com.digitalpetri.opcua.sdk.server.identity

Class IdentityValidator

java.lang.Object

com.digitalpetri.opcua.sdk.server.identity.IdentityValidator

Direct Known Subclasses:

AnonymousIdentityValidator, UsernameIdentityValidator

public abstract class IdentityValidator
extends Object

Constructor Summary

Constructors

Constructor and Description
IdentityValidator()

Method Summary

Modifier and Type	Method and Description
protected byte[]	decryptTokenData(com.digitalpetri.opcua.stack.core.channel.SecureChannel secureChannel, com.digitalpetri.opcua.stack.core.security.SecurityAlgorithm algorithm, byte[] dataBytes) Decrypt the data contained in a UserNameIdentityToken or IssuedIdentityToken.
Object	validateAnonymousToken(com.digitalpetri.opcua.stack.core.types.structured.AnonymousIdentityToken token, com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy tokenPolicy, com.digitalpetri.opcua.stack.core.channel.SecureChannel channel, Session session) Validate an AnonymousIdentityToken and return an identity Object that represents the user.
Object	validateIssuedIdentityToken(com.digitalpetri.opcua.stack.core.types.structured.IssuedIdentityToken token, com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy tokenPolicy, com.digitalpetri.opcua.stack.core.channel.SecureChannel channel, Session session) Validate an IssuedIdentityToken and return an identity Object that represents the user.
Object	validateUsernameToken(com.digitalpetri.opcua.stack.core.types.structured.UserNameIdentityToken token, com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy tokenPolicy, com.digitalpetri.opcua.stack.core.channel.SecureChannel channel, Session session) Validate a UserNameIdentityToken and return an identity Object that represents the user.
Object	validateX509Token(com.digitalpetri.opcua.stack.core.types.structured.X509IdentityToken token, com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy tokenPolicy, com.digitalpetri.opcua.stack.core.channel.SecureChannel channel, Session session) Validate an X509IdentityToken and return an identity Object that represents the user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

IdentityValidator

public IdentityValidator()

Method Detail

validateAnonymousToken

public Object validateAnonymousToken(com.digitalpetri.opcua.stack.core.types.structured.AnonymousIdentityToken token,
                                     com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy tokenPolicy,
                                     com.digitalpetri.opcua.stack.core.channel.SecureChannel channel,
                                     Session session)
                              throws com.digitalpetri.opcua.stack.core.UaException

Validate an AnonymousIdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Parameters:

token - the AnonymousIdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

channel - the SecureChannel the request is arriving on.

session - the Session the request is arriving on.

Returns:

an identity Object that represents the user.

Throws:

com.digitalpetri.opcua.stack.core.UaException - if the token is invalid, rejected, or user access is denied.

validateUsernameToken

public Object validateUsernameToken(com.digitalpetri.opcua.stack.core.types.structured.UserNameIdentityToken token,
                                    com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy tokenPolicy,
                                    com.digitalpetri.opcua.stack.core.channel.SecureChannel channel,
                                    Session session)
                             throws com.digitalpetri.opcua.stack.core.UaException

Validate a UserNameIdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Parameters:

token - the UserNameIdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

channel - the SecureChannel the request is arriving on.

session - the Session the request is arriving on.

Returns:

an identity Object that represents the user.

Throws:

com.digitalpetri.opcua.stack.core.UaException - if the token is invalid, rejected, or user access is denied.

validateX509Token

public Object validateX509Token(com.digitalpetri.opcua.stack.core.types.structured.X509IdentityToken token,
                                com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy tokenPolicy,
                                com.digitalpetri.opcua.stack.core.channel.SecureChannel channel,
                                Session session)
                         throws com.digitalpetri.opcua.stack.core.UaException

Validate an X509IdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Parameters:

token - the X509IdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

channel - the SecureChannel the request is arriving on.

session - the Session the request is arriving on.

Returns:

an identity Object that represents the user.

Throws:

com.digitalpetri.opcua.stack.core.UaException - if the token is invalid, rejected, or user access is denied.

validateIssuedIdentityToken

public Object validateIssuedIdentityToken(com.digitalpetri.opcua.stack.core.types.structured.IssuedIdentityToken token,
                                          com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy tokenPolicy,
                                          com.digitalpetri.opcua.stack.core.channel.SecureChannel channel,
                                          Session session)
                                   throws com.digitalpetri.opcua.stack.core.UaException

Validate an IssuedIdentityToken and return an identity Object that represents the user.

This Object should implement equality in such a way that a subsequent identity validation for the same user yields a comparable Object.

Parameters:

token - the IssuedIdentityToken.

tokenPolicy - the UserTokenPolicy specified by the policyId in token.

channel - the SecureChannel the request is arriving on.

session - the Session the request is arriving on.

Returns:

an identity Object that represents the user.

Throws:

com.digitalpetri.opcua.stack.core.UaException - if the token is invalid, rejected, or user access is denied.

decryptTokenData

protected byte[] decryptTokenData(com.digitalpetri.opcua.stack.core.channel.SecureChannel secureChannel,
                                  com.digitalpetri.opcua.stack.core.security.SecurityAlgorithm algorithm,
                                  byte[] dataBytes)
                           throws com.digitalpetri.opcua.stack.core.UaException

Decrypt the data contained in a UserNameIdentityToken or IssuedIdentityToken.

See UserNameIdentityToken.getPassword() and IssuedIdentityToken.getTokenData().

Parameters:

secureChannel - the SecureChannel.

dataBytes - the encrypted data.

Returns:

the decrypted data.

Throws:

com.digitalpetri.opcua.stack.core.UaException - if decryption fails.