Module org.bzdev.ejws
Package org.bzdev.ejws

Class EjwsAuthenticator

java.lang.Object
com.sun.net.httpserver.Authenticator
com.sun.net.httpserver.BasicAuthenticator
org.bzdev.ejws.EjwsAuthenticator
Direct Known Subclasses:
EjwsBasicAuthenticator, EjwsSecureBasicAuth
public abstract class EjwsAuthenticator extends BasicAuthenticator
Base class for EJWS authenticators.

  • Field Details

    • tracer

      protected Appendable tracer
      The Appendable used for tracing.

    • onAccountRequest

      protected BiConsumer<String,EjwsAuthenticator.AddStatus> onAccountRequest
      The account-request monitoring function. This function is called when a user requests an account on this server.

    • onAccountActive

      protected BiConsumer<String,Boolean> onAccountActive
      The account-active monitoring function. This function is called when an account is made active

    • onAccountRemoval

      protected BiConsumer<String,Boolean> onAccountRemoval
      The account-removal monitoring function. This function is called when an account is removed from the server.

    • loginFunction

      protected BiConsumer<EjwsPrincipal,HttpExchange> loginFunction
      The login function. This function is called when a login is successful.

    • logoutFunction

      protected BiConsumer<EjwsPrincipal,HttpExchange> logoutFunction
      The logout function. This function is called when a logout is successful.

    • authFunction

      protected BiConsumer<EjwsPrincipal,HttpExchange> authFunction
      The authorization function. This function is called when a request is authorized and the login function or logout function was not called during the same transaction.

  • Constructor Details

    • EjwsAuthenticator

      protected EjwsAuthenticator(EmbeddedWebServer ews, String realm)
      Constructor. Realms are strings denoting a name space for users.
      Parameters:
      ews - the EmbeddedWebServer
      realm - the realm

  • Method Details

    • gpghome

      protected File gpghome()
      Get the GPG home directory.
      Returns:
      the GPG home directory; null if one has not been set

    • setGPGHome

      public boolean setGPGHome(File gpghome)
      Set the GPG home directory. If the directory does not exist, it will be created and its POSIX file permissions (if applicable) will be set to read, write, execute for the owner with no group or other permissions. A key named keysigner will be automatically added if it does not already exist.

      The methods createUser(String,String,String[],Set), createUser(String,String,Set), storeGPGKey(String,EjwsAuthenticator.GPGKeyIDs), and trustGPGKey(String,boolean) will throw a NullPointerException if this method is not called with a non-null argument.

      Parameters:
      gpghome - the home directory that GPG will use
      Returns:
      true on success; false on failure.

    • setSBLDir

      public void setSBLDir(File sbldir) throws IllegalArgumentException
      Set the directory used to store SBL user-specific configuration files. The file names in this directory will be an email address (e.g., user@example.com), followed by either "--a", "--p", or "--r". The "--a" indicates that a user's account is active, "--p" indicates that the account is pending, and "--r" indicates that the account was rejected. A file whose name ends in "--t" is a temporary file.
      Parameters:
      sbldir - the directory; null to disable
      Throws:
      IllegalArgumentException - if sbldir is not null and is not a directory

    • getSBLDir

      protected File getSBLDir()
      Get the SBL directory.
      Returns:
      the SBL directory

    • getUserTable

      public EjwsUserTable<? extends EjwsAuthenticator,? extends EjwsAuthenticator.Entry> getUserTable()

    • readSBLData

      protected String readSBLData(InputStream is)
      Read SBL data from an input stream, storing it as a string
      Parameters:
      is - the input stream
      Returns:
      the SBL data; null if there is an error

    • storeSBLData

      protected void storeSBLData(String s, EjwsAuthenticator.AddStatus status) throws Exception
      Store SBL data.
      Parameters:
      s - the SBL data as a String
      status - EjwsAuthenticator.AddStatus.OK if the corresponding account will be active; EjwsAuthenticator.AddStatus.PENDING if the corresponding account will be pending; EjwsAuthenticator.AddStatus.REJECTED if the account is immediately rejected
      Throws:
      Exception

