org.glite.security.util.proxy
Class ProxyChainInfo

java.lang.Object
  extended by org.glite.security.util.proxy.ProxyChainInfo

public class ProxyChainInfo
extends java.lang.Object

A class to get the proxy information from the whole proxy cert chain.

Author:
Joni Hahkala

Constructor Summary
ProxyChainInfo(java.security.cert.X509Certificate[] chain)
          Generates new instance of this class using the certificate chain as the source of the data.
 
Method Summary
 int getProxyPathLimit()
          Returns the proxy path length limit left of this chain.
 byte[][][] getProxySourceRestrictions()
          Gets the proxy source restriction data from the chain.
 byte[][][] getProxyTargetRestrictions()
          Gets the proxy target restriction data from the chain.
 java.lang.String[] getProxyTracingIssuers()
          Returns an array of URLs of the proxy tracing issuers in the chain non-traced proxies will have null in the array.
 java.lang.String[] getProxyTracingSubjects()
          Returns an array of URLs of the proxy tracing subjects in the chain non-traced proxies will have null in the array.
 int getProxyType()
          Analyzes the certificate chain and deducts what type of proxy this certificate chain is.
 java.lang.String[] getSAMLExtensions()
          Returns the SAML extensions from the certificate chain.
 boolean isLimited()
          Used to check whether the proxy chain is limited proxy or not.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ProxyChainInfo

public ProxyChainInfo(java.security.cert.X509Certificate[] chain)
Generates new instance of this class using the certificate chain as the source of the data.

Parameters:
chain - The proxy chain to parse and analyze.
Method Detail

getProxyType

public int getProxyType()
                 throws java.security.cert.CertificateException
Analyzes the certificate chain and deducts what type of proxy this certificate chain is.

Returns:
The type of the proxy.
Throws:
java.security.cert.CertificateException - In case several kinds of proxies were present.
See Also:
For globus toolkit 2 legacy proxy., For RFC3820 proxy (conformity unverified)., For unrecognized proxy., For globus toolkit 3 and 4.0 draft pre RFC3820 type proxy.

isLimited

public boolean isLimited()
                  throws java.security.cert.CertificateException,
                         java.io.IOException
Used to check whether the proxy chain is limited proxy or not.

Returns:
true if the proxy chain contains a limited legacy proxy or a limited RFC3820 proxy.
Throws:
java.security.cert.CertificateException - Thrown in case the proxy is of unknown format or invalid.
java.io.IOException - Thrown in case the proxy is RFC3820 proxy and the information parsing fails.

getProxyTracingIssuers

public java.lang.String[] getProxyTracingIssuers()
                                          throws java.io.IOException
Returns an array of URLs of the proxy tracing issuers in the chain non-traced proxies will have null in the array.

Returns:
The proxy tracing issuer URLs in String format, or null in the array if an extension was not found or it was empty.
Throws:
java.io.IOException - Thrown in case the parsing of the information failed.

getProxyTracingSubjects

public java.lang.String[] getProxyTracingSubjects()
                                           throws java.io.IOException
Returns an array of URLs of the proxy tracing subjects in the chain non-traced proxies will have null in the array.

Returns:
The proxy tracing subject URLs in String format, or null in the array if an extension was not found or it was empty.
Throws:
java.io.IOException - Thrown in case the parsing of the information failed.

getSAMLExtensions

public java.lang.String[] getSAMLExtensions()
                                     throws java.io.IOException
Returns the SAML extensions from the certificate chain.

Returns:
The SAML assertions in String format. A null in the array means that no SAML extensions were found.
Throws:
java.io.IOException - In case there is a problem parsing the certificates.

getProxyPathLimit

public int getProxyPathLimit()
                      throws java.security.cert.CertificateException,
                             java.io.IOException
Returns the proxy path length limit left of this chain. Will search for both the RFC 3820 extension and the draft proxy extension. Only works on rfc3820 and RFC draft proxies. Notice: negative value except ProxyCertInfoExtension.UNLIMITED means that the chain is invalid as it has passed the limit of delegations.

Returns:
The number of allowed proxy certificates in the chain allowed after this chain. ProxyCertInfoExtension.UNLIMITED if the path length is not limited.
Throws:
java.security.cert.CertificateException - thrown if the proxy is not rfc3820 nor RFC draft type proxy, or in case the mandatory ProxyCertInfoExtension is not found in the certificate.
java.io.IOException - Thrown in case the certificate parsing fails.

getProxySourceRestrictions

public byte[][][] getProxySourceRestrictions()
                                      throws java.io.IOException
Gets the proxy source restriction data from the chain. The allowed namespaces in different certificates in the chain will be intersected and the excluded namespaces will be unioned. The returned array has as the first item the array of allowed namespaces and as the second item the array of excluded namespaces. If extensions exist, but in the end no allowed namespaces are left, the array is null, meaning that the proxy is unusable as it is not allowed anywhere. If extensions exist, but no excluded namespaces are defined the array is null, meaning the allowed namespaces define the usable namespace fully.

Returns:
The data from the source restriction extensions. Null returned if no restrictions are found.
Throws:
java.io.IOException - thrown if the certificate parsing fails.

getProxyTargetRestrictions

public byte[][][] getProxyTargetRestrictions()
                                      throws java.io.IOException
Gets the proxy target restriction data from the chain. The allowed namespaces in different certificates in the chain will be intersected and the excluded namespaces will be unioned. The returned array has as the first item the array of allowed namespaces and as the second item the array of excluded namespaces. If extensions exist, but in the end no allowed namespaces are left, the array is null, meaning that the proxy is unusable as it is not allowed anywhere. If extensions exist, but no excluded namespaces are defined the array is null, meaning the allowed namespaces define the usable namespace fully.

Returns:
The data from the target restriction extensions. Null returned if no restrictions are found.
Throws:
java.io.IOException - thrown if the certificate parsing fails.