Package org.globus.gsi
Class SigningPolicy
java.lang.Object
org.globus.gsi.SigningPolicy
Represents a signing policy associated with a particular CA. The signing policy defines a list of distinguished
names which are allowed to sign certificates for a particular Certificate Authority subject distinguished name.
- Since:
- 1.0
- Version:
- ${version}
-
Constructor Summary
ConstructorsConstructorDescriptionSigningPolicy
(X500Principal caSubjectDN, String[] allowedDNs) Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.SigningPolicy
(X500Principal caSubjectDN, List<Pattern> allowedDNs) Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates. -
Method Summary
Modifier and TypeMethodDescriptionReturn the patterns which identify the valid signing entities.Get CA subject DN for which this signing policy is defined.boolean
Method to determine if a signing policy is available for a given DN.boolean
isValidSubject
(X500Principal subject) Ascertains if the subjectDN is valid against this policy.
-
Constructor Details
-
SigningPolicy
Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.- Parameters:
caSubjectDN
- The DN for the subject to which this policy applies.allowedDNs
- The list of DNs which can sign certs for this subject.
-
SigningPolicy
Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates.- Parameters:
caSubjectDN
- The DN for the subject to which this policy applies.allowedDNs
- A list of patterns to which to compare signing entity DNs.
-
-
Method Details
-
getCASubjectDN
Get CA subject DN for which this signing policy is defined.- Returns:
- returns the CA subject
-
isValidSubject
Ascertains if the subjectDN is valid against this policy.- Parameters:
subject
- Subject DN to be validated- Returns:
- true if the DN is valid under this policy and false if it is not
-
getAllowedDNs
Return the patterns which identify the valid signing entities. If this signing policy has been created with a set of DNs then the patterns will simply match the DNs.- Returns:
- The patterns matching allowed signing entities.
-
isPolicyAvailable
public boolean isPolicyAvailable()Method to determine if a signing policy is available for a given DN.- Returns:
- If the patterns vector is not null and has atleast one element, true is returned. Else the method returns false.
-