Class AuthenticationConstants

java.lang.Object
org.eclipse.hono.util.AuthenticationConstants

public final class AuthenticationConstants extends Object
Constants related to authentication.
  • Field Details

    • APPLICATION_PROPERTY_TYPE

      public static final String APPLICATION_PROPERTY_TYPE
      The name of the AMQP message application property holding the type of token contained in the body.
      See Also:
    • ENDPOINT_NAME_AUTHENTICATION

      public static final String ENDPOINT_NAME_AUTHENTICATION
      The name of the authentication endpoint.
      See Also:
    • EVENT_BUS_ADDRESS_AUTHENTICATION_IN

      public static final String EVENT_BUS_ADDRESS_AUTHENTICATION_IN
      The vert.x event bus address inbound authentication requests are published on.
      See Also:
    • FIELD_AUTHORIZATION_ID

      public static final String FIELD_AUTHORIZATION_ID
      The name of the field containing the authorization ID granted as the result of a successful authentication.
      See Also:
    • FIELD_MECHANISM

      public static final String FIELD_MECHANISM
      The name of the field containing the SASL mechanism used for authentication.
      See Also:
    • FIELD_SASL_RESPONSE

      public static final String FIELD_SASL_RESPONSE
      The name of the field containing the SASL response the client has provided.
      See Also:
    • FIELD_SUBJECT_DN

      public static final String FIELD_SUBJECT_DN
      The name of the field containing the Subject DN of the certificate the client has used for EXTERNAL auth.
      See Also:
    • FIELD_TOKEN

      public static final String FIELD_TOKEN
      The name of the field containing the JSON Web Token representing an authenticated client and its authorities.
      See Also:
    • MECHANISM_PLAIN

      public static final String MECHANISM_PLAIN
      The PLAIN SASL mechanism name.
      See Also:
    • MECHANISM_EXTERNAL

      public static final String MECHANISM_EXTERNAL
      The EXTERNAL SASL mechanism name.
      See Also:
    • QUALIFIER_AUTHENTICATION

      public static final String QUALIFIER_AUTHENTICATION
      The qualifier to use for referring to components scoped to authentication.
      See Also:
    • TYPE_AMQP_JWT

      public static final String TYPE_AMQP_JWT
      The type indicating a JSON Web Token being contained in a message body.
      See Also:
  • Method Details

    • getAuthenticationRequest

      public static io.vertx.core.json.JsonObject getAuthenticationRequest(String mechanism, byte[] saslResponse)
      Creates a message for authenticating a client using SASL.
      Parameters:
      mechanism - The SASL mechanism to use for authentication.
      saslResponse - The SASL response containing the authentication information provided by the client.
      Returns:
      the message to be sent to the AuthenticationService.
      Throws:
      NullPointerException - if any of the params is null.
    • getAuthenticationReply

      public static io.vertx.core.json.JsonObject getAuthenticationReply(String token)
      Creates a message containing the JSON Web Token representing the successful authentication of a client.
      Parameters:
      token - The token containing the client's authorization ID and authorities as claims.
      Returns:
      The message.
    • getCommonName

      public static String getCommonName(String subject)
      Extracts the Common Name (CN) from a subject Distinguished Name (DN).
      Parameters:
      subject - The distinguished name.
      Returns:
      The common name or null if the subject does not contain a CN.
    • parseSaslResponse

      public static String[] parseSaslResponse(byte[] saslResponse) throws CredentialException
      Parses the SASL response and extracts the authzid, authcid and pwd from the response.

      The specification for the SASL PLAIN mechanism mandates the format of the credentials to be of the form: [authzid] UTF8NUL authcid UTF8NUL passwd.

      Parameters:
      saslResponse - The SASL response to parse.
      Returns:
      A String array containing the elements in the SASL response.
      Throws:
      CredentialException - If one of the elements (authzid, authcid and pwd) is missing from the SASL response or if the authcid or passwd element is empty.