Class SigningPolicy

java.lang.Object

org.globus.gsi.SigningPolicy

public class SigningPolicy
extends Object

Represents a signing policy associated with a particular CA. The signing policy defines a list of distinguished names which are allowed to sign certificates for a particular Certificate Authority subject distinguished name.

Since:

1.0

Version:

${version}

Field Summary

Fields

Modifier and Type	Field	Description
private List<Pattern>	allowedDNs
private X500Principal	caSubject

Constructor Summary

Constructors

Constructor	Description
SigningPolicy(X500Principal caSubjectDN, String[] allowedDNs)	Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.
SigningPolicy(X500Principal caSubjectDN, List<Pattern> allowedDNs)	Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates.

Method Summary

Modifier and Type	Method	Description
List<Pattern>	getAllowedDNs()	Return the patterns which identify the valid signing entities.
X500Principal	getCASubjectDN()	Get CA subject DN for which this signing policy is defined.
boolean	isPolicyAvailable()	Method to determine if a signing policy is available for a given DN.
boolean	isValidSubject(X500Principal subject)	Ascertains if the subjectDN is valid against this policy.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

caSubject

private X500Principal caSubject

allowedDNs

private List<Pattern> allowedDNs

Constructor Details

SigningPolicy

public SigningPolicy(X500Principal caSubjectDN,
 String[] allowedDNs)

Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.

Parameters:

caSubjectDN - The DN for the subject to which this policy applies.

allowedDNs - The list of DNs which can sign certs for this subject.

SigningPolicy

public SigningPolicy(X500Principal caSubjectDN,
 List<Pattern> allowedDNs)

Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates.

Parameters:

caSubjectDN - The DN for the subject to which this policy applies.

allowedDNs - A list of patterns to which to compare signing entity DNs.

Method Details

getCASubjectDN

public X500Principal getCASubjectDN()

Get CA subject DN for which this signing policy is defined.

Returns:

returns the CA subject

isValidSubject

public boolean isValidSubject(X500Principal subject)

Ascertains if the subjectDN is valid against this policy.

Parameters:

subject - Subject DN to be validated

Returns:

true if the DN is valid under this policy and false if it is not

getAllowedDNs

public List<Pattern> getAllowedDNs()

Return the patterns which identify the valid signing entities. If this signing policy has been created with a set of DNs then the patterns will simply match the DNs.

Returns:

The patterns matching allowed signing entities.

isPolicyAvailable

public boolean isPolicyAvailable()

Method to determine if a signing policy is available for a given DN.

Returns:

If the patterns vector is not null and has atleast one element, true is returned. Else the method returns false.