Class ProxyUtils


  • public class ProxyUtils
    extends Object
    Utility methods for checking properties of proxy certificates.
    Author:
    K. Benedyczak
    • Constructor Detail

      • ProxyUtils

        public ProxyUtils()
    • Method Detail

      • isProxy

        public static boolean isProxy​(X509Certificate certificate)
        Checks whether the certificate is a proxy.
        Parameters:
        certificate - the certificate to check
        Returns:
        true if proxy was found
      • isProxy

        public static boolean isProxy​(X509Certificate[] certificate)
        Checks whether the chain contains at least one proxy. Note that by definition proxy certificate can not issue a non-proxy certificate, therefore this method only checks the first certificate in chain. If proxy certificates are placed inside the chain and the first certificate is a not a proxy then this method will return false, but the chain is invalid.
        Parameters:
        certificate - the chain to check
        Returns:
        true if proxy was found
      • getEndUserCertificate

        public static X509Certificate getEndUserCertificate​(X509Certificate[] certificateChain)
        Extracts the first EEC from the chain.
        Parameters:
        certificateChain - chain to find EEC
        Returns:
        the certificate found or null if only proxy certificates are in chain
      • getOriginalUserDN

        public static X500Principal getOriginalUserDN​(X509Certificate[] certificateChain)
                                               throws IllegalArgumentException
        Tries to establish the DN of the user who issued the first proxy which is found in the provided chain.
        Parameters:
        certificateChain - chain to be checked
        Returns:
        object holding the user distinguished name
        Throws:
        IllegalArgumentException - if the argument chain contains only proxy certificates