|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.glite.voms.VOMSValidator
public class VOMSValidator
The main (top) class to use for extracting VOMS information from
a certificate and/or certificate chain. The VOMS information can
simply be parsed or validated. No validation is performed on the
certificate chain -- that is assumed to already have happened.
The certificate chain is assumed to already be validated. It is
also assumed to be sorted in TLS order, that is certificate
issued by trust anchor first and client certificate last.
Example of use: this will validate any VOMS attributes in the
certificate chain and check if any of the attributes grants the
user the "admin" role in the group (VO) "MyVO".
boolean isAdmin = new VOMSValidator(certChain).validate().getRoles("MyVO").contains("admin");
Nested Class Summary | |
---|---|
class |
VOMSValidator.FQANTree
Class to sort out the hierarchial properties of FQANs. |
Field Summary | |
---|---|
protected boolean |
isParsed
|
protected boolean |
isValidated
|
protected VOMSValidator.FQANTree |
myFQANTree
|
protected java.security.cert.X509Certificate[] |
myValidatedChain
|
protected ACValidator |
myValidator
|
protected java.util.Vector |
myVomsAttributes
|
protected static ACTrustStore |
theTrustStore
|
static java.lang.String |
VOMS_EXT_OID
|
protected static VOMSTrustStore |
vomsStore
|
Constructor Summary | |
---|---|
VOMSValidator(java.security.cert.X509Certificate validatedCert)
Convenience constructor in the case where you have a single cert and not a chain. |
|
VOMSValidator(java.security.cert.X509Certificate[] validatedChain)
Convenience constructor Same as VOMSValidator(validatedChain, null) |
|
VOMSValidator(java.security.cert.X509Certificate[] validatedChain,
ACValidator acValidator)
If validatedChain is null , a call to
setValidatedChain() MUST be made before calling
parse() or validate() . |
Method Summary | |
---|---|
void |
cleanup()
Cleans up the object. |
java.lang.String[] |
getAllFullyQualifiedAttributes()
Returns a collection of all the FQANs in all the ACs found in the credential, in order. |
java.util.List |
getCapabilities(java.lang.String subGroup)
Deprecated. Capabilities are deprecated. |
java.util.List |
getRoles(java.lang.String subGroup)
Returns a list of all roles attributed to a (sub)group, by combining all VOMS attributes in a hiearchial fashion. |
java.util.List |
getVOMSAttributes()
Returns a list of VOMS attributes, parsed and possibly validated. |
boolean |
isValid()
|
boolean |
isValidated()
|
VOMSValidator |
parse()
Deprecated. use the parse(X509Certificate[]) instead |
static java.util.Vector |
parse(java.security.cert.X509Certificate[] myValidatedChain)
Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain. |
VOMSValidator |
setClientChain(java.security.cert.X509Certificate[] validatedChain)
Convenience method: enables you to reuse a VOMSValidator
instance for another client chain, thus avoiding overhead in
instantiating validators and trust stores and other potentially
expensive operations. |
static void |
setTrustStore(ACTrustStore trustStore)
Deprecated. use setTrustStore(VOMSTrustStore trustStore) instead. |
static void |
setTrustStore(VOMSTrustStore trustStore)
Sets the trustStore to use with the default ACValidator. |
java.lang.String |
toString()
|
VOMSValidator |
validate()
Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String VOMS_EXT_OID
protected static ACTrustStore theTrustStore
protected ACValidator myValidator
protected java.security.cert.X509Certificate[] myValidatedChain
protected java.util.Vector myVomsAttributes
protected boolean isParsed
protected boolean isValidated
protected VOMSValidator.FQANTree myFQANTree
protected static VOMSTrustStore vomsStore
Constructor Detail |
---|
public VOMSValidator(java.security.cert.X509Certificate validatedCert)
validatedCert
- VOMSValidator(X509Certificate[])
public VOMSValidator(java.security.cert.X509Certificate[] validatedChain)
VOMSValidator(validatedChain, null)
validatedChain
- public VOMSValidator(java.security.cert.X509Certificate[] validatedChain, ACValidator acValidator)
validatedChain
is null
, a call to
setValidatedChain()
MUST be made before calling
parse()
or validate()
.
validatedChain
- The (full), validated certificate chainacValidator
- The AC validator implementation to use (null is default with a BasicVOMSTrustStore)ACValidator
,
BasicVOMSTrustStore
Method Detail |
---|
public static void setTrustStore(ACTrustStore trustStore)
BasicVOMSTrustStore
trustStore
- setTrustStore(VOMSTrustStore trustStore)
,
BasicVOMSTrustStore
public static void setTrustStore(VOMSTrustStore trustStore)
trustStore
- the trustStore.VOMSTrustStore
public void cleanup()
VOMSTrustStore
or PKIStore
.
A VOMSValidator
should be cleaned up *only* before disposing the object.
public VOMSValidator setClientChain(java.security.cert.X509Certificate[] validatedChain)
VOMSValidator
instance for another client chain, thus avoiding overhead in
instantiating validators and trust stores and other potentially
expensive operations.
vomsValidator.setValidatedChain(chain).validate().getVOMSAttributes();
validatedChain
- The new validated certificate chain to inspect
public static java.util.Vector parse(java.security.cert.X509Certificate[] myValidatedChain)
validate()
public VOMSValidator parse()
new VOMSValidator(certChain).parse().getVOMSAttributes();
validate()
public VOMSValidator validate()
new VOMSValidator(certChain).parse().getVOMSAttributes();
parse()
public java.lang.String[] getAllFullyQualifiedAttributes()
public java.util.List getVOMSAttributes()
VOMSAttribute
VOMSAttribute
,
parse()
,
validate()
,
isValidated()
public java.util.List getRoles(java.lang.String subGroup)
parse()
or
validate()
must have been called before calling
this method. Otherwise, an IllegalStateException
is thrown.
subGroup
-
VOMSValidator.FQANTree
public java.util.List getCapabilities(java.lang.String subGroup)
parse()
or
validate()
must have been called before calling
this method. Otherwise, an IllegalStateException
is thrown.
subGroup
-
VOMSValidator.FQANTree
public boolean isValidated()
validate()
public boolean isValid()
public java.lang.String toString()
toString
in class java.lang.Object
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |