Creating a Custom Trust Handler for P-Asserted Identity Authentication

A trust handler is invoked for every SIP message that the Communications Server receives from or sends to the network. You can create a P-asserted identity trust configuration with a trust handler in one of these ways:

• In the Admin Console, open the Security component under the relevant configuration and go to the Trust Configurations page. To specify a custom trust handler, select Trust Handler as the Trust Type and enter the name of the trust handler class in the Class Name field. For details, click the Help button in the Admin Console.

• Use the asadmin create-trust-config command to create trust configurations on local servers. To specify a custom trust handler, use the --trusthandler option followed by the name of the trust handler class. For details, see the Sun GlassFish Communications Server 2.0 Reference Manual.

A custom trust handler must implement the com.sun.enterprise.security.auth.TrustHandler and com.sun.enterprise.security.auth.PrincipalMapper interfaces along with the following methods:

public boolean isTrusted(String asserterAddress, String trustedAs, 
X509Certificate securityid, Principal [] pAssertedValues);

This method determines if the container can trust the network entity from which the message with the P-Asserted-Identity header was received. This method also validates whether the identity used to secure the message is trusted. If the network entity and identity can both be trusted, this method returns true. Parameters are as follows:

• asserterAddress — Specifies the IP address or hostname of the network entity from which the SIP message was received.

• trustedAs — A value of INTERMEDIATE specifies that the trust configuration applies to incoming messages. A value of DESTINATION specifies that the trust configuration applies to outgoing messages.

• securityid — Specifies the asserting security identity. If a secure connection is used, it is the java.security.cert.X509Certificate. Otherwise, it is null.

• pAssertedValues — Specifies the P-Asserted-Identity header values.

public Principal [] mapIdentity(Principal [] assrtId);

This method accepts P-Asserted-Identity header values and returns them in a format understood by the SIP container.