Class SignatureCallback

  • All Implemented Interfaces:
    java.io.Serializable, javax.security.auth.callback.Callback

    public class SignatureCallback
    extends java.lang.Object
    implements javax.security.auth.callback.Callback, java.io.Serializable
    SignatureCallback provides a Callback implementation used to perform PKI authentication. This callback is instantiated by the server with a random token which must be signed using the user's certificate which contains one of the recognizedAuthorities within it certificate chain.

    It is the responsibility of the callback handler to invoke the sign(X509Certificate[], byte[]) and return this object in response to the callback.

    See Also:
    Serialized Form
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static long serialVersionUID  
    • Constructor Summary

      Constructors 
      Constructor Description
      SignatureCallback​(javax.security.auth.x500.X500Principal[] recognizedAuthorities, byte[] token, byte[] serverSignature)
      Construct callback with a random token to be signed by the client.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.security.cert.X509Certificate[] getCertificateChain()
      Returns certificate chain used to sign token.
      java.security.Principal[] getRecognizedAuthorities()
      Returns list of approved certificate authorities.
      byte[] getServerSignature()
      Returns the server's signature of the token bytes.
      java.lang.String getSigAlg()  
      byte[] getSignature()
      Returns signed token bytes set by callback handler.
      byte[] getToken()
      Returns token to be signed using user certificate.
      void sign​(java.security.cert.X509Certificate[] sigCertChain, byte[] certSignature)
      Set token signature data.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • SignatureCallback

        public SignatureCallback​(javax.security.auth.x500.X500Principal[] recognizedAuthorities,
                                 byte[] token,
                                 byte[] serverSignature)
        Construct callback with a random token to be signed by the client.
        Parameters:
        recognizedAuthorities - list of CA's from which one must occur within the certificate chain of the signing certificate.
        token - random bytes to be signed
    • Method Detail

      • getRecognizedAuthorities

        public java.security.Principal[] getRecognizedAuthorities()
        Returns list of approved certificate authorities.
      • getToken

        public byte[] getToken()
        Returns token to be signed using user certificate.
      • getSignature

        public byte[] getSignature()
        Returns signed token bytes set by callback handler.
      • getServerSignature

        public byte[] getServerSignature()
        Returns the server's signature of the token bytes.
      • getCertificateChain

        public java.security.cert.X509Certificate[] getCertificateChain()
        Returns certificate chain used to sign token.
      • sign

        public void sign​(java.security.cert.X509Certificate[] sigCertChain,
                         byte[] certSignature)
        Set token signature data. Method must be invoked by callback handler.
        Parameters:
        sigCertChain - certificate chain used to sign token.
        certSignature - token signature
      • getSigAlg

        public java.lang.String getSigAlg()