net.jini.discovery.x500.SHA256withDSA
discovery format, specified in
the Jini Discovery and Join Specification.See: Description
Class | Description |
---|---|
Client |
Implements the client side of the
net.jini.discovery.x500.SHA256withDSA format. |
Server |
Implements the server side of the
net.jini.discovery.x500.SHA256withDSA format. |
net.jini.discovery.x500.SHA256withDSA
discovery format, specified in
the Jini Discovery and Join Specification. The Client
class implements the client
side of the net.jini.discovery.x500.SHA256withDSA
discovery format
for the multicast request and multicast announcement discovery protocols, while
the Server
class implements the
server side of the discovery format for those protocols. Both classes are
intended to be specified in a resource to configure the operation of the Discovery
class, as described in the documentation for
Discovery.getProtocol2(ClassLoader)
.
Client
and Server
support the following
constraints for the multicast request protocol:
ConstraintAlternatives
if at
least one element is supported
Integrity.YES
ClientAuthentication.YES
Confidentiality.NO
ServerAuthentication.NO
Delegation.NO
ClientMaxPrincipal
, when it contains an
X500Principal
that has a DSA key as a
private credential
ClientMaxPrincipalType
, when it
contains X500Principal
ClientMinPrincipal
, when it contains a
single X500Principal
only, that has a DSA key as a private
credential
ClientMinPrincipalType
, when it
contains X500Principal
only
ServerMinPrincipal
DelegationAbsoluteTime
DelegationRelativeTime
ServerMinPrincipal
,
DelegationAbsoluteTime
, and DelegationRelativeTime
constraints are trivially supported if ServerAuthentication.YES
and Delegation.YES
are not supported.)
Both Client
and Server
support the following
constraints for the multicast announcement protocol:
ConstraintAlternatives
if at
least one element is supported
Integrity.YES
ServerAuthentication.YES
ClientAuthentication.NO
Confidentiality.NO
Delegation.NO
ServerMinPrincipal
, when it contains a
single X500Principal
only, that has a DSA key as a private
credential
ClientMaxPrincipal
ClientMaxPrincipalType
ClientMinPrincipal
ClientMinPrincipalType
DelegationAbsoluteTime
DelegationRelativeTime
ClientMaxPricipal
, ClientMaxPrincipalType
,
ClientMinPrincipal
, ClientMinPrincipalType
,
DelegationAbsoluteTime
, and DelegationRelativeTime
constraints are trivially supported if ClientAuthentication.YES
and Delegation.YES
are not supported.)
Client
and Server
can be configured through use
of the following system properties:
org.apache.river.discovery.x500.trustStore
javax.net.ssl.trustStore
system property is consulted. If
that property is unspecified as well, then the
<java-home>/lib/security/cacerts
file is used. The
applicable system property, if specified, is treated as a URL if it can
be parsed as such; if it cannot be parsed, it is treated as a file name.
org.apache.river.discovery.x500.trustStoreType
org.apache.river.discovery.x500.trustStore
system
property is being used to specify the truststore location, then this
system property can be used to specify the type of the truststore to
load. By default, the value returned by
KeyStore.getDefaultType()
is used.
org.apache.river.discovery.x500.trustStorePassword
org.apache.river.discovery.x500.trustStore
system
property is being used to specify the truststore location, then this
system property can be used to specify the password for accessing the
contents of the truststore. If it is not specified, then no password is
used when accessing the truststore.
org.apache.river.discovery.x500.ldapCertStores
CertStore
s to use for mapping received X.500 principals to
corresponding X.509 certificates. If set, it should contain a
comma-separated list of strings of the form
"<hostname>:<port>"
or
"<hostname>"
, where each string indicates the network
address of an LDAP server to consult. If a given string does not
specify a port, a default port number of 389
is used.
javax.net.ssl.trustStore
org.apache.river.discovery.x500.trustStore
system
property is not set, then this system property can be used to specify
the truststore from which to obtain certificates for trusted entities.
If neither this property nor the
org.apache.river.discovery.x500.trustStore
property is
specified, then the <java-home>/lib/security/cacerts
file is used.
javax.net.ssl.trustStoreType
javax.net.ssl.trustStore
system property is being
used to specify the truststore location, then this system property can
be used to specify the type of the truststore to load. By default, the
value returned by KeyStore.getDefaultType()
is used.
javax.net.ssl.trustStorePassword
javax.net.ssl.trustStore
system property is being
used to specify the truststore location, then this system property can
be used to specify the password for accessing the contents of the
truststore. If it is not specified, then no password is used when
accessing the truststore.
Client
and Server
use the
Logger
named org.apache.river.discovery.x500
to log information at the following logging levels:
Level | Description |
---|---|
WARNING | Failure to initialize a certificate store |
FINE | Exceptions mapping X.500 principals to X.509 certificates, as well as exceptions resulting from inadequate permissions to use private credentials corresponding to an X.500 principal |
FINEST | Debugging trace information, such as the truststore and certificate stores in use, the X.500 principal used for signing a given packet, and the mapping of X.500 principals to corresponding X.509 certificates |
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.