net.jini.jeri.ssl
Class SubjectCredentials

java.lang.Object
  extended by net.jini.jeri.ssl.Utilities
      extended by net.jini.jeri.ssl.SubjectCredentials

 class SubjectCredentials
extends Utilities

Provides methods for retrieving credentials from a Subject.

Author:
Sun Microsystems, Inc.

Nested Class Summary
private static class SubjectCredentials.CertificateMatcher
          Provides utilities for converting between X.509 certificates and unique certificate names.
(package private) static class SubjectCredentials.GetAllPrivateCredentialsAction
          A privileged action that returns all the X.500 private credentials for a subject as an X500PrivateCredential array.
(package private) static class SubjectCredentials.GetPrivateCredentialAction
          A privileged action that gets the private credentials for an X.509 certificate.
 
Nested classes/interfaces inherited from class net.jini.jeri.ssl.Utilities
Utilities.SSLContextInfo
 
Field Summary
 
Fields inherited from class net.jini.jeri.ssl.Utilities
ANY_KEY_ALGORITHM, clientLogger, DSA_KEY_ALGORITHM, getSubjectPermission, initLogger, INTEGRITY_PREFERRED, INTEGRITY_REQUIRED, RSA_KEY_ALGORITHM, serverLogger, UNKNOWN_PRINCIPAL
 
Constructor Summary
private SubjectCredentials()
          This class shouldn't be instantiated
 
Method Summary
private static void appendKeyString(Key key, StringBuffer buf)
          Appends information about a key to a StringBuffer.
(package private) static String credentialsString(Subject subject)
          Returns a String that describes the credentials in the subject.
(package private) static CertPath getCertificateChain(Subject subject, String name)
          Retrieves the X.509 CertPath for a credential name.
(package private) static CertPath getCertificateChain(Subject subject, X509Certificate cert)
          Checks if the subject's public credentials contain a certificate chain that starts with a certificate with the same subject and public key, and returns the certificate chain if it does.
(package private) static List getCertificateChains(Subject subject)
          Returns the X.509 CertPaths stored in the public credentials of the subject.
(package private) static String getCertificateName(X509Certificate cert)
          Returns the credential name for an X.509 certificate.
(package private) static X500Principal getPrincipal(Subject subject, X509Certificate cert)
          Returns the subject principal matching the X.509 certificate.
(package private) static Set getPrincipals(Subject subject, int keyAlgorithms, X500PrivateCredential[] privateCredentials)
          Retrieves the principals in the subject with X.509 CertPaths which use the specified key algorithm and, optionally, have associated private credentials.
(package private) static X500PrivateCredential getPrivateCredential(Subject subject, X509Certificate cert)
          Returns the X500PrivateCredential for an X.509 certificate.
private static boolean isX509CertificateChain(Object credential)
          Determines if the argument is an X.509 certificate CertPath.
 
Methods inherited from class net.jini.jeri.ssl.Utilities
checkValidity, contains, doesEncryption, doesServerAuthentication, equals, firstX509Cert, getCertFactory, getCipherAlgorithm, getClassName, getClientPrincipals, getClientPrincipals, getClientSSLContextInfo, getKeyAlgorithm, getKeyExchangeAlgorithm, getPermittedKeyAlgorithms, getServerPrincipals, getServerSSLContextInfo, getSupportedCipherSuites, hasStrongCipherAlgorithm, logThrow, maintainsIntegrity, permittedKeyAlgorithm, position, releaseClientSSLContextInfo, safeEquals, subjectString, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SubjectCredentials

private SubjectCredentials()
This class shouldn't be instantiated

Method Detail

getCertificateChain

static CertPath getCertificateChain(Subject subject,
                                    String name)
Retrieves the X.509 CertPath for a credential name. Returns null if the chain associated with the credential name is not found. Does not check if either principal or private key associated with the chain are present.

Parameters:
subject - the Subject containing the credentials or null
name - the name of the credentials
Returns:
the certificate chain or null

getCertificateName

static String getCertificateName(X509Certificate cert)
Returns the credential name for an X.509 certificate.

Parameters:
cert - the certificate
Returns:
the credential name

getCertificateChains

static List getCertificateChains(Subject subject)
Returns the X.509 CertPaths stored in the public credentials of the subject. Does not check if the associated principals or private keys are present. Returns null if none are found.

Parameters:
subject - the subject containing the X.509 CertPaths or null
Returns:
List of the X.509 CertPaths in the subject

getCertificateChain

static CertPath getCertificateChain(Subject subject,
                                    X509Certificate cert)
Checks if the subject's public credentials contain a certificate chain that starts with a certificate with the same subject and public key, and returns the certificate chain if it does. Does not check the validity of the certificate chain, or for associated private credentials or principal.

Parameters:
cert - the certificate
Returns:
the certificate chain starting with an equivalent certificate, if present, otherwise null

getPrincipals

static Set getPrincipals(Subject subject,
                         int keyAlgorithms,
                         X500PrivateCredential[] privateCredentials)
Retrieves the principals in the subject with X.509 CertPaths which use the specified key algorithm and, optionally, have associated private credentials. Uses the specified private credentials rather than getting them from the Subject to permit callers to cache them and avoid the cost of repeated permission checks to access them.

Parameters:
subject - the Subject containing the principals
keyAlgorithms - the permitted key algorithms, an OR of any of DSA_KEY_ALGORITHM and RSA_KEY_ALGORITHM
privateCredentials - the available private credentials, or null if private credentials are not required
Returns:
set of matching principals

getPrivateCredential

static X500PrivateCredential getPrivateCredential(Subject subject,
                                                  X509Certificate cert)
Returns the X500PrivateCredential for an X.509 certificate. Returns null if the associated private credential is missing from the subject. Does not check if the public credential or principal are present. Assumes that the subject is non-null. The caller should check for AuthenticationPermission and then call this method from within AccessController.doPrivileged to give it private credential permissions.

Parameters:
subject - the Subject containing the credentials
cert - the X.509 certificate
Returns:
the X500PrivateCredential or null

getPrincipal

static X500Principal getPrincipal(Subject subject,
                                  X509Certificate cert)
Returns the subject principal matching the X.509 certificate. Returns null if the principal is not found. Does not check if the associated private key is present. Assumes that the subject is non-null.

Parameters:
subject - the Subject containing the credentials
cert - the X.509 certificate
Returns:
the X.500 principal or null

credentialsString

static String credentialsString(Subject subject)
Returns a String that describes the credentials in the subject.

Parameters:
subject - the Subject containing the credentials
Returns:
a String describing the credentials
Throws:
NullPointerException - if the subject is null

appendKeyString

private static void appendKeyString(Key key,
                                    StringBuffer buf)
Appends information about a key to a StringBuffer.


isX509CertificateChain

private static boolean isX509CertificateChain(Object credential)
Determines if the argument is an X.509 certificate CertPath. Returns true if the argument is a non-null CertPath, has at least one certificate, and has type X.509.



Copyright 2007-2010, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.