org.globus.gsi.trustmanager
Class PKITrustManager

java.lang.Object
  extended by org.globus.gsi.trustmanager.PKITrustManager
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class PKITrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

This is an implementation of an X509TrustManager which supports the validation of proxy certificates. It uses the Globus CertPathValidator.

JGLOBUS-97 : ability to accept anonymous connections?

Since:
1.0
Version:
${version}

Constructor Summary
PKITrustManager(java.security.cert.CertPathValidatorSpi initValidator, X509ProxyCertPathParameters initParameters)
          Create a trust manager with the pre-configured cert path validator and proxy parameters.
 
Method Summary
 void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)
          Test if the client is trusted based on the certificate chain.
 void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)
          Test if the server is trusted based on the certificate chain.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          Get the collection of trusted certificate issuers.
 java.security.cert.CertPathValidatorResult getValidationResult()
          Return the result of the last certificate validation.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKITrustManager

public PKITrustManager(java.security.cert.CertPathValidatorSpi initValidator,
                       X509ProxyCertPathParameters initParameters)
Create a trust manager with the pre-configured cert path validator and proxy parameters.

Parameters:
initValidator - A cert path validator to be used by this trust manager.
initParameters - The proxy cert parameters, populated with trust store, cert store, etc.
Method Detail

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Test if the client is trusted based on the certificate chain. Does not currently support anonymous clients.

Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
x509Certificates - The certificate chain to test for validity.
authType - The authentication type based on the client certificate.
Throws:
java.security.cert.CertificateException - If the path validation fails.

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Test if the server is trusted based on the certificate chain.

Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
x509Certificates - The certificate chain to test for validity.
authType - The authentication type based on the server certificate.
Throws:
java.security.cert.CertificateException - If the path validation fails.

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
Get the collection of trusted certificate issuers.

Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
Returns:
The trusted certificate issuers.

getValidationResult

public java.security.cert.CertPathValidatorResult getValidationResult()
Return the result of the last certificate validation.

Returns:
The validation result.