Product SiteDocumentation Site

4.4.3. X509-based Credential Handler

This credential handlers supports a X509 certificates based authentication.
Credentials can be updated as follows:
User user = BasicModel.getUser(identityManager, "jsmith");

java.security.cert.X509Certificate clientCert = // get user certificate

identityManager.updateCredential(user, clientCert);
In order to validate a credential you need to the following code:
User user = BasicModel.getUser(identityManager, "jsmith");

java.security.cert.X509Certificate clientCert = // get user certificate
X509CertificateCredentials credential = new X509CertificateCredentials(clientCert);

identityManager.validateCredentials(credential);

if (Status.VALID.equals(credential.getStatus()) {
// successful validation
} else {
// invalid credential
}
In some cases, you just want to trust the provided certificate and only check the existence of the principal:
User user = BasicModel.getUser(identityManager, "jsmith");

java.security.cert.X509Certificate clientCert = // get user certificate
X509CertificateCredentials credential = new X509CertificateCredentials(clientCert);

// trust the certificate and only check the principal existence
credential.setTrusted(true);

identityManager.validateCredentials(credential);

if (Status.VALID.equals(credential.getStatus()) {
// successful validation
} else {
// invalid credential
}