Package ghidra.framework.remote

Class SignatureCallback

java.lang.Object

ghidra.framework.remote.SignatureCallback

All Implemented Interfaces:

Serializable, Callback

public class SignatureCallback
extends Object
implements Callback, Serializable

SignatureCallback provides a Callback implementation used to perform PKI authentication. This callback is instantiated by the server with a random token which must be signed using the user's certificate which contains one of the recognizedAuthorities within it certificate chain.

It is the responsibility of the callback handler to invoke the sign(X509Certificate[], byte[]) and return this object in response to the callback.

The supplied token is validated by the server during authentication as one that it had issued but is primarily intended as the basis for the client's signature. This callback must be signed and returned to the server in a short period of time or the authentication will fail.

See Also:

• Serialized Form

Field Summary

Fields

Change	Modifier and Type	Field	Description
	static final long	serialVersionUID

Constructor Summary

Constructors

Change	Constructor	Description
	SignatureCallback(X500Principal[] recognizedAuthorities, byte[] token, byte[] serverSignature)	Construct callback with a random token to be signed by the client.

Method Summary

Change	Modifier and Type	Method	Description
	X509Certificate[]	getCertificateChain()	Returns certificate chain used to sign token.
	Principal[]	getRecognizedAuthorities()	Returns list of approved certificate authorities which constrains which user certificate is used to authenticate..
	byte[]	getServerSignature()	Returns the server's signature of the token bytes.
	byte[]	getSignature()	Returns signed token bytes set by callback handler.
	byte[]	getToken()	Returns token to be signed using user certificate.
	void	sign(X509Certificate[] sigCertChain, byte[] certSignature)	Set token signature data.
REMOVED	String	getSigAlg()	Removed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

serialVersionUID

public static final long serialVersionUID

See Also:

• Constant Field Values

Constructor Details

SignatureCallback

public SignatureCallback(X500Principal[] recognizedAuthorities,
 byte[] token,
 byte[] serverSignature)

Construct callback with a random token to be signed by the client.

Parameters:

recognizedAuthorities - list of CA's from which one must occur within the certificate chain of the signing certificate.

token - random bytes to be signed

serverSignature - servers signature of token at time of generation

Method Details

getRecognizedAuthorities

public Principal[] getRecognizedAuthorities()

Returns list of approved certificate authorities which constrains which user certificate is used to authenticate..

Returns:

list of approved certificate authorities which constrains which user certificate is used to authenticate.

getToken

public byte[] getToken()

Returns token to be signed using user certificate.

Returns:

token to be signed using user certificate

getSignature

public byte[] getSignature()

Returns signed token bytes set by callback handler.

Returns:

signed token bytes set by callback handler

getServerSignature

public byte[] getServerSignature()

Returns the server's signature of the token bytes.

Returns:

the server's signature of the token bytes

getCertificateChain

public X509Certificate[] getCertificateChain()

Returns certificate chain used to sign token.

Returns:

certificate chain used to sign token

sign

public void sign(X509Certificate[] sigCertChain,
 byte[] certSignature)

Set token signature data. Method must be invoked by callback handler.

Parameters:

sigCertChain - certificate chain used to sign token.

certSignature - token signature