org.glite.security.trustmanager
Class CRLFileTrustManager

java.lang.Object
  extended by org.glite.security.trustmanager.CRLFileTrustManager
All Implemented Interfaces:
javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

public class CRLFileTrustManager
extends java.lang.Object
implements javax.net.ssl.X509TrustManager

The CRLFileTrustManager meks the decisions whether the certificate chain is trusted or not. Before use the instance of this calss has to be initialized by using either of the init methods.

Author:
Joni Hahkala Created on December 3, 2001, 2:57 PM

Constructor Summary
CRLFileTrustManager(java.util.Vector trustAnchors)
          Creates new CRLTrustManager
 
Method Summary
 void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificate, java.lang.String authType)
          This method checks that the certificate path is a valid client certificate path.
 void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificate, java.lang.String authType)
          This method checks that the certificate path is a valid server certificate path.
 java.security.cert.X509Certificate[] getAcceptedIssuers()
          This method returns an array containing all the CA certs.
 void setChecker(java.security.cert.PKIXCertPathChecker cheker)
          Sets the checker to use for the check against CRLs.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CRLFileTrustManager

public CRLFileTrustManager(java.util.Vector trustAnchors)
                    throws java.security.cert.CertificateException,
                           java.security.NoSuchProviderException
Creates new CRLTrustManager

Parameters:
trustAnchors - The trustanchors used for ceritificate path checking.
Throws:
java.security.cert.CertificateException - if certificate handling fails.
java.security.NoSuchProviderException - if bouncycastle provider was not found.
Method Detail

setChecker

public void setChecker(java.security.cert.PKIXCertPathChecker cheker)
Sets the checker to use for the check against CRLs.

Parameters:
cheker - the crl checker to use.

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificate,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
This method checks that the certificate path is a valid client certificate path. Currently the signatures and subject lines are checked so that the path is valid and leads to one of the CA certs given in the constructor. The certs are also checked against the CRLs and that they have not expired. This method behaves identically to the server version of this method. No checks are made that this is a client cert. If the cert path fails the check an exception is thrown.

Specified by:
checkClientTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
x509Certificate - The certificate path to check. It may contain the CA cert or not. If it contains the CA cert, the CA cert is discarded and the one given in the constructor is used. The array has the actual certificate in the index 0 and the CA or the CA signed cert as the last cert.
authType - Defines the authentication type, but is not used.
Throws:
java.security.cert.CertificateException - Thrown if the certificate path is invalid.

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificate,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException
This method checks that the certificate path is a valid server certificate path. Currently the signatures and subject lines are checked so that the path is valid and leads to one of the CA certs given in the constructor. The certs are also checked against the CRLs and that they have not expired. This method behaves identically to the client version of this method. No checks are made that this is a server cert. If the cert path fails the check an exception is thrown.

Specified by:
checkServerTrusted in interface javax.net.ssl.X509TrustManager
Parameters:
x509Certificate - The certificate path to check. It may contain the CA cert or not. If it contains the CA cert, the CA cert is discarded and the one given in the constructor is used. The array has the actual certificate in the index 0 and the CA or the CA signed cert as the last cert.
authType - Defines the authentication type, but is not used.
Throws:
java.security.cert.CertificateException - Thrown if the certificate path is invalid.

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()
This method returns an array containing all the CA certs.

Specified by:
getAcceptedIssuers in interface javax.net.ssl.X509TrustManager
Returns:
An array containig all the CA certs is reaurned.