public class GenericTokenReader extends CredentialReader
All communication with the token is done using the PKCS#11 version 2.01 API.
Create a GenericTokenReader that reads certificates and keys
from a given P11 slot using metadata from
GenericTokenReader.IdentityInfo which holds:
You must specify the certificate CA chain as they apply to your end-user-certificate. You must use one of the following options to supply the certificate chain:
IdentityInfo.setCertChain( )CertVerifier using
IdentityInfo.setCertVerifier( )IdentityInfo.setRootCaCertSubjectName( ) and/or
IdentityInfo.setCaCertSubjectName( ). Intermediate CA certificates are
not supported in this manner. This method is limited to being successful if
and only if there is 1 certificate per rootCACert and/or caCert. For example
if the rootCaCert has rolled over and 2 certificates exist with the same
subjectName, this method will fail by design. The caller should use the
alternate options to specify the CA chain.Additionally you can override the following default filters to change the reader behavior
TokenIdentityFilter allows you to specify how an identity is
recognized on the token. By default, an identity is recognized as a unique
subjectName+issuerName.GenericIdentityFilter allows you to specify the identity you are
searching for on the token. By default, we select an identity by
subjectName.GenericCertificateFilter allows you to specify which certificates
are accepted from an identity. By default, we accept any valid certificates
ie expired certificates are excluded.
PKCS11LibraryConnection p11LibConn = new PKCS11LibraryConnection(P11_LIB);
long slotId = new PKCS11Information(p11LibConn).getSlotList(true).getSlotIDs()[0];
SecureStringBuffer securePassword = new SecureStringBuffer(PASSWORD);
IdentityInfo identifyInfo = new IdentityInfo("CN=John Doe, OU=orgUnit,O=ORG,C=CA");
identityInfo.setCertChain(new X509Certificate[] {rootCaCert, intermediateCert, caCert});
CredentialReader credentialReader = new GenericTokenReader(p11LibConn, slotId, identityInfo);
User user = new User();
user.login(credentialReader, securePassword);
| Modifier and Type | Class and Description |
|---|---|
static class |
GenericTokenReader.IdentityInfo
IdentityInfo is a bean object that provides metadata to
GenericTokenReader. |
| Constructor and Description |
|---|
GenericTokenReader(PKCS11LibraryConnection pkcs11LibraryConnection,
long slotID,
GenericTokenReader.IdentityInfo identityInfo)
Creates a
TokenReader object. |
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
getType()
Returns the type (name) of this specific credential reader, which is
"GenericTokenReader".
|
checkPwdpublic GenericTokenReader(PKCS11LibraryConnection pkcs11LibraryConnection, long slotID, GenericTokenReader.IdentityInfo identityInfo)
TokenReader object.
When the user logs in, the token located at the indicated slot ID will be connected to using the PKCS#11 library provided.
pkcs11LibraryConnection - slotID - identityInfo - public java.lang.String getType()
getType in class CredentialReader