    • isActiveDefault

      public boolean isActiveDefault()
      Get the default value for whether or not a user account is active or not. An account is active if the user is allowed to log in.
      Returns:
      true if the account is active; false otherwise

    • setDefaultActive

      public void setDefaultActive(boolean value)
      Set the default for whether new users are active or not. The value is used by the createUser methods.
      Parameters:
      value - true if new users are active by default; false if not active by default

    • getCanAddAccount

      public boolean getCanAddAccount()
      Determine if this authenticator can add a new user account.
      Returns:
      true if an account can be added; false otherwise.

    • setCanAddAccount

      public void setCanAddAccount(boolean value)
      Set whether or not this authenticator can add a user account.
      Parameters:
      value - true if an account can be added; false otherwise.

    • setTruststore

      public void setTruststore(String truststore)
      Set the name of the truststore file. The value may be sent to clients setting up an account.
      Parameters:
      truststore - the name of the truststore file

    • setTruststorePW

      public void setTruststorePW(char[] pw)
      Set the truststore password. The value may be sent to clients setting up an account.
      Parameters:
      pw - the password

    • setSelfSigned

      public void setSelfSigned(boolean selfSigned)
      Set whether or not certificats may be self signed The value may be sent to clients setting up an account.
      Parameters:
      selfSigned - true if certificates can be self-signed; false if a certificate chain ends at a root certificate

    • setAllowLoopback

      public void setAllowLoopback(boolean allowLoopback)
      Set if a loopback interface may be used for secure connections The value may be sent to clients setting up an account.
      Parameters:
      allowLoopback - true if a looback interface may be used; false otherwise

    • getLoginAlias

      public String getLoginAlias()
      Get the login alias. This is a convenience method.
      Returns:
      the login alias
      See Also:

    • createUser

      public EjwsAuthenticator.UserInfo createUser(String userName, String title, String[] recipients, Set<String> roles) throws IllegalStateException, IOException, NullPointerException
      Create an instance of EjwsAuthenticator.UserInfo. For example, 
      
 EmbeddedWebServer ews = ...;
 File gpghome = ...;
 EjwsSecureBasicAuth auth = new EjwsSecureBasicAuth(ews, "test-realm");
 auth.setGPGHome(gpghome);
 String recipients[] = {
   "user@example.com"
 };
 URI logoutURI = ...;
 auth.add(auth.createUser("user@example.com", "Example",
                          recipients, roles)
          .setURI("/docs/login.html")
          .addUser(true));
 ews.add("/", DirWebMap.class, dir, auth, true, true, true)
    .setWelcome("/index.html")
    .setLoginAlias("login.html", "", true)
    .setLogoutAlias("logout.html", logoutURI);
      In this example, the order of the calls to auth.add and ews.add can be swapped.

      Each recipient must be a string that can be used with the gpg -r option.

      Parameters:
      userName - the user name
      title - A title for an SBL file
      recipients - the GPG recipients
      roles - the user's roles
      Throws:
      NullPointerException - if the GPG home directory had not been set
      IllegalStateException - if the recipient does not have a known GPG public key or if there was a certificate error
      IOException - if an IO error occurs while constructing a cannonical path
      See Also:

    • createUser

      public EjwsAuthenticator.UserInfo createUser(String email, String title, Set<String> roles) throws IllegalStateException, IOException, NullPointerException
      Create an instance of EjwsAuthenticator.UserInfo. For example, 
      
 EmbeddedWebServer ews = ...;
 File gpghome = ...;
 EjwsSecureBasicAuth auth = new EjwsSecureBasicAuth(ews, "test-realm");
 URI logoutURI = ...;
 auth.add(auth.createUser("user@example.com", "Example", roles)
          .setURI("/docs/login.html")
          .addUser(true));
 ews.add("/", DirWebMap.class, dir, auth, true, true, true)
    .setWelcome("/index.html")
    .setLoginAlias("login.html", "", true)
    .setLogoutAlias("logout.html", logoutURI);
      In this example, the order of the calls to auth.add and ews.add can be swapped.

