eu.emi.security.authn.x509.proxy
Class ProxyUtils

java.lang.Object
  extended by eu.emi.security.authn.x509.proxy.ProxyUtils

public class ProxyUtils
extends Object

Utility methods for checking properties of proxy certificates.

Author:
K. Benedyczak

Constructor Summary
ProxyUtils()
           
 
Method Summary
static X509Certificate getEndUserCertificate(X509Certificate[] certificateChain)
          Extracts the first EEC from the chain.
static X500Principal getOriginalUserDN(X509Certificate[] certificateChain)
          Tries to establish the DN of the user who issued the first proxy which is found in the provided chain.
static boolean isProxy(X509Certificate certificate)
          Checks whether the certificate is a proxy.
static boolean isProxy(X509Certificate[] certificate)
          Checks whether the chain contains at least one proxy.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ProxyUtils

public ProxyUtils()
Method Detail

isProxy

public static boolean isProxy(X509Certificate certificate)
Checks whether the certificate is a proxy.

Parameters:
certificate - the certificate to check
Returns:
true if proxy was found

isProxy

public static boolean isProxy(X509Certificate[] certificate)
Checks whether the chain contains at least one proxy. Note that by definition proxy certificate can not issue a non-proxy certificate, therefore this method only checks the first certificate in chain. If proxy certificates are placed inside the chain and the first certificate is a not a proxy then this method will return false, but the chain is invalid.

Parameters:
certificate - the chain to check
Returns:
true if proxy was found

getEndUserCertificate

public static X509Certificate getEndUserCertificate(X509Certificate[] certificateChain)
Extracts the first EEC from the chain.

Parameters:
certificateChain - chain to find EEC
Returns:
the certificate found or null if only proxy certificates are in chain

getOriginalUserDN

public static X500Principal getOriginalUserDN(X509Certificate[] certificateChain)
                                       throws IllegalArgumentException
Tries to establish the DN of the user who issued the first proxy which is found in the provided chain.

Parameters:
certificateChain - chain to be checked
Returns:
object holding the user distinguished name
Throws:
IllegalArgumentException - if the argument chain contains only proxy certificates


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.