|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.globus.gsi.proxy.ProxyPathValidator
Performs certificate/proxy path validation. It supports both
old style Globus proxy as well as the new proxy certificate format.
It checks BasicConstraints, KeyUsage, and ProxyCertInfo (if applicable)
extensions. It also provides a callback interface for custom policy
checking of restricted proxies.
Currently, does not perform the following checks for the new proxy
certificates:
Constructor Summary | |
ProxyPathValidator()
|
Method Summary | |
protected void |
checkCRL(X509Certificate cert,
CertificateRevocationLists crlsList,
TrustedCertificates trustedCerts)
|
protected void |
checkIdentity(X509Certificate cert,
int certType)
|
protected void |
checkKeyUsage(TBSCertificateStructure issuer,
X509Certificate[] certPath,
int index)
|
protected void |
checkProxyConstraints(TBSCertificateStructure proxy,
TBSCertificateStructure issuer,
X509Certificate checkedProxy)
|
protected void |
checkRestrictedProxy(TBSCertificateStructure proxy,
X509Certificate[] certPath,
int index)
|
protected void |
checkUnsupportedCriticalExtensions(TBSCertificateStructure crt,
int certType,
X509Certificate checkedProxy)
|
protected void |
checkValidity(X509Certificate cert)
|
protected int |
getCAPathConstraint(TBSCertificateStructure crt)
|
String |
getIdentity()
Returns the subject name of the identity certificate (in the Globus format) |
X509Certificate |
getIdentityCertificate()
Returns the identity certificate. |
protected boolean[] |
getKeyUsage(TBSCertificateStructure crt)
|
ProxyPolicyHandler |
getProxyPolicyHandler(String id)
Retrieves a restricted proxy policy handler for a given policy id. |
boolean |
isLimited()
Returns if the validated proxy path is limited. |
ProxyPolicyHandler |
removeProxyPolicyHandler(String id)
Removes a restricted proxy policy handler. |
void |
reset()
Resets the internal state. |
ProxyPolicyHandler |
setProxyPolicyHandler(String id,
ProxyPolicyHandler handler)
Sets a restricted proxy policy handler. |
void |
setRejectLimitedProxyCheck(boolean rejectLimProxy)
If set, the validate rejects certificate chain if limited proxy if found |
protected void |
validate(X509Certificate[] certPath)
Performs certificate path validation. |
protected void |
validate(X509Certificate[] certPath,
TrustedCertificates trustedCerts)
Performs certificate path validation. |
protected void |
validate(X509Certificate[] certPath,
TrustedCertificates trustedCerts,
CertificateRevocationLists crlsList)
Performs certificate path validation. |
void |
validate(X509Certificate[] certPath,
X509Certificate[] trustedCerts)
Performs all certificate path validation including checking of the signatures, validity of the certificates, extension checking, etc. It uses the PureTLS code to do basic cert signature checking checking and then calls validate for further checks. |
void |
validate(X509Certificate[] certPath,
X509Certificate[] trustedCerts,
CertificateRevocationLists crls)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public ProxyPathValidator()
Method Detail |
public boolean isLimited()
public X509Certificate getIdentityCertificate()
X509Certificate
the identity certificatepublic String getIdentity()
getIdentityCertificate()
public ProxyPolicyHandler removeProxyPolicyHandler(String id)
id
- the Oid of the policy handler to remove.
ProxyPolicyHandler
the removed handler, or
null if there is no handler registered under that
id.public ProxyPolicyHandler setProxyPolicyHandler(String id, ProxyPolicyHandler handler)
id
- the Oid of the proxy policy to install the handler for.handler
- the proxy policy handler.
ProxyPolicyHandler
the previous handler
installed under the specified id. Usually, will be null.public ProxyPolicyHandler getProxyPolicyHandler(String id)
id
- the Oid of the proxy policy to get the handler for.
ProxyPolicyHandler
the policy handler
registered for the given id or null if none is
registered.public void reset()
public void setRejectLimitedProxyCheck(boolean rejectLimProxy)
public void validate(X509Certificate[] certPath, X509Certificate[] trustedCerts) throws ProxyPathValidatorException
validate
for further checks.
certPath
- the certificate path to validate.trustedCerts
- the trusted (CA) certificates.
ProxyPathValidatorException
- if certificate
path validation fails.public void validate(X509Certificate[] certPath, X509Certificate[] trustedCerts, CertificateRevocationLists crls) throws ProxyPathValidatorException
ProxyPathValidatorException
protected void validate(X509Certificate[] certPath) throws ProxyPathValidatorException
certPath
- the certificate path to validate.
ProxyPathValidatorException
- if certificate
path validation fails.protected void validate(X509Certificate[] certPath, TrustedCertificates trustedCerts) throws ProxyPathValidatorException
certPath
- the certificate path to validate.trustedCerts
- the trusted (CA) certificates. If null,
the default trusted certificates will be used.
ProxyPathValidatorException
- if certificate
path validation fails.protected void validate(X509Certificate[] certPath, TrustedCertificates trustedCerts, CertificateRevocationLists crlsList) throws ProxyPathValidatorException
certPath
- the certificate path to validate.trustedCerts
- the trusted (CA) certificates. If null,
the default trusted certificates will be used.crlsList
- the certificate revocation list. If null,
the default certificate revocation list will be used.
ProxyPathValidatorException
- if certificate
path validation fails.protected void checkIdentity(X509Certificate cert, int certType) throws ProxyPathValidatorException
ProxyPathValidatorException
protected void checkRestrictedProxy(TBSCertificateStructure proxy, X509Certificate[] certPath, int index) throws ProxyPathValidatorException, IOException
ProxyPathValidatorException
IOException
protected void checkKeyUsage(TBSCertificateStructure issuer, X509Certificate[] certPath, int index) throws ProxyPathValidatorException, IOException
ProxyPathValidatorException
IOException
protected void checkProxyConstraints(TBSCertificateStructure proxy, TBSCertificateStructure issuer, X509Certificate checkedProxy) throws ProxyPathValidatorException, IOException
ProxyPathValidatorException
IOException
protected void checkUnsupportedCriticalExtensions(TBSCertificateStructure crt, int certType, X509Certificate checkedProxy) throws ProxyPathValidatorException
ProxyPathValidatorException
protected void checkValidity(X509Certificate cert) throws ProxyPathValidatorException
ProxyPathValidatorException
protected int getCAPathConstraint(TBSCertificateStructure crt) throws IOException
IOException
protected boolean[] getKeyUsage(TBSCertificateStructure crt) throws IOException
IOException
protected void checkCRL(X509Certificate cert, CertificateRevocationLists crlsList, TrustedCertificates trustedCerts) throws ProxyPathValidatorException
ProxyPathValidatorException
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |