|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objecteu.emi.security.authn.x509.proxy.BaseProxyCertificateOptions
public abstract class BaseProxyCertificateOptions
Generic proxy creation parameters useful for all scenarios. All objects passed to this class are copied. All objects returned by methods of this class are also copies of the object state. Therefore it is only possible to modify state of this class using its methods. This class is not thread safe.
Field Summary | |
---|---|
static int |
DEFAULT_LIFETIME
|
Constructor Summary | |
---|---|
protected |
BaseProxyCertificateOptions(X509Certificate[] parentCertChain)
Create a new proxy cert based on the parent cert chain. |
Method Summary | |
---|---|
void |
addExtension(CertificateExtension extension)
Add an extension to the proxy certificate to be generated. |
AttributeCertificate[] |
getAttributeCertificates()
|
List<CertificateExtension> |
getExtensions()
|
int |
getLifetime()
|
Date |
getNotBefore()
|
X509Certificate[] |
getParentCertChain()
Returns the certificate parent chain of the proxy. |
ProxyPolicy |
getPolicy()
|
int |
getProxyPathLimit()
Gets the proxy path length limit of this certificate. |
String |
getProxyTracingIssuer()
|
String |
getProxyTracingSubject()
|
String |
getSAMLAssertion()
Gets SAML assertions in a string format. |
BigInteger |
getSerialNumber()
Gets the proxy serial number. |
String[] |
getSourceRestrictionExcludedAddresses()
Gets an excluded from source restriction IP addressSpace from the data structure. |
String[] |
getSourceRestrictionPermittedAddresses()
Gets the permitted source IP addressSpace of the Proxy. |
String[] |
getTargetRestrictionExcludedAddresses()
Gets an excluded target IP addressSpace from the data structure. |
String[] |
getTargetRestrictionPermittedAddresses()
Returns a permitted target IP address space of the Proxy. |
ProxyType |
getType()
|
boolean |
isLimited()
Checks if the proxy shall be limited. |
void |
setAttributeCertificates(AttributeCertificate[] ac)
Sets Attribute certificates, which will be added as the VOMS extensions to the generated proxy. |
void |
setLifetime(int lifetime)
Set the proxy lifetime in seconds. |
void |
setLifetime(long lifetime,
TimeUnit unit)
Set the proxy lifetime using desired unit. |
void |
setLimited(boolean limited)
Defines whether the resulting proxy will be a limited proxy. |
void |
setPolicy(ProxyPolicy policy)
Set the RFC proxy extension policy OID and octets of the policy. |
void |
setProxyPathLimit(int pathLen)
Sets the proxy path length limit of this certificate. |
void |
setProxyTracingIssuer(String url)
Sets the issuer URL for the proxy tracing. |
void |
setProxyTracingSubject(String url)
Sets the subject URL for the proxy tracing. |
void |
setSAMLAssertion(String saml)
Sets SAML assertions in a string format. |
void |
setSerialNumber(BigInteger sn)
Sets the proxy serial number. |
void |
setSourceRestrictionExcludedAddresses(byte[][] addresses)
Sets an excluded from source restriction IP addressSpace to the data structure. |
void |
setSourceRestrictionExcludedAddresses(String[] addresses)
Sets an excluded from source restriction IP addressSpace to the data structure. |
void |
setSourceRestrictionPermittedAddresses(byte[][] addresses)
Sets a permitted source IP addressSpace to the Proxy. |
void |
setSourceRestrictionPermittedAddresses(String[] addresses)
Sets a new permitted source IP addressSpace to the Proxy |
void |
setTargetRestrictionExcludedAddresses(byte[][] addresses)
Sets an excluded target IP addressSpace to the data structure. |
void |
setTargetRestrictionExcludedAddresses(String[] addresses)
Sets an excluded target IP addressSpace to the data structure. |
void |
setTargetRestrictionPermittedAddresses(byte[][] addresses)
Sets a permitted target IP address space to the Proxy. |
void |
setTargetRestrictionPermittedAddresses(String[] addresses)
Sets a new permitted target IP addressSpace to the Proxy. |
void |
setType(ProxyType type)
Used to set the type of the proxy. |
void |
setValidityBounds(Date notBefore,
Date notAfter)
Sets the desired time bounds for the proxy. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final int DEFAULT_LIFETIME
Constructor Detail |
---|
protected BaseProxyCertificateOptions(X509Certificate[] parentCertChain)
parentCertChain
- chain of the issuerMethod Detail |
---|
public X509Certificate[] getParentCertChain()
public void setValidityBounds(Date notBefore, Date notAfter)
notBefore
- proxy won't be valid before this datenotAfter
- proxy won't be valid after this datepublic void setLifetime(int lifetime)
lifetime
- in secondssetValidityBounds(Date, Date)
public void setLifetime(long lifetime, TimeUnit unit)
lifetime
- in unit specified by the 2nd parameterunit
- the unit of the timeout specified by the first value
IllegalArgumentException
- if the requested lifetime is larger then
Integer.MAX_VALUE
seconds.setValidityBounds(Date, Date)
public int getLifetime()
public Date getNotBefore()
public void setType(ProxyType type) throws IllegalArgumentException
type
- to be set
IllegalArgumentException
public ProxyType getType()
public void setLimited(boolean limited)
For legacy proxy this is the only way to control the proxy's application area.
RFC and draft proxies allows for a more rich and extensible semantics using
setPolicy(ProxyPolicy)
.
