Package org.globus.gsi.trustmanager

Class PKITrustManager

java.lang.Object

org.globus.gsi.trustmanager.PKITrustManager

All Implemented Interfaces:

javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class PKITrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This is an implementation of an X509TrustManager which supports the validation of proxy certificates. It uses the Globus CertPathValidator.

JGLOBUS-97 : ability to accept anonymous connections?

Since:

1.0

Version:

${version}

Constructor Summary

Constructors

Constructor	Description
PKITrustManager(java.security.cert.CertPathValidatorSpi initValidator, X509ProxyCertPathParameters initParameters)	Create a trust manager with the pre-configured cert path validator and proxy parameters.

Method Summary

Modifier and Type	Method	Description
void	checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)	Test if the client is trusted based on the certificate chain.
void	checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)	Test if the server is trusted based on the certificate chain.
java.security.cert.X509Certificate[]	getAcceptedIssuers()	Get the collection of trusted certificate issuers.
java.security.cert.CertPathValidatorResult	getValidationResult()	Return the result of the last certificate validation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PKITrustManager

public PKITrustManager(java.security.cert.CertPathValidatorSpi initValidator,
                       X509ProxyCertPathParameters initParameters)

Create a trust manager with the pre-configured cert path validator and proxy parameters.

Parameters:

initValidator - A cert path validator to be used by this trust manager.

initParameters - The proxy cert parameters, populated with trust store, cert store, etc.

Method Detail

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Test if the client is trusted based on the certificate chain. Does not currently support anonymous clients.

Specified by:

checkClientTrusted in interface javax.net.ssl.X509TrustManager

Parameters:

x509Certificates - The certificate chain to test for validity.

authType - The authentication type based on the client certificate.

Throws:

java.security.cert.CertificateException - If the path validation fails.

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Test if the server is trusted based on the certificate chain.

Specified by:

checkServerTrusted in interface javax.net.ssl.X509TrustManager

Parameters:

x509Certificates - The certificate chain to test for validity.

authType - The authentication type based on the server certificate.

Throws:

java.security.cert.CertificateException - If the path validation fails.

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()

Get the collection of trusted certificate issuers.

Specified by:

getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

Returns:

The trusted certificate issuers.

getValidationResult

public java.security.cert.CertPathValidatorResult getValidationResult()

Return the result of the last certificate validation.

Returns:

The validation result.