org.glite.security.util.proxy
Class ProxyCertificateInfo

java.lang.Object
  extended by org.glite.security.util.proxy.ProxyCertificateInfo

public class ProxyCertificateInfo
extends java.lang.Object

A base class for digging up info from the proxy.

Author:
joni.hahkala@cern.ch

Field Summary
static int CA_CERT
          Used to identify RFC3820 type proxies.
static int DRAFT_RFC_PROXY
          Used to identify draft pre RFC3820 type proxies.
static int LEGACY_PROXY
          Used to identify legacy globus toolkit 2 proxies.
static int RFC3820_PROXY
          Used to identify RFC3820 type proxies.
static int UNDEFINED_TYPE
          Used to point that there hasn't been a try to determine proxy type
static int UNKNOWN_PROXY_TYPE
          Used to identify unknown proxy type, for example user cert.
static int USER_CERT
          Used to identify RFC3820 type proxies.
 
Constructor Summary
ProxyCertificateInfo(java.security.cert.X509Certificate x509Cert)
          Generates a certificate object from the x509 data structure.
 
Method Summary
 org.bouncycastle.asn1.ASN1OctetString getPolicyASN1()
          Get the optional policy in ASN1 structure.
 ProxyCertInfoExtension getProxyCertInfoExtension()
          Used to get the RFC3820 (or draft RFC) CertificateInfoExtension information.
 int getProxyPathLimit()
          Returns the proxy path length limit of this certificate.
 java.lang.String getProxyPolicyOID()
          Get the mandatory proxy policy OID from the mandatory proxyCertInfoExtension.
 ProxyRestrictionData getProxySourceRestrictions()
          Gets the proxy source restriction data.
 ProxyRestrictionData getProxyTargetRestrictions()
          Gets the proxy target restriction data.
 java.lang.String getProxyTracingIssuer()
          Returns the URL of the proxy tracing issuer if present.
 java.lang.String getProxyTracingSubject()
          Returns the URL of the proxy tracing subject if present.
 int getProxyType()
          Analyzes the certificate and deducts what type of proxy this certificate is.
 java.lang.String getSAMLExtension()
          Returns the SAML extension form the certificate.
static boolean isLegacyDN(org.bouncycastle.asn1.x509.X509Name subject)
          Used to check whether a DN indicates a legacy proxy or not.
 boolean isLimited()
          Used to check whether the proxy is limited proxy or not.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LEGACY_PROXY

public static final int LEGACY_PROXY
Used to identify legacy globus toolkit 2 proxies.

See Also:
Constant Field Values

DRAFT_RFC_PROXY

public static final int DRAFT_RFC_PROXY
Used to identify draft pre RFC3820 type proxies.

See Also:
Constant Field Values

RFC3820_PROXY

public static final int RFC3820_PROXY
Used to identify RFC3820 type proxies.

See Also:
Constant Field Values

CA_CERT

public static final int CA_CERT
Used to identify RFC3820 type proxies.

See Also:
Constant Field Values

USER_CERT

public static final int USER_CERT
Used to identify RFC3820 type proxies.

See Also:
Constant Field Values

UNKNOWN_PROXY_TYPE

public static final int UNKNOWN_PROXY_TYPE
Used to identify unknown proxy type, for example user cert.

See Also:
Constant Field Values

UNDEFINED_TYPE

public static final int UNDEFINED_TYPE
Used to point that there hasn't been a try to determine proxy type

See Also:
Constant Field Values
Constructor Detail

ProxyCertificateInfo

public ProxyCertificateInfo(java.security.cert.X509Certificate x509Cert)
Generates a certificate object from the x509 data structure.

Parameters:
x509Cert - The proxy to analyze.
Method Detail

getProxyType

public int getProxyType()
Analyzes the certificate and deducts what type of proxy this certificate is.

Returns:
The type of the proxy.
See Also:
For globus toolkit 2 legacy proxy., For RFC3820 proxy (conformity unverified)., For unrecognized proxy., For globus toolkit 3 and 4.0 draft pre RFC3820 type proxy.

isLegacyDN

public static boolean isLegacyDN(org.bouncycastle.asn1.x509.X509Name subject)
Used to check whether a DN indicates a legacy proxy or not.

Parameters:
subject - The input DN used to check whether it indicates a legacy proxy
Returns:
true in case DN is legacy proxy dn.

isLimited

public boolean isLimited()
                  throws java.security.cert.CertificateException,
                         java.io.IOException
Used to check whether the proxy is limited proxy or not.

