Class PKITrustManager

  • All Implemented Interfaces:
    javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

    public class PKITrustManager
    extends java.lang.Object
    implements javax.net.ssl.X509TrustManager
    This is an implementation of an X509TrustManager which supports the validation of proxy certificates. It uses the Globus CertPathValidator.

    JGLOBUS-97 : ability to accept anonymous connections?

    Since:
    1.0
    Version:
    ${version}
    • Constructor Summary

      Constructors 
      Constructor Description
      PKITrustManager​(java.security.cert.CertPathValidatorSpi initValidator, X509ProxyCertPathParameters initParameters)
      Create a trust manager with the pre-configured cert path validator and proxy parameters.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void checkClientTrusted​(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)
      Test if the client is trusted based on the certificate chain.
      void checkServerTrusted​(java.security.cert.X509Certificate[] x509Certificates, java.lang.String authType)
      Test if the server is trusted based on the certificate chain.
      java.security.cert.X509Certificate[] getAcceptedIssuers()
      Get the collection of trusted certificate issuers.
      java.security.cert.CertPathValidatorResult getValidationResult()
      Return the result of the last certificate validation.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • validator

        private java.security.cert.CertPathValidatorSpi validator
      • result

        private java.security.cert.CertPathValidatorResult result
      • logger

        private org.apache.commons.logging.Log logger
    • Constructor Detail

      • PKITrustManager

        public PKITrustManager​(java.security.cert.CertPathValidatorSpi initValidator,
                               X509ProxyCertPathParameters initParameters)
        Create a trust manager with the pre-configured cert path validator and proxy parameters.
        Parameters:
        initValidator - A cert path validator to be used by this trust manager.
        initParameters - The proxy cert parameters, populated with trust store, cert store, etc.
    • Method Detail

      • checkClientTrusted

        public void checkClientTrusted​(java.security.cert.X509Certificate[] x509Certificates,
                                       java.lang.String authType)
                                throws java.security.cert.CertificateException
        Test if the client is trusted based on the certificate chain. Does not currently support anonymous clients.
        Specified by:
        checkClientTrusted in interface javax.net.ssl.X509TrustManager
        Parameters:
        x509Certificates - The certificate chain to test for validity.
        authType - The authentication type based on the client certificate.
        Throws:
        java.security.cert.CertificateException - If the path validation fails.
      • checkServerTrusted

        public void checkServerTrusted​(java.security.cert.X509Certificate[] x509Certificates,
                                       java.lang.String authType)
                                throws java.security.cert.CertificateException
        Test if the server is trusted based on the certificate chain.
        Specified by:
        checkServerTrusted in interface javax.net.ssl.X509TrustManager
        Parameters:
        x509Certificates - The certificate chain to test for validity.
        authType - The authentication type based on the server certificate.
        Throws:
        java.security.cert.CertificateException - If the path validation fails.
      • getAcceptedIssuers

        public java.security.cert.X509Certificate[] getAcceptedIssuers()
        Get the collection of trusted certificate issuers.
        Specified by:
        getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
        Returns:
        The trusted certificate issuers.
      • getValidationResult

        public java.security.cert.CertPathValidatorResult getValidationResult()
        Return the result of the last certificate validation.
        Returns:
        The validation result.