org.aselect.authspserver.authsp.pki
Class PKIManager

java.lang.Object
  extended by org.aselect.authspserver.authsp.pki.PKIManager

public class PKIManager
extends java.lang.Object

The PKI Manager.

Description:
Handles all the PKI functionality of the PKI AuthSP

Concurrency issues:
None

Author:
Alfa & Ariss

Field Summary
static java.lang.String MODULE
          The name of this module, that is used in the system logging.
 
Constructor Summary
PKIManager()
           
 
Method Summary
 void destroy()
          Destroy all running threads
 java.util.Hashtable getTrustedCACertificate(java.security.cert.X509Certificate oCert)
          Looks up the certifcate and alias of the CA for a client certificate.
 void init(java.lang.Object oConfig, AuthSPSystemLogger oSystemLogger)
          Initializes the PKI Manager.
 boolean isClientCertRevoked(java.lang.String sCaAlias, java.security.cert.X509Certificate oClientCert)
          Checks if a certificate is revoked.
 void validateCertificateDate(java.security.cert.X509Certificate oCert)
          Checks if the provided certificate is valid.
 boolean validateCertificateIsSignedByCA(java.security.cert.Certificate oClientCert, java.security.cert.Certificate oCaCert)
          Validates if the provided client certificate is signed by the provided CA cert.
 boolean validateCrl(java.security.cert.X509CRL crl, java.security.cert.X509Certificate crlIssuerCert)
          Validates if the provided CRL is signed by the provided Issuer.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MODULE

public static final java.lang.String MODULE
The name of this module, that is used in the system logging.

See Also:
Constant Field Values
Constructor Detail

PKIManager

public PKIManager()
Method Detail

init

public void init(java.lang.Object oConfig,
                 AuthSPSystemLogger oSystemLogger)
          throws ASelectException
Initializes the PKI Manager.

Parameters:
oConfig - necessary configuration
oSystemLogger - the systemlogger
Throws:
ASelectException - if something goes wrong during init.

destroy

public void destroy()
Destroy all running threads


getTrustedCACertificate

public java.util.Hashtable getTrustedCACertificate(java.security.cert.X509Certificate oCert)
                                            throws ASelectException
Looks up the certifcate and alias of the CA for a client certificate.

Description:
Looks up the certifcate of the CA which have signed the client certificate.

Concurrency issues:
None

Preconditions:
oCert may not be null

Postconditions:
None

Parameters:
oCert - the client certificate
Returns:
Hashtable containing alias and certificate of CA which signed the client cert.
Throws:
ASelectException

validateCertificateIsSignedByCA

public boolean validateCertificateIsSignedByCA(java.security.cert.Certificate oClientCert,
                                               java.security.cert.Certificate oCaCert)
Validates if the provided client certificate is signed by the provided CA cert.

Description:
Validates if the provided client certificate is signed by the provided CA cert.

Concurrency issues:
None

Preconditions:
oClientCert, oCaCert may not be null

Postconditions:
none

Parameters:
oClientCert - Client certificate
oCaCert - CA certificate
Returns:
true if client cert is signed by CA and false otherwise.

validateCertificateDate

public void validateCertificateDate(java.security.cert.X509Certificate oCert)
                             throws ASelectException
Checks if the provided certificate is valid.

Description:
Checks if the provided certificate is valid yet and not expired.

Concurrency issues:
None

Preconditions:
oCert may not be null.

Postconditions:
None

Parameters:
oCert -
Throws:
ASelectException - if cert is not yet valid or expired.

validateCrl

public boolean validateCrl(java.security.cert.X509CRL crl,
                           java.security.cert.X509Certificate crlIssuerCert)
Validates if the provided CRL is signed by the provided Issuer.

Description:
Validates if the provided CRL is signed by the provided Issuer.

Concurrency issues:
None

Preconditions:
crl and crlIssuerCert may not be null

Postconditions:
none

Parameters:
crl - The Certificate Revocation List
crlIssuerCert - the CRL Issuer
Returns:
true if crl is valid and false otherwise

isClientCertRevoked

public boolean isClientCertRevoked(java.lang.String sCaAlias,
                                   java.security.cert.X509Certificate oClientCert)
                            throws ASelectException
Checks if a certificate is revoked.

Description:
Checks if a certificate stands on the CRL

Concurrency issues:
None

Preconditions:
sCaAlias and oClientCert may not be null

Postconditions:
None

Parameters:
sCaAlias - The Alias of the CA.
oClientCert - The certificate to be checked
Returns:
true if the certicate is listed on the CRL and false otherwise.
Throws:
ASelectException


Copyright © 2008 SURFnet BV. All Rights Reserved.