Package eu.emi.security.authn.x509.proxy

Class ProxyUtils

java.lang.Object
eu.emi.security.authn.x509.proxy.ProxyUtils
public class ProxyUtils extends Object
Utility methods for checking properties of proxy certificates.
Author:
K. Benedyczak

  • Constructor Details

    • ProxyUtils

      public ProxyUtils()

  • Method Details

    • isProxy

      public static boolean isProxy(X509Certificate certificate)
      Checks whether the certificate is a proxy.
      Parameters:
      certificate - the certificate to check
      Returns:
      true if proxy was found

    • isProxy

      public static boolean isProxy(X509Certificate[] certificate)
      Checks whether the chain contains at least one proxy. Note that by definition proxy certificate can not issue a non-proxy certificate, therefore this method only checks the first certificate in chain. If proxy certificates are placed inside the chain and the first certificate is a not a proxy then this method will return false, but the chain is invalid.
      Parameters:
      certificate - the chain to check
      Returns:
      true if proxy was found

    • getEndUserCertificate

      public static X509Certificate getEndUserCertificate(X509Certificate[] certificateChain)
      Extracts the first EEC from the chain.
      Parameters:
      certificateChain - chain to find EEC
      Returns:
      the certificate found or null if only proxy certificates are in chain

    • getOriginalUserDN

      public static X500Principal getOriginalUserDN(X509Certificate[] certificateChain) throws IllegalArgumentException
      Tries to establish the DN of the user who issued the first proxy which is found in the provided chain.
      Parameters:
      certificateChain - chain to be checked
      Returns:
      object holding the user distinguished name
      Throws:
      IllegalArgumentException - if the argument chain contains only proxy certificates