All Known Subinterfaces:: X509CertChainValidatorExt

All Known Implementing Classes:: AbstractValidator, BinaryCertChainValidator, DirectoryCertChainValidator, InMemoryKeystoreCertChainValidator, KeystoreCertChainValidator, OpensslCertChainValidator, PlainCRLValidator

public interface X509CertChainValidator

Implementations are used to perform a manual certificate chain validation. Implementations shall reuse as many of existing CertificateChecker implementations as possible. Implementations must be thread safe.

Author:

K. Benedyczak

See Also:

ValidationResult

Method Summary

Modifier and Type

Method

Description

void

addUpdateListener(StoreUpdateListener listener)

Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs.

void

addValidationListener(ValidationErrorListener listener)

Registers a listener which can react to errors found during certificate validation.

X509Certificate[]

getTrustedIssuers()

Returns a list of trusted issuers of certificates.

void

removeUpdateListener(StoreUpdateListener listener)

Unregisters a previously registered CA or CRL update listener.

void

removeValidationListener(ValidationErrorListener listener)

Unregisters a previously registered validation listener.

ValidationResult

validate(CertPath certPath)

Performs validation of a provided certificate path.

ValidationResult

validate(X509Certificate[] certChain)

Performs validation of a provided certificate chain.

Method Details
- validate
  
  ValidationResult validate(CertPath certPath)
  
  Performs validation of a provided certificate path.
  
  Parameters:
  
  certPath - to be validated
  
  Returns:
  
  result of validation
- validate
  
  ValidationResult validate(X509Certificate[] certChain)
  
  Performs validation of a provided certificate chain.
  
  Parameters:
  
  certChain - to be validated
  
  Returns:
  
  result of validation
- getTrustedIssuers
  
  X509Certificate[] getTrustedIssuers()
  
  Returns a list of trusted issuers of certificates.
  
  Returns:
  
  array containing trusted issuers' certificates
- addValidationListener
  
  void addValidationListener(ValidationErrorListener listener)
  
  Registers a listener which can react to errors found during certificate validation. It is useful in two cases: (rarely) if you want to change the default logic of the validator and if you will use the validator indirectly (e.g. to validate SSL socket connections) and want to get the original ValidationError, not the exception.
  
  Parameters:
  
  listener - to be registered
- removeValidationListener
  
  void removeValidationListener(ValidationErrorListener listener)
  
  Unregisters a previously registered validation listener. If the listener was not registered then the method does nothing.
  
  Parameters:
  
  listener - to be unregistered
- addUpdateListener
  
  void addUpdateListener(StoreUpdateListener listener)
  
  Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs. This method is useful only if the implementation supports updating of CAs or CRLs, otherwise the listener will not be invoked.
  
  Parameters:
  
  listener - to be registered
- removeUpdateListener
  
  void removeUpdateListener(StoreUpdateListener listener)
  
  Unregisters a previously registered CA or CRL update listener. If the listener was not registered then the method does nothing.
  
  Parameters:
  
  listener - to be unregistered

Interface X509CertChainValidator

Method Summary

Method Details

validate

validate

getTrustedIssuers

addValidationListener

removeValidationListener

addUpdateListener

removeUpdateListener