org.jsslutils.extra.gsi
Class GsiWrappingTrustManager

java.lang.Object
  extended by org.jsslutils.extra.gsi.GsiWrappingTrustManager
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class GsiWrappingTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

TrustManager that accepts GSI proxy certificates (clients).

Author:
Bruno Harbulot.

Nested Class Summary
static class GsiWrappingTrustManager.CertificateCriticalExtensionsNotSupported
           
static class GsiWrappingTrustManager.Wrapper
          Wrapper factory class that wraps existing X509TrustManagers into GsiWrappingTrustManagers.
 
Field Summary
static java.lang.String KEY_USAGE_EXTENSION_OID_STRING
           
static java.lang.String PRERFC_EXTENSION_OID_STRING
           
static java.lang.String RFC3820_EXTENSION_OID_STRING
           
 
Constructor Summary
GsiWrappingTrustManager(javax.net.ssl.X509TrustManager trustManager, boolean allowLegacy, boolean allowPreRfc, boolean allowRfc3820)
          Creates a new instance from an existing X509TrustManager.
 
Method Summary
 void checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          Checks that the client is trusted; the aim is to follow RFC 3820.
 void checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
          Checks that the server is trusted; in this case, it delegates this check to the trust manager it wraps.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          Returns the accepted issuers; in this case, it delegates this to the trust manager it wraps.
static java.security.cert.CertificateException verifyLegacyProxyCertificate(java.security.cert.X509Certificate[] chain, int eecCertIndex, java.util.Date date)
           
static java.security.cert.CertificateException verifyPreRfcProxyCertificate(java.security.cert.X509Certificate[] chain, int eecCertIndex, java.util.Date date)
           
static java.security.cert.CertificateException verifyProxyCertificate(java.security.cert.X509Certificate[] chain, int eecCertIndex, boolean allowLegacy, boolean allowPreRfc, boolean allowRfc3820, java.util.Date date)
           
static java.security.cert.CertificateException verifyProxyCertificate(java.security.cert.X509Certificate[] chain, int eecCertIndex, java.util.Date date)
           
static java.security.cert.CertificateException verifyRfc3820ProxyCertificate(java.security.cert.X509Certificate[] chain, int eecCertIndex, java.util.Date date)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PRERFC_EXTENSION_OID_STRING

public static final java.lang.String PRERFC_EXTENSION_OID_STRING
See Also:
Constant Field Values

RFC3820_EXTENSION_OID_STRING

public static final java.lang.String RFC3820_EXTENSION_OID_STRING
See Also:
Constant Field Values

KEY_USAGE_EXTENSION_OID_STRING

public static final java.lang.String KEY_USAGE_EXTENSION_OID_STRING
See Also:
Constant Field Values
Constructor Detail

GsiWrappingTrustManager

public GsiWrappingTrustManager(javax.net.ssl.X509TrustManager trustManager,
                               boolean allowLegacy,
                               boolean allowPreRfc,
                               boolean allowRfc3820)
Creates a new instance from an existing X509TrustManager.

Parameters:
trustManager - X509TrustManager to wrap.
Method Detail

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Checks that the client is trusted; the aim is to follow RFC 3820.

Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Throws:
java.security.cert.CertificateException

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
Checks that the server is trusted; in this case, it delegates this check to the trust manager it wraps.

Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Throws:
java.security.cert.CertificateException

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
Returns the accepted issuers; in this case, it delegates this to the trust manager it wraps.

Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

verifyProxyCertificate

public static java.security.cert.CertificateException verifyProxyCertificate(java.security.cert.X509Certificate[] chain,
                                                                             int eecCertIndex,
                                                                             java.util.Date date)

verifyProxyCertificate

public static java.security.cert.CertificateException verifyProxyCertificate(java.security.cert.X509Certificate[] chain,
                                                                             int eecCertIndex,
                                                                             boolean allowLegacy,
                                                                             boolean allowPreRfc,
                                                                             boolean allowRfc3820,
                                                                             java.util.Date date)

verifyLegacyProxyCertificate

public static java.security.cert.CertificateException verifyLegacyProxyCertificate(java.security.cert.X509Certificate[] chain,
                                                                                   int eecCertIndex,
                                                                                   java.util.Date date)

verifyPreRfcProxyCertificate

public static java.security.cert.CertificateException verifyPreRfcProxyCertificate(java.security.cert.X509Certificate[] chain,
                                                                                   int eecCertIndex,
                                                                                   java.util.Date date)

verifyRfc3820ProxyCertificate

public static java.security.cert.CertificateException verifyRfc3820ProxyCertificate(java.security.cert.X509Certificate[] chain,
                                                                                    int eecCertIndex,
                                                                                    java.util.Date date)


Copyright © 2011. All Rights Reserved.