net.jini.discovery.x500.SHA1withRSA discovery format, specified in
the Jini Discovery and Join Specification.See: Description
| Class | Description |
|---|---|
| Client |
Implements the client side of the
net.jini.discovery.x500.SHA1withRSA format. |
| Server |
Implements the server side of the
net.jini.discovery.x500.SHA1withRSA format. |
net.jini.discovery.x500.SHA1withRSA discovery format, specified in
the Jini Discovery and Join Specification. The Client class implements the client
side of the net.jini.discovery.x500.SHA1withRSA discovery format
for the multicast request and multicast announcement discovery protocols, while
the Server class implements the
server side of the discovery format for those protocols. Both classes are
intended to be specified in a resource to configure the operation of the Discovery class, as described in the documentation for
Discovery.getProtocol2(ClassLoader).
Client and Server support the following
constraints for the multicast request protocol:
ConstraintAlternatives if at
least one element is supported
Integrity.YES
ClientAuthentication.YES
Confidentiality.NO
ServerAuthentication.NO
Delegation.NO
ClientMaxPrincipal, when it contains an
X500Principal that has an RSA key as a
private credential
ClientMaxPrincipalType, when it
contains X500Principal
ClientMinPrincipal, when it contains a
single X500Principal only, that has an RSA key as a private
credential
ClientMinPrincipalType, when it
contains X500Principal only
ServerMinPrincipal
DelegationAbsoluteTime
DelegationRelativeTime
ServerMinPrincipal,
DelegationAbsoluteTime, and DelegationRelativeTime
constraints are trivially supported if ServerAuthentication.YES
and Delegation.YES are not supported.)
Both Client and Server support the following
constraints for the multicast announcement protocol:
ConstraintAlternatives if at
least one element is supported
Integrity.YES
ServerAuthentication.YES
ClientAuthentication.NO
Confidentiality.NO
Delegation.NO
ServerMinPrincipal, when it contains a
single X500Principal only, that has an RSA key as a private
credential
ClientMaxPrincipal
ClientMaxPrincipalType
ClientMinPrincipal
ClientMinPrincipalType
DelegationAbsoluteTime
DelegationRelativeTime
ClientMaxPricipal, ClientMaxPrincipalType,
ClientMinPrincipal, ClientMinPrincipalType,
DelegationAbsoluteTime, and DelegationRelativeTime
constraints are trivially supported if ClientAuthentication.YES
and Delegation.YES are not supported.)
Client and Server can be configured through use
of the following system properties:
org.apache.river.discovery.x500.trustStore
javax.net.ssl.trustStore system property is consulted. If
that property is unspecified as well, then the
<java-home>/lib/security/cacerts file is used. The
applicable system property, if specified, is treated as a URL if it can
be parsed as such; if it cannot be parsed, it is treated as a file name.
org.apache.river.discovery.x500.trustStoreType
org.apache.river.discovery.x500.trustStore system
property is being used to specify the truststore location, then this
system property can be used to specify the type of the truststore to
load. By default, the value returned by
KeyStore.getDefaultType() is used.
org.apache.river.discovery.x500.trustStorePassword
org.apache.river.discovery.x500.trustStore system
property is being used to specify the truststore location, then this
system property can be used to specify the password for accessing the
contents of the truststore. If it is not specified, then no password is
used when accessing the truststore.
org.apache.river.discovery.x500.ldapCertStores
CertStores to use for mapping received X.500 principals to
corresponding X.509 certificates. If set, it should contain a
comma-separated list of strings of the form
"<hostname>:<port>" or
"<hostname>", where each string indicates the network
address of an LDAP server to consult. If a given string does not
specify a port, a default port number of 389 is used.
javax.net.ssl.trustStore
org.apache.river.discovery.x500.trustStore system
property is not set, then this system property can be used to specify
the truststore from which to obtain certificates for trusted entities.
If neither this property nor the
org.apache.river.discovery.x500.trustStore property is
specified, then the <java-home>/lib/security/cacerts
file is used.
javax.net.ssl.trustStoreType
javax.net.ssl.trustStore system property is being
used to specify the truststore location, then this system property can
be used to specify the type of the truststore to load. By default, the
value returned by KeyStore.getDefaultType() is used.
javax.net.ssl.trustStorePassword
javax.net.ssl.trustStore system property is being
used to specify the truststore location, then this system property can
be used to specify the password for accessing the contents of the
truststore. If it is not specified, then no password is used when
accessing the truststore.
Client and Server use the
Logger named org.apache.river.discovery.x500
to log information at the following logging levels:
| Level | Description |
|---|---|
| WARNING | Failure to initialize a certificate store |
| FINE | Exceptions mapping X.500 principals to X.509 certificates, as well as exceptions resulting from inadequate permissions to use private credentials corresponding to an X.500 principal |
| FINEST | Debugging trace information, such as the truststore and certificate stores in use, the X.500 principal used for signing a given packet, and the mapping of X.500 principals to corresponding X.509 certificates |
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.