Since version 1.2.0, in case of RFC proxies, usage of this method with argument 'true' is
equivalent to calling setPolicy(new ProxyPolicy(ProxyPolicy.LIMITED_PROXY_OID))
and with argument false to setPolicy(new ProxyPolicy(ProxyPolicy.INHERITALL_POLICY_OID))
.
Note that subsequent calls to setPolicy will overwrite the setLimited setting. Therefore the following
code:
param.setLimited(true); param.setPolicy(new ProxyPolicy(ProxyPolicy.INHERITALL_POLICY_OID));configures the engine to create limited legacy proxies or unlimited rfc proxies. As this behavior is rather not intended it is strongly advised NOT to mix setLimited and setPolicy calls in any case.
limited
- true if proxy shall be limitedpublic boolean isLimited()
public void setSerialNumber(BigInteger sn)
sn
- serial number to be setpublic BigInteger getSerialNumber()
public void setProxyPathLimit(int pathLen)
pathLen
- path limit, use negative value if proxy shall be unlimitedpublic int getProxyPathLimit()
public void addExtension(CertificateExtension extension)
extension
- the extension to be setpublic List<CertificateExtension> getExtensions()
addExtension(CertificateExtension)
public void setPolicy(ProxyPolicy policy)
Note: this setting is ignored for legacy proxies.
policy
- to be setpublic ProxyPolicy getPolicy()
public void setTargetRestrictionPermittedAddresses(String[] addresses) throws IllegalArgumentException
addresses
- The address space to add to the allowed ip address space.
Example of the format: 192.168.0.0/16.
It equals to a network 192.168.0.0 with a net mask 255.255.0.0.
A single IP address can be defined as xxx.xxx.xxx.xxx/32. IllegalArgumentException
- if the argument does not contain addresses in
the specified formatpublic void setTargetRestrictionPermittedAddresses(byte[][] addresses) throws IllegalArgumentException
addresses
- The array of 8 element arrays of bytes
representation of address spaces defined in this structure.
Each inner 8-elements array must contains IP address and netmask bytes,
e.g. {137,138,0,0,255,255,0,0}.
IllegalArgumentException
- when inner arrays are not of length 8
or if does not represent a valid address and netmask combination.public String[] getTargetRestrictionPermittedAddresses()
public void setSourceRestrictionPermittedAddresses(String[] addresses) throws IllegalArgumentException
addresses
- The address space to add to the allowed ip address space.
Example of the format: 192.168.0.0/16.
It equals a 192.168.0.0 with a net mask 255.255.0.0.
A single IP address can be defined as xxx.xxx.xxx.xxx/32. IllegalArgumentException
- if the argument does not contain addresses in
the specified formatpublic void setSourceRestrictionPermittedAddresses(byte[][] addresses) throws IllegalArgumentException
addresses
- The array of 8 element arrays of bytes
representation of address spaces defined in this structure.
Each inner 8-elements array must contains IP address and netmask bytes,
e.g. {137,138,0,0,255,255,0,0}.
IllegalArgumentException
- when inner arrays are not of length 8
or if does not represent a valid address and netmask combination.public String[] getSourceRestrictionPermittedAddresses()
public void setTargetRestrictionExcludedAddresses(String[] addresses) throws IllegalArgumentException
addresses
- The address space to add to the allowed ip address space.
Example of the format: 192.168.0.0/16.
It equals a 192.168.0.0 with a net mask 255.255.0.0.
A single IP address can be defined as xxx.xxx.xxx.xxx/32. IllegalArgumentException
- if the argument does not contain addresses in
the specified formatpublic void setTargetRestrictionExcludedAddresses(byte[][] addresses) throws IllegalArgumentException
addresses
- The array of 8 element arrays of bytes
representation of address spaces defined in this structure.
Each inner 8-elements array must contains IP address and netmask bytes,
e.g. {137,138,0,0,255,255,0,0}.
IllegalArgumentException
- when inner arrays are not of length 8
or if does not represent a valid address and netmask combination.public String[] getTargetRestrictionExcludedAddresses()
public void setSourceRestrictionExcludedAddresses(String[] addresses) throws IllegalArgumentException
addresses
- The address space to add to the allowed ip address space.
Example of the format: 192.168.0.0/16.
It equals a 192.168.0.0 with a net mask 255.255.0.0.
A single IP address can be defined as xxx.xxx.xxx.xxx/32. IllegalArgumentException
- if the argument does not contain addresses in
the specified formatpublic void setSourceRestrictionExcludedAddresses(byte[][] addresses) throws IllegalArgumentException
addresses
- The array of 8 element arrays of bytes
representation of address spaces defined in this structure.
Each inner 8-elements array must contains IP address and netmask bytes,
e.g. {137,138,0,0,255,255,0,0}.
IllegalArgumentException
- when inner arrays are not of length 8
or if does not represent a valid address and netmask combination.public String[] getSourceRestrictionExcludedAddresses()
public void setProxyTracingIssuer(String url)
url
- the issuer URLpublic String getProxyTracingIssuer()
public void setProxyTracingSubject(String url)
url
- the subject URLpublic String getProxyTracingSubject()
public String getSAMLAssertion()
public void setSAMLAssertion(String saml)
saml
- assertions to be usedpublic void setAttributeCertificates(AttributeCertificate[] ac)
ac
- to be setpublic AttributeCertificate[] getAttributeCertificates()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |