Field Detail

• CA_ALIAS

  public static final java.lang.String CA_ALIAS

  alias for the ca certificate

  See Also:

  Constant Field Values

Constructor Detail

• GECATrustManager

  public GECATrustManager()

• GECATrustManager

  public GECATrustManager(java.io.File caTop)

  Creates a new instance of GECATrustManager.

  Parameters:

  caTop - ca top directory of the grid engine ca

Method Detail

• setCaTop

  public void setCaTop(java.io.File caTop)

  set a new caTop directory

  Parameters:

  caTop -

• isValidMessage

  public boolean isValidMessage(java.lang.String username,
                                byte[] message,
                                byte[] signature,
                                java.lang.String algorithm)

  Validate a message of a user.

  Parameters:

  username - name of the user

  message - the message

  signature - the signature

  algorithm - the digest algorithm

  Returns:

  true if the message is valid

• checkClientTrusted

  public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                                 java.lang.String authType)
                          throws java.security.cert.CertificateException

  Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for client SSL authentication based on the authentication type. The authentication type is determined by the actual certificate used. For instance, if RSAPublicKey is used, the authType should be "RSA". Checking is case-sensitive.

  Specified by:

  checkClientTrusted in interface javax.net.ssl.X509TrustManager

  Parameters:

  chain - the peer certificate chain

  authType - the authentication type based on the client certificate

  Throws:

  java.lang.IllegalArgumentException - if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter

  java.security.cert.CertificateException - if the certificate chain is not trusted by this TrustManager.

• checkServerTrusted

  public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                                 java.lang.String authType)
                          throws java.security.cert.CertificateException

  Given the partial or complete certificate chain provided by the peer, build a certificate path to a trusted root and return if it can be validated and is trusted for server SSL authentication based on the authentication type. The authentication type is the key exchange algorithm portion of the cipher suites represented as a String, such as "RSA", "DHE_DSS". Note: for some exportable cipher suites, the key exchange algorithm is determined at run time during the handshake. For instance, for TLS_RSA_EXPORT_WITH_RC4_40_MD5, the authType should be RSA_EXPORT when an ephemeral RSA key is used for the key exchange, and RSA when the key from the server certificate is used. Checking is case-sensitive.

  Specified by:

  checkServerTrusted in interface javax.net.ssl.X509TrustManager

  Parameters:

  chain - the peer certificate chain

  authType - the key exchange algorithm used

  Throws:

  java.lang.IllegalArgumentException - if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter

  java.security.cert.CertificateException - if the certificate chain is not trusted by this TrustManager.

• getAcceptedIssuers

  public java.security.cert.X509Certificate[] getAcceptedIssuers()

  Return an array of certificate authority certificates which are trusted for authenticating peers.

  Specified by:

  getAcceptedIssuers in interface javax.net.ssl.X509TrustManager

  Returns:

  a non-null (possibly empty) array of acceptable CA issuer certificates.