Class PKITrustManager

java.lang.Object
org.globus.gsi.trustmanager.PKITrustManager
All Implemented Interfaces:
TrustManager, X509TrustManager

public class PKITrustManager extends Object implements X509TrustManager
This is an implementation of an X509TrustManager which supports the validation of proxy certificates. It uses the Globus CertPathValidator.

JGLOBUS-97 : ability to accept anonymous connections?

Since:
1.0
Version:
${version}
  • Field Details

  • Constructor Details

    • PKITrustManager

      public PKITrustManager(CertPathValidatorSpi initValidator, X509ProxyCertPathParameters initParameters)
      Create a trust manager with the pre-configured cert path validator and proxy parameters.
      Parameters:
      initValidator - A cert path validator to be used by this trust manager.
      initParameters - The proxy cert parameters, populated with trust store, cert store, etc.
  • Method Details

    • checkClientTrusted

      public void checkClientTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException
      Test if the client is trusted based on the certificate chain. Does not currently support anonymous clients.
      Specified by:
      checkClientTrusted in interface X509TrustManager
      Parameters:
      x509Certificates - The certificate chain to test for validity.
      authType - The authentication type based on the client certificate.
      Throws:
      CertificateException - If the path validation fails.
    • checkServerTrusted

      public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException
      Test if the server is trusted based on the certificate chain.
      Specified by:
      checkServerTrusted in interface X509TrustManager
      Parameters:
      x509Certificates - The certificate chain to test for validity.
      authType - The authentication type based on the server certificate.
      Throws:
      CertificateException - If the path validation fails.
    • getAcceptedIssuers

      public X509Certificate[] getAcceptedIssuers()
      Get the collection of trusted certificate issuers.
      Specified by:
      getAcceptedIssuers in interface X509TrustManager
      Returns:
      The trusted certificate issuers.
    • getValidationResult

      public CertPathValidatorResult getValidationResult()
      Return the result of the last certificate validation.
      Returns:
      The validation result.