net.jini.discovery.x500.SHA1withDSA
discovery format, specified in
the Jini Discovery and Join Specification. The {@link
com.sun.jini.discovery.x500.sha1withdsa.Client} class implements the client
side of the net.jini.discovery.x500.SHA1withDSA
discovery format
for the multicast request and multicast announcement discovery protocols, while
the {@link com.sun.jini.discovery.x500.sha1withdsa.Server} class implements the
server side of the discovery format for those protocols. Both classes are
intended to be specified in a resource to configure the operation of the {@link
com.sun.jini.discovery.Discovery} class, as described in the documentation for
{@link com.sun.jini.discovery.Discovery#getProtocol2(ClassLoader)}.
Client
and Server
support the following
constraints for the multicast request protocol:
X500Principal
X500Principal
only, that has a DSA key as a private
credential
X500Principal
only
ServerMinPrincipal
,
DelegationAbsoluteTime
, and DelegationRelativeTime
constraints are trivially supported if ServerAuthentication.YES
and Delegation.YES
are not supported.)
Both Client
and Server
support the following
constraints for the multicast announcement protocol:
X500Principal
only, that has a DSA key as a private
credential
ClientMaxPricipal
, ClientMaxPrincipalType
,
ClientMinPrincipal
, ClientMinPrincipalType
,
DelegationAbsoluteTime
, and DelegationRelativeTime
constraints are trivially supported if ClientAuthentication.YES
and Delegation.YES
are not supported.)
Client
and Server
can be configured through use
of the following system properties:
com.sun.jini.discovery.x500.trustStore
javax.net.ssl.trustStore
system property is consulted. If
that property is unspecified as well, then the
<java-home>/lib/security/cacerts
file is used. The
applicable system property, if specified, is treated as a URL if it can
be parsed as such; if it cannot be parsed, it is treated as a file name.
com.sun.jini.discovery.x500.trustStoreType
com.sun.jini.discovery.x500.trustStore
system
property is being used to specify the truststore location, then this
system property can be used to specify the type of the truststore to
load. By default, the value returned by
{@link java.security.KeyStore#getDefaultType} is used.
com.sun.jini.discovery.x500.trustStorePassword
com.sun.jini.discovery.x500.trustStore
system
property is being used to specify the truststore location, then this
system property can be used to specify the password for accessing the
contents of the truststore. If it is not specified, then no password is
used when accessing the truststore.
com.sun.jini.discovery.x500.ldapCertStores
CertStore
s to use for mapping received X.500 principals to
corresponding X.509 certificates. If set, it should contain a
comma-separated list of strings of the form
"<hostname>:<port>"
or
"<hostname>"
, where each string indicates the network
address of an LDAP server to consult. If a given string does not
specify a port, a default port number of 389
is used.
javax.net.ssl.trustStore
com.sun.jini.discovery.x500.trustStore
system
property is not set, then this system property can be used to specify
the truststore from which to obtain certificates for trusted entities.
If neither this property nor the
com.sun.jini.discovery.x500.trustStore
property is
specified, then the <java-home>/lib/security/cacerts
file is used.
javax.net.ssl.trustStoreType
javax.net.ssl.trustStore
system property is being
used to specify the truststore location, then this system property can
be used to specify the type of the truststore to load. By default, the
value returned by {@link java.security.KeyStore#getDefaultType} is used.
javax.net.ssl.trustStorePassword
javax.net.ssl.trustStore
system property is being
used to specify the truststore location, then this system property can
be used to specify the password for accessing the contents of the
truststore. If it is not specified, then no password is used when
accessing the truststore.
Client
and Server
use the
{@link java.util.logging.Logger} named com.sun.jini.discovery.x500
to log information at the following logging levels:
Level | Description |
---|---|
WARNING | Failure to initialize a certificate store |
FINE | Exceptions mapping X.500 principals to X.509 certificates, as well as exceptions resulting from inadequate permissions to use private credentials corresponding to an X.500 principal |
FINEST | Debugging trace information, such as the truststore and certificate stores in use, the X.500 principal used for signing a given packet, and the mapping of X.500 principals to corresponding X.509 certificates |