public class Authentication
extends java.lang.Object
| Constructor and Description |
|---|
Authentication(RestPkiClient client) |
| Modifier and Type | Method and Description |
|---|---|
ValidationResults |
complete(java.lang.String nonce,
java.lang.String certificate,
java.lang.String signature,
SecurityContext securityContext)
Performs the final of two steps, receiving (1) the cryptographic nonce previously generated; (2) the user's certificate
encoding; (3) the signature of the nonce and (4) a security context and yielding a ValidationResults.
|
ValidationResults |
completeWithWebPki(java.lang.String token) |
PKCertificate |
getPKCertificate()
Returns the user certificate's information (must only be called after calling the complete() method).
|
java.lang.String |
start()
Performs the first of two steps, yielding a cryptographic nonce that must be signed using the user certificate's
private key.
|
java.lang.String |
startWithWebPki(SecurityContext securityContext) |
public Authentication(RestPkiClient client)
public java.lang.String start()
throws RestException
If you are using the Web PKI component to perform the client-side signature, this value must be passed to the component's method signData. The nonce is returned encoded in Base64, which is the same encoding expected by the component's signData method.
RestException - If an error occurs while calling the REST PKI API.public java.lang.String startWithWebPki(SecurityContext securityContext) throws RestException
RestExceptionpublic ValidationResults complete(java.lang.String nonce, java.lang.String certificate, java.lang.String signature, SecurityContext securityContext) throws RestException
The security context is used to determine if the user certificate can be trusted, and is mandatory. You can use one of the predefined security contexts such as pkiBrazil or pkiItaly, or you can create a custom security context by accessing the REST PKI site.
This method does not throw an exception if the validation of the user's certificate fails. Instead, it returns a ValidationResults with validation errors. In order to determine whether the authentication was successful, you must call the isValid() method on the returned ValidationResults object.
nonce - The cryptographic nonce generated in the first step, which was signed with the user certificate's private key.certificate - The binary encoding of the user's certificate, encoded in Base64 (this is the format returned by the Web PKI component's readCertificate method).signature - The digital signature of the nonce using the user certificate's private key, encoded in Base64 (this is the format returned by the Web PKI component's signData method).securityContext - The security context to be used to validate the user's certificate.RestException - If an error occurs while calling the REST PKI API (this method does not throw an exception if the validation of the user's certificate fails).public ValidationResults completeWithWebPki(java.lang.String token) throws RestException
RestExceptionpublic PKCertificate getPKCertificate()
Note: if the authentication is successful, this method is guaranteed to return an object instance. However, if the authentication fails, this method may return null.