org.globus.gsi.trustmanager
Class X509ProxyCertPathValidator
java.lang.Object
java.security.cert.CertPathValidatorSpi
org.globus.gsi.trustmanager.X509ProxyCertPathValidator
public class X509ProxyCertPathValidator
- extends java.security.cert.CertPathValidatorSpi
Implementation of the CertPathValidatorSpi and the logic for X.509 Proxy Path Validation.
- Since:
- 1.0
- Version:
- ${version}
Method Summary |
protected void |
checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)
|
protected void |
checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
org.bouncycastle.asn1.x509.TBSCertificateStructure issuer,
java.security.cert.X509Certificate checkedProxy)
|
protected void |
checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
java.security.cert.CertPath certPath,
int index)
|
void |
clear()
Dispose of the current validation state. |
java.security.cert.CertPathValidatorResult |
engineValidate(java.security.cert.CertPath certPath,
java.security.cert.CertPathParameters params)
Validates the specified certification path using the specified algorithm parameter set. |
protected java.util.List<CertificateChecker> |
getCertificateCheckers()
|
java.security.cert.X509Certificate |
getIdentityCertificate()
|
boolean |
isLimited()
|
boolean |
isRejectLimitedProxy()
|
protected void |
parseParameters(java.security.cert.CertPathParameters params)
|
void |
setIdentityCert(java.security.cert.X509Certificate identityCert)
|
void |
setLimited(boolean limited)
|
protected java.security.cert.CertPathValidatorResult |
validate(java.security.cert.CertPath certPath)
Validates the certificate path and does the following for each certificate in the chain: method
checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path
constraints c) Proxy path constraints
If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the
following: a) keyisage |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
BASIC_CONSTRAINT_OID
public static final java.lang.String BASIC_CONSTRAINT_OID
- See Also:
- Constant Field Values
KEY_USAGE_OID
public static final java.lang.String KEY_USAGE_OID
- See Also:
- Constant Field Values
keyStore
protected java.security.KeyStore keyStore
certStore
protected java.security.cert.CertStore certStore
policyStore
protected SigningPolicyStore policyStore
X509ProxyCertPathValidator
public X509ProxyCertPathValidator()
engineValidate
public java.security.cert.CertPathValidatorResult engineValidate(java.security.cert.CertPath certPath,
java.security.cert.CertPathParameters params)
throws java.security.cert.CertPathValidatorException,
java.security.InvalidAlgorithmParameterException
- Validates the specified certification path using the specified algorithm parameter set.
The
CertPath
specified must be of a type that is supported by the validation algorithm, otherwise
an InvalidAlgorithmParameterException
will be thrown. For example, a CertPathValidator
that implements the PKIX algorithm validates CertPath
objects of type X.509.
- Specified by:
engineValidate
in class java.security.cert.CertPathValidatorSpi
- Parameters:
certPath
- the CertPath
to be validatedparams
- the algorithm parameters
- Returns:
- the result of the validation algorithm
- Throws:
java.security.cert.CertPathValidatorException
- if the CertPath
does not validate
java.security.InvalidAlgorithmParameterException
- if the specified parameters or the type of the
specified CertPath
are inappropriate for this CertPathValidator
clear
public void clear()
- Dispose of the current validation state.
parseParameters
protected void parseParameters(java.security.cert.CertPathParameters params)
throws java.security.InvalidAlgorithmParameterException
- Throws:
java.security.InvalidAlgorithmParameterException
validate
protected java.security.cert.CertPathValidatorResult validate(java.security.cert.CertPath certPath)
throws java.security.cert.CertPathValidatorException
- Validates the certificate path and does the following for each certificate in the chain: method
checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path
constraints c) Proxy path constraints
If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the
following: a) keyisage
- Parameters:
certPath
- The CertPath to validate.
- Returns:
- The results of the validation.
- Throws:
java.security.cert.CertPathValidatorException
- If the CertPath is invalid.
checkRestrictedProxy
protected void checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
java.security.cert.CertPath certPath,
int index)
throws java.security.cert.CertPathValidatorException,
java.io.IOException
- Throws:
java.security.cert.CertPathValidatorException
java.io.IOException
checkKeyUsage
protected void checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)
throws java.security.cert.CertPathValidatorException,
java.io.IOException
- Throws:
java.security.cert.CertPathValidatorException
java.io.IOException
getCertificateCheckers
protected java.util.List<CertificateChecker> getCertificateCheckers()
checkProxyConstraints
protected void checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
org.bouncycastle.asn1.x509.TBSCertificateStructure issuer,
java.security.cert.X509Certificate checkedProxy)
throws java.security.cert.CertPathValidatorException,
java.io.IOException
- Throws:
java.security.cert.CertPathValidatorException
java.io.IOException
getIdentityCertificate
public java.security.cert.X509Certificate getIdentityCertificate()
setLimited
public void setLimited(boolean limited)
isLimited
public boolean isLimited()
setIdentityCert
public void setIdentityCert(java.security.cert.X509Certificate identityCert)
isRejectLimitedProxy
public boolean isRejectLimitedProxy()
Copyright © 2013. All Rights Reserved.