/**
* Converts the specified principal into Globus format. If the principal is of unrecognized type a
* simple string-based conversion is made using the {@link #toGlobusID(String) toGlobusID()}
* function.
*
* @see #toGlobusID(String)
* @param name the principal to convert to Globus format.
* @return the converted DN in Globus format.
*/
public static String toGlobusID(Principal name) {
if (name instanceof X509Name) {
return X509NameHelper.toString((X509Name) name);
} else {
return CertificateUtil.toGlobusID(name.getName());
}
}
/**
* Verifies the validity of the credentials. All certificate path validation is performed using
* trusted certificates in default locations.
*
* @exception CredentialException if one of the certificates in the chain expired or if path
* validiation fails.
*/
public void verify() throws CredentialException {
try {
String caCertsLocation = "file:" + CoGProperties.getDefault().getCaCertLocations();
String crlPattern = caCertsLocation + "/*.r*";
String sigPolPattern = caCertsLocation + "/*.signing_policy";
KeyStore keyStore =
KeyStore.getInstance(GlobusProvider.KEYSTORE_TYPE, GlobusProvider.PROVIDER_NAME);
CertStore crlStore =
CertStore.getInstance(
GlobusProvider.CERTSTORE_TYPE, new ResourceCertStoreParameters(null, crlPattern));
ResourceSigningPolicyStore sigPolStore =
new ResourceSigningPolicyStore(new ResourceSigningPolicyStoreParameters(sigPolPattern));
keyStore.load(KeyStoreParametersFactory.createTrustStoreParameters(caCertsLocation));
X509ProxyCertPathParameters parameters =
new X509ProxyCertPathParameters(keyStore, crlStore, sigPolStore, false);
X509ProxyCertPathValidator validator = new X509ProxyCertPathValidator();
validator.engineValidate(CertificateUtil.getCertPath(certChain), parameters);
} catch (Exception e) {
throw new CredentialException(e);
}
}