org.globus.gsi.trustmanager
Class X509ProxyCertPathValidator

java.lang.Object
  extended by java.security.cert.CertPathValidatorSpi
      extended by org.globus.gsi.trustmanager.X509ProxyCertPathValidator

public class X509ProxyCertPathValidator
extends java.security.cert.CertPathValidatorSpi

Implementation of the CertPathValidatorSpi and the logic for X.509 Proxy Path Validation.

Since:
1.0
Version:
${version}

Field Summary
static java.lang.String BASIC_CONSTRAINT_OID
           
protected  java.security.cert.CertStore certStore
           
static java.lang.String KEY_USAGE_OID
           
protected  java.security.KeyStore keyStore
           
protected  SigningPolicyStore policyStore
           
 
Constructor Summary
X509ProxyCertPathValidator()
           
 
Method Summary
protected  void checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)
           
protected  void checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, org.bouncycastle.asn1.x509.TBSCertificateStructure issuer, java.security.cert.X509Certificate checkedProxy)
           
protected  void checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, java.security.cert.CertPath certPath, int index)
           
 void clear()
          Dispose of the current validation state.
 java.security.cert.CertPathValidatorResult engineValidate(java.security.cert.CertPath certPath, java.security.cert.CertPathParameters params)
          Validates the specified certification path using the specified algorithm parameter set.
protected  java.util.List<CertificateChecker> getCertificateCheckers()
           
 java.security.cert.X509Certificate getIdentityCertificate()
           
 boolean isLimited()
           
 boolean isRejectLimitedProxy()
           
protected  void parseParameters(java.security.cert.CertPathParameters params)
           
 void setIdentityCert(java.security.cert.X509Certificate identityCert)
           
 void setLimited(boolean limited)
           
protected  java.security.cert.CertPathValidatorResult validate(java.security.cert.CertPath certPath)
          Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraints

If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the following: a) keyisage

 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

BASIC_CONSTRAINT_OID

public static final java.lang.String BASIC_CONSTRAINT_OID
See Also:
Constant Field Values

KEY_USAGE_OID

public static final java.lang.String KEY_USAGE_OID
See Also:
Constant Field Values

keyStore

protected java.security.KeyStore keyStore

certStore

protected java.security.cert.CertStore certStore

policyStore

protected SigningPolicyStore policyStore
Constructor Detail

X509ProxyCertPathValidator

public X509ProxyCertPathValidator()
Method Detail

engineValidate

public java.security.cert.CertPathValidatorResult engineValidate(java.security.cert.CertPath certPath,
                                                                 java.security.cert.CertPathParameters params)
                                                          throws java.security.cert.CertPathValidatorException,
                                                                 java.security.InvalidAlgorithmParameterException
Validates the specified certification path using the specified algorithm parameter set.

The CertPath specified must be of a type that is supported by the validation algorithm, otherwise an InvalidAlgorithmParameterException will be thrown. For example, a CertPathValidator that implements the PKIX algorithm validates CertPath objects of type X.509.

Specified by:
engineValidate in class java.security.cert.CertPathValidatorSpi
Parameters:
certPath - the CertPath to be validated
params - the algorithm parameters
Returns:
the result of the validation algorithm
Throws:
java.security.cert.CertPathValidatorException - if the CertPath does not validate
java.security.InvalidAlgorithmParameterException - if the specified parameters or the type of the specified CertPath are inappropriate for this CertPathValidator

clear

public void clear()
Dispose of the current validation state.


parseParameters

protected void parseParameters(java.security.cert.CertPathParameters params)
                        throws java.security.InvalidAlgorithmParameterException
Throws:
java.security.InvalidAlgorithmParameterException

validate

protected java.security.cert.CertPathValidatorResult validate(java.security.cert.CertPath certPath)
                                                       throws java.security.cert.CertPathValidatorException
Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraints

If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the following: a) keyisage

Parameters:
certPath - The CertPath to validate.
Returns:
The results of the validation.
Throws:
java.security.cert.CertPathValidatorException - If the CertPath is invalid.

checkRestrictedProxy

protected void checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
                                    java.security.cert.CertPath certPath,
                                    int index)
                             throws java.security.cert.CertPathValidatorException,
                                    java.io.IOException
Throws:
java.security.cert.CertPathValidatorException
java.io.IOException

checkKeyUsage

protected void checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)
                      throws java.security.cert.CertPathValidatorException,
                             java.io.IOException
Throws:
java.security.cert.CertPathValidatorException
java.io.IOException

getCertificateCheckers

protected java.util.List<CertificateChecker> getCertificateCheckers()

checkProxyConstraints

protected void checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
                                     org.bouncycastle.asn1.x509.TBSCertificateStructure issuer,
                                     java.security.cert.X509Certificate checkedProxy)
                              throws java.security.cert.CertPathValidatorException,
                                     java.io.IOException
Throws:
java.security.cert.CertPathValidatorException
java.io.IOException

getIdentityCertificate

public java.security.cert.X509Certificate getIdentityCertificate()

setLimited

public void setLimited(boolean limited)

isLimited

public boolean isLimited()

setIdentityCert

public void setIdentityCert(java.security.cert.X509Certificate identityCert)

isRejectLimitedProxy

public boolean isRejectLimitedProxy()


Copyright © 2013. All Rights Reserved.