Overview  Package   Class  Tree  Deprecated  Index  Help 

Framework Professional Edition Package
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.prosyst.mbs.framework.certmanager
Interface CertificateManager

public interface CertificateManager

This interface provides methods for manipulating certificate chains of bundles. It internally validates the certificates against a repository with trusted certificates.

Method Summary
 java.util.Vector getCerts(java.io.InputStream is)
          Retrieves the certificates of the jar file, specified as an InputStream.
 java.lang.Object getCerts(long bid)
          Returns the CertificateChain of the specified bundle's jar as Vector of encoded Certificate objects, which are obtained through a call to JarEntry.getCertificates().
 WriteableCertificateStorage getStorage()
          Returns the WriteableCertificateStorage implementation, or null if this functionality is not supported.
 java.lang.String[] getSubjectDNs()
          Returns the subject DNs for those certificates in the database, which has not expired yet.
 java.lang.String[][] getTrustedCertChainsInfo(java.lang.Object certs)
          The parameter is an array of certificates, which is retrieved through JarEntry.getCertificates().
 java.lang.String[][] getTrustedCerts(long bid)
          Returns the trusted CertificateChain-s of the specified bundle's jar.
 boolean isCertPresentInDB(java.lang.Object certificate)
          This method returns true if the following conditions are both true: a)the specified certificate is present in the database b)the certificate is not expired
 boolean isCertTrustedBySomeCertInDB(java.lang.Object certificate)
          This method returns true if the following conditions are both true: a)the specified certificate is signed by another certificate which is present in the database b)the certificate is not expired
 boolean isTrustedCertChain(java.lang.Object certs)
          Returs true if the following conditions for the specified certs are met: a) it is a valid certificate chain b) it is valid i.e.
 boolean matchDNChain(Bundle b, java.lang.String pattern)
          Checks whether the certificates of the specified bundle match the specified pattern.
 

Method Detail

isTrustedCertChain

boolean isTrustedCertChain(java.lang.Object certs)
Returs true if the following conditions for the specified certs are met: a) it is a valid certificate chain b) it is valid i.e. all certificates has not expired c) it is trusted i.e. a certificate from the chain is present in the repository

Parameters:
certs - certificate chain to check
Returns:

getCerts

java.util.Vector getCerts(java.io.InputStream is)
                          throws java.io.IOException
Retrieves the certificates of the jar file, specified as an InputStream. The result is Vector with two elements. The first element is Vector with trusted certificates. The second element is Vector with untrusted certificates. Each of the elements may be null, which will mean that there are no certificates of this kind. The result is null if and only if the bundle is unsigned or not signed according to the OSGi specification.

Parameters:
is - InputStream to a jar file
Returns:
Vector
Throws:
java.io.IOException

getTrustedCertChainsInfo

java.lang.String[][] getTrustedCertChainsInfo(java.lang.Object certs)
The parameter is an array of certificates, which is retrieved through JarEntry.getCertificates(). This array contains the certificate chain of each signer. It is possible, that a certificate chain has only one element. A certificate chain is considered trusted if the following conditions are true: a)all certificates in the chain are not expired b)there is a certificate in the chain, which is trusted i.e. present in the database The method splits the array in separate certificate chains. In the result is provided info only for the trusted certificate chains, the untrusted certificate chains are discarded. The result is in the form of a String[][], where each row is a String[] and represents a separate trusted certificate chain, in which certificates are ordered from bottom to top i.e. the signer is first, and the CA authority last. The elements of each row in its turn are the DN of the subject of the corresponding certificate.

Parameters:
certs - - are the result from calling JarEntry.getCertificates(). It should be an array of X509Certificate elements.
Returns:

isCertPresentInDB

boolean isCertPresentInDB(java.lang.Object certificate)
This method returns true if the following conditions are both true: a)the specified certificate is present in the database b)the certificate is not expired

Parameters:
certificate -
Returns:

isCertTrustedBySomeCertInDB

boolean isCertTrustedBySomeCertInDB(java.lang.Object certificate)
This method returns true if the following conditions are both true: a)the specified certificate is signed by another certificate which is present in the database b)the certificate is not expired

Parameters:
certificate -
Returns:

getSubjectDNs

java.lang.String[] getSubjectDNs()
Returns the subject DNs for those certificates in the database, which has not expired yet.

Returns:

getCerts

java.lang.Object getCerts(long bid)
Returns the CertificateChain of the specified bundle's jar as Vector of encoded Certificate objects, which are obtained through a call to JarEntry.getCertificates(). If the jar is unsigned or is not signed properly, null is returned.

Parameters:
bid - specifies the bundle
Returns:

getTrustedCerts

java.lang.String[][] getTrustedCerts(long bid)
Returns the trusted CertificateChain-s of the specified bundle's jar. The method performs the following steps: a) the certificates of the bundle are obtained through a call to JarEntry.getCertificates() b) a validation against the CertificateDatabase is performed. This may discard some of the CertificateChains, if the signers are not trusted. The result is in the form of a String[][], where each row is a String[] and represents a separate trusted certificate chain, in which certificates are ordered from bottom to top i.e. the signer is first, and the CA authority last. The elements of each row in its turn are the DN of the subject of the corresponding certificate.

Parameters:
bid - specifies the bundle
Returns:

matchDNChain

boolean matchDNChain(Bundle b,
                     java.lang.String pattern)
Checks whether the certificates of the specified bundle match the specified pattern.

Parameters:
b -
pattern -
Returns:

getStorage

WriteableCertificateStorage getStorage()
Returns the WriteableCertificateStorage implementation, or null if this functionality is not supported.

Overview  Package   Class  Tree  Deprecated  Index  Help 

Framework Professional Edition Package
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 1999-2007 ProSyst Software GmbH. All Rights Reserved