PKITrustManager (JGlobus debian API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.globus.gsi.trustmanager
Class PKITrustManager

java.lang.Object
  org.globus.gsi.trustmanager.PKITrustManager

All Implemented Interfaces:: javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class PKITrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This is an implementation of an X509TrustManager which supports the validation of proxy certificates. It uses the Globus CertPathValidator.

JGLOBUS-97 : ability to accept anonymous connections?

Since:: 1.0
Version:: ${version}

Constructor Summary
`PKITrustManager(java.security.cert.CertPathValidatorSpi initValidator, X509ProxyCertPathParameters initParameters)` Create a trust manager with the pre-configured cert path validator and proxy parameters.

Method Summary
`void`	`checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)` Test if the client is trusted based on the certificate chain.
`void`	`checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)` Test if the server is trusted based on the certificate chain.
`java.security.cert.X509Certificate[]`	`getAcceptedIssuers()` Get the collection of trusted certificate issuers.
`java.security.cert.CertPathValidatorResult`	`getValidationResult()` Return the result of the last certificate validation.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

PKITrustManager

public PKITrustManager(java.security.cert.CertPathValidatorSpi initValidator,
                       X509ProxyCertPathParameters initParameters)

Create a trust manager with the pre-configured cert path validator and proxy parameters.

Parameters:: initValidator - A cert path validator to be used by this trust manager.; initParameters - The proxy cert parameters, populated with trust store, cert store, etc.

Method Detail

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Test if the client is trusted based on the certificate chain. Does not currently support anonymous clients.

Specified by:: checkClientTrusted in interface javax.net.ssl.X509TrustManager

Parameters:: x509Certificates - The certificate chain to test for validity.; authType - The authentication type based on the client certificate.
Throws:: java.security.cert.CertificateException - If the path validation fails.

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Test if the server is trusted based on the certificate chain.

Specified by:: checkServerTrusted in interface javax.net.ssl.X509TrustManager

Parameters:: x509Certificates - The certificate chain to test for validity.; authType - The authentication type based on the server certificate.
Throws:: java.security.cert.CertificateException - If the path validation fails.

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()

Get the collection of trusted certificate issuers.

Specified by:: getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

Returns:: The trusted certificate issuers.

getValidationResult

public java.security.cert.CertPathValidatorResult getValidationResult()

Return the result of the last certificate validation.

Returns:: The validation result.