InMemoryKeystoreCertChainValidator (canl 2.5.0 API)

java.lang.Object
- eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
- - eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
  - - eu.emi.security.authn.x509.impl.InMemoryKeystoreCertChainValidator

All Implemented Interfaces:

X509CertChainValidator, X509CertChainValidatorExt
```
public class InMemoryKeystoreCertChainValidator
extends PlainCRLValidator
```
The certificate validator which uses Java KeyStore as a truststore. This class is similar to KeystoreCertChainValidator but uses a keystore which was already loaded. Refreshing of the truststore is not supported.
The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained from two sources: CA certificate extension defining CRL URL and additional list of URLs manually set by the class user. As an additional feature one may provide a simple paths to a local files, using wildcards. All files matching a wildcard are used.
This class is thread-safe.

Author:

K. Benedyczak

See Also:

X509CertChainValidator, KeystoreCertChainValidator

Field Summary

Fields
Modifier and Type Field and Description

protected JDKInMemoryTrustAnchorStore store
- Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
  crlStoreImpl, revocationParameters, timer
- Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
  disposed, listeners, observers, validator

Fields
Modifier and Type	Field and Description
`protected JDKInMemoryTrustAnchorStore`	`store`

Constructor Summary

Constructors
Constructor and Description
`InMemoryKeystoreCertChainValidator(KeyStore keystore)` Constructs a new validator instance with default additional settings (see `ValidatorParamsExt.ValidatorParamsExt()`).
`InMemoryKeystoreCertChainValidator(KeyStore keystore, ValidatorParamsExt params)` Constructs a new validator instance.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`KeyStore`	`getTruststore()` Returns the current trust store.
`void`	`setTruststore(KeyStore ks)` Changes the current trust store.

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
createCRLStore, dispose, getCrls, getCRLUpdateInterval, getRevocationParameters, setCrls, setCRLUpdateInterval

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, isDisposed, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate, validate, validate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - store
```
protected JDKInMemoryTrustAnchorStore store
```
- Constructor Detail
  - InMemoryKeystoreCertChainValidator
```
public InMemoryKeystoreCertChainValidator(KeyStore keystore,
                                          ValidatorParamsExt params)
                                   throws IOException,
                                          KeyStoreException
```
    Constructs a new validator instance. CRLs (Certificate Revocation Lists) are taken from the trusted CAs certificate extension and downloaded, unless CRL checking is disabled. Additional CRLs may be provided explicitly using the constructor argument. Such additional CRLs are preferred to the ones defined by the CA extensions.
    
    Parameters:
    
    keystore - truststore to use
    
    params - common validator settings (revocation, initial listeners, proxy support, ...)
    
    Throws:
    
    IOException - if the truststore can not be read
    
    KeyStoreException - if the truststore can not be parsed or if password is incorrect.
  - InMemoryKeystoreCertChainValidator
```
public InMemoryKeystoreCertChainValidator(KeyStore keystore)
                                   throws IOException,
                                          KeyStoreException
```
    Constructs a new validator instance with default additional settings (see ValidatorParamsExt.ValidatorParamsExt()).
    
    Parameters:
    
    keystore - truststore to use
    
    Throws:
    
    IOException - if the truststore can not be read
    
    KeyStoreException - if the truststore can not be parsed or if password is incorrect.
- Method Detail
  - getTruststore
```
public KeyStore getTruststore()
```
    Returns the current trust store. Note that modifying this keystore won't have any impact on the validation.
    
    Returns:
    
    the KeyStore used as a trust store
  - setTruststore
```
public void setTruststore(KeyStore ks)
                   throws KeyStoreException
```
    Changes the current trust store.
    
    Parameters:
    
    ks - key store
    
    Throws:
    
    KeyStoreException - key store exception

Class InMemoryKeystoreCertChainValidator

Field Summary

Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator

Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

Constructor Summary

Method Summary

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

Methods inherited from class java.lang.Object

Field Detail

store

Constructor Detail

InMemoryKeystoreCertChainValidator

InMemoryKeystoreCertChainValidator

Method Detail

getTruststore

setTruststore