Package eu.emi.security.authn.x509.impl
Class InMemoryKeystoreCertChainValidator
java.lang.Object
eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
eu.emi.security.authn.x509.impl.InMemoryKeystoreCertChainValidator
- All Implemented Interfaces:
X509CertChainValidator,X509CertChainValidatorExt
The certificate validator which uses Java
KeyStore as a truststore. This
class is similar to KeystoreCertChainValidator but uses a keystore which
was already loaded. Refreshing of the truststore is not supported.
The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained from two sources: CA certificate extension defining CRL URL and additional list of URLs manually set by the class user. As an additional feature one may provide a simple paths to a local files, using wildcards. All files matching a wildcard are used.
This class is thread-safe.
- Author:
- K. Benedyczak
- See Also:
-
Field Summary
FieldsFields inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
crlStoreImpl, revocationParameters, timerFields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
disposed, listeners, observers, validator -
Constructor Summary
ConstructorsConstructorDescriptionInMemoryKeystoreCertChainValidator(KeyStore keystore) Constructs a new validator instance with default additional settings (seeValidatorParamsExt()).InMemoryKeystoreCertChainValidator(KeyStore keystore, ValidatorParamsExt params) Constructs a new validator instance. -
Method Summary
Modifier and TypeMethodDescriptionReturns the current trust store.voidChanges the current trust store.Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
createCRLStore, dispose, getCrls, getCRLUpdateInterval, getRevocationParameters, setCrls, setCRLUpdateIntervalMethods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, isDisposed, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate, validate, validate
-
Field Details
-
store
-
-
Constructor Details
-
InMemoryKeystoreCertChainValidator
public InMemoryKeystoreCertChainValidator(KeyStore keystore, ValidatorParamsExt params) throws IOException, KeyStoreException Constructs a new validator instance. CRLs (Certificate Revocation Lists) are taken from the trusted CAs certificate extension and downloaded, unless CRL checking is disabled. Additional CRLs may be provided explicitly using the constructor argument. Such additional CRLs are preferred to the ones defined by the CA extensions.- Parameters:
keystore- truststore to useparams- common validator settings (revocation, initial listeners, proxy support, ...)- Throws:
IOException- if the truststore can not be readKeyStoreException- if the truststore can not be parsed or if password is incorrect.
-
InMemoryKeystoreCertChainValidator
Constructs a new validator instance with default additional settings (seeValidatorParamsExt()).- Parameters:
keystore- truststore to use- Throws:
IOException- if the truststore can not be readKeyStoreException- if the truststore can not be parsed or if password is incorrect.
-
-
Method Details
-
getTruststore
Returns the current trust store. Note that modifying this keystore won't have any impact on the validation.- Returns:
- the KeyStore used as a trust store
-
setTruststore
Changes the current trust store.- Parameters:
ks- key store- Throws:
KeyStoreException- key store exception
-