      Each recipient must be a string that can be used with the gpg -r option.

      Parameters:
      email - the user's email address
      title - A title for an SBL file
      roles - the user's roles
      Throws:
      NullPointerException - if the GPG home directory had not been set
      IllegalStateException - if the recipient does not have a known GPG public key or if there was a certificate error
      IOException - if an IO error occurs while constructing a cannonical path
      See Also:

    • createUser

      public EjwsAuthenticator.UserInfo createUser(String userName, String password, String publicKeyPEM, Set<String> roles)
      Create an instance of EjwsAuthenticator.UserInfo based on a public key provided by a remote user. For example, 
      
 EmbeddedWebServer ews = ...;
 String user = ...;
 String password = ...;
 String publickeyPEM = ...;
 EjwsSecureBasicAuth auth = new EjwsSecureBasicAuth(ews, "test-realm");
 String recipients[] = {
 URI logoutURI = ...;
 auth.add(auth.createUser(ews, user, password, publicKeyPEM, null)
 ews.add("/", DirWebMap.class, dir, auth, true, true, true)
    .setWelcome("/index.html")
    .setLoginAlias("login.html", "", true)
    .setLogoutAlias("logout.html", logoutURI);
      In this example, the order of the calls to auth.add and ews.add can be swapped.
      Parameters:
      userName - the user name
      password - the user's password
      publicKeyPEM - the user's publicKey in PEM format
      roles - the user's roles; null if there are none

    • createUser

      public EjwsAuthenticator.UserInfo createUser(ConfigProperties props, Set<String> roles) throws IllegalStateException, IllegalArgumentException
      Create an instance of EjwsAuthenticator.UserInfo based on a ConfigProperties object provided by a remote user.
      Parameters:
      props -
      roles - a set of roles; null if there are none
      Throws:
      IllegalStateException - if the recipient does not have a known GPG public key or if there was a certificate error
      IllegalArgumentException - if the property file was ill formed

    • createUser

      public EjwsAuthenticator.UserInfo createUser(String propsString, Set<String> roles) throws IOException, IllegalArgumentException
      Create an instance of EjwsAuthenticator.UserInfo based on a string representing a ConfigProperties object provided by a remote user. The first argument is a string that was in effect created by the following steps:
      1. store a Properties object by using the method Properties.store(Writer,String) with the Writer argument set to a Writer that uses the UTF-8 character set with CRLF line separators. The first line in this file will be "#(M.T application/vnd.bzdev.sblauncher)", which is used to determine the File's media type.
      2. Compress the byte stream produced in the first step using GZIP.
      3. Finally Base-64 encode the compressed byte stream

      The easiest way to create this string is to use the program SBL to create an SBL file, select a site (listed by keys), and then select the "Copy Server SBL to Clipboard" menu item under the File menu.

      Parameters:
      propsString - a string representing an ConfigProperties object
      roles - a set of roles; null if there are none
      Throws:
      IOException - if the media type does not match that of the Base-64 encoded representation
      IllegalArgumentException - if the property file was ill formed

    • getUserNameFromSBL

      protected String getUserNameFromSBL(String propsString) throws Exception
      Throws:
      Exception

    • generateRequestURI

      protected String generateRequestURI(String username)
      Generate a URI for a login request that will provide an SBL file for a user. The host name in the URI will be preferentially taken from the server's certificate when SSL is used.
      Parameters:
      username - the user name; null for just the login URL
      Returns:
      the URL

