Package org.globus.gsi.trustmanager
Class X509ProxyCertPathValidator
- java.lang.Object
-
- java.security.cert.CertPathValidatorSpi
-
- org.globus.gsi.trustmanager.X509ProxyCertPathValidator
-
public class X509ProxyCertPathValidator extends CertPathValidatorSpi
Implementation of the CertPathValidatorSpi and the logic for X.509 Proxy Path Validation.- Since:
- 1.0
- Version:
- ${version}
-
-
Field Summary
Fields Modifier and Type Field Description static String
BASIC_CONSTRAINT_OID
protected CertStore
certStore
static String
KEY_USAGE_OID
protected KeyStore
keyStore
protected SigningPolicyStore
policyStore
-
Constructor Summary
Constructors Constructor Description X509ProxyCertPathValidator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)
protected void
checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, org.bouncycastle.asn1.x509.TBSCertificateStructure issuer, X509Certificate checkedProxy)
protected void
checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, CertPath certPath, int index)
void
clear()
Dispose of the current validation state.CertPathValidatorResult
engineValidate(CertPath certPath, CertPathParameters params)
Validates the specified certification path using the specified algorithm parameter set.protected List<CertificateChecker>
getCertificateCheckers()
X509Certificate
getIdentityCertificate()
boolean
isLimited()
boolean
isRejectLimitedProxy()
protected void
parseParameters(CertPathParameters params)
void
setIdentityCert(X509Certificate identityCert)
void
setLimited(boolean limited)
protected CertPathValidatorResult
validate(CertPath certPath)
Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraints-
Methods inherited from class java.security.cert.CertPathValidatorSpi
engineGetRevocationChecker
-
-
-
-
Field Detail
-
BASIC_CONSTRAINT_OID
public static final String BASIC_CONSTRAINT_OID
- See Also:
- Constant Field Values
-
KEY_USAGE_OID
public static final String KEY_USAGE_OID
- See Also:
- Constant Field Values
-
keyStore
protected KeyStore keyStore
-
certStore
protected CertStore certStore
-
policyStore
protected SigningPolicyStore policyStore
-
-
Method Detail
-
engineValidate
public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException
Validates the specified certification path using the specified algorithm parameter set.The
CertPath
specified must be of a type that is supported by the validation algorithm, otherwise anInvalidAlgorithmParameterException
will be thrown. For example, aCertPathValidator
that implements the PKIX algorithm validatesCertPath
objects of type X.509.- Specified by:
engineValidate
in classCertPathValidatorSpi
- Parameters:
certPath
- theCertPath
to be validatedparams
- the algorithm parameters- Returns:
- the result of the validation algorithm
- Throws:
CertPathValidatorException
- if theCertPath
does not validateInvalidAlgorithmParameterException
- if the specified parameters or the type of the specifiedCertPath
are inappropriate for thisCertPathValidator
-
clear
public void clear()
Dispose of the current validation state.
-
parseParameters
protected void parseParameters(CertPathParameters params) throws InvalidAlgorithmParameterException
-
validate
protected CertPathValidatorResult validate(CertPath certPath) throws CertPathValidatorException
Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraintsIf it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the following: a) keyisage
- Parameters:
certPath
- The CertPath to validate.- Returns:
- The results of the validation.
- Throws:
CertPathValidatorException
- If the CertPath is invalid.
-
checkRestrictedProxy
protected void checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, CertPath certPath, int index) throws CertPathValidatorException, IOException
-
checkKeyUsage
protected void checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer) throws CertPathValidatorException, IOException
-
getCertificateCheckers
protected List<CertificateChecker> getCertificateCheckers()
-
checkProxyConstraints
protected void checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, org.bouncycastle.asn1.x509.TBSCertificateStructure issuer, X509Certificate checkedProxy) throws CertPathValidatorException, IOException
-
getIdentityCertificate
public X509Certificate getIdentityCertificate()
-
setLimited
public void setLimited(boolean limited)
-
isLimited
public boolean isLimited()
-
setIdentityCert
public void setIdentityCert(X509Certificate identityCert)
-
isRejectLimitedProxy
public boolean isRejectLimitedProxy()
-
-