Package org.italiangrid.voms.ac.impl
Class DefaultVOMSValidationStrategy
- java.lang.Object
-
- org.italiangrid.voms.ac.impl.DefaultVOMSValidationStrategy
-
- All Implemented Interfaces:
VOMSACValidationStrategy
public class DefaultVOMSValidationStrategy extends java.lang.Object implements VOMSACValidationStrategy
The Default VOMS validation strategy.
-
-
Field Summary
Fields Modifier and Type Field Description private eu.emi.security.authn.x509.X509CertChainValidatorExt
certChainValidator
private LocalHostnameResolver
hostnameResolver
private VOMSTrustStore
store
-
Constructor Summary
Constructors Constructor Description DefaultVOMSValidationStrategy(VOMSTrustStore store, eu.emi.security.authn.x509.X509CertChainValidatorExt validator)
DefaultVOMSValidationStrategy(VOMSTrustStore store, eu.emi.security.authn.x509.X509CertChainValidatorExt validator, LocalHostnameResolver resolver)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private boolean
checkACHolder(VOMSAttribute attributes, java.security.cert.X509Certificate[] chain, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
checkACValidity(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
checkAuthorityKeyIdentifierExtension(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
checkLocalAACertSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
checkLSCSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
checkNoRevAvailExtension(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
checkSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
checkTargets(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
checkUnhandledCriticalExtensions(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
VOMSValidationResult
validateAC(VOMSAttribute attributes)
Validates VOMS attributes not extracted from a certificate chain (e.g., as returned from the VOMS server)VOMSValidationResult
validateAC(VOMSAttribute attributes, java.security.cert.X509Certificate[] chain)
Validates a VOMS Attribute Certificateprivate boolean
validateCertificate(java.security.cert.X509Certificate c, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
validateCertificateChain(java.security.cert.X509Certificate[] chain, java.util.List<VOMSValidationErrorMessage> validationErrors)
private boolean
verifyACSignature(VOMSAttribute attributes, java.security.cert.X509Certificate cert)
-
-
-
Field Detail
-
store
private final VOMSTrustStore store
-
certChainValidator
private final eu.emi.security.authn.x509.X509CertChainValidatorExt certChainValidator
-
hostnameResolver
private final LocalHostnameResolver hostnameResolver
-
-
Constructor Detail
-
DefaultVOMSValidationStrategy
public DefaultVOMSValidationStrategy(VOMSTrustStore store, eu.emi.security.authn.x509.X509CertChainValidatorExt validator, LocalHostnameResolver resolver)
-
DefaultVOMSValidationStrategy
public DefaultVOMSValidationStrategy(VOMSTrustStore store, eu.emi.security.authn.x509.X509CertChainValidatorExt validator)
-
-
Method Detail
-
checkACHolder
private boolean checkACHolder(VOMSAttribute attributes, java.security.cert.X509Certificate[] chain, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
checkACValidity
private boolean checkACValidity(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
checkLocalAACertSignature
private boolean checkLocalAACertSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
checkLSCSignature
private boolean checkLSCSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
checkSignature
private boolean checkSignature(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
checkTargets
private boolean checkTargets(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
checkNoRevAvailExtension
private boolean checkNoRevAvailExtension(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
checkAuthorityKeyIdentifierExtension
private boolean checkAuthorityKeyIdentifierExtension(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
checkUnhandledCriticalExtensions
private boolean checkUnhandledCriticalExtensions(VOMSAttribute attributes, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
validateAC
public VOMSValidationResult validateAC(VOMSAttribute attributes)
Description copied from interface:VOMSACValidationStrategy
Validates VOMS attributes not extracted from a certificate chain (e.g., as returned from the VOMS server)- Specified by:
validateAC
in interfaceVOMSACValidationStrategy
- Parameters:
attributes
- the VOMS attributes- Returns:
- a
VOMSValidationResult
object describing the outcome of the validation
-
validateAC
public VOMSValidationResult validateAC(VOMSAttribute attributes, java.security.cert.X509Certificate[] chain)
Description copied from interface:VOMSACValidationStrategy
Validates a VOMS Attribute Certificate- Specified by:
validateAC
in interfaceVOMSACValidationStrategy
- Parameters:
attributes
- the parsed VOMS attributeschain
- the certificate chain from which the attributes were parsed- Returns:
- a
VOMSValidationResult
object describing the outcome of the validation
-
validateCertificate
private boolean validateCertificate(java.security.cert.X509Certificate c, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
validateCertificateChain
private boolean validateCertificateChain(java.security.cert.X509Certificate[] chain, java.util.List<VOMSValidationErrorMessage> validationErrors)
-
verifyACSignature
private boolean verifyACSignature(VOMSAttribute attributes, java.security.cert.X509Certificate cert)
-
-