eu.emi.security.authn.x509.helpers

Class BinaryCertChainValidator

java.lang.Object

eu.emi.security.authn.x509.helpers.BinaryCertChainValidator

All Implemented Interfaces:

X509CertChainValidator, X509CertChainValidatorExt

public class BinaryCertChainValidator
extends Object
implements X509CertChainValidatorExt

A simplistic X509CertChainValidator implementation which always fails or accepts certificates, basing on the constructor argument. Useful for tests and insecure setups (e.g. SSL client that wants SSL encryption but do not use SSL authentication).

Author:

K. Benedyczak

Constructor Summary

Constructors

Constructor and Description
BinaryCertChainValidator(boolean acceptAll)

Method Summary

Modifier and Type	Method and Description
void	addUpdateListener(StoreUpdateListener listener) Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs.
void	addValidationListener(ValidationErrorListener listener) Registers a listener which can react to errors found during certificate validation.
void	dispose() Disposes resources used by this Validator, like threads.
ProxySupport	getProxySupport() Returns whether this validator supports proxy certificates.
RevocationParameters	getRevocationCheckingMode() Gets the current revocation checking mode.
X509Certificate[]	getTrustedIssuers() Returns a list of trusted issuers of certificates.
void	removeUpdateListener(StoreUpdateListener listener) Unregisters a previously registered CA or CRL update listener.
void	removeValidationListener(ValidationErrorListener listener) Unregisters a previously registered validation listener.
ValidationResult	validate(CertPath certPath) Performs validation of a provided certificate path.
ValidationResult	validate(X509Certificate[] certChain) Performs validation of a provided certificate chain.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BinaryCertChainValidator

public BinaryCertChainValidator(boolean acceptAll)

Parameters:

acceptAll - if true then all validations will succeed. If false all will fail.

Method Detail

validate

public ValidationResult validate(CertPath certPath)

Performs validation of a provided certificate path.

Specified by:

validate in interface X509CertChainValidator

Parameters:

certPath - to be validated

Returns:

result of validation

validate

public ValidationResult validate(X509Certificate[] certChain)

Performs validation of a provided certificate chain.

Specified by:

validate in interface X509CertChainValidator

Parameters:

certChain - to be validated

Returns:

result of validation

getTrustedIssuers

public X509Certificate[] getTrustedIssuers()

Returns a list of trusted issuers of certificates.

Specified by:

getTrustedIssuers in interface X509CertChainValidator

Returns:

array containing trusted issuers' certificates

addValidationListener

public void addValidationListener(ValidationErrorListener listener)

Registers a listener which can react to errors found during certificate validation. It is useful in two cases: (rarely) if you want to change the default logic of the validator and if you will use the validator indirectly (e.g. to validate SSL socket connections) and want to get the original ValidationError, not the exception.

Specified by:

addValidationListener in interface X509CertChainValidator

Parameters:

listener - to be registered

removeValidationListener

public void removeValidationListener(ValidationErrorListener listener)

Unregisters a previously registered validation listener. If the listener was not registered then the method does nothing.

Specified by:

removeValidationListener in interface X509CertChainValidator

Parameters:

listener - to be unregistered

addUpdateListener

public void addUpdateListener(StoreUpdateListener listener)

Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs. This method is useful only if the implementation supports updating of CAs or CRLs, otherwise the listener will not be invoked.

Specified by:

addUpdateListener in interface X509CertChainValidator

Parameters:

listener - to be registered

removeUpdateListener

public void removeUpdateListener(StoreUpdateListener listener)

Unregisters a previously registered CA or CRL update listener. If the listener was not registered then the method does nothing.

Specified by:

removeUpdateListener in interface X509CertChainValidator

Parameters:

listener - to be unregistered

getProxySupport

public ProxySupport getProxySupport()

Description copied from interface: X509CertChainValidatorExt

Returns whether this validator supports proxy certificates.

Specified by:

getProxySupport in interface X509CertChainValidatorExt

Returns:

proxy certificates support mode

getRevocationCheckingMode

public RevocationParameters getRevocationCheckingMode()

Description copied from interface: X509CertChainValidatorExt

Gets the current revocation checking mode.

Specified by:

getRevocationCheckingMode in interface X509CertChainValidatorExt

Returns:

the current mode

dispose

public void dispose()

Description copied from interface: X509CertChainValidatorExt

Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.

Specified by:

dispose in interface X509CertChainValidatorExt