Package org.globus.gsi.trustmanager

Class X509ProxyCertPathValidator

  • public class X509ProxyCertPathValidator
extends java.security.cert.CertPathValidatorSpi
    Implementation of the CertPathValidatorSpi and the logic for X.509 Proxy Path Validation.
    Since:
    1.0
    Version:
    ${version}

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void checkKeyUsage​(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)  
      protected void checkProxyConstraints​(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, org.bouncycastle.asn1.x509.TBSCertificateStructure issuer, java.security.cert.X509Certificate checkedProxy)  
      protected void checkRestrictedProxy​(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, java.security.cert.CertPath certPath, int index)  
      void clear()
      Dispose of the current validation state.
      java.security.cert.CertPathValidatorResult engineValidate​(java.security.cert.CertPath certPath, java.security.cert.CertPathParameters params)
      Validates the specified certification path using the specified algorithm parameter set.
      protected java.util.List<CertificateChecker> getCertificateCheckers()  
      java.security.cert.X509Certificate getIdentityCertificate()  
      boolean isLimited()  
      boolean isRejectLimitedProxy()  
      protected void parseParameters​(java.security.cert.CertPathParameters params)  
      void setIdentityCert​(java.security.cert.X509Certificate identityCert)  
      void setLimited​(boolean limited)  
      protected java.security.cert.CertPathValidatorResult validate​(java.security.cert.CertPath certPath)
      Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraints

      • Methods inherited from class java.security.cert.CertPathValidatorSpi

        engineGetRevocationChecker

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • BASIC_CONSTRAINT_OID

        public static final java.lang.String BASIC_CONSTRAINT_OID
        See Also:
        Constant Field Values

      • keyStore

        protected java.security.KeyStore keyStore

      • certStore

        protected java.security.cert.CertStore certStore

    • Constructor Detail

      • X509ProxyCertPathValidator

        public X509ProxyCertPathValidator()

    • Method Detail

      • engineValidate

        public java.security.cert.CertPathValidatorResult engineValidate​(java.security.cert.CertPath certPath,
                                                                 java.security.cert.CertPathParameters params)
                                                          throws java.security.cert.CertPathValidatorException,
                                                                 java.security.InvalidAlgorithmParameterException
        Validates the specified certification path using the specified algorithm parameter set.

        The CertPath specified must be of a type that is supported by the validation algorithm, otherwise an InvalidAlgorithmParameterException will be thrown. For example, a CertPathValidator that implements the PKIX algorithm validates CertPath objects of type X.509.

        Specified by:
        engineValidate in class java.security.cert.CertPathValidatorSpi
        Parameters:
        certPath - the CertPath to be validated
        params - the algorithm parameters
        Returns:
        the result of the validation algorithm
        Throws:
        java.security.cert.CertPathValidatorException - if the CertPath does not validate
        java.security.InvalidAlgorithmParameterException - if the specified parameters or the type of the specified CertPath are inappropriate for this CertPathValidator

      • clear

        public void clear()
        Dispose of the current validation state.

      • parseParameters

        protected void parseParameters​(java.security.cert.CertPathParameters params)
                        throws java.security.InvalidAlgorithmParameterException
        Throws:
        java.security.InvalidAlgorithmParameterException

      • validate

        protected java.security.cert.CertPathValidatorResult validate​(java.security.cert.CertPath certPath)
                                                       throws java.security.cert.CertPathValidatorException
        Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraints

        If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the following: a) keyisage

        Parameters:
        certPath - The CertPath to validate.
        Returns:
        The results of the validation.
        Throws:
        java.security.cert.CertPathValidatorException - If the CertPath is invalid.

      • checkRestrictedProxy

        protected void checkRestrictedProxy​(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
                                    java.security.cert.CertPath certPath,
                                    int index)
                             throws java.security.cert.CertPathValidatorException,
                                    java.io.IOException
        Throws:
        java.security.cert.CertPathValidatorException
        java.io.IOException

      • checkKeyUsage

        protected void checkKeyUsage​(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)
                      throws java.security.cert.CertPathValidatorException,
                             java.io.IOException
        Throws:
        java.security.cert.CertPathValidatorException
        java.io.IOException

      • getCertificateCheckers

        protected java.util.List<CertificateChecker> getCertificateCheckers()

      • checkProxyConstraints

        protected void checkProxyConstraints​(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
                                     org.bouncycastle.asn1.x509.TBSCertificateStructure issuer,
                                     java.security.cert.X509Certificate checkedProxy)
                              throws java.security.cert.CertPathValidatorException,
                                     java.io.IOException
        Throws:
        java.security.cert.CertPathValidatorException
        java.io.IOException

      • getIdentityCertificate

        public java.security.cert.X509Certificate getIdentityCertificate()

      • setLimited

        public void setLimited​(boolean limited)

      • isLimited

        public boolean isLimited()

      • setIdentityCert

        public void setIdentityCert​(java.security.cert.X509Certificate identityCert)

      • isRejectLimitedProxy

        public boolean isRejectLimitedProxy()