eu.emi.security.authn.x509.helpers.BinaryCertChainValidator

All Implemented Interfaces:: X509CertChainValidator, X509CertChainValidatorExt

public class BinaryCertChainValidator extends Object implements X509CertChainValidatorExt

A simplistic X509CertChainValidator implementation which always fails or accepts certificates, basing on the constructor argument. Useful for tests and insecure setups (e.g. SSL client that wants SSL encryption but do not use SSL authentication).

Author:: K. Benedyczak

Constructor Summary

Constructors

Constructor

Description

BinaryCertChainValidator(boolean acceptAll)
Method Summary

Modifier and Type

Method

Description

void

addUpdateListener(StoreUpdateListener listener)

Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs.

void

addValidationListener(ValidationErrorListener listener)

Registers a listener which can react to errors found during certificate validation.

void

dispose()

Disposes resources used by this Validator, like threads.

ProxySupport

getProxySupport()

Returns whether this validator supports proxy certificates.

RevocationParameters

getRevocationCheckingMode()

Gets the current revocation checking mode.

X509Certificate[]

getTrustedIssuers()

Returns a list of trusted issuers of certificates.

void

removeUpdateListener(StoreUpdateListener listener)

Unregisters a previously registered CA or CRL update listener.

void

removeValidationListener(ValidationErrorListener listener)

Unregisters a previously registered validation listener.

ValidationResult

validate(CertPath certPath)

Performs validation of a provided certificate path.

ValidationResult

validate(X509Certificate[] certChain)

Performs validation of a provided certificate chain.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- BinaryCertChainValidator
  
  public BinaryCertChainValidator(boolean acceptAll)
  
  Parameters:
  
  acceptAll - if true then all validations will succeed. If false all will fail.
Method Details
- validate
  
  public ValidationResult validate(CertPath certPath)
  
  Performs validation of a provided certificate path.
  
  Specified by:
  
  validate in interface X509CertChainValidator
  
  Parameters:
  
  certPath - to be validated
  
  Returns:
  
  result of validation
- validate
  
  public ValidationResult validate(X509Certificate[] certChain)
  
  Performs validation of a provided certificate chain.
  
  Specified by:
  
  validate in interface X509CertChainValidator
  
  Parameters:
  
  certChain - to be validated
  
  Returns:
  
  result of validation
- getTrustedIssuers
  
  public X509Certificate[] getTrustedIssuers()
  
  Returns a list of trusted issuers of certificates.
  
  Specified by:
  
  getTrustedIssuers in interface X509CertChainValidator
  
  Returns:
  
  array containing trusted issuers' certificates
- addValidationListener
  
  public void addValidationListener(ValidationErrorListener listener)
  
  Registers a listener which can react to errors found during certificate validation. It is useful in two cases: (rarely) if you want to change the default logic of the validator and if you will use the validator indirectly (e.g. to validate SSL socket connections) and want to get the original ValidationError, not the exception.
  
  Specified by:
  
  addValidationListener in interface X509CertChainValidator
  
  Parameters:
  
  listener - to be registered
- removeValidationListener
  
  public void removeValidationListener(ValidationErrorListener listener)
  
  Unregisters a previously registered validation listener. If the listener was not registered then the method does nothing.
  
  Specified by:
  
  removeValidationListener in interface X509CertChainValidator
  
  Parameters:
  
  listener - to be unregistered
- addUpdateListener
  
  public void addUpdateListener(StoreUpdateListener listener)
  
  Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs. This method is useful only if the implementation supports updating of CAs or CRLs, otherwise the listener will not be invoked.
  
  Specified by:
  
  addUpdateListener in interface X509CertChainValidator
  
  Parameters:
  
  listener - to be registered
- removeUpdateListener
  
  public void removeUpdateListener(StoreUpdateListener listener)
  
  Unregisters a previously registered CA or CRL update listener. If the listener was not registered then the method does nothing.
  
  Specified by:
  
  removeUpdateListener in interface X509CertChainValidator
  
  Parameters:
  
  listener - to be unregistered
- getProxySupport
  
  public ProxySupport getProxySupport()
  
  Description copied from interface: X509CertChainValidatorExt
  
  Returns whether this validator supports proxy certificates.
  
  Specified by:
  
  getProxySupport in interface X509CertChainValidatorExt
  
  Returns:
  
  proxy certificates support mode
- getRevocationCheckingMode
  
  public RevocationParameters getRevocationCheckingMode()
  
  Description copied from interface: X509CertChainValidatorExt
  
  Gets the current revocation checking mode.
  
  Specified by:
  
  getRevocationCheckingMode in interface X509CertChainValidatorExt
  
  Returns:
  
  the current mode
- dispose
  
  public void dispose()
  
  Description copied from interface: X509CertChainValidatorExt
  
  Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.
  
  Specified by:
  
  dispose in interface X509CertChainValidatorExt

Class BinaryCertChainValidator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

BinaryCertChainValidator

Method Details

validate

validate

getTrustedIssuers

addValidationListener

removeValidationListener

addUpdateListener

removeUpdateListener

getProxySupport

getRevocationCheckingMode

dispose