Package org.eclipse.jetty.util.security

Class CertificateValidator

  • @Deprecated(since="2021-05-27")
public class CertificateValidator
extends Object
    Deprecated.
    The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.
    Convenience class to handle validation of certificates, aliases and keystores Allows specifying Certificate Revocation List (CRL), as well as enabling CRL Distribution Points Protocol (CRLDP) certificate extension support, and also enabling On-Line Certificate Status Protocol (OCSP) support. IMPORTANT: at least one of the above mechanisms *MUST* be configured and operational, otherwise certificate validation *WILL FAIL* unconditionally.

    • Constructor Detail

      • CertificateValidator

        public CertificateValidator​(KeyStore trustStore,
                            Collection<? extends CRL> crls)
        Deprecated.
        creates an instance of the certificate validator
        Parameters:
        trustStore - the truststore to use
        crls - the Certificate Revocation List to use

    • Method Detail

      • validate

        public void validate​(KeyStore keyStore)
              throws CertificateException
        Deprecated.
        validates all aliases inside of a given keystore
        Parameters:
        keyStore - the keystore to validate
        Throws:
        CertificateException - if keystore error and unable to validate

      • validate

        public String validate​(KeyStore keyStore,
                       String keyAlias)
                throws CertificateException
        Deprecated.
        validates a specific alias inside of the keystore being passed in
        Parameters:
        keyStore - the keystore to validate
        keyAlias - the keyalias in the keystore to valid with
        Returns:
        the keyAlias if valid
        Throws:
        CertificateException - if keystore error and unable to validate

      • validate

        public void validate​(KeyStore keyStore,
                     Certificate cert)
              throws CertificateException
        Deprecated.
        validates a specific certificate inside of the keystore being passed in
        Parameters:
        keyStore - the keystore to validate against
        cert - the certificate to validate
        Throws:
        CertificateException - if keystore error and unable to validate

      • getTrustStore

        public KeyStore getTrustStore()
        Deprecated.

      • getCrls

        public Collection<? extends CRL> getCrls()
        Deprecated.

      • getMaxCertPathLength

        public int getMaxCertPathLength()
        Deprecated.
        Returns:
        Maximum number of intermediate certificates in the certification path (-1 for unlimited)

      • setMaxCertPathLength

        public void setMaxCertPathLength​(int maxCertPathLength)
        Deprecated.
        Parameters:
        maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)

      • isEnableCRLDP

        public boolean isEnableCRLDP()
        Deprecated.
        Returns:
        true if CRL Distribution Points support is enabled

      • setEnableCRLDP

        public void setEnableCRLDP​(boolean enableCRLDP)
        Deprecated.
        Enables CRL Distribution Points Support
        Parameters:
        enableCRLDP - true - turn on, false - turns off

      • isEnableOCSP

        public boolean isEnableOCSP()
        Deprecated.
        Returns:
        true if On-Line Certificate Status Protocol support is enabled

      • setEnableOCSP

        public void setEnableOCSP​(boolean enableOCSP)
        Deprecated.
        Enables On-Line Certificate Status Protocol support
        Parameters:
        enableOCSP - true - turn on, false - turn off

      • getOcspResponderURL

        public String getOcspResponderURL()
        Deprecated.
        Returns:
        Location of the OCSP Responder

      • setOcspResponderURL

        public void setOcspResponderURL​(String ocspResponderURL)
        Deprecated.
        Set the location of the OCSP Responder.
        Parameters:
        ocspResponderURL - location of the OCSP Responder