    • generateAdminURI

      protected String generateAdminURI(String username)
      Generate a URI for an admin page. The host name in the URI will be preferentially taken from the server's certificate when SSL is used.
      Parameters:
      username - the user name; null for just the login URL
      Returns:
      the URL

    • requestFromUser

      protected byte[] requestFromUser(String username, String type)
      Generate a sequence of bytes containing an SBL file that instructs the SBL program as to how to download data needed to create an account. The format is a UTF-8 encoded string, where the string is produced by ConfigPropUtilities.store(Properities,String) (which describes the string format in detail).
      Parameters:
      username - the user name
      type - "pgpkey" when a PGP/GPG public key should be downloaded; "sbl" if an SBL file should be downloaded

    • getReverseProxy

      public URI getReverseProxy()
      Get the reverse proxy. When a reverse proxy is configured, the ".base" field in an SBL file provided by the server will be a URI whose host name and port matches that of the reverse proxy and whose path starts with the reverse proxy's path.
      Returns:
      the reverse proxy; null if there isn't one

    • setReverseProxy

      protected void setReverseProxy(URI proxy)
      Set the reverse proxy. When a reverse proxy is configured, the ".base" field in an SBL file provided by the server will be a URI whose host name and port matches that of the reverse proxy and whose path starts with the reverse proxy's path.
      Parameters:
      proxy - the reverse proxy; null if there isn't one

    • storeGPGKey

      public void storeGPGKey(String key, EjwsAuthenticator.GPGKeyIDs keyids) throws IllegalArgumentException, IllegalStateException, IOException
      Store an ASCII-armored GPG public key for use by this authenticator. The program SBL has an option under the File menu to copy the key to the system clipboard. Alternatively, if a login alias is configured, a URL referencing the login alias with a query containing
      • user=EMAIL_ADDRESS
      • uploadtype=pgpkey will return an SBL file that triggers a series of events that will download the corresponding public key and possibly set up a user account.

        The second argument should be computed by calling showGPGKey(key)

      Parameters:
      key - the public key
      keyids - and object containing the key's email address and fingerprint
      Throws:
      NullPointerException - if the GPG home directory had not been set
      IllegalArgumentException - if the key is ill-formed
      IllegalStateException - if the key cannot be stored
      IOException - if an IO error occurs while constructing a cannonical path
      See Also:

    • showGPGKey

      public EjwsAuthenticator.GPGKeyIDs showGPGKey(String key) throws IllegalArgumentException, IllegalStateException, IOException
      Show an ASCII-armored GPG public key for use by this authenticator. The program SBL has an option under the File menu to copy the key to the system clipboard. Alternatively, if a login alias is configured, a URL referencing the login alias with a query containing
      • user=EMAIL_ADDRESS
      • uploadtype=pgpkey will return an SBL file that triggers a series of events that will download the corresponding public key and possibly set up a user account.
      Parameters:
      key - the public key
      Returns:
      an object containing the key's email address and fingerprint
      Throws:
      NullPointerException - if the GPG home directory had not been set
      IllegalArgumentException - if the key is ill-formed
      IllegalStateException - if the key cannot be stored
      IOException - if an IO error occurs while constructing a cannonical path
      See Also:

    • trustGPGKey

      public void trustGPGKey(String email, boolean trust) throws IllegalArgumentException, IllegalStateException, IOException
      Configure a GPG public key's trust level for this authenticator. The choice for a key's trust level is binary because the key is not being distributed. When the third argument is false, the key's trust is "unknown" and when true, the key's trust is "ultimate".

      Normally this method is not needed because of the use of the TOFU (Trust On First Use) GPG trust policy.

