Skip navigation links

Package org.apache.river.discovery.x500.sha1withdsa

Provides an implementation of the net.jini.discovery.x500.SHA1withDSA discovery format, specified in the Jini Discovery and Join Specification.

See: Description

Package org.apache.river.discovery.x500.sha1withdsa Description

Provides an implementation of the net.jini.discovery.x500.SHA1withDSA discovery format, specified in the Jini Discovery and Join Specification. The Client class implements the client side of the net.jini.discovery.x500.SHA1withDSA discovery format for the multicast request and multicast announcement discovery protocols, while the Server class implements the server side of the discovery format for those protocols. Both classes are intended to be specified in a resource to configure the operation of the Discovery class, as described in the documentation for Discovery.getProtocol2(ClassLoader).

Supported Constraints

Both Client and Server support the following constraints for the multicast request protocol: (Note that ServerMinPrincipal, DelegationAbsoluteTime, and DelegationRelativeTime constraints are trivially supported if ServerAuthentication.YES and Delegation.YES are not supported.)

Both Client and Server support the following constraints for the multicast announcement protocol:

(Note that ClientMaxPricipal, ClientMaxPrincipalType, ClientMinPrincipal, ClientMinPrincipalType, DelegationAbsoluteTime, and DelegationRelativeTime constraints are trivially supported if ClientAuthentication.YES and Delegation.YES are not supported.)

System Properties

Both Client and Server can be configured through use of the following system properties:

org.apache.river.discovery.x500.trustStore
This system property can be used to specify the location of an alternate truststore from which to obtain certificates for trusted entities. If this property is not specified, then the javax.net.ssl.trustStore system property is consulted. If that property is unspecified as well, then the <java-home>/lib/security/cacerts file is used. The applicable system property, if specified, is treated as a URL if it can be parsed as such; if it cannot be parsed, it is treated as a file name.

org.apache.river.discovery.x500.trustStoreType
If the org.apache.river.discovery.x500.trustStore system property is being used to specify the truststore location, then this system property can be used to specify the type of the truststore to load. By default, the value returned by KeyStore.getDefaultType() is used.

org.apache.river.discovery.x500.trustStorePassword
If the org.apache.river.discovery.x500.trustStore system property is being used to specify the truststore location, then this system property can be used to specify the password for accessing the contents of the truststore. If it is not specified, then no password is used when accessing the truststore.

org.apache.river.discovery.x500.ldapCertStores
This system property can be used to specify a list of LDAP-backed CertStores to use for mapping received X.500 principals to corresponding X.509 certificates. If set, it should contain a comma-separated list of strings of the form "<hostname>:<port>" or "<hostname>", where each string indicates the network address of an LDAP server to consult. If a given string does not specify a port, a default port number of 389 is used.

javax.net.ssl.trustStore
If the org.apache.river.discovery.x500.trustStore system property is not set, then this system property can be used to specify the truststore from which to obtain certificates for trusted entities. If neither this property nor the org.apache.river.discovery.x500.trustStore property is specified, then the <java-home>/lib/security/cacerts file is used.

javax.net.ssl.trustStoreType
If the javax.net.ssl.trustStore system property is being used to specify the truststore location, then this system property can be used to specify the type of the truststore to load. By default, the value returned by KeyStore.getDefaultType() is used.

javax.net.ssl.trustStorePassword
If the javax.net.ssl.trustStore system property is being used to specify the truststore location, then this system property can be used to specify the password for accessing the contents of the truststore. If it is not specified, then no password is used when accessing the truststore.

Logging

Both Client and Server use the Logger named org.apache.river.discovery.x500 to log information at the following logging levels:

Level Description
WARNING Failure to initialize a certificate store
FINE Exceptions mapping X.500 principals to X.509 certificates, as well as exceptions resulting from inadequate permissions to use private credentials corresponding to an X.500 principal
FINEST Debugging trace information, such as the truststore and certificate stores in use, the X.500 principal used for signing a given packet, and the mapping of X.500 principals to corresponding X.509 certificates
Since:
2.0
See Also:
"Jini Discovery and Join Specification"
Skip navigation links

Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.