Package eu.emi.security.authn.x509.impl

Class InMemoryKeystoreCertChainValidator

  • All Implemented Interfaces:
    X509CertChainValidator, X509CertChainValidatorExt
    public class InMemoryKeystoreCertChainValidator
extends PlainCRLValidator
    The certificate validator which uses Java KeyStore as a truststore. This class is similar to KeystoreCertChainValidator but uses a keystore which was already loaded. Refreshing of the truststore is not supported.

    The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained from two sources: CA certificate extension defining CRL URL and additional list of URLs manually set by the class user. As an additional feature one may provide a simple paths to a local files, using wildcards. All files matching a wildcard are used.

    This class is thread-safe.

    Author:
    K. Benedyczak
    See Also:
    X509CertChainValidator, KeystoreCertChainValidator

    • Constructor Detail

      • InMemoryKeystoreCertChainValidator

        public InMemoryKeystoreCertChainValidator​(java.security.KeyStore keystore,
                                          ValidatorParamsExt params)
                                   throws java.io.IOException,
                                          java.security.KeyStoreException
        Constructs a new validator instance. CRLs (Certificate Revocation Lists) are taken from the trusted CAs certificate extension and downloaded, unless CRL checking is disabled. Additional CRLs may be provided explicitly using the constructor argument. Such additional CRLs are preferred to the ones defined by the CA extensions.
        Parameters:
        keystore - truststore to use
        params - common validator settings (revocation, initial listeners, proxy support, ...)
        Throws:
        java.io.IOException - if the truststore can not be read
        java.security.KeyStoreException - if the truststore can not be parsed or if password is incorrect.

      • InMemoryKeystoreCertChainValidator

        public InMemoryKeystoreCertChainValidator​(java.security.KeyStore keystore)
                                   throws java.io.IOException,
                                          java.security.KeyStoreException
        Constructs a new validator instance with default additional settings (see ValidatorParamsExt()).
        Parameters:
        keystore - truststore to use
        Throws:
        java.io.IOException - if the truststore can not be read
        java.security.KeyStoreException - if the truststore can not be parsed or if password is incorrect.

    • Method Detail

      • getTruststore

        public java.security.KeyStore getTruststore()
        Returns the current trust store. Note that modifying this keystore won't have any impact on the validation.
        Returns:
        the KeyStore used as a trust store

      • setTruststore

        public void setTruststore​(java.security.KeyStore ks)
                   throws java.security.KeyStoreException
        Changes the current trust store.
        Parameters:
        ks - key store
        Throws:
        java.security.KeyStoreException - key store exception