Package org.globus.gsi.trustmanager
Class X509ProxyCertPathValidator
java.lang.Object
java.security.cert.CertPathValidatorSpi
org.globus.gsi.trustmanager.X509ProxyCertPathValidator
Implementation of the CertPathValidatorSpi and the logic for X.509 Proxy Path Validation.
- Since:
- 1.0
- Version:
- ${version}
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringprotected CertStorestatic final Stringprotected KeyStoreprotected SigningPolicyStore -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidcheckKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer) protected voidcheckProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, org.bouncycastle.asn1.x509.TBSCertificateStructure issuer, X509Certificate checkedProxy) protected voidcheckRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, CertPath certPath, int index) voidclear()Dispose of the current validation state.engineValidate(CertPath certPath, CertPathParameters params) Validates the specified certification path using the specified algorithm parameter set.protected List<CertificateChecker> booleanbooleanprotected voidparseParameters(CertPathParameters params) voidsetIdentityCert(X509Certificate identityCert) voidsetLimited(boolean limited) protected CertPathValidatorResultValidates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraintsMethods inherited from class java.security.cert.CertPathValidatorSpi
engineGetRevocationChecker
-
Field Details
-
BASIC_CONSTRAINT_OID
- See Also:
-
KEY_USAGE_OID
- See Also:
-
keyStore
-
certStore
-
policyStore
-
-
Constructor Details
-
X509ProxyCertPathValidator
public X509ProxyCertPathValidator()
-
-
Method Details
-
engineValidate
public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException Validates the specified certification path using the specified algorithm parameter set.The
CertPathspecified must be of a type that is supported by the validation algorithm, otherwise anInvalidAlgorithmParameterExceptionwill be thrown. For example, aCertPathValidatorthat implements the PKIX algorithm validatesCertPathobjects of type X.509.- Specified by:
engineValidatein classCertPathValidatorSpi- Parameters:
certPath- theCertPathto be validatedparams- the algorithm parameters- Returns:
- the result of the validation algorithm
- Throws:
CertPathValidatorException- if theCertPathdoes not validateInvalidAlgorithmParameterException- if the specified parameters or the type of the specifiedCertPathare inappropriate for thisCertPathValidator
-
clear
public void clear()Dispose of the current validation state. -
parseParameters
-
validate
Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraintsIf it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the following: a) keyisage
- Parameters:
certPath- The CertPath to validate.- Returns:
- The results of the validation.
- Throws:
CertPathValidatorException- If the CertPath is invalid.
-
checkRestrictedProxy
protected void checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, CertPath certPath, int index) throws CertPathValidatorException, IOException -
checkKeyUsage
protected void checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer) throws CertPathValidatorException, IOException -
getCertificateCheckers
-
checkProxyConstraints
protected void checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, org.bouncycastle.asn1.x509.TBSCertificateStructure issuer, X509Certificate checkedProxy) throws CertPathValidatorException, IOException -
getIdentityCertificate
-
setLimited
public void setLimited(boolean limited) -
isLimited
public boolean isLimited() -
setIdentityCert
-
isRejectLimitedProxy
public boolean isRejectLimitedProxy()
-