com.solace.messaging.config

Class AuthenticationStrategy.ClientCertificateAuthentication

java.lang.Object

com.solace.messaging.config.AuthenticationStrategy.ClientCertificateAuthentication

All Implemented Interfaces:

AuthenticationStrategy, TypedConfiguration

Enclosing interface:

AuthenticationStrategy

@ProviderType
public static final class AuthenticationStrategy.ClientCertificateAuthentication
extends Object
implements AuthenticationStrategy

A class for a Client Certificate Authentication provider.

Secure sessions must be used to establish TLS/SSL-encrypted client connections to the event broker. TransportSecurityStrategy.TLS is required with Client Certificate Authentication.

For a client to use a Client Certificate Authentication scheme, the hosting event broker must be configured for TLS/SSL connections, and Client Certificate Verification must be enabled for the particular Message VPN to which the client connects.

Since:

1.0

Nested Class Summary

Nested classes/interfaces inherited from interface com.solace.messaging.config.AuthenticationStrategy

AuthenticationStrategy.BasicUserNamePassword, AuthenticationStrategy.ClientCertificateAuthentication, AuthenticationStrategy.Kerberos, AuthenticationStrategy.OAuth2

Method Summary

Modifier and Type	Method and Description
TypedProperties	getAuthenticationConfiguration()
static AuthenticationStrategy.ClientCertificateAuthentication	of(String keystoreURL, String keystorePassword) A factory method that creates a new instance to be used for Client Certificate Authentication.
static AuthenticationStrategy.ClientCertificateAuthentication	of(String keystoreURL, String keystorePassword, SecureStoreFormat keyStoreFormat) A factory method that creates a new instance to be used for Client Certificate Authentication.
AuthenticationStrategy.ClientCertificateAuthentication	withKeyStorePrivateKeyAlias(String privateKeyAlias) Configures a private key-alias to be used when there is more than one private key is present in a keystore.
AuthenticationStrategy.ClientCertificateAuthentication	withPrivateKeyPassword(String privateKeyPassword) Configure the password to use to decrypt the private key from the keystore.
AuthenticationStrategy.ClientCertificateAuthentication	withPrivateKeyPassword(String privateKeyPassword, String privateKeyAlias) Configures password that will be used to decrypt the private key from the key store.
AuthenticationStrategy.ClientCertificateAuthentication	withTrustStore(String trustStoreURL, String trustStorePassword, SecureStoreFormat trustStoreFormat) Configures non-default truststore.
AuthenticationStrategy.ClientCertificateAuthentication	withUserName(String userName) Configures client-username.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.solace.messaging.config.TypedConfiguration

getConfiguration

Method Detail

getAuthenticationConfiguration

public TypedProperties getAuthenticationConfiguration()

of

public static AuthenticationStrategy.ClientCertificateAuthentication of(String keystoreURL,
                                                                        String keystorePassword)

A factory method that creates a new instance to be used for Client Certificate Authentication. This constructor uses the KeyStore.getDefaultType() type for keystore. No private key-alias is provided, so that it is presumed that keystore contains only a single private key.

Parameters:

keystoreURL - the URL or path-formatted location of the keystore

keystorePassword - the keystore password

Returns:

a new instance of this class

Since:

1.0

of

public static AuthenticationStrategy.ClientCertificateAuthentication of(String keystoreURL,
                                                                        String keystorePassword,
                                                                        SecureStoreFormat keyStoreFormat)

A factory method that creates a new instance to be used for Client Certificate Authentication. No private key-alias is provided, so that it is presumed that the keystore contains only single private key.

Parameters:

keystoreURL - the URL or path-formatted location of the keystore

keystorePassword - the keystore password

keyStoreFormat - the format of the keystore file

Returns:

a new instance of this class

Since:

1.0

withKeyStorePrivateKeyAlias

public AuthenticationStrategy.ClientCertificateAuthentication withKeyStorePrivateKeyAlias(String privateKeyAlias)

Configures a private key-alias to be used when there is more than one private key is present in a keystore.

Parameters:

privateKeyAlias - the private key-alias

Returns:

an instance of itself

Since:

1.0

withPrivateKeyPassword

public AuthenticationStrategy.ClientCertificateAuthentication withPrivateKeyPassword(String privateKeyPassword)

Configure the password to use to decrypt the private key from the keystore. When this property is not specified, the private key will be decrypted using a default truststore password.

Parameters:

privateKeyPassword - the password for the private key if different from a keystore password.

Returns:

an instance of itself

Since:

1.0

withPrivateKeyPassword

public AuthenticationStrategy.ClientCertificateAuthentication withPrivateKeyPassword(String privateKeyPassword,
                                                                                     String privateKeyAlias)

Configures password that will be used to decrypt the private key from the key store. Specifies also an alias when more then one private key exists in a keystore. When this property is not specified, the private key will be decrypted using default truststore password

If there is only one private key entry in the keystore then use AuthenticationStrategy.ClientCertificateAuthentication.withPrivateKeyPassword(String)

Parameters:

privateKeyPassword - the password for the private key if it is different from the keystore password

privateKeyAlias - the private key-alias

Returns:

an instance of itself

Since:

1.0

withTrustStore

public AuthenticationStrategy.ClientCertificateAuthentication withTrustStore(String trustStoreURL,
                                                                             String trustStorePassword,
                                                                             SecureStoreFormat trustStoreFormat)

Configures non-default truststore. Truststore is used to store trusted certificates incl. certification authorities

Parameters:

trustStoreURL - the URL of the truststore file

trustStorePassword - the password for the truststore file

trustStoreFormat - the format of the truststore file

Returns:

an instance of itself

Since:

1.0

withUserName

public AuthenticationStrategy.ClientCertificateAuthentication withUserName(String userName)

Configures client-username. The broker uses the Common Name from the X.509 certificate as the client-username for authentication. If the "Allow API Provided Username" (not recommended) feature is enabled on the Message VPN, then the given client-username is used for authentication instead.

Parameters:

userName - user name

Returns:

an instance of itself

Since:

1.0