org.glite.voms
Class PKIVerifier

java.lang.Object
  extended by org.glite.voms.PKIVerifier

public class PKIVerifier
extends java.lang.Object


Field Summary
static java.lang.String AUTHORITY_KEY_IDENTIFIER
           
static java.lang.String BASIC_CONSTRAINTS_IDENTIFIER
           
static java.lang.String KEY_USAGE_IDENTIFIER
           
static java.lang.String PROXYCERTINFO
           
static java.lang.String PROXYCERTINFO_OLD
           
static java.lang.String SUBJECT_KEY_IDENTIFIER
           
static java.lang.String TARGET
           
 
Constructor Summary
PKIVerifier()
          Initializes the verifier.
PKIVerifier(VOMSTrustStore vomsStore)
          Initializes the verifier.
PKIVerifier(VOMSTrustStore vomsStore, PKIStore caStore)
          Initializes the verifier.
 
Method Summary
 void cleanup()
          Cleans up resources allocated by the verifier.
 void setCAStore(PKIStore store)
          Sets a new CAStore.
 void setVOMSStore(VOMSTrustStore store)
          Sets a new VOMSStore.
 boolean verify(AttributeCertificate ac)
          Verifies an Attribute Certificate according to RFC 3281.
 boolean verify(java.security.cert.X509Certificate[] certs)
          Verifies an certificate chain according to RFC 3280.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SUBJECT_KEY_IDENTIFIER

public static final java.lang.String SUBJECT_KEY_IDENTIFIER
See Also:
Constant Field Values

AUTHORITY_KEY_IDENTIFIER

public static final java.lang.String AUTHORITY_KEY_IDENTIFIER
See Also:
Constant Field Values

PROXYCERTINFO

public static final java.lang.String PROXYCERTINFO
See Also:
Constant Field Values

PROXYCERTINFO_OLD

public static final java.lang.String PROXYCERTINFO_OLD
See Also:
Constant Field Values

BASIC_CONSTRAINTS_IDENTIFIER

public static final java.lang.String BASIC_CONSTRAINTS_IDENTIFIER
See Also:
Constant Field Values

KEY_USAGE_IDENTIFIER

public static final java.lang.String KEY_USAGE_IDENTIFIER
See Also:
Constant Field Values

TARGET

public static final java.lang.String TARGET
See Also:
Constant Field Values
Constructor Detail

PKIVerifier

public PKIVerifier(VOMSTrustStore vomsStore,
                   PKIStore caStore)
Initializes the verifier.

Parameters:
vomsStore - the VOMSTrustStore object which represents the vomsdir store.
caStore - the PKIStore object which represents the CA store.

PKIVerifier

public PKIVerifier(VOMSTrustStore vomsStore)
            throws java.io.IOException,
                   java.security.cert.CertificateException,
                   java.security.cert.CRLException
Initializes the verifier. The CA store is initialized at: "/etc/grid-security/certificates."

Parameters:
vomsStore - the VOMSTrustStore object which represents the vomsdir store.
Throws:
java.io.IOException - if there have been IO errors.
java.security.cert.CertificateException - if there have been problems parsing a certificate
java.security.cert.CRLException - if there have been problems parsing a CRL.

PKIVerifier

public PKIVerifier()
            throws java.io.IOException,
                   java.security.cert.CertificateException,
                   java.security.cert.CRLException
Initializes the verifier. If the VOMSDIR and CADIR system properties are set, those values are used to initialize the voms and ca certificates trust stores. Tipically, the VOMSDIR should point to a directory that contains voms server certificates, while the CADIR should point to a directory where CA certificates and crl are stored. If the system properties are not set, The CA store is initialized to: "/etc/grid-security/certificates.", while the VOMS store is initialized to "/etc/grid-security/vomsdir" (slash becomes backslash on windows).

Throws:
java.io.IOException - if there have been IO errors.
java.security.cert.CertificateException - if there have been problems parsing a certificate
java.security.cert.CRLException - if there have been problems parsing a CRL.
Method Detail

cleanup

public void cleanup()
Cleans up resources allocated by the verifier. This method MUST be called prior to disposal of this object, otherwise memory leaks and runaway threads will occur.


setCAStore

public void setCAStore(PKIStore store)
Sets a new CAStore.

Parameters:
store - the new CA store.

setVOMSStore

public void setVOMSStore(VOMSTrustStore store)
Sets a new VOMSStore.

Parameters:
store - the new VOMS store.

verify

public boolean verify(AttributeCertificate ac)
Verifies an Attribute Certificate according to RFC 3281.

Parameters:
ac - the Attribute Certificate to verify.
Returns:
true if the attribute certificate is verified, false otherwise.

verify

public boolean verify(java.security.cert.X509Certificate[] certs)
Verifies an certificate chain according to RFC 3280.

Parameters:
certs - the chain to verify.
Returns:
true if the chain is verified, false otherwise.


Copyright © 2012. All Rights Reserved.