Class NamespaceChecker
- java.lang.Object
-
- eu.emi.security.authn.x509.helpers.ns.NamespaceChecker
-
public class NamespaceChecker extends java.lang.Object
Implements namespace policy checking. The class is populated with a namespace policy store which provides the policies. The implementation gets
-
-
Field Summary
Fields Modifier and Type Field Description private boolean
checkAll
private boolean
namespaceRequired
private NamespacesStore[]
nsStores
-
Constructor Summary
Constructors Constructor Description NamespaceChecker(NamespaceCheckingMode mode, NamespacesStore pmaStore, NamespacesStore globusStore)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.List<ValidationError>
check(java.security.cert.X509Certificate[] chain)
Checks all certificates in the chain whether they are correct w.r.t.private void
doCheck(javax.security.auth.x500.X500Principal subject, java.util.List<NamespacePolicy> policies, java.util.List<ValidationError> ret, int pos, java.security.cert.X509Certificate[] chain)
-
-
-
Field Detail
-
namespaceRequired
private boolean namespaceRequired
-
checkAll
private boolean checkAll
-
nsStores
private NamespacesStore[] nsStores
-
-
Constructor Detail
-
NamespaceChecker
public NamespaceChecker(NamespaceCheckingMode mode, NamespacesStore pmaStore, NamespacesStore globusStore)
-
-
Method Detail
-
check
public java.util.List<ValidationError> check(java.security.cert.X509Certificate[] chain)
Checks all certificates in the chain whether they are correct w.r.t. namespace policies which are configured. If the parameter contains any proxy certificates those are ignored. Self signed certificates in the chain are ignored, so the root CA certificate may be safely present in the chain.- Parameters:
chain
- to be checked- Returns:
- list of validation errors
-
doCheck
private void doCheck(javax.security.auth.x500.X500Principal subject, java.util.List<NamespacePolicy> policies, java.util.List<ValidationError> ret, int pos, java.security.cert.X509Certificate[] chain)
-
-