      Parameters:
      email - the public key's email field
      trust - true if the key is "ultimately" trusted; false if the key is not trusted
      Throws:
      NullPointerException - if the GPG home directory had not been set
      IllegalArgumentException - if the key is ill-formed
      IllegalStateException - if the key cannot be stored
      IOException - if an IO error occurs while constructing a cannonical path
      See Also:

    • getSBL

      public abstract byte[] getSBL(String user)
      Get the SBL file for a user
      Parameters:
      user - the user
      Returns:
      the SBL file as a byte array; null if there is none

    • isSBLCompressed

      public abstract boolean isSBLCompressed(String user)
      Determine if the SBL file is compresssed using GZIP.
      Returns:
      true if the SBL file is compressed; false otherwise
      See Also:

    • removeUser

      public abstract boolean removeUser(String name)
      Remove a user.
      Parameters:
      name - the user's name

    • makeUserActive

      public abstract boolean makeUserActive(String name)
      Make a user active
      Parameters:
      name - the user's name

    • removeUser

      public abstract boolean removeUser(String name, boolean gpg)
      Make a user active, specifying if the user is one for whom GPG is used to provide the data needed to log in.
      Parameters:
      name - the user's name
      gpg - true if GPG is used; false if an SBL directory is used

    • makeUserActive

      public abstract boolean makeUserActive(String name, boolean gpg)
      Make a user active, specifying if the user is one for whom GPG is used to provide the data needed to log in.
      Parameters:
      name - the user's name
      gpg - true if GPG is used; false if an SBL directory is used

    • loadFromDirs

      public void loadFromDirs() throws UnsupportedOperationException
      Load user-account data obtained from GPG or an SBL directory
      Throws:
      UnsupportedOperationException
      See Also:

    • setTracer

      public void setTracer(Appendable tracer)
      Set an Appendable for tracing. This method should be used only for debugging.
      Parameters:
      tracer - the Appendable for tracing requests and responses

    • setOnAccountRequest

      public void setOnAccountRequest(BiConsumer<String,EjwsAuthenticator.AddStatus> function)
      Set the function called when a user requests an account. This function will be called when a request to add an account is processed. Its first argument is the name of the user. Its second argument is the status of the request (OK, PENDING, or REJECTED).
      Parameters:
      function - the function; null to disable

    • setOnAccountActive

      public void setOnAccountActive(BiConsumer<String,Boolean> function)
      Set the function called when an account becomes active. This function will be called when a request to make an account active is processed. Its first argument is the name of the user. Its second argument is the status this operation (true for success; false for failure).
      Parameters:
      function - the function; null to disable

    • setOnAccountRemoval

      public void setOnAccountRemoval(BiConsumer<String,Boolean> function)
      Set the function called when an account is removed. This function will be called when a request to make an account active is processed. Its first argument is the name of the user. Its second argument is the status this operation (true for success; false for failure).
      Parameters:
      function - the function; null to disable

    • setLoginFunction

      public void setLoginFunction(BiConsumer<EjwsPrincipal,HttpExchange> function)
      Set the login function. This function will be called using the current HttpExchange when a login is (a) successful and (b) the function is not null. It can be used to set headers or perform other operations as required by an application.

      The function will be called when the request URI matches a designated login URI, with the current EjwsPrincipal and HttpExchange as its arguments In any transaction, at most one of the login, logout, and authorized functions will be called.

      Parameters:
      function - the function; null to disable
      See Also:

    • setAuthorizedFunction

      public void setAuthorizedFunction(BiConsumer<EjwsPrincipal,HttpExchange> function)
      Set the authorized function. This function will be called when a request is authorized. Its arguments are a principal and the HTTP exchange. The later can be used to set cookies or perform other operations. In any transaction, at most one of the login, logout, and authorized functions will be called.
      Parameters:
      function - the 'authorized' function.

    • setLogoutFunction

      public void setLogoutFunction(BiConsumer<EjwsPrincipal,HttpExchange> function)
      Set the logout function. This function will be called using the current HttpExchange when a logout is (a) successful and (b) the function is not null. It can be used to set headers or perform other operations as required by an application.

      The function will be called when the request URI matches a designated logout URI, with the current EjwsPrincipal and HttpExchange as its arguments. The HttpExchange will be null if the login session has timed out. In any transaction, at most one of the login, logout, and authorized functions will be called.