Returns:
true if the proxy is limited legacy proxy or limited RFC3820 proxy.
Throws:
java.security.cert.CertificateException - Thrown in case the proxy is of unknown format or invalid.
java.io.IOException - Thrown in case the proxy is RFC3820 proxy and the information parsing fails.

getProxyTracingIssuer

public java.lang.String getProxyTracingIssuer()
                                       throws java.io.IOException
Returns the URL of the proxy tracing issuer if present.

Returns:
The proxy tracing issuer URL in String format, or null if no extension was found or it was empty.
Throws:
java.io.IOException - Thrown in case the parsing of the information failed.

getProxyTracingSubject

public java.lang.String getProxyTracingSubject()
                                        throws java.io.IOException
Returns the URL of the proxy tracing subject if present.

Returns:
The proxy tracing subject URL in String format, or null if no extension was found or it was empty.
Throws:
java.io.IOException - Thrown in case the parsing of the information failed.

getSAMLExtension

public java.lang.String getSAMLExtension()
                                  throws java.io.IOException
Returns the SAML extension form the certificate.

Returns:
The SAML assertion in String format. In no SAML extension was found, null is returned.
Throws:
java.io.IOException - In case there is a problem parsing the certificate.

getProxyCertInfoExtension

public ProxyCertInfoExtension getProxyCertInfoExtension()
                                                 throws java.security.cert.CertificateException,
                                                        java.io.IOException
Used to get the RFC3820 (or draft RFC) CertificateInfoExtension information. Will search for both the RFC 3820 extension and the draft proxy extension. Only works on rfc3820 and RFC draft proxies.

Returns:
The ProxyCertInfoExtension object holding the information from the certificate extension.
Throws:
java.security.cert.CertificateException - Thrown in case the certificate is not a RFC 3820 proxy nor a draft RFC proxy, or the mandatory extension is missing.
java.io.IOException - Thrown in case the certificate parsing fails.

getProxyPathLimit

public int getProxyPathLimit()
                      throws java.security.cert.CertificateException,
                             java.io.IOException
Returns the proxy path length limit of this certificate. Will search for both the RFC 3820 extension and the draft proxy extension. Only works on rfc3820 and RFC draft proxies.

Returns:
The number of allowed proxy certificates in the chain allowed after this certificate. ProxyCertInfoExtension.UNLIMITED if not set.
Throws:
java.security.cert.CertificateException - thrown if the proxy is not rfc3820 nor RFC draft type proxy, or in case the mandatory ProxyCertInfoExtension is not found in the certificate.
java.io.IOException - Thrown in case the certificate parsing fails.

getProxyPolicyOID

public java.lang.String getProxyPolicyOID()
                                   throws java.security.cert.CertificateException,
                                          java.io.IOException
Get the mandatory proxy policy OID from the mandatory proxyCertInfoExtension. Will search for both the RFC 3820 extension and the draft proxy extension. Only works on rfc3820 and RFC draft proxies.

Returns:
The proxy policy oid in String format. @see org.glite.security.util.proxy.ProxyPolicy
Throws:
java.security.cert.CertificateException - thrown if the proxy is not rfc3820 or RFC draft type proxy, or in case the mandatory ProxyCertInfoExtension is not found in the certificate.
java.io.IOException - In case there is a parsing problem.

getPolicyASN1

public org.bouncycastle.asn1.ASN1OctetString getPolicyASN1()
                                                    throws java.security.cert.CertificateException,
                                                           java.io.IOException
Get the optional policy in ASN1 structure. Will search for both the RFC 3820 extension and the draft proxy extension. Only works on rfc3820 and RFC draft proxies.

Returns:
The contents of the policy as an ASN1OctetString.
Throws:
java.security.cert.CertificateException - thrown if the proxy is not rfc3820 or RFC draft type proxy, or in case the mandatory ProxyCertInfoExtension is not found in the certificate.
java.io.IOException - In case there is a parsing problem.

getProxySourceRestrictions

public ProxyRestrictionData getProxySourceRestrictions()
                                                throws java.io.IOException
Gets the proxy source restriction data.

Returns:
The data from the source restriction extension.
Throws:
java.io.IOException - thrown if the certificate parsing fails.

getProxyTargetRestrictions

public ProxyRestrictionData getProxyTargetRestrictions()
                                                throws java.io.IOException
Gets the proxy target restriction data.

Returns:
The data from the target restriction extension.
Throws:
java.io.IOException - thrown if the certificate parsing fails.