|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.glite.security.voms.VOMSValidator
The main (top) class to use for extracting VOMS information from
a certificate and/or certificate chain. The VOMS information can
simply be parsed or validated. No validation is performed on the
certificate chain -- that is assumed to already have happenede.
The certificate chain is assumed to already be validated. It is
also assumed to be sorted in TLS order, that is certificate
issued by trust anchor first and client certificate last.
Example of use: this will validate any VOMS attributes in the
certificate chain and check if any of the attributes grants the
user the "admin" role in the group (VO) "MyVO".
boolean isAdmin = new VOMSValidator(certChain).validate().getRoles("MyVO").contains("admin");
Nested Class Summary | |
class |
VOMSValidator.FQANTree
Class to sort out the hierarchial properties of FQANs. |
Field Summary | |
static java.lang.String |
VOMS_EXT_OID
|
Constructor Summary | |
VOMSValidator(java.security.cert.X509Certificate validatedCert)
Convenience constructor in the case where you have a single cert and not a chain. |
|
VOMSValidator(java.security.cert.X509Certificate[] validatedChain)
Convenience constructor Same as VOMSValidator(validatedChain, null) |
|
VOMSValidator(java.security.cert.X509Certificate[] validatedChain,
ACValidator acValidator)
If validatedChain is null , a call to
setValidatedChain() MUST be made before calling
parse() or validate() . |
Method Summary | |
java.util.List |
getCapabilities(java.lang.String subGroup)
Returns a list of all capabilities attributed to a (sub)group, by combining all VOMS attributes in a hiearchial fashion. |
java.util.List |
getRoles(java.lang.String subGroup)
Returns a list of all roles attributed to a (sub)group, by combining all VOMS attributes in a hiearchial fashion. |
java.util.List |
getVOMSAttributes()
Returns a list of VOMS attributes, parsed and possibly validated. |
boolean |
isValidated()
|
VOMSValidator |
parse()
Deprecated. use the parse(X509Certificate[]) instead |
static java.util.Vector |
parse(java.security.cert.X509Certificate[] myValidatedChain)
Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain. |
VOMSValidator |
setClientChain(java.security.cert.X509Certificate[] validatedChain)
Convenience method: enables you to reuse a VOMSValidator
instance for another client chain, thus avoiding overhead in
instantiating validators and trust stores and other potentially
expensive operations. |
static void |
setTrustStore(ACTrustStore trustStore)
Sets the ACTrustStore instance to use with the default ACValidator. |
java.lang.String |
toString()
|
VOMSValidator |
validate()
Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
public static final java.lang.String VOMS_EXT_OID
Constructor Detail |
public VOMSValidator(java.security.cert.X509Certificate validatedCert)
VOMSValidator(X509Certificate[])
public VOMSValidator(java.security.cert.X509Certificate[] validatedChain)
VOMSValidator(validatedChain, null)
validatedChain
- public VOMSValidator(java.security.cert.X509Certificate[] validatedChain, ACValidator acValidator)
validatedChain
is null
, a call to
setValidatedChain()
MUST be made before calling
parse()
or validate()
.
validatedChain
- The (full), validated certificate chainacValidator
- The AC validator implementation to use (null is default with a BasicVOMSTrustStore)ACValidator
,
BasicVOMSTrustStore
Method Detail |
public static void setTrustStore(ACTrustStore trustStore)
BasicVOMSTrustStore
trustStore
- BasicVOMSTrustStore
public VOMSValidator setClientChain(java.security.cert.X509Certificate[] validatedChain)
VOMSValidator
instance for another client chain, thus avoiding overhead in
instantiating validators and trust stores and other potentially
expensive operations.
vomsValidator.setValidatedChain(chain).validate().getVOMSAttributes();
validatedChain
- The new validated certificate chain to inspect
public static java.util.Vector parse(java.security.cert.X509Certificate[] myValidatedChain)
validate()
public VOMSValidator parse()
new VOMSValidator(certChain).parse().getVOMSAttributes();
validate()
public VOMSValidator validate()
new VOMSValidator(certChain).parse().getVOMSAttributes();
parse()
public java.util.List getVOMSAttributes()
VOMSAttribute
VOMSAttribute
,
parse()
,
validate()
,
isValidated()
public java.util.List getRoles(java.lang.String subGroup)
parse()
or
validate()
must have been called before calling
this method. Otherwise, an IllegalStateException
is thrown.
subGroup
-
#FQANTree
public java.util.List getCapabilities(java.lang.String subGroup)
parse()
or
validate()
must have been called before calling
this method. Otherwise, an IllegalStateException
is thrown.
subGroup
-
#FQANTree
public boolean isValidated()
validate()
public java.lang.String toString()
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |