public class DefaultVOMSValidationStrategy extends java.lang.Object implements VOMSACValidationStrategy
Modifier and Type | Field and Description |
---|---|
private eu.emi.security.authn.x509.X509CertChainValidatorExt |
certChainValidator |
private LocalHostnameResolver |
hostnameResolver |
private VOMSTrustStore |
store |
Constructor and Description |
---|
DefaultVOMSValidationStrategy(VOMSTrustStore store,
eu.emi.security.authn.x509.X509CertChainValidatorExt validator) |
DefaultVOMSValidationStrategy(VOMSTrustStore store,
eu.emi.security.authn.x509.X509CertChainValidatorExt validator,
LocalHostnameResolver resolver) |
Modifier and Type | Method and Description |
---|---|
private boolean |
checkACHolder(VOMSAttribute attributes,
java.security.cert.X509Certificate[] chain,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkACValidity(VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkAuthorityKeyIdentifier(java.security.cert.X509Certificate aaCert,
VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkAuthorityKeyIdentifierExtension(VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkLocalAACertSignature(VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkLSCSignature(VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkNoRevAvailExtension(VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkSignature(VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkTargets(VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
checkUnhandledCriticalExtensions(VOMSAttribute attributes,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
VOMSValidationResult |
validateAC(VOMSAttribute attributes)
Validates VOMS attributes not extracted from a certificate chain (e.g., as
returned from the VOMS server)
|
VOMSValidationResult |
validateAC(VOMSAttribute attributes,
java.security.cert.X509Certificate[] chain)
Validates a VOMS Attribute Certificate
|
private boolean |
validateCertificate(java.security.cert.X509Certificate c,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
validateCertificateChain(java.security.cert.X509Certificate[] chain,
java.util.List<VOMSValidationErrorMessage> validationErrors) |
private boolean |
verifyACSignature(VOMSAttribute attributes,
java.security.cert.X509Certificate cert) |
private final VOMSTrustStore store
private final eu.emi.security.authn.x509.X509CertChainValidatorExt certChainValidator
private final LocalHostnameResolver hostnameResolver
public DefaultVOMSValidationStrategy(VOMSTrustStore store, eu.emi.security.authn.x509.X509CertChainValidatorExt validator, LocalHostnameResolver resolver)
public DefaultVOMSValidationStrategy(VOMSTrustStore store, eu.emi.security.authn.x509.X509CertChainValidatorExt validator)
private boolean checkACHolder(VOMSAttribute attributes, java.security.cert.X509Certificate[] chain, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkACValidity(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkLocalAACertSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkLSCSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkTargets(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkNoRevAvailExtension(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkAuthorityKeyIdentifier(java.security.cert.X509Certificate aaCert, VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkAuthorityKeyIdentifierExtension(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean checkUnhandledCriticalExtensions(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
public VOMSValidationResult validateAC(VOMSAttribute attributes)
VOMSACValidationStrategy
validateAC
in interface VOMSACValidationStrategy
attributes
- the VOMS attributesVOMSValidationResult
object describing the outcome of the
validationpublic VOMSValidationResult validateAC(VOMSAttribute attributes, java.security.cert.X509Certificate[] chain)
VOMSACValidationStrategy
validateAC
in interface VOMSACValidationStrategy
attributes
- the parsed VOMS attributeschain
- the certificate chain from which the attributes were parsedVOMSValidationResult
object describing the outcome of the
validationprivate boolean validateCertificate(java.security.cert.X509Certificate c, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean validateCertificateChain(java.security.cert.X509Certificate[] chain, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean verifyACSignature(VOMSAttribute attributes, java.security.cert.X509Certificate cert)