Package org.eclipse.jetty.util.security
Class CertificateValidator
- java.lang.Object
-
- org.eclipse.jetty.util.security.CertificateValidator
-
public class CertificateValidator extends java.lang.Object
Convenience class to handle validation of certificates, aliases and keystores Allows specifying Certificate Revocation List (CRL), as well as enabling CRL Distribution Points Protocol (CRLDP) certificate extension support, and also enabling On-Line Certificate Status Protocol (OCSP) support. IMPORTANT: at least one of the above mechanisms *MUST* be configured and operational, otherwise certificate validation *WILL FAIL* unconditionally.
-
-
Constructor Summary
Constructors Constructor Description CertificateValidator(java.security.KeyStore trustStore, java.util.Collection<? extends java.security.cert.CRL> crls)
creates an instance of the certificate validator
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.Collection<? extends java.security.cert.CRL>
getCrls()
int
getMaxCertPathLength()
java.lang.String
getOcspResponderURL()
java.security.KeyStore
getTrustStore()
boolean
isEnableCRLDP()
boolean
isEnableOCSP()
void
setEnableCRLDP(boolean enableCRLDP)
Enables CRL Distribution Points Supportvoid
setEnableOCSP(boolean enableOCSP)
Enables On-Line Certificate Status Protocol supportvoid
setMaxCertPathLength(int maxCertPathLength)
void
setOcspResponderURL(java.lang.String ocspResponderURL)
Set the location of the OCSP Responder.void
validate(java.security.cert.Certificate[] certChain)
void
validate(java.security.KeyStore keyStore)
validates all aliases inside of a given keystorejava.lang.String
validate(java.security.KeyStore keyStore, java.lang.String keyAlias)
validates a specific alias inside of the keystore being passed invoid
validate(java.security.KeyStore keyStore, java.security.cert.Certificate cert)
validates a specific certificate inside of the keystore being passed in
-
-
-
Constructor Detail
-
CertificateValidator
public CertificateValidator(java.security.KeyStore trustStore, java.util.Collection<? extends java.security.cert.CRL> crls)
creates an instance of the certificate validator- Parameters:
trustStore
- the truststore to usecrls
- the Certificate Revocation List to use
-
-
Method Detail
-
validate
public void validate(java.security.KeyStore keyStore) throws java.security.cert.CertificateException
validates all aliases inside of a given keystore- Parameters:
keyStore
- the keystore to validate- Throws:
java.security.cert.CertificateException
- if keystore error and unable to validate
-
validate
public java.lang.String validate(java.security.KeyStore keyStore, java.lang.String keyAlias) throws java.security.cert.CertificateException
validates a specific alias inside of the keystore being passed in- Parameters:
keyStore
- the keystore to validatekeyAlias
- the keyalias in the keystore to valid with- Returns:
- the keyAlias if valid
- Throws:
java.security.cert.CertificateException
- if keystore error and unable to validate
-
validate
public void validate(java.security.KeyStore keyStore, java.security.cert.Certificate cert) throws java.security.cert.CertificateException
validates a specific certificate inside of the keystore being passed in- Parameters:
keyStore
- the keystore to validate againstcert
- the certificate to validate- Throws:
java.security.cert.CertificateException
- if keystore error and unable to validate
-
validate
public void validate(java.security.cert.Certificate[] certChain) throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
getTrustStore
public java.security.KeyStore getTrustStore()
-
getCrls
public java.util.Collection<? extends java.security.cert.CRL> getCrls()
-
getMaxCertPathLength
public int getMaxCertPathLength()
- Returns:
- Maximum number of intermediate certificates in the certification path (-1 for unlimited)
-
setMaxCertPathLength
public void setMaxCertPathLength(int maxCertPathLength)
- Parameters:
maxCertPathLength
- maximum number of intermediate certificates in the certification path (-1 for unlimited)
-
isEnableCRLDP
public boolean isEnableCRLDP()
- Returns:
- true if CRL Distribution Points support is enabled
-
setEnableCRLDP
public void setEnableCRLDP(boolean enableCRLDP)
Enables CRL Distribution Points Support- Parameters:
enableCRLDP
- true - turn on, false - turns off
-
isEnableOCSP
public boolean isEnableOCSP()
- Returns:
- true if On-Line Certificate Status Protocol support is enabled
-
setEnableOCSP
public void setEnableOCSP(boolean enableOCSP)
Enables On-Line Certificate Status Protocol support- Parameters:
enableOCSP
- true - turn on, false - turn off
-
getOcspResponderURL
public java.lang.String getOcspResponderURL()
- Returns:
- Location of the OCSP Responder
-
setOcspResponderURL
public void setOcspResponderURL(java.lang.String ocspResponderURL)
Set the location of the OCSP Responder.- Parameters:
ocspResponderURL
- location of the OCSP Responder
-
-