org.globus.gsi
Class SigningPolicy

java.lang.Object
  extended by org.globus.gsi.SigningPolicy

public class SigningPolicy
extends java.lang.Object

Represents a signing policy associated with a particular CA. The signing policy defines a list of distinguished names which are allowed to sign certificates for a particular Certificate Authority subject distinguished name.

Since:
1.0
Version:
${version}

Constructor Summary
SigningPolicy(javax.security.auth.x500.X500Principal caSubjectDN, java.util.List<java.util.regex.Pattern> allowedDNs)
          Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates.
SigningPolicy(javax.security.auth.x500.X500Principal caSubjectDN, java.lang.String[] allowedDNs)
          Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.
 
Method Summary
 java.util.List<java.util.regex.Pattern> getAllowedDNs()
          Return the patterns which identify the valid signing entities.
 javax.security.auth.x500.X500Principal getCASubjectDN()
          Get CA subject DN for which this signing policy is defined.
 boolean isPolicyAvailable()
          Method to determine if a signing policy is available for a given DN.
 boolean isValidSubject(javax.security.auth.x500.X500Principal subject)
          Ascertains if the subjectDN is valid against this policy.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SigningPolicy

public SigningPolicy(javax.security.auth.x500.X500Principal caSubjectDN,
                     java.lang.String[] allowedDNs)
Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.

Parameters:
caSubjectDN - The DN for the subject to which this policy applies.
allowedDNs - The list of DNs which can sign certs for this subject.

SigningPolicy

public SigningPolicy(javax.security.auth.x500.X500Principal caSubjectDN,
                     java.util.List<java.util.regex.Pattern> allowedDNs)
Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates.

Parameters:
caSubjectDN - The DN for the subject to which this policy applies.
allowedDNs - A list of patterns to which to compare signing entity DNs.
Method Detail

getCASubjectDN

public javax.security.auth.x500.X500Principal getCASubjectDN()
Get CA subject DN for which this signing policy is defined.

Returns:
returns the CA subject

isValidSubject

public boolean isValidSubject(javax.security.auth.x500.X500Principal subject)
Ascertains if the subjectDN is valid against this policy.

Parameters:
subject - Subject DN to be validated
Returns:
true if the DN is valid under this policy and false if it is not

getAllowedDNs

public java.util.List<java.util.regex.Pattern> getAllowedDNs()
Return the patterns which identify the valid signing entities. If this signing policy has been created with a set of DNs then the patterns will simply match the DNs.

Returns:
The patterns matching allowed signing entities.

isPolicyAvailable

public boolean isPolicyAvailable()
Method to determine if a signing policy is available for a given DN.

Returns:
If the patterns vector is not null and has atleast one element, true is returned. Else the method returns false.


Copyright © 2013. All Rights Reserved.