Class PKITrustManager

  • All Implemented Interfaces:
    TrustManager, X509TrustManager

    public class PKITrustManager
    extends Object
    implements X509TrustManager
    This is an implementation of an X509TrustManager which supports the validation of proxy certificates. It uses the Globus CertPathValidator.

    JGLOBUS-97 : ability to accept anonymous connections?

    Since:
    1.0
    Version:
    ${version}
    • Constructor Detail

      • PKITrustManager

        public PKITrustManager​(CertPathValidatorSpi initValidator,
                               X509ProxyCertPathParameters initParameters)
        Create a trust manager with the pre-configured cert path validator and proxy parameters.
        Parameters:
        initValidator - A cert path validator to be used by this trust manager.
        initParameters - The proxy cert parameters, populated with trust store, cert store, etc.
    • Method Detail

      • checkClientTrusted

        public void checkClientTrusted​(X509Certificate[] x509Certificates,
                                       String authType)
                                throws CertificateException
        Test if the client is trusted based on the certificate chain. Does not currently support anonymous clients.
        Specified by:
        checkClientTrusted in interface X509TrustManager
        Parameters:
        x509Certificates - The certificate chain to test for validity.
        authType - The authentication type based on the client certificate.
        Throws:
        CertificateException - If the path validation fails.
      • getValidationResult

        public CertPathValidatorResult getValidationResult()
        Return the result of the last certificate validation.
        Returns:
        The validation result.