Package eu.emi.security.authn.x509.helpers.pkipath

Class AbstractValidator

    • Constructor Detail

      • AbstractValidator

        public AbstractValidator​(java.util.Collection<? extends StoreUpdateListener> initialListeners)
        Default constructor is available, the subclass must initialize the parent with the init() method. Note that it is strongly suggested to call the init() method from the child class constructor.

        This is not a cleanest design possible but it is required as arguments to the init() method require some code to be created in subclasses. Therefore we have a trade off: a bit unclean design inside the library and a clean external API without factory methods.

        Parameters:
        initialListeners - initial listeners

    • Method Detail

      • init

        protected void init​(TrustAnchorStore caStore,
                    AbstractCRLStoreSPI crlStore,
                    ProxySupport proxySupport,
                    RevocationParameters revocationCheckingMode)
        Use this method to initialize the parent from the extension class, if not using the non-default constructor.
        Parameters:
        caStore - CA store
        crlStore - CRL store
        proxySupport - proxy support
        revocationCheckingMode - revocation checking mode

      • validate

        public ValidationResult validate​(java.security.cert.CertPath certPath)
        Performs validation of a provided certificate path.
        Specified by:
        validate in interface X509CertChainValidator
        Parameters:
        certPath - to be validated
        Returns:
        result of validation

      • validate

        public ValidationResult validate​(java.security.cert.X509Certificate[] certChain)
        Performs validation of a provided certificate chain.
        Specified by:
        validate in interface X509CertChainValidator
        Parameters:
        certChain - to be validated
        Returns:
        result of validation

      • validate

        protected ValidationResult validate​(java.security.cert.X509Certificate[] certChain,
                                    java.util.Set<java.security.cert.TrustAnchor> anchors)

      • processErrorList

        protected void processErrorList​(java.util.List<ValidationError> errors)

      • getTrustedIssuers

        public java.security.cert.X509Certificate[] getTrustedIssuers()
        Returns a list of trusted issuers of certificates.
        Specified by:
        getTrustedIssuers in interface X509CertChainValidator
        Returns:
        array containing trusted issuers' certificates

      • notifyListeners

        protected boolean notifyListeners​(ValidationError error)
        Notifies all registered listeners.
        Parameters:
        error - validation error
        Returns:
        true if the error should be ignored false otherwise.

      • addValidationListener

        public void addValidationListener​(ValidationErrorListener listener)
        Registers a listener which can react to errors found during certificate validation. It is useful in two cases: (rarely) if you want to change the default logic of the validator and if you will use the validator indirectly (e.g. to validate SSL socket connections) and want to get the original ValidationError, not the exception.
        Specified by:
        addValidationListener in interface X509CertChainValidator
        Parameters:
        listener - to be registered

      • dispose

        public void dispose()
        Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.
        Specified by:
        dispose in interface X509CertChainValidatorExt

      • isDisposed

        protected boolean isDisposed()

      • addUpdateListener

        public void addUpdateListener​(StoreUpdateListener listener)
        Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs. This method is useful only if the implementation supports updating of CAs or CRLs, otherwise the listener will not be invoked.
        Specified by:
        addUpdateListener in interface X509CertChainValidator
        Parameters:
        listener - to be registered

      • removeUpdateListener

        public void removeUpdateListener​(StoreUpdateListener listener)
        Unregisters a previously registered CA or CRL update listener. If the listener was not registered then the method does nothing.
        Specified by:
        removeUpdateListener in interface X509CertChainValidator
        Parameters:
        listener - to be unregistered