Class CertificateValidator


  • public class CertificateValidator
    extends java.lang.Object
    Convenience class to handle validation of certificates, aliases and keystores Allows specifying Certificate Revocation List (CRL), as well as enabling CRL Distribution Points Protocol (CRLDP) certificate extension support, and also enabling On-Line Certificate Status Protocol (OCSP) support. IMPORTANT: at least one of the above mechanisms *MUST* be configured and operational, otherwise certificate validation *WILL FAIL* unconditionally.
    • Constructor Summary

      Constructors 
      Constructor Description
      CertificateValidator​(java.security.KeyStore trustStore, java.util.Collection<? extends java.security.cert.CRL> crls)
      creates an instance of the certificate validator
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.util.Collection<? extends java.security.cert.CRL> getCrls()  
      int getMaxCertPathLength()  
      java.lang.String getOcspResponderURL()  
      java.security.KeyStore getTrustStore()  
      boolean isEnableCRLDP()  
      boolean isEnableOCSP()  
      void setEnableCRLDP​(boolean enableCRLDP)
      Enables CRL Distribution Points Support
      void setEnableOCSP​(boolean enableOCSP)
      Enables On-Line Certificate Status Protocol support
      void setMaxCertPathLength​(int maxCertPathLength)  
      void setOcspResponderURL​(java.lang.String ocspResponderURL)
      Set the location of the OCSP Responder.
      void validate​(java.security.cert.Certificate[] certChain)  
      void validate​(java.security.KeyStore keyStore)
      validates all aliases inside of a given keystore
      java.lang.String validate​(java.security.KeyStore keyStore, java.lang.String keyAlias)
      validates a specific alias inside of the keystore being passed in
      void validate​(java.security.KeyStore keyStore, java.security.cert.Certificate cert)
      validates a specific certificate inside of the keystore being passed in
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • CertificateValidator

        public CertificateValidator​(java.security.KeyStore trustStore,
                                    java.util.Collection<? extends java.security.cert.CRL> crls)
        creates an instance of the certificate validator
        Parameters:
        trustStore - the truststore to use
        crls - the Certificate Revocation List to use
    • Method Detail

      • validate

        public void validate​(java.security.KeyStore keyStore)
                      throws java.security.cert.CertificateException
        validates all aliases inside of a given keystore
        Parameters:
        keyStore - the keystore to validate
        Throws:
        java.security.cert.CertificateException - if keystore error and unable to validate
      • validate

        public java.lang.String validate​(java.security.KeyStore keyStore,
                                         java.lang.String keyAlias)
                                  throws java.security.cert.CertificateException
        validates a specific alias inside of the keystore being passed in
        Parameters:
        keyStore - the keystore to validate
        keyAlias - the keyalias in the keystore to valid with
        Returns:
        the keyAlias if valid
        Throws:
        java.security.cert.CertificateException - if keystore error and unable to validate
      • validate

        public void validate​(java.security.KeyStore keyStore,
                             java.security.cert.Certificate cert)
                      throws java.security.cert.CertificateException
        validates a specific certificate inside of the keystore being passed in
        Parameters:
        keyStore - the keystore to validate against
        cert - the certificate to validate
        Throws:
        java.security.cert.CertificateException - if keystore error and unable to validate
      • validate

        public void validate​(java.security.cert.Certificate[] certChain)
                      throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • getTrustStore

        public java.security.KeyStore getTrustStore()
      • getCrls

        public java.util.Collection<? extends java.security.cert.CRL> getCrls()
      • getMaxCertPathLength

        public int getMaxCertPathLength()
        Returns:
        Maximum number of intermediate certificates in the certification path (-1 for unlimited)
      • setMaxCertPathLength

        public void setMaxCertPathLength​(int maxCertPathLength)
        Parameters:
        maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)
      • isEnableCRLDP

        public boolean isEnableCRLDP()
        Returns:
        true if CRL Distribution Points support is enabled
      • setEnableCRLDP

        public void setEnableCRLDP​(boolean enableCRLDP)
        Enables CRL Distribution Points Support
        Parameters:
        enableCRLDP - true - turn on, false - turns off
      • isEnableOCSP

        public boolean isEnableOCSP()
        Returns:
        true if On-Line Certificate Status Protocol support is enabled
      • setEnableOCSP

        public void setEnableOCSP​(boolean enableOCSP)
        Enables On-Line Certificate Status Protocol support
        Parameters:
        enableOCSP - true - turn on, false - turn off
      • getOcspResponderURL

        public java.lang.String getOcspResponderURL()
        Returns:
        Location of the OCSP Responder
      • setOcspResponderURL

        public void setOcspResponderURL​(java.lang.String ocspResponderURL)
        Set the location of the OCSP Responder.
        Parameters:
        ocspResponderURL - location of the OCSP Responder