASL response.
        Throws:
        CredentialException - If one of the elements (authzid, authcid and pwd) is missing from the SASL response or if the authcid or passwd element is empty.