X509ProxyCertPathValidator (JGlobus debian API)

java.lang.Object
- java.security.cert.CertPathValidatorSpi
- - org.globus.gsi.trustmanager.X509ProxyCertPathValidator

```
public class X509ProxyCertPathValidator
extends java.security.cert.CertPathValidatorSpi
```
Implementation of the CertPathValidatorSpi and the logic for X.509 Proxy Path Validation.

Since:

1.0

Version:

${version}

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`BASIC_CONSTRAINT_OID`
`protected java.security.cert.CertStore`	`certStore`
`static java.lang.String`	`KEY_USAGE_OID`
`protected java.security.KeyStore`	`keyStore`
`protected SigningPolicyStore`	`policyStore`

Constructor Summary

Constructors
Constructor and Description

X509ProxyCertPathValidator()

Constructors
Constructor and Description
`X509ProxyCertPathValidator()`

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)`
`protected void`	`checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, org.bouncycastle.asn1.x509.TBSCertificateStructure issuer, java.security.cert.X509Certificate checkedProxy)`
`protected void`	`checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, java.security.cert.CertPath certPath, int index)`
`void`	`clear()` Dispose of the current validation state.
`java.security.cert.CertPathValidatorResult`	`engineValidate(java.security.cert.CertPath certPath, java.security.cert.CertPathParameters params)` Validates the specified certification path using the specified algorithm parameter set.
`protected java.util.List<CertificateChecker>`	`getCertificateCheckers()`
`java.security.cert.X509Certificate`	`getIdentityCertificate()`
`boolean`	`isLimited()`
`boolean`	`isRejectLimitedProxy()`
`protected void`	`parseParameters(java.security.cert.CertPathParameters params)`
`void`	`setIdentityCert(java.security.cert.X509Certificate identityCert)`
`void`	`setLimited(boolean limited)`
`protected java.security.cert.CertPathValidatorResult`	`validate(java.security.cert.CertPath certPath)` Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraints If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the following: a) keyisage

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

BASIC_CONSTRAINT_OID

public static final java.lang.String BASIC_CONSTRAINT_OID

See Also:: Constant Field Values

KEY_USAGE_OID

public static final java.lang.String KEY_USAGE_OID

See Also:: Constant Field Values

keyStore

protected java.security.KeyStore keyStore

certStore

protected java.security.cert.CertStore certStore

policyStore

protected SigningPolicyStore policyStore

Constructor Detail
- X509ProxyCertPathValidator
```
public X509ProxyCertPathValidator()
```

Method Detail

engineValidate
```
public java.security.cert.CertPathValidatorResult engineValidate(java.security.cert.CertPath certPath,
                                                        java.security.cert.CertPathParameters params)
                                                          throws java.security.cert.CertPathValidatorException,
                                                                 java.security.InvalidAlgorithmParameterException
```
Validates the specified certification path using the specified algorithm parameter set.
The CertPath specified must be of a type that is supported by the validation algorithm, otherwise an InvalidAlgorithmParameterException will be thrown. For example, a CertPathValidator that implements the PKIX algorithm validates CertPath objects of type X.509.

Specified by:

engineValidate in class java.security.cert.CertPathValidatorSpi

Parameters:
certPath - the CertPath to be validated
params - the algorithm parameters

Returns:
the result of the validation algorithm

Throws:

java.security.cert.CertPathValidatorException - if the CertPath does not validate

java.security.InvalidAlgorithmParameterException - if the specified parameters or the type of the specified CertPath are inappropriate for this CertPathValidator

clear
```
public void clear()
```
Dispose of the current validation state.

parseParameters

protected void parseParameters(java.security.cert.CertPathParameters params)
                        throws java.security.InvalidAlgorithmParameterException

Throws:: java.security.InvalidAlgorithmParameterException

validate
```
protected java.security.cert.CertPathValidatorResult validate(java.security.cert.CertPath certPath)
                                                       throws java.security.cert.CertPathValidatorException
```
Validates the certificate path and does the following for each certificate in the chain: method checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path constraints c) Proxy path constraints
If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the following: a) keyisage

Parameters:
certPath - The CertPath to validate.

Returns:
The results of the validation.

Throws:

java.security.cert.CertPathValidatorException - If the CertPath is invalid.

checkRestrictedProxy

protected void checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
                        java.security.cert.CertPath certPath,
                        int index)
                             throws java.security.cert.CertPathValidatorException,
                                    java.io.IOException

Throws:: java.security.cert.CertPathValidatorException; java.io.IOException

checkKeyUsage

protected void checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)
                      throws java.security.cert.CertPathValidatorException,
                             java.io.IOException

Throws:: java.security.cert.CertPathValidatorException; java.io.IOException

getCertificateCheckers

protected java.util.List<CertificateChecker> getCertificateCheckers()

checkProxyConstraints

protected void checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
                         org.bouncycastle.asn1.x509.TBSCertificateStructure issuer,
                         java.security.cert.X509Certificate checkedProxy)
                              throws java.security.cert.CertPathValidatorException,
                                     java.io.IOException

Throws:: java.security.cert.CertPathValidatorException; java.io.IOException

getIdentityCertificate

public java.security.cert.X509Certificate getIdentityCertificate()

setLimited

public void setLimited(boolean limited)

isLimited
```
public boolean isLimited()
```

setIdentityCert

public void setIdentityCert(java.security.cert.X509Certificate identityCert)

isRejectLimitedProxy
```
public boolean isRejectLimitedProxy()
```

Class X509ProxyCertPathValidator

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

BASIC_CONSTRAINT_OID

KEY_USAGE_OID

keyStore

certStore

policyStore

Constructor Detail

X509ProxyCertPathValidator

Method Detail

engineValidate

clear

parseParameters

validate

checkRestrictedProxy

checkKeyUsage

getCertificateCheckers

checkProxyConstraints

getIdentityCertificate

setLimited

isLimited

setIdentityCert

isRejectLimitedProxy