Package org.eclipse.hono.util
Class AuthenticationConstants
- java.lang.Object
-
- org.eclipse.hono.util.AuthenticationConstants
-
public final class AuthenticationConstants extends Object
Constants related to authentication.
-
-
Field Summary
Fields Modifier and Type Field Description static String
APPLICATION_PROPERTY_TYPE
The name of the AMQP message application property holding the type of token contained in the body.static String
ENDPOINT_NAME_AUTHENTICATION
The name of the authentication endpoint.static String
EVENT_BUS_ADDRESS_AUTHENTICATION_IN
The vert.x event bus address inbound authentication requests are published on.static String
FIELD_AUTHORIZATION_ID
The name of the field containing the authorization ID granted as the result of a successful authentication.static String
FIELD_MECHANISM
The name of the field containing the SASL mechanism used for authentication.static String
FIELD_SASL_RESPONSE
The name of the field containing the SASL response the client has provided.static String
FIELD_SUBJECT_DN
The name of the field containing the Subject DN of the certificate the client has used for EXTERNAL auth.static String
FIELD_TOKEN
The name of the field containing the JSON Web Token representing an authenticated client and its authorities.static String
MECHANISM_EXTERNAL
The EXTERNAL SASL mechanism name.static String
MECHANISM_PLAIN
The PLAIN SASL mechanism name.static String
QUALIFIER_AUTHENTICATION
The qualifier to use for referring to components scoped to authentication.static String
TYPE_AMQP_JWT
The type indicating a JSON Web Token being contained in a message body.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static io.vertx.core.json.JsonObject
getAuthenticationReply(String token)
Creates a message containing the JSON Web Token representing the successful authentication of a client.static io.vertx.core.json.JsonObject
getAuthenticationRequest(String mechanism, byte[] saslResponse)
Creates a message for authenticating a client using SASL.static String
getCommonName(String subject)
Extracts the Common Name (CN) from a subject Distinguished Name (DN).static String[]
parseSaslResponse(byte[] saslResponse)
Parses the SASL response and extracts the authzid, authcid and pwd from the response.
-
-
-
Field Detail
-
APPLICATION_PROPERTY_TYPE
public static final String APPLICATION_PROPERTY_TYPE
The name of the AMQP message application property holding the type of token contained in the body.- See Also:
- Constant Field Values
-
ENDPOINT_NAME_AUTHENTICATION
public static final String ENDPOINT_NAME_AUTHENTICATION
The name of the authentication endpoint.- See Also:
- Constant Field Values
-
EVENT_BUS_ADDRESS_AUTHENTICATION_IN
public static final String EVENT_BUS_ADDRESS_AUTHENTICATION_IN
The vert.x event bus address inbound authentication requests are published on.- See Also:
- Constant Field Values
-
FIELD_AUTHORIZATION_ID
public static final String FIELD_AUTHORIZATION_ID
The name of the field containing the authorization ID granted as the result of a successful authentication.- See Also:
- Constant Field Values
-
FIELD_MECHANISM
public static final String FIELD_MECHANISM
The name of the field containing the SASL mechanism used for authentication.- See Also:
- Constant Field Values
-
FIELD_SASL_RESPONSE
public static final String FIELD_SASL_RESPONSE
The name of the field containing the SASL response the client has provided.- See Also:
- Constant Field Values
-
FIELD_SUBJECT_DN
public static final String FIELD_SUBJECT_DN
The name of the field containing the Subject DN of the certificate the client has used for EXTERNAL auth.- See Also:
- Constant Field Values
-
FIELD_TOKEN
public static final String FIELD_TOKEN
The name of the field containing the JSON Web Token representing an authenticated client and its authorities.- See Also:
- Constant Field Values
-
MECHANISM_PLAIN
public static final String MECHANISM_PLAIN
The PLAIN SASL mechanism name.- See Also:
- Constant Field Values
-
MECHANISM_EXTERNAL
public static final String MECHANISM_EXTERNAL
The EXTERNAL SASL mechanism name.- See Also:
- Constant Field Values
-
QUALIFIER_AUTHENTICATION
public static final String QUALIFIER_AUTHENTICATION
The qualifier to use for referring to components scoped to authentication.- See Also:
- Constant Field Values
-
TYPE_AMQP_JWT
public static final String TYPE_AMQP_JWT
The type indicating a JSON Web Token being contained in a message body.- See Also:
- Constant Field Values
-
-
Method Detail
-
getAuthenticationRequest
public static io.vertx.core.json.JsonObject getAuthenticationRequest(String mechanism, byte[] saslResponse)
Creates a message for authenticating a client using SASL.- Parameters:
mechanism
- The SASL mechanism to use for authentication.saslResponse
- The SASL response containing the authentication information provided by the client.- Returns:
- the message to be sent to the
AuthenticationService
. - Throws:
NullPointerException
- if any of the params isnull
.
-
getAuthenticationReply
public static io.vertx.core.json.JsonObject getAuthenticationReply(String token)
Creates a message containing the JSON Web Token representing the successful authentication of a client.- Parameters:
token
- The token containing the client's authorization ID and authorities as claims.- Returns:
- The message.
-
getCommonName
public static String getCommonName(String subject)
Extracts the Common Name (CN) from a subject Distinguished Name (DN).- Parameters:
subject
- The distinguished name.- Returns:
- The common name or
null
if the subject does not contain a CN.
-
parseSaslResponse
public static String[] parseSaslResponse(byte[] saslResponse) throws CredentialException
Parses the SASL response and extracts the authzid, authcid and pwd from the response.The specification for the SASL PLAIN mechanism mandates the format of the credentials to be of the form:
[authzid] UTF8NUL authcid UTF8NUL passwd
.- Parameters:
saslResponse
- The SASL response to parse.- Returns:
- A String array containing the elements in the SASL response.
- Throws:
CredentialException
- If one of the elements (authzid, authcid and pwd) is missing from the SASL response or if the authcid or passwd element is empty.
-
-