org.eclipse.milo.opcua.sdk.server.identity

Class AbstractIdentityValidator<T>

java.lang.Object

org.eclipse.milo.opcua.sdk.server.identity.AbstractIdentityValidator<T>

All Implemented Interfaces:

IdentityValidator<T>

Direct Known Subclasses:

AbstractUsernameIdentityValidator, AbstractX509IdentityValidator, AnonymousIdentityValidator

public abstract class AbstractIdentityValidator<T>
extends Object
implements IdentityValidator<T>

Constructor Summary

Constructors

Constructor and Description
AbstractIdentityValidator()

Method Summary

Modifier and Type	Method and Description
protected byte[]	decryptTokenData(Session session, SecurityAlgorithm algorithm, byte[] dataBytes) Decrypt the data contained in a UserNameIdentityToken or IssuedIdentityToken.
protected T	validateAnonymousToken(Session session, AnonymousIdentityToken token, UserTokenPolicy tokenPolicy, SignatureData tokenSignature) Validate an AnonymousIdentityToken and return an identity Object that represents the user.
T	validateIdentityToken(Session session, UserIdentityToken token, UserTokenPolicy tokenPolicy, SignatureData tokenSignature) Validate the provided UserIdentityToken and return an identity Object that represents the user.
protected T	validateIssuedIdentityToken(Session session, IssuedIdentityToken token, UserTokenPolicy tokenPolicy, SignatureData tokenSignature) Validate an IssuedIdentityToken and return an identity Object that represents the user.
protected T	validateUsernameToken(Session session, UserNameIdentityToken token, UserTokenPolicy tokenPolicy, SignatureData tokenSignature) Validate a UserNameIdentityToken and return an identity Object that represents the user.
protected T	validateX509Token(Session session, X509IdentityToken token, UserTokenPolicy tokenPolicy, SignatureData tokenSignature) Validate an X509IdentityToken and return an identity Object that represents the user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractIdentityValidator

public AbstractIdentityValidator()

Method Detail

validateIdentityToken

public T validateIdentityToken(Session session,
                               UserIdentityToken token,
                               UserTokenPolicy tokenPolicy,
                               SignatureData tokenSignature)
                        throws UaException

Description copied from interface: IdentityValidator

Validate the provided UserIdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Specified by:

validateIdentityToken in interface IdentityValidator<T>

Parameters:

session - the Session the request is arriving on.

token - the UserIdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

tokenSignature - the SignatureData sent in the ActivateSessionRequest

Returns:

an identity object of type T that represents the authenticated user.

Throws:

UaException - if the token is invalid, rejected, or user access is denied.

validateAnonymousToken

protected T validateAnonymousToken(Session session,
                                   AnonymousIdentityToken token,
                                   UserTokenPolicy tokenPolicy,
                                   SignatureData tokenSignature)
                            throws UaException

Validate an AnonymousIdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Parameters:

session - the Session the request is arriving on.

token - the AnonymousIdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

tokenSignature - the SignatureData sent in the ActivateSessionRequest.

Returns:

an identity Object that represents the user.

Throws:

UaException - if the token is invalid, rejected, or user access is denied.

validateUsernameToken

protected T validateUsernameToken(Session session,
                                  UserNameIdentityToken token,
                                  UserTokenPolicy tokenPolicy,
                                  SignatureData tokenSignature)
                           throws UaException

Validate a UserNameIdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Parameters:

session - the Session the request is arriving on.

token - the UserNameIdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

tokenSignature - the SignatureData sent in the ActivateSessionRequest.

Returns:

an identity Object that represents the user.

Throws:

UaException - if the token is invalid, rejected, or user access is denied.

validateX509Token

protected T validateX509Token(Session session,
                              X509IdentityToken token,
                              UserTokenPolicy tokenPolicy,
                              SignatureData tokenSignature)
                       throws UaException

Validate an X509IdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Parameters:

session - the Session the request is arriving on.

token - the X509IdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

tokenSignature - the SignatureData sent in the ActivateSessionRequest.

Returns:

an identity Object that represents the user.

Throws:

UaException - if the token is invalid, rejected, or user access is denied.

validateIssuedIdentityToken

protected T validateIssuedIdentityToken(Session session,
                                        IssuedIdentityToken token,
                                        UserTokenPolicy tokenPolicy,
                                        SignatureData tokenSignature)
                                 throws UaException

Validate an IssuedIdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Parameters:

session - the Session the request is arriving on.

token - the IssuedIdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

tokenSignature - the SignatureData sent in the ActivateSessionRequest.

Returns:

an identity Object that represents the user.

Throws:

UaException - if the token is invalid, rejected, or user access is denied.

decryptTokenData

protected byte[] decryptTokenData(Session session,
                                  SecurityAlgorithm algorithm,
                                  byte[] dataBytes)
                           throws UaException

Decrypt the data contained in a UserNameIdentityToken or IssuedIdentityToken.

See UserNameIdentityToken.getPassword() and IssuedIdentityToken.getTokenData().

Parameters:

session - the current Session.

dataBytes - the encrypted data.

Returns:

the decrypted data.

Throws:

UaException - if decryption fails.