Interface AuthConfiguredSocketFactoryService
- All Superinterfaces:
AuthConfigService<SocketFactory>
- All Known Implementing Classes:
DefaultAuthConfiguredSocketFactoryService
SocketFactory.
Service resolves provided authentication data to valid SocketFactory which
performs authorization or encryption as specified in authentication string.
Authentication string must follow syntax: <method>:<method_data>.
Where <method> is one of supported authentication methods
and <method_data> are data necessary for this method. Parameters follow syntax
<parameter1>=<value1>,<parameter2>=<value2>, unless specified otherwise. Special characters `,=`
in parameters can be escaped with backslash character `\`. Double backslash `\\` will be
translated to single backslash.
Alternative format for authentication data is parameters map. It supports any kind of data. It is used primary
for credentials data, that cannot be stored as authentication string and for internal purposes.
Each parameters map have required entry method which is the equivalent of method from authentication string.
All other data in map translates to method parameters.
Currently supported auth methods are:
client_cert- which gives support for TLS mutual authentication.build_in- which resolves to one of other methods for which configuration is embedded into system.vault- which resolves to one of other methods for which configuration is stored in secure vault (if supported).
Authentication method client_cert supports following parameters:
cert- which should point to X.509 certificate file (required)privkey- which should point to PKCS8 private key file (required)password_file- which should point to file with password to certificate or private key (optional)password- which should be password to certificate or private key (optional)cert_bytes- certificate passed as byte array (alternative tocert). Supported only in parameters map.privkey_bytes- private key passed as byte array (alternative toprivkey). Supported only in parameters map.
Authentication method vault do not support parameters syntax in auth string, but expects storage key
of credential to retrieve from vault. For parameters map use value parameter to pass storage key.
-
Method Summary
Modifier and TypeMethodDescriptionextendTrustedCertificates(Collection<X509Certificate> certificates) Creates new version ofAuthConfiguredSocketFactoryServicethat will trust certificates passed in parameter on top of already trusted certificates.resolveFromSettings(Map<String, Object> authenticationData) Creates instance of helperSocketFactorybased on provided auth data.resolveFromString(String authenticationData) Creates instance of helperSocketFactorybased on provided auth string.
-
Method Details
-
extendTrustedCertificates
AuthConfiguredSocketFactoryService extendTrustedCertificates(Collection<X509Certificate> certificates) Creates new version ofAuthConfiguredSocketFactoryServicethat will trust certificates passed in parameter on top of already trusted certificates. Useful to connecting to services that use custom root certificates- Parameters:
certificates- collection of certificates to be trusted by created instances ofSocketFactory- Returns:
- new instance of
AuthConfiguredSocketFactoryServicewith extended list of trusted certificates
-
resolveFromString
Creates instance of helperSocketFactorybased on provided auth string. Auth string must have format<method>:<method_data>. See interface javadoc for details.- Specified by:
resolveFromStringin interfaceAuthConfigService<SocketFactory>- Parameters:
authenticationData- auth string containing settings- Returns:
- configured
SocketFactoryobject
-
resolveFromSettings
Creates instance of helperSocketFactorybased on provided auth data.- Specified by:
resolveFromSettingsin interfaceAuthConfigService<SocketFactory>- Parameters:
authenticationData- map of auth data. See interface javadoc for details.- Returns:
- configured
SocketFactoryobject
-