Package eu.emi.security.authn.x509.proxy

Class ProxyUtils

  • public class ProxyUtils
extends java.lang.Object
    Utility methods for checking properties of proxy certificates.
    Author:
    K. Benedyczak

    • Constructor Summary

      Constructors 
      Constructor Description
      ProxyUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.security.cert.X509Certificate getEndUserCertificate​(java.security.cert.X509Certificate[] certificateChain)
      Extracts the first EEC from the chain.
      static javax.security.auth.x500.X500Principal getOriginalUserDN​(java.security.cert.X509Certificate[] certificateChain)
      Tries to establish the DN of the user who issued the first proxy which is found in the provided chain.
      static boolean isProxy​(java.security.cert.X509Certificate certificate)
      Checks whether the certificate is a proxy.
      static boolean isProxy​(java.security.cert.X509Certificate[] certificate)
      Checks whether the chain contains at least one proxy.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • ProxyUtils

        public ProxyUtils()

    • Method Detail

      • isProxy

        public static boolean isProxy​(java.security.cert.X509Certificate certificate)
        Checks whether the certificate is a proxy.
        Parameters:
        certificate - the certificate to check
        Returns:
        true if proxy was found

      • isProxy

        public static boolean isProxy​(java.security.cert.X509Certificate[] certificate)
        Checks whether the chain contains at least one proxy. Note that by definition proxy certificate can not issue a non-proxy certificate, therefore this method only checks the first certificate in chain. If proxy certificates are placed inside the chain and the first certificate is a not a proxy then this method will return false, but the chain is invalid.
        Parameters:
        certificate - the chain to check
        Returns:
        true if proxy was found

      • getEndUserCertificate

        public static java.security.cert.X509Certificate getEndUserCertificate​(java.security.cert.X509Certificate[] certificateChain)
        Extracts the first EEC from the chain.
        Parameters:
        certificateChain - chain to find EEC
        Returns:
        the certificate found or null if only proxy certificates are in chain

      • getOriginalUserDN

        public static javax.security.auth.x500.X500Principal getOriginalUserDN​(java.security.cert.X509Certificate[] certificateChain)
                                                                throws java.lang.IllegalArgumentException
        Tries to establish the DN of the user who issued the first proxy which is found in the provided chain.
        Parameters:
        certificateChain - chain to be checked
        Returns:
        object holding the user distinguished name
        Throws:
        java.lang.IllegalArgumentException - if the argument chain contains only proxy certificates