org.glite.security.trustmanager
Class OpensslTrustmanager
java.lang.Object
org.glite.security.trustmanager.OpensslTrustmanager
- All Implemented Interfaces:
- javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager
public class OpensslTrustmanager
- extends java.lang.Object
- implements javax.net.ssl.X509TrustManager
- Author:
- Joni Hahkala
Method Summary |
void |
checkClientTrusted(java.security.cert.X509Certificate[] arg0,
java.lang.String arg1)
|
void |
checkServerTrusted(java.security.cert.X509Certificate[] arg0,
java.lang.String arg1)
|
void |
checkUpdate()
Checks whether the trustanchors need updates and if they do updates them. |
java.security.cert.X509Certificate[] |
getAcceptedIssuers()
|
static java.lang.String |
getOpenSSLCAHash(java.security.cert.X509Certificate cert)
Generates the hex hash of the DN used by openssl to name the CA certificate files. |
static java.lang.String |
getOpenSSLCAHash(org.bouncycastle.asn1.x509.X509Name subject)
Generates the hex hash of the DN used by openssl to name the CA certificate files. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
OpensslTrustmanager
public OpensslTrustmanager(java.lang.String dir,
boolean crlRequired)
throws java.io.IOException,
java.security.cert.CertificateException,
java.text.ParseException,
java.security.NoSuchProviderException
- Parameters:
dir
- The trust anchor directory (often /etc/grid-security/certificates)crlRequired
- Whether the CRLs are required. If they are and the CRL is absent or expired all certs from that
CA are rejected.
- Throws:
java.io.IOException
- in case there is a read error during reading of CA certs, CRLs or namespace files.
java.security.cert.CertificateException
- in case there is problems handling the CA certs.
java.text.ParseException
- in case there is problems parsing the namespace files.
java.security.NoSuchProviderException
- in case Bouncycastle provider is not found and initialization fails.
checkClientTrusted
public void checkClientTrusted(java.security.cert.X509Certificate[] arg0,
java.lang.String arg1)
throws java.security.cert.CertificateException
- Specified by:
checkClientTrusted
in interface javax.net.ssl.X509TrustManager
- Throws:
java.security.cert.CertificateException
checkServerTrusted
public void checkServerTrusted(java.security.cert.X509Certificate[] arg0,
java.lang.String arg1)
throws java.security.cert.CertificateException
- Specified by:
checkServerTrusted
in interface javax.net.ssl.X509TrustManager
- Throws:
java.security.cert.CertificateException
getAcceptedIssuers
public java.security.cert.X509Certificate[] getAcceptedIssuers()
- Specified by:
getAcceptedIssuers
in interface javax.net.ssl.X509TrustManager
getOpenSSLCAHash
public static java.lang.String getOpenSSLCAHash(org.bouncycastle.asn1.x509.X509Name subject)
- Generates the hex hash of the DN used by openssl to name the CA certificate files. The hash is actually the hex
of 8 least significant bytes of a MD5 digest of the the ASN.1 encoded DN.
- Parameters:
subject
- the DN to hash.
- Returns:
- the 8 character string of the hexadecimal hash.
checkUpdate
public void checkUpdate()
throws java.io.IOException,
java.security.cert.CertificateException,
java.text.ParseException
- Checks whether the trustanchors need updates and if they do updates them.
- Throws:
java.io.IOException
- thrown in case a file reading fails.
java.security.cert.CertificateException
- thrown if there are problems with the certificates.
java.text.ParseException
- thrown in case there are problems parsing certificates, CRLs or namespaces.
getOpenSSLCAHash
public static java.lang.String getOpenSSLCAHash(java.security.cert.X509Certificate cert)
- Generates the hex hash of the DN used by openssl to name the CA certificate files. The hash is actually the hex
of 8 least significant bytes of a MD5 digest of the the ASN.1 encoded DN.
- Parameters:
cert
- the certificate from which the subject DN is taken and hashed.
- Returns:
- the 8 character string of the hexadecimal hash.