org.glite.security.voms
Class VOMSValidator

java.lang.Object
  extended by org.glite.security.voms.VOMSValidator

Deprecated. This class is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The main (top) class to use for extracting VOMS information from a certificate and/or certificate chain. The VOMS information can simply be parsed or validated. No validation is performed on the certificate chain -- that is assumed to already have happenede.
The certificate chain is assumed to already be validated. It is also assumed to be sorted in TLS order, that is certificate issued by trust anchor first and client certificate last.
Example of use: this will validate any VOMS attributes in the certificate chain and check if any of the attributes grants the user the "admin" role in the group (VO) "MyVO".
 boolean isAdmin = new VOMSValidator(certChain).validate().getRoles("MyVO").contains("admin");
 

public class VOMSValidator
extends java.lang.Object

Author:
mulmo

Nested Class Summary
 class VOMSValidator.FQANTree
          Deprecated. Class to sort out the hierarchial properties of FQANs.
 
Field Summary
static java.lang.String VOMS_EXT_OID
          Deprecated.  
 
Constructor Summary
VOMSValidator(java.security.cert.X509Certificate validatedCert)
          Deprecated. Convenience constructor in the case where you have a single cert and not a chain.
VOMSValidator(java.security.cert.X509Certificate[] validatedChain)
          Deprecated. Convenience constructor
Same as VOMSValidator(validatedChain, null)
VOMSValidator(java.security.cert.X509Certificate[] validatedChain, ACValidator acValidator)
          Deprecated. If validatedChain is null, a call to setValidatedChain() MUST be made before calling parse() or validate().
 
Method Summary
 java.util.List getCapabilities(java.lang.String subGroup)
          Deprecated. Returns a list of all capabilities attributed to a (sub)group, by combining all VOMS attributes in a hiearchial fashion.
 java.util.List getRoles(java.lang.String subGroup)
          Deprecated. Returns a list of all roles attributed to a (sub)group, by combining all VOMS attributes in a hiearchial fashion.
 java.util.List getVOMSAttributes()
          Deprecated. Returns a list of VOMS attributes, parsed and possibly validated.
 boolean isValidated()
          Deprecated.  
 VOMSValidator parse()
          Deprecated. use the parse(X509Certificate[]) instead
static java.util.Vector parse(java.security.cert.X509Certificate[] myValidatedChain)
          Deprecated. Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain.
 VOMSValidator setClientChain(java.security.cert.X509Certificate[] validatedChain)
          Deprecated. Convenience method: enables you to reuse a VOMSValidator instance for another client chain, thus avoiding overhead in instantiating validators and trust stores and other potentially expensive operations.
static void setTrustStore(ACTrustStore trustStore)
          Deprecated. Sets the ACTrustStore instance to use with the default ACValidator.
 java.lang.String toString()
          Deprecated.  
 VOMSValidator validate()
          Deprecated. Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

VOMS_EXT_OID

public static final java.lang.String VOMS_EXT_OID
Deprecated. 
See Also:
Constant Field Values
Constructor Detail

VOMSValidator

public VOMSValidator(java.security.cert.X509Certificate validatedCert)
Deprecated. 
Convenience constructor in the case where you have a single cert and not a chain.

Parameters:
cert -
See Also:
VOMSValidator(X509Certificate[])

VOMSValidator

public VOMSValidator(java.security.cert.X509Certificate[] validatedChain)
Deprecated. 
Convenience constructor
Same as VOMSValidator(validatedChain, null)

Parameters:
validatedChain -

VOMSValidator

public VOMSValidator(java.security.cert.X509Certificate[] validatedChain,
                     ACValidator acValidator)
Deprecated. 
If validatedChain is null, a call to setValidatedChain() MUST be made before calling parse() or validate().

Parameters:
validatedChain - The (full), validated certificate chain
acValidator - The AC validator implementation to use (null is default with a BasicVOMSTrustStore)
See Also:
ACValidator, BasicVOMSTrustStore
Method Detail

setTrustStore

public static void setTrustStore(ACTrustStore trustStore)
Deprecated. 
Sets the ACTrustStore instance to use with the default ACValidator. Default is BasicVOMSTrustStore

Parameters:
trustStore -
See Also:
BasicVOMSTrustStore

setClientChain

public VOMSValidator setClientChain(java.security.cert.X509Certificate[] validatedChain)
Deprecated. 
Convenience method: enables you to reuse a VOMSValidator instance for another client chain, thus avoiding overhead in instantiating validators and trust stores and other potentially expensive operations.
This method returns the object itself, to allow for chaining of commands:
vomsValidator.setValidatedChain(chain).validate().getVOMSAttributes();

Parameters:
validatedChain - The new validated certificate chain to inspect
Returns:
the object itself

parse

public static java.util.Vector parse(java.security.cert.X509Certificate[] myValidatedChain)
Deprecated. 
Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain.
No validation of timestamps and/or signatures are performed by this method.

Returns:
the voms attributes
See Also:
validate()

parse

public VOMSValidator parse()
Deprecated. use the parse(X509Certificate[]) instead

Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain.
No validation of timestamps and/or signatures are performed by this method.
This method returns the object itself, to allow for chaining of commands:
new VOMSValidator(certChain).parse().getVOMSAttributes();

Returns:
the object itself
See Also:
validate()

validate

public VOMSValidator validate()
Deprecated. 
Parses the assumed-validated certificate chain (which may also include proxy certs) for any occurances of VOMS extensions containing attribute certificates issued to the end entity in the certificate chain. The attribute certificates are validated: any non-valid entries will be ignored.
This method returns the object itself, to allow for chaining of commands:
new VOMSValidator(certChain).parse().getVOMSAttributes();

Returns:
the object itself
See Also:
parse()

getVOMSAttributes

public java.util.List getVOMSAttributes()
Deprecated. 
Returns a list of VOMS attributes, parsed and possibly validated.

Returns:
List of VOMSAttribute
See Also:
VOMSAttribute, parse(), validate(), isValidated()

getRoles

public java.util.List getRoles(java.lang.String subGroup)
Deprecated. 
Returns a list of all roles attributed to a (sub)group, by combining all VOMS attributes in a hiearchial fashion.
Note: One of the methods parse() or validate() must have been called before calling this method. Otherwise, an IllegalStateException is thrown.

Parameters:
subGroup -
Returns:
See Also:
#FQANTree

getCapabilities

public java.util.List getCapabilities(java.lang.String subGroup)
Deprecated. 
Returns a list of all capabilities attributed to a (sub)group, by combining all VOMS attributes in a hiearchial fashion.
Note: One of the methods parse() or validate() must have been called before calling this method. Otherwise, an IllegalStateException is thrown.

Parameters:
subGroup -
Returns:
See Also:
#FQANTree

isValidated

public boolean isValidated()
Deprecated. 
Returns:
whether the VOMS attributes are validated or not
See Also:
validate()

toString

public java.lang.String toString()
Deprecated. 
Overrides:
toString in class java.lang.Object