      Parameters:
      function - the function; null to disable
      See Also:

    • getMode

      public abstract SecureBasicUtilities.Mode getMode()
      Get a user's authentication mode.
      Returns:
      the mode

    • add

      public abstract void add(EjwsAuthenticator.UserInfo info)
      Add a user specified by an instance of EjwsAuthenticator.UserInfo.
      Parameters:
      info - the user data

    • setUserStatusFunction

      public void setUserStatusFunction(Function<String,EjwsAuthenticator.AddStatus> function)
      Set the user-status function. A user status function takes a user name as its argument and returns
      • AddStatus.OK if the user's account is to be added and will be active.
      • AddStatus.PENDING if the user's account is to be added but will not be active.
      • AddStatus.REJECTED if the user may not have an account at this time.
      • null if all users will be active or pending, depending on the value returned by isActiveDefault().
      The default function simply returns null so that whether or not a user is active is determined by the value returned by isActiveDefault().
      Parameters:
      function - the user-status function; null for the default
      See Also:

    • addToAdminMap

      public void addToAdminMap(String email, String fingerprint)
      Add an entry to the map associating email addresses with the fingerprint of a corresponding GPG key.
      Parameters:
      email - the email address
      fingerprint - the corresponding GPG key's fingerprint

    • getAdminFingerprint

      public String getAdminFingerprint(String email)
      Get the PGP fingerprint for an email address associated with the admin account
      Parameters:
      email - the email address
      Returns:
      the fingerprint; null if there isn't one associated with the admin account

    • getAdminUsers

      public Set<String> getAdminUsers()
      Get thef users' email addresses for those users associated with the admin account
      Returns:
      the email addresses

    • getUserStatus

      protected EjwsAuthenticator.AddStatus getUserStatus(String username)
      Get the status for a request to set up an account. When a function has been provided by calling setUserStatusFunction(Function), the value returned by the provided function will be used unless the value returned is null, in which case isActiveDefault() determines the result (either active or pending).
      Parameters:
      username - the name (typically the email address) of a user
      Returns:
      EjwsAuthenticator.AddStatus.REJECTED if the account will definitely not be allowed; EjwsAuthenticator.AddStatus.PENDING if the account request requires further processing; EjwsAuthenticator.AddStatus.OK if the account request is immediately accepted
      See Also:

    • addToDeleteSet

      protected void addToDeleteSet(String uname)
      Add a user to the set of users that will be deleted.
      Parameters:
      uname - the user name (e.g., the user's email address)

    • removeFromDeleteSet

      public void removeFromDeleteSet(String uname)
      Remove a user to the set of users that will be deleted.
      Parameters:
      uname - the user name (e.g., the user's email address)

    • inDeleteSet

      public boolean inDeleteSet(String uname)
      Determine if a user is in the set of users that will be deleted.
      Parameters:
      uname - the user name (e.g., the user's email address)

    • getTrustedKeyIDs

      public Set<String> getTrustedKeyIDs() throws Exception
      Get the GPG key IDs for ultimately trusted users. The values returned are in the format used for keysigning (the last 16 characters in the full fingerprint).
      Returns:
      a set of the key IDs
      Throws:
      Exception

    • isTrustedKey

      public boolean isTrustedKey(String name)
      Determine if a user is ultimately trusted. setGPGHome(File) must have been called before this method is used.
      Parameters:
      name - the user name
      Returns:
      true if the user is ultimately trusted; false otherwise
      See Also:

    • hasGPGKey

      public boolean hasGPGKey(String name)
      Determine if there is a GPG Key for a specified user. setGPGHome(File) must have been called before this method is used.
      Parameters:
      name - the user name
      Returns:
      true if there is an associated GPG key; false otherwise

    • hasGPGKey

      public static boolean hasGPGKey(File gpghome, String name)

    • setupKeySigner

      protected boolean setupKeySigner()
      Set up a key signer. If not already available, a key named keysigner will be created. setGPGHome(File) must have been called before this method is used.

    • getFingerprint

      public String getFingerprint(String email)
      Get the GPG fingerprint for an email address. setGPGHome(File) must have been called before this method is used.
      Parameters:
      email - the email address
      Returns:
      the fingerpint; null if there is none

    • isEmailAddress

      public static boolean isEmailAddress(String string)
      Determine if a string is a syntactically valid email address. The email address must be the local part of an email address, followed by an '@', in turn followed by a domain. For example, user@example.com. This is often delimited by "&tl;" and ">". Those delimiters must not be included.
      Parameters:
      string - the string to check
      Returns:
      true if the argument is a syntactically valid email address; false otherwise

    • signKey

      public boolean signKey(String email, boolean gpg)
      Sign a key given an email address. The methods setGPGHome(File) and/or setSBLDir(File) should be called before this method is used.
      Parameters:
      email - the email address
      gpg - true if a GPG key will be signed; false if a directory containing SBL data will be manipulated
      See Also:

    • signKey

      protected boolean signKey(String email, String target)
      Sign a key given an email address and target. The methods setGPGHome(File) and/or setSBLDir(File) should be called before this method is used. This is a convenience method.
      Parameters:
      email - the email address
      target - the email address if GPG is used; a file name for a file in the SBL directory otherwise.
      See Also:

    • validGPGUser

      public boolean validGPGUser(String email)
      Determine if a user has a key that was signed by a key recognized by this authenticator. setGPGHome(File) must have been called before this method is used.
      Parameters:
      email - the user's email address
      Returns:
      true if the user is valid (e.g., the user's GPG key has been signed); false otherwise
      See Also:

    • getGPGUsers

      public Set<String> getGPGUsers(boolean signed)
      Get GPG user names. setGPGHome(File) must have been called before this method is used.
      Parameters:
      signed - true if the corresponding keys were signed; false otherwise
      Returns:
      the user names (typically email addresses)

    • getSBLUsers

      public Set<String> getSBLUsers(boolean signed)
      Get the users whose data is kept in the SBL directory The method setSBLDir(File) should be called before this method is used.
      Parameters:
      signed - true if the data was signed; false otherwise
      Returns:
      the user names

    • deleteWithFingerprint

      public void deleteWithFingerprint(String fpr)
      Delete a GPG key given the key's fingerprint. setGPGHome(File) must have been called before this method is used.
      Parameters:
      fpr - the fingerprint
      See Also:

    • createServerCookie

      protected static ServerCookie createServerCookie(HttpExchange t)
      Create a server cookie
      Parameters:
      t - the instance of HttpExchange used for the current connection
      Returns:
      the new cookie

    • findServerCookie

      protected static ServerCookie findServerCookie(HttpExchange t)
      Find a server cookie
      Parameters:
      t - the instance of HttpExchange used for the current connection
      Returns:
      the cookie

    • setCookie

      protected static void setCookie(HttpExchange t, ServerCookie cookie)
      Set a server cookie
      Parameters:
      t - the instance of HttpExchange used for the current connection
      cookie - the cookie

    • removePWInfo

      public void removePWInfo(String username)
      Remove an entry from the password map. This is called when logging out.
      Parameters:
      username - the user name

    • processAdminRequests

      public void processAdminRequests(Map<String,String> deleteMap, Map<String,String> activateMap)
      Process a request to remove or active user accounts Either removeUser(String,String) or makeUserActive(String,String) will be called to remove or active a user respectively.

      This method is called by FileHandler to implement a simple account manager.

      Parameters:
      deleteMap - a map whose keys are user names or email addresses and whose values are either the same or a file name, where the map is used to determine which users shoudl be deleted
      activateMap - a map whose keys are user names or email addresses and whose values are either the same or a file name, where the map is used to determine which users should be activated