org.italiangrid.voms.ac.impl

Class DefaultVOMSValidationStrategy

java.lang.Object

org.italiangrid.voms.ac.impl.DefaultVOMSValidationStrategy

All Implemented Interfaces:

VOMSACValidationStrategy

public class DefaultVOMSValidationStrategy
extends java.lang.Object
implements VOMSACValidationStrategy

The Default VOMS validation strategy.

Field Summary

Fields

Modifier and Type	Field and Description
private eu.emi.security.authn.x509.X509CertChainValidatorExt	certChainValidator
private LocalHostnameResolver	hostnameResolver
private VOMSTrustStore	store

Constructor Summary

Constructors

Constructor and Description
DefaultVOMSValidationStrategy(VOMSTrustStore store, eu.emi.security.authn.x509.X509CertChainValidatorExt validator)
DefaultVOMSValidationStrategy(VOMSTrustStore store, eu.emi.security.authn.x509.X509CertChainValidatorExt validator, LocalHostnameResolver resolver)

Method Summary

Modifier and Type	Method and Description
private boolean	checkACHolder(VOMSAttribute attributes, java.security.cert.X509Certificate[] chain, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkACValidity(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkAuthorityKeyIdentifier(java.security.cert.X509Certificate aaCert, VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkAuthorityKeyIdentifierExtension(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkLocalAACertSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkLSCSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkNoRevAvailExtension(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkTargets(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	checkUnhandledCriticalExtensions(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
VOMSValidationResult	validateAC(VOMSAttribute attributes) Validates VOMS attributes not extracted from a certificate chain (e.g., as returned from the VOMS server)
VOMSValidationResult	validateAC(VOMSAttribute attributes, java.security.cert.X509Certificate[] chain) Validates a VOMS Attribute Certificate
private boolean	validateCertificate(java.security.cert.X509Certificate c, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	validateCertificateChain(java.security.cert.X509Certificate[] chain, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean	verifyACSignature(VOMSAttribute attributes, java.security.cert.X509Certificate cert)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

store

private final VOMSTrustStore store

certChainValidator

private final eu.emi.security.authn.x509.X509CertChainValidatorExt certChainValidator

hostnameResolver

private final LocalHostnameResolver hostnameResolver

Constructor Detail

DefaultVOMSValidationStrategy

public DefaultVOMSValidationStrategy(VOMSTrustStore store,
                                     eu.emi.security.authn.x509.X509CertChainValidatorExt validator,
                                     LocalHostnameResolver resolver)

DefaultVOMSValidationStrategy

public DefaultVOMSValidationStrategy(VOMSTrustStore store,
                                     eu.emi.security.authn.x509.X509CertChainValidatorExt validator)

Method Detail

checkACHolder

private boolean checkACHolder(VOMSAttribute attributes,
                              java.security.cert.X509Certificate[] chain,
                              java.util.List<VOMSValidationErrorMessage> validationErrors)

checkACValidity

private boolean checkACValidity(VOMSAttribute attributes,
                                java.util.List<VOMSValidationErrorMessage> validationErrors)

checkLocalAACertSignature

private boolean checkLocalAACertSignature(VOMSAttribute attributes,
                                          java.util.List<VOMSValidationErrorMessage> validationErrors)

checkLSCSignature

private boolean checkLSCSignature(VOMSAttribute attributes,
                                  java.util.List<VOMSValidationErrorMessage> validationErrors)

checkSignature

private boolean checkSignature(VOMSAttribute attributes,
                               java.util.List<VOMSValidationErrorMessage> validationErrors)

checkTargets

private boolean checkTargets(VOMSAttribute attributes,
                             java.util.List<VOMSValidationErrorMessage> validationErrors)

checkNoRevAvailExtension

private boolean checkNoRevAvailExtension(VOMSAttribute attributes,
                                         java.util.List<VOMSValidationErrorMessage> validationErrors)

checkAuthorityKeyIdentifier

private boolean checkAuthorityKeyIdentifier(java.security.cert.X509Certificate aaCert,
                                            VOMSAttribute attributes,
                                            java.util.List<VOMSValidationErrorMessage> validationErrors)

checkAuthorityKeyIdentifierExtension

private boolean checkAuthorityKeyIdentifierExtension(VOMSAttribute attributes,
                                                     java.util.List<VOMSValidationErrorMessage> validationErrors)

checkUnhandledCriticalExtensions

private boolean checkUnhandledCriticalExtensions(VOMSAttribute attributes,
                                                 java.util.List<VOMSValidationErrorMessage> validationErrors)

validateAC

public VOMSValidationResult validateAC(VOMSAttribute attributes)

Description copied from interface: VOMSACValidationStrategy

Validates VOMS attributes not extracted from a certificate chain (e.g., as returned from the VOMS server)

Specified by:

validateAC in interface VOMSACValidationStrategy

Parameters:

attributes - the VOMS attributes

Returns:

a VOMSValidationResult object describing the outcome of the validation

validateAC

public VOMSValidationResult validateAC(VOMSAttribute attributes,
                                       java.security.cert.X509Certificate[] chain)

Description copied from interface: VOMSACValidationStrategy

Validates a VOMS Attribute Certificate

Specified by:

validateAC in interface VOMSACValidationStrategy

Parameters:

attributes - the parsed VOMS attributes

chain - the certificate chain from which the attributes were parsed

Returns:

a VOMSValidationResult object describing the outcome of the validation

validateCertificate

private boolean validateCertificate(java.security.cert.X509Certificate c,
                                    java.util.List<VOMSValidationErrorMessage> validationErrors)

validateCertificateChain

private boolean validateCertificateChain(java.security.cert.X509Certificate[] chain,
                                         java.util.List<VOMSValidationErrorMessage> validationErrors)

verifyACSignature

private boolean verifyACSignature(VOMSAttribute attributes,
                                  java.security.cert.X509Certificate cert)